last executing test programs:

22.177020438s ago: executing program 1 (id=24):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000004c0)='htcp', 0x4)
bind$inet6(r0, &(0x7f0000000080)={0xa, 0x2, 0x200, @loopback, 0x7}, 0x1c)
setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4)
sendto$inet6(r0, &(0x7f0000000280)='2', 0x1, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0xffff, @loopback, 0x3}, 0x1c)
syz_usb_connect(0x0, 0x24, &(0x7f0000001040)=ANY=[@ANYBLOB="1201000040154220a9055015bbe4010203010902"], 0x0)
shutdown(r0, 0x1)

20.383282613s ago: executing program 1 (id=33):
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000500), 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000000)=0x200000000)
write$vhost_msg(r0, &(0x7f0000000100)={0x1, {&(0x7f00000007c0)=""/194, 0xc2, 0x0, 0x3, 0x2}}, 0x48)
write$vhost_msg_v2(r0, &(0x7f0000000200)={0x2, 0x0, {&(0x7f00000000c0)=""/35, 0x23, 0x0, 0x2, 0x2}}, 0x48)
write$vhost_msg_v2(r0, &(0x7f0000000040)={0x2, 0x0, {&(0x7f0000000180)=""/13, 0xd, 0x0, 0x2, 0x2}}, 0x48)
write$vhost_msg(r0, &(0x7f0000000640)={0x1, {&(0x7f0000000400)=""/234, 0xfede, 0x0, 0x3, 0x2}}, 0x48)
write$vhost_msg_v2(r0, &(0x7f00000008c0)={0x2, 0x0, {&(0x7f0000000580)=""/38, 0x26, 0x0, 0x1, 0x3}}, 0x48)

20.243533152s ago: executing program 1 (id=34):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_timeval(r0, 0x1, 0x43, &(0x7f0000000000)={0x0, 0x2710}, 0x10)
setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000100)=0x401, 0x4)
ioctl$int_in(r0, 0x5452, &(0x7f0000000040)=0x8)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @multicast1}, 0x10)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0xb, 0x0, 0x0)

20.023312684s ago: executing program 1 (id=37):
syz_mount_image$ext4(&(0x7f0000000440)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x200000, &(0x7f0000001c40)={[{@dioread_nolock}, {@norecovery}, {@resgid}, {@nojournal_checksum}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@nodelalloc}, {@errors_remount}, {@grpid}, {@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0x343}}, {@grpid}, {@barrier_val={'barrier', 0x3d, 0x7}}, {@nombcache}], [{@subj_user={'subj_user', 0x3d, '\xb3'}}, {@obj_user={'obj_user', 0x3d, 'uid>'}}, {@uid_gt}, {@appraise_type}]}, 0xfd, 0x588, &(0x7f0000000680)="$eJzs3d9rW1UcAPDvTZP96rQdjKE+yGAPTsbStfXHBGHzUXQ40PcZ2qyMpsto0rHWgduDe/FFhiDiQPwDfN/j8B/wrxi4wZBR9EGFyk1vuq7Nj7bLTF0+H8h2Ts5Nzv3m3u/NOfcmTQAD62j6Ty7i1Yj4JokYWdeWj6zx6Opyy4+vT6W3JFZWPv09iTMbnivJ/h/OKq9ExC9fRZzIbe63trg0W6pUyvNZfaw+d2Wstrh08tJcaaY8U748MTl5+u3Jiffefadnsb55/s/vP7n34emvjy1/9/PDQ7eTOBsHs7Y0rh50cWN95Wjpn6xUiLMbFhzvQWe7SdLvFWBHhrI8L0R6DBiJoSzrgRfflxGxAgyoRP7DgGqOA5pz+x7Ng/83Hn2wOgHaHH9+9dxI7GvMjQ4sJ0/NjNL57mgP+k/7GH1w5/bdB3duR+fzEPu71AG25cbNiDiVz28+/iXZ8W/nTjVOHne2sY9Be/+BfrqXjn+SGxGb8j+3Nv6JFuOf4Ra5uxPd8z/3sAfdtJWO/95vOf5dO3SNDmW1lxpjvkJy8VKlfCoiXo6I41HYm9Y7Xc85vXx/pV1bGv/dbPyX3tL+m2PBbD0e5vc+/ZjpUr30LDGv9+hmxGstx7/J2vZPWmz/9PU4v8U+jpTvvN6urXv8z9fKTxFvtNz+T65oJZ2vT4419oex5l6x2R+3jvzarv9+x59u/wOd4x9N1l+vrW2/jx/3/VVu17bT/X9P8lmjvCe771qpXp8fj9iTfJwf3nj/xJPHNuvN5dP4jx9rnf+d9v908vX5FuO/dfhW20W7xv/3ukn6U25usffO0vint7X9t1+4/9EXP+w4/sb2f6tROp7ds5Xj31ZX8FleOwAAAAAAANhtchFxMJJcca2cyxWLhUbb4TiQq1Rr9RMXqwuXp6PxXdnRKOSaV7pH1n0eYjz7PGyzPrGhPhkRhyLi26H9jXpxqlqZ7nfwAAAAAAAAAAAAAAAAAAAAsEsMt/z+/2rbb0P9XjvguWv8sMHefq8F0A9df/K/F7/0BOxKXfMfeGFtP/+dGYAXhfd/GFzyHwaX/IfBtdX8L4w85xUB/nPe/2FwyX8AAAAAAAAAAAAAAAAAAAAAAAAAAADoqfPnzqW3leXH16fS+vTVxYXZ6tWT0+XabHFuYao4VZ2/UpypVmcq5eJUda7b81Wq1SvjE7FwbaxertXHaotLF+aqC5frFy7NlWbKF8oFf2wYAAAAAAAAAAAAAAAAAAAANqktLs2WKpXyvELbwpno5RMmu++VP5Ot0o4ent8tUSj0tNDHgxIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAbPBvAAAA///YBDOu")
lsetxattr$trusted_overlay_upper(&(0x7f00000001c0)='./file1\x00', &(0x7f0000000180), &(0x7f00000001c0)=ANY=[], 0x361, 0x0)
open(&(0x7f0000000180)='./bus\x00', 0x14937e, 0x0)
mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0)
r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x8005, 0x0, 0x0, 0x15, 0x0, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef3dc177e9b48b00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x200]})
rename(&(0x7f0000000000)='./file2\x00', &(0x7f0000000040)='./file1\x00')

19.239162911s ago: executing program 1 (id=41):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x3}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000480)=@newtfilter={0x8c, 0x2c, 0xd27, 0x30bd27, 0x25dfdc00, {0x0, 0x0, 0x0, r3, {0xfff3}, {}, {0x8, 0xffff}}, [@filter_kind_options=@f_matchall={{0xd}, {0x50, 0x2, [@TCA_MATCHALL_ACT={0x4c, 0x2, [@m_gact={0x48, 0x1, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x6, 0x1000, 0x3, 0xfffffffc, 0x7}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x3, 0x3}}}}]}]}}, @TCA_RATE={0x6, 0x5, {0x5, 0x3}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x20000010}, 0x20000000)

19.090426689s ago: executing program 1 (id=42):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendto$inet6(r0, &(0x7f0000000080)='X', 0x1, 0x804, &(0x7f0000000140)={0xa, 0x0, 0x0, @private0}, 0x1c)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f00000000c0)=0xfffffffb, 0x4)
setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000000)={0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0xe)
setsockopt$SO_TIMESTAMP(r0, 0x1, 0x4b, &(0x7f0000000040)=0x5, 0x4)
shutdown(r0, 0x1)
recvmmsg(r0, &(0x7f0000000280)=[{{0x0, 0x0, 0x0}, 0x6}], 0x1, 0x0, 0x0)

18.654349305s ago: executing program 32 (id=42):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendto$inet6(r0, &(0x7f0000000080)='X', 0x1, 0x804, &(0x7f0000000140)={0xa, 0x0, 0x0, @private0}, 0x1c)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f00000000c0)=0xfffffffb, 0x4)
setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000000)={0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0xe)
setsockopt$SO_TIMESTAMP(r0, 0x1, 0x4b, &(0x7f0000000040)=0x5, 0x4)
shutdown(r0, 0x1)
recvmmsg(r0, &(0x7f0000000280)=[{{0x0, 0x0, 0x0}, 0x6}], 0x1, 0x0, 0x0)

10.398059849s ago: executing program 0 (id=71):
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x300000a, 0x4031, 0xffffffffffffffff, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
recvmsg(r0, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00)
sendmsg$tipc(r1, &(0x7f0000000240)={0x0, 0xfffffff5, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000240)='clear_refs\x00')
writev(r2, &(0x7f0000000100)=[{&(0x7f0000000000)='4', 0x1}], 0x1)

8.719374388s ago: executing program 0 (id=80):
sendmsg$NL80211_CMD_GET_KEY(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)={0x34, 0x0, 0x200, 0x70bd2c, 0x25dfdbfc, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_KEY={0x18, 0x50, 0x0, 0x1, [@NL80211_KEY_DEFAULT_TYPES={0xc, 0x8, 0x0, 0x1, [@NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}]}, @NL80211_KEY_CIPHER={0x8, 0x3, 0xfac01}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000000}, 0x41)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={0x0, 0xa0}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'bridge_slave_0\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="340000001c00010429bd7000fddbdf2507000000", @ANYRES32=r1, @ANYBLOB="0200ee050a000200aae6dd462c0200000c000e80050001"], 0x34}, 0x1, 0x0, 0x0, 0x40000}, 0x20040040)
r2 = socket(0x10, 0x3, 0x0)
sendmmsg(r2, &(0x7f0000000000), 0x4000000000001f2, 0x0)

8.387376227s ago: executing program 0 (id=82):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x3, 0x8, @loopback, 0xfffffffe}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000540), 0x3c)
r1 = socket$packet(0x11, 0x2, 0x300)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x2, 0x11, r1, 0xfffff000)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f00000000c0)=@gcm_256={{0x304}, "41328ac33100", "e8582491a0c4050000000000f6542a9b6800000000000000003967d2daa45b4e", "61241765", "89b06aff130000fd"}, 0x38)

8.099510414s ago: executing program 0 (id=84):
r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x8041, 0x0)
write$dsp(r0, &(0x7f00000001c0)='\\', 0x1)
r1 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r1, 0x40045532, &(0x7f0000000100))
r2 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65)
ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r2, 0xc0884113, &(0x7f0000000300)={0x1, 0x1fffffe, 0x2, 0x80000000006, 0x8000000000000000, 0x100000001, 0xfffdfffffffffffb, 0x0, 0xfffffffffffffffd, 0x1000000000004, 0xfffffffd, 0x2})
ioctl$SNDRV_PCM_IOCTL_STATUS_EXT64(r2, 0xc0984124, &(0x7f00000003c0))

7.32360033s ago: executing program 0 (id=87):
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1\x00', 0x94)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mount$bind(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x803400, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x4000, 0x0)

6.380944066s ago: executing program 0 (id=96):
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x33, &(0x7f0000000040)=0x7, 0x4)
bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
recvmmsg(r0, &(0x7f0000000600)=[{{0x0, 0x0, 0x0}, 0x8}], 0x1, 0x0, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x42, &(0x7f0000000100)=0x2, 0x4)
r1 = socket$inet6(0xa, 0x2, 0x0)
sendto$inet6(r1, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c)

3.133364966s ago: executing program 4 (id=107):
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x1)
ioctl$UI_DEV_SETUP(r1, 0x405c5503, &(0x7f0000000480)={{0xfffc, 0x3, 0x0, 0x3}, 'syz0\x00', 0x2})
ioctl$UI_SET_KEYBIT(r1, 0x40045565, 0xee)
ioctl$UI_DEV_CREATE(r1, 0x5501)
close_range(r0, 0xffffffffffffffff, 0x0)

2.783544646s ago: executing program 4 (id=109):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd25, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x3, 0x8}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newtfilter={0x90, 0x2c, 0xd27, 0x70bd22, 0x6000000, {0x0, 0x0, 0x0, r3, {0x0, 0xffe0}, {}, {0x7, 0xe}}, [@TCA_RATE={0x6, 0x5, {0x3, 0x7f}}, @filter_kind_options=@f_fw={{0x7}, {0x5c, 0x2, [@TCA_FW_ACT={0x58, 0x4, [@m_nat={0x54, 0x1, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{0xfbfffc00, 0x4, 0x10000000, 0x200000b, 0xff}, @broadcast, @local, 0xff, 0x1}}]}, {0xfffffffffffffe0a}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x2}}}}]}]}}]}, 0x90}, 0x1, 0x0, 0x0, 0x4}, 0x4000800)

2.781258836s ago: executing program 3 (id=117):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000380)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000001c0)={{0xeeee8000, 0x4, 0x3, 0xf1, 0x5, 0xfa, 0xd4, 0x4, 0x0, 0x4, 0x7, 0x4f}, {0x5000, 0x2, 0xd, 0x9, 0x8, 0x3, 0x6, 0xb, 0x5, 0xf, 0x3, 0xc0}, {0xffff1000, 0xdddd1000, 0xb, 0x1, 0x2, 0x7, 0x4, 0x1, 0x81, 0x0, 0x6, 0x5}, {0x8000000, 0x2000, 0x8, 0xf8, 0x3, 0x46, 0x2, 0xd, 0x6, 0x3, 0x8, 0x1}, {0x100000, 0x4000, 0x9, 0x9, 0x3, 0x9, 0xd, 0x6, 0x5, 0x9, 0xc, 0x4b}, {0x6000, 0x0, 0x4, 0x6, 0x3, 0x7d, 0x1, 0xff, 0x4, 0x90, 0x1, 0xfc}, {0x8000000, 0x4000, 0x0, 0x9d, 0x3, 0x0, 0x0, 0xb, 0x5, 0x7, 0x9, 0xf8}, {0xf7f63004, 0x8000000, 0xf, 0x5, 0x28, 0x3, 0xa, 0x9, 0x54, 0x1, 0x2, 0x7}, {0xdddd1000, 0x5}, {0x4, 0x9}, 0x40010000, 0x0, 0x80a0000, 0x300, 0x1, 0x2000, 0xe6e70c00, [0x200000003, 0x401, 0x7, 0xc5]})
ioctl$KVM_GET_LAPIC(r2, 0x8400ae8e, &(0x7f0000000b40))

2.440784166s ago: executing program 4 (id=110):
syz_mount_image$jfs(&(0x7f0000000240), &(0x7f0000000040)='./file1\x00', 0x1010006, &(0x7f000001fbc0)={[{@iocharset={'iocharset', 0x3d, 'koi8-u'}}, {@discard_size={'discard', 0x3d, 0x4}}, {@iocharset={'iocharset', 0x3d, 'iso8859-6'}}, {@errors_continue}, {@iocharset={'iocharset', 0x3d, 'cp936'}}, {@errors_remount}, {}, {@noquota}, {@discard}, {@errors_continue}, {@iocharset={'iocharset', 0x3d, 'iso8859-13'}}]}, 0x24, 0x628f, &(0x7f00000065c0)="$eJzs3c1vHGcdB/Df7JtfStuoh6pECLlteCmleS0hUKDtAQ5cOKBcUSLXrSJSQElAaRURV75w4I8AIXFEiCMn/oAeuHLjDyCSgwTqAXXQ2M/jjKe7XjuJd3Yzn4/kzPzmmfE+k++Od9cz4ycAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgPjhD358roiIK79KC05EfC76Eb2Ilapei4iVtRP1bV6IneZ4PiKGSxHV9jv/PBvxekR8/EzE9v0769Xi84fsx/f//I8//OSpH/39T8Mz//3Lrf4bk9a7ffu3//nr3YffXwAAAOiisizLIn3MPxkRg/TZHgB48uXX/zLJy9VzV2/OWX/UarVavYB1XTne3XoREZv1bar3DE7HA8CC2YxP2u4CLZJ/pw0i4qm2OwHMtaLtDnAstu/fWS9SvkX99WBttz1fC7Iv/81i7/6OSdNpmteYzOr5tRX9eG5Cf1Zm1Id5kvPvNfO/sts+Susdd/6zMin/0e6tT52T8+838294cvLvjc2/q3L+gyPl35c/AAAAAADMsfz7/xMtn/9devRdOZSDzv+uzagPAAAAAAAAAPC4HXX8v0Fj/L89xv8DAACAuVV9Vq/87pkHyyb9LbZq+eUi4unG+kDHpJtlVtvuBwAAAAAAAAAAAAB0yWD3Gt7LRcQwIp5eXS3Lsvqqa9ZH9ajbL7qu7z90Wds/5AEAYNfHzzTu5S8iliPicvpbf8PV1dWyXF5ZLVfLlaX8fna0tFyu1D7X5mm1bGl0iDfEg1FZfbPl2nZ10z4vT2tvfr/qsUZl/xAdm40WAweAiNh9Ndqe9Ir0P69Xi6ksn42W3+SwIA44/llQjn8Oo+3nKQAAAHD8yrIsi/TnvE+mc/69tjsFAMxEfv1vnhdQq9VqtVr95NV15Xh360VEbNa3qd4zGI4fABbMZnzSdhdokfw7bRARL7TdCWCuFW13gGOxff/OepHyLeqvB2l893wtyL78N4ud7fL246bTNK8xmdXzayv68dyE/jw/oz7Mk5x/r5n/ld32UVrv0fMv9/2asK1rjCblX+3niRb607acf7+Zf8NxH/+zshW9sfl3Vc5/cKT8+/IHAAAAAIA5ln//f2Kuzv+OHnZ3pjro/O/a2C2Ory8AAAAAAAAA8Lhs37+znu97zef/vzBmPfd/Pply/oX8Oynn32vk/9XGev3a/L23H+T/7/t31v9461+fz9PD5r+UZ4r0zCrSM6JIj1QM0vRR9u6ztob9UfVIw6LXH6Rrfsrhu3EtrsdGnN23bi/9fzxoP7evverpcKe97O+2n9/XPthrz9tf2Nc+TFcXlSu5/XSsx8/jeryz0161LU3Z/+Up7eWU9px/3/HfSdtpOnjw9WxVr6blRWNaufdR7zPHfX067nHeuvbF35w91j05nK3o7+1bXbV/L7XQn53/k6dG8cubGzdO375669aNc5Em+5aejzR5zPLxP0xfez//X95tzz/368frvY9GR85/XmzFYGL+L9fmq/19ZcZ9a0POf5S+cv7vpPbxx/8i5z/5+H+1hf4AAAAAAAAAAAAAAADAQcqy3LlF9K2IuJju/2nr3kwAYLby63+Z5OWzqvszfjy1esHrYs76M9P603K++qNWL2JdV473Zr2IiL/Vt6neM/x63DcDAObZpxHxz7Y7QWvk32H57/1V01NtdwaYqZsffPjTq9evb9y42XZPAAAAAAAAAICHlcf/XKuN/3yqLMu7jfX2jf/6dqw96vifgzyzN8DohIGq+0ffp4Ns9Ub9Xm248Rdj0vjfw725g8b/Hkx5vOGU9tGU9qUp7ctT2sfe6FGT83+xNt75qYg42Rh+vQvjvzbHvO+CnP9Ltedzlf9XGuvV8y9/v8j59/blf+bW+784c/ODD1+79v7V9zbe2/jZhXPnzl64ePHSpUtn3r12fePs7r8t9vh45fzz2NeuA+2WnH/OXP7dkvP/Uqrl3y05/y+nWv7dkvPP7/fk3y05//zZR/7dkvN/JdXy75ac/9dSLf9uyfm/murp+U/7jSaLJOf/9VQ7/rsl5/9aquXfLTn/06mWf7fk/M+k+pD5rxx3v5iNnH8+w+X475acf76yQf7dkvM/n2r5d0vO/0Kq5d8tOf/XUy3/bsn5fyPV8u+WnP/FVMu/W3L+30y1/Lsl538p1fLvlpz/t1It/27J+X871fLvlpz/G6mWf7fk/L+Tavl3S87/u6mWf7fk/L+Xavl3S87/zVTLv1se/P1/M2bMmMkzbf9kAgAAAAAAAAAAAACaZnE5cdv7CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPyfHTgQAAAAAADyf22EqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqKuzAgQAAAAAAkP9rI1RVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVh7+5i5DrLO4Cf/fTaIYmBkDqpgY1jQkg22bWd+IM2xYTPhq8SCIV+YLvetVlwbOO1S6CRbBookTAqqmgbLtoCQm1uKnLBBa0A5QK1QmoF7QXtBQKhchFVAQWkSrQCtppz3vfdmdnZmV3vePfMOb+fZD/eM2fmvHPmPWfn2fV/DgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAzW55zdwnhrIsa/zJ/9qeZc9r/Hvr5PZ82Ss3e4QAAADAev0i//u569OCw6u4U9M6//ySb315cXFxMXv3yJ+PfWZxMd0wmWVjW7Isvy166gfvGWpeJ3gsmxgabvp6uMfmR3rcPtrj9rEet4/3uH1Lj9snety+bAcss7X4eUz+YLvzf24vdml2QzaW37a7w70eG9oyPBx/lpMbyu+zOHYim89OZXPZTMv6xbpD+fpfvaWxrTdmcVvDTdva2ZghP3n0eBzDUNjHu1u2tfSY0Y9enU3+9CePHv/b88/e1Kn23A0tj1eM8/ZdjXF+LCwpxjqUbUn7JI5zuGmcOzu8JiMt4xzK79f4d/s4n1vlOEeWhrmh2l/ziWw4//e38/002vxjvbSfdoZlP7s1y7JLS8NuX2fZtrLhbFvLkuGl12eimJGNx2hMpRdko2uap7esYp426uzu1nnafkzE1/+WcL/RFcbQ/DL96KPjTa/7zxevZJ5GjWe90rHSPgf7fayUZQ7GefHt/Ek/3nEO7g7P/9HbVp6DHedOhzmYnnfTHNzVaw4Oj4/kY04vwlB+n6U5uKdl/ZF8S0N5fea27nNw+vzDZ6cXPvyRu+YfPnZy7uTc6X179szs27//4MGD0yfmT83NFH9f4d4uv23ZcDoGdoV9F4+Bl7et2zxVFz8/vuz8e6XH4USX43B727r9Pg5H25/c0MYckMvndHFsvLOx0ycuD2crHGP563PH+o/D9LybjsPRpuOw4/eUDsfh6CqOw8Y6Z+9Y3XuW0aY/ncaw8veC9c3B7U1zsP39SPsc7Pf7kbLMwYkwL757x8rfC3aG8T4+tdb3IyPL5mB6uuHc01iS3u9PHMxLp3l5c+OGa8azCwtz5+5+5Nj58+f2ZKFsiBc2zZX2+bqt6Tlly+br8Jrn6+H5lzx+c4fl28O+mrir8dfEiq9VY5177u7+WuXf3Trvz5ale7NQ+myj92en7+aN/TmeZZ/9xkcf/Nqjn33Nivuz0W9+bHr978VTX9p0/h1b4fwb+/5fFttLD/XYyNhocfyOpL0z1nI+bn2pRvNz11C+7eemV3c+Hgt/Nvp8fEOX8/GOtnX7fT4ea39y8Xw81OunHevT/npOhHlyaqb7+bixzo69a52To13Px7eGOhT2/ytCp5D6oqa5s9K8TdsaHR0Lz2s0bqF1nu5rWX8s9GaNbT25N7wpTKNc3Ty9/dZi/ZGm+0UbNU8n29bt9zxNP/taaZ4O9frp25Vpfz0nwry4YV/3edpY5+l71n/u3Br/2XTuHO81B8dGxhtjHkuTMD/fZ4tb4xy8OzuenclOZbP5reP5fBrKtzV17+rOlePhz0afK3d0mYO3t63b7zmYvo+tNPeGRpc/+T5ofz0nwrx44t7uc7CxzmsP9Pe96+1hSVqn6b1r+8/XVvqZ181tu+lqzZXRMM5vHOj+s9nGOqcOrrXP7L6f7gxLrumwn9qP35WOqdlsY/bTjjDOZw+uvJ8a42ms85lDq5xPh7Msu/jB+/Of94bfr1y88J0vt/zepdPvdC5+8P4fX3vin9YyfgAG3y+Lsq34Xtf0m6nV/P4fAAAAGAix7x8ONdH/AwAAQGXEvj/+r/BE/w8AAACVEfv+0VCTKvT/f9x7lR2vfXb+lxezlMxfDOLtaTc8UKwXM64z4evJxSWN5fd/ce5//vHi6oY3nGXZzx/4o47r73ggjqswGcb51Otaly/z5btWte2jD11M223Or38uPH58PqudBp0iuDNZln31+k/l25l8z+W8Pv3A0bw+eOnxxxrrPHeo+Dre/5kXFuv/VQj/Hj5xrOX+z4T98MNQZ97UeX/E+33p8it2HnjX0vbi/YZ2XZc/7SfeWzxu/JycTz9WrB/380rj/9onn/xSY/1HXtZ5/BeHO4//yfC4Xwz1f19crN/8GjS+jvf7eBh/3F68391f+HrH8T/1iWL9s68v1jsaatz+7eHr3a9/dr55fz0ydKzleWVvKNaL25/5zp/mt8fHi4/fPv6JI5db9kf7/Hj634vHmW5bPy6P24n+oW37jcdpnp9x+0/+ydGW/dxr+089+MyLG4/bvv0729Y7+8E78u0vPV7rJzb99cc/1XF7cTyH//5sy/M5/PZwHIftP/HeMB/D7f/3VPF47Z+ucPTtreefuP7ntl9seT7RG39abP+pV53M65aJrduued611116aWPfZdm3txSP12v7J//mTMv4P39jsT/i7TGj3779lcTtn/vQ1OkzCxfmZ9NeffT6/LNz3lyMJ473+nBubf/6yJnz75s7NzkzOZNlk9X9CL0r9oVQf1yUS93XXlx2Br3jofB63vyXX9122799Mi7/j3cWyy+/qfi+9fKw3qfD8u3h9Vvb9pd74pYb8+N76OkwwsXlnxe8Hjt3//fBXp/vmwvPv/19QZzvZ1/0vnw/NG7Lv2/E43qd4//ebPE4Xwn7dTF8MvOuG5e217x+/GyEy+8ojvd1779wmouv69+F1/stPyweP44rPt/vhfcxX9/Rer6L8+MrF4fbHz//FI9L4XySXSpuj2vF/X35uRs7Di9+Dkl26ab86z9Lj3PTmp7mShY+vDB9av70hUemz88tnJ9e+PBHjjx85sLp80fyz/I88v5e9186P23Lz0+zc/vvyfKz1ZmiXGWbPf6zDx2fPTBz2+zciWMXTpx/6OzcuZPHFxaOz80u3HbsxIm5D/W6//zsfXv2Htp3YO/UyfnZ+w4eOrTv0NT86TONYRSD6mH/zAemTp87kt9l4b57Du259957ZqYePjM7d9+BmZmpC73un39vmmrc+w+nzs2dOnZ+/uG5qYX5j8zdt+fQ/v17e34a4MNnTyxMTp+7cHr6wsLcueniuUyezxc3vvf1uj/VtPD94v1su6Hig/iyt925P30+a8MXP7riQxWrtH2A6LPhs2i++fyzB1fzdez7x0JNqtD/AwAAALnY94+Hmuj/AQAAoDJi378l1ET/DwAAAJUR+/6JUNN/CahJ/1+5/P+Oi6vavvy//H/z/pL/r1n+/x1ly/8X5wv5//5Yb/6+Dvn/Va0o/y//L/8v/y//Tx+ULf8f+/6tWeb3/wAAAFBRse/fFmqi/wcAAIDKiH3/NaEm+n8AAACojNj3Py/UpCb9v/y//L/8v/y//H/n7cv/Dyb5/+5Klv+faF8g/7/5+f+sXvn/S/0c/ybk/7c2fyH/TxmVLf8f+/5rQ01q0v8DAABAHcS+/7pQE/0/AAAAVEbs+68PNdH/AwAAQGXEvn97qElN+n/5/3Xl/1PmanDz/8WW5f/l/+X/5f+rQv6/u5Ll/5eR/9/8/L/r/w9U/r+F/D9lVLb8f+z7nx9qUpP+HwAAAOog9v0vCDXR/wMAAED5jF7Z3WLf/8JQk2X9/xVuAAAAANh0se+/IWsLgtfk9//y/67/X9rr/4/J/8v/F8qf/x/J5P/LQ/6/O/n/HvqR/78k/y//L/8v/09Utvx/3vdnE9mLQk1q0v8DAABAHcS+/8ZQE/0/AAAAVEbs+38l1ET/DwAAAJUR+/4doSY16f/l/yuT//9Z80tXify/6//L/wflz/+7/n+ZyP93J//fg+v/y//L/8v/01cLHTulzcv/x77/plCTmvT/AAAAUAex77851ET/DwAAAJUR+/5fDTXR/wMAAEBlxL5/Z6hJTfp/+f+S5/9jcrSO1/+X/5f/D8qc/5+Q/y8d+f/u5P97kP+X/5f/l/+nrxa+X7yfbbdZ+f/Y97841KQm/T8AAADUQez7XxJqov8HAACAyoh9/0tDTfT/AAAAUBmx758MNalJ/7+W/P/QJfn/lVzl6/+Pr+L6/y3k/zcl/z8q/1+oU/4/k/8vHfn/7uT/e5D/l/+X/5f/p6/Klv+Pff8toSY16f8BAACgDmLfvyvURP8PAAAAlRH7/ltDTfT/AAAAUBmx798dalKT/t/1/wci/5/J/w9E/t/1/wP5/87k/zeG/H938v89yP/L/8v/y//TV2XL/8e+/2WhJjXp/wEAAKAOYt9/W6iJ/h8AAAAqI/b9Lw810f8DAABAZcS+//ZQk5r0//L/8v/y//L/8v+dt7/h+f9L8v/9IP/fnfx/D/L/8v/y//L/9FXZ8v+x739FqElN+n8AAACog9j33xFqov8HAACAyoh9/52hJvp/AAAAqIzY90+FmtSk/5f/l/+vZv7/P+X/u2xf/r+k+X/X/+8L+f/u5P97kP+X/+9H/n8sLJD/l/9n0/P/8f1a/Dr2/XeFmtSk/wcAAIA6iH3/3aEm+n8AAACojNj3T4ea6P8BAACgMmLfPxNqUpP+X/5f/r+a+X/X/++2/XXl/1+69Ljy/wX5/3KR/+9O/r+Hfub/t8j/1zb/v67r/4/J/1Mpm53/b/869v17Qk1q0v8DAABAHcS+f2+oif4fAAAAKiP2/ftCTfT/AAAAUBmx778n1KQm/b/8v/y//L/8v+v/d96+/P9gkv/vrv/5//gU5f9d/1/+vz/5f9f/p1rKlv+Pff+9oSY16f8BAACgDmLfvz/URP8PAAAAlRH7/gOhJvp/AAAAqIzY9x8MNalJ/y//L/8v/y//L//fefvy/4NJ/r871//vQf5f/n+A8/+NuSX/T9mULf8f+/5DoSY16f8BAACgDmLf/8pQE/0/AAAAVEbs+38t1ET/DwAAAJUR+/5fDzWpSf8v/y//L/8v/7/J+f+xXvn/cfl/+f81kP/vTv6/B/l/+f8Bzv+vcP3/a8PN8v9sirLl/2Pff1+oSU36fwAAAKiD2Pf/RqiJ/h8AAAAqI/b9rwo10f8DAABAZcS+/3CoSU36f/n/Dcr/x4Xy//L/8v+u/y//f1XJ/3cn/9+D/L/8f/Xy//2+/n/7t+lE/p9Oypb/j33/q0NNatL/AwAAQB3Evv/+UBP9PwAAAFRG7PtfE2qi/wcAAIDKiH3/a0NNatL/y/+7/v/m5//HWsYu/790P/n/gvy//P9ayP93J//fg/y//L/8v+v/01dly//Hvv91oSY16f8BAACgDmLf//pQE/0/AAAAVEbs+98QaqL/BwAAgMqIff8bQ01q0v/L/8v/b37+3/X/5f8L8v/y//0g/9+d/H8P8v/y//L/8v/0Vdny/7Hv/81Qk5r0/wAAAFAHse9/INRE/w8AAACVEfv+N4Wa6P8BAACgMmLf/+ZQk5r0//L/8v/y//L/8v+dty//P5jk/7sbsPz/L64Ly+X/C/L/5R7/WvP/o21fX5X8/w9Wyv8vbmm/v/w/V0PZ8v+x739LqElN+n8AAACog9j3vzXURP8PAAAAlRH7/reFmuj/AQAAoDJi3/9boSY16f/l/xvjWEovy//L/+cL5P/l/+X/B5b8f3cDlv93/f828v/lHr/r/8v/s1zZ8v+x7397qElN+n8AAACog9j3Pxhqov8HAACAyoh9/ztCTfT/AAAAUBmx739nqElN+n/5f9f/l/+X/5f/77x9+f/BJP/fnfx/D/L/8v9ly///l/w/g61s+f/Y9z8UalKT/h8AAADqIPb97wo10f8DAABAZcS+/7dDTfT/AAAAUBmx7393qElN+n/5/0HJ/0/K/68x/z8elsn/y//L/9eL/H938v89yP/L/5ct/+/6/wy4suX/Y9//nlCT1ff/E6teEwAAALia2n+dlMS+/3dCTWry+38AAACog9j3/26oif4fAAAAKiP2/b8XalKT/l/+f1Dy/67/n7n+v/x/2/OR/5f/72Tj8v/xzLOm/P+WXtuX/5f/l/8f3PHL/8v/s1zZ8v+x7//9UJOa9P8AAABQB7Hvf2+oif4fAAAABkKn/5PdLvb9R0JN9P8AAABQGbHvPxpqUpP+X/5f/l/+v6T5/7/Y9S/f/dZbj+6R/5f/l/9fkw29/n/j4Hf9f/l/+f9E/l/+X/6fdmXL/8e+/1ioyVLj92YX+AcAAIDBFvv+Pwg1qcnv/wEAAKAOYt9/PNRE/w8AAACVEfv+2VCTmvT/8v+bmP8fzbJM/l/+v4LX/4/7Y5Dy/1NbBij/H0+68v8dbWj+/11LOXH5/7Xm/8c7Lm3P/w/J/7eQ/1/z+L+ZZdmGjf/iv8r/y//Trmz5/9j3z4Wa1KT/BwAAgDoIff/wiaIu3aD/BwAAgMqIff/JUBP9PwAAAFRG7PvfF2pSk/5f/t/1/+X/5f9d/7/z9kub/3f9/67k/7srT/6/M9f/l/8f5PG7/r/8P8uVLf8f+/75UJOa9P8AAABQB7Hvf3+oif4fAAAAKiP2/R8INdH/AwAA/8/efTxZXpd7HD8NTc1MUbfq7u7iLu7du3LNQlYu9A9wwYaFlqEUVMyJwRwx54CWihgwgCImzAlMKGJExSxiwoSojMX08zzTPf3r3+meOd3nd77f12vhIy3jaS0EPoxvvkAzcvc/PG7pZP/r//X/Tfb/h/T/Y5+v/9f/t0z/P07/P4f+X/+v/9f/s1BT6/9z9z8ibulk/wMAAEAPcvdfELfY/wAAANCM3P0Xxi32PwAAADQjd/8j45ZO9r/+X//fZP9/39sfevd99P87fb7+X//fMv3/OP3/HPp//b/+X//PQk2t/8/d/6i4pZP9DwAAAD3I3f/ouMX+BwAAgGbk7r8obrH/AQAAoBm5+x8Tt3Sy/0/q/9dmffb/mfHq/1vq/73/v+Pn6//1/y072P7/knt+z6f/1//r/4P+X/+v/+dkU+v/c/c/Nm7pZP8DAABAD3L3Py5usf8BAACgGbn7Hx+32P8AAADQjNz9T4hbOtn/3v/3/r/+X/+v/x/+fP3/avL+/7ie+v+Lbjr7gjuu+d9r9/L5+n/9v/5f/89iTa3/z93/xLilk/0PAAAAPcjd/6S4xf4HAACAZuTuf3LcYv8DAADACjoy+NXc/U+JWzrZ//p//b/+P/r/w/p//b/+vwX6/3E99f+n8vn6f/2//l//z2JNrf/P3f/UuKWT/Q8AAAA9yN3/tLjF/gcAAIDpGvo/Yo/I3X9x3GL/AwAAQDNy9x+NWzrZ//r//e///63/X43+3/v/+n/9fxP0/+P0/3Po//X/+n/9Pws1tf4/d/8lcUsn+x8AAAB6kLv/6XGL/Q8AAADNyN3/jLjF/gcAAIBm5O5/ZtzSyf7X/3v/X/+v/z/4/n/jd7b6/xP/rer/F0f/P07/P4f+/3T7+bP0//p//T+b7bH/v2vkd9sL6f9z9z8rbulk/wMAAEAPcvc/O26x/wEAAKAZufufE7fY/wAAANCM3P3PjVs62f/6f/2//l//f8r9//bf9I7z/v8w/f/B0P+Pm0z/v7Y++GX9/8r3/97/1//r/9liau//5+5/XtzSyf4HAACAHuTuf37cMrL/9/wX8wEAAIClyt3/grjFz/8DAADAysvqLHf/C+OWTva//l//r//X/x/8+/+r3/9fu+n70/9Pi/5/3GT6/x3o//X/q/z96//1/2w3tf4/d/+L4pZO9j8AAAD0IHf/pXGL/Q8AAADNyN3/4rjF/gcAAIBm5O5/SdzSyf4f7v9P/OuT7v9PjoRn+v+k/2+7/89/R/3/aP9/rvf/+6T/H6f/n0P/r//X/+/U/x+Z9+P1/wyZWv+fu/+lcUsn+x8AAAB6kLv/ZXGL/Q8AAADNyN3/8rjF/gcAAIBm5O5/RdzSyf73/r/+X/+/ev2/9/83LPP9/9mB9//r+v9dWm7/v3Z3/hFU/39q37/+X/+/yt9/k/3/WbOt7/+P/F0A9P8MmVr/n7v/lXFLJ/sfAAAAepC7/1Vxi/0PAAAAq2Hz/3dg6K242ax2/6vjFvsfAAAAmpG7/zVxSzv7f/StTv2//l//r//X/w9//oMvW59Np//3/v9uef9/nP5/Dv3/fvTz6431/5ft9OOn0P9fvH/v/9973o/X/zNkS/9/3YmvL6v/z93/2rilnf0PAAAA3cvd/7q4xf4HAACAZuTuf33cYv8DAABAM3L3vyFu6WT/73v/P/J3H9D/6//1//r/aff/U3r/X/+/W/r/cfr/OfT/3v/3/r/+n9O36U8Zt/T/myyr/8/d/8a4pZP9DwAAAD3I3f+muMX+BwAAgGbk7r8sbrH/AQAAoBm5+98ct3Sy/73/r//X/+v/9f/Dn6//X02n1d+fof8v+n/9v/5f/6//ZwGm1v9v3f397X8AAADowVuO/+Ph+Ov19j8AAAC0KHf/W+MW+x8AAACakbv/bXFLJ/tf/7+//X9+Xf+v/5/p//X/+v8D0e37/2tDfyTabof+/4aHHL3/1q/o//X/+n/9v/6fXfrvkX9tEv3/sRN/dpm7/+1xSyf7HwAAAHqQu//yuMX+BwAAgGbk7n9H3GL/AwAAQDNy918Rt+xx/481D1Om//f+v/5f/6//H/58/f9q6rb/3yXv/8+h/9f/6//1/yzUJPr/Tb+cu/+dcYuf/wcAAIBm5O5/V9xi/wMAAEAzcve/O26x/wEAAKAZufvfE7d0sv/1//p//b/+X/8//Pn6/9Wk/x+n/59jlfr/K06j/18f/vKy+/nTtezvX/+v/2e7qfX/ufuvjFs62f8AAADQg9z9741b7H8AAABoRu7+98Ut9j8AAAA0I3f/++OWTva//l//r//X/+v/hz9f/7+a9P/j9P+z2eyqkW9gqP8/dmia/b/3/yf3/ev/9f9sN7X+P3f/B+KWTvY/AAAA9CB3/1Vxi/0PAAAAzcjdf3XcYv8DAABAM3L3fzBu6WT/6//1//p//b/+f/jz9f+rSf8/Tv8/xyq9/6//n9z3r//X/7Pd1Pr/3P0fils62f8AAADQg9z918Qt9j8AAAA0I3f/h+MW+x8AAACakbv/2rilk/2v/9f/6//1/wP9//H/qev/9f+raP/6/5n+X/+v/59D/6//1/9zsqn1/7n7PxK3dLL/AQAAoAe5+z8at9j/AAAA0Izc/R+LW+x/AAAAaEbu/o/HLZ3sf/2//l//r//3/v/w5+v/V5P3/8fp/+fQ/+v/9f/6fxZquP+/eGn9f+7+T8Qtnex/AAAA6EHu/uviFvsfAAAAmpG7/5Nxi/0PAAAAzcjd/6m4pZP9r//X/2/t/2cz/b/+X/+/YaD/v/nOy/+rfnkB/f/hmf5/4fT/4/T/c+j/2+z/z5g11P8f2fHH6/+Zoqm9/5+7/9NxSyf7HwAAAHqQu/8zcYv9DwAAAM3I3f/ZuMX+BwAAgGbk7v9c3NLJ/tf/6/8X/P7/becPfB/6/w36/5Xv/73/vwL0/+P0/3Po/9vs/73/r/9naabW/+fu/3zc0sn+BwAAgB7k7v9C3GL/AwAAQDNy938xbrH/AQAAoBm5+78Ut3Sy//X/+v8F9//e/9f/6/93oP8/GPr/cfr/OfT/zfX/+Wf3+n/9P8sxtf4/d/+X45ZO9j8AAAD0IHf/9XGL/Q8AAADNyN1/Q9xi/wMAAEAzcvd/JW7pZP/r//X/+v/V7P8Pb+n/z5zp/0/8+vr/vk2l/z/nnPvdqP/X/+v/l9//e/9f/89yTa3/z93/1bilk/0PAAAAPcjd/7W4xf4HAACAZuTu/3rcYv8DAABAM3L3fyNu6WT/b+//z5ptFKobhvr/aNT0/5vo/7d+//r/4d8+vP+v/9f/77+p9P/e/z+171//r/9f5e9/T/3//2//8fp/WjS1/j93/41xSyf7HwAAAHqQu/+bcYv9DwAAAM3I3f+tuMX+BwAAgGbk7r8pbulk/3v/X/+v/9f/6/+HP1//v5r0/+P0/3Po//X/3v+/8IFn6v9ZnKn1/7n7vx23dLL/AQAAoAe5+2+OW+x/AAAAaEbu/u/ELfY/AAAANCN3/3fjlk72v/5f/6//1//r/4c/X/+/mvT/4/T/5eT/aBv66f8PD31x2f386Vr2999M/+/9fxZoav1/7v7vxS2d7H8AAADoQe7+78ct9j8AAAA0I3f/D+IW+x8AAACakbv/h3FLJ/tf/6//b7//P1//f9Ln6//1/y3T/+cf0Yfp/+fop/8ftOx+ftW/f/2//p/tptb/5+6/JW7pZP8DAABAD3L3/yhusf8BAACgGbn7fxy32P8AAADQjNz9P4lbOtn/+v+++v+1WY/9v/f/9f/6/57o/8fp/+fQ/+v/9f/6fxZqav1/7v5b19a73P8AAACwqh5wr4fdsttf99bj/3h49tO45dzZsV3+NDYAAAAwcffs/rX12exnx3/Jz/8DAABAi3L3/zxu6WT/6//76v/7fP9f/6//1//3RP8/Tv8/h/5f/6//1/+zUFPr/3P3/yJu2TT81vf8nxIAAACYktz9v4xbOvn5fwAAAOhB7v5fxS3b9r+/HSAAAACsqtz9v45bOvn5f/3/xPv/2T71//Hr6f836P/1/0Ofr/9fTfr/cafZ/x9b0//r/0fo//X/+n9ONrX+P3f/b+KWTvY/AAAANGrLX1HI3X9b3GL/AwAAQDNy9/82brH/AQAAoBm5+2+PWzrZ//r/A+//M1Xfx/f/j9Q/8/5/5/3/pYcHP1//r/9vmf5/nPf/59D/t9L/H9L/6/+Zhqn1/7n7fxe3dLL/AQAAoAe5+38ft9j/AAAA0Izc/X+IW+x/AAAAaEbu/j/GLZ3sf/3/xN//P6X+fxfv/+v/++j/d/j8dvr//zn76PXnPejqK/X/nHCQ/X/+tnDA/f+hvf57bqb/n0P/30r/7/1//T8Tsfj+f33LF/fa/+fu/1Pc0sn+BwAAgB7k7r8jbrH/AQAAoBm5+/8ct9j/AAAA0Izc/X+JWzrZ//p//f9U+v/873oJ/f/RU+7/j8xms6X0/9kU997/e/9f/7+d9//H6f/n0P/r//X/+n8WavH9/9Yv7rX/z93/17ilk/0PAAAAPcjd/7e4Jff/2p7/0j0AAAAwMbn7/x63+Pl/AAAAaEbu/jvjlk72v/5f/z+V/j95///Ej2vr/f/zKk7ts///v/pn+v/9pf8fp/+fQ/+v/9f/6/9ZqKn1/7n7/xG3dLL/AQAAoAe5+++KW+x/AAAAaEbu/n/GLfY/AAAANCN3/7/ilk72v/6/1f4/i3j9v/5/Kv2/9/+9/38w9P/j9P9z6P/1//p//T8LNbX+P3f/fwIAAP//krZdRQ==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0xc4042, 0x1ff)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x2000, 0x0)
unlinkat(0xffffffffffffff9c, &(0x7f0000000c40)='./file1\x00', 0x0)
sendfile(r0, r1, 0x0, 0xff7e82)
truncate(&(0x7f00000000c0)='./file1\x00', 0x8008)

2.439856486s ago: executing program 2 (id=111):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x54}}, 0x24008844)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000005c0)={'gre0\x00', <r1=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000600)=@newtaction={0x68, 0x30, 0x301, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x6, 0x5, 0x1, 0x1, 0x80000000}, 0x4, r1}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x0)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4081}, 0x2400c000)

2.432004097s ago: executing program 3 (id=112):
r0 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r0, &(0x7f0000000400)={0x18, 0x0, {0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x2d}, 'team0\x00'}}, 0x1e)
r1 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r1, &(0x7f00000002c0)={0x18, 0x0, {0x2, @local, 'xfrm0\x00'}}, 0x1e)
r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000100), 0x80202, 0x0)
ioctl$PPPIOCATTCHAN(r2, 0x40047438, &(0x7f0000000040)=0x2)
ioctl$PPPIOCBRIDGECHAN(r2, 0x40047435, &(0x7f0000000200)=0x2)

2.279657186s ago: executing program 3 (id=113):
syz_mount_image$ntfs(&(0x7f000001f1c0), &(0x7f000001f200)='./file0\x00', 0x200005, &(0x7f0000000040)=ANY=[], 0xfe, 0x9e9, &(0x7f0000000c80)="$eJzsnU9sG1kdx78zduK0TVsnlFUWDp0ia1UJVFmwK3Gr88dpXaVNNnGqcqF1qbsNzcbe2BVbVLHmtohLjmgv2+MKcYgEByQktAcOXCq4gBDiwGFvvfTGClC98pv3xvM3cez89e/7kdo3fp5582a+fo6/789vXi5v3SrPrziO4yBrweVLBGihhbZ+L63z2jrtZDsA/vPJz699u/GX2ak//e2/5y7+8YNnv/nW580zt3937g8ZvMj+8OWr737x4o0Xb758XX601nDWGs5GrelUnPu1WrNyf73qPFhrPL7iLK1XK42qs7bRqG4G3n64XqvXnzqVjQdnT9c3q42GU9l46jyuPnWaNae5+dSpvFdZ23CuXLninD2NHnm71x2HltVfH3UNCCGEEEIIIYQQQgghhBBCCCGE7A/tNjKd9OpRV4QQQgghhBBCCCGEEEIIIYQQQgghfTNfWijmccp7bcHCdVj4zAKQ7e5n1v2PJZTT2fWe2ppS/1/3tnZmtMd65gE88sq3cUNtWRhReSNolfMbv3z9DyspxbYOYKBTc950KoebmEdZv27pulso6OgGLjd0WjAZ2/qO3AumE1fTl8avWtgOlJOKXI8p57pOs6F0wrJV2m632z3eoj5IUpPIgPrLhvrL4XVMHvWXDfWXDfWXDfWXzVii/38U8v8p7YbthJKyGI31/7v58lj/b0WzOv6/7pVvY3mv/t8Ybp2a8455/v8m1rCJTZ2f1A+QChaDcLkmvZR2bfvB+vdBSVKTyID6y4b6y4b6y4b6y4b6y4b6Dz//28F/2hH/bwf9//gbOj+lPy3J/j9u/L+dAY6J//dmMLip3/8voIb3MI81rKOq85P8v4mT4Pn/ULkmvVRIqYOOxv9b6d72Y/sfcr6IaUo+qP9wkOnzOOovG+ovG+o/RPQ6ldYH9ZcN9ZdN1P8XlO+18Co0/j/q6wOII+vNZXf9f77P8f/gPH8LS3v2+UFM+ZlUDrdRwzqe4H1UVbkt7zw2HnhnTLc612HWA1wI9HtcwKfWJCz3LCOT+niV5+4w4gBwbAT2Cb8H3VeS986fxqTeauApforHqGBd9UaY+Qh1AJe9/UcwHlpfkbLOq7Tl5U95sxWmEvsh2P5lQ/1lQ/1lQ/1lQ/1lQ/1lQ/1lE/X/aT3+//xMdP1/2vvElCMl7af/H2ic3zz9X6f+cf5pNNHEJuZQxUOdH+wHSO3SD/C21w/wC0T7AVTeHvsBlF8/bc5vPbPUVQI5rKCMadzCHKaxjDncRQm3MI9FLOMmplFGCYu4tSe9wyS3f5/0qk8or7dNvIKcqkEZyyhhBqsoo4i7WEBJ1fvgcXzbLd92W5PDPEpYULW6hWncRPFQ1zvlfdszAObMtr7lOSxiBjdQxCzKStu5Xordt8d0uPNXbN+2xjL1W1F1W1UKl/ED3MUciljBrMpZQll9Evef6NSVeH1vYxELWFXK+jU+HO75tgu+lmTWB4Xrt/9td2fqofqN6+1xr36d7xUb0wdYh51oJeR39S2p774i7uAulrGIxUP5XjFs+bYLu9ZvGgtYwCJmD0XbDs992/HtY0a1286nbSmxlIP7/be9a/2WUcSS+tu2olrIEhbVPT0clT9PqJ8RO4cipo+g3Rr+GqqS+ctlUrd+g9K//v9OfMf9A5JT7eEarqGofrusqnu34P0tWVG/HYrqW/tA8I0EtZLeOMYczrxR+j/ZUH/ZRP3/iPL/KWRtoH2+u+eo9qWZgLPpspv/n3nnnQ/8qcl/K1ROPrCOwFKuaMDxf2VlrdQV9XopMK+/+/k3B3q/9bTB/E42mE7Ysyrt/D6809lIu/0G39eHdH4Xfg95dR2WvjFmKsVl/c/vradC0QGzuo5WuqDveJDr/h1jUnP+Ccv1Qttm3kDanWcwFqhnxrvu4x2ngBwM/c4bJ8MB9ZcN9ZcN9T/56A61j/o5lvrLhvrLJhPx/6N6/P9eTPy/0T2v/9/f+H/++P97Xhegr6XgXae+A6kcZrCGJt5HBfXEdf+Ggv+CY8L/TVjzKj0Zfpr9f7Kh/rKh/rKh/rKh/rKh/rKh/rKJjv9ntP//c8zz/zIHvP4/HePzF/bq883EcJ2a8keUz6+hhqZ6fXjz/i+ay4vM+4/rZ0iahxBOJ3Q5g/UzsP3LhvoPMdGHjkag/rKh/rKh/rKh/rKh/rKJ+v8x7f8/jvH/Y0c8/t+NC5DqI/5/EH9cgBlU8ACzKjZgA66fDsbRs72tlm9+/ie+AHyv9Rm8+fmvLgZTjTmb3XYPONp5Amz/sqH+sqH+sqH+sqH+J5+kSCq9QP0lkY6Ev6L+son6/1PK/5/C7+2g/x9R73WOKMWWNID/d8JlWbvO/9+X5wKo82ZSOaygih/hCTZRVS2ku/6+2z7MeHx3/b0bp+z/CKad0uawgonpa+r1lomFpOMEbHnr7zv7uaVNIhgnoOX7Vp9SMxA61+823ndzv1X3x6Rmv2cASihF9n81mfoSVkan3et397cD+tm6vs/RjRfQ8tW3pLXPhupb98Ubu6DPf9nEcbMQe+7wfknXFK7fyVhXcVLg979sqL9sqL9sqL9sqP9w0dsjILu/oam/bKL+/7Qe//8sZvz/9LFZ/5/qw//b3jUjtP5/FXXMooIGqonz8s0ofiHmHvrTS87HKjXlYMSdP+DoOHw5lLCBh6jpo0znx/jaNx//5Gf/+me49IP1u2z/sqH+sqH+sqH+sqH+sqH+UohXmvqfdHpY5LkDUf9/Rsf/37Kj8f/OHJL/73n8/6PBnwvQ8f9FfIgmqtjAAzX+/aFlxr9t3LF2j+t/3XL/dXjTvQLc008JOqP/32v93tJdA6OpHBZxHz9GyYtRsH/l26r8d/FExUWoAPiGLv+RfrbboPUfS+WwjCrqqGBT9bBEPzcWx/UPh8jjJPj9f+IZ6HFW1F821F821F821F8UEbmpv2yi/n9ceXcL+Zj4/+MHHP8Pkbh8ds9x+T61onH5VF4/z+P3zm95W8PpT9n+ZWP3NmGMDCls//LwrRcebPCAnHjY/mVD/WVD/WUT9f9nd/D/Z+n/hwy2f8FEosEQabD9DwtfP9fPUdRfNtRfNtRfNtRfNlH/f24H/3+O/n/IYPuXDfUfYvj8P7IL1F821F821F821F82Uf9/fgf/f57+f8hg+5cN9ZcN9ZcN9ZcN9ZcN9ZcN9ZdN1P8bH/8rBP2/5R0Rz375/+H02ccVtn/ZUH/ZUH/ZUH/ZUH/BZKm/ZDJs/+KJ+v8J+v8hIr3L+2z/sqH+sqH+sqH+sqH+sqH+sqH+son6/0n6f0Gw/cuG+suG+g851b/v+Db1lw31lw31lw31l03U/3+N/l8QbP+yof6yof6yof6yof7Dxt4Upf4nhK8CAAD//50vE3k=")
openat(0xffffffffffffff9c, 0x0, 0x1e17c3, 0x199)
r0 = getpid()
sched_setscheduler(r0, 0x2, 0x0)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
r2 = fanotify_init(0xf00, 0x0)
fanotify_mark(r2, 0x1, 0x10001011, r1, 0x0)

2.279334186s ago: executing program 2 (id=114):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x6a855000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x19)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000fed000/0x13000)=nil, &(0x7f0000ff5000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000fe9000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
io_uring_setup(0x4fee, &(0x7f0000000040)={0x0, 0x1c57, 0xc000, 0xa, 0xd5})
mremap(&(0x7f000000d000/0x2000)=nil, 0xfffffffffffffe74, 0x1000, 0x3, &(0x7f0000007000/0x1000)=nil)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)

1.625059445s ago: executing program 3 (id=115):
pselect6(0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x77359400}, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a010400000000000000000100000008000240000000020900010073797a3000000000140000001100"], 0x50}}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000009006000000000000000000000a3c000000090a050600000000000000000100000008000a40000000000900020073797ab1000000000900010073797a3000000000080005400000001414000000110001"], 0x64}}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000600)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000009006000000000000000000000a3c000000090a010400000000000000000100000008000a40000000000900020073797a31000000000900010073797a300000000008000540000000141400000011000f"], 0x64}}, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

1.125693514s ago: executing program 4 (id=116):
r0 = socket(0x2a, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000005c0)=@newqdisc={0x24}, 0x24}}, 0x0)
getsockname$packet(r0, &(0x7f0000000180)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000600)=@newtfilter={0x4c, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {0xfffa, 0x4}, {}, {0x1c, 0xfff9}}, [@filter_kind_options=@f_flower={{0xb}, {0x1c, 0x2, [@TCA_FLOWER_KEY_ETH_TYPE={0x6, 0x8, 0x86dd}, @TCA_FLOWER_KEY_IP_TTL={0x5, 0x4b, 0x3}, @TCA_FLOWER_KEY_IP_TTL_MASK={0x5, 0x4c, 0x8}]}}]}, 0x4c}}, 0x24000000)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0)

1.055717898s ago: executing program 2 (id=118):
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x38, &(0x7f0000000000)=0x8000, 0x4)
setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000140)=ANY=[], 0x8)
bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
setsockopt$inet6_IPV6_DSTOPTS(r0, 0x29, 0x3b, &(0x7f0000000080)=ANY=[], 0x8)
recvmmsg(r0, &(0x7f0000000b00)=[{{0x0, 0x0, 0x0}, 0x3}], 0x1, 0x10002, 0x0)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c)

993.727751ms ago: executing program 2 (id=119):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000300)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(aes-aesni)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r1 = accept4$alg(r0, 0x0, 0x0, 0x80800)
sendmmsg$alg(r1, &(0x7f0000001940)=[{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000040)="d1", 0x1}], 0x1, &(0x7f0000000940)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x50}], 0x1, 0x4010800)
io_setup(0xff, &(0x7f0000000380)=<r2=>0x0)
io_submit(r2, 0x2000000000000225, &(0x7f0000001440)=[&(0x7f0000000200)={0x1000000, 0x0, 0x700000000000000, 0x0, 0xfffb, r1, &(0x7f0000000340), 0x2d}])

863.352929ms ago: executing program 2 (id=120):
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000080)=0xb0000)
r1 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r1, 0x7a7, &(0x7f0000000080)=0xb0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r1, 0x7a0, &(0x7f0000000000)={@my=0x0, 0x1})
ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000240)={@local})
ioctl$IOCTL_VMCI_DATAGRAM_SEND(r0, 0x7ab, &(0x7f00000000c0)={&(0x7f0000000780)={{@my=0x0, 0x4}, {@local, 0x80000001}, 0x400, "982cbf5250a16070f462a33e81487dc2c89a71670d229a4958c91e934bf250b89ac9eb14f62abbceaa2758e59adbb3713426bfa62100d3cfb9fc3e2a1115a1c4c3e1fcb0811f30fe8a04c5a366bac1fe2ba60d3dc986fabef91bea03b79aa38665585ff12f61ddc9e602bb8e451e172e317ad7fa1308662d371cf74cd9d62fb3173f6ded9926ef88aa62e0af52fdc97cf474500c4364bd747d83e242c4de11c30f7f8507b60dac9ffa855914a4f010a793e5a463ca1431db2098d45f83805250f07edaca08852a27ab7df82a0c9165b5347c7f0d70473a6faa22a2c151583ed7d6b204c3a8fca9434b6c537f45511e1647cf34fc9af714f395b3ee99c950afd1f687d67a71a01a83a8e8d585b5a6b8f34ceb8a4253596f57ca4a4ecd8d194ef11d3592e389de788da42dde388f36c4e02e422851971f6d4c5673d986c047ab8e32b937594bc35b281cc0cdffd1876f5848a9a4a36335e584495e6a7be7c09fec288447e204c2e2e87717d2b425fc93d23459384ae3b1242050e044b1c2cd303dc6c59facc0ff3c66a44c0fbb95dbf237870ac88764be9d3491e5e46402f099b7cdcf9836670875ed0fdf96bbd3350e82da2e5ae5a1f8345e98bf3edafa8db44ee7aa0372eaebf9635a467c4570c2a779fcea3c543760329bb41a7c72f3dca444c2897bb7dda830b9fdd934483d90d7463f83185ee689f89b4960508f8130eb6cfa7e2ec8b7cc518312005d7825258801c46b5245ec6795248813b3bfac6e04039081da5a9c9a80637866f78039e7fde0b0362a09f827e98602028a0159a00f6a1e8c73c3ab00b73b3b0895a5bcb5aa5c4b6b0d9668ffdb9f3b11f2b213daf1088508fbf545c3a5d9e6ec9debc4648268879aec54059e0b3bb296ab1ea775b42d9b206e2f759e80ce47a9c5de8d753f6463856cc0ad94cff563e27621d137a0b61983bb49a795bc283956894b1ec4efc55dda0c62bc61c76f09fae24e5676bb73db392089477ec21b61534d84f912bbe5c8bea4167a5018317f5292561c9f76bfb969d7d67b26e9ddfe95cace6fbc5898b91396bf1c9a1cae3ce01cf8264f53e7c5c58bce6b9328f320a274f47f92d87f529ee2f9dce9a7711be65fe0f8787578809e365bca178f40a1813ebf5011233880108f4aa2d70a2a861a2849d878bed392b5fad306a26b35f25681cf5277b6573a53890dbabff34dee29a15ff56c86a0e422e67e36838384871197a759cccd3df30f4a4f4fb41a702334b92a0512569f9e197d75337e2baf6990ce3a556c56e26fc471054fe2ebd641212f86263804721e9bdeb88308bdecb531e247a8408fe85fbd261e7f8c190587a4d2710bbeb01749a5bd10249f4a3f87dcaf074ae948f0cd1483033b6b9f13fba50510522a4f81ab686b6515b7b7bd7d8f0e28320fd7fdc982f13c95195b7ac3e2f9ccbe097325"}, 0x418, 0x800})

755.709966ms ago: executing program 2 (id=121):
write$UHID_INPUT(0xffffffffffffffff, &(0x7f0000000080)={0xfc, {"a2e3ada0ed0d09f91b5e071887f70e09d038e7ff7fc6e5539b0d500a8b089b3f38336e030890e0879b0a71c6e70a9b334a959b669a242f0a0af3988f7ef319520100ffe8d178708c523c921b1b5b31070d0773090acd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b2f38f0106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f330000000000000003d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9870af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006)
r0 = syz_usb_connect(0x5, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000780)={0x84, &(0x7f00000004c0)=ANY=[@ANYBLOB="00000100000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$rtl8150(r0, &(0x7f0000000100)={0x14, &(0x7f0000000840)=ANY=[@ANYBLOB="20080200000002"], 0x0}, 0x0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$EVIOCGMASK(r1, 0x5b02, 0x0)

655.781131ms ago: executing program 3 (id=122):
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000100)={0x0, 0x4}, 0x8)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000180)=[@in={0x2, 0x4e21, @empty}], 0x10)
setsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000040)={0x0, 0x5}, 0x8)
sendmsg$inet_sctp(r0, &(0x7f0000000140)={&(0x7f0000000980)=@in={0x2, 0x4e21, @local}, 0x10, &(0x7f0000000380)=[{&(0x7f00000001c0)='N', 0x1}], 0x1, 0x0, 0x0, 0x804c040}, 0x4000891)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000200)={0x1, &(0x7f0000000000)=[{0x6, 0xe9, 0x9, 0x7}]}, 0x10)
setsockopt$inet_sctp_SCTP_ADD_STREAMS(r0, 0x84, 0x79, &(0x7f0000000080)={0x0, 0x101, 0x7}, 0x8)

514.20311ms ago: executing program 3 (id=123):
syz_mount_image$ocfs2(&(0x7f0000004740), &(0x7f0000004780)='./file0\x00', 0x100000a, &(0x7f00000002c0)={[{@journal_async_commit}, {@heartbeat_none}, {@usrquota}, {@barrier={'barrier', 0x3d, 0x7}}, {@heartbeat_none}, {@inode64}]}, 0x1, 0x4703, &(0x7f0000004800)="$eJzs212IXFcBB/BzJ6vZpMl2P9ImafoxSQQXLcumT9X6ENeqjabNh7bVVFlnN9vN6uzMujujBYPUIIiCoARBxQ+qQulLLYiBvtQiFPxAWoVSUbS+iBSq4INBG+jKzNybnXtntneyk7S0/f2gnb3n3nPumf3vPXfOPZNCrHZqYaW4sFIsVYrV2ftXbil+rlquL86FwqvktT4/vbkSOcn+tXPkfR/4yD23hPCHY1/70Orq6mpoGA5dHWj7+fy/T8+2vyYKmTqNdru31vLH+iMv/fwtr3REnhMhhB0d/WrYFEL42C9C2BxCGInLRuPXLSGEbSGEKITw6G/+9ePBfrrQ5uy9Lzx37MzhfWemHn/smQvzR9c9MArhu+XdN88vvrh/023Pv+MynR4AAF7RB48fufvo5IHwZBSGzg10fl7fGb8mn4/vfNun7np4YG3/Kr3Z9CqGCgAAABlr8//h6OUu63XJylqyJPjEAyfufipa229i+/p26K4jt79/8kC8/ht17L81Lvrnezc111Cz677Z9d+RTP3u679r53n4q8/+svLWjfc/6V9y3uEQFSZS24XCxEQIx6Za27uirYVydaX2zvur9crJjZ/3jSKdf3b1fm1Bv9f8RzPV89b/d3/i8z/bMtDPOxgL2b/axnax80+ZLtL5rz+W/+RLUU/5j2Xq5eV/x9Pbz/9qcz/vIHtGLkU6/9aFuK/9gGJrAGjk/82B/Px3ZNrPy//7U+cePbGB7/80xpnhqNHXwdQI8HJcvs5XmMhI598KIjV0xr/I9a7//2XyvybTfl7+d1b/8bu/9XH/X2/8H5/qp803j3T+rSCKqSPWrv+RQv71f22m/bz8f3vqz89+sq97dWf+jf6Pu//3JJ1/fCNOD57N32Sv4//OTPt5+e8au++hhQ30+8Nb4n4ORWGs7Vun5xq3sKG19ermlKaxe2kDJ3kTSOff+q2lLp2h1kvz+h/OH/93ZdrPy/+hPV9/z+m+vv/bffyfNP73JJ3/lmbZpeT/Uib/3Zn28/L/4em//+W+yzz+N7YPyr8n6fy3duxfe/5T6Gn+d12mft7zn32jTz3y1z7m/0n/kvMmz3+S5xDjUev5D92l879q3eN6vf/vydTLu/6/9Z/nn97fz/gfDXoC0Id0/ttahV0mgL3mf32m/bz8v3DPlz/+pw3M/5qf+AaT/Nvm/5tb5UeN/z1J57+9VZj6x1APNv/fvP9Hnbn/N5P/DZn28/K/cGhi4CuX+f7f6P94l0fZdErnP7TucY38f9/D/f/GTL28/L+496cv3tzX5/8QJs31Nyyd/9XrHte8/gfz878pUy8v/+9849dPPNhH/9/eR12y+bfu9anLKf5s3uv8v5hpPy//H42fP7v/Csz/bnX/70k6/9aq+aXkn53/7820n5f/9478YHngCjz/uUP+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGzIavw6HqDCR2i4UJiZCGIu3d4Wt0Uzp5PRMuTr7mZUQdsTlxTAazZerM6Xy9EKlenJuulQuV2dDuCbevyMMRivlam16sbR07cW2tkSn5krLtZm5Ui2EsDMuvz5sT9qaWagtlpaaxyZ1ropKn61Xa6WJ+srccth9sXxbUj6/XK0vXXexrasL1eWlU6XK9MmF5XdPTk5Ohj0X+zwSzT1Qm6vUWr1t7W3USeoOR21vprn7hrbzfbpaX66Uys3yG9vqlKuzpXJbnZvazldbrldmS7W56XJ1Pjlfsa1u23tr7t4b7xsPI6n3l9TNOhi/3n7o+EePHz7Qsb8YpfOu1BfnJrd3/5sAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4I3rydve9e0QwkBrqxBCOJj8EMX/pZy994Xnjp05vO/M1OOPPXNh/mi3YwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4PztwIAAAAAAA5P/aCFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVXYuZ+XKro4DsBnxve+FkgpbYRcBoaI6E7Cgn4RSeU1smWb1kGtEjIoCgwjWhYEQVC7qCBoFVT+BVELl62qTS1aGERQMTqTlzvCDS90zHkeGM4Mc++ZLwzcO3M+hwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALB+nN2x2JW1l3ZtXtq6+0PozM/9H0IYTZb3P+/tCD0hhK9fZk6HVdpCT1P/bybnxstXTX7v7R9/eH00WXv9xXeL63aHJB1qON6ZpOnQ0Nr736juDD6bHkxCSGMXQhQLY0/O1EIIHbELIYqfH+cvZr/v/8UuhCj6P9ztyu5/LXYhRLF196e+Wv6MR/Wcr18YbPzvb/UI3sYjOuvQ25NX3qVuauW9zN//k3zzPlgNsyeOvH8euwiimZ2bOhq7BgAA4O861yL/D1uW9+9fTkJPdzn3/9aU//c29b96/r/i3vYbYzNthRDbSmOT2fHwvnb63PhODVy9/bpmvKeq5P/VJv+vNvl/tcn/q03+X23yfzKv5P+V9PjmnsUXsYsgGvk/AABUz6HjE1P14ZHs5X/Tj85yXt+Xt/U8T39wa3rgUcO4kfzw33b42MSBg8Mj+X0vDwiurP+QLp39ns/3aG4Lk03zLlqt/9D7dGH+Wmf5E/U/nL9R1Fdc1/oPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAvdueehkEwCsPod1sRtdGqaMLCT4IPNDAiACnMaEAHEwZgIAQUMJBzlnuTZ3kBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA5/tXeV18f2mM9Foj0lR22bV/jqfZz9y3w/I+e9y4FQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADZ24EAGAAAAQJi/dR7tBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4KkAAAD//8Oayzs=")
syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x43440, 0x0, 0x1, 0x0, &(0x7f0000000040))
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x20842, 0x101)
fallocate(r0, 0x0, 0x0, 0x8ffff)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
read$FUSE(r1, &(0x7f00000025c0)={0x2020}, 0x2020)
write$FUSE_STATX(r1, &(0x7f0000000440)={0x130, 0x0, 0x0, {0x10001, 0x4b, 0x0, '\x00', {0x7ff, 0x4, 0x3, 0x5, 0x0, 0x0, 0xc000, '\x00', 0x3035, 0xfff, 0xd, 0x9, {0x3, 0x4}, {0x800080, 0x4}, {0x1e361e02, 0xfffffffc}, {0x8, 0x80000000}, 0xfffffffe, 0xaca, 0x9, 0x8}}}, 0x130)

235.635506ms ago: executing program 4 (id=124):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000003, 0x13, r2, 0x0)
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffc000/0x4000)=nil, 0x4000, &(0x7f00000002c0)='ZC\x11\xd1\xd5\x91\xc4\x04\x1d\x9b\xb6\xbaM\x86\xbc\a)\x1e\xb2;vT\x93(Z\xe6\xea\xaf\xb8i\xedN\xea\x1eT\x8f\xdd\xbd\x14\xb1F.4\xad\xe9\xb1N\xb0G2\xae\x10\xe2\x96\xb2\xa3\x16\xed\x8dp\xb6\x82\xb5\xcdo\xba6\x14\xfa\x064M\xa1\x8c\x17.~\x7f\xe3\xe8D\x90\xb6~\xa6\x13HJ\x04^\xabw\x82\x8c\xbf\xdb\xd2%\x89c\rk-I\xe6\xdc\xb6O\xa7c\xc3\x96\x02v3\x91\xc6\xa4\xb7\x18D+\x80\xfc\xa4\xd1\n\x04\x9fw4\xbb\xb2\xccE\x96>!F\xf5\xa3\xed\xea\x14 9\x16\xf3\x83\xc7\xa9\x94\x83_D\xf8D\xd0\xb8\xbdt\xd2\\FB\x01\x1a\xbf\x91\x88\xc6e\xf8+m\x93\x14\x1e{\x13?#\xf4S\xde\xb1\x84\xe2K\xfbZ\t\xa5\xeb\xd1\xc5\xb5\x90T{&\x92\x99s\xc2\x06\xc7\xb3\xbe\x11\x162\xb9\xfa\xb6vzd\x88\x87\xd3')
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000000c0)={[0x1, 0x9, 0x7, 0x3, 0x1, 0x0, 0x2, 0x8, 0x0, 0x6, 0x0, 0x2000000000000, 0x7, 0x5, 0x7, 0x3], 0x8000000, 0x59352})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

0s ago: executing program 4 (id=125):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'syzkaller0\x00', 0x2})
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r1, 0x8983, &(0x7f00000002c0)={0x0, 'syzkaller0\x00', {0x1}, 0xb5})
r2 = socket$netlink(0x10, 0x3, 0xc)
preadv(r0, &(0x7f00000000c0)=[{&(0x7f0000000100)=""/32, 0x20}], 0x1, 0x2, 0x32a)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}})

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.0.88' (ED25519) to the list of known hosts.
[   84.086043][ T5759] cgroup: Unknown subsys name 'net'
[   84.222119][ T5759] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   85.940209][ T5759] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   87.654273][ T5782] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   87.662433][ T5781] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   87.666330][ T5782] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   87.674470][ T5781] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   87.684007][ T5782] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   87.685402][ T5781] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   87.696873][ T5782] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   87.701515][ T5781] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   87.709825][ T5782] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[   87.714990][ T5781] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   87.722533][ T5782] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   87.727200][ T5781] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   87.738296][ T5782] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   87.750389][ T5782] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   87.758832][ T5781] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   87.775811][ T5782] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   87.784300][ T5782] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[   87.791842][ T5782] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   87.823998][ T5780] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   87.841121][ T5780] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   87.853162][ T5780] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   87.868348][ T5780] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   87.876469][ T5780] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[   87.886523][ T5780] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   88.335892][ T5771] chnl_net:caif_netlink_parms(): no params data found
[   88.460851][ T5772] chnl_net:caif_netlink_parms(): no params data found
[   88.486193][ T5773] chnl_net:caif_netlink_parms(): no params data found
[   88.594315][ T5774] chnl_net:caif_netlink_parms(): no params data found
[   88.649151][ T5771] bridge0: port 1(bridge_slave_0) entered blocking state
[   88.657409][ T5771] bridge0: port 1(bridge_slave_0) entered disabled state
[   88.665074][ T5771] bridge_slave_0: entered allmulticast mode
[   88.672581][ T5771] bridge_slave_0: entered promiscuous mode
[   88.706915][ T5771] bridge0: port 2(bridge_slave_1) entered blocking state
[   88.714650][ T5771] bridge0: port 2(bridge_slave_1) entered disabled state
[   88.721910][ T5771] bridge_slave_1: entered allmulticast mode
[   88.729508][ T5771] bridge_slave_1: entered promiscuous mode
[   88.816623][ T5771] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   88.828413][ T5771] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   88.866114][ T5772] bridge0: port 1(bridge_slave_0) entered blocking state
[   88.874361][ T5772] bridge0: port 1(bridge_slave_0) entered disabled state
[   88.881619][ T5772] bridge_slave_0: entered allmulticast mode
[   88.889267][ T5772] bridge_slave_0: entered promiscuous mode
[   88.898408][ T5772] bridge0: port 2(bridge_slave_1) entered blocking state
[   88.905885][ T5772] bridge0: port 2(bridge_slave_1) entered disabled state
[   88.913372][ T5772] bridge_slave_1: entered allmulticast mode
[   88.920576][ T5772] bridge_slave_1: entered promiscuous mode
[   88.949839][ T5773] bridge0: port 1(bridge_slave_0) entered blocking state
[   88.957127][ T5773] bridge0: port 1(bridge_slave_0) entered disabled state
[   88.967433][ T5773] bridge_slave_0: entered allmulticast mode
[   88.974827][ T5773] bridge_slave_0: entered promiscuous mode
[   89.005761][ T5774] bridge0: port 1(bridge_slave_0) entered blocking state
[   89.016042][ T5774] bridge0: port 1(bridge_slave_0) entered disabled state
[   89.024782][ T5774] bridge_slave_0: entered allmulticast mode
[   89.036099][ T5774] bridge_slave_0: entered promiscuous mode
[   89.044075][ T5773] bridge0: port 2(bridge_slave_1) entered blocking state
[   89.051252][ T5773] bridge0: port 2(bridge_slave_1) entered disabled state
[   89.062028][ T5773] bridge_slave_1: entered allmulticast mode
[   89.069271][ T5773] bridge_slave_1: entered promiscuous mode
[   89.102023][ T5771] team0: Port device team_slave_0 added
[   89.109161][ T5774] bridge0: port 2(bridge_slave_1) entered blocking state
[   89.116957][ T5774] bridge0: port 2(bridge_slave_1) entered disabled state
[   89.124648][ T5774] bridge_slave_1: entered allmulticast mode
[   89.131707][ T5774] bridge_slave_1: entered promiscuous mode
[   89.154163][ T5772] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   89.170852][ T5772] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   89.182016][ T5771] team0: Port device team_slave_1 added
[   89.221841][ T5773] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   89.266226][ T5771] batman_adv: batadv0: Adding interface: batadv_slave_0
[   89.273487][ T5771] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   89.299858][ T5771] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   89.314687][ T5773] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   89.330158][ T5772] team0: Port device team_slave_0 added
[   89.339390][ T5774] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   89.352109][ T5774] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   89.362217][ T5771] batman_adv: batadv0: Adding interface: batadv_slave_1
[   89.369887][ T5771] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   89.396445][ T5771] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   89.430072][ T5772] team0: Port device team_slave_1 added
[   89.481817][ T5773] team0: Port device team_slave_0 added
[   89.519740][ T5773] team0: Port device team_slave_1 added
[   89.551023][ T5772] batman_adv: batadv0: Adding interface: batadv_slave_0
[   89.558235][ T5772] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   89.585029][ T5772] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   89.599929][ T5774] team0: Port device team_slave_0 added
[   89.619395][ T5773] batman_adv: batadv0: Adding interface: batadv_slave_0
[   89.626696][ T5773] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   89.654367][ T5773] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   89.667410][ T5773] batman_adv: batadv0: Adding interface: batadv_slave_1
[   89.674603][ T5773] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   89.700854][ T5773] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   89.714032][ T5772] batman_adv: batadv0: Adding interface: batadv_slave_1
[   89.721009][ T5772] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   89.747229][ T5772] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   89.759988][ T5774] team0: Port device team_slave_1 added
[   89.825346][ T5771] hsr_slave_0: entered promiscuous mode
[   89.833034][ T5086] Bluetooth: hci0: command tx timeout
[   89.833508][ T5782] Bluetooth: hci1: command tx timeout
[   89.842793][ T5780] Bluetooth: hci2: command tx timeout
[   89.846243][ T5771] hsr_slave_1: entered promiscuous mode
[   89.908165][ T5773] hsr_slave_0: entered promiscuous mode
[   89.915263][ T5773] hsr_slave_1: entered promiscuous mode
[   89.921655][ T5773] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   89.930180][ T5773] Cannot create hsr debugfs directory
[   89.942207][ T5772] hsr_slave_0: entered promiscuous mode
[   89.948905][ T5772] hsr_slave_1: entered promiscuous mode
[   89.955395][ T5772] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   89.963104][ T5772] Cannot create hsr debugfs directory
[   89.969394][ T5774] batman_adv: batadv0: Adding interface: batadv_slave_0
[   89.978686][ T5774] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   90.005650][ T5780] Bluetooth: hci3: command tx timeout
[   90.011436][ T5774] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   90.024483][ T5774] batman_adv: batadv0: Adding interface: batadv_slave_1
[   90.031652][ T5774] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   90.057791][ T5774] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   90.191200][ T5774] hsr_slave_0: entered promiscuous mode
[   90.198028][ T5774] hsr_slave_1: entered promiscuous mode
[   90.204531][ T5774] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   90.212140][ T5774] Cannot create hsr debugfs directory
[   90.606695][ T5771] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   90.630303][ T5771] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   90.644165][ T5771] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   90.658516][ T5771] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   90.737540][ T5773] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   90.754027][ T5773] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   90.764880][ T5773] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   90.776576][ T5773] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   90.984250][ T5772] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   91.006873][ T5772] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   91.068998][ T5772] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   91.089971][ T5772] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   91.243822][ T5774] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   91.257970][ T5774] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   91.284948][ T5771] 8021q: adding VLAN 0 to HW filter on device bond0
[   91.304797][ T5774] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   91.316383][ T5774] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   91.351971][ T5773] 8021q: adding VLAN 0 to HW filter on device bond0
[   91.442204][ T5771] 8021q: adding VLAN 0 to HW filter on device team0
[   91.466132][ T5773] 8021q: adding VLAN 0 to HW filter on device team0
[   91.481235][   T42] bridge0: port 1(bridge_slave_0) entered blocking state
[   91.488836][   T42] bridge0: port 1(bridge_slave_0) entered forwarding state
[   91.512148][ T1122] bridge0: port 1(bridge_slave_0) entered blocking state
[   91.519384][ T1122] bridge0: port 1(bridge_slave_0) entered forwarding state
[   91.544183][ T3479] bridge0: port 2(bridge_slave_1) entered blocking state
[   91.551447][ T3479] bridge0: port 2(bridge_slave_1) entered forwarding state
[   91.598521][   T42] bridge0: port 2(bridge_slave_1) entered blocking state
[   91.605739][   T42] bridge0: port 2(bridge_slave_1) entered forwarding state
[   91.734910][ T5774] 8021q: adding VLAN 0 to HW filter on device bond0
[   91.758498][ T5772] 8021q: adding VLAN 0 to HW filter on device bond0
[   91.819884][ T5772] 8021q: adding VLAN 0 to HW filter on device team0
[   91.847175][ T5774] 8021q: adding VLAN 0 to HW filter on device team0
[   91.868994][ T3479] bridge0: port 1(bridge_slave_0) entered blocking state
[   91.876380][ T3479] bridge0: port 1(bridge_slave_0) entered forwarding state
[   91.903110][ T5780] Bluetooth: hci1: command tx timeout
[   91.904949][ T5782] Bluetooth: hci2: command tx timeout
[   91.908649][ T5780] Bluetooth: hci0: command tx timeout
[   91.930795][ T3479] bridge0: port 1(bridge_slave_0) entered blocking state
[   91.938070][ T3479] bridge0: port 1(bridge_slave_0) entered forwarding state
[   91.998718][   T42] bridge0: port 2(bridge_slave_1) entered blocking state
[   92.006001][   T42] bridge0: port 2(bridge_slave_1) entered forwarding state
[   92.030231][   T42] bridge0: port 2(bridge_slave_1) entered blocking state
[   92.037609][   T42] bridge0: port 2(bridge_slave_1) entered forwarding state
[   92.068332][ T5780] Bluetooth: hci3: command tx timeout
[   92.337630][ T5771] 8021q: adding VLAN 0 to HW filter on device batadv0
[   92.358904][ T5773] 8021q: adding VLAN 0 to HW filter on device batadv0
[   92.527719][ T5771] veth0_vlan: entered promiscuous mode
[   92.540445][ T5773] veth0_vlan: entered promiscuous mode
[   92.580952][ T5771] veth1_vlan: entered promiscuous mode
[   92.608378][ T5773] veth1_vlan: entered promiscuous mode
[   92.716580][ T5774] 8021q: adding VLAN 0 to HW filter on device batadv0
[   92.761011][ T5771] veth0_macvtap: entered promiscuous mode
[   92.778713][ T5772] 8021q: adding VLAN 0 to HW filter on device batadv0
[   92.797226][ T5771] veth1_macvtap: entered promiscuous mode
[   92.808702][ T5773] veth0_macvtap: entered promiscuous mode
[   92.823070][ T5773] veth1_macvtap: entered promiscuous mode
[   92.866156][ T5773] batman_adv: batadv0: Interface activated: batadv_slave_0
[   92.879630][ T5773] batman_adv: batadv0: Interface activated: batadv_slave_1
[   92.909760][ T5773] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   92.919571][ T5773] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   92.929577][ T5773] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   92.939337][ T5773] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   92.956513][ T5771] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   92.967548][ T5771] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   92.980030][ T5771] batman_adv: batadv0: Interface activated: batadv_slave_0
[   93.013202][ T5771] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   93.026072][ T5771] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   93.037936][ T5771] batman_adv: batadv0: Interface activated: batadv_slave_1
[   93.086568][ T5774] veth0_vlan: entered promiscuous mode
[   93.120407][ T5771] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   93.137320][ T5771] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   93.147740][ T5771] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   93.158822][ T5771] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   93.177425][ T5772] veth0_vlan: entered promiscuous mode
[   93.228107][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   93.240889][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   93.257194][ T5774] veth1_vlan: entered promiscuous mode
[   93.311699][ T2917] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   93.323650][ T5772] veth1_vlan: entered promiscuous mode
[   93.333098][ T2917] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   93.434991][ T5774] veth0_macvtap: entered promiscuous mode
[   93.478171][ T2917] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   93.504130][ T2917] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   93.563811][ T5774] veth1_macvtap: entered promiscuous mode
[   93.628062][ T2917] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   93.640032][ T5774] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   93.651958][ T2917] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   93.679120][ T5774] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   93.695318][ T5774] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   93.706945][ T5774] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   93.727124][ T5774] batman_adv: batadv0: Interface activated: batadv_slave_0
[   93.765074][ T5772] veth0_macvtap: entered promiscuous mode
[   93.797222][ T5774] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   93.813627][ T5774] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   93.832571][ T5774] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   93.847185][ T5774] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   93.861532][ T5774] batman_adv: batadv0: Interface activated: batadv_slave_1
[   93.884809][ T5772] veth1_macvtap: entered promiscuous mode
[   93.910939][ T5774] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   93.930784][ T5774] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   93.945930][ T5774] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   93.958808][ T5774] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   93.984102][ T5780] Bluetooth: hci2: command tx timeout
[   93.984124][ T5782] Bluetooth: hci1: command tx timeout
[   93.984259][ T5782] Bluetooth: hci0: command tx timeout
[   94.021541][ T5772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   94.032679][ T5772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   94.042601][ T5772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   94.053568][ T5772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   94.065571][ T5772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   94.076164][ T5772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   94.088478][ T5772] batman_adv: batadv0: Interface activated: batadv_slave_0
[   94.137590][ T5772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   94.149949][ T5782] Bluetooth: hci3: command tx timeout
[   94.198043][ T5772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   94.224987][ T5772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   94.237547][ T5772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   94.252942][ T5772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   94.271602][ T5772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   94.286374][ T5772] batman_adv: batadv0: Interface activated: batadv_slave_1
[   94.336954][ T5772] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   94.348506][ T5772] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   94.360261][ T5772] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   94.371395][ T5772] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   94.488822][ T1122] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   94.530651][ T1122] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   94.633841][   T42] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   94.646822][   T42] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   94.716379][ T1122] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   94.745036][ T1122] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   94.808363][   T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   94.826185][   T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   95.235264][ T5875] syz.0.6[5875]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set
[   95.253762][ T5875] loop0: detected capacity change from 0 to 64
[   95.555898][ T5879] process 'syz.0.8' launched '/dev/fd/4' with NULL argv: empty string added
[   96.063082][ T5086] Bluetooth: hci2: command tx timeout
[   96.063313][ T5780] Bluetooth: hci1: command tx timeout
[   96.068960][ T5782] Bluetooth: hci0: command tx timeout
[   96.179937][ T5886] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   96.222936][ T5782] Bluetooth: hci3: command tx timeout
[   96.357775][ T5877] loop2: detected capacity change from 0 to 40427
[   96.384876][ T5889] loop1: detected capacity change from 0 to 128
[   96.412951][ T5877] F2FS-fs (loop2): invalid crc value
[   96.447980][ T5877] F2FS-fs (loop2): Found nat_bits in checkpoint
[   96.470522][ T5889] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   96.496636][ T5889] ext4 filesystem being mounted at /2/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   96.634966][ T5877] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[   96.751392][ T5890] f2fs_ckpt-7:2: attempt to access beyond end of device
[   96.751392][ T5890] loop2: rw=2049, sector=45096, nr_sectors = 16 limit=40427
[   96.793681][ T5890] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[   96.811546][ T5772] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   96.831630][ T5900] loop0: detected capacity change from 0 to 1024
[   96.847301][ T5890] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[   96.917155][ T5900] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[   97.031064][ T5905] loop1: detected capacity change from 0 to 128
[   97.053404][ T5900] EXT4-fs error (device loop0): ext4_map_blocks:718: inode #3: block 2: comm syz.0.14: lblock 2 mapped to illegal pblock 2 (length 1)
[   97.085949][ T5900] Quota error (device loop0): write_blk: dquota write failed
[   97.123248][ T5905] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   97.142559][ T5900] Quota error (device loop0): find_free_dqentry: Can't write quota data block 2
[   97.151849][ T5900] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota
[   97.193240][ T5905] ext4 filesystem being mounted at /3/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[   97.227737][ T5900] EXT4-fs error (device loop0): ext4_acquire_dquot:6949: comm syz.0.14: Failed to acquire dquot type 0
[   97.268016][ T5900] EXT4-fs error (device loop0): ext4_map_blocks:608: inode #3: block 2: comm syz.0.14: lblock 2 mapped to illegal pblock 2 (length 1)
[   97.306120][ T5900] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota
[   97.339743][ T5900] EXT4-fs error (device loop0): ext4_acquire_dquot:6949: comm syz.0.14: Failed to acquire dquot type 0
[   97.382169][ T5900] EXT4-fs error (device loop0): ext4_free_blocks:6692: comm syz.0.14: Freeing blocks not in datazone - block = 0, count = 4096
[   97.436771][ T5900] EXT4-fs error (device loop0): ext4_map_blocks:608: inode #3: block 2: comm syz.0.14: lblock 2 mapped to illegal pblock 2 (length 1)
[   97.481494][ T5900] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota
[   97.486746][ T5772] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   97.508336][ T5900] EXT4-fs error (device loop0): ext4_acquire_dquot:6949: comm syz.0.14: Failed to acquire dquot type 0
[   97.553832][ T5900] EXT4-fs (loop0): 1 orphan inode deleted
[   97.571311][ T5900] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   97.956177][ T5771] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   98.279719][ T5910] loop3: detected capacity change from 0 to 32768
[   98.309082][ T5910] =======================================================
[   98.309082][ T5910] WARNING: The mand mount option has been deprecated and
[   98.309082][ T5910]          and is ignored by this kernel. Remove the mand
[   98.309082][ T5910]          option from the mount to silence this warning.
[   98.309082][ T5910] =======================================================
[   98.362648][ T5858] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[   98.419418][ T5910] JBD2: Ignoring recovery information on journal
[   98.566066][ T5910] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[   98.590173][ T5858] usb 3-1: Using ep0 maxpacket: 8
[   98.603074][ T5858] usb 3-1: config index 0 descriptor too short (expected 5924, got 36)
[   98.611885][ T5858] usb 3-1: config 250 has an invalid interface number: 228 but max is -1
[   98.626882][ T5858] usb 3-1: config 250 has 1 interface, different from the descriptor's value: 0
[   98.643433][ T5858] usb 3-1: config 250 has no interface number 0
[   98.652414][ T5858] usb 3-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024
[   98.670696][ T5858] usb 3-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024
[   98.681671][ T5858] usb 3-1: config 250 interface 228 altsetting 255 endpoint 0x82 has invalid wMaxPacketSize 0
[   98.709394][ T5858] usb 3-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 0
[   98.748887][ T5858] usb 3-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17
[   98.788468][ T5858] usb 3-1: config 250 interface 228 has no altsetting 0
[   98.805148][ T5858] usb 3-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07
[   98.816474][ T5858] usb 3-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59
[   98.825128][ T5858] usb 3-1: Product: syz
[   98.829351][ T5858] usb 3-1: SerialNumber: syz
[   98.842581][ T5828] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   98.901557][ T5858] hub 3-1:250.228: bad descriptor, ignoring hub
[   98.927022][ T5858] hub: probe of 3-1:250.228 failed with error -5
[   99.010499][   T28] audit: type=1800 audit(1769744900.228:2): pid=5910 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.18" name="file1" dev="loop3" ino=17059 res=0 errno=0
[   99.042528][ T5828] usb 1-1: Using ep0 maxpacket: 16
[   99.055349][ T5828] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   99.066569][ T5828] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   99.079366][ T5828] usb 1-1: New USB device found, idVendor=05ac, idProduct=024b, bcdDevice= 0.00
[   99.089274][ T5828] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   99.122032][ T5828] usb 1-1: config 0 descriptor??
[   99.166888][ T5858] usblp 3-1:250.228: usblp0: USB Bidirectional printer dev 2 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292
[   99.273272][ T5773] ocfs2: Unmounting device (7,3) on (node local)
[   99.581013][ T5828] apple 0003:05AC:024B.0001: fixing up MacBook JIS keyboard report descriptor
[   99.616929][ T5828] apple 0003:05AC:024B.0001: unknown global tag 0xe
[   99.627457][ T5828] apple 0003:05AC:024B.0001: item 0 1 1 14 parsing failed
[   99.640117][ T5828] apple 0003:05AC:024B.0001: parse failed
[   99.648943][ T5828] apple: probe of 0003:05AC:024B.0001 failed with error -22
[   99.783390][ T5858] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[   99.822231][ T5828] usb 1-1: USB disconnect, device number 2
[   99.916706][ T5917] usb 3-1: reset high-speed USB device number 2 using dummy_hcd
[   99.972385][ T5858] usb 2-1: Using ep0 maxpacket: 32
[   99.988838][ T5858] usb 2-1: config 0 has no interfaces?
[  100.007543][ T5858] usb 2-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb
[  100.025893][ T5858] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  100.037166][ T5858] usb 2-1: Product: syz
[  100.041430][ T5858] usb 2-1: Manufacturer: syz
[  100.048758][ T5858] usb 2-1: SerialNumber: syz
[  100.060359][ T5858] usb 2-1: config 0 descriptor??
[  100.184828][ T5946] loop3: detected capacity change from 0 to 1024
[  100.210573][ T5946] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  100.240777][ T5946] EXT4-fs error (device loop3): ext4_map_blocks:718: inode #3: block 2: comm syz.3.28: lblock 2 mapped to illegal pblock 2 (length 1)
[  100.256884][ T5946] Quota error (device loop3): write_blk: dquota write failed
[  100.266654][ T5946] Quota error (device loop3): find_free_dqentry: Can't write quota data block 2
[  100.282875][ T5946] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota
[  100.293319][ T5946] EXT4-fs error (device loop3): ext4_acquire_dquot:6949: comm syz.3.28: Failed to acquire dquot type 0
[  100.312681][ T5946] EXT4-fs error (device loop3): ext4_map_blocks:608: inode #3: block 2: comm syz.3.28: lblock 2 mapped to illegal pblock 2 (length 1)
[  100.329470][ T5946] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota
[  100.344821][ T5946] EXT4-fs error (device loop3): ext4_acquire_dquot:6949: comm syz.3.28: Failed to acquire dquot type 0
[  100.356679][ T5946] EXT4-fs error (device loop3): ext4_free_blocks:6692: comm syz.3.28: Freeing blocks not in datazone - block = 0, count = 4096
[  100.371681][ T5946] EXT4-fs error (device loop3): ext4_map_blocks:608: inode #3: block 2: comm syz.3.28: lblock 2 mapped to illegal pblock 2 (length 1)
[  100.396417][ T5946] EXT4-fs error (device loop3): ext4_acquire_dquot:6949: comm syz.3.28: Failed to acquire dquot type 0
[  100.415419][   T23] usb 2-1: USB disconnect, device number 2
[  100.433689][ T5946] EXT4-fs (loop3): 1 orphan inode deleted
[  100.445439][ T5946] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  100.677563][ T5773] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  100.742688][ T5776] usb 3-1: USB disconnect, device number 2
[  100.770133][ T5776] usblp0: removed
[  101.043002][  T787] cfg80211: failed to load regulatory.db
[  101.478730][ T5970] loop1: detected capacity change from 0 to 1024
[  101.498444][ T5970] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  101.557270][ T5972] loop3: detected capacity change from 0 to 256
[  101.564311][ T5970] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  101.628922][ T5972] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d)
[  101.735057][ T5970] loop1: detected capacity change from 1024 to 64
[  101.760755][ T5976] EXT4-fs warning (device loop1): ext4_expand_extra_isize_ea:2852: Unable to expand inode 15. Delete some EAs or run e2fsck.
[  101.776529][ T5976] EXT4-fs error (device loop1): ext4_xattr_inode_iget:441: inode #11: comm syz.1.37: missing EA_INODE flag
[  101.798754][ T5976] EXT4-fs (loop1): Remounting filesystem read-only
[  101.807234][ T5976] EXT4-fs warning (device loop1): ext4_evict_inode:272: xattr delete (err -12)
[  102.164840][ T5772] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  102.202800][ T5973] kmmpd-loop1: attempt to access beyond end of device
[  102.202800][ T5973] loop1: rw=14337, sector=128, nr_sectors = 2 limit=64
[  102.238959][ T5973] Buffer I/O error on dev loop1, logical block 64, lost sync page write
[  102.359478][ T3479] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  102.527032][ T3479] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  102.679142][ T3479] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  102.862209][ T3479] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  102.896097][ T5995] netlink: 'syz.0.44': attribute type 7 has an invalid length.
[  103.041232][ T5996] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=2121810046 (16974480368 ns) > initial count (16681739960 ns). Using initial count to start timer.
[  103.082500][ T5828] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  103.129617][ T6000] loop2: detected capacity change from 0 to 7
[  103.168042][ T6000] Dev loop2: unable to read RDB block 7
[  103.182409][ T6000]  loop2: AHDI p1 p2 p3
[  103.188564][ T6000] loop2: partition table partially beyond EOD, truncated
[  103.210911][ T6000] loop2: p1 start 1601398130 is beyond EOD, truncated
[  103.231028][ T6000] loop2: p2 start 1702059890 is beyond EOD, truncated
[  103.292663][ T5828] usb 4-1: Using ep0 maxpacket: 8
[  103.303912][ T5828] usb 4-1: config index 0 descriptor too short (expected 5924, got 36)
[  103.327287][ T5828] usb 4-1: config 250 has an invalid interface number: 228 but max is -1
[  103.350429][ T5828] usb 4-1: config 250 has 1 interface, different from the descriptor's value: 0
[  103.391148][ T5828] usb 4-1: config 250 has no interface number 0
[  103.421686][ T5828] usb 4-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024
[  103.462339][ T5828] usb 4-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024
[  103.504193][ T5828] usb 4-1: config 250 interface 228 altsetting 255 endpoint 0x82 has invalid wMaxPacketSize 0
[  103.552843][ T5828] usb 4-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 0
[  103.574174][ T5780] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  103.590935][ T5828] usb 4-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17
[  103.606862][ T5780] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  103.616136][ T5780] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  103.624578][ T5828] usb 4-1: config 250 interface 228 has no altsetting 0
[  103.632465][ T5780] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  103.643412][ T5780] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  103.651060][ T5780] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  103.675763][ T5828] usb 4-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07
[  103.685757][ T5828] usb 4-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59
[  103.694558][ T5828] usb 4-1: Product: syz
[  103.698796][ T5828] usb 4-1: SerialNumber: syz
[  103.725604][ T5828] hub 4-1:250.228: bad descriptor, ignoring hub
[  103.731959][ T5828] hub: probe of 4-1:250.228 failed with error -5
[  103.965791][ T5828] usblp 4-1:250.228: usblp0: USB Bidirectional printer dev 2 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292
[  104.693839][ T5992] usb 4-1: reset high-speed USB device number 2 using dummy_hcd
[  105.049144][ T6004] chnl_net:caif_netlink_parms(): no params data found
[  105.350499][ T6049] loop0: detected capacity change from 0 to 1024
[  105.377737][ T6049] EXT4-fs: Ignoring removed mblk_io_submit option
[  105.434199][ T6049] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  105.446684][  T967] usb 4-1: USB disconnect, device number 2
[  105.495218][  T967] usblp0: removed
[  105.643548][ T5771] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  105.645556][ T3479] hsr_slave_0: left promiscuous mode
[  105.720167][ T3479] hsr_slave_1: left promiscuous mode
[  105.743491][ T5782] Bluetooth: hci1: command tx timeout
[  105.755646][ T3479] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  105.798196][ T3479] batman_adv: batadv0: Removing interface: batadv_slave_0
[  105.825033][ T3479] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  105.867683][ T3479] batman_adv: batadv0: Removing interface: batadv_slave_1
[  105.876656][ T3479] bridge_slave_1: left allmulticast mode
[  105.894762][ T3479] bridge_slave_1: left promiscuous mode
[  105.902172][ T3479] bridge0: port 2(bridge_slave_1) entered disabled state
[  105.966268][ T3479] bridge_slave_0: left allmulticast mode
[  105.972100][ T3479] bridge_slave_0: left promiscuous mode
[  105.982791][ T3479] bridge0: port 1(bridge_slave_0) entered disabled state
[  106.165756][ T3479] veth1_macvtap: left promiscuous mode
[  106.177213][ T3479] veth0_macvtap: left promiscuous mode
[  106.194780][ T3479] veth1_vlan: left promiscuous mode
[  106.213267][ T3479] veth0_vlan: left promiscuous mode
[  107.453512][ T3479] team0 (unregistering): Port device team_slave_1 removed
[  107.514171][ T3479] team0 (unregistering): Port device team_slave_0 removed
[  107.578953][ T3479] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  107.653574][ T3479] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  107.826656][ T5782] Bluetooth: hci1: command tx timeout
[  108.270232][ T3479] bond0 (unregistering): Released all slaves
[  108.413508][ T6004] bridge0: port 1(bridge_slave_0) entered blocking state
[  108.421012][ T6004] bridge0: port 1(bridge_slave_0) entered disabled state
[  108.439604][ T6004] bridge_slave_0: entered allmulticast mode
[  108.450458][ T6004] bridge_slave_0: entered promiscuous mode
[  108.513215][ T6081] tipc: Started in network mode
[  108.518806][ T6081] tipc: Node identity ac1414aa, cluster identity 4711
[  108.536900][ T6081] tipc: Enabled bearer <udp:s>, priority 10
[  108.545001][ T6004] bridge0: port 2(bridge_slave_1) entered blocking state
[  108.554246][ T6004] bridge0: port 2(bridge_slave_1) entered disabled state
[  108.570349][ T6004] bridge_slave_1: entered allmulticast mode
[  108.580956][ T6004] bridge_slave_1: entered promiscuous mode
[  108.729720][ T6004] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  108.846844][ T6004] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  109.048394][ T6004] team0: Port device team_slave_0 added
[  109.096303][ T6004] team0: Port device team_slave_1 added
[  109.309233][ T6004] batman_adv: batadv0: Adding interface: batadv_slave_0
[  109.341498][ T6004] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  109.529374][ T6004] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  109.609945][ T6004] batman_adv: batadv0: Adding interface: batadv_slave_1
[  109.679154][ T6004] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  109.854904][ T6004] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  109.902270][    C0] sched: RT throttling activated
[  109.903298][ T5782] Bluetooth: hci1: command tx timeout
[  109.925673][ T6102] trusted_key: syz.2.69 sent an empty control message without MSG_MORE.
[  109.991433][ T5828] tipc: Node number set to 2886997162
[  110.152656][ T6089] loop3: detected capacity change from 0 to 131072
[  110.175984][ T6089] F2FS-fs (loop3): Wrong CP boundary, start(512) end(1536) blocks(0)
[  110.184256][ T6089] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  110.205736][ T6089] F2FS-fs (loop3): invalid crc value
[  110.241354][ T6089] F2FS-fs (loop3): Found nat_bits in checkpoint
[  110.321272][ T6004] hsr_slave_0: entered promiscuous mode
[  110.338581][ T6089] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  110.345892][ T6089] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4
[  110.388639][ T6004] hsr_slave_1: entered promiscuous mode
[  110.411680][ T6004] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  110.431473][ T6004] Cannot create hsr debugfs directory
[  111.073577][ T6004] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  111.106677][ T6004] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  111.128103][ T6004] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  111.156164][ T6004] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  111.611912][ T6004] 8021q: adding VLAN 0 to HW filter on device bond0
[  111.689517][ T6004] 8021q: adding VLAN 0 to HW filter on device team0
[  111.756651][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  111.763953][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  111.838627][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  111.846004][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  111.983347][ T5782] Bluetooth: hci1: command tx timeout
[  112.605012][ T6158] bridge_slave_0: default FDB implementation only supports local addresses
[  112.651367][ T6158] netlink: 8 bytes leftover after parsing attributes in process `syz.3.73'.
[  112.673021][ T6158] bridge_slave_0: default FDB implementation only supports local addresses
[  112.764984][ T6004] 8021q: adding VLAN 0 to HW filter on device batadv0
[  112.813256][ T6165] bridge_slave_0: default FDB implementation only supports local addresses
[  112.844253][ T6165] bridge_slave_0: default FDB implementation only supports local addresses
[  113.767452][ T6004] veth0_vlan: entered promiscuous mode
[  113.801598][ T6004] veth1_vlan: entered promiscuous mode
[  113.816541][ T6191] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  113.826857][ T6191] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  113.836128][ T6191] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  113.844934][ T6191] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  113.888070][ T6191] Zero length message leads to an empty skb
[  113.908743][ T6004] veth0_macvtap: entered promiscuous mode
[  113.924479][ T6004] veth1_macvtap: entered promiscuous mode
[  113.957921][ T6004] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  113.968792][ T6004] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  114.000996][ T6004] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  114.030049][ T6004] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  114.031754][ T6170] loop3: detected capacity change from 0 to 32768
[  114.048246][ T6004] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  114.076652][ T6004] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  114.120774][ T6004] batman_adv: batadv0: Interface activated: batadv_slave_0
[  114.185046][ T6004] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  114.243536][ T6004] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  114.260861][ T6170] non-latin1 character 0x365 found in JFS file name
[  114.266839][ T6198] loop2: detected capacity change from 0 to 512
[  114.277265][ T6004] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  114.288314][ T6170] mount with iocharset=utf8 to access
[  114.302968][ T6004] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  114.332730][ T6004] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  114.358265][ T6004] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  114.370687][ T6004] batman_adv: batadv0: Interface activated: batadv_slave_1
[  114.391064][ T6004] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  114.400574][ T6004] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  114.410919][ T6004] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  114.420485][ T6004] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  114.423430][ T6198] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[  114.470961][ T6198] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  114.586503][ T6198] EXT4-fs (loop2): 1 truncate cleaned up
[  114.595638][ T6198] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  114.777930][ T2917] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  114.812341][ T2917] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  114.855041][ T2917] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  114.887390][ T2917] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  114.888755][ T5774] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  115.314159][ T6211] loop2: detected capacity change from 0 to 4096
[  115.635033][   T28] kauditd_printk_skb: 1 callbacks suppressed
[  115.635050][   T28] audit: type=1804 audit(1769744916.858:3): pid=6211 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.97" name=2F6E6577726F6F742F32362F131377C5FC35D41454D5D41D29AD1A6029598146E6BE166E41AD0DBD4054033C9F33BBDA8224A2F3D772E7636E48B33CBF708372E8F1B9933EC5127743BE2206209EF02DF9CBF2F6E880D3382F66696C6531 dev="loop2" ino=33 res=1 errno=0
[  116.747727][ T6229] loop3: detected capacity change from 0 to 32768
[  116.847813][   T28] audit: type=1800 audit(1769744918.068:4): pid=6229 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.89" name="file1" dev="loop3" ino=4 res=0 errno=0
[  116.885953][ T6229] read_mapping_page failed!
[  116.890944][ T6229] ERROR: (device loop3): txCommit: 
[  116.890944][ T6229] 
[  117.024626][ T6250] ERROR: (device loop3): dbAlloc: the hint is outside the map
[  117.024626][ T6250] 
[  117.347015][ T6262] loop4: detected capacity change from 0 to 2048
[  117.405180][ T6262] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  118.433480][ T6287] input: syz0 as /devices/virtual/input/input5
[  118.790898][ T6302] netlink: 28 bytes leftover after parsing attributes in process `syz.4.109'.
[  118.813157][ T6302] netlink: 28 bytes leftover after parsing attributes in process `syz.4.109'.
[  119.211371][ T6313] loop3: detected capacity change from 0 to 190
[  119.242573][ T6313] ntfs: (device loop3): is_boot_sector_ntfs(): Invalid boot sector checksum.
[  119.296656][ T6313] ntfs: (device loop3): ntfs_read_locked_inode(): $STANDARD_INFORMATION attribute is missing.
[  119.322486][ T6313] ntfs: (device loop3): ntfs_read_locked_inode(): Failed with error code -2.  Marking corrupt inode 0x1 as bad.  Run chkdsk.
[  119.352508][ T6313] ntfs: (device loop3): load_system_files(): Failed to load $MFTMirr.  Will not be able to remount read-write.  Run ntfsfix and/or chkdsk.
[  119.404926][ T6313] ntfs: volume version 3.1.
[  119.419785][ T6313] ntfs: (device loop3): load_system_files(): Volume is dirty.  Will not be able to remount read-write.  Run chkdsk and mount in Windows.
[  119.466711][ T6313] ntfs: (device loop3): ntfs_read_locked_inode(): Inode is an extent inode!
[  119.485896][ T6313] ntfs: (device loop3): ntfs_read_locked_inode(): Failed with error code -5.  Marking corrupt inode 0x2 as bad.  Run chkdsk.
[  119.500654][ T6313] ntfs: (device loop3): load_system_files(): Failed to load $LogFile.  Will not be able to remount read-write.  Mount in Windows.
[  119.526748][ T6313] syz.3.113: attempt to access beyond end of device
[  119.526748][ T6313] loop3: rw=0, sector=224, nr_sectors = 8 limit=190
[  119.587390][ T6313] syz.3.113: attempt to access beyond end of device
[  119.587390][ T6313] loop3: rw=0, sector=560, nr_sectors = 8 limit=190
[  119.632604][ T6313] syz.3.113: attempt to access beyond end of device
[  119.632604][ T6313] loop3: rw=0, sector=560, nr_sectors = 8 limit=190
[  119.889879][ T6310] loop4: detected capacity change from 0 to 32768
[  119.959252][ T6310] read_mapping_page failed!
[  119.988495][ T6310] ERROR: (device loop4): txCommit: 
[  119.988495][ T6310] 
[  120.090203][ T6310] ERROR: (device loop4): dbAlloc: the hint is outside the map
[  120.090203][ T6310] 
[  120.913518][  T967] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  121.152425][  T967] usb 3-1: Using ep0 maxpacket: 8
[  121.169688][  T967] usb 3-1: config index 0 descriptor too short (expected 301, got 45)
[  121.188536][  T967] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  121.209827][  T967] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  121.230160][  T967] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 10982, setting to 1024
[  121.251839][  T967] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[  121.272542][  T967] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  121.302416][  T967] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  121.315658][  T967] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  121.541956][ T6345] loop3: detected capacity change from 0 to 32768
[  121.549526][  T967] usb 3-1: usb_control_msg returned -32
[  121.555499][  T967] usbtmc 3-1:16.0: can't read capabilities
[  121.621560][ T6345] (syz.3.123,6345,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  121.650956][ T6345] (syz.3.123,6345,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  121.691757][ T6345] JBD2: Ignoring recovery information on journal
[  121.775255][ T6345] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  121.861887][ T6345] 
[  121.864287][ T6345] ======================================================
[  121.871412][ T6345] WARNING: possible circular locking dependency detected
[  121.878473][ T6345] syzkaller #0 Not tainted
[  121.882906][ T6345] ------------------------------------------------------
[  121.889936][ T6345] syz.3.123/6345 is trying to acquire lock:
[  121.895844][ T6345] ffff88805c81b1b8 (&oi->ip_xattr_sem){++++}-{3:3}, at: ocfs2_init_acl+0x30a/0x770
[  121.905203][ T6345] 
[  121.905203][ T6345] but task is already holding lock:
[  121.912602][ T6345] ffff888021cbf8e8 (&journal->j_trans_barrier){.+.+}-{3:3}, at: ocfs2_start_trans+0x3a8/0x6f0
[  121.922918][ T6345] 
[  121.922918][ T6345] which lock already depends on the new lock.
[  121.922918][ T6345] 
[  121.933337][ T6345] 
[  121.933337][ T6345] the existing dependency chain (in reverse order) is:
[  121.942365][ T6345] 
[  121.942365][ T6345] -> #3 (&journal->j_trans_barrier){.+.+}-{3:3}:
[  121.950932][ T6345]        down_read+0x46/0x2e0
[  121.955657][ T6345]        ocfs2_start_trans+0x3a8/0x6f0
[  121.961139][ T6345]        ocfs2_mknod+0xf1d/0x2300
[  121.966185][ T6345]        ocfs2_create+0x196/0x430
[  121.971235][ T6345]        path_openat+0x12a0/0x3230
[  121.976374][ T6345]        do_filp_open+0x1f5/0x430
[  121.981419][ T6345]        do_sys_openat2+0x134/0x1d0
[  121.986649][ T6345]        __x64_sys_openat+0x139/0x160
[  121.992079][ T6345]        do_syscall_64+0x55/0xa0
[  121.997076][ T6345]        entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  122.003530][ T6345] 
[  122.003530][ T6345] -> #2 (sb_internal#2){.+.+}-{0:0}:
[  122.011069][ T6345]        ocfs2_start_trans+0x2a9/0x6f0
[  122.016575][ T6345]        ocfs2_truncate_file+0x631/0x1440
[  122.022346][ T6345]        ocfs2_setattr+0x158d/0x1bc0
[  122.027692][ T6345]        notify_change+0xb0d/0xe10
[  122.032858][ T6345]        do_truncate+0x1b0/0x240
[  122.037828][ T6345]        path_openat+0x2a32/0x3230
[  122.042966][ T6345]        do_filp_open+0x1f5/0x430
[  122.048011][ T6345]        do_sys_openat2+0x134/0x1d0
[  122.053240][ T6345]        __x64_sys_openat+0x139/0x160
[  122.058639][ T6345]        do_syscall_64+0x55/0xa0
[  122.063699][ T6345]        entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  122.070153][ T6345] 
[  122.070153][ T6345] -> #1 (&oi->ip_alloc_sem){++++}-{3:3}:
[  122.078005][ T6345]        down_write+0x97/0x200
[  122.082810][ T6345]        ocfs2_try_remove_refcount_tree+0xb7/0x340
[  122.089344][ T6345]        ocfs2_truncate_file+0xde5/0x1440
[  122.095195][ T6345]        ocfs2_setattr+0x158d/0x1bc0
[  122.100520][ T6345]        notify_change+0xb0d/0xe10
[  122.105653][ T6345]        do_truncate+0x1b0/0x240
[  122.110613][ T6345]        path_openat+0x2a32/0x3230
[  122.115760][ T6345]        do_filp_open+0x1f5/0x430
[  122.120802][ T6345]        do_sys_openat2+0x134/0x1d0
[  122.126028][ T6345]        __x64_sys_openat+0x139/0x160
[  122.131421][ T6345]        do_syscall_64+0x55/0xa0
[  122.136386][ T6345]        entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  122.142828][ T6345] 
[  122.142828][ T6345] -> #0 (&oi->ip_xattr_sem){++++}-{3:3}:
[  122.150703][ T6345]        __lock_acquire+0x2df1/0x7d40
[  122.156146][ T6345]        lock_acquire+0x19e/0x420
[  122.161204][ T6345]        down_read+0x46/0x2e0
[  122.165952][ T6345]        ocfs2_init_acl+0x30a/0x770
[  122.171220][ T6345]        ocfs2_mknod+0x140f/0x2300
[  122.176371][ T6345]        ocfs2_mkdir+0x196/0x430
[  122.181334][ T6345]        vfs_mkdir+0x296/0x440
[  122.186116][ T6345]        do_mkdirat+0x1dc/0x450
[  122.191076][ T6345]        __x64_sys_mkdirat+0x89/0xa0
[  122.196383][ T6345]        do_syscall_64+0x55/0xa0
[  122.201351][ T6345]        entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  122.207790][ T6345] 
[  122.207790][ T6345] other info that might help us debug this:
[  122.207790][ T6345] 
[  122.218045][ T6345] Chain exists of:
[  122.218045][ T6345]   &oi->ip_xattr_sem --> sb_internal#2 --> &journal->j_trans_barrier
[  122.218045][ T6345] 
[  122.231992][ T6345]  Possible unsafe locking scenario:
[  122.231992][ T6345] 
[  122.239462][ T6345]        CPU0                    CPU1
[  122.244846][ T6345]        ----                    ----
[  122.250222][ T6345]   rlock(&journal->j_trans_barrier);
[  122.255631][ T6345]                                lock(sb_internal#2);
[  122.262437][ T6345]                                lock(&journal->j_trans_barrier);
[  122.270266][ T6345]   rlock(&oi->ip_xattr_sem);
[  122.274964][ T6345] 
[  122.274964][ T6345]  *** DEADLOCK ***
[  122.274964][ T6345] 
[  122.283136][ T6345] 8 locks held by syz.3.123/6345:
[  122.288180][ T6345]  #0: ffff88805f4cc418 (sb_writers#16){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90
[  122.297454][ T6345]  #1: ffff88805c81b498 (&type->i_mutex_dir_key#10/1){+.+.}-{3:3}, at: filename_create+0x20c/0x480
[  122.308203][ T6345]  #2: ffff888077a7a658 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#2){+.+.}-{3:3}, at: ocfs2_reserve_suballoc_bits+0x16e/0x44c0
[  122.322022][ T6345]  #3: ffff888077a79818 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#3){+.+.}-{3:3}, at: ocfs2_reserve_suballoc_bits+0x16e/0x44c0
[  122.335913][ T6345]  #4: ffff888077a7c2d8 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#4){+.+.}-{3:3}, at: ocfs2_reserve_local_alloc_bits+0x120/0x2600
[  122.349884][ T6345]  #5: ffff88805f4cc608 (sb_internal#2){.+.+}-{0:0}, at: ocfs2_mknod+0xf1d/0x2300
[  122.359153][ T6345]  #6: ffff888021cbf8e8 (&journal->j_trans_barrier){.+.+}-{3:3}, at: ocfs2_start_trans+0x3a8/0x6f0
[  122.369891][ T6345]  #7: ffff88805ef34990 (jbd2_handle#2){.+.+}-{0:0}, at: start_this_handle+0x1f7a/0x21c0
[  122.379774][ T6345] 
[  122.379774][ T6345] stack backtrace:
[  122.385732][ T6345] CPU: 0 PID: 6345 Comm: syz.3.123 Not tainted syzkaller #0
[  122.393045][ T6345] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  122.403140][ T6345] Call Trace:
[  122.406469][ T6345]  <TASK>
[  122.409506][ T6345]  dump_stack_lvl+0x18c/0x250
[  122.414365][ T6345]  ? load_image+0x400/0x400
[  122.418950][ T6345]  ? show_regs_print_info+0x20/0x20
[  122.424229][ T6345]  ? print_circular_bug+0x12b/0x1a0
[  122.429552][ T6345]  check_noncircular+0x2fc/0x400
[  122.434619][ T6345]  ? print_deadlock_bug+0x5d0/0x5d0
[  122.439853][ T6345]  ? _find_first_zero_bit+0xd3/0x100
[  122.445171][ T6345]  ? add_lock_to_list+0x191/0x280
[  122.450226][ T6345]  __lock_acquire+0x2df1/0x7d40
[  122.455114][ T6345]  ? verify_lock_unused+0x140/0x140
[  122.460424][ T6345]  ? __find_get_block+0xaf0/0xeb0
[  122.465478][ T6345]  ? verify_lock_unused+0x140/0x140
[  122.470735][ T6345]  lock_acquire+0x19e/0x420
[  122.475296][ T6345]  ? ocfs2_init_acl+0x30a/0x770
[  122.480178][ T6345]  ? jbd2_journal_dirty_metadata+0x71e/0xc20
[  122.486184][ T6345]  ? __might_sleep+0xe0/0xe0
[  122.490821][ T6345]  ? read_lock_is_recursive+0x20/0x20
[  122.496230][ T6345]  ? do_raw_spin_unlock+0x121/0x230
[  122.502242][ T6345]  ? _raw_spin_unlock+0x28/0x40
[  122.507122][ T6345]  down_read+0x46/0x2e0
[  122.511319][ T6345]  ? ocfs2_init_acl+0x30a/0x770
[  122.516207][ T6345]  ocfs2_init_acl+0x30a/0x770
[  122.520933][ T6345]  ? ocfs2_acl_chmod+0x330/0x330
[  122.525910][ T6345]  ? dquot_alloc_inode+0x8ac/0xa40
[  122.531077][ T6345]  ? ocfs2_journal_access+0x40/0x40
[  122.536328][ T6345]  ? ocfs2_block_signals+0x9b/0xe0
[  122.541483][ T6345]  ? ocfs2_metadata_cache_get_super+0x46/0x90
[  122.547598][ T6345]  ? ocfs2_inode_cache_get_super+0xd/0x40
[  122.553378][ T6345]  ocfs2_mknod+0x140f/0x2300
[  122.558033][ T6345]  ? ocfs2_mkdir+0x430/0x430
[  122.562669][ T6345]  ? verify_lock_unused+0x140/0x140
[  122.567931][ T6345]  ? ocfs2_inode_lock_tracker+0x437/0x700
[  122.573680][ T6345]  ? __lock_acquire+0x7d40/0x7d40
[  122.578752][ T6345]  ? do_raw_spin_lock+0x11f/0x2c0
[  122.583851][ T6345]  ? ocfs2_inode_unlock_tracker+0x270/0x2e0
[  122.589816][ T6345]  ? __lock_acquire+0x7d40/0x7d40
[  122.594886][ T6345]  ? __rwlock_init+0x150/0x150
[  122.599684][ T6345]  ? do_raw_spin_unlock+0x121/0x230
[  122.604924][ T6345]  ? put_pid+0xde/0x120
[  122.609127][ T6345]  ocfs2_mkdir+0x196/0x430
[  122.613580][ T6345]  ? make_kgid+0x660/0x660
[  122.618026][ T6345]  ? apparmor_path_mkdir+0x1b0/0x230
[  122.623344][ T6345]  ? ocfs2_symlink+0x2700/0x2700
[  122.628306][ T6345]  ? HAS_UNMAPPED_ID+0x11a/0x180
[  122.633288][ T6345]  ? inode_permission+0xf3/0x480
[  122.638263][ T6345]  ? bpf_lsm_inode_mkdir+0x9/0x10
[  122.643310][ T6345]  ? security_inode_mkdir+0xb7/0x100
[  122.648637][ T6345]  vfs_mkdir+0x296/0x440
[  122.652925][ T6345]  do_mkdirat+0x1dc/0x450
[  122.657490][ T6345]  ? vfs_mkdir+0x440/0x440
[  122.661961][ T6345]  __x64_sys_mkdirat+0x89/0xa0
[  122.666747][ T6345]  do_syscall_64+0x55/0xa0
[  122.671196][ T6345]  ? clear_bhb_loop+0x40/0x90
[  122.675908][ T6345]  ? clear_bhb_loop+0x40/0x90
[  122.680649][ T6345]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  122.686569][ T6345] RIP: 0033:0x7f1614b99d97
[  122.691040][ T6345] Code: 00 66 90 48 89 f2 b9 00 01 00 00 48 89 fe bf 9c ff ff ff e9 db f7 ff ff 66 2e 0f 1f 84 00 00 00 00 00 90 b8 02 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  122.710696][ T6345] RSP: 002b:00007f16159bde58 EFLAGS: 00000246 ORIG_RAX: 0000000000000102
[  122.719210][ T6345] RAX: ffffffffffffffda RBX: 00007f16159bdee0 RCX: 00007f1614b99d97
[  122.727337][ T6345] RDX: 00000000000001ff RSI: 0000200000000040 RDI: 00000000ffffff9c
[  122.735352][ T6345] RBP: 0000200000000000 R08: 0000200000000040 R09: 0000000000000000
[  122.743354][ T6345] R10: 0000200000000000 R11: 0000000000000246 R12: 0000200000000040
[  122.751352][ T6345] R13: 00007f16159bdea0 R14: 0000000000000000 R15: 0000000000000000
[  122.759359][ T6345]  </TASK>
[  122.878189][ T5773] ocfs2: Unmounting device (7,3) on (node local)
[  123.129080][ T6358] usbtmc 3-1:16.0: usb_control_msg returned -71
[  123.331710][  T967] usb 3-1: USB disconnect, device number 3