last executing test programs:

3m35.913002537s ago: executing program 2 (id=1722):
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0)
ioctl$UI_BEGIN_FF_UPLOAD(r0, 0xc06855c8, &(0x7f0000000080)={0x7, 0x2, {0x56, 0xd6, 0x9, {0x9, 0x3}, {0x2bc, 0xa}, @ramp={0x7, 0x3, {0x0, 0x8001, 0x800}}}, {0x54, 0x9, 0x8000, {0x1, 0x6}, {0xf0, 0x5}, @const={0x0, {0x4, 0x0, 0xc, 0x2}}}})

3m35.673027267s ago: executing program 2 (id=1725):
r0 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$inet(r0, &(0x7f0000002780)={0x0, 0x0, 0x0, 0x0, &(0x7f00000006c0)=[@ip_tos_int={{0x14}}, @ip_retopts={{0x10, 0x110, 0xc}}], 0x28}, 0x0)

3m35.430378264s ago: executing program 2 (id=1728):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000940)={0x11, 0xc, &(0x7f00000002c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x5}, [@call={0x85, 0x0, 0x0, 0x11}, @printk={@p, {}, {}, {}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x5}, {}, {0x85, 0x0, 0x0, 0x72}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000480)={r0}, 0xc)

3m35.337312229s ago: executing program 2 (id=1730):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x1f, 0xc, &(0x7f00000001c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x10001}, [@call={0x85, 0x0, 0x0, 0x75}, @printk={@lld, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0xb0}}]}, &(0x7f0000000180)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x11}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)

3m35.183261951s ago: executing program 2 (id=1733):
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f00000000c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x34, 0x34, 0x5, [@var={0x3, 0x0, 0x0, 0x11, 0x3}, @typedef={0x0, 0x0, 0x0, 0x4}, @struct={0x0, 0x1, 0x0, 0x4, 0x0, 0x0, [{0x0, 0x2}]}]}, {0x0, [0x0, 0x0, 0x2e]}}, 0x0, 0x51}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000900)={0x11, 0x3, &(0x7f0000000680)=@framed, &(0x7f0000000780)='GPL\x00', 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r0, 0x8, &(0x7f00000008c0)={0x0, 0x4}, 0x8}, 0x90)

3m34.80369768s ago: executing program 2 (id=1740):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)={0x14, 0x26, 0x1, 0x7fffd, 0x1000, {0x6}}, 0x14}, 0x1, 0x0, 0x0, 0x20000051}, 0x4008090)

3m19.775879783s ago: executing program 32 (id=1740):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)={0x14, 0x26, 0x1, 0x7fffd, 0x1000, {0x6}}, 0x14}, 0x1, 0x0, 0x0, 0x20000051}, 0x4008090)

2m34.936328848s ago: executing program 0 (id=2620):
r0 = syz_open_dev$evdev(&(0x7f0000000040), 0xfffffffffffffffc, 0x0)
ioctl$EVIOCGKEYCODE(r0, 0x80084504, &(0x7f0000000080)=""/218)

2m34.722800501s ago: executing program 0 (id=2622):
r0 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, &(0x7f0000000340)={0x0, 0x1, 0x0, 0x0, @vifc_lcl_ifindex, @private}, 0x10)

2m34.544201082s ago: executing program 0 (id=2626):
r0 = socket$kcm(0x2d, 0x2, 0x0)
connect$qrtr(r0, &(0x7f0000000340)={0x2d, 0x1, 0x8000}, 0xc)

2m34.282923946s ago: executing program 0 (id=2631):
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000005d00)=ANY=[@ANYBLOB="140100002e00010000000000fbdbdd250401f2800c00160002ac0f0000000000140017"], 0x114}], 0x1, 0x0, 0x0, 0x41}, 0x4008080)

2m33.949984146s ago: executing program 0 (id=2635):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000004380)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000600)=ANY=[@ANYBLOB="2c0000001800090400000001fedbdf250a000b00000000000000008008001e0001"], 0x2c}}, 0x0)

2m33.738588279s ago: executing program 0 (id=2641):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x14, 0x26, 0x1, 0x7fffd, 0x1000, {0x3}}, 0x14}, 0x1, 0x0, 0x0, 0x400c801}, 0x4008090)

2m18.613285033s ago: executing program 33 (id=2641):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x14, 0x26, 0x1, 0x7fffd, 0x1000, {0x3}}, 0x14}, 0x1, 0x0, 0x0, 0x400c801}, 0x4008090)

1m35.095847239s ago: executing program 5 (id=3522):
r0 = socket(0x18, 0xa, 0x2)
getsockname$packet(r0, 0x0, &(0x7f0000000200))

1m34.816800675s ago: executing program 5 (id=3526):
r0 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2)
ioctl$VIDIOC_SUBDEV_G_EDID(r0, 0xc0285628, &(0x7f0000000080)={0x2000000, 0x1, 0x3, '\x00', &(0x7f0000000040)})

1m34.617065477s ago: executing program 5 (id=3529):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@newlink={0x44, 0x10, 0x421, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x3282b}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bond={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BOND_ACTIVE_SLAVE={0x8}, @IFLA_BOND_MODE={0x5, 0x1, 0x5}]}}}]}, 0x44}}, 0x0)

1m34.174575887s ago: executing program 5 (id=3535):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000180)=@newlink={0x38, 0x10, 0x439, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x49801, 0x20020}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_ENCAP_DPORT={0x6, 0x12, 0x4e21}]}}}]}, 0x38}}, 0x0)

1m33.978995072s ago: executing program 5 (id=3538):
r0 = socket$nl_audit(0x10, 0x3, 0x9)
sendmsg$AUDIT_TRIM(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x10, 0x3f6, 0x300, 0x70bd25, 0x25dfdbfe}, 0x10}, 0x1, 0x0, 0x0, 0x90}, 0x0)

1m33.755713215s ago: executing program 5 (id=3541):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)={0x14, 0x26, 0x301, 0x20010002, 0x0, {0x1}}, 0x14}, 0x1, 0x0, 0x0, 0x81}, 0x4004000)

1m18.686152139s ago: executing program 34 (id=3541):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)={0x14, 0x26, 0x301, 0x20010002, 0x0, {0x1}}, 0x14}, 0x1, 0x0, 0x0, 0x81}, 0x4004000)

4.604711632s ago: executing program 6 (id=4792):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000280), 0x1, 0x0)
ioctl$IOMMU_DESTROY$ioas(r0, 0x3b80, &(0x7f0000000c00)={0x8})

4.447611369s ago: executing program 6 (id=4796):
r0 = syz_mount_image$btrfs(&(0x7f0000000000), &(0x7f0000005600)='./file0\x00', 0x10001, &(0x7f0000000500)={[{@nossd_spread}]}, 0x0, 0x559e, &(0x7f0000005680)="$eJzs3X9sVeX9B/BzWwoN+C39jhUYfxAgBoMkyJYtjqB4MQa24eKlgsKcCEQlBivYRDcYqUWSZcaghU4EF5GQaDJjscM/FMywy7CMZfzY5hZjs4JSaZZsAzVrHDG69N77XO49l9tembNOXy/SnvPcz3me+9yT88d9X/qcGwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAURUcSc9+d0f3i0ZE1X77/Hz+e+OjGn4zfvX/roVvu23T/gjMjbto5a1nf+mlN8zdsbDjS/PS+ObdGUSLdL5Htf9u136q/88bbvlsdBly+MLOtrS31lJmuJzON4QUP9vcr/FkRRVFVbIDK7PbV7E5FwQC53cbiAQf0Tuui6O7J8ya1dT01bklyYU/xS6df9VBPYKhkr6ue89dSMv27InZErp136SUKLtFM//gF96m8CADgY5mZSm9yb0ezb3Fz7eZ4PdZOxtotsXZ4h9CS37gYmXGHl5rnpHh9iOaZzESFESXnGatnz3+unYr3j7VjUeNjzLPw0GykqS41z7Wx+lDNEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOCzZOzxo2tWtD2y575fdtQceff9OVc+8KWOw22LT4y8eunKHWum/HTWsr7105rmb9jYcKT56X1zbo2i2nS/RKZ74kTL5b9NjZ3fvXfcG427n6vpq8yOG7bD8g6OXg87s0ZH0cq8Sk8Y9q81UZQqLKSb0Y7iwl3pnW+HAgAAAJ8nX0n/rsi1M3GwqqCdSKfJRPpfkAmL77Quiu6ePG9SW9dT45YkF/Zc/HipEuMlLzherl17/ieRF4xD/I2Pd74eDm0sGmdg8RHjef7SMWPefmty/eSvT5v7xA3PjOru+r8nZ2xJ/bGu5oUrru+tf/a6ovxfO3D+D2dO/gcAAOA/If/HxxnYYPn/jqVTt7z+i2Grft3a8MTB+h1/bv3OMzsXneq54Ud9L09N3v7o1UX5f1LBUxbl/zDjkP8roovL/wAAAPBZ9t/O/8micQY2WP5vONM3+wcHX6vr+PucxXt+9dAVi8+e/tv8U7t3DV9zR8v6uoeuLMr/M8vL/8Pypx0e/F2Y8OrRUTSz/JMKAAAAFAj/737+o4WQ1zOfHMTz+rX/vKp5380ffPMbD97zpzff/s2xA7MnrdteN/PgyzfVf1j5ve3dRfk/WV7+r/p0Xi4AAABQhuePrpw773jPucfPvtB18vDu3pMznjyzrqnvdOslLatXbTr2WlH+T5WX/0cMzcsBAAAALuDeO59bsfnVl/oe2H/X2Ck9FVc1XpK4ZduOqU0TPuq8tPfy7VuL8v/y8vL/yOw2u/Ih06kz/BVC6+goqu7fWZspHIparskVAAAAgE9IyOlbP1ixbOzOsb3jj59+rObQG4dn/2Vt55yN13RXdW/uXNZ4WdH9AkJiL3X//3Cng7D+v+D+f0Xr//MKmbv+zXZjAAAAAL6Iitfzh9vjZ765oNT375e7/n9J3cQTiba33lv11XMHzo1ZsP/7129aV9/be8+El37/wz9M/6i6KP83l5f/K/O3n+T3/wEAAMBF+F/7/r+lReMMbLD7/zdV9DWsWrd3+uota7csTCw7UH3qwdV731+w5l9Tb36+qea6A0X5v6W8/B+2o/JfXkc4P5tGR9H4/p3s3QR/Hqa7OlZor8orZE58rMeNoUe20D4ir5C2Ntbja6OjaHL/TnOs8P+h0BIrnK3JFnbFCsdCIXs95Ap7YoWOcKVtq8lON154MRSyCyzawwqKUbklEbEe75Xq0V+4YI+u3JMDAAB8oYTwnM2yVYXNKB5l2xODHTBysAMqBjugcrADhsUOiB9Y6vFoeWEhPH575yMbNjVMSb7y8NzHfvbms40T9j1+WV3v5g9f2XbvxJ3TW6YW5f9d5eX/cCqGZzal1v9HYf1/9nsNc+v/l4dCbazQHgqp+B0DUuE5MmH34fActalsj7PjcwUAAAD4XAufC1QO8TwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/s3evcdJVd0JAj/d9INumqaNE9GMk3TUgGakaWwNw+AoaoxGRZpZddxkNBBoEGmE8FgFURtQZxziZ3ztrJnoCAoiu+qHGFeDwUhcxIw6iWLiA/Cxjq7r+h6VGM2E/XTfOkXVrS67EFDa+X7/6DpVv/O89eg69946FwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/xjuPfjlk4YunP0PHzace8nqqqmL/kfH6Mv+cNW3vvjUPy5b9G9h/i9GnLll3kEXHjd/wbR/6Vi++ogzQmjtKleWFC977oqvPtS613HP3jFw48wbb63fUpWpNxMP/Tr/lGfuXBxbfbF/CHeXhVCRDgypSwKVmft1sb5960LYI2wLZEu01SYl0g2HB2pCWBK2BbJVra4JoS4ncMqG+++7vDNxTU0IXwkhVKfbeKY6aaMmHRhUlQRq04HpFUngt1sT2cBPypMA7LD4Zsi+6Fe15mdo6L5ckddf5U7r2KcrPbw+MdFQPN/rR+3iTuWoSj/QukNPW0F17BIFb4+13m294N1WsJ2v8LTlfpHKfEPZui1UHcontk0aP6d9dnykPDQ19SlW0y56np9+e/6E7Un3mtdh7EDDTnkdXvrYiun9lo2+9OrNvxqz4ayaA3a0m0/lbNLc9K5WHTKvuV7zPEajfJ70grdfwbekRl+6Qghbzz17xtfnTDz7iD63PLnu1QcfrNty9pwFvzhz4nmLLj55w7/Pf6lg/t/w0fP/+HKOt+V5uWOrH9Ync/P4SF1MvFmfzM0BAACg1+gNe01Xnv/6X73+/bWtMxed/u23Dj73w71afz3i/gFVB7yxrqn1/I2ff6Vg/t9Y2vH/eMi/Lne0a0MY1ZVYNCCEvbseTwIrY3e+OyCEL3elWvMDR6UCa0PYpytxULaqVIm+sURjKvByfSYwKhVYHwOtqcDyGLgiFbg4BlalAhNiYG0qcHQMhCn54/hqfWYcJQdqYmBcshFXxbMQ3qmPraW21aZsVQAAADtJZnZYmX8351yHHc0Qp5eranrKEM/ALpqhOlVDegabnVYVraGipxrKe6ohO+6Ojx5+Qc1lPdVccBpGWX6GG9f85X2LXjzsC2P3mvj5xUMvmPKz8eGst++uerx5yYtv7XvEzesK5v/NHz3/r+6mI2UFx/9DGNv1N+Yuz0Tas/FxrXkZAAAAgB1w0R//xR61Lw85oGHT+2X3zl/7xKMrfrl5j1NOf3/c8a//8PCaxnsL5v+jSjv/P+4T6ZOTOTwSd0NMHRBCc34gqXZkYSA56t0vEwAAAIDeIHs8PnssfErmNjlFOz2fLszfup3544H/Ud3m//09/7P2jq3/+mLZBd89d0TNgKX/9GrHhBNOPvqW47/1zj4VB/yyvGD+31ra+f+1+bdJJ9bHXlw9IIS+OYEHYy87A10aY+D5I/MDmfGvjxtgcawqc2JCtqrFscS4GGhOBZYUK/FotsTe+YHMk5VtfFF2HFMyJXICAAAA8ImLuwPicfl4/n/LGSNO++vvzfrbha88eN7qCy75q+Ed80eedP/THzbMvXJp2PTmEQXz/3Hbd/5/1zy44PT+9n4hDK0IoU/6hwGP1CYLA8ZAXVkmcW9tUlefdFULa0MY2TmwdFUvZNb/r0ivMfh4TVJVDOy93y1vD+pMLKsJYWhu4IlvLz2sMzEnFcg2flpNCF/qHG268bv6Jo1Xphu/tm8IX8wJZKua0DeEzsaq0lX9r+rMdQzSVa2qDmHPnEC2quHVIcwNAPRW8X/pxNwHZ82dN3V8e3vbzF2YiDvxa8KkKe1tTROmt0+sLtKniak+561jtKBwTKVe+mZTZo2ixSsnV5aSzv5QsDm3rcyO/IIzBzP345ehyq5xHlKZd7clPeQD9y9sIuR8lSo25PJdPOTa3Eq2PYkF9cf8VaFf6DtnVtvMpvPGz549c1jyt9TshyR/43GmZFsNS2+r2u76VsLLo+hyWSkfd1sNyq1k6OxpM4bOmjtvyJRp4ye3TW47p+XQP2sZMXz410YM7RxUc/K3h5EO6q7m1Ei3Li1xWDtxpF+oyKnkk/jQkJCQ6G2J/f7L5odH77n+nOt/9tqPz+/3zdPu3fvImT889KqpD1Xve/ji24ccWDD/n/HR8//4qRM/+DPrMxQ7/t8QD/Mnj287zD8uBpaUevy/odjR/OyJAY2pQEcMdDjMDwAAwGdD3B0Z92bGndKbb1m/buOSlrk/aHin5dY17Utvuum+U39y58ATvjQ47LXhuhM+VzD/7yjt9/87af3/7NL1JxRb5v+gWKK52Pr/6WX+s+v/dxRb/z+9zH92/f8ln8L6/3OygdQmecf6/wAAwGfBJ7f+f4/L+6cvEFCQocfl/dMXCCjI0OMy/qVeIGC71/9f8+Bff6Wq35g7/qTlN/WXvPZ39xzWeuS6zTP/5Etb10+877qxt6wpmP9fUdr838L9AAAAsPv4z5ddU3H02Xff0bJu6sZxbw5+98m3lgzq80HF0Q+3j3xh4Bu3nlcw/19S2vz/k1//LxQ7/7+xWKC12MKA1v8DAACglyq2/t89Q1sa/zCm/x+eHvab5Q/ePPqnj/z898v3+/mJPyvfZ8Gxz8+8bFLB/H9VafP/eNpFeV7u2JsP65M17UJ6Tbs367M/GQAAAIDeoTw0NVWWmDdvYdSjPn6bT2eWAv2odK7vvXLt2ZtfmH7c46ev+7uaEwbvOWHaBasa/2b4gXd+ftQley7ddGrB/H9tafP/vN9lXPrYiun9lo2+9MOrN/9qzIazag7YdvwfAAAA2HVK3S8BAAAAAAAAAAAAAAB8+s7tWHzhI8uOfe+bt//F/kcseXXwbXcd+Lsh/V664qoHJq1648zJXy/4/X8Y21Wu2O//43X/4u8L/igvd2y15/X/MvdPOfH2uV1LFj5SH8L+uYGpC6fuETLX5h+cG7jvjIMGdiYWpkusefbolzoT30kHjh/yuS2dicNTgXFxkcR90oF4VcUt/VOBuLzi4+lA3B6r0oGqTOCy/sk4ytLb6pW6ZFuVpbfVxroQBuQEstvq7rqkjbL0AK9JBbID/F46EAd4ciZQnu7V7f2SXsVAXSx6Q7+kVwAA7Lbit8DKMGlKe1tz/Aofb79QkX8b5S1ZtqCw2rISm9+UWZps8crJlaWk+6S/i2671nhlqO4cwrCCr6u5Wcq6Rrlzaulh0/1RkSH3tNpbeZFyadu76aqKj6gmGVHThOntEyt7HHhLz1kOqegxy7CCyU5ulvKuTVpCLSX0pYQRlbhtSuhyvF8empr6pHL9eQw2hDw9vSJK/b1+7jp/xV4FuXluO/TKt758zE+f++CfP/9E/2+cVnP7rO+/e+KvX7//wEOOuG5C05otBfP/htLm/9W549qSuRhAR7yy3sgBIYwrcUQAAADw2XfbRbfecfr09a9MWlvx5GOPTS0fc3rl1vl3zp93ycZ7Fx9/2cErdjR+2Fm//f5vBu//b89e9dJPR+7zwA03/58nD3v8z3//8I8eeqduZZ+x7xXM/xtLm//HPViZQ8HJ3o618fr/iwaE0HVp/YYksDIO97sDQvhyV6o1lkguqH9CLNGcBFbGHSYHxRLjWvOr6hsDq1KBl+szgbWpwPoYyOyluCVkduVcWR/CYV2psfklZsQSDanAmBhoTAWaYqA5FegfA6NSgdf6ZwKtqcDDMRCm5G+rH/fPbCsAAIDtkZlnVebfDel53qqKnjKU9ZShtqcM5T1lqO4pQ7FRxPt3xAyVqZNXynIyVaZrrUnVUpAhXgx/u/tVkCE8mp8zXbCg6Xj+QfZ8g7L8DFf+4NlT1w+e/tDqzcd8beBt/zhkz4Obp9e9t+CGp3475pzrnv/TQQXz/+bS5v+1+bdJ6+vj/H/b9f+SwIOxe1fHU8cbY+D5I/MDmR0D6+Nkd3G2qtZMicykfXEsMSoGGlOBGTEwKhUYNzYTWDIwP5CZaWcbX5RtfEqmRE4AAAAAPnFxB0HcTRPn/zce9YOr3x8wccuyeTPvH9vyxMmjv3H1XT+6d/9ld767YvCAce99p2D+P6q0+X9sr19uYxfH3rzYP4S7y7b1JhsYUpcE4n6Muvjz+H3rQtgjZwdHtkRbbVKiKtVweKAm+YV6Vbqq1TXJGgPx/ikb7r/v8s7ENTUhfCVn70u2jWeqkzZq0oFBVUmgNh2YXpEE4p6fbOAn5UkAdlh2r2B8QWVOdclq6L5ckdffZ+WaoOnhFewD7SZfd7+52lWq0w9k9qlmbd/TVlAdu0TB22Otd1tvfLc1eLflfpHKfEPZui1UHcontk0aP6d9dnwk95esBXbR85z7K9VS0jvhddjx8Xvbs+p0B5pTHx/N3Zfr/nVYFqu79LEV0/stG33p1Zt/NWbDWTUHlNyNIuIPhX+05X9XPpWzeXe16pB5zfW6z5NWnye98d9Ao6cthHDZ9cfsu+TdX+/33A3Pnbqu7Maxr/7lrHs2Lf+bysNHrXv/yaGjLy+Y/7eWNv+vSN12+V3cmLMGhHBgzsZ9JG7+YwYkn4M5geRTcs/CQHLI/V/ri35yAgAAwM6W3d2R3V8wJXObnBCenicX5m/dzvxxf8WobvOX2u9j121cedLQN6474G8vOPGNv7/28Kceuv6ysnXL//vYD1avuXzxe08UzP/HffT8v2+qm47/O/7PLuL4f7d2913RfdMPdOzQruiC6tglHP/v1u7+bnP8v1uO/zv+3x3H/3vg+H+3dvenreBb0gxfujonwdff+fPfTbzpg7mN+x180lPPHDrxun+6quXuu0555b+de9601761uWD+P6O0+b/1/7pftC+7/t+4Yuv/zSi2/l+H9f8AAIBdqshCc+l5XsHqfQUZ0qv3FWTocYHAHpcYtP7fdq//t3Dkv1904Q+fb7n2nTvHXb5m07Fnvvr0utXPzFpx3Lnnv9V6112tBfP/jtLm//Hl0C+39d6y/l/j2CJVXREDMywMCAAAwO6o2A4CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPl2HnvbO+5d8/R/aBv1ixc1/f+v/+7/P1q594JvfuGn4L6f86RllazZcM+LMLfMOuvC4+Qum/UvH8tVHnBHClK5yZUnxsueu+OpDrXsd9+wdAzfOvPHW+i3VmXorM7d/nJc7tvphfQhLch6pi4k36zvvbAuccuLtcys6E4/Uh7B/bmDqwql7dCaW14cwODdw3xkHDexMLEyXWPPs0S91Jr6TDhw/5HNbOhOHZwJl6e5e1z/pblm6u5f3D2FATiDb3bP751eVbeO4TKA83caKuqSNGKiLRa+tS9qIgfZYYkrfEIZWhNAnXdU/VydV9UlXdU91UlWfdFUXVYcwMoRQka7quaqkqor0yB+tSqqKgb33u+XtQZ2JpVUhDM0NPPHtpYd1JmamAtnG/1NVCF/qfMmkG/9xZdJ4Zbrx/1oZwhdDCFXpEu9VJCWq0iVeqAhhz5zAto1YEcLcwGdD/PSZmPvgrLnzpo5vb2+buQsTVZm2asKkKe1tTROmt0+sTvWpmLKc9NYFH3/sm96eP6HzdvHKyZWlpCsy5Sq7unxIZd7dlt2997FftbmVbHs+CuqP+atCv9B3zqy2mU3njZ89e+aw5G+p2Q9J/vbJRJNtNay3bKtBuZUMnT1txtBZc+cNmTJt/OS2yW3ntBz6Zy0jhg//2oihnYNqTv7ujJEu/eRH+oWKnEo+ife/hIREb0uU5326Ne/un+MFX/S3dbQyVHd9QBdMK3KzlHWNcmcM+qiPOeKP8zWlxxENK5g4FGQ5pOcsLQWTiW1ZapIsXV/rCiaHuTWVd23SeL88NDX1KbYdGvLv5m7e13dg8z6d2XSlpgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+P/swIEAAAAAAJD/ayNUVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYQcOBAAAAACA/F8boaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqgo7cCwAAAAAIMzfOoyeDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4FAAA//8fSxmR")
ioctl$BTRFS_IOC_INO_PATHS(r0, 0xd000943e, &(0x7f0000000040)={0x100, 0x0, [0x8, 0x13, 0x65, 0x4f], 0x0})

3.398601185s ago: executing program 4 (id=4815):
r0 = syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2)
ioctl$FE_GET_PROPERTY(r0, 0x80106f53, &(0x7f0000000000)={0x22, &(0x7f0000000140)=[{0x4, '\x00', @st={0x4, [{0x2, @uvalue=0xfff}, {0x0, @uvalue=0x1ff}, {0x3, @uvalue=0xfffffffffffffffb}, {0x0, @svalue=0x47b6cc5d}]}, 0x9}]})

3.229439399s ago: executing program 4 (id=4818):
r0 = syz_mount_image$btrfs(&(0x7f00000004c0), &(0x7f00000015c0)='./file0\x00', 0x0, &(0x7f0000000180)={[{@clear_cache}, {@user_subvol_rm}, {@nodiscard}, {@noautodefrag}, {@autodefrag}, {@ssd}, {@max_inline={'max_inline', 0x3d, [0x7, 0x32, 0x38, 0x2d, 0x35, 0x36, 0x78, 0x2d, 0x2d, 0x37]}}, {@space_cache}]}, 0x0, 0x559e, &(0x7f00000103c0)="$eJzs3X9sVeX9B/BzWwoN+C39jhUYfxAgBoMkyJYtjqB4MQa24eKlgsKcCEQlBivYRDcYqUWSZcaghU4EF5GQaDJjscM/FMywy7CMZfzY5hZjs4JSaZZsAzVrHDG69N77XO49l9tembNOXy/SnvPcz3me+9yT88d9X/qcGwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAURUcSc9+d0f3i0ZE1X77/Hz+e+OjGn4zfvX/roVvu23T/gjMjbto5a1nf+mlN8zdsbDjS/PS+ObdGUSLdL5Htf9u136q/88bbvlsdBly+MLOtrS31lJmuJzON4QUP9vcr/FkRRVFVbIDK7PbV7E5FwQC53cbiAQf0Tuui6O7J8ya1dT01bklyYU/xS6df9VBPYKhkr6ue89dSMv27InZErp136SUKLtFM//gF96m8CADgY5mZSm9yb0ezb3Fz7eZ4PdZOxtotsXZ4h9CS37gYmXGHl5rnpHh9iOaZzESFESXnGatnz3+unYr3j7VjUeNjzLPw0GykqS41z7Wx+lDNEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOCzZOzxo2tWtD2y575fdtQceff9OVc+8KWOw22LT4y8eunKHWum/HTWsr7105rmb9jYcKT56X1zbo2i2nS/RKZ74kTL5b9NjZ3fvXfcG427n6vpq8yOG7bD8g6OXg87s0ZH0cq8Sk8Y9q81UZQqLKSb0Y7iwl3pnW+HAgAAAJ8nX0n/rsi1M3GwqqCdSKfJRPpfkAmL77Quiu6ePG9SW9dT45YkF/Zc/HipEuMlLzherl17/ieRF4xD/I2Pd74eDm0sGmdg8RHjef7SMWPefmty/eSvT5v7xA3PjOru+r8nZ2xJ/bGu5oUrru+tf/a6ovxfO3D+D2dO/gcAAOA/If/HxxnYYPn/jqVTt7z+i2Grft3a8MTB+h1/bv3OMzsXneq54Ud9L09N3v7o1UX5f1LBUxbl/zDjkP8roovL/wAAAPBZ9t/O/8micQY2WP5vONM3+wcHX6vr+PucxXt+9dAVi8+e/tv8U7t3DV9zR8v6uoeuLMr/M8vL/8Pypx0e/F2Y8OrRUTSz/JMKAAAAFAj/737+o4WQ1zOfHMTz+rX/vKp5380ffPMbD97zpzff/s2xA7MnrdteN/PgyzfVf1j5ve3dRfk/WV7+r/p0Xi4AAABQhuePrpw773jPucfPvtB18vDu3pMznjyzrqnvdOslLatXbTr2WlH+T5WX/0cMzcsBAAAALuDeO59bsfnVl/oe2H/X2Ck9FVc1XpK4ZduOqU0TPuq8tPfy7VuL8v/y8vL/yOw2u/Ih06kz/BVC6+goqu7fWZspHIparskVAAAAgE9IyOlbP1ixbOzOsb3jj59+rObQG4dn/2Vt55yN13RXdW/uXNZ4WdH9AkJiL3X//3Cng7D+v+D+f0Xr//MKmbv+zXZjAAAAAL6Iitfzh9vjZ765oNT375e7/n9J3cQTiba33lv11XMHzo1ZsP/7129aV9/be8+El37/wz9M/6i6KP83l5f/K/O3n+T3/wEAAMBF+F/7/r+lReMMbLD7/zdV9DWsWrd3+uota7csTCw7UH3qwdV731+w5l9Tb36+qea6A0X5v6W8/B+2o/JfXkc4P5tGR9H4/p3s3QR/Hqa7OlZor8orZE58rMeNoUe20D4ir5C2Ntbja6OjaHL/TnOs8P+h0BIrnK3JFnbFCsdCIXs95Ap7YoWOcKVtq8lON154MRSyCyzawwqKUbklEbEe75Xq0V+4YI+u3JMDAAB8oYTwnM2yVYXNKB5l2xODHTBysAMqBjugcrADhsUOiB9Y6vFoeWEhPH575yMbNjVMSb7y8NzHfvbms40T9j1+WV3v5g9f2XbvxJ3TW6YW5f9d5eX/cCqGZzal1v9HYf1/9nsNc+v/l4dCbazQHgqp+B0DUuE5MmH34fActalsj7PjcwUAAAD4XAufC1QO8TwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/s3evcdJVd0JAj/d9INumqaNE9GMk3TUgGakaWwNw+AoaoxGRZpZddxkNBBoEGmE8FgFURtQZxziZ3ztrJnoCAoiu+qHGFeDwUhcxIw6iWLiA/Cxjq7r+h6VGM2E/XTfOkXVrS67EFDa+X7/6DpVv/O89eg69946FwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/xjuPfjlk4YunP0PHzace8nqqqmL/kfH6Mv+cNW3vvjUPy5b9G9h/i9GnLll3kEXHjd/wbR/6Vi++ogzQmjtKleWFC977oqvPtS613HP3jFw48wbb63fUpWpNxMP/Tr/lGfuXBxbfbF/CHeXhVCRDgypSwKVmft1sb5960LYI2wLZEu01SYl0g2HB2pCWBK2BbJVra4JoS4ncMqG+++7vDNxTU0IXwkhVKfbeKY6aaMmHRhUlQRq04HpFUngt1sT2cBPypMA7LD4Zsi+6Fe15mdo6L5ckddf5U7r2KcrPbw+MdFQPN/rR+3iTuWoSj/QukNPW0F17BIFb4+13m294N1WsJ2v8LTlfpHKfEPZui1UHcontk0aP6d9dnykPDQ19SlW0y56np9+e/6E7Un3mtdh7EDDTnkdXvrYiun9lo2+9OrNvxqz4ayaA3a0m0/lbNLc9K5WHTKvuV7zPEajfJ70grdfwbekRl+6Qghbzz17xtfnTDz7iD63PLnu1QcfrNty9pwFvzhz4nmLLj55w7/Pf6lg/t/w0fP/+HKOt+V5uWOrH9Ync/P4SF1MvFmfzM0BAACg1+gNe01Xnv/6X73+/bWtMxed/u23Dj73w71afz3i/gFVB7yxrqn1/I2ff6Vg/t9Y2vH/eMi/Lne0a0MY1ZVYNCCEvbseTwIrY3e+OyCEL3elWvMDR6UCa0PYpytxULaqVIm+sURjKvByfSYwKhVYHwOtqcDyGLgiFbg4BlalAhNiYG0qcHQMhCn54/hqfWYcJQdqYmBcshFXxbMQ3qmPraW21aZsVQAAADtJZnZYmX8351yHHc0Qp5eranrKEM/ALpqhOlVDegabnVYVraGipxrKe6ohO+6Ojx5+Qc1lPdVccBpGWX6GG9f85X2LXjzsC2P3mvj5xUMvmPKz8eGst++uerx5yYtv7XvEzesK5v/NHz3/r+6mI2UFx/9DGNv1N+Yuz0Tas/FxrXkZAAAAgB1w0R//xR61Lw85oGHT+2X3zl/7xKMrfrl5j1NOf3/c8a//8PCaxnsL5v+jSjv/P+4T6ZOTOTwSd0NMHRBCc34gqXZkYSA56t0vEwAAAIDeIHs8PnssfErmNjlFOz2fLszfup3544H/Ud3m//09/7P2jq3/+mLZBd89d0TNgKX/9GrHhBNOPvqW47/1zj4VB/yyvGD+31ra+f+1+bdJJ9bHXlw9IIS+OYEHYy87A10aY+D5I/MDmfGvjxtgcawqc2JCtqrFscS4GGhOBZYUK/FotsTe+YHMk5VtfFF2HFMyJXICAAAA8ImLuwPicfl4/n/LGSNO++vvzfrbha88eN7qCy75q+Ed80eedP/THzbMvXJp2PTmEQXz/3Hbd/5/1zy44PT+9n4hDK0IoU/6hwGP1CYLA8ZAXVkmcW9tUlefdFULa0MY2TmwdFUvZNb/r0ivMfh4TVJVDOy93y1vD+pMLKsJYWhu4IlvLz2sMzEnFcg2flpNCF/qHG268bv6Jo1Xphu/tm8IX8wJZKua0DeEzsaq0lX9r+rMdQzSVa2qDmHPnEC2quHVIcwNAPRW8X/pxNwHZ82dN3V8e3vbzF2YiDvxa8KkKe1tTROmt0+sLtKniak+561jtKBwTKVe+mZTZo2ixSsnV5aSzv5QsDm3rcyO/IIzBzP345ehyq5xHlKZd7clPeQD9y9sIuR8lSo25PJdPOTa3Eq2PYkF9cf8VaFf6DtnVtvMpvPGz549c1jyt9TshyR/43GmZFsNS2+r2u76VsLLo+hyWSkfd1sNyq1k6OxpM4bOmjtvyJRp4ye3TW47p+XQP2sZMXz410YM7RxUc/K3h5EO6q7m1Ei3Li1xWDtxpF+oyKnkk/jQkJCQ6G2J/f7L5odH77n+nOt/9tqPz+/3zdPu3fvImT889KqpD1Xve/ji24ccWDD/n/HR8//4qRM/+DPrMxQ7/t8QD/Mnj287zD8uBpaUevy/odjR/OyJAY2pQEcMdDjMDwAAwGdD3B0Z92bGndKbb1m/buOSlrk/aHin5dY17Utvuum+U39y58ATvjQ47LXhuhM+VzD/7yjt9/87af3/7NL1JxRb5v+gWKK52Pr/6WX+s+v/dxRb/z+9zH92/f8ln8L6/3OygdQmecf6/wAAwGfBJ7f+f4/L+6cvEFCQocfl/dMXCCjI0OMy/qVeIGC71/9f8+Bff6Wq35g7/qTlN/WXvPZ39xzWeuS6zTP/5Etb10+877qxt6wpmP9fUdr838L9AAAAsPv4z5ddU3H02Xff0bJu6sZxbw5+98m3lgzq80HF0Q+3j3xh4Bu3nlcw/19S2vz/k1//LxQ7/7+xWKC12MKA1v8DAACglyq2/t89Q1sa/zCm/x+eHvab5Q/ePPqnj/z898v3+/mJPyvfZ8Gxz8+8bFLB/H9VafP/eNpFeV7u2JsP65M17UJ6Tbs367M/GQAAAIDeoTw0NVWWmDdvYdSjPn6bT2eWAv2odK7vvXLt2ZtfmH7c46ev+7uaEwbvOWHaBasa/2b4gXd+ftQley7ddGrB/H9tafP/vN9lXPrYiun9lo2+9MOrN/9qzIazag7YdvwfAAAA2HVK3S8BAAAAAAAAAAAAAAB8+s7tWHzhI8uOfe+bt//F/kcseXXwbXcd+Lsh/V664qoHJq1648zJXy/4/X8Y21Wu2O//43X/4u8L/igvd2y15/X/MvdPOfH2uV1LFj5SH8L+uYGpC6fuETLX5h+cG7jvjIMGdiYWpkusefbolzoT30kHjh/yuS2dicNTgXFxkcR90oF4VcUt/VOBuLzi4+lA3B6r0oGqTOCy/sk4ytLb6pW6ZFuVpbfVxroQBuQEstvq7rqkjbL0AK9JBbID/F46EAd4ciZQnu7V7f2SXsVAXSx6Q7+kVwAA7Lbit8DKMGlKe1tz/Aofb79QkX8b5S1ZtqCw2rISm9+UWZps8crJlaWk+6S/i2671nhlqO4cwrCCr6u5Wcq6Rrlzaulh0/1RkSH3tNpbeZFyadu76aqKj6gmGVHThOntEyt7HHhLz1kOqegxy7CCyU5ulvKuTVpCLSX0pYQRlbhtSuhyvF8empr6pHL9eQw2hDw9vSJK/b1+7jp/xV4FuXluO/TKt758zE+f++CfP/9E/2+cVnP7rO+/e+KvX7//wEOOuG5C05otBfP/htLm/9W549qSuRhAR7yy3sgBIYwrcUQAAADw2XfbRbfecfr09a9MWlvx5GOPTS0fc3rl1vl3zp93ycZ7Fx9/2cErdjR+2Fm//f5vBu//b89e9dJPR+7zwA03/58nD3v8z3//8I8eeqduZZ+x7xXM/xtLm//HPViZQ8HJ3o618fr/iwaE0HVp/YYksDIO97sDQvhyV6o1lkguqH9CLNGcBFbGHSYHxRLjWvOr6hsDq1KBl+szgbWpwPoYyOyluCVkduVcWR/CYV2psfklZsQSDanAmBhoTAWaYqA5FegfA6NSgdf6ZwKtqcDDMRCm5G+rH/fPbCsAAIDtkZlnVebfDel53qqKnjKU9ZShtqcM5T1lqO4pQ7FRxPt3xAyVqZNXynIyVaZrrUnVUpAhXgx/u/tVkCE8mp8zXbCg6Xj+QfZ8g7L8DFf+4NlT1w+e/tDqzcd8beBt/zhkz4Obp9e9t+CGp3475pzrnv/TQQXz/+bS5v+1+bdJ6+vj/H/b9f+SwIOxe1fHU8cbY+D5I/MDmR0D6+Nkd3G2qtZMicykfXEsMSoGGlOBGTEwKhUYNzYTWDIwP5CZaWcbX5RtfEqmRE4AAAAAPnFxB0HcTRPn/zce9YOr3x8wccuyeTPvH9vyxMmjv3H1XT+6d/9ld767YvCAce99p2D+P6q0+X9sr19uYxfH3rzYP4S7y7b1JhsYUpcE4n6Muvjz+H3rQtgjZwdHtkRbbVKiKtVweKAm+YV6Vbqq1TXJGgPx/ikb7r/v8s7ENTUhfCVn70u2jWeqkzZq0oFBVUmgNh2YXpEE4p6fbOAn5UkAdlh2r2B8QWVOdclq6L5ckdffZ+WaoOnhFewD7SZfd7+52lWq0w9k9qlmbd/TVlAdu0TB22Otd1tvfLc1eLflfpHKfEPZui1UHcontk0aP6d9dnwk95esBXbR85z7K9VS0jvhddjx8Xvbs+p0B5pTHx/N3Zfr/nVYFqu79LEV0/stG33p1Zt/NWbDWTUHlNyNIuIPhX+05X9XPpWzeXe16pB5zfW6z5NWnye98d9Ao6cthHDZ9cfsu+TdX+/33A3Pnbqu7Maxr/7lrHs2Lf+bysNHrXv/yaGjLy+Y/7eWNv+vSN12+V3cmLMGhHBgzsZ9JG7+YwYkn4M5geRTcs/CQHLI/V/ri35yAgAAwM6W3d2R3V8wJXObnBCenicX5m/dzvxxf8WobvOX2u9j121cedLQN6474G8vOPGNv7/28Kceuv6ysnXL//vYD1avuXzxe08UzP/HffT8v2+qm47/O/7PLuL4f7d2913RfdMPdOzQruiC6tglHP/v1u7+bnP8v1uO/zv+3x3H/3vg+H+3dvenreBb0gxfujonwdff+fPfTbzpg7mN+x180lPPHDrxun+6quXuu0555b+de9601761uWD+P6O0+b/1/7pftC+7/t+4Yuv/zSi2/l+H9f8AAIBdqshCc+l5XsHqfQUZ0qv3FWTocYHAHpcYtP7fdq//t3Dkv1904Q+fb7n2nTvHXb5m07Fnvvr0utXPzFpx3Lnnv9V6112tBfP/jtLm//Hl0C+39d6y/l/j2CJVXREDMywMCAAAwO6o2A4CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPl2HnvbO+5d8/R/aBv1ixc1/f+v/+7/P1q594JvfuGn4L6f86RllazZcM+LMLfMOuvC4+Qum/UvH8tVHnBHClK5yZUnxsueu+OpDrXsd9+wdAzfOvPHW+i3VmXorM7d/nJc7tvphfQhLch6pi4k36zvvbAuccuLtcys6E4/Uh7B/bmDqwql7dCaW14cwODdw3xkHDexMLEyXWPPs0S91Jr6TDhw/5HNbOhOHZwJl6e5e1z/pblm6u5f3D2FATiDb3bP751eVbeO4TKA83caKuqSNGKiLRa+tS9qIgfZYYkrfEIZWhNAnXdU/VydV9UlXdU91UlWfdFUXVYcwMoRQka7quaqkqor0yB+tSqqKgb33u+XtQZ2JpVUhDM0NPPHtpYd1JmamAtnG/1NVCF/qfMmkG/9xZdJ4Zbrx/1oZwhdDCFXpEu9VJCWq0iVeqAhhz5zAto1YEcLcwGdD/PSZmPvgrLnzpo5vb2+buQsTVZm2asKkKe1tTROmt0+sTvWpmLKc9NYFH3/sm96eP6HzdvHKyZWlpCsy5Sq7unxIZd7dlt2997FftbmVbHs+CuqP+atCv9B3zqy2mU3njZ89e+aw5G+p2Q9J/vbJRJNtNay3bKtBuZUMnT1txtBZc+cNmTJt/OS2yW3ntBz6Zy0jhg//2oihnYNqTv7ujJEu/eRH+oWKnEo+ife/hIREb0uU5326Ne/un+MFX/S3dbQyVHd9QBdMK3KzlHWNcmcM+qiPOeKP8zWlxxENK5g4FGQ5pOcsLQWTiW1ZapIsXV/rCiaHuTWVd23SeL88NDX1KbYdGvLv5m7e13dg8z6d2XSlpgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+P/swIEAAAAAAJD/ayNUVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYQcOBAAAAACA/F8boaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqgo7cCwAAAAAIMzfOoyeDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4FAAA//8fSxmR")
ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000100)=ANY=[@ANYRESDEC, @ANYBLOB="893a2b30303030020000000300"])

2.860819655s ago: executing program 6 (id=4823):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x2)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, &(0x7f0000000e80)={0x2, 0x100, 0x18, 0x6, 0x110, &(0x7f0000000a80)="c2cc1901184a0081eb0184e1d30407922eba8adad819b60caa153926665dd17a83c765ea54763f97e4c74aeac6d5e5993f4a335fcb8f08945e0e418b508838d0a7b31a61223d6a6e5abcc3798ffd679b9bc34d50b00c957d3a7e6908eaf26b722415053a5134c73d053db06496046f16805f3a50a4657430f7705abcffb7b0d90f5ddb7f54a241cc8a6028d9c7e5fa200972d46d1e9ea4c3cb8fec1909071d21c2245110537ca5393cce199046221c10e9c9319df140632ab9ff76df4246e9d391ca4ab6811921adf4d45f1297bc968b40d507b227a18051d048c1ddf931ab6dd04485be041df29eff034d54dd916cc71d5b79cff0140a53421b2d6a3ba3e05d661acd73db647c2e68065fd3f8aaba141ab98de4a4d0f86c667eac1fc8ebddd5fa53eb9feab4914978d6a8c9a6a78d03aa30ffbd208e979537b7e1be1f94cc3a103e243553609a5abba2cef1d7685b75c22396c3a6c43d33a88d3c6e8545058a4afcc8e164944cd1642fe582722ac33f20f4db3ecb11fe4aee55d862be68a570e07f0f69b49943d44ac90d63333ab05a674c3ec0381d83fc53a734c00aeda045a59b162cc98d535b656af837784123f58751cc8f6d8c5ff020d22b9d93e2376ae80e9b83bf2d0f3eae7e477575a6e4e63c4c9cbf5a937af859881ff1b0a8c2101dba4b507c48b29b4007b2a898798673f0ea95e5026dde9e9f7f2f72df41cdf76013a539d4ad6190c377ed70ba5d496579b93d43630a2315b88942e4b98ea712c7cb5d37f3af198ce5652db11b5150dae931f7f1a9f519da4cba3a51811c4dfa38dbf5cd50cc42eb0c0f557babdb88cac75e35df87881e563b45b2c36faaf61d41dc24af0ea64528342c6e10738cd73345d5d7a0fa1aa1f6e69d564be043a4460786df2fb40aa9e31139409f38a402e4ba14dfdbf8bc2ea1e38c545eec6b0a580d81ae61fea38cdeb81620c3bd71883b09f3ecc7385e0a8dd9ce73e32ae4b4480a8c8c1ec334ca652dd036c2a103f9b7ca235e3fe9335d06af093a472d267ff44417cbf1629b5f05598162e6d6aac9cc82f2286aee210b7d2a2c21bcafb69a499742fbe961a8a61a6cb9107695fb52b6c091b0977a38d81a90395730b6a431db30c36fbe5d85b717e9179cd9a15019e8e8cf7d84d97400ead5a74326e3c7be201f6ff0fb0f9b9318de990e18e3ede46a55b1abe5e25a1f84063a79911f8c39efe494d2114304b7875c9b18aa6d2abe11d7cec1c9800713aca7e14c37fc5062d2873074c1558b631acc8f67fcf36e464f77064300be4ba0e19af2f7603404de1222de49323b9217e944b17d2cc748e0cd7ba44554253bd7346bf485a609c3fcd337d1d4505c852f6fbdbe51e50eed23d43ce6ca5830c17fb9bb0633f42a4673d937d98c12d92c08a8cfbc6c6d81dd80e74183d8040fe698b3ac8e426cd476f06f"})

2.122270787s ago: executing program 7 (id=4830):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000005c0)=@newtaction={0x7c, 0x30, 0xb, 0x5, 0x0, {}, [{0x68, 0x1, [@m_ct={0x64, 0x1, 0x0, 0x0, {{0x3a}, {0x3c, 0x2, 0x0, 0x1, [@TCA_CT_NAT_PORT_MIN={0x6, 0xd, 0x4e24}, @TCA_CT_ACTION={0x6, 0x3, 0x19}, @TCA_CT_PARMS={0x18, 0x1, {0x80000001, 0x0, 0x0, 0x0, 0x400}}, @TCA_CT_ZONE={0x6, 0x4, 0xf}, @TCA_CT_NAT_PORT_MAX={0x6, 0xe, 0x4e22}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc}}}]}]}, 0x7c}, 0x1, 0x0, 0x0, 0x8890}, 0x40)

1.983447447s ago: executing program 6 (id=4832):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f0000000000)=@framed={{}, [@ringbuf_output={{0x18, 0x5, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffffd}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x63}}]}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

1.825779078s ago: executing program 7 (id=4834):
r0 = syz_io_uring_setup(0x6756, &(0x7f0000000200)={0x0, 0xcfca, 0x1040, 0x0, 0x1000001}, &(0x7f0000000c00), &(0x7f0000000040))
io_uring_register$IORING_REGISTER_RESTRICTIONS(r0, 0xb, &(0x7f0000000280)=[@ioring_restriction_register_op={0x0, 0x13}, @ioring_restriction_sqe_op={0x1, 0xbbaaa02c105c57ae}], 0x2)

1.792133329s ago: executing program 3 (id=4835):
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/ip6_mr_vif\x00')
pread64(r0, &(0x7f0000000480)=""/209, 0xd1, 0x37)

1.67591825s ago: executing program 6 (id=4836):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)={{0x14, 0x10, 0x4, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7, 0x0, 0xffff}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}]}, @NFT_MSG_NEWSETELEM={0x64, 0xc, 0xa, 0x101, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x38, 0x3, 0x0, 0x1, [{0x34, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0x4}, @NFTA_SET_ELEM_EXPRESSIONS={0x2c, 0xb, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @last={{0x9}, @val={0x18, 0x2, 0x0, 0x1, [@NFTA_LAST_SET={0x8, 0x1, 0x1, 0x0, 0x81}, @NFTA_LAST_MSECS={0xc, 0x2, 0x1, 0x0, 0xffffffffffff8001}]}}}]}]}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xe8}, 0x1, 0x0, 0x0, 0x10}, 0x40000)

1.46790514s ago: executing program 3 (id=4838):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)={0x30, 0x40, 0x107, 0xfffffffe, 0x0, {0x1, 0x7c}, [@nested={0x4, 0x142}, @nested={0x14, 0x1, 0x0, 0x1, [@typed={0x8, 0x3, 0x0, 0x0, @uid}, @typed={0x8, 0x13, 0x0, 0x0, @uid}]}, @nested={0x4, 0x2}]}, 0x30}, 0x1, 0x0, 0x0, 0x110}, 0xc000)

1.465472073s ago: executing program 7 (id=4839):
r0 = socket$inet6(0xa, 0x2, 0x0)
sendmmsg$inet6(r0, &(0x7f00000065c0)=[{{&(0x7f0000000440)={0xa, 0x4e23, 0x0, @remote}, 0x1c, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="12000000000000001100000067"], 0x22}}], 0x1, 0x0)

1.43508139s ago: executing program 6 (id=4840):
r0 = syz_usb_connect(0x2, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="3101000009005e08cb06030000e8160000010902240001000064000904340102d486100009058acf", @ANYRESOCT=0x0], 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)

1.231187858s ago: executing program 1 (id=4841):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000300)=0x20, 0x4)

1.227839127s ago: executing program 7 (id=4842):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(r0, 0x29, 0x20, &(0x7f00000000c0)="0bbb268dd6ffa80800000000000000000000210d0000aaa8fa017242ba9380d424000000000000000100000041000000", 0xfe60)

1.095252162s ago: executing program 3 (id=4843):
r0 = socket$inet(0x2, 0x2, 0x1)
sendmsg$inet(r0, &(0x7f00000005c0)={&(0x7f0000000400)={0x2, 0x0, @multicast2}, 0x10, &(0x7f00000000c0)=[{&(0x7f0000000080)='\b\x00', 0x2}, {&(0x7f0000000180)="96bc1480bb35", 0x6}], 0x2, &(0x7f0000000240)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @local, @broadcast}}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x2}}], 0x38}, 0x24008004)

1.005117785s ago: executing program 4 (id=4844):
r0 = syz_open_dev$vbi(&(0x7f0000000000), 0x3, 0x2)
ioctl$VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000002c80)={0x4, @win={{0x8, 0x5, 0xffff2832, 0x130d}, 0xe, 0x1, 0x0, 0xfffffffa, 0x0, 0x19}})

1.003800808s ago: executing program 1 (id=4845):
r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(r0, 0xc01064bd, &(0x7f00000002c0)={0x0, 0x4298})

943.861135ms ago: executing program 7 (id=4846):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000300)=@raw={'raw\x00', 0x8, 0x3, 0x230, 0x0, 0xffffffff, 0xffffffff, 0x100, 0xffffffff, 0x198, 0xffffff7a, 0xffffffff, 0x198, 0xffffffff, 0x7fffffe, 0x0, {[{{@uncond, 0x6, 0xb8, 0x100, 0x0, {}, [@common=@unspec=@limit={{0x48}, {0x7a5c, 0x80000000, 0x1, 0x5, 0x101, 0xfffd, 0xe5}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x1, 0x6, 0x3, 0x6, '\x00', {0x3}}}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @loopback, 0x0, 0xff000000, 'team_slave_0\x00', 'ip6gre0\x00', {0xff}, {}, 0x6, 0x3}, 0x0, 0x70, 0x98}, @common=@inet=@SET1={0x28, 'SET\x00', 0x1, {{0x0, 0x0, 0x4}, {0x4, 0x5, 0x6}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x290)

865.079058ms ago: executing program 3 (id=4847):
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_tcp_int(r0, 0x6, 0x10, 0x0, 0x0)

745.610284ms ago: executing program 7 (id=4848):
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000040)={0x34, 0x1f, 0x1, 0x0, 0x0, "", [@nested={0x22, 0x0, 0x0, 0x1, [@typed={0xc, 0x1, 0x0, 0x0, @u64=0x4}, @generic="0926b3eb9e87f8c8b3a6caa09a1a38d124a1"]}]}, 0x34}], 0x1, 0x0, 0x0, 0x20000080}, 0x0)
syz_usb_connect(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="120100007ce7c810d804300a47ce0102030109022400010000000009040000020de67a00090504020000000000090581aa"], 0x0)

630.800425ms ago: executing program 1 (id=4849):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000080)={0x60, 0x2, 0x6, 0x401, 0x0, 0x0, {}, [@IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x8000004}, @IPSET_ATTR_NETMASK={0x5, 0x14, 0x2}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:net,net\x00'}]}, 0x60}, 0x1, 0x0, 0x0, 0x8c0}, 0x0)

532.068924ms ago: executing program 3 (id=4850):
r0 = syz_open_dev$video4linux(&(0x7f0000000000), 0x4, 0x802)
ioctl$VIDIOC_DQEVENT(r0, 0x80885659, 0x0)

483.947437ms ago: executing program 4 (id=4851):
r0 = socket(0x11, 0x2, 0x0)
setsockopt(r0, 0x107, 0x2, &(0x7f00000001c0)="110000000100060000071a80010061cc", 0x10)

435.903863ms ago: executing program 1 (id=4852):
r0 = socket(0x2, 0x3, 0xff)
sendmsg$unix(r0, &(0x7f0000002680)={&(0x7f0000000100)=@file={0x0, './file0\x00'}, 0x6e, 0x0, 0x0, &(0x7f0000002600)=[@cred={{0x1c, 0x1, 0x24}}], 0x20}, 0x0)

320.476545ms ago: executing program 4 (id=4853):
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000007c0), 0x2, 0x0)
ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000800)={0x2, {0x7, 0x1, 0x1, 0x95, 0x7, 0x100}})

256.983174ms ago: executing program 1 (id=4854):
r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00')
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0xc0686611, &(0x7f0000000040)={0x6a, 0x0, 0x20, 0x2000, &(0x7f0000ffd000/0x2000)=nil})

251.006876ms ago: executing program 3 (id=4855):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000880)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz1\x00'}]}, @NFT_MSG_NEWRULE={0x5c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @cmp={{0x8}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_CMP_SREG={0x8}, @NFTA_CMP_DATA={0x8, 0x3, 0x0, 0x1, [@NFTA_DATA_VALUE={0x4}]}, @NFTA_CMP_OP={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_USERDATA={0x5, 0x7, 0x1, 0x0, "ef"}]}], {0x14}}, 0xd0}}, 0x0)

49.851757ms ago: executing program 4 (id=4856):
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
pwritev(r0, &(0x7f0000000600)=[{&(0x7f0000000240)="02000000", 0x4}, {&(0x7f0000000100)="7ac364f3475538d51220d6b33ea528ed91340b9f663429776a7edf6e99029f96bbf9ad2f18", 0x25}], 0x2, 0x1, 0x0)

0s ago: executing program 1 (id=4857):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="48000000100003042dbd7000fedbdf2500007400", @ANYRES32=0x0, @ANYBLOB="00080000075005002800128008000100677470001c000280080003000700000008000700dfffdf01050005"], 0x48}, 0x1, 0x0, 0x0, 0x800}, 0x0)

kernel console output (not intermixed with test programs):

790496][T14044] F2FS-fs (loop4): build fault injection rate: 690
[  337.797892][T14066] EXT4-fs warning (device loop3): ext4_expand_extra_isize_ea:2858: Unable to expand inode 15. Delete some EAs or run e2fsck.
[  337.842117][T14044] F2FS-fs (loop4): invalid crc value
[  338.010002][ T5823] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  338.132911][T14044] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  338.147055][ T5896] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  338.162957][T14081] loop6: detected capacity change from 0 to 4096
[  338.172008][T14044] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  338.245841][T14044] F2FS-fs (loop4): Image doesn't support compression
[  338.257901][T14044] F2FS-fs (loop4): build fault injection rate: 690
[  338.311798][ T5896] usb 2-1: config index 0 descriptor too short (expected 133, got 72)
[  338.342065][ T5896] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  338.366787][ T5896] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  338.391839][ T5896] usb 2-1: Product: syz
[  338.396085][ T5896] usb 2-1: Manufacturer: syz
[  338.417165][ T5896] usb 2-1: SerialNumber: syz
[  338.461206][ T5896] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  338.486734][   T10] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  338.595171][T14086] FAT-fs (loop3): Directory bread(block 64) failed
[  338.621855][T14086] FAT-fs (loop3): Directory bread(block 65) failed
[  338.647136][T14086] FAT-fs (loop3): Directory bread(block 66) failed
[  338.654467][T14086] FAT-fs (loop3): Directory bread(block 67) failed
[  338.668436][T14086] FAT-fs (loop3): Directory bread(block 68) failed
[  338.675284][T14086] FAT-fs (loop3): Directory bread(block 69) failed
[  338.684810][T14086] FAT-fs (loop3): Directory bread(block 70) failed
[  338.703998][T14086] FAT-fs (loop3): Directory bread(block 71) failed
[  338.711814][T14086] FAT-fs (loop3): Directory bread(block 72) failed
[  338.727103][T14086] FAT-fs (loop3): Directory bread(block 73) failed
[  338.755513][    C0] usb 2-1: ath9k_htc: over RX MAX_PKT_NUM
[  338.910199][T14090] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  339.129279][T12565] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  339.158214][ T5945] usb 2-1: USB disconnect, device number 13
[  339.383055][T14105] set_capacity_and_notify: 2 callbacks suppressed
[  339.383077][T14105] loop3: detected capacity change from 0 to 512
[  339.400884][T14105] EXT4-fs: Ignoring removed nomblk_io_submit option
[  339.408650][T14105] EXT4-fs: Ignoring removed nobh option
[  339.435583][T14105] EXT4-fs warning (device loop3): ext4_xattr_inode_get:546: inode #11: comm syz.3.3565: ea_inode file size=0 entry size=6
[  339.465509][T14105] EXT4-fs error (device loop3): ext4_xattr_inode_iget:441: inode #11: comm syz.3.3565: iget: bad extra_isize 90 (inode size 256)
[  339.480170][T14105] loop3: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117
[  339.486932][    C0] EXT4-fs (loop3): error count since last fsck: 1
[  339.501569][T14105] EXT4-fs (loop3): Remounting filesystem read-only
[  339.502711][    C0] EXT4-fs (loop3): initial error at time 1772115899: ext4_xattr_inode_iget:441: inode 11
[  339.519082][    C0] EXT4-fs (loop3): last error at time 1772115899: ext4_xattr_inode_iget:441: inode 11
[  339.548536][T14105] EXT4-fs warning (device loop3): ext4_evict_inode:275: xattr delete (err -30)
[  339.558190][T14105] EXT4-fs (loop3): 1 orphan inode deleted
[  339.565754][T14105] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  339.578527][   T10] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive
[  339.585633][   T10] ath9k_htc: Failed to initialize the device
[  339.592558][ T5945] usb 2-1: ath9k_htc: USB layer deinitialized
[  339.749457][ T5823] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  339.937038][T14120] loop3: detected capacity change from 0 to 2048
[  339.950471][T14120] UDF-fs: error (device loop3): udf_read_tagged: tag checksum failed, block 129: 0x32 != 0x7d
[  339.962796][T14120] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  340.556183][T14151] loop3: detected capacity change from 0 to 8
[  340.690642][T14151] SQUASHFS error: Failed to read block 0x106: -5
[  340.778382][T14151] SQUASHFS error: Failed to read block 0xc00107: -5
[  340.808101][T14151] SQUASHFS error: Failed to read block 0xc8f2de: -5
[  340.843102][T14151] SQUASHFS error: Failed to read block 0x106: -5
[  340.856798][   T29] kauditd_printk_skb: 4 callbacks suppressed
[  340.856817][   T29] audit: type=1800 audit(1772115900.967:3023): pid=14151 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.3587" name="file2" dev="loop3" ino=6 res=0 errno=0
[  341.001052][T14164] netlink: 'syz.6.3594': attribute type 2 has an invalid length.
[  341.012841][T14164] netlink: 'syz.6.3594': attribute type 11 has an invalid length.
[  341.026477][T14164] netlink: 132 bytes leftover after parsing attributes in process `syz.6.3594'.
[  341.327446][T14177] netlink: 76 bytes leftover after parsing attributes in process `syz.4.3600'.
[  341.336473][T14177] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3600'.
[  341.389812][T14177] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3600'.
[  341.418480][T14181] loop1: detected capacity change from 0 to 8
[  341.533467][T14185] loop6: detected capacity change from 0 to 512
[  341.581220][T14190] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3604'.
[  341.614306][T14185] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  341.680713][T14194] delete_channel: no stack
[  341.688452][T14196] loop4: detected capacity change from 0 to 8
[  341.689051][T14185] ext4 filesystem being mounted at /137/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  341.719801][T14196] MTD: Attempt to mount non-MTD device "/dev/loop4"
[  341.733983][T14185] EXT4-fs error (device loop6): ext4_do_update_inode:5569: inode #2: comm syz.6.3605: corrupted inode contents
[  341.755778][T14185] EXT4-fs error (device loop6): ext4_dirty_inode:6450: inode #2: comm syz.6.3605: mark_inode_dirty error
[  341.785944][T14196] cramfs: bad data blocksize 3221485570
[  341.808307][T14185] EXT4-fs error (device loop6): ext4_do_update_inode:5569: inode #2: comm syz.6.3605: corrupted inode contents
[  341.827958][T14196] cramfs: bad data blocksize 3221485570
[  341.845989][   T29] audit: type=1800 audit(1772115901.947:3024): pid=14196 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.3607" name="file2" dev="loop4" ino=348 res=0 errno=0
[  341.887207][T14185] EXT4-fs error (device loop6): __ext4_ext_dirty:207: inode #2: comm syz.6.3605: mark_inode_dirty error
[  341.900166][T14199] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3609'.
[  341.934186][ T6039] udevd[6039]: incorrect cramfs checksum on /dev/loop4
[  341.943485][T14200] loop1: detected capacity change from 0 to 512
[  341.966492][ T6039] udevd[6039]: incorrect cramfs checksum on /dev/loop4
[  341.976818][T14200] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  342.044296][T12565] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  342.076619][T14202] netlink: 'syz.4.3611': attribute type 21 has an invalid length.
[  342.122086][T14202] netlink: 'syz.4.3611': attribute type 30 has an invalid length.
[  342.143907][T14200] FAT-fs (loop1): error, fat_free_clusters: deleting FAT entry beyond EOF
[  342.316325][   T29] audit: type=1326 audit(1772115902.427:3025): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14207 comm="syz.1.3614" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f438579c799 code=0x7ffc0000
[  342.401441][   T29] audit: type=1326 audit(1772115902.467:3026): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14207 comm="syz.1.3614" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f438579c799 code=0x7ffc0000
[  342.425539][   T29] audit: type=1326 audit(1772115902.477:3027): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14207 comm="syz.1.3614" exe="/root/syz-executor" sig=0 arch=c000003e syscall=191 compat=0 ip=0x7f438579c799 code=0x7ffc0000
[  342.460471][   T29] audit: type=1326 audit(1772115902.477:3028): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14207 comm="syz.1.3614" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f438579c799 code=0x7ffc0000
[  342.517131][   T29] audit: type=1326 audit(1772115902.477:3029): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14207 comm="syz.1.3614" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f438579c799 code=0x7ffc0000
[  342.546683][T14208] loop6: detected capacity change from 0 to 4096
[  342.805715][T14222] loop4: detected capacity change from 0 to 512
[  342.833010][T14222] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349)
[  342.858950][T14222] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=284ee01c, mo2=0002]
[  342.937191][T14222] System zones: 1-12
[  342.941537][T14222] EXT4-fs (loop4): orphan cleanup on readonly fs
[  342.951646][T14229] netlink: 'syz.1.3624': attribute type 11 has an invalid length.
[  343.001887][T14222] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #11: comm syz.4.3620: invalid indirect mapped block 12 (level 1)
[  343.108960][T14222] loop4: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117
[  343.113349][T14222] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #11: comm syz.4.3620: invalid indirect mapped block 2 (level 2)
[  343.117070][    C0] EXT4-fs (loop4): error count since last fsck: 1
[  343.142231][    C0] EXT4-fs (loop4): initial error at time 1772115903: ext4_free_branches:1023: inode 11
[  343.151973][    C0] EXT4-fs (loop4): last error at time 1772115903: ext4_free_branches:1023: inode 11
[  343.182995][T14222] loop4: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117
[  343.188670][T14222] EXT4-fs (loop4): 1 truncate cleaned up
[  343.239374][T14222] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: writeback.
[  343.415408][ T5828] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000007.
[  343.434350][T14242] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  343.859796][T14262] loop6: detected capacity change from 0 to 256
[  343.952522][T14262] exFAT-fs (loop6): failed to load upcase table (idx : 0x0000fe7f, chksum : 0x09066d1f, utbl_chksum : 0xe619d30d)
[  344.065292][   T29] audit: type=1800 audit(1772115904.177:3030): pid=14262 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.3640" name="file2" dev="loop6" ino=1048658 res=0 errno=0
[  344.314513][T14278] ieee802154 phy0 wpan0: encryption failed: -22
[  344.646314][T14292] netlink: 'syz.6.3655': attribute type 10 has an invalid length.
[  344.677262][T14292] hsr0: entered promiscuous mode
[  344.707993][T14292] bond0: (slave hsr0): The slave device specified does not support setting the MAC address
[  344.747394][T14292] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets).
[  344.786944][T14292] bond0: (slave hsr0): Error -22 calling dev_set_mtu
[  344.956079][T14296] loop6: detected capacity change from 0 to 128
[  344.978355][T14296] UDF-fs: error (device loop6): udf_read_tagged: read failed, block=256, location=256
[  345.032380][T14296] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  345.218711][T14298] netlink: 'syz.6.3658': attribute type 2 has an invalid length.
[  345.265046][T14290] loop3: detected capacity change from 0 to 32768
[  345.325346][T14290] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  345.492908][T14290] XFS (loop3): Ending clean mount
[  345.639711][ T5823] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  345.777613][T14294] loop1: detected capacity change from 0 to 40427
[  345.777806][T14312] loop6: detected capacity change from 0 to 512
[  345.790719][T14294] F2FS-fs: heap/no_heap options were deprecated
[  345.801437][T14294] F2FS-fs (loop1): Insane cp_payload (553648128 >= 504)
[  345.836536][T14312] EXT4-fs: Ignoring removed nomblk_io_submit option
[  345.845301][T14294] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  345.859546][T14294] F2FS-fs (loop1): invalid crc value
[  345.879880][T14312] EXT4-fs (loop6): ext4_check_descriptors: Checksum for group 0 failed (57259!=33349)
[  345.954418][T14312] EXT4-fs (loop6): orphan cleanup on readonly fs
[  346.015999][T14312] EXT4-fs error (device loop6): ext4_read_block_bitmap_nowait:517: comm syz.6.3662: Block bitmap for bg 0 marked uninitialized
[  346.036496][T14294] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  346.046303][T14312] loop6: lost filesystem error report for type 5 error -117
[  346.046795][T14312] EXT4-fs (loop6): Remounting filesystem read-only
[  346.054263][    C1] EXT4-fs (loop6): error count since last fsck: 1
[  346.054286][    C1] EXT4-fs (loop6): initial error at time 1772115906: ext4_read_block_bitmap_nowait:517
[  346.054305][    C1] EXT4-fs (loop6): last error at time 1772115906: ext4_read_block_bitmap_nowait:517
[  346.103172][T14294] F2FS-fs (loop1): Start checkpoint disabled!
[  346.129945][T14312] EXT4-fs (loop6): 1 orphan inode deleted
[  346.136595][T14294] F2FS-fs (loop1): f2fs_disable_checkpoint() finish, err:0
[  346.154374][T14294] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  346.164664][T14312] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  346.186463][T14294] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[  346.276370][T14319] netlink: 256 bytes leftover after parsing attributes in process `syz.4.3663'.
[  346.291046][T12565] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  346.381310][   T12] kworker/u8:0: attempt to access beyond end of device
[  346.381310][   T12] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  346.431798][   T12] CPU: 0 UID: 0 PID: 12 Comm: kworker/u8:0 Not tainted syzkaller #0 PREEMPT(full) 
[  346.431828][   T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  346.431843][   T12] Workqueue: writeback wb_workfn (flush-7:1)
[  346.431893][   T12] Call Trace:
[  346.431902][   T12]  <TASK>
[  346.431912][   T12]  dump_stack_lvl+0xe8/0x150
[  346.431947][   T12]  f2fs_handle_critical_error+0x37c/0x540
[  346.431984][   T12]  f2fs_write_end_io+0xcdb/0xff0
[  346.432038][   T12]  __submit_merged_bio+0x256/0x700
[  346.432073][   T12]  __submit_merged_write_cond+0x3c9/0x4e0
[  346.432112][   T12]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  346.432176][   T12]  f2fs_write_data_pages+0x2975/0x35e0
[  346.432203][   T12]  ? unwind_next_frame+0xa5/0x23c0
[  346.432235][   T12]  ? lock_release+0x4b/0x3d0
[  346.432308][   T12]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  346.432355][   T12]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  346.432432][   T12]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  346.432494][   T12]  ? __lock_acquire+0x6b5/0x2cf0
[  346.432539][   T12]  ? __pfx_f2fs_inode_chksum_set+0x10/0x10
[  346.432563][   T12]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  346.432592][   T12]  do_writepages+0x32e/0x550
[  346.432632][   T12]  ? reacquire_held_locks+0x104/0x190
[  346.432662][   T12]  ? writeback_sb_inodes+0x477/0x1a20
[  346.432700][   T12]  __writeback_single_inode+0x133/0x11a0
[  346.432731][   T12]  ? do_raw_spin_unlock+0xf5/0x210
[  346.432760][   T12]  writeback_sb_inodes+0x992/0x1a20
[  346.432817][   T12]  ? __lock_acquire+0x6b5/0x2cf0
[  346.432852][   T12]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  346.432878][   T12]  ? do_raw_spin_lock+0x12b/0x2f0
[  346.432953][   T12]  ? rcu_is_watching+0x15/0xb0
[  346.433013][   T12]  wb_writeback+0x456/0xb70
[  346.433046][   T12]  ? queue_io+0x2b1/0x4a0
[  346.433086][   T12]  ? __pfx_wb_writeback+0x10/0x10
[  346.433111][   T12]  ? do_raw_spin_lock+0x12b/0x2f0
[  346.433161][   T12]  wb_workfn+0x414/0xf50
[  346.433189][   T12]  ? look_up_lock_class+0x57/0x110
[  346.433237][   T12]  ? __pfx_wb_workfn+0x10/0x10
[  346.433265][   T12]  ? __pfx___schedule+0x10/0x10
[  346.433294][   T12]  ? do_raw_spin_unlock+0xf5/0x210
[  346.433321][   T12]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  346.433362][   T12]  ? preempt_schedule_thunk+0x16/0x30
[  346.433395][   T12]  ? process_one_work+0x87c/0x1650
[  346.433421][   T12]  process_one_work+0x949/0x1650
[  346.433478][   T12]  ? __pfx_process_one_work+0x10/0x10
[  346.433503][   T12]  ? do_raw_spin_lock+0x12b/0x2f0
[  346.433547][   T12]  worker_thread+0xb46/0x1140
[  346.433610][   T12]  kthread+0x388/0x470
[  346.433632][   T12]  ? __pfx_worker_thread+0x10/0x10
[  346.433657][   T12]  ? __pfx_kthread+0x10/0x10
[  346.433681][   T12]  ret_from_fork+0x51e/0xb90
[  346.433713][   T12]  ? __pfx_ret_from_fork+0x10/0x10
[  346.433741][   T12]  ? __switch_to+0xc7d/0x1450
[  346.433771][   T12]  ? __pfx_kthread+0x10/0x10
[  346.433795][   T12]  ret_from_fork_asm+0x1a/0x30
[  346.433851][   T12]  </TASK>
[  346.755858][   T12] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  347.272969][T14345] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3675'.
[  347.797685][T14361] netlink: 204 bytes leftover after parsing attributes in process `syz.4.3681'.
[  347.806798][T14361] netlink: 204 bytes leftover after parsing attributes in process `syz.4.3681'.
[  347.842528][T14364] netlink: 'syz.6.3683': attribute type 21 has an invalid length.
[  347.930170][T14343] loop1: detected capacity change from 0 to 32768
[  347.949019][T14343] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.3674 (14343)
[  348.004547][T14343] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  348.037105][T14343] BTRFS info (device loop1): using sha256 checksum algorithm
[  348.171537][T14343] BTRFS info (device loop1): rebuilding free space tree
[  348.255153][T14343] BTRFS info (device loop1): disabling free space tree
[  348.280831][T14343] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  348.334985][T14343] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  348.374775][T14343] BTRFS info (device loop1): enabling ssd optimizations
[  348.427480][T14343] BTRFS info (device loop1): turning on async discard
[  348.449622][T14343] BTRFS info (device loop1): force clearing of disk cache
[  348.456814][T14343] BTRFS info (device loop1): enabling auto defrag
[  348.473416][T14343] BTRFS info (device loop1): max_inline set to 4096
[  348.541558][T14343] BTRFS info (device loop1 state M): max_inline set to 4096
[  348.640806][ T5827] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  349.137509][   T29] audit: type=1326 audit(1772115909.247:3031): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14415 comm="syz.1.3701" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f438579c799 code=0x7ffc0000
[  349.226332][   T29] audit: type=1326 audit(1772115909.247:3032): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14415 comm="syz.1.3701" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f438579c799 code=0x7ffc0000
[  349.332751][   T29] audit: type=1326 audit(1772115909.287:3033): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14415 comm="syz.1.3701" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f438579c799 code=0x7ffc0000
[  349.448051][   T29] audit: type=1326 audit(1772115909.297:3034): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14415 comm="syz.1.3701" exe="/root/syz-executor" sig=0 arch=c000003e syscall=133 compat=0 ip=0x7f438579c799 code=0x7ffc0000
[  349.521391][   T29] audit: type=1326 audit(1772115909.297:3035): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14415 comm="syz.1.3701" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f438579c799 code=0x7ffc0000
[  349.596951][   T29] audit: type=1326 audit(1772115909.297:3036): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14415 comm="syz.1.3701" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f438579c799 code=0x7ffc0000
[  349.697517][   T29] audit: type=1326 audit(1772115909.297:3037): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14415 comm="syz.1.3701" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f438579c799 code=0x7ffc0000
[  349.775953][T14401] loop4: detected capacity change from 0 to 32768
[  349.807088][   T29] audit: type=1326 audit(1772115909.297:3038): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14415 comm="syz.1.3701" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f438579c799 code=0x7ffc0000
[  349.859072][   T29] audit: type=1326 audit(1772115909.297:3039): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14415 comm="syz.1.3701" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7f438579c799 code=0x7ffc0000
[  349.899559][T14401] XFS (loop4): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  349.979795][T14401] XFS (loop4): Ending clean mount
[  350.166127][T14446] xt_l2tp: invalid flags combination: c
[  350.199760][T14449] loop1: detected capacity change from 0 to 256
[  350.206228][ T5828] XFS (loop4): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  350.307827][T14449] FAT-fs (loop1): Directory bread(block 64) failed
[  350.341663][T14449] FAT-fs (loop1): Directory bread(block 65) failed
[  350.367909][T14449] FAT-fs (loop1): Directory bread(block 66) failed
[  350.374542][T14449] FAT-fs (loop1): Directory bread(block 67) failed
[  350.412055][T14449] FAT-fs (loop1): Directory bread(block 68) failed
[  350.430447][T14449] FAT-fs (loop1): Directory bread(block 69) failed
[  350.457496][T14449] FAT-fs (loop1): Directory bread(block 70) failed
[  350.474494][T14449] FAT-fs (loop1): Directory bread(block 71) failed
[  350.484953][T14449] FAT-fs (loop1): Directory bread(block 72) failed
[  350.502156][T14449] FAT-fs (loop1): Directory bread(block 73) failed
[  351.293427][T14480] loop1: detected capacity change from 0 to 1024
[  351.344922][T14480] hfsplus: detected inconsistent attributes file, running fsck.hfsplus is recommended.
[  351.355927][T14456] loop3: detected capacity change from 0 to 32768
[  351.441895][T14456] ERROR: (device loop3): dbAlloc: the hint is outside the map
[  351.441895][T14456] 
[  351.494678][T14456] ERROR: (device loop3): remounting filesystem as read-only
[  352.145210][T14507] netlink: 'syz.1.3743': attribute type 12 has an invalid length.
[  352.605784][ T5833] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[  352.623179][ T5833] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[  352.632498][ T5833] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[  352.642940][ T5833] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[  352.650875][ T5833] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[  352.784584][T14525] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3750'.
[  353.061848][T14538] netlink: 'syz.6.3757': attribute type 21 has an invalid length.
[  353.106326][T14538] netlink: 132 bytes leftover after parsing attributes in process `syz.6.3757'.
[  353.710955][T14559] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3767'.
[  353.784599][T14562] loop3: detected capacity change from 0 to 512
[  353.882105][T14562] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  353.916677][T14567] loop4: detected capacity change from 0 to 128
[  353.917999][T14562] ext4 filesystem being mounted at /824/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  353.942756][T14562] Quota error (device loop3): do_check_range: Getting block 524292 out of range 1-5
[  353.955937][T14562] EXT4-fs error (device loop3): ext4_acquire_dquot:7001: comm syz.3.3768: Failed to acquire dquot type 0
[  354.000402][T14569] netlink: 'syz.6.3770': attribute type 31 has an invalid length.
[  354.037364][ T5823] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  354.147265][T14543] loop1: detected capacity change from 0 to 32768
[  354.163135][T14567] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  354.207788][T14543] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.3760 (14543)
[  354.234732][T14521] chnl_net:caif_netlink_parms(): no params data found
[  354.281362][T14576] loop6: detected capacity change from 0 to 1024
[  354.294262][T14567] ext4 filesystem being mounted at /778/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  354.328217][T14543] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  354.364266][T14543] BTRFS info (device loop1): using sha256 checksum algorithm
[  354.404973][  T108] hfsplus: b-tree write err: -5, ino 25
[  354.428093][  T108] hfsplus: b-tree write err: -5, ino 4
[  354.433699][  T108] hfsplus: b-tree write err: -5, ino 2
[  354.519529][ T5828] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  354.624005][T14543] BTRFS info (device loop1): enabling ssd optimizations
[  354.639373][T14543] BTRFS info (device loop1): turning on async discard
[  354.697651][ T5833] Bluetooth: hci7: command tx timeout
[  354.716930][T14543] BTRFS info (device loop1): enabling free space tree
[  354.829578][ T5827] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  355.000576][T14521] bridge0: port 1(bridge_slave_0) entered blocking state
[  355.036688][T14521] bridge0: port 1(bridge_slave_0) entered disabled state
[  355.061131][T14521] bridge_slave_0: entered allmulticast mode
[  355.079209][T14521] bridge_slave_0: entered promiscuous mode
[  355.122864][T14521] bridge0: port 2(bridge_slave_1) entered blocking state
[  355.138913][T14521] bridge0: port 2(bridge_slave_1) entered disabled state
[  355.148350][T14521] bridge_slave_1: entered allmulticast mode
[  355.157729][T14521] bridge_slave_1: entered promiscuous mode
[  355.171596][ T5833] Bluetooth: hci5: command 0x0406 tx timeout
[  355.258995][ T5844] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  355.279303][T14521] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  355.294067][T14521] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  355.404790][T14521] team0: Port device team_slave_0 added
[  355.450971][T14521] team0: Port device team_slave_1 added
[  355.471410][ T5844] usb 5-1: Using ep0 maxpacket: 32
[  355.493042][ T5844] usb 5-1: config 0 has an invalid interface number: 191 but max is 0
[  355.511329][ T5844] usb 5-1: config 0 has no interface number 0
[  355.523576][ T5844] usb 5-1: config 0 interface 191 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 24
[  355.560271][ T5844] usb 5-1: New USB device found, idVendor=0789, idProduct=0160, bcdDevice=2c.d1
[  355.569902][ T5844] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  355.593850][ T5844] usb 5-1: Product: syz
[  355.606916][ T5844] usb 5-1: Manufacturer: syz
[  355.616782][T14521] batman_adv: batadv0: Adding interface: batadv_slave_0
[  355.626351][ T5844] usb 5-1: SerialNumber: syz
[  355.635566][T14521] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  355.671280][T14521] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  355.673339][ T5844] usb 5-1: config 0 descriptor??
[  355.688919][T14521] batman_adv: batadv0: Adding interface: batadv_slave_1
[  355.696097][T14521] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  355.723687][T14521] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  355.751358][T14606] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  355.823532][T14597] loop6: detected capacity change from 0 to 32768
[  355.849084][T14597] xfs: Deprecated parameter 'attr2'
[  355.854358][T14597] XFS: attr2 mount option is deprecated.
[  355.895408][T14521] hsr_slave_0: entered promiscuous mode
[  355.904506][T14521] hsr_slave_1: entered promiscuous mode
[  355.924167][T14521] debugfs: 'hsr0' already exists in 'hsr'
[  355.936298][T14521] Cannot create hsr debugfs directory
[  355.948891][T14597] XFS (loop6): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  355.971396][T14606] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  356.017074][   T42] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  356.046235][T14597] XFS (loop6): Ending clean mount
[  356.080577][T14597] XFS (loop6): Quotacheck needed: Please wait.
[  356.170272][T14597] XFS (loop6): Quotacheck: Done.
[  356.186389][ T5844] asix 5-1:0.191 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  356.213263][ T5844] asix 5-1:0.191: probe with driver asix failed with error -71
[  356.222801][   T42] usb 2-1: Using ep0 maxpacket: 32
[  356.234158][   T42] usb 2-1: config 0 has an invalid interface number: 230 but max is 0
[  356.251616][T12565] XFS (loop6): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  356.273032][   T42] usb 2-1: config 0 has no interface number 0
[  356.282588][ T5844] usb 5-1: USB disconnect, device number 15
[  356.290134][   T42] usb 2-1: config 0 interface 230 has no altsetting 0
[  356.315388][   T42] usb 2-1: New USB device found, idVendor=0781, idProduct=0005, bcdDevice= 0.05
[  356.326504][   T42] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  356.345543][   T42] usb 2-1: Product: syz
[  356.350258][   T42] usb 2-1: Manufacturer: syz
[  356.354899][   T42] usb 2-1: SerialNumber: syz
[  356.404252][   T42] usb 2-1: config 0 descriptor??
[  356.434698][   T42] ums-usbat 2-1:0.230: USB Mass Storage device detected
[  356.480994][   T42] ums-usbat 2-1:0.230: Quirks match for vid 0781 pid 0005: 1
[  356.688088][   T42] ums-usbat 2-1:0.230: probe with driver ums-usbat failed with error -5
[  356.717166][   T42] usb 2-1: USB disconnect, device number 14
[  356.767747][   T51] Bluetooth: hci7: command tx timeout
[  356.898800][T14637] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3788'.
[  356.916335][T14637] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3788'.
[  356.945736][T14637] netlink: 484 bytes leftover after parsing attributes in process `syz.4.3788'.
[  356.963167][T14521] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  357.002925][T14521] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  357.045357][T14521] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  357.099490][T14521] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  357.525734][T14665] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  357.535921][T14665] batman_adv: batadv0: Removing interface: batadv_slave_0
[  357.553111][T14665] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  357.568339][T14665] batman_adv: batadv0: Removing interface: batadv_slave_1
[  357.627162][ T5896] usb 4-1: new full-speed USB device number 22 using dummy_hcd
[  357.669097][T14521] 8021q: adding VLAN 0 to HW filter on device bond0
[  357.729718][T14521] 8021q: adding VLAN 0 to HW filter on device team0
[  357.761128][  T962] bridge0: port 1(bridge_slave_0) entered blocking state
[  357.768431][  T962] bridge0: port 1(bridge_slave_0) entered forwarding state
[  357.789360][ T5896] usb 4-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43
[  357.803469][ T5896] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  357.829145][ T8916] bridge0: port 2(bridge_slave_1) entered blocking state
[  357.836425][ T8916] bridge0: port 2(bridge_slave_1) entered forwarding state
[  357.852155][ T5896] usb 4-1: config 0 descriptor??
[  357.873290][ T5896] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state.
[  357.947324][   T10] usb 5-1: new full-speed USB device number 16 using dummy_hcd
[  358.139314][   T10] usb 5-1: config 0 has an invalid interface number: 168 but max is 0
[  358.157692][   T10] usb 5-1: config 0 has no interface number 0
[  358.174301][   T10] usb 5-1: New USB device found, idVendor=05ab, idProduct=0060, bcdDevice=11.06
[  358.195020][   T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  358.268783][   T10] usb 5-1: config 0 descriptor??
[  358.276971][ T5896] gp8psk: usb in 128 operation failed.
[  358.290365][ T5896] gp8psk: usb in 137 operation failed.
[  358.296006][ T5896] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[  358.342863][ T5896] dvb-usb: Genpix SkyWalker-1 DVB-S receiver error while loading driver (-19)
[  358.391569][ T5896] usb 4-1: USB disconnect, device number 22
[  358.492835][   T51] Bluetooth: hci4: Malformed LE Event: 0x0d
[  358.502356][   T10] usb 5-1: string descriptor 0 read error: -71
[  358.524354][   T10] usb-storage 5-1:0.168: USB Mass Storage device detected
[  358.559952][   T10] usb-storage 5-1:0.168: Quirks match for vid 05ab pid 0060: 2
[  358.609510][T14697] xt_TPROXY: Can be used only with -p tcp or -p udp
[  358.638370][T14521] 8021q: adding VLAN 0 to HW filter on device batadv0
[  358.672380][   T10] usb 5-1: USB disconnect, device number 16
[  358.739781][T14700] netlink: 40 bytes leftover after parsing attributes in process `syz.6.3812'.
[  358.850982][   T51] Bluetooth: hci7: command tx timeout
[  359.295479][T14521] veth0_vlan: entered promiscuous mode
[  359.360253][T14521] veth1_vlan: entered promiscuous mode
[  359.532272][T14732] xt_AUDIT: Audit type out of range (valid range: 0..2)
[  359.589975][T14521] veth0_macvtap: entered promiscuous mode
[  359.639928][T14521] veth1_macvtap: entered promiscuous mode
[  359.764662][T14521] batman_adv: batadv0: Interface activated: batadv_slave_0
[  359.824364][T14521] batman_adv: batadv0: Interface activated: batadv_slave_1
[  359.876237][ T8916] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  359.927070][ T8916] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  359.959602][ T8916] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  359.992160][T14745] netlink: 128124 bytes leftover after parsing attributes in process `syz.4.3832'.
[  360.017629][ T8916] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  360.266901][T14755] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  360.298661][  T962] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  360.341494][  T962] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  360.443724][ T8916] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  360.480228][ T8916] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  360.707481][  T797] usb 5-1: new high-speed USB device number 17 using dummy_hcd
[  360.759387][T14771] netlink: 'syz.1.3845': attribute type 2 has an invalid length.
[  360.780612][T14771] netlink: 228 bytes leftover after parsing attributes in process `syz.1.3845'.
[  360.838992][T14777] loop3: detected capacity change from 0 to 512
[  360.897219][  T797] usb 5-1: Using ep0 maxpacket: 8
[  360.924355][  T797] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 7
[  360.928705][   T51] Bluetooth: hci7: command tx timeout
[  360.960613][  T797] usb 5-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b
[  360.965610][T14777] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  360.984528][  T797] usb 5-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3
[  360.993096][  T797] usb 5-1: Product: syz
[  360.997781][  T797] usb 5-1: Manufacturer: syz
[  361.006265][  T797] usb 5-1: SerialNumber: syz
[  361.036358][T14777] ext4 filesystem being mounted at /845/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  361.101307][T14777] EXT4-fs error (device loop3): ext4_search_dir:1474: inode #2: block 3: comm syz.3.3846: bad entry in directory: directory entry overrun - offset=16444, inode=113, rec_len=2048, size=2048 fake=0
[  361.123519][T14784] binder: 14783:14784 ioctl 400c620e 200000000240 returned -22
[  361.156302][T14786] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount.
[  361.186938][T14786] CIFS mount error: No usable UNC path provided in device string!
[  361.186938][T14786] 
[  361.199995][T14786] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  361.242686][  T797] usb 5-1: Handspring Visor / Palm OS: No valid connect info available
[  361.265264][ T5823] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  361.286977][  T797] usb 5-1: Handspring Visor / Palm OS: port 14, is for unknown use
[  361.295077][  T797] usb 5-1: Handspring Visor / Palm OS: port 22, is for Debugger use
[  361.320862][  T797] usb 5-1: Handspring Visor / Palm OS: Number of ports: 2
[  361.443583][  T797] usb 5-1: palm_os_3_probe - error -71 getting bytes available request
[  361.472928][  T797] visor 5-1:1.0: Handspring Visor / Palm OS converter detected
[  361.512797][  T797] usb 5-1: Handspring Visor / Palm OS converter now attached to ttyUSB0
[  361.548745][  T797] usb 5-1: Handspring Visor / Palm OS converter now attached to ttyUSB1
[  361.584923][  T797] usb 5-1: USB disconnect, device number 17
[  361.625207][  T797] visor ttyUSB0: Handspring Visor / Palm OS converter now disconnected from ttyUSB0
[  361.655753][  T797] visor ttyUSB1: Handspring Visor / Palm OS converter now disconnected from ttyUSB1
[  361.701663][  T797] visor 5-1:1.0: device disconnected
[  362.107236][T14813] netlink: 'syz.3.3863': attribute type 7 has an invalid length.
[  362.487327][T14828] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3871'.
[  362.532013][T14832] program syz.1.3873 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  362.852136][T14838] loop6: detected capacity change from 0 to 4096
[  362.884402][T14838] ntfs3(loop6): Different NTFS sector size (4096) and media sector size (512).
[  363.073642][T14838] ntfs3(loop6): Mark volume as dirty due to NTFS errors
[  363.099450][T14838] ntfs3(loop6): ino=19, mi_enum_attr
[  364.110310][T14878] loop4: detected capacity change from 0 to 8192
[  364.172166][T14889] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  364.236735][T14844] loop3: detected capacity change from 0 to 32768
[  364.301556][T14844] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  364.341220][T14844] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  364.418597][T14844] gfs2: fsid=syz:syz.0: journal 0 mapped with 3 extents in 0ms
[  364.441148][   T10] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  364.457640][   T10] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[  364.700344][   T10] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 242ms
[  364.739773][   T10] gfs2: fsid=syz:syz.0: jid=0: Done
[  364.748950][T14844] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  364.762764][T14907] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3902'.
[  364.801420][T14907] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3902'.
[  365.008202][T14916] netlink: 'syz.7.3908': attribute type 1 has an invalid length.
[  365.192993][T14844] gfs2: fsid=syz:syz.0: found 1 quota changes
[  365.336990][   T29] kauditd_printk_skb: 1 callbacks suppressed
[  365.337012][   T29] audit: type=1800 audit(1772115925.437:3040): pid=14844 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.3879" name="file1" dev="loop3" ino=2342 res=0 errno=0
[  366.034296][T14946] xt_CT: No such helper "snmp"
[  366.365977][T14964] loop6: detected capacity change from 0 to 512
[  366.379736][T14960] loop4: detected capacity change from 0 to 2048
[  366.425592][T14964] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  366.482277][T14964] ext4 filesystem being mounted at /227/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  366.483370][T14960] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found
[  366.542574][T14960] UDF-fs: Scanning with blocksize 512 failed
[  366.581600][T12565] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  366.643921][T14960] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  366.661601][T14937] loop1: detected capacity change from 0 to 32768
[  366.676800][T14937] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.3913 (14937)
[  366.744788][T14937] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  366.807436][T14937] BTRFS info (device loop1): using sha256 checksum algorithm
[  367.139091][T14937] BTRFS info (device loop1): enabling ssd optimizations
[  367.217005][T14937] BTRFS info (device loop1): turning on async discard
[  367.252512][T15003] netlink: 16 bytes leftover after parsing attributes in process `syz.6.3932'.
[  367.263116][T14937] BTRFS info (device loop1): enabling free space tree
[  367.496752][ T5827] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  368.244204][T15034] loop1: detected capacity change from 0 to 128
[  368.319582][T15034] EXT4-fs (loop1): Test dummy encryption mode enabled
[  368.381684][T15040] loop6: detected capacity change from 0 to 128
[  368.400142][T15034] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  368.423551][T14972] loop3: detected capacity change from 0 to 32768
[  368.440525][T14972] workqueue: name exceeds WQ_NAME_LEN. Truncating to: gfs2-glock/__Š°"_½z#²˱1Ä
[  368.443964][T15040] UDF-fs: error (device loop6): udf_read_tagged: read failed, block=256, location=256
[  368.469057][T15034] ext4 filesystem being mounted at /823/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  368.536723][T14972] gfs2: fsid=__Š°"_½z#²˱1Ä	¢ “I¡3ØÆÆåwÕÊ‚X9: Trying to join cluster "lock_nolock", "__Š°"_½z#²˱1Ä	¢ “I¡3ØÆÆåwÕÊ‚X9"
[  368.572970][T14972] gfs2: fsid=__Š°"_½z#²˱1Ä	¢ “I¡3ØÆÆåwÕÊ‚X9: Now mounting FS (format 1801)...
[  368.593050][T15034] fscrypt: AES-256-CBC-CTS using implementation "cts-cbc-aes-aesni"
[  368.622386][T15034] EXT4-fs error (device loop1): ext4_validate_block_bitmap:423: comm syz.1.3936: bg 0: bad block bitmap checksum
[  368.659047][T14972] gfs2: fsid=__Š°"_½z#²˱1Ä	¢ “I¡3ØÆÆåwÕÊ‚X9.0: no journals!
[  368.690270][T15040] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  368.867308][ T5827] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  369.302827][T15067] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3957'.
[  369.327904][T15067] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3957'.
[  369.580440][T15079] netlink: 8 bytes leftover after parsing attributes in process `syz.7.3963'.
[  369.597153][T15079] netlink: 32 bytes leftover after parsing attributes in process `syz.7.3963'.
[  369.620365][T15079] netlink: 8 bytes leftover after parsing attributes in process `syz.7.3963'.
[  369.631743][T15079] netlink: 2 bytes leftover after parsing attributes in process `syz.7.3963'.
[  369.643643][T15079] netlink: 32 bytes leftover after parsing attributes in process `syz.7.3963'.
[  370.100573][  T797] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[  370.277811][  T797] usb 8-1: Using ep0 maxpacket: 16
[  370.320665][  T797] usb 8-1: config 0 has an invalid interface number: 251 but max is 0
[  370.339396][  T797] usb 8-1: config 0 has no interface number 0
[  370.356949][  T797] usb 8-1: config 0 interface 251 altsetting 255 bulk endpoint 0x4 has invalid maxpacket 16
[  370.399348][  T797] usb 8-1: config 0 interface 251 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 64
[  370.449356][  T797] usb 8-1: config 0 interface 251 has no altsetting 0
[  370.468450][T15107] 8021q: adding VLAN 0 to HW filter on device bond0
[  370.500885][T15107] bond0: (slave ip6tnl0): The slave device specified does not support setting the MAC address
[  370.509143][  T797] usb 8-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4
[  370.527090][  T797] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  370.554495][  T797] usb 8-1: Product: syz
[  370.567760][  T797] usb 8-1: Manufacturer: syz
[  370.577865][T15107] bond0: (slave ip6tnl0): Error -95 calling set_mac_address
[  370.591809][  T797] usb 8-1: SerialNumber: syz
[  370.619753][  T797] usb 8-1: config 0 descriptor??
[  370.668221][T15087] raw-gadget.0 gadget.7: fail, usb_ep_enable returned -22
[  370.681972][T15087] raw-gadget.0 gadget.7: fail, usb_ep_enable returned -22
[  370.906806][T15093] loop6: detected capacity change from 0 to 32768
[  370.963292][T15087] raw-gadget.0 gadget.7: fail, usb_ep_enable returned -22
[  370.969374][ T5945] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[  370.997603][T15087] raw-gadget.0 gadget.7: fail, usb_ep_enable returned -22
[  371.047662][T15093] XFS (loop6): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  371.143067][ T5945] usb 5-1: Using ep0 maxpacket: 32
[  371.164049][ T5945] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 102, changing to 10
[  371.225091][  T797] asix 8-1:0.251 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  371.236899][  T797] asix 8-1:0.251 (unnamed net_device) (uninitialized): Failed to read MAC address: -71
[  371.247852][  T797] asix 8-1:0.251: probe with driver asix failed with error -5
[  371.251735][ T5945] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24624, setting to 1024
[  371.267942][T15093] XFS (loop6): Ending clean mount
[  371.272475][  T797] usb 8-1: USB disconnect, device number 2
[  371.323592][T15093] XFS (loop6): Quotacheck needed: Please wait.
[  371.358484][ T5945] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  371.433422][ T5945] usb 5-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.22
[  371.475419][ T5945] usb 5-1: New USB device strings: Mfr=1, Product=130, SerialNumber=131
[  371.499831][T15093] XFS (loop6): Quotacheck: Done.
[  371.512967][ T5945] usb 5-1: Product: syz
[  371.532620][ T5945] usb 5-1: Manufacturer: syz
[  371.552836][ T5945] usb 5-1: SerialNumber: syz
[  371.635553][ T5945] input: appletouch as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/input/input12
[  371.708552][T12565] XFS (loop6): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  371.872537][T15156] overlay: Unknown parameter 'obj_role'
[  371.965224][  T797] usb 5-1: USB disconnect, device number 18
[  371.971733][    C1] appletouch 5-1:1.0: atp_complete: usb_submit_urb failed with result -19
[  372.154003][T15159] loop1: detected capacity change from 0 to 1764
[  372.203030][  T797] appletouch 5-1:1.0: input: appletouch disconnected
[  373.221767][   T10] usb 4-1: new high-speed USB device number 23 using dummy_hcd
[  373.317697][T15207] netlink: 100 bytes leftover after parsing attributes in process `syz.4.4010'.
[  373.348236][T15162] loop7: detected capacity change from 0 to 32768
[  373.378693][T15209] loop1: detected capacity change from 0 to 512
[  373.397279][   T10] usb 4-1: Using ep0 maxpacket: 8
[  373.403570][T15209] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349)
[  373.425145][T15162] (syz.7.3993,15162,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  373.454628][   T10] usb 4-1: unable to get BOS descriptor or descriptor too short
[  373.457305][T15209] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a84ce01c, mo2=0002]
[  373.476352][   T10] usb 4-1: config 4 has an invalid interface number: 147 but max is 0
[  373.492582][   T10] usb 4-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config
[  373.504015][   T10] usb 4-1: config 4 has no interface number 0
[  373.518531][   T10] usb 4-1: string descriptor 0 read error: -22
[  373.525071][T15209] System zones: 1-12
[  373.529279][   T10] usb 4-1: New USB device found, idVendor=04f2, idProduct=b746, bcdDevice=8e.6e
[  373.538896][T15209] EXT4-fs (loop1): orphan cleanup on readonly fs
[  373.545592][T15209] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #11: comm syz.1.4011: invalid indirect mapped block 12 (level 1)
[  373.559139][   T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  373.588058][T15162] (syz.7.3993,15162,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  373.602592][   T10] uvcvideo 4-1:4.147: Found multiple Units with ID 6
[  373.620268][   T10] uvcvideo 4-1:4.147: Found UVC 0.02 device <unnamed> (04f2:b746)
[  373.628556][   T10] uvcvideo 4-1:4.147: No valid video chain found.
[  373.637109][T15209] loop1: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117
[  373.637465][T15209] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #11: comm syz.1.4011: invalid indirect mapped block 2 (level 2)
[  373.659871][    C1] EXT4-fs (loop1): error count since last fsck: 1
[  373.659897][    C1] EXT4-fs (loop1): initial error at time 1772115933: ext4_free_branches:1023: inode 11
[  373.659936][    C1] EXT4-fs (loop1): last error at time 1772115933: ext4_free_branches:1023: inode 11
[  373.715131][T15162] JBD2: Ignoring recovery information on journal
[  373.783316][T15209] loop1: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117
[  373.790788][T15209] EXT4-fs (loop1): 1 truncate cleaned up
[  373.845880][  T797] usb 4-1: USB disconnect, device number 23
[  373.909654][T15209] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: writeback.
[  373.925454][T15162] ocfs2: Mounting device (7,7) on (node local, slot 0) with ordered data mode.
[  374.086575][ T5827] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000007.
[  374.238297][T14521] ocfs2: Unmounting device (7,7) on (node local)
[  374.469713][T15232] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  374.780112][T15214] loop4: detected capacity change from 0 to 32768
[  374.842511][T15214] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.4012 (15214)
[  374.890972][T15214] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  374.977354][T15214] BTRFS info (device loop4): using sha256 checksum algorithm
[  375.260783][T15214] BTRFS info (device loop4): enabling ssd optimizations
[  375.304907][T15214] BTRFS info (device loop4): turning on async discard
[  375.316358][T15278] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4028'.
[  375.364898][T15214] BTRFS info (device loop4): enabling free space tree
[  375.556199][T15285] loop6: detected capacity change from 0 to 4096
[  375.608642][ T5828] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  375.676096][T15291] NILFS (loop6): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  375.719273][T15293] netlink: 'syz.7.4033': attribute type 1 has an invalid length.
[  375.774701][T15293] netlink: 'syz.7.4033': attribute type 2 has an invalid length.
[  376.320036][T15307] geneve3: entered promiscuous mode
[  376.351709][T15309] netlink: 'syz.1.4042': attribute type 1 has an invalid length.
[  376.389244][   T29] audit: type=1326 audit(1772115936.507:3041): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15310 comm="syz.3.4043" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f95f959c799 code=0x7ffc0000
[  376.457014][   T29] audit: type=1326 audit(1772115936.507:3042): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15310 comm="syz.3.4043" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f95f959c799 code=0x7ffc0000
[  376.532366][   T29] audit: type=1326 audit(1772115936.537:3043): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15310 comm="syz.3.4043" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f95f959c799 code=0x7ffc0000
[  376.609855][   T29] audit: type=1326 audit(1772115936.537:3044): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15310 comm="syz.3.4043" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f95f959c799 code=0x7ffc0000
[  376.696090][   T29] audit: type=1326 audit(1772115936.537:3045): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15310 comm="syz.3.4043" exe="/root/syz-executor" sig=0 arch=c000003e syscall=92 compat=0 ip=0x7f95f959c799 code=0x7ffc0000
[  376.768472][   T29] audit: type=1326 audit(1772115936.537:3046): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15310 comm="syz.3.4043" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f95f959c799 code=0x7ffc0000
[  376.797771][T15319] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  376.851021][   T29] audit: type=1326 audit(1772115936.537:3047): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15310 comm="syz.3.4043" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f95f959c799 code=0x7ffc0000
[  376.934241][   T29] audit: type=1326 audit(1772115936.557:3048): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15310 comm="syz.3.4043" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f95f959c799 code=0x7ffc0000
[  377.022801][   T29] audit: type=1326 audit(1772115936.557:3049): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15310 comm="syz.3.4043" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7f95f959c799 code=0x7ffc0000
[  377.189594][T15299] loop6: detected capacity change from 0 to 40427
[  377.236783][T15299] F2FS-fs (loop6): Invalid log_blocksize (268), supports only 12
[  377.246663][T15299] F2FS-fs (loop6): Can't find valid F2FS filesystem in 1th superblock
[  377.286445][T15299] F2FS-fs (loop6): invalid crc value
[  377.340041][T15301] loop7: detected capacity change from 0 to 32768
[  377.434149][T15301] XFS (loop7): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  377.508926][T15299] F2FS-fs (loop6): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  377.630996][T15299] F2FS-fs (loop6): Try to recover 1th superblock, ret: 0
[  377.662176][T15299] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[  377.697847][T15301] XFS (loop7): Ending clean mount
[  377.826902][T15301] XFS (loop7): Metadata CRC error detected at xfs_agfl_read_verify+0x139/0x200, xfs_agfl block 0x3 
[  377.866653][T15301] XFS (loop7): Unmount and run xfs_repair
[  377.881708][T15301] XFS (loop7): First 128 bytes of corrupted metadata buffer:
[  377.890982][T15301] 00000000: 58 41 46 ff 07 00 00 00 bf dc 47 fc 10 d8 4e ed  XAF.......G...N.
[  377.912263][T15301] 00000010: a5 62 11 a8 31 b3 f7 91 00 00 00 00 00 00 00 00  .b..1...........
[  377.937290][T15301] 00000020: a5 3b c8 8a ff ff ff ff 00 00 00 07 00 00 00 08  .;..............
[  377.943739][T15359] loop4: detected capacity change from 0 to 4096
[  377.946294][T15301] 00000030: 00 00 00 09 00 00 00 0a 00 00 00 0b 00 00 00 0c  ................
[  378.017001][T15301] 00000040: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
[  378.025935][T15301] 00000050: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
[  378.062952][T15301] 00000060: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
[  378.085645][T15363] netlink: 36 bytes leftover after parsing attributes in process `syz.1.4064'.
[  378.105369][T15301] 00000070: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
[  378.115325][T15363] netlink: 36 bytes leftover after parsing attributes in process `syz.1.4064'.
[  378.134798][T15301] XFS (loop7): metadata I/O error in "xfs_alloc_read_agfl+0x233/0x430" at daddr 0x3 len 1 error 74
[  378.187454][T15301] XFS (loop7): Metadata I/O Error (0x1) detected at xfs_trans_read_buf_map+0x518/0x950 (fs/xfs/xfs_trans_buf.c:311).  Shutting down filesystem.
[  378.202415][T15301] XFS (loop7): Please unmount the filesystem and rectify the problem(s)
[  378.287379][T14521] XFS (loop7): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  378.347566][T15359] ntfs3(loop4): Failed to initialize $Extend/$ObjId.
[  378.468008][T15359] ntfs3(loop4): ino=5, "/" The size of extended attributes must not exceed 64KiB
[  378.640708][T15354] loop3: detected capacity change from 0 to 32768
[  378.671968][T15354] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.4060 (15354)
[  378.701632][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  378.708313][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  378.748898][T15354] BTRFS info (device loop3): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  378.785619][   T29] audit: type=1400 audit(1772115938.897:3050): apparmor="DENIED" operation="stack_onexec" class="file" info="label not found" error=-2 profile="unconfined" name=3AAE86AD47AA0D9495E6D80F7BDE2D18FFB36CF152AED2D408FB58E305FC8E2F2F7D91F81B621CC4214D4A27E1614FBEE0BEAC8F4A045070B770212D46D4A2DF096B791F2A4BA218E12CB76AA24945B70A7C9DD5EDEAC52B5A876F73CFBE66371A72F11F3D9544D6B59B4A5541DCEF5CBF11FFFF37DFD147C8A3E5098A207BE806EA7167101F8C1B5C8FE41E170FD0C775DBC5BE0B6D3AB625AB702E5B1DC15F9C4B3D09BE812F340E681E0694F5BADF640DA3FDFC2F929B4C2BEB9A592C577287B6021BFEEC24146C7F95608BB60A736207A09D9F47E89C4044EADDE57CDEFD15F25B822D2EAF2205DF0D6B71B63EE0B63CB598F26509AF36983578F6F4198A0843CC1B1BD780015007AB9709CC6211E3B5C685B972B5C5E95F054A7A9FE149282F679C8466B9734E3850EC98419DD0C887715902F9E7802842085BC606F30C2654869E9E3701FD0FC69137FE165592689465EEBD5CAFAD7C29DE2ADADEC42A818D8EE389CA1FE33A1EF23617C89116A3A458B56612E4C36C43A9150D5331ADBB0BEB01A062B1F1349FC2ECEA76CB7C40CDFE378185F3099B1D71414D0FDA5A47F8593260CC0BD723A4CCA81435F0
[  378.818024][T15354] BTRFS info (device loop3): using xxhash64 checksum algorithm
[  379.087182][T15354] BTRFS warning (device loop3): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  379.307680][T15397] __vm_enough_memory: pid: 15397, comm: syz.7.4073, bytes: 21200539996160 not enough memory for the allocation
[  379.411979][T15354] BTRFS info (device loop3): rebuilding free space tree
[  379.508688][T15404] netlink: 8 bytes leftover after parsing attributes in process `syz.7.4078'.
[  379.519607][T15354] BTRFS info (device loop3): disabling free space tree
[  379.519679][T15354] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  379.563742][T15404] netlink: 8 bytes leftover after parsing attributes in process `syz.7.4078'.
[  379.576294][T15404] netlink: 8 bytes leftover after parsing attributes in process `syz.7.4078'.
[  379.595821][T15404] netlink: 8 bytes leftover after parsing attributes in process `syz.7.4078'.
[  379.604960][T15354] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  379.620580][T15404] netlink: 8 bytes leftover after parsing attributes in process `syz.7.4078'.
[  379.637237][T15404] netlink: 8 bytes leftover after parsing attributes in process `syz.7.4078'.
[  379.647766][T15354] BTRFS info (device loop3): setting nodatasum
[  379.654006][T15354] BTRFS info (device loop3): allowing degraded mounts
[  379.665842][T15404] netlink: 8 bytes leftover after parsing attributes in process `syz.7.4078'.
[  379.686656][T15354] BTRFS info (device loop3): turning on async discard
[  379.696389][T15404] netlink: 8 bytes leftover after parsing attributes in process `syz.7.4078'.
[  379.707238][T15354] BTRFS info (device loop3): enabling disk space caching
[  379.721379][T15404] netlink: 8 bytes leftover after parsing attributes in process `syz.7.4078'.
[  379.730541][T15354] BTRFS info (device loop3): force clearing of disk cache
[  379.738604][T15354] BTRFS info (device loop3): force zlib compression, level 3
[  379.746339][T15404] netlink: 8 bytes leftover after parsing attributes in process `syz.7.4078'.
[  379.841196][T15354] BTRFS info (device loop3): balance: start -susage=8589934849,stripes=7..5
[  379.877129][T15354] BTRFS info (device loop3): balance: ended with status: 0
[  380.015352][T15373] loop4: detected capacity change from 0 to 32768
[  380.072382][T15373] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.4071 (15373)
[  380.178546][T15373] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  380.202496][T15373] BTRFS info (device loop4): using sha256 checksum algorithm
[  380.218618][ T5823] BTRFS info (device loop3): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  380.494816][T15373] BTRFS info (device loop4): enabling ssd optimizations
[  380.502309][T15373] BTRFS info (device loop4): turning on async discard
[  380.515919][T15373] BTRFS info (device loop4): enabling free space tree
[  380.990581][ T5828] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  381.095698][T15454] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  381.807118][ T5945] usb 4-1: new high-speed USB device number 24 using dummy_hcd
[  381.820523][T15482] loop7: detected capacity change from 0 to 128
[  381.987035][ T5945] usb 4-1: Using ep0 maxpacket: 8
[  382.009022][ T5945] usb 4-1: config 0 has an invalid descriptor of length 16, skipping remainder of the config
[  382.058783][ T5945] usb 4-1: New USB device found, idVendor=2833, idProduct=0201, bcdDevice=2a.d5
[  382.107479][ T5945] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  382.144410][ T5945] usb 4-1: config 0 descriptor??
[  382.189854][ T5945] uvcvideo 4-1:0.0: Found UVC 0.00 device <unnamed> (2833:0201)
[  382.219331][ T5945] uvcvideo 4-1:0.0: No valid video chain found.
[  382.419248][ T5945] usb 4-1: USB disconnect, device number 24
[  382.797483][  T797] usb 8-1: new high-speed USB device number 3 using dummy_hcd
[  382.865988][T15518] 9pnet_fd: p9_fd_create_unix (15518): problem connecting socket: ./file0: -111
[  382.879114][ T5909] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[  382.967651][  T797] usb 8-1: Using ep0 maxpacket: 32
[  382.988541][  T797] usb 8-1: config 0 has an invalid interface number: 89 but max is 0
[  383.023115][  T797] usb 8-1: config 0 has no interface number 0
[  383.043121][  T797] usb 8-1: New USB device found, idVendor=12d1, idProduct=7ef3, bcdDevice=54.68
[  383.052881][ T5909] usb 7-1: Using ep0 maxpacket: 8
[  383.069286][ T5909] usb 7-1: config 127 has an invalid interface number: 171 but max is 1
[  383.082347][  T797] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  383.096968][ T5909] usb 7-1: config 127 has no interface number 1
[  383.116948][  T797] usb 8-1: Product: syz
[  383.121727][ T5909] usb 7-1: config 127 interface 0 altsetting 10 has an endpoint descriptor with address 0x1B, changing to 0xB
[  383.148721][  T797] usb 8-1: Manufacturer: syz
[  383.153441][  T797] usb 8-1: SerialNumber: syz
[  383.161622][ T5909] usb 7-1: config 127 interface 0 altsetting 10 endpoint 0xB has invalid wMaxPacketSize 0
[  383.185838][ T5909] usb 7-1: config 127 interface 171 has no altsetting 0
[  383.193471][ T5909] usb 7-1: config 127 interface 0 has no altsetting 0
[  383.203782][  T797] usb 8-1: config 0 descriptor??
[  383.220165][  T797] hub 8-1:0.89: bad descriptor, ignoring hub
[  383.230294][ T5909] usb 7-1: New USB device found, idVendor=04e2, idProduct=1414, bcdDevice=c5.b9
[  383.245135][ T5909] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  383.256726][  T797] hub 8-1:0.89: probe with driver hub failed with error -5
[  383.287038][ T5909] usb 7-1: Product: syz
[  383.292886][  T797] option 8-1:0.89: GSM modem (1-port) converter detected
[  383.303149][ T5909] usb 7-1: Manufacturer: syz
[  383.315432][ T5909] usb 7-1: SerialNumber: syz
[  383.333048][  T797] usb 8-1: GSM modem (1-port) converter now attached to ttyUSB0
[  383.455207][  T797] usb 8-1: USB disconnect, device number 3
[  383.508183][  T797] option1 ttyUSB0: GSM modem (1-port) converter now disconnected from ttyUSB0
[  383.543687][  T797] option 8-1:0.89: device disconnected
[  383.565871][ T5909] xr_serial 7-1:127.171: xr_serial converter detected
[  383.592920][ T5909] xr_serial ttyUSB0: Failed to set reg 0x1a: -71
[  383.601672][ T5909] xr_serial ttyUSB0: probe with driver xr_serial failed with error -71
[  383.638728][ T5909] usb 7-1: USB disconnect, device number 5
[  383.672481][ T5909] xr_serial 7-1:127.171: device disconnected
[  383.853138][T15546] comedi comedi3: rti800: I/O port conflict (0xfffffffffffffffa,16)
[  384.198024][   T29] kauditd_printk_skb: 5 callbacks suppressed
[  384.198045][   T29] audit: type=1400 audit(1772115944.307:3056): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-22 profile="unconfined" name="&" pid=15561 comm="syz.7.4138"
[  384.694391][T15581] netlink: 'syz.6.4148': attribute type 1 has an invalid length.
[  384.729935][T15573] loop4: detected capacity change from 0 to 4096
[  384.741522][   T29] audit: type=1326 audit(1772115944.857:3057): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15580 comm="syz.3.4147" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f95f959c799 code=0x7ffc0000
[  384.838935][   T29] audit: type=1326 audit(1772115944.857:3058): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15580 comm="syz.3.4147" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f95f959c799 code=0x7ffc0000
[  384.924959][   T29] audit: type=1326 audit(1772115944.897:3059): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15580 comm="syz.3.4147" exe="/root/syz-executor" sig=0 arch=c000003e syscall=152 compat=0 ip=0x7f95f959c799 code=0x7ffc0000
[  384.993301][T15573] ntfs3(loop4): ino=1e, "file1" attr_set_size_ex
[  385.013515][T15573] ntfs3(loop4): Mark volume as dirty due to NTFS errors
[  385.037135][   T29] audit: type=1326 audit(1772115944.897:3060): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15580 comm="syz.3.4147" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f95f959c799 code=0x7ffc0000
[  385.061193][T15588] loop7: detected capacity change from 0 to 16
[  385.099929][   T29] audit: type=1326 audit(1772115944.897:3061): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15580 comm="syz.3.4147" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f95f959c799 code=0x7ffc0000
[  385.106687][T15588] erofs (device loop7): mounted with root inode @ nid 36.
[  385.130442][T15573] ntfs3(loop4): ino=1e, "file1" attr_set_size_ex
[  385.436968][ T5945] usb 7-1: new full-speed USB device number 6 using dummy_hcd
[  385.462416][T15566] loop1: detected capacity change from 0 to 32768
[  385.477933][T15566] xfs: Deprecated parameter 'noikeep'
[  385.483415][T15566] XFS: noikeep mount option is deprecated.
[  385.514573][T15600] loop7: detected capacity change from 0 to 1024
[  385.549735][T15566] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  385.574299][  T962] hfsplus: b-tree write err: -5, ino 25
[  385.582540][  T962] hfsplus: b-tree write err: -5, ino 4
[  385.590944][  T962] hfsplus: b-tree write err: -5, ino 2
[  385.611733][ T5945] usb 7-1: config 1 has too many interfaces: 235, using maximum allowed: 32
[  385.661772][ T5945] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  385.745981][T15614] loop4: detected capacity change from 0 to 164
[  385.754890][ T5945] usb 7-1: config 1 has 2 interfaces, different from the descriptor's value: 235
[  385.794010][T15566] XFS (loop1): Ending clean mount
[  385.803335][T15614] iso9660: Corrupted directory entry in block 2 of inode 1920
[  385.820873][ T5945] usb 7-1: config 1 has no interface number 1
[  385.840814][T15566] XFS (loop1): Quotacheck needed: Please wait.
[  385.860167][ T5945] usb 7-1: config 1 interface 105 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  385.918059][ T5945] usb 7-1: config 1 interface 105 has no altsetting 0
[  385.974545][ T5945] usb 7-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d
[  385.986549][T15566] XFS (loop1): Quotacheck: Done.
[  386.000939][ T5945] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  386.016166][ T5945] usb 7-1: Product: syz
[  386.061353][ T5945] usb 7-1: Manufacturer: syz
[  386.097198][T15620] binder: BC_ACQUIRE_RESULT not supported
[  386.102988][T15620] binder: 15619:15620 ioctl c0306201 200000004a40 returned -22
[  386.111027][ T5945] usb 7-1: SerialNumber: syz
[  386.132046][ T5827] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  386.422274][ T5945] aqc111 7-1:1.105: probe with driver aqc111 failed with error -22
[  386.650637][ T5896] usb 7-1: USB disconnect, device number 6
[  386.667409][T15632] x_tables: duplicate underflow at hook 4
[  386.882648][T15640] syz.1.4173: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  386.940469][T15622] loop7: detected capacity change from 0 to 32768
[  386.942514][T15640] CPU: 0 UID: 0 PID: 15640 Comm: syz.1.4173 Not tainted syzkaller #0 PREEMPT(full) 
[  386.942589][T15640] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  386.942633][T15640] Call Trace:
[  386.942655][T15640]  <TASK>
[  386.942677][T15640]  dump_stack_lvl+0xe8/0x150
[  386.942780][T15640]  warn_alloc+0x249/0x340
[  386.942850][T15640]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  386.942932][T15640]  ? __pfx_warn_alloc+0x10/0x10
[  386.943014][T15640]  ? kasan_save_track+0x4f/0x80
[  386.943066][T15640]  ? kasan_save_track+0x3e/0x80
[  386.943118][T15640]  ? __kasan_kmalloc+0x93/0xb0
[  386.943170][T15640]  ? __kmalloc_cache_noprof+0x31c/0x660
[  386.943218][T15640]  ? xskq_create+0x56/0x170
[  386.943289][T15640]  ? xsk_setsockopt+0x54c/0x990
[  386.943349][T15640]  ? do_sock_setsockopt+0x17c/0x1b0
[  386.943426][T15640]  ? __x64_sys_setsockopt+0x13d/0x1b0
[  386.943525][T15640]  ? do_syscall_64+0x14d/0xf80
[  386.943619][T15640]  __vmalloc_node_range_noprof+0x132/0x1730
[  386.943764][T15640]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  386.943845][T15640]  ? __kasan_kmalloc+0x93/0xb0
[  386.943918][T15640]  vmalloc_user_noprof+0xad/0xe0
[  386.943980][T15640]  ? xskq_create+0xbf/0x170
[  386.944051][T15640]  xskq_create+0xbf/0x170
[  386.944126][T15640]  xsk_init_queue+0x8a/0xe0
[  386.944207][T15640]  xsk_setsockopt+0x54c/0x990
[  386.944273][T15640]  ? __pfx_xsk_setsockopt+0x10/0x10
[  386.944337][T15640]  ? __pfx_aa_sk_perm+0x10/0x10
[  386.944420][T15640]  ? aa_sock_opt_perm+0xff/0x1a0
[  386.944513][T15640]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[  386.944568][T15640]  ? __pfx_xsk_setsockopt+0x10/0x10
[  386.944638][T15640]  do_sock_setsockopt+0x17c/0x1b0
[  386.944721][T15640]  __x64_sys_setsockopt+0x13d/0x1b0
[  386.944834][T15640]  do_syscall_64+0x14d/0xf80
[  386.944926][T15640]  ? trace_irq_disable+0x3b/0x150
[  386.945006][T15640]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  386.945060][T15640]  ? clear_bhb_loop+0x40/0x90
[  386.945130][T15640]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  386.945191][T15640] RIP: 0033:0x7f438579c799
[  386.945232][T15640] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  386.945281][T15640] RSP: 002b:00007f4386641028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  386.945334][T15640] RAX: ffffffffffffffda RBX: 00007f4385a15fa0 RCX: 00007f438579c799
[  386.945386][T15640] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000003
[  386.945418][T15640] RBP: 00007f4385832bd9 R08: 0000000000000004 R09: 0000000000000000
[  386.945453][T15640] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[  386.945494][T15640] R13: 00007f4385a16038 R14: 00007f4385a15fa0 R15: 00007ffeaeaf84c8
[  386.945579][T15640]  </TASK>
[  386.989958][T15640] Mem-Info:
[  386.990017][T15640] active_anon:11548 inactive_anon:0 isolated_anon:0
[  386.990017][T15640]  active_file:3440 inactive_file:40165 isolated_file:0
[  386.990017][T15640]  unevictable:768 dirty:511 writeback:0
[  386.990017][T15640]  slab_reclaimable:12104 slab_unreclaimable:110988
[  386.990017][T15640]  mapped:45824 shmem:5454 pagetables:1451
[  386.990017][T15640]  sec_pagetables:0 bounce:0
[  386.990017][T15640]  kernel_misc_reclaimable:0
[  386.990017][T15640]  free:1266380 free_pcp:6593 free_cma:0
[  386.990094][T15640] Node 0 active_anon:46192kB inactive_anon:0kB active_file:13748kB inactive_file:160460kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:183292kB dirty:2044kB writeback:0kB shmem:20280kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:13704kB pagetables:5668kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  386.990150][T15640] Node 1 active_anon:0kB inactive_anon:0kB active_file:12kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:4kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:64kB pagetables:136kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  386.990201][T15640] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  386.990267][T15640] lowmem_reserve[]: 0 2486 2486 2486 2486
[  386.990316][T15640] Node 0 DMA32 free:1114112kB boost:0kB min:34148kB low:42684kB high:51220kB reserved_highatomic:0KB free_highatomic:0KB active_anon:46192kB inactive_anon:0kB active_file:13748kB inactive_file:160460kB unevictable:1536kB writepending:2044kB zspages:0kB present:3129332kB managed:2546248kB mlocked:0kB bounce:0kB free_pcp:25616kB local_pcp:14692kB free_cma:0kB
[  386.990383][T15640] lowmem_reserve[]: 0 0 0 0 0
[  386.990429][T15640] Node 0 Normal free:0kB boost:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:76kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  386.990490][T15640] lowmem_reserve[]: 0 0 0 0 0
[  386.990542][T15640] Node 1 Normal free:3936048kB boost:0kB min:55748kB low:69684kB high:83620kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:12kB inactive_file:200kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:756kB local_pcp:16kB free_cma:0kB
[  386.990607][T15640] lowmem_reserve[]: 0 0 0 0 0
[  386.990659][T15640] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  386.990836][T15640] Node 0 DMA32: 414*4kB (UME) 2391*8kB (UME) 1123*16kB (UME) 140*32kB 
[  387.209841][T15644] __nla_validate_parse: 48 callbacks suppressed
[  387.209903][T15644] netlink: 4456 bytes leftover after parsing attributes in process `syz.4.4175'.
[  387.317538][T15640] (UM) 90*64kB (UME) 29*128kB (M) 26*256kB (UME) 14*512kB (UME) 3*1024kB (UM) 4*2048kB (UME) 253*4096kB (UM) = 1114080kB
[  387.317685][T15640] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  387.317810][T15640] Node 1 Normal: 4*4kB (UE) 2*8kB (UE) 11*16kB (UME) 5*32kB (UME) 7*64kB (UME) 2*128kB (UM) 3*256kB (UM) 4*512kB (UM) 2*1024kB (ME) 1*2048kB (E) 959*4096kB (M) = 3936048kB
[  387.318025][T15640] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  387.318045][T15640] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  387.318064][T15640] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  387.318086][T15640] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  387.318105][T15640] 48990 total pagecache pages
[  387.318120][T15640] 0 pages in swap cache
[  387.318129][T15640] Free swap  = 124996kB
[  387.318139][T15640] Total swap = 124996kB
[  387.318149][T15640] 2097051 pages RAM
[  387.318159][T15640] 0 pages HighMem/MovableOnly
[  387.318168][T15640] 428855 pages reserved
[  387.318177][T15640] 0 pages cma reserved
[  387.527699][T15622] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop7 (7:7) scanned by syz.7.4164 (15622)
[  387.811881][T15646] loop3: detected capacity change from 0 to 2048
[  387.830328][T15622] BTRFS info (device loop7): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0
[  387.858894][T15622] BTRFS info (device loop7): using crc32c checksum algorithm
[  387.894977][T15646] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024)
[  387.909940][T15622] BTRFS warning (device loop7): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  387.926998][T15650] befs: (loop4): No write support. Marking filesystem read-only
[  387.969275][T15650] befs: (loop4): unable to read superblock
[  388.007256][T15658] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  388.258292][T15622] BTRFS info (device loop7): rebuilding free space tree
[  388.377903][T15622] BTRFS info (device loop7): disabling free space tree
[  388.384978][T15622] BTRFS info (device loop7): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  388.441262][T15622] BTRFS info (device loop7): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  388.464620][T15674] netlink: 'syz.3.4182': attribute type 16 has an invalid length.
[  388.505194][T15674] netlink: 'syz.3.4182': attribute type 17 has an invalid length.
[  388.516029][T15622] BTRFS info (device loop7): enabling ssd optimizations
[  388.535233][T15622] BTRFS info (device loop7): turning on async discard
[  388.552444][T15622] BTRFS info (device loop7): enabling disk space caching
[  388.576743][T15674] bridge0: port 1(
) entered disabled state
[  388.589545][T15622] BTRFS info (device loop7): force clearing of disk cache
[  388.605175][T15622] BTRFS info (device loop7): use zstd compression, level 3
[  388.615682][T15674] bridge0: port 2(bridge_slave_1) entered disabled state
[  388.718589][T15674] bridge0: port 3(netdevsim0) entered disabled state
[  388.998553][T14521] BTRFS info (device loop7): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0
[  389.557173][T15709] netlink: 'syz.6.4199': attribute type 1 has an invalid length.
[  389.812467][T15715] netlink: 'syz.6.4202': attribute type 16 has an invalid length.
[  389.826981][T15715] netlink: 'syz.6.4202': attribute type 17 has an invalid length.
[  389.910043][T15715] bridge0: port 1(bridge_slave_0) entered disabled state
[  389.941087][T15715] bridge0: port 2(bridge_slave_1) entered disabled state
[  390.445190][T15735] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  390.562042][T15735] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[  391.005705][T15755] netlink: 'syz.7.4222': attribute type 16 has an invalid length.
[  391.041339][T15755] netlink: 'syz.7.4222': attribute type 17 has an invalid length.
[  391.152438][T15755] bridge0: port 1(bridge_slave_0) entered disabled state
[  391.211089][T15755] bridge0: port 2(bridge_slave_1) entered disabled state
[  391.341130][T15737] loop6: detected capacity change from 0 to 32768
[  391.411081][T15737] jfs_lookup: dtSearch returned -5
[  391.820884][T15783] netlink: 16 bytes leftover after parsing attributes in process `syz.7.4232'.
[  391.939761][T15787] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4234'.
[  392.016979][ T5945] usb 4-1: new full-speed USB device number 25 using dummy_hcd
[  392.099035][T15794] netlink: 16 bytes leftover after parsing attributes in process `syz.7.4238'.
[  392.114512][T15795] loop6: detected capacity change from 0 to 256
[  392.188930][ T5945] usb 4-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 65535, setting to 64
[  392.214703][ T5945] usb 4-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[  392.258326][ T5945] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  392.298482][T15782] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  392.373351][T15803] loop7: detected capacity change from 0 to 256
[  392.426131][T15803] exFAT-fs (loop7): failed to load upcase table (idx : 0x00010000, chksum : 0x25fbf2c1, utbl_chksum : 0xe619d30d)
[  392.706698][T15817] loop6: detected capacity change from 0 to 128
[  392.715734][T15815] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4249'.
[  392.758251][ T5945] aiptek 4-1:17.0: Aiptek using 400 ms programming speed
[  392.791252][ T5945] input: Aiptek as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:17.0/input/input13
[  392.823049][T15817] UDF-fs: error (device loop6): udf_read_tagged: read failed, block=256, location=256
[  392.889198][T15817] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  393.045145][T15823] netlink: 52 bytes leftover after parsing attributes in process `syz.4.4253'.
[  393.068402][ T5945] usb 4-1: USB disconnect, device number 25
[  393.074450][    C0] aiptek 4-1:17.0: aiptek_irq - usb_submit_urb failed with result -19
[  393.247115][T15821] loop7: detected capacity change from 0 to 8192
[  393.267237][T15821] msdos: Unknown parameter 'time_offseu'
[  393.746586][T15845] loop4: detected capacity change from 0 to 16
[  393.810557][T15844] loop3: detected capacity change from 0 to 4096
[  393.819259][T15845] erofs (device loop4): mounted with root inode @ nid 36.
[  393.868135][T15844] EXT4-fs: Ignoring removed mblk_io_submit option
[  393.913574][T15844] EXT4-fs (loop3): Test dummy encryption mode enabled
[  393.988111][T15844] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  394.010104][T15848] loop6: detected capacity change from 0 to 4096
[  394.054970][T15848] ntfs3(loop6): Different NTFS sector size (4096) and media sector size (512).
[  394.180780][T15848] ntfs3(loop6): Mark volume as dirty due to NTFS errors
[  394.239599][T15848] ntfs3(loop6): ino=19, mi_enum_attr
[  394.261780][ T5823] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  394.337619][T15848] ntfs3(loop6): failed to convert "c46c" to cp863
[  394.374635][T15848] ntfs3(loop6): ino=20, mi_enum_attr
[  394.661267][T15831] loop1: detected capacity change from 0 to 40427
[  394.709586][T15831] F2FS-fs: heap/no_heap options were deprecated
[  394.723348][T15831] F2FS-fs (loop1): Wrong secs_per_zone / total_sections (4285726721, 24)
[  394.742909][T15831] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  394.793159][T15831] F2FS-fs (loop1): invalid crc value
[  394.808119][T15871] loop6: detected capacity change from 0 to 256
[  394.827854][T15871] exfat: Deprecated parameter 'utf8'
[  394.894558][T15871] exFAT-fs (loop6): failed to load upcase table (idx : 0x0001fe89, chksum : 0xc374f927, utbl_chksum : 0xe619d30d)
[  395.189578][T15831] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  395.258563][T15831] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  395.271452][T15831] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  395.291115][T15886] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  396.162161][T15916] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4296'.
[  396.657105][ T5945] usb 8-1: new high-speed USB device number 4 using dummy_hcd
[  396.818010][ T5945] usb 8-1: Using ep0 maxpacket: 16
[  396.830451][ T5945] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  396.880211][ T5945] usb 8-1: New USB device found, idVendor=1803, idProduct=5510, bcdDevice=7d.bf
[  396.897240][ T5945] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  396.908052][ T5945] usb 8-1: Product: syz
[  396.912280][ T5945] usb 8-1: Manufacturer: syz
[  396.937096][ T5945] usb 8-1: SerialNumber: syz
[  396.960605][ T5945] usb 8-1: config 0 descriptor??
[  397.135394][T15957] set_capacity_and_notify: 1 callbacks suppressed
[  397.135416][T15957] loop4: detected capacity change from 0 to 512
[  397.203168][ T5945] cxacru 8-1:0.0: usbatm_usb_probe: bind failed: -19!
[  397.256641][T15957] EXT4-fs error (device loop4): ext4_xattr_inode_iget:441: inode #11: comm syz.4.4317: ea_inode with extended attributes
[  397.320002][T15957] loop4: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117
[  397.320495][T15957] EXT4-fs (loop4): Remounting filesystem read-only
[  397.329939][    C0] EXT4-fs (loop4): error count since last fsck: 1
[  397.329963][    C0] EXT4-fs (loop4): initial error at time 1772115957: ext4_xattr_inode_iget:441: inode 11
[  397.329998][    C0] EXT4-fs (loop4): last error at time 1772115957: ext4_xattr_inode_iget:441: inode 11
[  397.388646][T15957] EXT4-fs warning (device loop4): ext4_evict_inode:275: xattr delete (err -30)
[  397.402378][ T5909] usb 8-1: USB disconnect, device number 4
[  397.426323][T15957] EXT4-fs (loop4): 1 orphan inode deleted
[  397.472086][T15957] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  397.577212][ T5828] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  397.779719][T15955] loop3: detected capacity change from 0 to 32768
[  397.856695][T15955] 
[  397.856695][T15955]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  397.856695][T15955] 
[  397.931965][T15955] jfs_rename: dtInsert returned -EIO
[  398.016958][ T5823] 
[  398.016958][ T5823]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  398.016958][ T5823] 
[  398.057898][ T5823] 
[  398.057898][ T5823]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  398.057898][ T5823] 
[  398.441005][T15992] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined
[  398.503139][T15972] loop6: detected capacity change from 0 to 32768
[  398.513023][T15995] loop1: detected capacity change from 0 to 256
[  398.549365][T15995] exfat: Deprecated parameter 'utf8'
[  398.564255][T15972] ocfs2: Slot 0 on device (7,6) was already allocated to this node!
[  398.583443][T15995] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d)
[  398.625329][T15972] JBD2: Ignoring recovery information on journal
[  398.826765][T15972] ocfs2: Mounting device (7,6) on (node local, slot 0) with ordered data mode.
[  399.090652][T16009] loop4: detected capacity change from 0 to 4096
[  399.179433][T16009] ntfs3(loop4): ino=19, mi_enum_attr
[  399.220892][T12565] ocfs2: Unmounting device (7,6) on (node local)
[  399.677830][T16030] loop1: detected capacity change from 0 to 24
[  399.751608][T16006] loop3: detected capacity change from 0 to 32768
[  399.913112][ T1018] read_mapping_page failed!
[  399.929824][ T1018] ERROR: (device loop3): txCommit: 
[  399.929824][ T1018] 
[  399.970011][ T1018] jfs_write_inode: jfs_commit_inode failed!
[  400.161544][T16045] netlink: 'syz.6.4358': attribute type 6 has an invalid length.
[  400.174483][T16047] netlink: 'syz.1.4359': attribute type 2 has an invalid length.
[  400.209712][T16047] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4359'.
[  400.387045][ T5944] usb 8-1: new high-speed USB device number 5 using dummy_hcd
[  400.543496][T16059] 9pnet_fd: Insufficient options for proto=fd
[  400.566521][ T5944] usb 8-1: config 171 has an invalid interface number: 109 but max is 0
[  400.585839][ T5944] usb 8-1: config 171 has an invalid descriptor of length 0, skipping remainder of the config
[  400.627028][ T5944] usb 8-1: config 171 has no interface number 0
[  400.633392][ T5944] usb 8-1: config 171 interface 109 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 1023
[  400.666962][ T5944] usb 8-1: config 171 interface 109 altsetting 0 endpoint 0x1 has invalid maxpacket 12032, setting to 64
[  400.694038][ T5944] usb 8-1: config 171 interface 109 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 12
[  400.756570][ T5944] usb 8-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=fd.2e
[  400.786629][ T5944] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  400.805027][ T5944] usb 8-1: Product: syz
[  400.830972][ T5944] usb 8-1: Manufacturer: syz
[  400.842196][ T5944] usb 8-1: SerialNumber: syz
[  400.865049][T16067] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  400.877828][T16044] raw-gadget.0 gadget.7: fail, usb_ep_enable returned -22
[  401.101709][ T5944] ath6kl: Failed to submit usb control message: -71
[  401.120112][ T5944] ath6kl: unable to send the bmi data to the device: -71
[  401.157075][ T5944] ath6kl: Unable to send get target info: -71
[  401.173395][ T5944] ath6kl: Failed to init ath6kl core: -71
[  401.191776][ T5944] ath6kl_usb 8-1:171.109: probe with driver ath6kl_usb failed with error -71
[  401.249397][ T5944] usb 8-1: USB disconnect, device number 5
[  401.296948][ T5909] usb 5-1: new high-speed USB device number 19 using dummy_hcd
[  401.472795][ T5909] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  401.499646][ T5909] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  401.527522][ T5909] usb 5-1: Product: syz
[  401.531752][ T5909] usb 5-1: Manufacturer: syz
[  401.536383][ T5909] usb 5-1: SerialNumber: syz
[  401.602109][ T5909] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  401.624163][ T5844] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  402.027047][T16111] program syz.1.4390 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  402.098924][T16114] netlink: 144 bytes leftover after parsing attributes in process `syz.6.4392'.
[  402.132740][ T5916] usb 5-1: USB disconnect, device number 19
[  402.149441][T16116] netlink: 68 bytes leftover after parsing attributes in process `syz.3.4393'.
[  402.337264][T16124] loop1: detected capacity change from 0 to 8
[  402.687585][ T5844] ath9k_htc 5-1:1.0: ath9k_htc: Target is unresponsive
[  402.722191][ T5844] ath9k_htc: Failed to initialize the device
[  402.745752][ T5916] usb 5-1: ath9k_htc: USB layer deinitialized
[  402.768573][T16136] tmpfs: Bad value for 'mpol'
[  402.970104][T16144] netlink: 'syz.3.4407': attribute type 10 has an invalid length.
[  403.803236][T16177] loop6: detected capacity change from 0 to 4096
[  403.823418][T16177] ntfs3(loop6): Different NTFS sector size (2048) and media sector size (512).
[  403.941677][T16177] ntfs3(loop6): Failed to initialize $Extend/$ObjId.
[  404.174443][T16197] openvswitch: netlink: IP tunnel dst address not specified
[  404.237082][ T5844] usb 4-1: new high-speed USB device number 26 using dummy_hcd
[  404.386011][T16199] bond1: option updelay: invalid value (18446744073709551615)
[  404.409393][T16199] bond1: option updelay: allowed values 0 - 2147483647
[  404.419573][T16199] bond1 (unregistering): Released all slaves
[  404.448539][ T5844] usb 4-1: Using ep0 maxpacket: 32
[  404.466055][ T5844] usb 4-1: config index 0 descriptor too short (expected 35577, got 27)
[  404.482860][ T5844] usb 4-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  404.502158][ T5844] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 92
[  404.532912][ T5844] usb 4-1: config 1 has no interface number 0
[  404.547002][ T5844] usb 4-1: config 1 interface 1 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  404.577961][ T5844] usb 4-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  404.603034][ T5844] usb 4-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  404.638067][ T5844] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  404.694592][ T5844] snd_usb_pod 4-1:1.1: Line 6 Pocket POD found
[  404.717705][T16216] loop7: detected capacity change from 0 to 256
[  404.758098][T16216] exFAT-fs (loop7): failed to load upcase table (idx : 0x00010000, chksum : 0xd22393c8, utbl_chksum : 0xe619d30d)
[  404.881389][T16219] loop4: detected capacity change from 0 to 64
[  404.909983][ T5844] snd_usb_pod 4-1:1.1: invalid control EP
[  404.944236][ T5844] snd_usb_pod 4-1:1.1: cannot start listening: -22
[  404.961712][ T5844] snd_usb_pod 4-1:1.1: Line 6 Pocket POD now disconnected
[  404.992317][ T5844] snd_usb_pod 4-1:1.1: probe with driver snd_usb_pod failed with error -22
[  405.047636][T16222] mmap: syz.1.4445 (16222) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  405.170907][ T5844] usb 4-1: USB disconnect, device number 26
[  405.194531][T16228] netlink: 'syz.7.4449': attribute type 61 has an invalid length.
[  405.371538][T16237] netlink: 'syz.6.4451': attribute type 5 has an invalid length.
[  405.392452][T16235] loop7: detected capacity change from 0 to 1024
[  405.424338][T16237] netlink: 'syz.6.4451': attribute type 5 has an invalid length.
[  405.447049][T16237] netlink: 3657 bytes leftover after parsing attributes in process `syz.6.4451'.
[  405.460036][T16235] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  405.547159][T16235] EXT4-fs error (device loop7): ext4_xattr_inode_iget:441: inode #11: comm syz.7.4452: missing EA_INODE flag
[  405.636241][T16235] EXT4-fs (loop7): Remounting filesystem read-only
[  405.800644][T16254] netlink: 'syz.3.4459': attribute type 10 has an invalid length.
[  405.809554][T14521] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  405.862067][T16254] netlink: 40 bytes leftover after parsing attributes in process `syz.3.4459'.
[  405.909040][T16254] `: entered promiscuous mode
[  405.927578][T16254] team_slave_0: entered promiscuous mode
[  405.977364][T16254] team_slave_1: entered promiscuous mode
[  405.983408][T16254] geneve0: entered promiscuous mode
[  406.027124][T16254] `: entered allmulticast mode
[  406.034517][T16254] team_slave_0: entered allmulticast mode
[  406.070038][T16254] team_slave_1: entered allmulticast mode
[  406.075860][T16254] geneve0: entered allmulticast mode
[  406.108331][T16254] 8021q: adding VLAN 0 to HW filter on device `
[  406.109455][T16254] bridge0: port 4(`) entered blocking state
[  406.110291][T16254] bridge0: port 4(`) entered disabled state
[  406.270984][T16266] overlayfs: missing 'lowerdir'
[  406.372397][T16271] netlink: 3 bytes leftover after parsing attributes in process `syz.1.4467'.
[  406.443841][T16271] 0ªX¹¦À: renamed from caif0
[  406.464921][T16271] 0ªX¹¦À: entered allmulticast mode
[  406.480394][T16271] A link change request failed with some changes committed already. Interface 
60ªX¹¦À may have been left with an inconsistent configuration, please check.
[  406.572384][T16250] loop6: detected capacity change from 0 to 32768
[  406.658876][T16250] XFS (loop6): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  406.763100][T16292] loop4: detected capacity change from 0 to 1024
[  406.804608][T16292] hfsplus: Filesystem was not cleanly unmounted, running fsck.hfsplus is recommended.  mounting read-only.
[  406.956027][T16250] XFS (loop6): Ending clean mount
[  406.989483][   T29] audit: type=1326 audit(1772115967.097:3062): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16299 comm="syz.3.4478" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f95f959c799 code=0x7ffc0000
[  407.072959][   T29] audit: type=1326 audit(1772115967.097:3063): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16299 comm="syz.3.4478" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f95f959c799 code=0x7ffc0000
[  407.168462][T12565] XFS (loop6): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  407.189425][   T29] audit: type=1326 audit(1772115967.107:3064): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16299 comm="syz.3.4478" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f95f959c799 code=0x7ffc0000
[  407.284463][   T29] audit: type=1800 audit(1772115967.137:3065): pid=16292 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.4474" name="file1" dev="loop4" ino=20 res=0 errno=0
[  407.357022][   T29] audit: type=1326 audit(1772115967.137:3066): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16299 comm="syz.3.4478" exe="/root/syz-executor" sig=0 arch=c000003e syscall=290 compat=0 ip=0x7f95f959c799 code=0x7ffc0000
[  407.451731][   T29] audit: type=1326 audit(1772115967.137:3067): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16299 comm="syz.3.4478" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f95f959c799 code=0x7ffc0000
[  407.569093][   T29] audit: type=1326 audit(1772115967.137:3068): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16299 comm="syz.3.4478" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f95f959c799 code=0x7ffc0000
[  407.656608][T16315] loop4: detected capacity change from 0 to 512
[  407.686963][   T29] audit: type=1326 audit(1772115967.137:3069): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16299 comm="syz.3.4478" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f95f959c799 code=0x7ffc0000
[  407.786974][   T29] audit: type=1326 audit(1772115967.137:3070): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16299 comm="syz.3.4478" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f95f959c799 code=0x7ffc0000
[  407.867805][T16281] loop7: detected capacity change from 0 to 32768
[  407.875211][   T29] audit: type=1326 audit(1772115967.137:3071): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16299 comm="syz.3.4478" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7f95f959c799 code=0x7ffc0000
[  407.924372][T16315] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  407.975307][T16319] loop3: detected capacity change from 0 to 4096
[  407.986016][T16319] NILFS (loop3): mounting unchecked fs
[  407.986773][T16281] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop7 (7:7) scanned by syz.7.4472 (16281)
[  408.014036][T16315] EXT4-fs error (device loop4): __ext4_find_entry:1626: inode #11: comm syz.4.4486: checksumming directory block 0
[  408.036927][T16319] NILFS (loop3): recovery required for readonly filesystem
[  408.044281][T16319] NILFS (loop3): write access will be enabled during recovery
[  408.078000][T16281] BTRFS info (device loop7): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  408.108069][T16319] NILFS (loop3): invalid segment: Checksum error in segment payload
[  408.116321][T16319] NILFS (loop3): trying rollback from an earlier position
[  408.144122][T16281] BTRFS info (device loop7): using sha256 checksum algorithm
[  408.192537][ T5828] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  408.232513][T16319] NILFS (loop3): norecovery option specified, skipping roll-forward recovery
[  408.277710][T16319] NILFS (loop3): couldn't remount because the filesystem is in an incomplete recovery state
[  408.423748][T16281] BTRFS info (device loop7): enabling ssd optimizations
[  408.485631][T16281] BTRFS info (device loop7): turning on async discard
[  408.536777][T16281] BTRFS info (device loop7): enabling free space tree
[  408.702475][T14521] BTRFS info (device loop7): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  408.914752][T16324] loop6: detected capacity change from 0 to 32768
[  408.978808][T16324] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  409.037208][T16357] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4497'.
[  409.041730][T16324] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  409.151363][T16324] gfs2: fsid=syz:syz.s: journal 0 mapped with 5 extents in 0ms
[  409.418783][T16324] gfs2: fsid=syz:syz.s: first mount done, others may mount
[  409.530296][T16371] MTD: Couldn't look up '': -22
[  409.685776][T16375] netlink: 'syz.1.4506': attribute type 15 has an invalid length.
[  409.737829][ T5916] usb 4-1: new high-speed USB device number 27 using dummy_hcd
[  409.917393][ T5916] usb 4-1: Using ep0 maxpacket: 8
[  409.942870][ T5916] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 13
[  410.001553][ T5916] usb 4-1: New USB device found, idVendor=046d, idProduct=08ae, bcdDevice=11.58
[  410.020590][ T5916] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  410.058020][ T5916] usb 4-1: Product: syz
[  410.062386][ T5916] usb 4-1: Manufacturer: syz
[  410.091459][ T5916] usb 4-1: SerialNumber: syz
[  410.112490][ T5916] usb 4-1: config 0 descriptor??
[  410.138965][ T5916] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08ae
[  410.348492][ T5916] gspca_zc3xx: reg_w_i err -71
[  410.370733][T16399] binder: 16398:16399 ioctl c0306201 200000000540 returned -22
[  410.488640][T16406] loop1: detected capacity change from 0 to 8
[  410.691418][T16413] loop4: detected capacity change from 0 to 256
[  410.795961][T16413] FAT-fs (loop4): Directory bread(block 64) failed
[  410.820873][T16413] FAT-fs (loop4): Directory bread(block 65) failed
[  410.842619][T16413] FAT-fs (loop4): Directory bread(block 66) failed
[  410.880916][T16413] FAT-fs (loop4): Directory bread(block 67) failed
[  410.916019][T16413] FAT-fs (loop4): Directory bread(block 68) failed
[  410.936962][T16413] FAT-fs (loop4): Directory bread(block 69) failed
[  410.943649][T16413] FAT-fs (loop4): Directory bread(block 70) failed
[  410.956944][ T5916] gspca_zc3xx: Unknown sensor - set to TAS5130C
[  410.963427][ T5916] gspca_zc3xx 4-1:0.0: probe with driver gspca_zc3xx failed with error -71
[  410.990689][T16413] FAT-fs (loop4): Directory bread(block 71) failed
[  411.003318][T16422] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4528'.
[  411.013796][T16413] FAT-fs (loop4): Directory bread(block 72) failed
[  411.026696][T16413] FAT-fs (loop4): Directory bread(block 73) failed
[  411.038116][ T5916] usb 4-1: USB disconnect, device number 27
[  411.255514][T16431] openvswitch: netlink: Unexpected mask (mask=200240, allowed=10048)
[  411.597154][T16444] loop1: detected capacity change from 0 to 2048
[  411.698125][T16444] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  411.784317][T16454] loop7: detected capacity change from 0 to 256
[  412.181879][T16467] tc_dump_action: action bad kind
[  412.265977][   T29] audit: type=1326 audit(1772115972.377:3072): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16471 comm="syz.4.4554" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f008019c799 code=0x7ffc0000
[  412.357682][   T29] audit: type=1326 audit(1772115972.377:3073): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16471 comm="syz.4.4554" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f008019c799 code=0x7ffc0000
[  412.444182][   T29] audit: type=1326 audit(1772115972.417:3074): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16471 comm="syz.4.4554" exe="/root/syz-executor" sig=0 arch=c000003e syscall=325 compat=0 ip=0x7f008019c799 code=0x7ffc0000
[  412.487630][T16477] loop1: detected capacity change from 0 to 1764
[  412.535618][   T29] audit: type=1326 audit(1772115972.417:3075): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16471 comm="syz.4.4554" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f008019c799 code=0x7ffc0000
[  412.616944][   T29] audit: type=1326 audit(1772115972.417:3076): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16471 comm="syz.4.4554" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f008019c799 code=0x7ffc0000
[  412.796986][ T5944] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[  412.806694][T16456] loop3: detected capacity change from 0 to 32768
[  412.814494][T16489] loop4: detected capacity change from 0 to 64
[  412.832361][T16456] (syz.3.4544,16456,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  412.879176][T16456] (syz.3.4544,16456,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  412.938385][T16489] Trying to free block not in datazone
[  412.944013][T16489] minix_free_inode: bit 2 already cleared
[  412.976979][ T5944] usb 7-1: Using ep0 maxpacket: 8
[  412.989343][T16456] JBD2: Ignoring recovery information on journal
[  413.025102][ T5944] usb 7-1: config 0 has an invalid interface number: 52 but max is 0
[  413.087232][ T5944] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  413.154214][ T5944] usb 7-1: config 0 has no interface number 0
[  413.178113][ T5944] usb 7-1: config 0 interface 52 altsetting 1 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  413.212210][T16456] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  413.235727][ T5944] usb 7-1: config 0 interface 52 altsetting 1 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  413.266922][ T5944] usb 7-1: config 0 interface 52 altsetting 1 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  413.299699][ T5944] usb 7-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  413.353692][ T5944] usb 7-1: config 0 interface 52 has no altsetting 0
[  413.363860][T16456] (syz.3.4544,16456,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0x98842a5e, computed 0xe74db1cd. Applying ECC.
[  413.377226][ T5944] usb 7-1: New USB device found, idVendor=06cb, idProduct=0007, bcdDevice= 8.00
[  413.414794][ T5944] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  413.446279][ T5944] usb 7-1: config 0 descriptor??
[  413.531391][T16507] libceph: resolve '400' (ret=-3): failed
[  413.540072][T16456] (syz.3.4544,16456,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0x1cec3d0f, computed 0xd2ffbdfe. Applying ECC.
[  413.619930][T16456] (syz.3.4544,16456,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xdf8356d3, computed 0xb8c23ae4. Applying ECC.
[  413.655422][T16456] (syz.3.4544,16456,1):ocfs2_block_check_validate:416 ERROR: Fixed CRC32 failed: stored: 0xdf8356d3, computed 0x2acb7e3c
[  413.693333][T16456] (syz.3.4544,16456,1):ocfs2_read_quota_phys_block:160 ERROR: status = -5
[  413.702115][ T5944] input: USB Synaptics Device 06cb:0007 (Stick) as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.52/input/input14
[  413.765015][T16456] (syz.3.4544,16456,1):ocfs2_quota_read:201 ERROR: status = -5
[  413.783391][T16456] Quota error (device loop3): find_block_dqentry: Can't read quota tree block 6
[  413.848929][T16456] Quota error (device loop3): qtree_read_dquot: Can't read quota structure for id 0
[  413.901045][ T5916] usb 7-1: USB disconnect, device number 7
[  413.907303][T16456] (syz.3.4544,16456,1):ocfs2_acquire_dquot:890 ERROR: status = -5
[  413.923596][T13715] synaptics_usb 7-1:0.52: synusb_open - usb_submit_urb failed, error: -19
[  413.951390][T16456] (syz.3.4544,16456,1):ocfs2_mknod:318 ERROR: status = -5
[  413.975605][T16456] (syz.3.4544,16456,1):ocfs2_mknod:506 ERROR: status = -5
[  413.984457][ T5175] synaptics_usb 7-1:0.52: synusb_open - usb_submit_urb failed, error: -19
[  414.168368][T16528] loop4: detected capacity change from 0 to 1024
[  414.245674][ T5823] ocfs2: Unmounting device (7,3) on (node local)
[  414.273435][T16528] hfsplus: xattr search failed
[  414.403086][T16532] loop7: detected capacity change from 0 to 512
[  414.431077][T16532] EXT4-fs: Ignoring removed oldalloc option
[  414.501723][T16532] EXT4-fs error (device loop7): ext4_xattr_inode_iget:437: comm syz.7.4583: Parent and EA inode have the same ino 15
[  414.567577][T16532] loop7: lost filesystem error report for type 5 error -117
[  414.576878][    C0] EXT4-fs (loop7): error count since last fsck: 1
[  414.590773][    C0] EXT4-fs (loop7): initial error at time 1772115974: ext4_xattr_inode_iget:437
[  414.599804][    C0] EXT4-fs (loop7): last error at time 1772115974: ext4_xattr_inode_iget:437
[  414.613646][T16532] EXT4-fs error (device loop7): ext4_xattr_inode_iget:437: comm syz.7.4583: Parent and EA inode have the same ino 15
[  414.668632][T16532] loop7: lost filesystem error report for type 5 error -117
[  414.674688][T16532] EXT4-fs (loop7): 1 orphan inode deleted
[  414.744425][T16532] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  414.922421][T14521] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  415.104372][T16555] loop7: detected capacity change from 0 to 64
[  415.255314][T16562] netlink: 16 bytes leftover after parsing attributes in process `syz.6.4596'.
[  415.300663][T16562] netlink: 16 bytes leftover after parsing attributes in process `syz.6.4596'.
[  415.668367][T16578] openvswitch: netlink: IP tunnel dst address not specified
[  415.862941][T16588] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined
[  415.944900][T16593] xt_hashlimit: size too large, truncated to 1048576
[  416.108352][T16599] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  416.116258][T16599] IPv6: NLM_F_CREATE should be set when creating new route
[  416.123631][T16599] IPv6: NLM_F_CREATE should be set when creating new route
[  416.282820][T16605] libceph: resolve '4' (ret=-3): failed
[  416.601483][T16586] loop6: detected capacity change from 0 to 32768
[  416.620312][   T51] Bluetooth: hci6: command 0x0406 tx timeout
[  416.667635][T16586] JBD2: Ignoring recovery information on journal
[  416.751227][T16626] netlink: 'syz.1.4628': attribute type 1 has an invalid length.
[  416.759316][T16626] netlink: 'syz.1.4628': attribute type 11 has an invalid length.
[  416.767323][T16626] netlink: 224 bytes leftover after parsing attributes in process `syz.1.4628'.
[  416.831592][T16586] ocfs2: Mounting device (7,6) on (node local, slot 0) with ordered data mode.
[  416.843719][ T5833] Bluetooth: hci2: unexpected event for opcode 0x2024
[  416.990766][T12565] ocfs2: Unmounting device (7,6) on (node local)
[  417.299047][T16645] netlink: 5 bytes leftover after parsing attributes in process `syz.3.4636'.
[  417.367879][T16645] gretap0: entered promiscuous mode
[  417.384638][T16645] netlink: 'syz.3.4636': attribute type 1 has an invalid length.
[  417.428119][T16645] netlink: 3 bytes leftover after parsing attributes in process `syz.3.4636'.
[  417.437262][T16647] loop1: detected capacity change from 0 to 1024
[  417.573346][T16647] loop1: Can't mount, would change RO state
[  417.642838][T16653] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  417.675603][T16653] block device autoloading is deprecated and will be removed.
[  418.128739][T16677] netlink: 180 bytes leftover after parsing attributes in process `syz.7.4652'.
[  418.279787][T16685] loop6: detected capacity change from 0 to 164
[  418.794006][T16708] netlink: zone id is out of range
[  418.812773][T16708] netlink: zone id is out of range
[  419.393238][T16738] xt_hashlimit: max too large, truncated to 1048576
[  420.159048][T16774] netlink: 'syz.7.4696': attribute type 1 has an invalid length.
[  420.168811][ T5844] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  420.216539][T16774] netlink: 4 bytes leftover after parsing attributes in process `syz.7.4696'.
[  420.247799][T16777] nbd: must specify at least one socket
[  420.292057][T16779] netlink: 'syz.4.4701': attribute type 4 has an invalid length.
[  420.315314][T16779] netlink: 152 bytes leftover after parsing attributes in process `syz.4.4701'.
[  420.337282][T16781] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(3)
[  420.344390][T16781] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  420.360739][ T5844] usb 2-1: Using ep0 maxpacket: 8
[  420.372745][ T5844] usb 2-1: config 0 has an invalid interface number: 55 but max is 0
[  420.390761][ T5844] usb 2-1: config 0 has no interface number 0
[  420.395482][T16781] vhci_hcd vhci_hcd.0: Device attached
[  420.409776][T16779] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check.
[  420.429760][T16782] vhci_hcd: connection closed
[  420.432935][ T5844] usb 2-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  420.454187][  T962] vhci_hcd vhci_hcd.3: stop threads
[  420.465627][  T962] vhci_hcd vhci_hcd.3: release socket
[  420.476803][ T5844] usb 2-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  420.491679][  T962] vhci_hcd vhci_hcd.3: disconnect device
[  420.497688][ T5844] usb 2-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  420.527051][ T5844] usb 2-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  420.549667][ T5844] usb 2-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  420.587042][ T5844] usb 2-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  420.596279][ T5844] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  420.640741][ T5844] usb 2-1: config 0 descriptor??
[  420.678105][T16791] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4705'.
[  420.690222][ T5844] ldusb 2-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  420.724668][T16790] loop7: detected capacity change from 0 to 1024
[  420.795222][T16791] netlink: 'syz.4.4705': attribute type 3 has an invalid length.
[  420.838302][ T8916] hfsplus: b-tree write err: -5, ino 25
[  420.847067][ T8916] hfsplus: b-tree write err: -5, ino 4
[  420.852690][ T8916] hfsplus: b-tree write err: -5, ino 2
[  420.880745][T16795] loop6: detected capacity change from 0 to 256
[  420.893976][T16763] ldusb 2-1:0.55: Couldn't submit interrupt_in_urb -90
[  420.940495][T16795] FAT-fs (loop6): error, fat_get_cluster: invalid cluster chain (i_pos 196)
[  420.977529][   T10] usb 2-1: USB disconnect, device number 15
[  421.004844][T16795] FAT-fs (loop6): Filesystem has been set read-only
[  421.013994][T16795] FAT-fs (loop6): error, fat_get_cluster: invalid cluster chain (i_pos 196)
[  421.033719][T16795] FAT-fs (loop6): error, fat_get_cluster: invalid cluster chain (i_pos 196)
[  421.044212][   T10] ldusb 2-1:0.55: LD USB Device #0 now disconnected
[  421.064233][T16795] FAT-fs (loop6): error, fat_get_cluster: invalid cluster chain (i_pos 196)
[  421.123868][T16795] FAT-fs (loop6): error, fat_get_cluster: invalid cluster chain (i_pos 196)
[  421.133722][T16795] FAT-fs (loop6): error, fat_get_cluster: invalid cluster chain (i_pos 196)
[  421.144000][T16795] FAT-fs (loop6): error, fat_get_cluster: invalid cluster chain (i_pos 196)
[  421.163101][T16795] FAT-fs (loop6): error, fat_get_cluster: invalid cluster chain (i_pos 196)
[  421.189116][   T29] audit: type=1800 audit(1772115981.297:3077): pid=16795 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.6.4707" name="file1" dev="loop6" ino=1048673 res=0 errno=0
[  421.216640][T16795] FAT-fs (loop6): error, fat_free_clusters: deleting FAT entry beyond EOF
[  421.407958][T16807] loop3: detected capacity change from 0 to 256
[  421.475631][T16807] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x905a013b, utbl_chksum : 0xe619d30d)
[  421.773907][T16820] openvswitch: netlink: Tunnel attr 183 out of range max 16
[  422.139966][T16838] netlink: 256 bytes leftover after parsing attributes in process `syz.7.4728'.
[  422.360701][T16849] netlink: 28 bytes leftover after parsing attributes in process `syz.6.4734'.
[  422.413890][T16849] netlink: 28 bytes leftover after parsing attributes in process `syz.6.4734'.
[  422.730866][T16833] loop3: detected capacity change from 0 to 32768
[  422.778622][T16833] 
[  422.778622][T16833]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  422.778622][T16833] 
[  422.862015][T16833] read_mapping_page failed!
[  422.891094][T16833] ERROR: (device loop3): txCommit: 
[  422.891094][T16833] 
[  423.001960][T16871] loop4: detected capacity change from 0 to 1024
[  423.009819][   T12] ERROR: (device loop3): diWrite: ixpxd invalid
[  423.009819][   T12] 
[  423.027218][   T12] ERROR: (device loop3): txCommit: 
[  423.027218][   T12] 
[  423.056361][   T12] jfs_write_inode: jfs_commit_inode failed!
[  423.096534][ T5823] 
[  423.096534][ T5823]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  423.096534][ T5823] 
[  423.152775][ T5823] 
[  423.152775][ T5823]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  423.152775][ T5823] 
[  423.620216][T16857] loop6: detected capacity change from 0 to 32768
[  423.699008][T16857] XFS (loop6): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  423.719243][   T10] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  423.739229][T16896] overlayfs: conflicting options: nfs_export=on,metacopy=on
[  423.797962][T16903] loop3: detected capacity change from 0 to 512
[  423.809029][T16903] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  423.827232][T16857] XFS (loop6): Metadata CRC error detected at xfs_agf_read_verify+0x142/0x210, xfs_agf block 0x1 
[  423.853142][T16857] XFS (loop6): Unmount and run xfs_repair
[  423.859618][T16857] XFS (loop6): First 128 bytes of corrupted metadata buffer:
[  423.867471][T16857] 00000000: 58 41 47 46 00 00 00 00 00 00 00 00 00 00 10 00  XAGF............
[  423.876667][T16857] 00000010: 00 00 00 01 00 00 00 02 00 00 00 00 00 00 00 01  ................
[  423.885909][T16857] 00000020: 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 04  ................
[  423.904354][   T10] usb 2-1: Using ep0 maxpacket: 16
[  423.911228][T16857] 00000030: 00 00 00 04 00 00 0b a2 00 00 0b a0 00 00 00 00  ................
[  423.921106][T16857] 00000040: c4 96 e0 5e 54 0d 4c 72 b5 91 04 d7 9d 8b 4e eb  ...^T.Lr......N.
[  423.930825][T16857] 00000050: 00 00 00 00 00 00 00 01 00 00 00 05 00 00 00 01  ................
[  423.940416][T16857] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  423.950040][T16857] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  423.960427][T16857] XFS (loop6): metadata I/O error in "xfs_read_agf+0x289/0x5f0" at daddr 0x1 len 1 error 74
[  423.961268][   T10] usb 2-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  423.980917][T16857] loop6: lost filesystem error report for type 5 error -117
[  423.980945][T16857] XFS (loop6): Error -117 reserving per-AG metadata reserve pool.
[  423.981463][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  424.004441][   T10] usb 2-1: Product: syz
[  424.005872][T16903] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  424.008716][   T10] usb 2-1: Manufacturer: syz
[  424.008735][   T10] usb 2-1: SerialNumber: syz
[  424.020368][   T10] r8152-cfgselector 2-1: Unknown version 0x0000
[  424.056028][   T10] r8152-cfgselector 2-1: config 0 descriptor??
[  424.077481][T16857] XFS (loop6): Corruption of in-memory data (0x8) detected at xfs_fs_reserve_ag_blocks+0x1f0/0x240 (fs/xfs/xfs_fsops.c:559).  Shutting down filesystem.
[  424.103203][T16857] XFS (loop6): Please unmount the filesystem and rectify the problem(s)
[  424.111361][T16903] ext4 filesystem being mounted at /999/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  424.128528][T16857] loop6: lost filesystem error report for type 5 error -108
[  424.128575][T16857] XFS (loop6): Ending clean mount
[  424.184227][T16857] XFS (loop6): Failed to initialize disk quotas, err -5.
[  424.280901][ T5823] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  424.419367][T12565] XFS (loop6): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  424.577045][   T10] r8152-cfgselector 2-1: USB disconnect, device number 16
[  424.789609][T16926] loop7: detected capacity change from 0 to 512
[  424.851631][T16926] EXT4-fs (loop7): orphan cleanup on readonly fs
[  424.863929][T16926] EXT4-fs warning (device loop7): ext4_xattr_inode_get:546: inode #11: comm syz.7.4767: ea_inode file size=4 entry size=6
[  424.906230][T16926] EXT4-fs warning (device loop7): ext4_expand_extra_isize_ea:2858: Unable to expand inode 15. Delete some EAs or run e2fsck.
[  424.922416][T16926] EXT4-fs error (device loop7): ext4_do_update_inode:5569: inode #15: comm syz.7.4767: corrupted inode contents
[  424.940448][T16926] loop7: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117
[  424.946877][    C0] EXT4-fs (loop7): error count since last fsck: 1
[  424.962918][    C0] EXT4-fs (loop7): initial error at time 1772115985: ext4_do_update_inode:5569: inode 15
[  424.972857][    C0] EXT4-fs (loop7): last error at time 1772115985: ext4_do_update_inode:5569: inode 15
[  424.986411][T16926] EXT4-fs (loop7): Remounting filesystem read-only
[  424.994902][T16926] EXT4-fs warning (device loop7): ext4_evict_inode:275: xattr delete (err -30)
[  425.004394][T16926] EXT4-fs (loop7): 1 orphan inode deleted
[  425.012801][T16926] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  425.127916][T14521] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  426.536280][T16999] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4804'.
[  426.565837][T16999] netlink: 40 bytes leftover after parsing attributes in process `syz.3.4804'.
[  426.868499][T17010] overlayfs: missing 'lowerdir'
[  427.025638][T16988] loop6: detected capacity change from 0 to 32768
[  427.036634][T17018] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  427.062988][T16988] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.4796 (16988)
[  427.130624][T16988] BTRFS info (device loop6): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  427.156258][T16988] BTRFS info (device loop6): using sha256 checksum algorithm
[  427.478208][T16988] BTRFS info (device loop6): enabling ssd optimizations
[  427.485275][T16988] BTRFS info (device loop6): turning on async discard
[  427.547262][T16988] BTRFS info (device loop6): enabling free space tree
[  427.687309][T12565] BTRFS info (device loop6): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  427.857126][T17058] loop3: detected capacity change from 0 to 1024
[  428.451658][T17046] loop1: detected capacity change from 0 to 32768
[  428.509771][T17044] loop4: detected capacity change from 0 to 32768
[  428.520778][T17046] jfs_lookup: iget failed on inum 4
[  428.592050][T17044] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.4818 (17044)
[  428.681160][T17044] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  428.768219][T17044] BTRFS info (device loop4): using sha256 checksum algorithm
[  428.775819][T17044] BTRFS warning (device loop4): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  429.027383][T17044] BTRFS info (device loop4): rebuilding free space tree
[  429.166403][T17044] BTRFS info (device loop4): disabling free space tree
[  429.190614][T17044] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  429.197035][T17100] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4837'.
[  429.234672][T17044] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  429.263386][T17105] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  429.288618][T17044] BTRFS info (device loop4): enabling ssd optimizations
[  429.295649][T17044] BTRFS info (device loop4): enabling disk space caching
[  429.322558][T17044] BTRFS info (device loop4): force clearing of disk cache
[  429.346920][T17044] BTRFS info (device loop4): enabling auto defrag
[  429.360387][T17044] BTRFS info (device loop4): max_inline set to 0
[  429.457051][ T5945] usb 7-1: new full-speed USB device number 8 using dummy_hcd
[  429.518133][ T5828] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  429.638933][ T5945] usb 7-1: config 0 has an invalid interface number: 52 but max is 0
[  429.671828][ T5945] usb 7-1: config 0 has an invalid descriptor of length 48, skipping remainder of the config
[  429.693858][T17116] xt_limit: Overflow, try lower: 31324/2147483648
[  429.721145][ T5945] usb 7-1: config 0 has no interface number 0
[  429.739684][ T5945] usb 7-1: config 0 interface 52 altsetting 1 endpoint 0x8A has invalid maxpacket 12336, setting to 64
[  429.788035][ T5945] usb 7-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  429.848726][ T5945] usb 7-1: config 0 interface 52 has no altsetting 0
[  429.883547][ T5945] usb 7-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice=e8.00
[  429.976892][ T5945] usb 7-1: New USB device strings: Mfr=22, Product=0, SerialNumber=0
[  429.996909][ T5945] usb 7-1: Manufacturer: syz
[  430.017482][ T5945] usb 7-1: config 0 descriptor??
[  430.068964][ T5945] hub 7-1:0.52: bad descriptor, ignoring hub
[  430.132185][ T5945] hub 7-1:0.52: probe with driver hub failed with error -5
[  430.155972][T17129] raw_sendmsg: syz.1.4852 forgot to set AF_INET. Fix it!
[  430.179082][ T5944] usb 8-1: new high-speed USB device number 6 using dummy_hcd
[  430.270306][ T5945] input: syz as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.52/input/input16
[  430.366318][ T5944] usb 8-1: Using ep0 maxpacket: 16
[  430.375993][ T5944] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0
[  430.407411][ T5944] usb 8-1: config 0 interface 0 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 0
[  430.458188][ T5944] usb 8-1: config 0 interface 0 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 161
[  430.483570][ T5944] usb 8-1: New USB device found, idVendor=04d8, idProduct=0a30, bcdDevice=ce.47
[  430.528451][   T30] INFO: task syz.0.2641:12041 blocked for more than 143 seconds.
[  430.536434][ T5944] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  430.547924][   T30]       Not tainted syzkaller #0
[  430.552966][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  430.576920][ T5944] usb 8-1: Product: syz
[  430.581159][ T5944] usb 8-1: Manufacturer: syz
[  430.585831][ T5944] usb 8-1: SerialNumber: syz
[  430.602679][   T30] task:syz.0.2641      state:D stack:27048 pid:12041 tgid:12038 ppid:5821   task_flags:0x400040 flags:0x00080002
[  430.615700][   T30] Call Trace:
[  430.619104][   T30]  <TASK>
[  430.622084][   T30]  __schedule+0x15dd/0x5300
[  430.626666][   T30]  ? __pfx___schedule+0x10/0x10
[  430.632521][   T30]  ? schedule+0x90/0x360
[  430.637246][   T30]  schedule+0x164/0x360
[  430.641472][   T30]  schedule_preempt_disabled+0x13/0x30
[  430.652149][   T30]  __mutex_lock+0x7fe/0x1300
[  430.658604][ T5916] usb 7-1: USB disconnect, device number 8
[  430.678387][   T30]  ? __mutex_lock+0x5ac/0x1300
[  430.683308][   T30]  ? nfsd_nl_threads_get_doit+0x1c0/0x790
[  430.697013][   T30]  ? __pfx___mutex_lock+0x10/0x10
[  430.702725][   T30]  ? __nlmsg_put+0xef/0x1b0
[  430.707611][   T30]  ? genlmsg_put+0x137/0x2e0
[  430.714774][ T5944] usb 8-1: config 0 descriptor??
[  430.720838][T17120] raw-gadget.1 gadget.7: fail, usb_ep_enable returned -22
[  430.725309][   T30]  nfsd_nl_threads_get_doit+0x1c0/0x790
[  430.736027][   T30]  ? vsnprintf+0xdf1/0xee0
[  430.749858][   T30]  ? __pfx_nfsd_nl_threads_get_doit+0x10/0x10
[  430.765359][   T30]  ? snprintf+0xe8/0x140
[  430.779713][   T30]  ? is_bpf_text_address+0x26/0x2b0
[  430.786289][   T30]  ? sock_sendmsg_nosec+0x18f/0x1d0
[  430.792060][   T30]  genl_family_rcv_msg_doit+0x22a/0x330
[  430.800675][   T30]  ? __asan_memcpy+0x40/0x70
[  430.805740][   T30]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  430.818072][   T30]  genl_rcv_msg+0x61c/0x7a0
[  430.823212][   T30]  ? __pfx_genl_rcv_msg+0x10/0x10
[  430.828806][   T30]  ? __pfx_nfsd_nl_threads_get_doit+0x10/0x10
[  430.834947][   T30]  ? __lock_acquire+0x6b5/0x2cf0
[  430.841994][   T30]  netlink_rcv_skb+0x232/0x4b0
[  430.847514][   T30]  ? __pfx_genl_rcv_msg+0x10/0x10
[  430.860678][ T5944] mcba_usb 8-1:0.0 can0: failed tx_urb -90
[  430.866709][ T5944] mcba_usb 8-1:0.0 can0: Failed to send cmd (169)
[  430.880825][ T5944] mcba_usb 8-1:0.0 can0: failed tx_urb -90
[  430.887078][   T30]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  430.892547][   T30]  ? down_read+0x272/0x2e0
[  430.895345][ T5944] mcba_usb 8-1:0.0 can0: Failed to send cmd (169)
[  430.902784][   T30]  ? genl_rcv+0xd/0x40
[  430.904584][ T5944] mcba_usb 8-1:0.0: Microchip CAN BUS Analyzer connected
[  430.913052][   T30]  genl_rcv+0x28/0x40
[  430.927641][   T30]  netlink_unicast+0x80f/0x9b0
[  430.942320][   T30]  ? __pfx_netlink_unicast+0x10/0x10
[  430.948047][   T30]  ? netlink_sendmsg+0x650/0xb40
[  430.953168][   T30]  ? skb_put+0x11b/0x210
[  430.957953][   T30]  netlink_sendmsg+0x813/0xb40
[  430.962916][   T30]  ? __pfx_netlink_sendmsg+0x10/0x10
[  430.968870][   T30]  ? tomoyo_socket_sendmsg_permission+0x1e0/0x300
[  430.975463][   T30]  ? __pfx_netlink_sendmsg+0x10/0x10
[  430.981345][   T30]  sock_sendmsg_nosec+0x18f/0x1d0
[  430.986560][   T30]  ____sys_sendmsg+0x589/0x8c0
[  430.991972][   T30]  ? futex_unqueue+0x211/0x240
[  430.997189][   T30]  ? __pfx_____sys_sendmsg+0x10/0x10
[  431.002630][   T30]  ? import_iovec+0x73/0xa0
[  431.007869][   T30]  ___sys_sendmsg+0x2a5/0x360
[  431.014920][   T30]  ? __pfx____sys_sendmsg+0x10/0x10
[  431.029928][   T30]  ? futex_wait+0x29a/0x380
[  431.034944][ T5844] usb 8-1: USB disconnect, device number 6
[  431.041124][   T30]  ? __fget_files+0x2a/0x420
[  431.045892][   T30]  ? __fget_files+0x3a0/0x420
[  431.051770][   T30]  __x64_sys_sendmsg+0x1bd/0x2a0
[  431.057341][ T5844] mcba_usb 8-1:0.0 can0: device disconnected
[  431.059618][   T30]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  431.070735][   T30]  ? rcu_is_watching+0x15/0xb0
[  431.075933][   T30]  do_syscall_64+0x14d/0xf80
[  431.080938][   T30]  ? trace_irq_disable+0x3b/0x150
[  431.086152][   T30]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  431.092471][   T30]  ? clear_bhb_loop+0x40/0x90
[  431.097375][   T30]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  431.103753][   T30] RIP: 0033:0x7f51bfd9c799
[  431.108628][   T30] RSP: 002b:00007f51c0cca028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  431.117255][   T30] RAX: ffffffffffffffda RBX: 00007f51c0015fa0 RCX: 00007f51bfd9c799
[  431.127122][   T30] RDX: 0000000004008090 RSI: 0000200000000140 RDI: 0000000000000003
[  431.135248][   T30] RBP: 00007f51bfe32bd9 R08: 0000000000000000 R09: 0000000000000000
[  431.148352][   T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  431.164117][   T30] R13: 00007f51c0016038 R14: 00007f51c0015fa0 R15: 00007fff07ebcb38
[  431.178483][   T30]  </TASK>
[  431.181729][   T30] 
[  431.181729][   T30] Showing all locks held in the system:
[  431.190430][   T30] 2 locks held by ksoftirqd/1/23:
[  431.195779][   T30]  #0: ffff8880b873ad60 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x31/0x150
[  431.213229][   T30]  #1: ffff8880b8724588 (psi_seq){-.-.}-{0:0}, at: psi_task_switch+0x53/0x880
[  431.236217][   T30] 1 lock held by khungtaskd/30:
[  431.246512][   T30]  #0: ffffffff8e7605a0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[  431.262301][   T30] 4 locks held by udevd/5190:
[  431.267615][   T30] 2 locks held by getty/5576:
[  431.272426][   T30]  #0: ffff8880329a40a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  431.282799][   T30]  #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x45c/0x13c0
[  431.293443][   T30] 6 locks held by kworker/1:3/5844:
[  431.299211][   T30] 7 locks held by kworker/1:6/5916:
[  431.304618][   T30]  #0: ffff8880206c3548 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x855/0x1650
[  431.322595][   T30]  #1: ffffc9000453fc40 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x87c/0x1650
[  431.336645][   T30]  #2: ffff88802a61f198 (&dev->mutex){....}-{4:4}, at: hub_event+0x17f/0x4f30
[  431.345786][   T30]  #3: ffff8880593be198 (&dev->mutex){....}-{4:4}, at: usb_disconnect+0xf8/0x990
[  431.355293][   T30]  #4: ffff88807b373160 (&dev->mutex){....}-{4:4}, at: device_release_driver_internal+0xb6/0x860
[  431.366090][   T30]  #5: ffffffff8f6421a8 (input_mutex){+.+.}-{4:4}, at: __input_unregister_device+0x328/0x640
[  431.376725][   T30]  #6: ffffffff8e766838 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x38d/0x770
[  431.387876][   T30] 4 locks held by udevd/6039:
[  431.392590][   T30]  #0: ffff8880256fc0a0 (&p->lock){+.+.}-{4:4}, at: seq_read_iter+0xb7/0xe10
[  431.401560][   T30]  #1: ffff88807712cc88 (&of->mutex#2){+.+.}-{4:4}, at: kernfs_seq_start+0x5c/0x420
[  431.411301][   T30]  #2: ffff8880566354b8 (kn->active#30){++++}-{0:0}, at: kernfs_seq_start+0xb2/0x420
[  431.420942][   T30]  #3: ffff88803154c198 (&dev->mutex){....}-{4:4}, at: manufacturer_show+0x26/0xa0
[  431.431797][   T30] 4 locks held by udevd/6803:
[  431.436517][   T30]  #0: ffff888052d06418 (&p->lock){+.+.}-{4:4}, at: seq_read_iter+0xb7/0xe10
[  431.445435][   T30]  #1: ffff88807adc9888 (&of->mutex#2){+.+.}-{4:4}, at: kernfs_seq_start+0x5c/0x420
[  431.455091][   T30]  #2: ffff8880571a72d8 (kn->active#30){++++}-{0:0}, at: kernfs_seq_start+0xb2/0x420
[  431.464715][   T30]  #3: ffff8880593be198 (&dev->mutex){....}-{4:4}, at: manufacturer_show+0x26/0xa0
[  431.474244][   T30] 2 locks held by syz.2.1740/9994:
[  431.479643][   T30]  #0: ffffffff8fc401f0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[  431.488348][   T30]  #1: ffffffff8ea87f48 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_nl_listener_set_doit+0x141/0x1670
[  431.498711][   T30] 2 locks held by syz.0.2641/12041:
[  431.503941][   T30]  #0: ffffffff8fc401f0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[  431.512253][   T30]  #1: ffffffff8ea87f48 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_nl_threads_get_doit+0x1c0/0x790
[  431.522426][   T30] 3 locks held by syz.5.3541/14050:
[  431.527733][   T30]  #0: ffffffff8fc401f0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[  431.537123][   T30]  #1: ffff88805957a6f0 (nlk_cb_mutex-GENERIC){+.+.}-{4:4}, at: __netlink_dump_start+0xfe/0x7e0
[  431.548611][   T30]  #2: ffffffff8ea87f48 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_nl_rpc_status_get_dumpit+0xdc/0x1410
[  431.559363][   T30] 2 locks held by dhcpcd/17141:
[  431.564257][   T30]  #0: ffff88805891e848 (&sb->s_type->i_mutex_key#14){+.+.}-{4:4}, at: __sock_release+0x89/0x250
[  431.580832][   T30]  #1: ffffffff8e766838 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x2d0/0x770
[  431.609970][   T30] 
[  431.622432][   T30] =============================================
[  431.622432][   T30] 
[  431.632162][   T30] NMI backtrace for cpu 0
[  431.632182][   T30] CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
[  431.632204][   T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  431.632217][   T30] Call Trace:
[  431.632226][   T30]  <TASK>
[  431.632234][   T30]  dump_stack_lvl+0xe8/0x150
[  431.632269][   T30]  nmi_cpu_backtrace+0x274/0x2d0
[  431.632293][   T30]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  431.632323][   T30]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[  431.632348][   T30]  sys_info+0x135/0x170
[  431.632367][   T30]  watchdog+0xfd9/0x1030
[  431.632390][   T30]  ? watchdog+0x21a/0x1030
[  431.632417][   T30]  kthread+0x388/0x470
[  431.632439][   T30]  ? __pfx_watchdog+0x10/0x10
[  431.632456][   T30]  ? __pfx_kthread+0x10/0x10
[  431.632478][   T30]  ret_from_fork+0x51e/0xb90
[  431.632508][   T30]  ? __pfx_ret_from_fork+0x10/0x10
[  431.632533][   T30]  ? __switch_to+0xc7d/0x1450
[  431.632560][   T30]  ? __pfx_kthread+0x10/0x10
[  431.632582][   T30]  ret_from_fork_asm+0x1a/0x30
[  431.632630][   T30]  </TASK>
[  431.632639][   T30] Sending NMI from CPU 0 to CPUs 1:
[  431.744974][    C1] NMI backtrace for cpu 1
[  431.744993][    C1] CPU: 1 UID: 0 PID: 5485 Comm: dhcpcd Not tainted syzkaller #0 PREEMPT(full) 
[  431.745021][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  431.745032][    C1] RIP: 0010:lock_release+0x111/0x3d0
[  431.745070][    C1] Code: 24 83 f8 32 0f 83 2a 02 00 00 4a 8d 1c ad 00 00 00 00 4c 01 eb 48 8d 6c dd 00 48 89 ef 4c 89 f6 e8 44 14 0d 0a 44 89 64 24 14 <45> 89 e5 85 c0 0f 84 d7 00 00 00 48 85 ed 0f 84 13 01 00 00 83 7d
[  431.745086][    C1] RSP: 0018:ffffc90002ed6e38 EFLAGS: 00000046
[  431.745102][    C1] RAX: 0000000000000001 RBX: 000000000000000a RCX: 0000000000000046
[  431.745114][    C1] RDX: 0000000000000000 RSI: ffffffff8e7605a0 RDI: ffff88802726e728
[  431.745126][    C1] RBP: ffff88802726e728 R08: ffffffff8984d527 R09: ffffffff8e7605a0
[  431.745139][    C1] R10: dffffc0000000000 R11: ffffed100f9ced82 R12: 0000000000000002
[  431.745151][    C1] R13: 0000000000000002 R14: ffffffff8e7605a0 R15: ffff88802726db80
[  431.745164][    C1] FS:  00007fcaf7398780(0000) GS:ffff888125555000(0000) knlGS:0000000000000000
[  431.745186][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  431.745203][    C1] CR2: 00005640bfdb6000 CR3: 00000000790d8000 CR4: 00000000003526f0
[  431.745219][    C1] Call Trace:
[  431.745232][    C1]  <TASK>
[  431.745240][    C1]  ? put_master_ifindex+0x77/0x280
[  431.745270][    C1]  ? put_master_ifindex+0x77/0x280
[  431.745294][    C1]  put_master_ifindex+0x221/0x280
[  431.745320][    C1]  ? __pfx_put_master_ifindex+0x10/0x10
[  431.745339][    C1]  ? __asan_memcpy+0x40/0x70
[  431.745373][    C1]  ? nla_put+0xd0/0x150
[  431.745393][    C1]  rtnl_fill_ifinfo+0x103c/0x20f0
[  431.745413][    C1]  ? __pfx_rtnl_fill_ifinfo+0x10/0x10
[  431.745435][    C1]  ? __asan_memset+0x22/0x50
[  431.745464][    C1]  ? __nla_validate_parse+0x2480/0x2dc0
[  431.745483][    C1]  ? __lock_acquire+0x6b5/0x2cf0
[  431.745512][    C1]  ? xas_load+0x578/0x5c0
[  431.745545][    C1]  ? xa_find+0x25b/0x2b0
[  431.745558][    C1]  ? xa_find+0x8c/0x2b0
[  431.745574][    C1]  rtnl_dump_ifinfo+0xbb1/0x1180
[  431.745614][    C1]  ? __pfx_rtnl_dump_ifinfo+0x10/0x10
[  431.745642][    C1]  ? __lock_acquire+0x6b5/0x2cf0
[  431.745694][    C1]  ? trace_kmalloc+0x2a/0x110
[  431.745712][    C1]  ? __kmalloc_node_track_caller_noprof+0x4f9/0x7b0
[  431.745734][    C1]  ? __pfx_rtnl_dump_ifinfo+0x10/0x10
[  431.745754][    C1]  rtnl_dumpit+0xa2/0x200
[  431.745782][    C1]  netlink_dump+0x722/0xe80
[  431.745807][    C1]  ? __pfx_netlink_dump+0x10/0x10
[  431.745832][    C1]  ? kmem_cache_free+0x187/0x630
[  431.745850][    C1]  ? netlink_recvmsg+0x5d6/0xa50
[  431.745871][    C1]  netlink_recvmsg+0x690/0xa50
[  431.745894][    C1]  ? __pfx_netlink_recvmsg+0x10/0x10
[  431.745915][    C1]  ? __pfx_aa_sk_perm+0x10/0x10
[  431.745939][    C1]  ? __pfx_netlink_recvmsg+0x10/0x10
[  431.745960][    C1]  sock_recvmsg_nosec+0x186/0x1c0
[  431.745981][    C1]  ____sys_recvmsg+0x245/0x510
[  431.746009][    C1]  ? __pfx_____sys_recvmsg+0x10/0x10
[  431.746039][    C1]  ? import_iovec+0x73/0xa0
[  431.746058][    C1]  ___sys_recvmsg+0x215/0x590
[  431.746083][    C1]  ? __pfx____sys_recvmsg+0x10/0x10
[  431.746120][    C1]  ? __pfx_handle_mm_fault+0x10/0x10
[  431.746149][    C1]  __x64_sys_recvmsg+0x1ba/0x2a0
[  431.746174][    C1]  ? __pfx___x64_sys_recvmsg+0x10/0x10
[  431.746209][    C1]  ? do_user_addr_fault+0xc6f/0x1340
[  431.746238][    C1]  do_syscall_64+0x14d/0xf80
[  431.746267][    C1]  ? trace_irq_disable+0x3b/0x150
[  431.746292][    C1]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  431.746310][    C1]  ? clear_bhb_loop+0x40/0x90
[  431.746330][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  431.746347][    C1] RIP: 0033:0x7fcaf7422407
[  431.746362][    C1] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
[  431.746376][    C1] RSP: 002b:00007ffd461d4c60 EFLAGS: 00000202 ORIG_RAX: 000000000000002f
[  431.746393][    C1] RAX: ffffffffffffffda RBX: 00007fcaf7398780 RCX: 00007fcaf7422407
[  431.746406][    C1] RDX: 0000000000000000 RSI: 00007ffd461d4cf0 RDI: 0000000000000012
[  431.746417][    C1] RBP: 00007ffd461d4cd4 R08: 0000000000000000 R09: 0000000000000000
[  431.746427][    C1] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000001f40
[  431.746438][    C1] R13: 00007ffd461d4ce0 R14: 00007ffd461d4dd0 R15: 0000000000000000
[  431.746458][    C1]  </TASK>
[  432.168547][   T30] Kernel panic - not syncing: hung_task: blocked tasks
[  432.175467][   T30] CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
[  432.184704][   T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  432.194811][   T30] Call Trace:
[  432.198129][   T30]  <TASK>
[  432.201094][   T30]  vpanic+0x56c/0xa60
[  432.205125][   T30]  ? __pfx___schedule+0x10/0x10
[  432.210022][   T30]  ? __pfx_vpanic+0x10/0x10
[  432.214668][   T30]  panic+0xc5/0xd0
[  432.218437][   T30]  ? __pfx_panic+0x10/0x10
[  432.222904][   T30]  ? preempt_schedule_thunk+0x16/0x30
[  432.228331][   T30]  ? nmi_trigger_cpumask_backtrace+0x2bb/0x300
[  432.234791][   T30]  watchdog+0x1023/0x1030
[  432.239172][   T30]  ? watchdog+0x21a/0x1030
[  432.243810][   T30]  kthread+0x388/0x470
[  432.248528][   T30]  ? __pfx_watchdog+0x10/0x10
[  432.253588][   T30]  ? __pfx_kthread+0x10/0x10
[  432.258270][   T30]  ret_from_fork+0x51e/0xb90
[  432.262928][   T30]  ? __pfx_ret_from_fork+0x10/0x10
[  432.268094][   T30]  ? __switch_to+0xc7d/0x1450
[  432.273345][   T30]  ? __pfx_kthread+0x10/0x10
[  432.278030][   T30]  ret_from_fork_asm+0x1a/0x30
[  432.282867][   T30]  </TASK>
[  432.286603][   T30] Kernel Offset: disabled
[  432.290938][   T30] Rebooting in 86400 seconds..