last executing test programs:

2m13.612569235s ago: executing program 1 (id=59):
mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)

2m13.407220502s ago: executing program 1 (id=62):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/fs/smackfs/access', 0x2, 0x0)

2m13.397631433s ago: executing program 1 (id=64):
statx(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0, &(0x7f0000000000))

2m6.357519685s ago: executing program 1 (id=66):
syz_mount_image$ext4(&(0x7f0000000340)='ext4\x00', &(0x7f0000000980)='./file0\x00', 0x3000010, &(0x7f0000000100)={[{@resuid}, {@nobh}]}, 0x1, 0x519, &(0x7f00000009c0)="$eJzs3cFvI1cZAPBvJvE2u5tiFxAqlSgVLcpWsHbS0DZCCMoFTpWA5b6ExImi2HEUO2UTVZCK/wAhgcSJExck/gCkqgfEGVWqBBfEAQECIdjCAQnoII/HJevYSaBJnI1/P+mt35sZz/e9ifw8M56dCWBiPRURL0XEVEQ8GxHlYnpalDjole5yb99/daVbksiyO39JIimm9dfVbU9HxM3ibTMR8ZUvRnw9ORq3vbe/udxo1HeKdq3T3K619/ZvbzSX1+vr9a3FxYUXll5cen5pPiu8p35W+pUffeGzr3/yG7+9+6db3+ym9ZkPRSkG+nGWel0v5duir7uNds4j2BhMFf0pjTsRAABOpbuP//6I+Fi+/1+OqXxvbsDUODIDAAAAzkr2udn4VxKRAQAAAFdWGhGzkaTV4lqA2UjTa8W5gQ/GjbTRanc+sdba3VrtzouoRCld22jU54trhStRSrrtheIa2377uYH2YkQ8FhHfLV/P29WVVmN1zOc+AAAAYFLcHDj+/3s5zesnG/L/BAAAAIDLqzKyAQAAAFwVDvkBAADg6hs8/n99THkAAAAA5+JLL7/cLVn/+derr+ztbrZeub1ab29Wm7sr1ZXWznZ1vdVaz+/Z1zxpfY1Wa/tTsbV7r9aptzu19t7+3WZrd6tzd+OBR2ADAAAAF+ixj77xqyQiDj59PS9R3AcQ4AG/H3cCwFmaGncCwNi4izdMrlK/cm28eQDjk5ww38U7AADw8Jv78NHf//unAkpjzQw4b671AYDJ4/d/mFwlVwDCREsj4n296iOjlhn5+/8vThslyyLeLB+e4vwiAABcrNm8JGm1OA6YjTStViMejUgrUUrWNhr1+eL44Jfl0iPd9kL+zuTEa4YBAAAAAAAAAAAAAAAAAAAAAAAAgJ4sSyIDAAAArrSI9I9Jfjf/iLnyM7OD5weuJf8oxx+Kxg/ufO/ecqezs9Cd/tf8WV7XIqLz/TulfPpzIx8fBgAAAJy15GDkrN5xevG6cKFZAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAB3r7/6kq/XGTcP38+IirD4k/HTP46E6WIuPG3JKYPvS+JiKkziH/wWkQ8Pix+Eu9kWVYpshgW//o5x6/km2Z4/DQibp5BfJhkb3THn5eGff7SeCp/Hf75my7KezV6/EuLyI/n49yw8efRI2trDo3xxFs/qY2M/1rEE9PDx5/++JuMiP/0kbX9M8uyozG+9tX9/VHxsx9GzA39/kkeiFXrNLdr7b392xvN5fX6en1rcXHhhaUXl55fmq+tbTTqxb9DY3znIz9957j+3xgS/ze/7o2/x/X/mVErHfDvt+7d/0CvWhoW/9bTQ79/Z2JE/LT47vt4Ue/On+vXD3r1w5788ZtPHtf/1RHb/6S//61T9v/ZL3/7d6dcFAC4AO29/c3lRqO+c0xl5hTLPIyVn81cijT+x0r2rd5f7rLk8/9Wunur/53S79UlSOxQJbuwWFNxSbr8bmWswxIAAHAOfv7uTv+4MwEAAAAAAAAAAAAAAAAAAIDJdRG3ExuMeTCergIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHOs/AQAA//9GB9/T")
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x109041, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x891018, 0x0)
mount$bind(0x0, &(0x7f0000000140)='./file0/file0\x00', 0x0, 0x80000, 0x0)
mount$bind(&(0x7f00000002c0)='./file0/file0\x00', &(0x7f0000000240)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
umount2(&(0x7f00000001c0)='./file0/../file0\x00', 0x8)

2m5.853291632s ago: executing program 1 (id=76):
syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x8102, &(0x7f0000000080), 0x0, 0x517, &(0x7f0000000700)="$eJzs3d9rY1kdAPDvvW06v7qmiz6sC67FXeksOkm7dXeLDzsriD4tqOt7LW1aStOmNOnMtAzSwT9AkEEFn3zyRfAPEGT+BBEG9N1fKOLMOA++aCTJjdNkEtupScM0nw+c3nPvufd+z0nJzTk5l9wAxtZsRHwYETcj4u2IyGfb0yzFUSs19nvy+O5qIyVRr3/89ySSbFv7XEm2vJYddjkivvX1iHhUr3fHrR4cbq2Uy6W9bL1Y294tVg8Ob2xur2yUNko7i4sL7y29v/Tu0vyZ23brWH4mIj746p9/+P2ffe2DX33x9u+X/3r9u0nW/uhqxyC1XpNc87Vom4yIvWEEG4GJrD25xsr9UdcGAICTpFkf7nPN/n8+Jpq9OQAAAOAiqd+cbs7d1AEAAIALK42I6UjSQnYvwHSkaaHQuof3U3E1LVeqtS+sV/Z31hplETORS9c3J0rz2b3CM5FL1jfLpYXsHtv2+jtd64sR8WpE3M9faa4XVivltVF/+QEAAABj4lrX+P9pvjX+P5V0yJUDAAAABmdm1BUAAAAAhs74HwAAAC4+438AAAC40L7x0UeNVG8//3rt1sH+VuXWjbVSdauwvb9aWK3s7RY2KpWN5m/2bZ90vnKlsvul2Nm/U6yVqrVi9eBwebuyv1Nb3ux4BDYAAABwjl797IPfJRFx9OUrzRRJxFRWlhtx3YDheqGf8PzTf3NTw6gLcL4mRl0BYGQmR10BYGSM8YHkhPK+N+/8evB1AQAAhmPu013z/2H+H8aFR3jC+DL/D+Orx/y/WwJgTOT0AGDsDX/+v15/oQoBAAADN91MSVrI5gKnI00LhYhXmo8FyCXrm+XSfER8IiJ+m89daqwvNI9MThwzAAAAAAAAAAAAAAAAAAAAAAAAAAAt9XoS9TN4epaDAAAAgJGISP+SZM//msu/Nd39/cBU8s98cxkRt3/y8Y/urNRqewuN7Y/yU9n22o+z7e+c8GWDh40DAADA8Ew+y7bH6e1xPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAM0pPHd1fb6Tzj/u0rETHTK/5kXG4uL0cuIq7+I4nJY8clETExgPhH9yLitV7xk0a1YiarRXf8NCKujDj+tQHEh3H2oHH9+bDX+y+N2eay9/tvMkv/r+PXv8bl4Hj89vVvos/175VTxnj94S+KfePfi3h9svf1px0/6RP/zb4RL3Wsfefbh4f99qz/NGKu5+dP0hGrWNveLVYPDm9sbq9slDZKO4uLC+8tvb/07tJ8cX2zXMr+9ozxg8/88t/NTNq7/Vf7xJ85of1v9W1/p389vPP4k61srlf86292xp/Nyl7rEz/NPvs+n+Ub5XPt/FErf9wbP//NG1n2uY+sRvy1Pu0/6f9//ZTtf/ub3/vjKXcFAM5B9eBwa6VcLu0NPTPbu6jdIzqvajyX+cPNiHMP+nJmkgGfcDnf+r9PRGdRu+t/9jM3hlKNM3QWNbqto34NX5rM6K5JAADAcDzr9J9i544J90vDqxQAAAAAAAAAAAAAAAAAAACMmfP4ObHumEejaSoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwP/0nwAAAP//AEDGvA==")

2m4.579356165s ago: executing program 1 (id=83):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@ipv6_newrule={0x1c, 0x1a, 0x1, 0x0, 0x0, {0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}}, 0x1c}}, 0x0)

2m4.42001555s ago: executing program 32 (id=83):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@ipv6_newrule={0x1c, 0x1a, 0x1, 0x0, 0x0, {0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}}, 0x1c}}, 0x0)

35.971939976s ago: executing program 0 (id=1045):
syz_usb_connect$cdc_ecm(0x2, 0x4d, &(0x7f0000000700)={{0x12, 0x1, 0x110, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x3b, 0x1, 0x1, 0xe, 0x80, 0x9, [{{0x9, 0x4, 0x0, 0xff, 0x3, 0x2, 0x6, 0x0, 0x7, {{0x5}, {0x5}, {0xd, 0x24, 0xf, 0x1, 0x10001, 0xbe, 0x3f59, 0x5}}, {[], {{0x9, 0x5, 0x82, 0x2, 0x0, 0x10, 0x2, 0x6}}, {{0x9, 0x5, 0x3, 0x2, 0xd0852bb095f4d3f1, 0x2, 0xa, 0xf4}}}}}]}}]}}, 0x0)

34.455367136s ago: executing program 0 (id=1061):
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$RDMA_USER_CM_CMD_JOIN_MCAST(r0, &(0x7f0000000100)={0x16, 0x98, 0xfa00, {0x0, 0x20, 0xffffffffffffffff, 0x10, 0x1, @in={0x2, 0x4e20, @private=0xa010102}}}, 0xa0)

34.360503362s ago: executing program 0 (id=1062):
syz_mount_image$iso9660(&(0x7f00000000c0), &(0x7f0000000000)='./bus\x00', 0x2000c12, &(0x7f0000000280)={[{@utf8}, {@showassoc}, {@showassoc}, {@cruft}, {@iocharset={'iocharset', 0x3d, 'iso8859-5'}}, {@session={'session', 0x3d, 0x11}}, {@check_strict}, {@map_off}, {@map_acorn}, {@mode={'mode', 0x3d, 0xb2eb}}, {@hide}, {@map_off}, {@gid}, {@showassoc}]}, 0x4, 0xa22, &(0x7f0000002e80)="$eJzs3U1sXWV6B/D/ubaDY1ASIKUUAbkJTTDgOv4oSSMWNLFvElN/tLYjkRWhxKnSuKWFVgJUiSBVXRW1Uqsu2h1i1dkgsRk2I3Yzu5nVLEYasZo9mlVm5dG599q+dnx9bePYJvx+0fU9H8953+d83PPmXB+fN3y/LB1dM7a0VH/tcPza/+9Bxhxgl8a/+eyLT8vXJ3dzKF15tfhx0pukmnQneTrpGRufnZnqUNCd5EaSr5MiySNpvG/JjRT/kcdWx79O8X9lvW0d2mrJdLLED9p+H38AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHAQFWPjQ0PDxaFMTF97s9qQVO8zNj47U2Rp6f45y8s0fFXv9bv4qtEF+Cb1JkX5Sm/vclffTx9fnf1UkuqpPNsYe7beIXl689GjTx177cnuyvLy7bL5Th7ZerHvf/jRnbcXFxfeax+y9HFjHZY7W96dHA+IK7XpibmZiamLV2rVibmZ6oVz54bOXr08V708MVmbuz43X5uqjs3WLs7PzFb7x16qDl+4MFqtDV6fuTZ9ZXxwsrY88fyfjAwNnau+MfiXtYuzczPTZ98YnBu7OjE5OTF9pR5Tzi5jzpcH4l9MzFfnaxenqtVbtxcXRtfl1LV+I5dBw53WpAwa6RQ0MjQyMjw8MjL8SbP37JUJ51698Or5oaHuoXVyX8QDOmg5WA633827fg6Hnao02v/87WQmMp1reTPVDf+NZTyzmclUm/lNy+3/6bO1Tettbf+brXx3y+xnyh+n8nxztLdN+98ml737934+zEe5k7ezmMUs5L19z2hv/11JLdOZyFxmMpGpXKxPqTanVHMh53IuQ3krV3Mic6nmciYymVrmcj1zmU+tfkSNZTa1XMx8ZjKbavozlpdSzXAu5EJGU00tg7memVzLdK5kPBfrpdzK7fp2H90kx5Wg4a0EjWwStL4xL4/17bX/tYftf4Bs2+6fxGGHlprt/6HNw3qS9I/tVVIAAADArvqjn+XI8Sd++uukyHP17+UvT0zWXt/vtAAAAIBdVL9d79nyracceq63fv0/tN9pAQAAALuoqP+NXZGkLycaQ8t/CeVLAAAAAHhI1H///3yKE6sTXP8DAADAQ6ar4zP2Oz6FvxhYfvxv9Wbj/WYzojFW9F2emKwNjs1MvjacM/WnDCR57v7SupKip/7nBy/nZCPqZF/jvW+1xLLO3jJqePC14bycU42IU/0vlG8v9G8QOdKIfLER+WJrZFfWRI6WkQDwsDu1SXu81fb/5Qw0IgaeqTf53c9s0AYPaVkB4KBY6WPnd80uzbLm2r014vl27f+fbnL9X0Y8kVsnGrcUDOadvJvF3MxAmnccnNio1OXeCBq3IQx0+Dagr3nLwi/OVzLQ/D6guLt8ld+7siatsQsZycCG3wi0lFss5zDaiOva9c0PAPvi1KbtcOP6v1P7P9Dh+r/PLYUAcKCs9GC/jYGPO8T0Zu2U/V5HAGAtrTQAAAAAAAAAAAAAAAAAAAAAAAAAAADsvi099v/nZ5LFxYVkB50F7HigdzsZbj5QyR7lvO8DXUn2q/bXs+2lyn38HSr90eHm4r/Z/y3/0A3s84kJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAPVEkXRtNrySPJBlKcnbvs3pw7u53ArulemhHixX3ci8f5Miu5wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8APXfP5/JY33RxuT0l1JTuevdvaM+YPs3n4n8GAUnUP+rhG4+vz/StKTpSLdjd2eomdsfHZmqjicRt8PlW8+++LT8tW57Pt7VSgLKGtY07lEs4aWKT1rl3q8vlTf+ML7d/7p3X+ojl+qH5iX5i9Pjk9dmf3z1cCnii+TahqvZcv5/svpn/xny+TmQVx8Wa5pkqWlpaVsXu/ler3j99f7hxutfZt6t+D24sJIWdN87c35f/772x+0zHoiJ5MX+pP+tTX9TflqU9PJ9dtzreLb4t+KI/mf3Kjv/3JrFEtFuYuO1tf/8K3biwuD77y7eHMlp4/X5HQsJ5LcTHq3ntOJ9sdm/air9JS1DtWDyh/HO5S3qZYSh9ts18frh0zfttah2uHz1WG75/PuMqPRlYy6s5rRf/3jkzmz7T19pkONGyq+LX5VXM0v868t/X9Uyv1/Oht+Ojcooh7ZcqS0zutujaw0Iuv7YqR1xlvry+ze/pqwY/+ev86frez/Ssv5v7mv9uZ81FLjaJsat/+5+PzofS3KqnqLdHxdi9Q8+7Rbppnn8UZUmzz/IK80ytzGGeWVTi32A/r8/2/Rn9/mrv5/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAg69IujaaXklOJzmW5Gg5Xk2W1sfc3UF9lb5iJ2nump3k/P1TtF3R4l7u5YMc2euMAAAAAAAAAHgwLo1/89kXn5av+u/ju/LHleacatKd5Fjx3z1j47MzUx0K6kluLP9Kv3d7Odwofzy2Ov51OfZ0h4X29/YBAPhe+30AAAD//w+ldHo=")

34.219420932s ago: executing program 0 (id=1065):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000580)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x45, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x240}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0), 0x0, &(0x7f00000000c0)={[{@quota}, {@grpquota_block_hardlimit={'grpquota_block_hardlimit', 0x3d, [0x33]}}]})
r3 = syz_open_procfs(0x0, &(0x7f00000001c0)='mountinfo\x00')
read$FUSE(r3, &(0x7f0000003480)={0x2020}, 0x2020)
sendmsg$WG_CMD_SET_DEVICE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000b80)={0x1ec, 0x0, 0x1, 0x70bd28, 0x0, {}, [@WGDEVICE_A_PEERS={0x1b4, 0x8, 0x0, 0x1, [{0x28, 0x0, 0x0, 0x1, [@WGPEER_A_PUBLIC_KEY={0x24, 0x1, @a_g}]}, {0x4c, 0x0, 0x0, 0x1, [@WGPEER_A_PUBLIC_KEY={0x24, 0x1, @neg}, @WGPEER_A_PRESHARED_KEY={0x24, 0x2, "491bc0be1dc1f88092e741a88b64f6dd9218ad21b44b472e44f1d0807ee6675c"}]}, {0x13c, 0x0, 0x0, 0x1, [@WGPEER_A_PUBLIC_KEY={0x24, 0x1, @b_g}, @WGPEER_A_ALLOWEDIPS={0x114, 0x9, 0x0, 0x1, [{0x1c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x5}}]}, {0x40, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @private1}, {0x5, 0x3, 0xa}}, @ipv4={{0x6}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x3, 0x0}}, {0x5, 0x3, 0x2}}]}, {0x28, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @empty}, {0x5, 0x3, 0x2}}]}, {0x40, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @private0}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5, 0x3, 0x1}}]}, {0x4c, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @local}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @empty}, {0x5, 0x3, 0x1}}]}]}]}]}, @WGDEVICE_A_IFNAME={0x14, 0x2, 'wg0\x00'}, @WGDEVICE_A_FLAGS={0x8, 0x5, 0x1}, @WGDEVICE_A_FWMARK={0x8, 0x7, 0x8}]}, 0x1ec}, 0x1, 0x0, 0x0, 0x4004840}, 0x40000)

33.28609411s ago: executing program 0 (id=1074):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x8, &(0x7f0000000040)=ANY=[@ANYBLOB='fd=', @ANYRESDEC=0x0])
mount(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000280)='autofs\x00', 0x201000c, &(0x7f0000000040))
chdir(&(0x7f0000000080)='./file0\x00')
syz_mount_image$fuse(0x0, &(0x7f0000000180)='./file0\x00', 0x8820, 0x0, 0x1, 0x0, 0x0)
setpgid(r0, r0)
setpgid(0x0, r0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x10082, 0x0)
chdir(&(0x7f0000000240)='./file0\x00')

33.141121043s ago: executing program 0 (id=1076):
rt_sigprocmask(0x2, &(0x7f0000000200)={[0xffffffff]}, 0x0, 0x8)
r0 = gettid()
tkill(r0, 0x11)
rt_sigaction(0x11, &(0x7f0000000480)={0x0, 0x0, 0x0, {[0x400000000009]}}, 0x0, 0x8, &(0x7f0000000080))

18.037041531s ago: executing program 33 (id=1076):
rt_sigprocmask(0x2, &(0x7f0000000200)={[0xffffffff]}, 0x0, 0x8)
r0 = gettid()
tkill(r0, 0x11)
rt_sigaction(0x11, &(0x7f0000000480)={0x0, 0x0, 0x0, {[0x400000000009]}}, 0x0, 0x8, &(0x7f0000000080))

1.150551886s ago: executing program 2 (id=1361):
r0 = syz_open_dev$dri(&(0x7f0000000740), 0x1ff, 0x80800)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000300), 0x0, 0xfffffcc8, 0x0, 0x3, 0xa})

854.530548ms ago: executing program 2 (id=1362):
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000380)=@bpf_lsm={0x10, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="7910480000000000790028000000000095"], &(0x7f0000000100)='GPL\x00'}, 0x80)

800.114451ms ago: executing program 2 (id=1364):
syz_mount_image$vfat(&(0x7f0000000300), &(0x7f00000001c0)='./file0\x00', 0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="757466383d312c73686f72746e616d653d6c6f7765722c73686f72746e616d653d6d697865642c726f6469722c73686f72746e616d653d77696e39352c6e6f6e756d7461696c3d302c696f636861727365743d6b6f69382d72752c73686f72746e616d653d77696e39352c696f636861727365743d757466382c646973636172642c73686f72746e616d653d6d697865642c73686f72746e616d653d77696e39352c6e6f636173652c73686f72746e616d653d77696e6e742c6e6f6e756d7461696c3d302c008cecc803abc0d6e523a56166e79428d9d45f8737ac6ecdf66d90baf6d6e90f4cee6110c1f125e92808e29c273e454e72ea6211a586c5805518e8940c5eb20aeba5fc4f3c1456917a3b86c7f3ae103c4a92db3fb7f6c9a848552c3901fb628e77a74a"], 0xfe, 0x39d, &(0x7f0000000bc0)="$eJzs3TFvG3UUAPBnt43TQuIMCAkQ4q+ywGIl4Qs0Qq2EiARKa1QYkK7EAStuHNlWkCNEs7HyOSpGNiTEF8hQdja2LIwdqh6KfW6cpKSCJnErfj8puRf//0/3fBef3pK8vds/3l1f69bWsl6Ur6UoR0T5YcTcIBoqFcfyIJ6KcTvxfvX2H2/f/PyLj5eWl6+vpHRj6dYHiyml2Xd+/fa7n67+1nvls59nf6nE7tyXe38t/rn7+u4be49vfdPspmY3bbR7KUt32u1edqfVSKvN7notpU9bjazbSM2NbqNzaH2t1d7c7KdsY3Xmyman0e2mbKOf1hv91GunXqefsq+z5kaq1Wpp5kpw7xnr9fsrK9nSMJ4+Yd+10yyKU3fxxNVOZynb/wxXjq3U759hUQDAC+pw/x//pv/f2f82dbT/v1ms/qf+/1Lo/8/TeP9fKE2sGM7Ifv8/VXx+x1T0/wAAAAAAAAAAAAAA8HJ4mOfVPM+ro2NeiYhS8ffEeV6ddH2crWP3/8jXpOvjbI39447piNYPW/Wt+vA4XF9ai2a0ohHzUY1H+4+EkWF846Pl6/NpoBQzd+8N8q8+iKhfOJy/ENWYG8ufHjxfBvkLw/xU5M+Oarsynr8Y1Xjt6efPK4fy6xH7x6l4792x/FpU4/evoh2tWB2c+iD/+4WUPvxk+Uh+ZbAPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgP+HWhp5K4Zz77fqEZdjq5jfXzvYUCpSivn4wx+ezNefj2o8evp8/vmUXzg+n/9ivHlxcu8bAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMZ1+9vrWavV6JxXMJr5P3hlahT8c1ZpuH3nyNLleNa5Hpxq8eXTugiP8zw/q8s7fb638nmCSxEn3cG8+C15/nO9GhEn7KlExOSvxosYTOqJBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJNzMPR70pUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwSd3+9nrWajU63f52OYrgySunE0z6PQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALxM/g4AAP//GEAI1g==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file1\x00', 0x4842, 0x1cb)
preadv(r0, &(0x7f0000000400)=[{&(0x7f0000003200)=""/4096, 0x1000}], 0x1, 0x6, 0x800)

750.217192ms ago: executing program 2 (id=1365):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_PAUSE_SET(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x34, r1, 0x431, 0x70bd27, 0x25dfdbfd, {}, [@ETHTOOL_A_PAUSE_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}]}, @ETHTOOL_A_PAUSE_RX={0x5, 0x3, 0xfe}]}, 0x34}, 0x1, 0x0, 0x0, 0x8000}, 0x0)

749.873325ms ago: executing program 2 (id=1366):
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r0, 0xc0a85320, &(0x7f00000005c0)={{0x80}, 'port0\x00', 0x72, 0x11cfa, 0x0, 0x8000008, 0x3, 0x4, 0x1, 0x0, 0x7cce8c743ee810df})
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000003c0), 0xfef85154c7902b6e)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r1, 0x40505330, &(0x7f0000000bc0)={0x800100, 0x0, 0x0, 0x724f, 0x0, 0x55a})

671.405584ms ago: executing program 2 (id=1367):
syz_mount_image$xfs(&(0x7f0000000040), &(0x7f0000000240)='./file0\x00', 0x8000, &(0x7f0000000080)={[{@logbufs={'logbufs', 0x3d, 0x2}}, {@noalign}, {@sysvgroups}, {@inode64}, {@logbufs={'logbufs', 0x3d, 0x6}}]}, 0x1, 0xb99f, &(0x7f0000018700)="$eJzs3Xts3WX9wPGnXdutkMH4hY7LT2RMBgxkW7dBKQTXdqyjXCqXgR0wobICk47LKLhxLSEkoGIA44WYRYl4jRLFQSQKDiPKxWGMAeIfRALGgMmif4EaQ82355zSHkqzPuV5mrHXK1nP+X5PP08v7/N8T1jITk/nuR0h1IWSwVDtpbe2PvHFdZ1P/vxL929/+K4XHimdbZtVfritfNtevu0Iw4sNn64tnar7+rZHa4uD2tHr7tXYWLNPCJdWrdNSurmpufJ5Q1XKp+dVHq8dOaz5fOnPiL2LD79vW9cbQpgzar4mhLDkPT/oHqqnfXVn+XcSRnWbUX645t3Hhm/rSn9WPBfCiu3hfZ8f06r4Pud0zv74wdP9jewOetpXd1X1byt3rinvx7bqPbgnqn6ev/7QojvLv8Lh59s0JpySnvbOM8IE+/i4/160YCgMXzfrQwgNIYSZIYRZ092DD0Z7x7LiNbu2clzOXtn/c8Z7Xhy59PV/hxDmFi/jpetF6bUA2L20dyxbOc7+b5ho/7fese1N+x92f13tHcuKvV61/2dNtP83tK59sbTv21pKU+9M7w8BAAAAAIzrui03Xtnb39+3yR133HFn5M50X5mA1N7d9NP9nQAAAAAAAAAAAAC7Ksf/TjzdPyMAAAAAAAAAAAAAfFh0dbfvnFEz5tSM0QeH7Ogbvl3+ds8V37tnaH3ltvzw6eMsOeZ9/oeGhoZad66ovBf7zKr3y55VPVysP1j39jPlw7bq9x+sHz5bHy65bEN/35LiS62sD5uLg+Zi3c76cG9xsLQ4WF0fvl8cLBs+aAzbi4NFl17dv744cWrkb+zDpat7MMwYUyyMeTaM7j9YP3975XaCJSur1YVy//33P29T1WMV4/d/d/3293tfcj4Yk+u/aHPldoIl37P/D3pjzS/He+z9+4+s36F/WuNc/8c0qr7uV13/542z5Mj83JeeuaLo/9iTd60pn6rblev/qPVXVvcfXnzk+l8sdUrl+l+8tqya0i9jD9TVffvOifb/xP3rKq/rtaNmR1Y746QXWov++yzc9qfyqfpJ9j9lov1fM+891xMmqav7waGq/T+J/uGIcZYcafK1l097ruj/k2fWNI16bDL9V1X3Xzyw8ZrF12258dgNG3sv77u876qWJctPOL65ZXnz4uErQunj1H4ne5Kp7f/h9/8fPVMTwoKR+QXHv3NB0X/utzt7yqdmTbJ/54T7/5Kx3yujzK8NDQ1hc+/AwKbm0sfK4dLSx9KnjdN/Eq//Hzuq/GmN5duaEA4cmW85oOnAon/TjFUfKZ9qmGT/1RP2Hxz5ukSa4v5fXzUzpv/g8w/+rOg//4fnV/5OYbKv/6dO1L/2W/b/VHV1V/2Fzwes6P/XuoUnRo53+e+/tHL0/9X+C86NHD9N/7Ry9L/h/w8biBw/Xf+04vrXPrWrn1n0b1x+8u2T/hIlZ+ifVo79v/2k1u9Gjp+pf1o5+n/jmOP+EDnerX9aOfqfc3jzG5Hjn9Q/rRz9//Z/Wy6MHD9L/7Ry9F98yC03R46frX9aOfoPzL62KXL8HP3TytH/idrrl0aOn6t/Wjn6//rYDb+LHF+jf1o5+u89f+OrkePn6Z9Wjv5nLe29O3L8fP3TytH/gZP7Ho4c/5T+aeXof/HBj14WOd6jf1o5+n+16aftkeNr9U8rR/8d9U8cFTl+gf5p5ehft9fj+0aOX6h/Wjn637TgO/+JHL9I/7Ry9H/k6AdfiRxfp39aOfq/eeKPt0WOf1r/tHL0n3fcD74cOX6x/mnl6H/NYX98OXL8Ev3TytH/8UUv/jNyvFf/tHL0f+0Tf34gcvwz+qeVo/8xza88GTl+qf5p5ei/5qNPjffvBO2K9fqnlah/Q+VO0X/rfk/3R67Tp39aOfb/b2uerY8cv0z/tHL033efHfMjxy/XP60c/Z9deMjfI8ev0D+tHP3DEQftiBzfoH9aOfpfeHzTQ5Hjn9U/rRz972/d747I8Sv1TytH/51zZ98QOd6vf1o5+h9+UOPZkeMb9U8rR//bGutPiBy/Sv+0cvR/rKHm0Mjxq/VPK0f/2iVdP4ocv0b/tHL0f37FmV+IHL9W/7SS9t+71P/exe2vRa6wSf+0cuz/tfNWPR05fp3+aeXof8S+a2P/RfYB/dPK0f8fYd0BkePX659Wjv7b5px9a+T4DfqnlaP/LYeetzZy/HMvvbV1ZtA/mRz9f3HCnfdFjm+2/9PK0X9Ty+2PRY5v0T+tHP0XHnnPXyLHb9Q/rRz9Xz3q7n9Fjt+kf1o5+n9z5ldmR47frH9aOfqfP+u+oyPHb9E/rRz9Zx+4dWXk+K36p5Wj/28OeGB95Pht+gMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPyPHTgQAAAAAADyf22EqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqKuzAgQAAAAAAkP9rI1RVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVhBw4EAAAAAID8XxuhqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqCnt3AnbpXPh//JmVsSVlLZK9ZJclhUGW0mJNsu+yhrIWokK2pJBkj4hkKQlpt2SpLJWUIqlIKyXM/xozz8T4jNTlb/zm83pd18zZ7jnzPd/3+Z7nzHM/5x4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHj+bbT6eqsMDAwff+mgZ9x++8OnXHXkpqtfffnRx11z4WE3XTzu2pWnHn/zymMmMvDkna089rah4zYZfuKlZw8de2HoU+93mlGjhswwMGTrPKr9N/sPw5578MzQCReHHDHu1wTTPvm3z7jlRQMDAzP+h/urtdHoNVYfO3njfk3oNmz8zeOvn3B++LhfK2w+MLDCJgOTfH5Mfo9vsPo6k3sM/xdsNHqNtSbqPzC+85PdJ17frSZ+ng87dJMhkzXc82Sj0auvPbb1pNbxPnsf/eRzYGBg+GkDA8NPHxgYfsbAwPAzJ3cPnh+jV1lqlbGv+YOXx1U/aPANQXp9H/Lo2y4d+zVjxLivE8PPGvxaAPzfMnqVpVYN63/k4O1p/d/72D0bWv/wf99ao1dZauAp7/PHXXvQ4L/v4/pfcc4r75p8IwYAAAD+W088eMXV4/f1DR0YmGtgov29Txr/fYEhF11zyy2TbaAvDmE/2TN/ZuL/mLGdpz5v7oGBXTeY3ENhMpgi9mPzP9O/m/7d9O+mfzf9u+nfTf9u+nfTv5v+3fTvpn83/YtNYv//jIOnBwy7bLXxm85/6/E7rT/xnx973dQv+Kgnmyl1///AjkPGtRzbfMeBgYG3j153/YUGBgbW3+n4W+cZmHDbcmNvW2GmYeMPELDQk7+/eRJ3PPhp8icP1jDNhPu46Mn7X2vM6cOGTDSIp9hmzFHn7LDRI0tPfLrApB/HhONLXP+WO04Y/CzL0Ik2mtRzdfD+Bx/LxJ3Hj32hsWNfbK9ddl9sz333W2THXbbcftvtt9112cWXXm6ZJZZdeonFtttx520XH/f7pOZs3KErVn0uczZy4jl7cPRT52zixzapOZv72efsyXvc4drbZxmcs+H/5Zyt+uxzNveOg2NdecTAFk/Ozdi/crURA/uMvbDEVGOfQuO3nW3stm+caejAwLH/fqBjz0014Tk45KAdn4fjlow/HT3+dJV43JLLJnXckoGtJ7qf5ced7HXV4HYTf856/NXP+bglK65+yIJj1+JEf/7/h//p6/8zei03ZMJEDR40ZPw243r9+zgTg9O28lOOM7FsOpbM8+kZ45176ITndRrv+M/FDZlo/p/tc3EDC927xfnjHtfKy477U0/8z1Hya8fa/5694GmvHQPP/tox7N9n/33ttjfOOfFrx1snPcSnrYvBOZpqoo0m9dpx7SPDDxp7/4NjnsRrx9o7jv+g8b9fO8b+tasOvnaMHfvqIwaOHXthybEX1hgxcO7YC0s9eWHUwDVjLyy69W47bzP2ijWf+bxdaMjTfuAxPG9Xn+h5+xyOj7PS9QMDK12THtekpzNLz9uRzzLe/HnugWf9PPeChz+23sDAwCzjvkqPfZDjxv6/SOMd/uzjDcefGHi2408MLL/c+as+z+OdsM6efK6NP1zUmpP4M09bZzM+Y50dPOwpK+O5vq/ZJmw/7vxsE+7tktNvOGhwjkZMdL9TP/PtwNP+vsHHkvoPvud7qqGnDQx5trlZ47nMzQzPPjfP9f3LQvOOu33Us8zNbDPPuuzg3Ix85txEg/e/xiTm5qnvh59qyEEDo54+N8OffA883/i5Wf25zM10z8/zZpqw/bjz80+4auMnlpl/cG7CXMSv/4P3v/p/OzdbTHjezPfkbfMMHRg5cmCfLffaa48lxv0+eHHJcb8/+xpc7bnM5dTPz1zOMf5VZ+gzJ2fCVcvftMLaz7IGo8H7X+2/ncu5B4YO/pt7x7i6nxe+/9NN/276d9O/m/7d9O+mfzf9i01i///cg98XXPjGhW4Z/82YEdedv+E2k3u8k9kUvf9/fN+n7f/fZsPzrxs6MOG2Z90/O26bF+X+2WXHney/xOB2E+8fHH/1c94/e+Uxl2/yAu2f/Z8MrtXn8H3D5/D6f/zzMiZelHz976Z/N/276d9N/276d9O/m/7d9O+mfzf9u+nfTf9ik9j/v/jgzwE88cBed4/fETpiq9Gz/8+fs5pCTNH7/8f3fdr+/2tmH73V0IEJtz3r/v9x23Ts/9/jzvsOeTHv/x9cq8/P/n+mYPp307+b/t3076Z/N/276d9N/276d9O/m/7d9O+mf7FJ7P9fefDnAHZ+4raHBn8e4OaTV9ltco93MptS9//7//97ef3vpn83/bvp303/bvp307+b/t3076Z/N/276d9N/276Fxu//39gov/28J2eF1HY//9/2yT6r6N/1NJ/Xf2jlv7r6R+19F9f/6il/wb6P/P/9y7qv6H+UUv/d+kftfTfSP+opf+79Y9a+m+sf9TS/z36Ry39N9E/aum/qf5RS//N9I9a+m+uf9TSfwv9o5b+W+oftfTfSv+opf/W+kct/bfRP2rpv63+0dP7TwEzNIn+2+kftaz/7fWPWvrvoH/U0n9H/aOW/u/VP2rpv5P+UUv/nfWPWvrvon/U0n9X/aOW/rvpH7X0313/qKX/+/SPWvrvoX/U0n9P/aOW/nvpH7X0f7/+UUv/D+gftfTfW/+opf8++kct/ffVP2rpv5/+UUv//fWPWvofoH/U0v+D+kct/T+kf9TS/0D9o5b+B+kftfQ/WP+opf+H9Y9a+h+if9TS/1D9o5b+H9E/aun/Uf2jlv4f0z9q6X+Y/tEU2H8g9T9c/2gK7B/X/xH6Ry39P65/1NL/SP2jlv5H6R+19D9a/6il/zH6Ry39j31G/1Ev6LBerFr6f8L6j1r6H6d/1NL/k/pHLf2P1z9q6f8p/aOW/p/WP2rpf4L+UUv/E/WPWvqfpH/U0v8z+kct/U/WP2rp/1n9o5b+p+gftfT/nP5RS/9T9Y9a+p+mf9TS/3T9o5b+Z+gftfQ/U/+opf9Z+kct/c/WP2rp/3n9o5b+5+gftfQ/V/+opf8X9I9a+p+nf9TS/3z9o5b+X9Q/aul/gf5RS/8L9Y9a+n9J/6il/0X6Ry39v6x/1NL/Yv2jlv6XTLL/yBdkWC9WLf0vtf6jlv6X6R+19P+K/lFL/68+o/+wF3RYL1Yt/S+3/qOW/l/TP2rpf4X+UUv/r+sftfS/Uv+opf9V+kct/a/WP2rp/w39o5b+1+gftfT/pv5RS/9v6R+19P+2/lFL/+/oH7X0/67+UUv/7+kftfT/vv5RS/9r9Y9a+l+nf9TS/3r9o5b+N+gftfT/gf5RS/8b9Y9a+t+kf9TS/2b9o5b+t+gftfT/of5RS/8f6R+19P+x/lFL/1v1j1r636Z/1NL/dv2jlv536B+19P+J/lFL/5/qH7X0/5n+UUv/O/WPWvr/XP+opf9d+kct/X+hf9TS/5f6Ry3979Y/aun/K/2jp/UfMeX2/7X+Ucv6v0f/qKX/vfpHLf1/o3/U0v8+/aOW/r99Tv37niEt/e+vrPuftfT/nf5RS//f6x+19P+D/lFL/wf0j1r6P6h/1NL/j/pHLf0f0j9q6f8n/aOW/n/WP2rp/xf9o5b+f9U/aun/N/2jlv5/1z9q6f+w/lFL/0f0j1r6/0P/qKX/P/WPWvo/qn/U0v9f+kct/R/TP2rp/7j+UUv/J/SPWvqP0T8q6T9kQP+opf8Q/aOW/kP1j1r6D9M/auk/XP+opf8I/aOW/iP1j1r6T6V/1NJ/av2jlv6jJtF/xAs1rheplv7TWP9RS/9p9Y9a+k+nf9TSf3r9o5b+M+gftfR/if5RS/8Z9Y9a+r9U/6il/0z6Ry39X6Z/1NL/5fpHLf1n1j9q6T+L/lFL/1n1j1r6z6Z/1NJ/dv2jlv5z6B+19H+F/lFL/1fqH7X0n1P/qKX/XPpHLf1fpX/U0n9u/aOW/q/WP2rpP4/+UUv/efWPWvrPp3/U0n9+/aOW/gvoH7X0X1D/qKX/QvpHLf1fo3/U0v+1+kct/RfWP2rp/zr9o5b+i+gftfRfVP+opf9i+kct/RfXP2rpv4T+UUv/JfWPWvovpX/U0n9p/aOW/q/XP2rpv4z+UUv/ZfWPWvovp3/U0n95/aOW/m/QP2rpv4L+UUv/N+oftfR/k/5RS/8V9Y9a+q/U2X/MmDFjnnWDlv4rd/b/j1r6j9Y/aum/iv5RS/9V9Y9a+q+mf9TS/836Ry39V9c/aum/hv5RS/819Y9a+q+lf9TS/y36Ry3936p/1NJ/bf2jlv5v0z9q6f92/aOW/u/QP2rp/079o5b+6+gftfRfV/+opf96+kct/dfXP2rpv4H+UUv/DfWPWvq/a9L97x/1ggzsxaml/0bWf9TS/936Ry39N9Y/aun/Hv2jlv6b6B+19N9U/6il/2b6Ry39N9c/aum/hf5RS/8t9Y9a+m+lf9TSf2v9o5b+2+gftfTfVv+opf92+kct/bfXP2rpv4P+UUv/HfWPWvq/V/+opf9O+kct/XfWP2rpv4v+UUv/XfWPWvrvpn/U0n93/aOW/u/TP2rpv4f+UUv/PfWPWvrvpX/U0v/9+kct/T+gf9TSf2/9o5b+++gftfTfV/+opf9++kct/ffXP2rpf4D+UUv/D+oftfT/kP5RS/8D9Y9a+h+kf9TS/2D9o5b+H9Y/aul/iP5RS/9Da/qPGefA57Z1S/+P1PT/77T0/6j+UUv/j+kftfQ/TP+opf/h+kct/Y/QP2rp/3H9o5b+R+oftfQ/Sv+opf/R+kct/Y/RP2rpf6z+UUv/T+gftfQ/Tv+opf8n9Y9a+h+vf9TS/1P6Ry39P61/1NL/BP2jKbf/0KdeO+RE/aMpt//T1/9J+kct/T+jf9TS/2T9o5b+n9U/aul/iv5RS//P6R+19D9V/6il/2n6Ry39T9c/aul/hv5RS/8z9Y9a+p+lf9TS/2z9o5b+n9c/aul/jv5RS/9z9Y9a+n9B/6il/3n6Ry39z9c/aun/Rf2jlv4X6B+19L9Q/6il/5f0j1r6X6R/1NL/y/pHLf0v1j9q6X+J/lFL/0v1j1r6X6Z/1NL/K/pHLf2/qn/U0v9y/aOW/l/TP2rpf4X+UUv/r+sftfS/Uv+opf9V+kct/a/WP2rp/w39o5b+1+gftfT/pv5RS/9v6R+19P+2/lFL/+/oH7X0/67+UUv/7+kftfT/vv5RS/9r9Y9a+l+nf9TS/3r9o5b+N+gftfT/gf5RS/8b9Y9a+t+kf9TS/2b9o5b+t+gftfT/of5RS/8f6R+19P+x/lFL/1v1j1r636Z/1NL/dv2jlv536B+19P+J/lFL/5/qH7X0/5n+UUv/O/WPWvr/XP+opf9d+kct/X+hf9TS/5f6Ry3979Y/aun/K/2jlv6/1j9q6X+P/lFL/3v1j1r6/0b/qKX/ffpHLf1/q3/U0v9+/aOW/r/TP2rp/3v9o5b+f9A/aun/gP5RS/8H9Y9a+v9R/6il/0P6Ry39/6R/1NL/z/pHLf3/on/U0v+v+kct/f+mf9TS/+/6Ry39H9Y/aun/iP5RS/9/6B+19P+n/lFL/0f1j1r6/0v/qKX/Y/pHLf0f1z9q6f+E/lFL/zH6RyX9nzyr/zO19B+ifzQl9h8zbNzZp/Yfqn80JfZP63+Y/lFL/+H6Ry39R+gftfQfqX98/C39p9I/auk/tf5RS/9R+kct/afRP2rpP63+UUv/6fSPWvpPr3/U0n8G/aOW/i/RP2rpP6P+UUv/l+oftfSfSf9oXP+RU3z/l+kftaz/l+sftfSfWf+opf8s+kct/WfVP2rpP5v+UUv/2fWPWvrPoX/U0v8V+kct/V+pf9TSf079o5b+c+kftfR/lf5RS/+59Y9a+r9a/6il/zz6Ry3959U/auk/n/5RS//59Y9a+i+gf9TSf0H9o5b+C+kftfR/jf5RS//X6h+19F9Y/6il/+v0j1r6L6J/1NJ/Uf2jlv6L6R+19F9c/6il/xL6Ry39l9Q/aum/lP5RS/+l9Y9a+r9e/6il/zL6Ry39l9U/aum/nP5RS//l2/sPzVe39H9De/9JaOm/gv5RS/836h+19H+T/lFL/xX1j1r6r6R/1NJ/Zf2jlv6j9Y9a+q+if9TSf1X9o5b+q+kftfR/s/5RS//V9Y9a+q+hf9TSf039o5b+a+kftfR/i/5RS/+36h+19F9b/6il/9v0j1r6v13/qKX/O/SPWvq/U/+opf86+kct/dfVP2rpv57+UUv/9fWPWvpvoH/U0n9D/aOW/u/SP2rpv5H+UUv/d+sftfTfWP+nOmn68Wda+r9H/6il/yb6Ry39N9U/aum/mf5RS//N9Y9a+m+hf9TSf0v9o5b+W+kftfTfWv+opf82+kct/bfVP2rpv53+UUv/7fWPWvrvoH/U0n9H/aOW/u/VP2rpv5P+UUv/nfWPWvrvon/U0n9X/aOW/rvpH7X0313/qKT/qMk1nBe7kv5D97D+o5b+e+oftfTfS/+opf/79Y9a+n9A/6il/976Ry3999E/aum/r/5RS//99I9a+u+vf9TS/wD9o5b+H9Q/aun/If2jlv4H6h+19D9I/6il/8H6Ry39P6x/1NL/EP2jlv6H6h+19P+I/lFL/4/qH7X0/5j+UUv/w/SPWvofrn/U0v8I/aOW/h/XP2rpf6T+UUv/o/SPWvofrX/U0v8Y/aOW/sfqH7X0/4T+UUv/4/SPWvp/Uv+opf/x+kct/T+lf9TS/9P6Ry39T9A/aul/ov5RS/+T9I9a+n9G/6il/8n6Ry39P6t/1NL/FP2jlv6f0z9q6X+q/lFL/9P0j1r6n65/1NL/DP2jlv5n6h+19D9L/6il/9n6Ry39P69/1NL/HP2jlv7n6h+19P+C/lFL//P0j1r6n69/1NL/i/pHLf0v0D9q6X+h/lFL/y/pH7X0v0j/qKX/l/WPWvpfrH/U0v8S/aOW/pfqH7X0v0z/qKX/V/SPWvp/Vf+opf/l+kct/b+mf9TS/wr9o5b+X9c/aul/pf5RS/+r9I9a+l+tf9TS/xv6Ry39r9E/aun/Tf2jlv7f0j9q6f9t/aOW/t/RP2rp/139o5b+39M/aun/ff2jlv7X6h+19L9O/6il//X6Ry39b9A/aun/gwn9xwybPAN7cWrpf6P1H7X0v0n/qKX/zfpHLf1v0T9q6f9D/aOW/j/SP2rp/2P9o5b+t+oftfS/Tf+opf/t+kct/e/QP2rp/xP9o5b+P9U/aun/M/2jlv536h+19P+5/lFL/7v0j1r6/0L/qKX/L/WPWvrfrX/U0v9X+kct/X+tf9TS/x79o5b+9+oftfT/jf5RS//79I9a+v9W/6il//36Ry39f6d/1NL/9/pHLf3/oH/U0v8B/aOW/g/qH7X0/6P+UUv/h/SPWvr/Sf+opf+f9Y9a+v9F/6il/1/1j1r6/03/qKX/3/WPWvo/rH/U0v8R/aOW/v/QP2rp/0/9o5b+j+oftfT/l/5RS//H9I9a+j+uf9TS/wn9o5b+Y/SPSvo/+X/+6P9MLf2H6B+19B+qf9TSf5j+UUv/4fpHLf1H6B+19B+pf9TSfyr9o5b+U+sftfQfpX/U0n8a/aOW/tPqH7X0n07/qKX/9PpHLf1n0D9q6f8S/aOW/jPqH7X0f6n+UUv/mfSPWvq/TP+opf/L9Y9a+s+sf9TSfxb9o5b+s+oftfSfTf+opf/s+kct/efQP2rp/wr9o5b+r9Q/auk/p/5RS/+59I9a+r9K/6il/9z6Ry39X61/1NJ/Hv2jlv7z6h+19J9P/6il//z6Ry39F9A/aum/oP5RS/+F9I9a+r9G/6il/2v1j1r6L6x/1NL/dfpHLf0X0T9q6b+o/lFL/8X0j1r6L65/cmBL/yXG9Z9qcg3rxaql/5LWf9TSfyn9o5b+S+sftfR/vf5RS/9l9I9a+i+rf9TSfzn9o5b+y+sftfR/g/5RS/8V9I9a+r9R/6il/5v0j1r6r6h/1NJ/Jf2jlv4r6x+19B+tf9TSfxX9o5b+q+oftfRfTf+opf+b9Y9a+q+uf9TSfw39o5b+a+oftfRfS/+opf9b9I9a+r9V/6il/9r6Ry3936Z/1NL/7fpHLf3foX/U0v+d+kct/dfRP2rpv67+UUv/9fSPWvqvr3/U0n+Dwf5jJtO4XqRa+m9o/Uct/d+lf9TSfyP9o5b+79Y/aum/sf5RS//36B+19N9E/6il/6b6Ry39N9M/aum/uf5RS/8t9I9a+m+pf9TSfyv9o5b+W+sftfTfRv+opf+2+kct/bfTP2rpv73+UUv/HfSPWvrvqH/U0v+9+kct/XfSP2rpv7P+UUv/XfSPWvrvqn/U0n83/aOW/rvrH7X0f5/+UUv/PfSPWvrvqX/U0n8v/aOW/u/XP2rp/wH9o5b+e+sftfTfR/+opf+++kct/ffTP2rpv7/+UUv/A/SPWvp/UP+opf+H9I9a+h+of9TS/yD9o5b+B+sftfT/sP5RS/9D9I9a+h+qf9TS/yP6Ry39P6p/1NL/Y/pHLf0P0z9q6X+4/lFL/yP0j1r6f1z/qKX/kfpHLf2P0j9q6X+0/lFL/2P0j1r6H6t/1NL/E/pHLf2P0z9q6f9J/aOW/sfrH7X0/5T+UUv/T+sftfQ/Qf+opf+J+kct/U/SP2rp/xn9o5b+J+sftfT/rP5RS/9T9I9a+n9O/6il/6n6Ry39T9M/aul/uv5RS/8z9I9a+p+pf9TS/yz9o5b+Z+sftfT/vP5RS/9z9I9a+p+rf9TS/wv6Ry39z9M/aul/vv5RS/8v6h+19L9A/6il/4X6R+P6Dxt/acrt/yX9o5b1f5H+UUv/L+sftfS/WP+opf8l+kct/S/V/2kWmH7caUv/y/SPWvp/Rf+opf9X9Y9a+l+uf9TS/2v6Ry39r9A/aun/df2jlv5X6h+19L9K/6il/9X6Ry39v6F/1NL/Gv2jlv7f1D9q6f8t/aOW/t/WP2rp/x39o5b+39U/aun/Pf2jlv7f1z9q6X+t/lFL/+v0j1r6X6//M4ws6n+D/lFL/x/oH7X0v1H/qKX/TfpHLf1v1j9q6X+L/lFL/x/qH7X0/5H+UUv/H+sftfS/Vf+opf9t+kct/W/XP2rpf4f+UUv/n+gftfT/qf5RS/+f6R+19L9T/6il/8/1j1r636V/1NL/F/pHLf1/qX/U0v9u/aOW/r/SP2rp/2v9o5b+9+gftfS/V/+opf9v9I9a+t+nf9TS/7f6Ry3979c/aun/O/2jlv6/1z9q6f8H/aOW/g/oH7X0f1D/qKX/H/WPWvo/pH/U0v9P+kct/f+sf9TS/y/6Ry39/6p/1NL/b/pHLf3/rn/U0v9h/aOW/o/oH7X0/4f+UUv/f+oftfR/VP+opf+/9I9a+j+mf9TS/3H9o5b+T+gftfQfo39U0n/4gP5RS/8h+kct/YfqH7X0H6Z/1NJ/uP5RS/8R+kct/UfqH7X0n0r/qKX/1PpHLf1H6R+19J9G/6il/7T6Ry39p9M/auk/vf5RS/8Z9I9a+r9E/6il/4z6Ry39X6p/1NJ/Jv2jlv4v0z9q6f9y/aOW/jPrH7X0n0X/qKX/rPpHLf1n0z9q6T+7/lFL/zn0j1r6v0L/qKX/K/WPWvrPqX/U0n8u/aOW/q/SP2rpP7f+UUv/V+sftfSfR/+opf+8+kct/efTP2rpP7/+UUv/BfSPWvovqH/U0n8h/aOW/q/RP2rp/9qn9x/1go/rRaql/8LWf9TS/3X6Ry39F9E/aum/qP5RS//F9I9a+i+uf9TSfwn9o5b+S+oftfRfSv+opf/S+kct/V+vf9TSfxn9o5b+y+oftfRfTv+opf/y+kct/d+gf9TSfwX9o5b+b9Q/emr/qSb3YJ4Pk+j/Jv2jlvW/ov5RS/+V9I9a+q+sf9TSf7T+UUv/VfSPWvqvqn/U0n81/aOW/m/WP2rpv7r+UUv/NfSPWvqvqX/U0n8t/aOW/m/RP2rp/1b9o5b+a+sftfR/m/5RS/+36x+19H+H/lFL/3fqH7X0X0f/aIrrP+zfZ5/af139oymu/yTW/3r6Ry3919c/aum/gf5RS/8N9Y9a+r9L/6il/0b6Ry39361/NIX3H/xI6/CN9Y+m8P6Dhr9H/6il/yb6Ry39N9U/aum/mf5RS//N9Y9a+m+hf9TSf0v9o5b+W+kftfTfWv+opf82+kct/bfVP2rpv53+UUv/7fWPWvrvoH/U0n9H/aOW/u/VP2rpv5P+UUv/nfWPWvrvon/U0n9X/aOW/rvpH7X0313/qKX/+/SPWvrvoX/U0n9P/aOW/nvpH7X0f7/+UUv/D+gftfTfW/+opf8++kct/fet73/JMunalv771ffPWvrvr3/U0v8A/aOW/h/UP2rp/yH9o5b+B+oftfQ/SP+opf/B+kct/T+sf9TS/xD9o5b+h+oftfT/iP5RS/+P6h+19P+Y/lFL/8P0j1r6H65/1NL/CP2jlv4f1z9q6X+k/lFL/6P0j1r6H61/1NL/GP2jlv7H6h+19P+E/lFL/+P0j1r6f1L/qKX/8fpHLf0/pX/U0v/T+kct/U/QP2rpf6L+UUv/k/SPWvp/Rv+opf/J+kct/T+rf9TS/xT9o5b+n9M/aul/qv5RS//T9I9a+p+uf9TS/wz9o5b+Z+oftfQ/S/+opf/Z+kct/T+vf9TS/xz9o5b+5+oftfT/gv5RS//z9I9a+p+vf9TS/4v6Ry39L9A/aul/of5RS/8v6R+19L9I/6il/5f1j1r6X6x/1NL/Ev2jlv6X6h+19L9M/6il/1f0j1r6f1X/qKX/5fpHLf2/pn/U0v8K/aOW/l/XP2rpf6X+UUv/q/SPWvpfrX/U0v8b+kct/a/RP2rp/039o5b+39I/aun/bf2jlv7f0T9q6f9d/aOW/t/TP2rp/339o5b+1+oftfS/Tv+opf/1+kct/W/QP2rp/wP9o5b+N+oftfS/Sf+opf/N+kct/W/RP2rp/0P9o5b+P9I/aun/Y/2jlv636h+19L9N/6il/+36Ry3979A/aun/E/2jlv4/1T9q6f8z/aOW/nfqH7X0/7n+UUv/u/SPWvr/Qv+opf8v9Y9a+t+tf9TS/1f6Ry39f61/1NL/Hv2jlv736h+19P+N/lFL//v0j1r6/1b/qKX//fpHLf1/p3/U0v/3+kct/f+gf9TS/wH9o5b+D+oftfT/o/5RS/+H9I9a+v9J/6il/5/1j1r6/0X/qKX/X/WPWvr/Tf+opf/f9Y9a+j+sf9TS/xH9o5b+/9A/aun/T/2jlv6P6h+19P+X/lFL/8f0j1r6P65/1NL/Cf2jlv5j9I9K+o8Y0D9q6T9E/6il/1D9o5b+w2r6D/2vtm7pP7ym/3+npf8I/aOW/iP1j1r6T6V/1NJ/av2jlv6j9I9a+k+jf9TSf1r9o5b+0+kftfSfXv+opf8M+kct/V+if9TSf0b9o5b+L9U/auk/k/5RS/+X6R+19H+5/lFL/5n1j1r6z6J/1NJ/Vv2jlv6z6R+19J9d/6il/xz6Ry39X6F/1NL/lfpHLf3n1D9q6T+X/lFL/1fpH7X0n1v/qKX/q/WPWvrPo3/U0n9e/aOW/vPpH7X0n1//qKX/AvpHLf0X1D9q6b+Q/lFL/9foH7X0f63+UUv/hfWPWvq/Tv+opf8i+kct/RfVP2rpv5j+UUv/xfWPWvovoX/U0n9J/aOW/kvpH7X0X1r/aEL/EQMDA1Nw/9frH7Ws/2X0j1r6L6t/1NJ/Of2jlv7L6x+19H+D/lFL/xX0j1r6v1H/qKX/m/SPWvqvqH/U0n8l/aOW/ivrH7X0H61/1NJ/Ff2f5oLxpy39V9U/aum/mv5RS/836x+19F9d/6il/xr6Ry3919Q/aum/lv5RS/+36B+19H+r/lFL/7X1j1r6v03/qKX/2/WPWvq/Q/+opf879Y9a+q+jf9TSf139o5b+6+kftfRfX/+opf8G+kct/TfUP2rp/y79o5b+G+kftfR/t/5RS/+N9Y9a+r9H/6il/yb6Ry39N9U/aum/mf5RS//N9Y9a+m+hf9TSf0v9o5b+W+kftfTfWv+opf82+kct/bfVP2rpv53+UUv/7fWPWvrvoH/U0n9H/aOW/u/VP2rpv5P+UUv/nfWPWvrvon/U0n9X/aOW/rvpH7X0313/qKX/+/SPWvrvoX/U0n9P/aOW/nvpH7X0f7/+UUv/D+gftfTfW/+opf8++kct/ffVP2rpv5/+UUv//fWPWvofoH/U0v+D+kct/T+kf9TS/0D9o5b+B+kftfQ/WP+opf+H9Y9a+h+if9TS/1D9o5b+H9E/aun/Uf2jlv4f0z9q6X+Y/lFL/8P1j1r6H6F/1NL/4/pHLf2P1D9q6X+U/lFL/6P1j1r6H6N/1NL/WP2jlv6f0D9q6X+c/lFL/0/qH7X0P17/qKX/p/SPWvp/Wv+opf8J+kct/U/UP2rpf5L+UUv/z/y7/4jJMq4XqZb+J1v/UUv/z+oftfQ/Rf+opf/n9I9a+p+qf9TS/zT9o5b+p+sftfQ/Q/+opf+Z+kct/c/SP2rpf7b+UUv/z+sftfQ/R/+opf+5+kct/b+gf9TS/zz9o5b+5+sftfT/ov5RS/8L9I9a+l+of9TS/0v6Ry39L9I/aun/Zf2jlv4X6x+19L9E/6il/6X6Ry39L9M/aun/Ff2jlv5f1T9q6X+5/lFL/6/pH7X0v0L/qKX/1/WPWvpfqX/U0v8q/aOW/lfrH7X0/4b+UUv/a/SPWvp/U/+opf+39I9a+n9b/6il/3f0j1r6f1f/qKX/9/SPWvp/X/+opf+1+kct/a/TP2rpf73+UUv/G/SPWvr/QP+opf+N+kct/W/SP2rpf7P+UUv/W/SPWvr/UP+opf+P9I9a+v9Y/+hp/Sf3YJ4Pk+h/q/5Ry/q/Tf+opf/t+kct/e/QP2rp/xP9o5b+P9U/aun/M/2jlv536h+19P+5/lFL/7v0j1r6/0L/qKX/L/WPWvrfrX/U0v9X+kct/X+tf9TS/x79o5b+93b2H/qfNmjp/5vO/v9RS//79I9a+v9W/6il//36Ry39f6d/1NL/9/pHLf3/oH/U0v8B/aOW/g/qH7X0/6P+UUv/h/SPWvr/Sf+opf+f9Y9a+v9F/6il/1/1j1r6/03/qKX/3/WPWvo/rH/U0v8R/aOW/v/QP2rp/0/9o5b+j+oftfT/l/5RS//H9I9a+j+uf9TS/wn9o5b+Y/SPSvqPHNA/auk/RP+opf9Q/aOW/sP0j1r6D9c/auk/Qv+opf9I/aOW/lPpH7X0n1r/qKX/KP2jlv7T6B+19J9W/6il/3T6Ry39p9c/auk/g/5RS/+X6B+19J9R/6il/0v1j1r6z6R/1NL/ZfpHLf1frn/U0n9m/aOW/rPoH7X0n1X/qKX/bPpHLf1n1z9q6T+H/lFL/1foH7X0f6X+UUv/OfWPWvrPpX/U0v9V+kct/efWP2rp/2r9o5b+8+gftfSfV/+opf98+kct/efXP2rpv4D+UUv/BfWPWvovpH/U0v81+kct/V+rf9TSf2H9o5b+r9M/aum/iP5RS/9F9Y+e7D8wZIrvv5j+Ucv6X1z/qKX/EvpHLf2X1D9q6b+U/lFL/6X1j1r6v17/qKX/MvpHLf2X1T9q6b+c/lFL/+X1j1r6v0H/qKX/CvpHLf3fqH/U0v9N+kct/VfUP2rpv5L+UUv/lfWPWvqP1j9q6b+K/lFL/1X1j1r6r6Z/1NL/zfpHLf1X1z9q6b+G/lFL/zX1j1r6r6V/1NL/LfpHLf3fqn/U0n9t/aOW/m/TP2rp/3b9o5b+79A/aun/Tv2jlv7r6B+19F9X/6il/3r6Ry3919c/aum/gf5RS/8N9Y9a+r9L/6il/0b6Ry39361/1NJ/Y/2jlv7v0T9q6b+J/lFL/031j1r6b6Z/1NJ/c/2jlv5b6B+19N9S/6il/1b6Ry39t9Y/aum/jf5RS/9t9Y9a+m+nf9TSf3v9o5b+O+gftfTfUf+opf979Y9a+u+kf9TSf2f9o5b+u+gftfTfVf+opf9u+kct/XfXP2rp/z79o5b+e+gftfTfU/+opf9e+kct/d+vf1TSf8YP6B+V9B+5t/5RS/999I9a+u+rf9TSfz/9o5b+++sftfQ/QP+opf8H9Y9a+n9I/6il/4H6Ry39D9I/aul/sP5RS/8P6x+19D9E/6il/6H6Ry39P6J/1NL/o/pHLf0/pn/U0v8w/aOW/ofrH7X0P0L/qKX/x/WPWvofqX/U0v8o/aOW/kfrH7X0P0b/qKX/sfpHLf0/oX/U0v84/aOW/p/UP2rpf7z+UUv/T+kftfT/tP5RS/8T9I9a+p+of9TS/yT9o5b+n9E/aul/sv5RS//P6h+19D9F/2iK7H/quLNP7f85/aMpsv/4s0/tf6r+UUv/0/SPWvqfrn/U0v8M/aOW/mfqH7X0P0v/qKX/2fpHLf0/r3/U0v8c/aOW/ufqH7X0/4L+UUv/8/SPWvqfr3/U0v+L+kct/S/QP2rpf6H+wVTjT6f8/l/SP2pZ/xfpH7X0/7L+UUv/i/WPWvpfon/U0v9S/aOW/pfpH7X0/4r+UUv/r+oftfS/XP+opf/X9I9a+l+hf9TS/+v6Ry39r9Q/aul/lf5RS/+r9Y9a+n9D/6il/zX6Ry39v6l/1NL/W/pHLf2/rX/U0v87+kct/b+rf9TS/3v6Ry39v69/1NL/Wv2jlv7X6R+19L9e/6il/w36Ry39f6B/1NL/Rv2jlv436R+19L9Z/6il/y36Ry39f6h/1NL/R/pHLf1/rH/U0v9W/aOW/rfpH7X0v13/qKX/HfpHLf1/on/U0v+n+kct/X+mf9TS/079o5b+P9c/aul/l/5RS/9f6B+19P+l/lFL/7v1j1r6/0r/qKX/r/WPWvrfo3/U0v9e/aOW/r+p7j9ykre09L+vuv+ktfT/rf5RS//79Y9a+v9O/6il/+/1j1r6/0H/qKX/A/pHLf0f1D9q6f9H/aOW/g/pH7X0/5P+UUv/P+sftfT/i/5RS/+/6h+19P+b/lFL/7/rH7X0f1j/qKX/I/pHLf3/oX/U0v+f+kct/R/VP2rp/y/9o5b+j+kftfR/XP+opf8T+kct/cfoH5X0n2pA/6il/xD9o5b+Q/WPWvoP0z9q6T9c/6il/wj9o5b+I/WPWvpPpX/U0n9q/aOW/qP0j1r6T6N/1NJ/Wv2jlv7T6R+19J9e/6il/wz6Ry39X6J/1NJ/Rv2jlv4v1T9q6T+T/lFL/5fpH7X0f7n+UUv/mfWPWvrPon/U0n9W/aOW/rPpH7X0n13/qKX/HPpHLf1foX/U0v+V+kct/efUP2rpP5f+UUv/V+kftfSfW/+opf+r9Y9a+s+jf9TSf179o5b+8+kftfSfX/+opf8C+kct/RfUP2rpv5D+UUv/1+gftfR/rf5RS/+F9Y9a+r9O/6il/yL6Ry39F9U/aum/mP5RS//F9Y9a+i+hf9TSf0n9o5b+S+kftfRfWv+opf/r9Y9a+i+jf9TSf1n9o5b+y+kftfRfXv+opf8b9I+m5P5P6T3VCvpHU3L/p67/N+oftfR/k/5RS/8V9Y9a+q+kf9TSf2X9o5b+o/WPWvqvon/U0n9V/aOW/qvpH7X0f7P+UUv/1fWPWvqvoX/U0n9N/aOW/mvpH7X0f4v+UUv/t+oftfRfW/+opf/b9I9a+r9d/6il/zv0j1r6v1P/qKX/OvpHLf3X1T9q6b+e/lFL//X1j1r6b6B/1NJ/w/b+o/LVLf3f1d5/Elr6b6R/1NL/3fpHLf031j9q6f8e/aOW/pvoH7X031T/qKX/ZvpHLf031z9q6b+F/lFL/y31j1r6b6V/1NJ/a/2jlv7b6B+19N9W/6il/3b6Ry39t9c/aum/g/5RS/8d9Y9a+r9X/6il/076Ry39d9Y/aum/i/5RS/9d9Y9a+u+mf9TSf3f9o5b+79M/aum/h/5RS/899Y9a+u+lf9TS//36Ry39P6B/1NJ/b/2jlv776B+19N/36f3HjPeCD+/FpqX/ftZ/1NJ/f/2jlv4H6B+19P+g/lFL/w/pH7X0P1D/qKX/QfpHLf0P1j9q6f9h/aOW/ofoH7X0P1T/qKX/R/SPWvp/VP+opf/H9I9a+h+mf9TS/3D9o5b+R+gftfT/uP5RS/8j9Y9a+h+lf9TS/2j9o5b+x+gftfQ/Vv+opf8n9I9a+h+nf9TS/5P6Ry39j9c/aun/Kf2jlv6f1j9q6X+C/lFL/xP1j1r6n6R/1NL/M/pHLf1P1j9q6f9Z/aOW/qfoH7X0/5z+UUv/U/WPWvqfpn/U0v90/aOW/mfoH7X0P1P/qKX/WfpHLf3P1j9q6f95/aOW/ufoH7X0P1f/qKX/F/SPWvqfp3/U0v98/aOW/l/UP2rpf4H+UUv/C/WPWvp/Sf+opf9F+kct/b+sf9TS/2L9o5b+l+gftfS/VP+opf9l+kct/b+if9TS/6v6Ry39L9c/aun/Nf2jlv5X6B+19P+6/lFL/yv1j1r6X6V/1NL/av2jlv7f0D9q6X+N/lFL/2/qH7X0/5b+UUv/b+sftfT/jv5RS//v6h+19P+e/lFL/+/rH7X0v1b/qKX/dfpHLf2v1z9q6X+D/lFL/x/oH7X0v1H/qKX/TfpHLf1v1j9q6X+L/lFL/x/qH7X0/5H+UUv/H+sftfS/Vf+opf9t+kct/W/XP2rpf4f+UUv/n+gftfT/qf5RS/+f6R+19L9T/6il/8/1j1r636V/1NL/F/pHLf1/qX/U0v9u/aOW/r/SP2rp/2v9o5b+9+gftfS/V/+opf9v9I9a+t+nf9TS/7f6Ry3979c/aun/O/2jlv6/1z9q6f8H/aOW/g/oH7X0f1D/qKX/H/WPWvo/pH/U0v9P+kct/f+sf9TS/y/6Ry39/6p/1NL/b/pHLf3/rn/U0v9h/aOW/o/oH7X0/4f+UUv/f+oftfR/VP+opf+/9I9a+j+mf9TS/3H9o5b+T+gftfQfo39U0n/qAf2jKbf/I2PGjJlw7dRD9I+m3P5PX/9D9Y9a+g/TP2rpP1z/qKX/CP2jlv4j9Y9a+k+lf9TSf2r9o5b+o/SPWvpPo3/U0n9a/aOW/tPpH7X0n17/qKX/DPpHLf1fon/U0n9G/aOW/i/VP2rpP5P+UUv/l+kftfR/uf5RS/+Z9Y9a+s+if9TSf1b9o5b+s+kftfSfXf+opf8c+kct/V+hf9TS/5X6Ry3959Q/auk/l/5RS/9X6R+19J9b/6il/6v1j1r6z6N/1NJ/Xv2jlv7z6R+19J9f/6il/wL6Ry39F9Q/aum/kP5RS//X6B+19H+t/lFL/4X1j1r6v07/qKX/IvpHLf0X1T9q6b+Y/lFL/8X1j1r6L6F/1NJ/Sf2jlv5L6R+19F9a/6il/+v1j1r6L6N/1NJ/Wf2jlv7L6R+19F9e/6il/xv0j1r6r6B/1NL/jfpHLf3fpH/U0n9F/aOW/ivpH7X0X1n/qKX/aP2jlv6r6B+19F9V/6il/2r6Ry3936x/1NJ/df2jlv5r6B+19F9T/6il/1r6Ry3936J/1NL/rfpHLf3X1j9q6f82/aOW/m/XP2rp/w79o5b+79Q/aum/jv5RS/919Y9a+q+nf9TSf339o5b+G+gftfTfUP+opf+79I9a+m+kf9TS/936Ry39N9Y/aun/Hv2jlv6b6B+19N9U/6il/2b6Ry39N9c/aum/hf5RS/8t9Y9a+m+lf9TSf2v9o5b+2+gftfTfVv+opf92+kct/bfXP2rpv4P+UUv/HfWPWvq/V/+opf9O+kct/XfWP2rpv4v+UUv/XfWPWvrvpn/U0n93/aOW/u/TP2rpv4f+UUv/PfWPWvrvpX/U0v/9+kct/T+gf9TSf2/9o5b+++gftfTfV/+opf9++kct/ffXP2rpf4D+UUv/D+oftfT/kP5RS/8D9Y9a+h+kf9TS/2D9o5b+H9Y/aul/iP5RS/9D9Y9a+n9E/6il/0f1j1r6f0z/qKX/YfpHLf0P1z9q6X+E/lFL/4/rH7X0P1L/qKX/UfpHLf2P1j9q6X+M/lFL/2P1j1r6f0L/qKX/cfpHLf0/qX/U0v94/aOW/p/SP2rp/2n9o5b+J+gftfQ/Uf+opf9J+kct/T+jf9TS/2T9o5b+n9U/aul/iv5RS//P6R+19D9V/6il/2n6Ry39T9c/aul/hv5RS/8z9Y9a+p+lf9TS/2z9o5b+n9c/aul/jv7jTPX0iy39z9U/aun/Bf2jlv7n6R+19D9f/6il/xf1f4blR/T0v0D/qKX/hfpHLf2/pH/U0v8i/aOW/l/WP2rpf7H+UUv/S/SPWvpfqn/U0v8y/aOW/l/RP2rp/1X9o5b+l+sftfT/mv5RS/8r9I9a+n9d/6il/5X6Ry39r9I/aul/tf5RS/9v6B+19L9G/6il/zf1j1r6f0v/qKX/t/WPWvp/R/+opf939Y9a+n9P/6il//f1j1r6X6t/1NL/Ov2jlv7X6x+19L9B/6il/w/0j1r636h/1NL/Jv2jlv436x+19L9F/6il/w/1j1r6/0j/qKX/j/WPWvrfqn/U0v82/aOW/rfrH7X0v0P/qKX/T/SPWvr/VP+opf/P9I9a+t+pf9TS/+f6Ry3979I/aun/C/2jlv6/1D9q6X+3/lFL/1/pH7X0/7X+UUv/e/SPWvrfq3/U0v83+kct/e/TP2rp/1v9o5b+9+sftfT/nf5RS//f6x+19P+D/lFL/wf0j1r6P1jU/+5Dnvu2Lf3/WNT/v9HS/yH9o5b+f9I/aun/Z/2jlv5/0T9q6f9X/aOW/n/TP2rp/3f9o5b+D+sftfR/RP+opf8/9I9a+v9T/6il/6P6Ry39/6V/1NL/Mf2jlv6P6x+19H9C/6il/xj9o5L+owb0j1r6D9E/auk/VP+opf8w/aOW/sP1j1r6j9A/auk/Uv+opf9U+kct/afWP2rpP0r/qKX/NPpHLf2n1f+ZtujpP53+UUv/6fWPWvrPoH/U0v8l+kct/WfUP2rp/1L9o5b+M+kftfR/mf5RS/+X6x+19J9Z/6il/yz6Ry39Z9U/auk/m/5RS//Z9Y9a+s+hf9TS/xX6Ry39X6l/1NJ/Tv2jlv5z6R+19H+V/lFL/7n1j1r6v1r/qKX/PPpHLf3n1T9q6T+f/lFL//n1j1r6L6B/1NJ/Qf2jlv4L6R+19H+N/lFL/9fqH7X0X1j/qKX/6/SPWvovon/U0n9R/aOW/ovpH01x/QEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg/7EDBwIAAAAAQP6vjVBVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVWFHTgQAAAAAADyf22EqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqKuzAgQAAAAAAkP9rI1RVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVhBw5IAAAAAAT9f92OQAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4KYAAAD//2+0K+k=")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r0, 0xc0185879, &(0x7f0000000000)={@id={0x2, 0x0, @a}})

427.903277ms ago: executing program 4 (id=1370):
syz_mount_image$exfat(&(0x7f0000000180), &(0x7f0000000080)='./file0\x00', 0x0, &(0x7f0000001780)=ANY=[@ANYBLOB='errors=continue,namecase=1,iocharset=none,errors=continue,fmask=00000000000000000000011,iocharset=cp950,gid=', @ANYRESHEX=0x0, @ANYRES8=0x0, @ANYRESHEX=0x0, @ANYBLOB=',umask=00000000000000000127435,gid=', @ANYRES64, @ANYBLOB=',\x00'], 0x5, 0x1510, &(0x7f0000000240)="$eJzs3Am4TlX7MPD7Xmvt45D0dJLhsNa6N08yLCdJMiTJkCRJkmRKSDrJKwmJQ6akQxKS4ZAMh5AMJ0465nkekyTpJEmmTMn6rlN83t7qe//v/+17/a//uX/Xta9n3c/a99prP/czrL0N33UZWrNxrWoNiQj+LfjrQxIAxALAQAC4DgACACgXVy4uqz+nxKR/7yDsr/VI6tWeAbuauP7ZG9c/e+P6Z29c/+yN65+9cf2zN65/9sb1Zyw72zy94PW8Zd+N7/9nZ/z7/79IZumxX60tfWPXfyGF65+9cf3/1wr+Kztx/bM3rn/2xvXP3rj+2UGOP+3h+mdvXH/GsrOrff+Zt6u7Xe33H2OMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4yx7OGsv0IBwOX21Z4XY4wxxhhjjDHG/jo+x9WeAWOMMcYYY4wxxv7/QxAgQUEAMZADYiEn5AIBANdCHrgOInA9xMENkBduhHyQHwpAQYiHQlAYNBiwQBBCESgKUbgJisHNUBxKQEkoBQ5KQwLcAmXgVigLt0E5uB3Kwx1QASpCJagMd0IVuAuqwt1QDe6B6lADakItuBdqw31QB+6HuvAA1IMHoT48BA3gYWgIj0AjeBQaw2PQBB6HptAMmkMLaPnfyn8JesDL0BN6QRL0hj7wCvSFftAfBsBAeBUGwWswGF6HZBgCQ+ENGAZvwnB4C0bASBgFb8NoeAfGwFgYB+MhBSbARHgXJsF7MBmmwFSYBqkwHWbA+zATZsFs+ADmwIcwF+bBfFgAafARLIRFkA4fw2L4BDJgCSyFZbAcVsBKWAWrYQ2shXWwHjbARtgEm2ELbIVtsB12wE7YBbvhU9gDn8Fe+Bz2wRf/Yv6Zf8jvioCAAgUqVBiDMRiLsZgLc2FuzI15MA9GMIJxGId5MS/mw3xYAAtgPMZjYSyMBg0SEhbBIhjFKBbDYlgci2NJLIkOHSZgApbBW7EslsVyWA7LY3msgBWxIlbGylgFq2BVrIrVsBpWx+pYE2vivXgv9sY6WAfrYl2sh/Uu357ChtgQG2EjbIyNsQk2wabYFJtjc2yJLbEVtsLW2BrbYltsh+2wPbbHREzEDtgBO2JH7ISdsDN2xi7YBbtiN+yGL+UAfBlfxl5YXfTGPtgH+2Jyjv44AAfgqzgIX8PX8HVMxiE4FN/AN/BNHI6ncQSOxFE4CquId3AMjkUS4zEFU3AiTsRJOAkn4xScgtMwFafjDJyBM3EWzsIPcA5+iB/iPJyHCzAN03AhLsJ0TMfFeAYzcAkuxWW4HFfgclyFq3EVrsV1uBY34AbchJtwC27BbbgNd+AO3IUKAD/Fz/AzTMZ9uA/34348gAfwIB7ETMzEQ3gID+NhPIJH8CgexWN4HE/gcTyFp/A0nsGzeBbP43m8gC/Ef9NoV4k1ySCyKKFEjIgRsSJW5BK5RG6RW+QReURERESciBN5RV6RT+QTBUQBES/iRWFRWBhhBIkwBgBEVERFMVFMFBfFRUlRUjjhRIJIEGVEGVFWlBXlxO2ivLhDVBAVRRtXWVQWVURbV1XcLaqJaqK6qCFqilqilqgtaos6oo6oK+qKeqKeqC8eEg1Eb+yPj4isyjQWQ7CJGIpNRTMhL32DtRLDsbVoI9qKp8RIHIHtRSuXKJ4VHcQY7Cj+Jsbi86KzGI9dxIuiq+gmuouXRA/R2vUUvcRk7C36iGnYV/QT/cUAMRNriA9wTs6a4nWRLIaIoeINsQDfFMPFW2KEGClGibfFaPGOGCPGinFivEgRE8RE8a6YJN4Tk8UUMVVME6liupgh3hczxSwxW3wg5ogPxVwxT8wXC0Sa+EgsFItEuvhYLBafiAyxRCwVy8RysUKsFKvEarFGrBXrxHqxQWwUm8RmsUVsFdvEdrFD7BS7xG7xqdgjPhN7xedin/hC7BdfigPiK3FQfC0yxTfikPhWHBbfiSPie3FU/CCOiePihDgpTokfxWlxRpwV58R58ZO4IH4WF4UXIFEKKaWSgYyROWSszClzyWtkbhlcenWvl3HyBplX3ijzyfyygCwo42UhWVhqaaSVJENZRBaVUXmTLCZvlsVlCVlSlpJOlpYJ8hZZRt4qy8rbZDl5uywv75AVZEVZSVaWd8oq8i4JkV+PUV3WkDVlLXmvrC3vk3Xk/bKufEDWkw/K+vIh2UA+LBvKR2Qj+ahsLB+TTeTjsqlsJpvLFrKlfEK2kk/K1rKNbCufku3k07K9fEYmymdlB+kvvUWel53lC7KLfFF2ld1kd/mzvCi97Cl7SYDeso98RfaV/WR/OUAOlK/KQfI1OVi+LpPlEDlUviGHyTflcPmWHCFHylHybTlaviPHyLFynBwvU+QEOVG+KyfJ9+RkOUVOldNkqpwu+18aabaU/zT/3T/IH/zL0TfJzXKL3Cq3ye1yh9wpd8ndcrfcI/fIvXKv3Cf3yf1yvzwgD8iD8qDMlJnykDwkD8vD8og8Io/Ko/KYPC7PyZPylPxRnpZn5Bl5Tp6X5+WFS68BKFRCSaVUoGJUDhWrcqpc6hqVW12r8qjrVERdr+LUDSqvulHlU/lVAVVQxatCqrDSyiirSIWqiCqqouomvPSGUSVVKeVUaZWgbvlX8lUxdbMqrkr8Jv/y/JL+ZH4tVUvVSrVSrVVr1Va1Ve1UO9VetVeJKlF1UB1UR9VRdVKdVGfVWXVRXVRX1VV1V91VD9VD9VQ9VZJKUn3UK6qv6qf6qwFqoHpVDVKD1GA1WCWrZDVUDVXD1DA1XA1XI9QINUqNUqPVaDVGjVHj1DiVolLURDVRTVKT1GQ1WU1VU1WqSlUz1Aw1U81Us9VsNUfNUXPVXDVfzVdpKk0tVAtVukpXi9VilaGWqCVqmVqmVqgVapVapdaoNWqdWqc2qA0qQ21Wm9VWtVVtV9vVTrVT7Va71R61R+1Ve9U+tU/tV/vVAXVAHVQHVabKVIfUIXVYHVZH1BF1VB1Vx9QxdUKdUKfUKXVanVZn1Vl1Xp1XF9QFdVFdzFr2BSIQgQpUEBPEBLFBbJAryBXkDnIHeYI8QSSIBHFBXJA3uDHIF+QPCgQFg/igUFA40IEJbCAuFT0a3BQUC24OigclgpJBqcAFpYOE4JagTHBrUDa4LSgX3B6UD+4IKgQVg0pB5eDOoEpwV1A1uDuoFtwTVA9qBDWDWsG9Qe3gvqBOcH9QN3ggqBc8GNQPHgoaBA8HDYNHgkbBo0Hj4LGgSfB40DRoFjQPWgQt/9LxvT+d/0nXU/fSSbq37qNf0X11P91fD9AD9at6kH5ND9av62Q9RA/Vb+hh+k09XL+lR+iRepR+W4/W7+gxeqwep8frFD1BT9Tv6kn6PT1ZT9FT9TSdqqfrGfp9PVPP0rP1B3qO/lDP1fP0fL1Ap+mP9EK9SKfrj/Vi/YnO0Ev0Ur1ML9cr9Eq9Sq/Wa/RavU6v1xv0Rr1Jb9Zb9Fa9TW/XO/ROvUvv1p/qPfozvVd/rvfpL/R+/aU+oL/SB/XXOlN/ow/pb/Vh/Z0+or/XR/UP+pg+rk/ok/qU/lGf1mf0WX1On9c/6Qv6Z31R+6zFfdbPu1FGmRgTY2JNrMllcpncJrfJY/KYiImYOBNn8pq8Jp/JZwqYAibexJvCprDJQoZMEVPERE3UFDPFTHFT3JQ0JY0zziSYBFPGlDFlTVlTzpQz5U15U8FUMJVMJXOnudPcZe4yd5u7zT3mHlPD1DC1TC1T29Q2dUwdU9fUNfVMPVPf1DcNTAPT0DQ0jUwj09g0Nk1ME9PUNDXNTXPT0rQ0rUwr09q0Nm1NW9POtDPtTXuTaBJNB9PBdDQdTSfTyXQ2nU0X08V0NV1Nd9Pd9DA9TE/T0ySZJNPH9DF9TV/T3/Q3A81AM8gMMoPNYJNsks1QM9QMM8PMcDPcjDAjzaishap5x4wxY804M96kmBQz0Uw0k8wkM9lMNlPNVJNqUs0MM8PMNDPNbDPbzDFzzFwz18w3802aSTMLzUKTbtLNYrPYZJgMs9QsNcvNcrPSrDSrzWqz1qw162G92Wg2ms1ms9lqtprtZrvZaXaa3Wa32WP2mL1mr9ln9pn9Zr85YA6Yg+agyTSZ5pA5ZA6bw+aIOWKOmqPmmDlmTpgT5pQ5ZU6b0+asOWvOm/yXfi+9ibU5bS57jc1tr7V57HX2H+MCtqCNt4VsYattPpv/N7Gx1ha3JWxJW8o6W9om2Ft+F1ewFW0lW9neaavYu2zV38W17X22jr3f1rUP2Fr23t/E9eyDtr59zDZABLDNbCPbwja2j9km9nHb1DazzW0L284+bdvbZ2yifdZ2sM/9Ll5oF9nVdo1da9fZPfYze9aes4ftd/a8/cn2tL3sQPuqHWRfs4Pt6zbZDvldPMq+bUfbd+wYO9aOs+N/F0+102yqnW5n2PftTDvrd3Ga/cjOsel2rp1n59sFv8RZc0q3H9vF9hObYZfYpXaZXW5X2JV21f+d6zK7wW60m+xu+6ndarfZ7XaH3Wl3/RJnncde+7ndZ7+wh+y39oD9yh60R2ym/eaXOOv8jtjv7VH7gz1mj9sT9qQ9ZX+0p+2ZX84/69xP2p/tRestEBKQJEUBxVAOiqWclIuuodx0LeWh6yhC11Mc3UB56UbKR/mpABWkeCpEhUmTIUtEIRWhohSlm+jyOr0klSJHpSmBbqEydCuVpduoHN1O5ekOqkAVqRJVpjupCt1FVeluqkb3UHWqQTWpFt1Ltek+qkP3U116gOrRg1SfHqIG9DA1pEeoET1KjekxakKPU1NqRs2pBbWkJ6gVPUmtqQ21paeoHT1N7ekZSqRnqQM9Rx3pb9SJnqfO9AJ1oRepK3Wj7vQS9aCXqSf1oiTqTX3oFepL/ag/DaCB9CoNotdoML1OyTSEhtIbNIzepOH0Fo2gkTSK3qbR9A6NobE0jsZTCk2gifQuTaL3aDJNoak0jVJpOs2g92kmzaLZ9AHNoQ9pLs2j+bSA0ugjWkiLKJ0+psX0CWXQElpKy2g5raCVtIpW0xpaS+toPW2gjbSJNtMW2krbaDvtoJ20i3bTp7SHPqO99Dntoy9oP31JB+grOkhfUyZ9Q4foWzpM39ER+t73oh/oGB2nE3SSTtGPdJrO0Fk6R+fpJ7pAP9NF8gQhhiKUoQqDMCbMEcaGOcNc4TVh7vDaME94XRgJrw/jwhvCvOGNYb4wf1ggLBjGh4XCwqEOTWhDCsOwSFg0jIY3hcXCm8PiYYmwZFgqdGHpMCG8JSwT3hqWDW8Ly4W3h+XDO8IKYcXwsQcqh3eGVcK7wqrh3WG18J6welgjrBnWCu8Na4f3hXXC+8O64QNh2fDBsH74UNggfDhsGD4SNgofDRuHj4VNwsfDpmGzsHnYImwZPhG2Cp8MW4dtwrbhU2G78OmwffhMmBg+G3YIn/ul/8FFf96fFPYO+4SvhK+E3t8v50cXRNOiH0UXRhdF06MfRxdHP4lmRJdEl0aXRZdHV0RXRldFV0fXRNdG10XXRzdEN0Y3Rb2vlQMcOuGkUy5wMS6Hi3U5XS53jcvtrnV53HUu4q53ce4Gl9fd6PK5/K6AK+jiXSFX2GlnnHXkQlfEFXVRd5Mr5m52xV0JV9KVcs6VdgmuhWvpWrpW7knX2rVxbd1T7in3tHvaPeOecc+6Du4519H9zXVyz7vO7gX3gnvRdXXdXHf3kuvhJuT59TOZ5Pq4Pq6v6+v6u/5uoBvoBrlBbrAb7JJdshvqhrphbpgb7oa7EW6EG+VGudFutBvjxrhxbpxLcSluopvoJrlJbrKb7Ka6qS7VpboZboab6Wa6KrN+PcpcN9fNd/NdmktzC13WmjHdLXaLXYbLcEvdUrfcLXcr3Uq32q12a91at96tdxvdRrfZbXZb3Va33W13O91Ot9vtdnv8db8O6va5/W6/O+AOuIPua5fpvnGH3LfusPvOHXHfu6PuB3fMHXcn3El3yv3oTrsz7qw75867n9wF97O76LxLiUyITIy8G5kUeS8yOTIlMjUyLZIamR6ZEXk/MjMyKzI78kFkTuTDyNzIvMj8yIJIWuSjyMLIokh65OPI4sgnkYzIksjSyLLI8siKiPeFtoa+iC/qo/4mX8zf7Iv7Er6kL+WdL+0T/C2+jL/Vl/W3+XL+dl/e3+Er+Iq+kn/cN/XNfHPfwrf0T/hW/knf2rfxbf1Tvp1/2rf3z/hE/6zv4J/zHf3ffCf/vO/sX/Bd/Iu+q+/mu/uXfA//su/pe/kk39v38a/4vr6f7+8H+IH+VT/Iv+YH+9d9sh/ih/o3/DD/ph/u3/Ij/Eg/KuZtP/ryJTKM9yl+gp/o3/WT/Ht+sp/ip/ppPtVP9zP8+36mn+Vn+w/8HP+hn+vn+fl+gU/zH/mFfpFP9x/7xf4Tn+GXXL6p7Ff6VX61X+PX+nV+vd/gN/pNfrPf4rf6bX673+F3+l1+t//U7/Gf+b3+c7/Pf+H3+y/9Af+VP+i/9pn+G3/If+sP++/8Ef+9P+p/8Mf8cX/Cn/Sn/I/+tD/jz/pz/rz/yV/wP/uL/G/WGGOMMcb+SyZcaYo/6u/9B8+Jv9u5DwBcu61g5t/3Z60o1+f7td1PxLeLAMCzvbo8cnmrXj0pKenSvhkSgqLzAC7/SVCWGLgSL4G28DQkQhso84fz7ye6nad/Mn70doBcf5cTC1fiK+N/+SfjP/HUqIXlw7Nx/4/x5wEUL3olJydciZdAW5X12AbK/sn4+Vv9k/nn/CoFoPXf5eSGK/GV+SfAk/AcJP5mT8YYY4wxxhhj7Ff9RKVOl68/L/+Nzz+6Po9XV3JywJX4n12fM8YYY4wxxhhj7Op7vlv3Z55ITGzT6V9vVP1vZXHjf2rDe4DLzygA+DcHBPiPn8WW/8ixki99dP6xa/k5H8D/jFL+FY2r/MXEGGOMMcYY+8tdWfT/9nl1tSbEGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4xlQ/+J/07sap8jY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxdrX9nwAAAP//geYOMQ==")
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x90)
getdents64(r0, &(0x7f0000004180)=""/4105, 0x1009)

349.285597ms ago: executing program 3 (id=1372):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000002a00)={0x14, 0x10, 0x701, 0x0, 0x0, {0xa}}, 0x14}}, 0x0)

348.959346ms ago: executing program 4 (id=1373):
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x40, 0x40, 0x2, [@array={0x0, 0x0, 0x0, 0x3, 0x0, {0x3, 0x3}}, @int={0x0, 0x0, 0x0, 0x1, 0x5, 0x24}, @array={0x0, 0x0, 0x0, 0x3, 0x0, {0x2, 0x2}}]}}, 0x0, 0x5a}, 0x28)

250.566087ms ago: executing program 4 (id=1374):
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b400000000000000791048000000000071043b000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48)

250.320584ms ago: executing program 3 (id=1375):
r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x1c9003, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000340)={0x400, 0x300, 0x550, 0x240, 0x6, 0x800, 0x0, 0x0, {0x80000800}, {0x0, 0x2}, {0x0, 0x20000001}, {0x0, 0x20008}, 0x6, 0x3f0, 0x200, 0xd613, 0x0, 0x3, 0x7e, 0x0, 0x3e00, 0xffffffff, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1})

181.03611ms ago: executing program 4 (id=1376):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="5c0000000206050000000000000000000700000014000780080008400000009808000640200000000500010006000000050005000200000005000400000000000900020073797a310000000010000300686173683a69702c6d6163"], 0x5c}}, 0x20000000)

180.852404ms ago: executing program 3 (id=1377):
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
listen(r0, 0x7)
setsockopt$PNPIPE_HANDLE(r0, 0x113, 0x3, 0x0, 0x0)

176.211899ms ago: executing program 4 (id=1378):
r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0)
write$sequencer(r0, &(0x7f0000000140)=ANY=[@ANYBLOB="92003f471300ff039202c0050406810093058019536290009204d0"], 0x30)

77.058464ms ago: executing program 3 (id=1379):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000003c0)={0xc, 0x0, <r1=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000040)={0x28, 0x7, r1, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r0, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, r1, 0x0, <r2=>0xffffffffffffffff, 0x1})
socket$inet6_sctp(0xa, 0x5, 0x84)
ioctl$IOMMU_TEST_OP_ACCESS_RW(r0, 0x3ba0, &(0x7f0000000500)={0x48, 0x8, r2, 0x0, 0x1, 0x1, &(0x7f0000000180)="d4", 0x4})

67.546277ms ago: executing program 4 (id=1380):
syz_emit_ethernet(0x34e, &(0x7f0000000000)={@broadcast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "122d92", 0x318, 0x3a, 0xff, @local, @mcast2, {[], @ndisc_ns={0x87, 0x0, 0x0, @empty, [{0x0, 0x60, "51689209c05602c38ea65a59a8d20cf10f4721a02aeae8ba6124599c49203dbc02733cd0d0698f44cdbd3f5d84ad37b5e7af38b258d90d4495f43100f47318f4bff0596d73f981a22fbb9e0efb5fd1fb8a580c161bc9cb5822a4233baf5b07941c6529c553e450a4d4f81ff19509fc97af68ed80ed63eb64e2ca76348c5a4f04b99b127e8e7425752a9d6a6a58a7643819048ae80b53e934528a999badd4d75f984b68459e765f34b540a1a46bf54a963aeefca5eb5019e35c8a00c8feefcb0cf6358ca9a99833f8a727c88ff20001684f46a22bb7ab0a45eaac8d58df93a42fcf329294e70f881baf99335f7986ce26e53c05f4b0bd98dd1053c85223004608e38f90bbca8fbdf8a13ca60a0aa6967ac86bdd32f71f93294e3b3549eff9fead2df9e4b7ce964dc37604b9db0add86e5eca23388574f3165844815a47b132653ddc7f13512a8056496c5f8f2296f2bb7c1dc5c0279dd8cb2ee2f5767fabbdc614be0ed94523de56cce4eb0820c68305b4cbad4077747e9b9893132e407945eaae83e609b97372b619d24754711bd67aaf8a6335b63713c5469a395bf1d8d77c8d2940c3e17c5ae6b927e9b23eb72420e469cd3993c701bdad0c7dd6ada16d6a1623a9845536c5cbba1e205d23f7b298bee155343b82f4bdf3fc40c57b9a2acad7950fc4f0679cbf169c939b80b217b263964a33f3738dd9039928395ecf89030d8d0e869360b1141c02aa70255a9d8a251159a831c65fdc25979de7fe65b8bff4261d9cef4a3db6cc8a926e7ae4141803a4459748270a3269b8c9884fb5739c4cb4863731559e57fa3a78320e3f5ef83ead3fec93e636653262b70b9441d8c7c2054e61c597ca11a584988ff3a06adeca96d80177e3bf8469127ebf9a34a2433cf888aa571068cb777c88eb7923f49465a20f1b974a57bc055cf2469bb29b2269a5214a754e4146c1008b1901fef880121dfaa2708e21ed00fb5ba4b7ff3065f736f61267e8c15f0d3f0b87273d7ae85094fbb85a93fd03f861816912c8e7fe2270193e2b8dda5757caa2f64fe1edac5b1043907a2efad1e7b0265e68de3811372a1"}]}}}}}}, 0x0)

670.582µs ago: executing program 3 (id=1381):
syz_mount_image$squashfs(&(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x800, &(0x7f0000001180)=ANY=[], 0x1, 0x185, &(0x7f0000000500)="$eJzskrGO00AQhr+1neRAxwkkqmvuipOAAuL4ANFxZejpaLASEyIcIHEkSJTCCKEUFIiSJ8hrIPECUCAeIHWKiBoZ7e7YcsIjsF+xf+bf2dmdiZ9n46wF/Nkuelxg8Dnih1IEwImy3saz+ln0p+gnK3yXvEfivxc9zmbzpuSccs0aL+I0TSanwG/jVVb28J3HxpT6JYeeAkVRFODRB53OYZmzXfR8YFzlwHEA100TRZWjG9HBDaA9Hb1uZ7P57eEoHiSD5GXkn98P74bhvaj9bJgmoV1V7QppBa23gNaBGPGh2W8AH8S6zC6q9jTZV5d4Qlm7Wc7wSLGPVztbquJr9a4W5f8Fjy9AP+tNrmrumakSYFrqovAl6AS199m7DszGnd6rtL9EocpjK4KqRmdNowqienD+IOeKLbWUkmeiXdGV6Fr0ZO+TCXK9fpToZg5N3sbT6aSjh2R/NeTsJKq86GpeH5i+9Yu329w375/ZOhwOh8PhcDgcDsf/xt8AAAD//4Yhcvw=")
llistxattr(&(0x7f0000000040)='./file0\x00', 0x0, 0x86ed55c8bcb50014)

0s ago: executing program 3 (id=1382):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000001c0)=@allocspi={0x10c, 0x16, 0x1, 0x70bd25, 0x0, {{{@in6=@local, @in=@rand_addr=0x64010100, 0x80, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x6c}, @in6=@private1, {0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x5}, {0x80}, {}, 0x0, 0x0, 0x2, 0x1, 0x0, 0x41}}, [@srcaddr={0x14, 0xd, @in6=@private0}]}, 0x10c}}, 0x0)

kernel console output (not intermixed with test programs):

 USB device strings: Mfr=1, Product=2, SerialNumber=3
[   93.731929][  T791] usb 4-1: Product: syz
[   93.733574][  T791] usb 4-1: Manufacturer: syz
[   93.735123][  T791] usb 4-1: SerialNumber: syz
[   93.738381][  T791] usb 4-1: config 0 descriptor??
[   93.946712][  T791] usb 4-1: Found UVC 0.00 device syz (056d:0000)
[   93.948871][  T791] usb 4-1: No valid video chain found.
[   93.953682][  T791] usb 4-1: USB disconnect, device number 5
[   94.101962][ T6550] Bluetooth: hci3: Frame reassembly failed (-84)
[   94.232013][ T5848] usb 3-1: reset high-speed USB device number 4 using dummy_hcd
[   94.393367][ T5848] usb 3-1: device firmware changed
[   94.397834][   T47] usb 3-1: USB disconnect, device number 4
[   94.541587][   T47] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[   94.569566][ T6692] openvswitch: netlink: ct_state flags 0000ffff unsupported
[   94.667002][ T6695] netlink: 4 bytes leftover after parsing attributes in process `syz.3.285'.
[   94.695804][   T47] usb 3-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[   94.700763][   T47] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   94.713305][   T47] usb 3-1: config 0 descriptor??
[   94.733693][   T47] gspca_main: cpia1-2.14.0 probing 0813:0001
[   95.138436][   T47] cpia1 3-1:0.0: unexpected state after lo power cmd: 00
[   95.546294][   T47] gspca_cpia1: usb_control_msg 02, error -32
[   95.549351][   T47] gspca_cpia1: usb_control_msg 02, error -71
[   95.552471][   T47] gspca_cpia1: usb_control_msg 05, error -71
[   95.555180][   T47] cpia1 3-1:0.0: unexpected systemstate: 00
[   95.563859][   T47] usb 3-1: USB disconnect, device number 5
[   95.977614][ T6697] loop3: detected capacity change from 0 to 1024
[   95.997332][ T6697] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   96.015663][ T6697] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters
[   96.024696][ T6697] EXT4-fs (loop3): Remounting filesystem read-only
[   96.057868][ T6062] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   96.161982][ T5950] Bluetooth: hci3: Opcode 0x1003 failed: -110
[   96.364197][ T6715] ipvlan2: entered promiscuous mode
[   96.366923][ T6715] 8021q: adding VLAN 0 to HW filter on device ipvlan2
[   96.370554][ T6715] bond0: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[   97.245114][ T6728] process 'syz.0.296' launched '/dev/fd/9' with NULL argv: empty string added
[   97.599181][ T6739] loop2: detected capacity change from 0 to 512
[   97.629968][ T6739] EXT4-fs (loop2): orphan cleanup on readonly fs
[   97.636089][ T6739] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.301: bg 0: block 248: padding at end of block bitmap is not set
[   97.643305][ T6739] Quota error (device loop2): write_blk: dquota write failed
[   97.646042][ T6739] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota
[   97.650116][ T6739] EXT4-fs error (device loop2): ext4_acquire_dquot:6937: comm syz.2.301: Failed to acquire dquot type 1
[   97.657878][ T6739] EXT4-fs (loop2): 1 truncate cleaned up
[   97.671962][ T6739] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   97.685657][ T6739] EXT4-fs (loop2): warning: mounting fs with errors, running e2fsck is recommended
[   97.690669][ T6739] EXT4-fs warning (device loop2): read_mmp_block:115: Error -117 while reading MMP block 0
[   97.721313][ T5952] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   98.682225][    T9] usb 1-1: new full-speed USB device number 4 using dummy_hcd
[   98.854243][    T9] usb 1-1: config 0 has an invalid interface number: 235 but max is 0
[   98.857461][    T9] usb 1-1: config 0 has no interface number 0
[   98.859460][    T9] usb 1-1: config 0 interface 235 altsetting 16 endpoint 0x5 has invalid wMaxPacketSize 0
[   98.867640][    T9] usb 1-1: config 0 interface 235 has no altsetting 0
[   98.875003][    T9] usb 1-1: New USB device found, idVendor=06cd, idProduct=0112, bcdDevice=3e.18
[   98.878197][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   98.880873][    T9] usb 1-1: Product: syz
[   98.888646][    T9] usb 1-1: Manufacturer: syz
[   98.890818][    T9] usb 1-1: SerialNumber: syz
[   98.903537][    T9] usb 1-1: config 0 descriptor??
[   98.912437][    T9] keyspan 1-1:0.235: Keyspan 1 port adapter converter detected
[   98.916025][    T9] keyspan 1-1:0.235: found no endpoint descriptor for endpoint 87
[   98.919589][    T9] keyspan 1-1:0.235: found no endpoint descriptor for endpoint 7
[   98.926195][    T9] keyspan 1-1:0.235: found no endpoint descriptor for endpoint 81
[   98.930056][    T9] keyspan 1-1:0.235: found no endpoint descriptor for endpoint 1
[   98.934031][    T9] keyspan 1-1:0.235: found no endpoint descriptor for endpoint 85
[   98.937240][    T9] keyspan 1-1:0.235: unsupported endpoint type 0
[   98.949330][    T9] usb 1-1: Keyspan 1 port adapter converter now attached to ttyUSB0
[   99.115126][    T9] usb 1-1: USB disconnect, device number 4
[   99.129524][    T9] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0
[   99.139487][    T9] keyspan 1-1:0.235: device disconnected
[   99.585971][ T6781] netlink: 16222 bytes leftover after parsing attributes in process `syz.3.319'.
[   99.691871][    T9] usb 3-1: new full-speed USB device number 6 using dummy_hcd
[   99.739359][ T6789] loop0: detected capacity change from 0 to 4096
[   99.745889][ T6789] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512).
[   99.778959][ T6789] ntfs3(loop0): ino=1e, "file1" ntfs_sync_inode failed, -22.
[   99.783754][ T6789] ntfs3(loop0): Mark volume as dirty due to NTFS errors
[   99.866136][    T9] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[   99.874124][    T9] usb 3-1: config 0 has no interface number 0
[   99.878269][    T9] usb 3-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[   99.887956][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   99.912541][    T9] usb 3-1: config 0 descriptor??
[   99.929266][    T9] usb 3-1: selecting invalid altsetting 1
[   99.947579][    T9] dvb_ttusb_budget: ttusb_init_controller: error
[   99.956817][    T9] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[  100.023427][ T6802] loop0: detected capacity change from 0 to 4096
[  100.039892][ T6802] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  100.052036][    T9] DVB: Unable to find symbol cx22700_attach()
[  100.082744][ T6802] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  100.087761][    T9] DVB: Unable to find symbol tda10046_attach()
[  100.095137][    T9] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[  100.107039][ T5943] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  100.183351][   T47] usb 3-1: USB disconnect, device number 6
[  100.223338][ T6815] netlink: 212376 bytes leftover after parsing attributes in process `syz.0.331'.
[  101.679753][ T6839] loop2: detected capacity change from 0 to 1024
[  101.698002][ T6839] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  101.743083][ T5952] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  102.218939][ T6863] loop2: detected capacity change from 0 to 16
[  102.241015][ T6863] erofs (device loop2): rootino(nid 36) is not a directory(i_mode 66300)
[  102.877110][ T6875] netlink: 'syz.2.356': attribute type 23 has an invalid length.
[  102.937056][ T6879] unknown channel width for channel at 909000KHz?
[  102.941082][ T6879] unknown channel width for channel at 909000KHz?
[  102.947957][ T6879] unknown channel width for channel at 909000KHz?
[  103.287773][ T6888] loop3: detected capacity change from 0 to 32768
[  103.325346][ T6892] loop0: detected capacity change from 0 to 32768
[  103.327150][ T6888] JBD2: Ignoring recovery information on journal
[  103.347710][ T6892] debugfs: 'B1DE653C5FFC4D88B33B244AAB9EB3E9' already exists in 'ocfs2'
[  103.366238][ T6892] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[  103.370301][ T6888] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  103.391952][ T6888] (syz.3.363,6888,0):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #65: directory entry too close to end - offset=32, inode=17057, rec_len=280, name_len=10
[  103.422829][ T5943] (syz-executor,5943,1):ocfs2_inode_is_valid_to_delete:948 ERROR: Skipping delete of system file 72
[  103.428658][ T5943] ocfs2: Unmounting device (7,0) on (node local)
[  103.429625][ T6062] ocfs2: Unmounting device (7,3) on (node local)
[  103.556617][ T6900] netlink: 'syz.0.367': attribute type 1 has an invalid length.
[  104.181584][    T9] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  104.336041][    T9] usb 3-1: New USB device found, idVendor=0c45, idProduct=60a8, bcdDevice=b5.55
[  104.340029][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  104.345164][    T9] usb 3-1: Product: syz
[  104.347120][    T9] usb 3-1: Manufacturer: syz
[  104.349123][    T9] usb 3-1: SerialNumber: syz
[  104.354805][    T9] usb 3-1: config 0 descriptor??
[  104.359831][    T9] gspca_main: sonixb-2.14.0 probing 0c45:60a8
[  104.558866][ T6913] skbuff: bad partial csum: csum=65506/2 headroom=178 headlen=65526
[  104.773585][ T5848] usb 3-1: USB disconnect, device number 7
[  104.922469][ T6932] netlink: 24 bytes leftover after parsing attributes in process `syz.3.379'.
[  105.387825][ T6936] loop3: detected capacity change from 0 to 65536
[  105.401548][ T6936] XFS (loop3): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[  105.416451][ T6940] loop2: detected capacity change from 0 to 8
[  105.421246][ T6936] XFS (loop3): Ending clean mount
[  105.425357][ T6940] syz.2.383: attempt to access beyond end of device
[  105.425357][ T6940] loop2: rw=2048, sector=36028797018963960, nr_sectors = 16 limit=8
[  105.432468][ T6940] SQUASHFS error: Failed to read block 0xfffffffffffffffa: -5
[  105.435523][ T6940] unable to read xattr id index table
[  105.472958][ T6062] XFS (loop3): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[  105.521666][    T9] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  105.671884][    T9] usb 1-1: Using ep0 maxpacket: 32
[  105.679482][    T9] usb 1-1: config 2 has an invalid interface number: 1 but max is 0
[  105.691635][    T9] usb 1-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config
[  105.695964][    T9] usb 1-1: config 2 has 2 interfaces, different from the descriptor's value: 1
[  105.725315][    T9] usb 1-1: New USB device found, idVendor=22b8, idProduct=2d97, bcdDevice=51.64
[  105.729377][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  105.734448][    T9] usb 1-1: Product: syz
[  105.736254][    T9] usb 1-1: Manufacturer: syz
[  105.738145][    T9] usb 1-1: SerialNumber: syz
[  105.793559][    T9] cdc_acm 1-1:2.1: probe with driver cdc_acm failed with error -22
[  106.350556][ T5848] usb 1-1: USB disconnect, device number 5
[  106.712473][ T6966] program syz.2.389 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  106.803733][ T6973] loop3: detected capacity change from 0 to 128
[  106.863774][ T6975] loop2: detected capacity change from 0 to 128
[  106.885835][ T6975] ufs: You didn't specify the type of your ufs filesystem
[  106.885835][ T6975] 
[  106.885835][ T6975] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ...
[  106.885835][ T6975] 
[  106.885835][ T6975] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old
[  106.949153][ T6975] ufs: ufstype=old is supported read-only
[  106.957435][ T6975] ufs: ufs_fill_super(): fragment size 2066844866 is not a power of 2
[  107.060659][ T6983] netlink: 12 bytes leftover after parsing attributes in process `syz.2.397'.
[  107.144649][ T6987] loop2: detected capacity change from 0 to 512
[  107.206447][ T6987] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  107.212157][ T6987] ext4 filesystem being mounted at /116/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  107.554359][ T5952] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  107.560081][ T6997] netlink: 'syz.3.401': attribute type 1 has an invalid length.
[  107.563344][ T6997] netlink: 4 bytes leftover after parsing attributes in process `syz.3.401'.
[  107.643929][ T7001] A link change request failed with some changes committed already. Interface wg0 may have been left with an inconsistent configuration, please check.
[  108.340750][ T7023] netlink: 16 bytes leftover after parsing attributes in process `syz.0.412'.
[  109.021755][ T7039] pimreg0: tun_chr_ioctl cmd 1074025673
[  109.181723][ T7046] loop0: detected capacity change from 0 to 128
[  109.297751][ T7047] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  111.086304][ T7064] kernel read not supported for file /!selinuxwk1m9ɞ*T#jYmVvm(p-QZ#{ (pid: 7064 comm: syz.2.427)
[  111.145906][ T6460] kworker/u9:10: attempt to access beyond end of device
[  111.145906][ T6460] loop0: rw=1, sector=129, nr_sectors = 912 limit=128
[  111.259662][ T7072] loop2: detected capacity change from 0 to 7
[  111.265849][ T5295] Dev loop2: unable to read RDB block 7
[  111.267801][ T5295]  loop2: unable to read partition table
[  111.269767][ T5295] loop2: partition table beyond EOD, truncated
[  111.287630][ T7072] Dev loop2: unable to read RDB block 7
[  111.290258][ T7072]  loop2: unable to read partition table
[  111.294063][ T7072] loop2: partition table beyond EOD, truncated
[  111.296967][ T7072] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5)
[  111.308709][ T5295] Dev loop2: unable to read RDB block 7
[  111.315308][ T5295]  loop2: unable to read partition table
[  111.318260][ T5295] loop2: partition table beyond EOD, truncated
[  111.500453][ T7079] sctp: [Deprecated]: syz.2.433 (pid 7079) Use of int in max_burst socket option deprecated.
[  111.500453][ T7079] Use struct sctp_assoc_value instead
[  111.561894][   T47] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  111.721520][   T47] usb 4-1: Using ep0 maxpacket: 32
[  111.732981][   T47] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 10168, setting to 1024
[  111.747533][   T47] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  111.763916][   T47] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  111.793015][   T47] usb 4-1: config 0 descriptor??
[  111.802094][ T7078] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  111.826800][   T47] hub 4-1:0.0: USB hub found
[  112.073610][   T47] hub 4-1:0.0: 1 port detected
[  112.921816][   T47] usb 4-1: reset high-speed USB device number 6 using dummy_hcd
[  113.648168][ T7098] loop2: detected capacity change from 0 to 40427
[  113.676381][ T7098] F2FS-fs (loop2): invalid crc value
[  113.754718][ T5848] usb 4-1: USB disconnect, device number 6
[  113.825098][ T7098] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  113.833392][ T7098] F2FS-fs (loop2): Start checkpoint disabled!
[  113.851829][ T7098] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[  113.915917][   T33] audit: type=1800 audit(1756720322.211:2): pid=7098 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.440" name="file1" dev="loop2" ino=10 res=0 errno=0
[  113.986167][ T6506] kworker/u9:55: attempt to access beyond end of device
[  113.986167][ T6506] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  114.010710][ T6506] CPU: 0 UID: 0 PID: 6506 Comm: kworker/u9:55 Not tainted syzkaller #0 PREEMPT(full) 
[  114.010728][ T6506] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  114.010736][ T6506] Workqueue: writeback wb_workfn (flush-7:2)
[  114.010776][ T6506] Call Trace:
[  114.010781][ T6506]  <TASK>
[  114.010787][ T6506]  dump_stack_lvl+0x189/0x250
[  114.010806][ T6506]  ? __pfx_dump_stack_lvl+0x10/0x10
[  114.010819][ T6506]  ? __pfx_queue_work_on+0x10/0x10
[  114.010831][ T6506]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  114.010846][ T6506]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  114.010869][ T6506]  f2fs_handle_critical_error+0x37c/0x540
[  114.010890][ T6506]  f2fs_write_end_io+0x886/0xb60
[  114.010914][ T6506]  __submit_merged_bio+0x27a/0x6a0
[  114.010935][ T6506]  __submit_merged_write_cond+0x255/0x530
[  114.010981][ T6506]  f2fs_write_data_pages+0x261d/0x3000
[  114.011025][ T6506]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  114.011052][ T6506]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  114.011063][ T6506]  ? stack_trace_save+0x9c/0xe0
[  114.011102][ T6506]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  114.011128][ T6506]  ? trace_f2fs_writepages+0x7f/0x200
[  114.011146][ T6506]  ? f2fs_write_node_pages+0x478/0x6e0
[  114.011165][ T6506]  ? __pfx_f2fs_write_node_pages+0x10/0x10
[  114.011192][ T6506]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  114.011209][ T6506]  do_writepages+0x32e/0x550
[  114.011229][ T6506]  ? reacquire_held_locks+0x127/0x1d0
[  114.011240][ T6506]  ? writeback_sb_inodes+0x384/0x1010
[  114.011269][ T6506]  __writeback_single_inode+0x145/0xff0
[  114.011284][ T6506]  ? do_raw_spin_unlock+0x4d/0x240
[  114.011302][ T6506]  writeback_sb_inodes+0x6c7/0x1010
[  114.011336][ T6506]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  114.011399][ T6506]  ? rcu_is_watching+0x15/0xb0
[  114.011419][ T6506]  wb_writeback+0x43b/0xaf0
[  114.011440][ T6506]  ? queue_io+0x3b1/0x590
[  114.011456][ T6506]  ? __pfx_wb_writeback+0x10/0x10
[  114.011477][ T6506]  ? _raw_spin_unlock_irq+0x23/0x50
[  114.011494][ T6506]  wb_workfn+0x409/0xef0
[  114.011516][ T6506]  ? __pfx_wb_workfn+0x10/0x10
[  114.011532][ T6506]  ? __lock_acquire+0xab9/0xd20
[  114.011556][ T6506]  ? process_scheduled_works+0x9ef/0x17b0
[  114.011573][ T6506]  ? _raw_spin_unlock_irq+0x23/0x50
[  114.011586][ T6506]  ? process_scheduled_works+0x9ef/0x17b0
[  114.011596][ T6506]  ? process_scheduled_works+0x9ef/0x17b0
[  114.011609][ T6506]  process_scheduled_works+0xae1/0x17b0
[  114.011643][ T6506]  ? __pfx_process_scheduled_works+0x10/0x10
[  114.011667][ T6506]  worker_thread+0x8a0/0xda0
[  114.011700][ T6506]  kthread+0x711/0x8a0
[  114.011717][ T6506]  ? __pfx_worker_thread+0x10/0x10
[  114.011727][ T6506]  ? __pfx_kthread+0x10/0x10
[  114.011743][ T6506]  ? _raw_spin_unlock_irq+0x23/0x50
[  114.011756][ T6506]  ? lockdep_hardirqs_on+0x9c/0x150
[  114.011771][ T6506]  ? __pfx_kthread+0x10/0x10
[  114.011785][ T6506]  ret_from_fork+0x3fc/0x770
[  114.011800][ T6506]  ? __pfx_ret_from_fork+0x10/0x10
[  114.011816][ T6506]  ? __switch_to_asm+0x39/0x70
[  114.011829][ T6506]  ? __switch_to_asm+0x33/0x70
[  114.011842][ T6506]  ? __pfx_kthread+0x10/0x10
[  114.011856][ T6506]  ret_from_fork_asm+0x1a/0x30
[  114.011883][ T6506]  </TASK>
[  114.132054][ T6506] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  115.001933][ T1271] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  115.161596][ T1271] usb 3-1: Using ep0 maxpacket: 16
[  115.532284][ T1271] usb 3-1: config 4 has an invalid interface number: 51 but max is 0
[  115.535694][ T1271] usb 3-1: config 4 has no interface number 0
[  115.538280][ T1271] usb 3-1: config 4 interface 51 altsetting 2 bulk endpoint 0x1 has invalid maxpacket 16
[  115.983259][ T1271] usb 3-1: config 4 interface 51 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64
[  115.987301][ T1271] usb 3-1: config 4 interface 51 has no altsetting 0
[  115.994304][ T1271] usb 3-1: New USB device found, idVendor=954f, idProduct=4199, bcdDevice= f.76
[  115.998983][ T1271] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  116.002653][ T1271] usb 3-1: Product: syz
[  116.004472][ T1271] usb 3-1: Manufacturer: syz
[  116.006588][ T1271] usb 3-1: SerialNumber: syz
[  116.016688][ T7110] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  116.025558][ T7110] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  116.234625][ T7110] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  116.237980][ T7110] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  116.252663][ T1271] cdc_eem 3-1:4.51 usb0: register 'cdc_eem' at usb-dummy_hcd.2-1, CDC EEM Device, 0e:ba:0c:a5:ba:04
[  116.281564][   T47] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  116.435291][   T47] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  116.439353][   T47] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  116.449491][   T47] usb 1-1: New USB device found, idVendor=056a, idProduct=0336, bcdDevice= 0.00
[  116.453767][ T1271] usb 3-1: USB disconnect, device number 8
[  116.457746][   T47] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  116.460172][ T1271] cdc_eem 3-1:4.51 usb0: unregister 'cdc_eem' usb-dummy_hcd.2-1, CDC EEM Device
[  116.466285][   T47] usb 1-1: config 0 descriptor??
[  116.886256][   T47] wacom 0003:056A:0336.0002: hidraw0: USB HID v0.00 Device [HID 056a:0336] on usb-dummy_hcd.0-1/input0
[  117.086348][ T5848] usb 1-1: USB disconnect, device number 6
[  117.975132][ T7140] Illegal XDP return value 4294967274 on prog  (id 42) dev syz_tun, expect packet loss!
[  118.005435][ T7142] loop2: detected capacity change from 0 to 16
[  118.017689][ T7142] MTD: Attempt to mount non-MTD device "/dev/loop2"
[  118.374442][ T7161] loop0: detected capacity change from 0 to 4096
[  118.396488][ T7161] ntfs3(loop0): Different NTFS sector size (4096) and media sector size (512).
[  118.444062][ T7161] ntfs3(loop0): $Secure::$SII is corrupted.
[  118.447100][ T7161] ntfs3(loop0): Failed to initialize $Secure (-22).
[  118.584448][ T7168] tipc: Started in network mode
[  118.586716][ T7168] tipc: Node identity ac14140f, cluster identity 4711
[  118.593333][ T7168] tipc: New replicast peer: 255.255.255.83
[  118.603848][ T7168] tipc: Enabled bearer <udp:>, priority 10
[  119.715101][   T47] tipc: Node number set to 2886997007
[  119.845279][ T2301] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  119.879161][ T7191] batman_adv: batadv0: Adding interface: dummy0
[  119.881161][ T7191] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  119.890167][ T7191] batman_adv: batadv0: Interface activated: dummy0
[  119.906647][ T7191] batadv0: mtu less than device minimum
[  119.910305][ T7191] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  119.915762][ T7191] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  119.921059][ T7191] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  119.926493][ T7191] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  119.931790][ T7191] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  119.936871][ T7191] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  119.942351][ T7191] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  119.947493][ T7191] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  119.952766][ T7191] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  120.061581][ T2301] usb 4-1: Using ep0 maxpacket: 16
[  120.065270][ T2301] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  120.069560][ T2301] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  120.076893][ T2301] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  120.081005][ T2301] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  120.084897][ T2301] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  120.092967][ T2301] usb 4-1: config 0 descriptor??
[  120.101022][ T7195] loop0: detected capacity change from 0 to 8192
[  120.210600][ T7197] loop0: detected capacity change from 0 to 256
[  120.220164][ T7197] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xbe675ead, utbl_chksum : 0xe619d30d)
[  120.428862][ T7206] netlink: 'syz.0.480': attribute type 4 has an invalid length.
[  120.432432][ T7206] netlink: 17 bytes leftover after parsing attributes in process `syz.0.480'.
[  120.492019][ T7208] loop0: detected capacity change from 0 to 1024
[  120.495323][ T7208] EXT4-fs: Ignoring removed orlov option
[  120.498499][ T7208] EXT4-fs (loop0): stripe (5) is not aligned with cluster size (16), stripe is disabled
[  120.508752][ T2301] microsoft 0003:045E:07DA.0003: unknown main item tag 0x1
[  120.519714][ T2301] HID 045e:07da: Invalid code 65791 type 1
[  120.525249][ T2301] input: HID 045e:07da as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:045E:07DA.0003/input/input10
[  120.543380][ T2301] microsoft 0003:045E:07DA.0003: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.3-1/input0
[  120.560860][ T7208] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  120.579500][ T5943] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  120.719921][ T7181] loop3: detected capacity change from 0 to 2048
[  120.799540][ T6580] Alternate GPT is invalid, using primary GPT.
[  120.809403][ T6580]  loop3: p2 p3 p7
[  120.876395][ T7181] Alternate GPT is invalid, using primary GPT.
[  120.880781][ T7181]  loop3: p2 p3 p7
[  120.909513][ T5848] usb 4-1: USB disconnect, device number 7
[  121.523247][ T7234] netlink: 24 bytes leftover after parsing attributes in process `syz.3.492'.
[  121.779716][ T7250] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3)
[  121.782544][ T7250] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  121.788519][ T7250] vhci_hcd vhci_hcd.0: Device attached
[  121.837421][ T7256] loop0: detected capacity change from 0 to 256
[  121.840972][ T7256] exfat: Deprecated parameter 'utf8'
[  121.850824][ T7256] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x11bbdf60, utbl_chksum : 0xe619d30d)
[  121.962005][ T2301] vhci_hcd: vhci_device speed not set
[  122.021761][ T2301] usb 37-1: new full-speed USB device number 2 using vhci_hcd
[  122.031564][ T1271] usb 3-1: new low-speed USB device number 9 using dummy_hcd
[  122.185590][ T1271] usb 3-1: config 0 has no interfaces?
[  122.187507][ T1271] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  122.193980][ T1271] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  122.201111][ T1271] usb 3-1: config 0 descriptor??
[  122.260088][ T7281] loop0: detected capacity change from 0 to 1024
[  122.318501][ T6482] hfsplus: bad catalog file entry
[  122.320404][ T6482] hfsplus: b-tree write err: -5, ino 3
[  122.411987][ T7251] vhci_hcd: unknown pdu 2
[  122.414867][ T5916] vhci_hcd: stop threads
[  122.417063][ T5916] vhci_hcd: release socket
[  122.422685][ T5916] vhci_hcd: disconnect device
[  122.428488][ T5848] usb 3-1: USB disconnect, device number 9
[  122.481670][ T2301] vhci_hcd: vhci_device speed not set
[  122.486725][ T7295] loop0: detected capacity change from 0 to 256
[  122.501759][ T7295] exfat: Deprecated parameter 'utf8'
[  122.503749][ T7295] exfat: Deprecated parameter 'namecase'
[  122.506076][ T7295] exfat: Deprecated parameter 'namecase'
[  122.508379][ T7295] exfat: Deprecated parameter 'utf8'
[  122.524117][ T7295] exFAT-fs (loop0): failed to load upcase table (idx : 0x00012153, chksum : 0x8212fc2e, utbl_chksum : 0xe619d30d)
[  122.967708][ T7302] netlink: 4 bytes leftover after parsing attributes in process `syz.0.520'.
[  123.629454][ T7324] loop2: detected capacity change from 0 to 2048
[  123.652913][ T7324] UDF-fs: error (device loop2): udf_process_sequence: Primary Volume Descriptor not found!
[  123.666118][ T7324] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  123.742061][ T1271] usb 1-1: new full-speed USB device number 7 using dummy_hcd
[  123.893312][ T1271] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  123.902109][ T1271] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  123.908931][ T1271] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  123.919432][ T1271] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  123.932007][ T1271] usb 1-1: Product: syz
[  123.933780][ T1271] usb 1-1: Manufacturer: syz
[  123.940582][ T1271] usb 1-1: SerialNumber: syz
[  124.181852][ T1271] usb 1-1: 0:2 : does not exist
[  124.195964][ T1271] usb 1-1: 5:0: failed to get current value for ch 0 (-22)
[  124.231584][ T1271] usb 1-1: USB disconnect, device number 7
[  124.265971][ T6580] udevd[6580]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  125.028492][ T7335] loop3: detected capacity change from 0 to 32768
[  125.046701][ T7339] loop0: detected capacity change from 0 to 40427
[  125.065998][ T7339] F2FS-fs (loop0): invalid crc value
[  125.111630][ T7339] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  125.116416][ T7339] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  125.202483][ T5943] syz-executor: attempt to access beyond end of device
[  125.202483][ T5943] loop0: rw=2049, sector=45096, nr_sectors = 16 limit=40427
[  125.210385][ T5943] CPU: 0 UID: 0 PID: 5943 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  125.210397][ T5943] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  125.210401][ T5943] Call Trace:
[  125.210404][ T5943]  <TASK>
[  125.210408][ T5943]  dump_stack_lvl+0x189/0x250
[  125.210422][ T5943]  ? __pfx_dump_stack_lvl+0x10/0x10
[  125.210430][ T5943]  ? __pfx_queue_work_on+0x10/0x10
[  125.210438][ T5943]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  125.210447][ T5943]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  125.210460][ T5943]  f2fs_handle_critical_error+0x37c/0x540
[  125.210474][ T5943]  f2fs_write_end_io+0x886/0xb60
[  125.210487][ T5943]  __submit_merged_bio+0x27a/0x6a0
[  125.210498][ T5943]  __submit_merged_write_cond+0x255/0x530
[  125.210510][ T5943]  f2fs_write_data_pages+0x261d/0x3000
[  125.210520][ T5943]  ? __lock_acquire+0xab9/0xd20
[  125.210541][ T5943]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  125.210568][ T5943]  ? check_path+0x21/0x40
[  125.210574][ T5943]  ? check_noncircular+0xe0/0x160
[  125.210612][ T5943]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  125.210625][ T5943]  do_writepages+0x32e/0x550
[  125.210645][ T5943]  ? do_raw_spin_unlock+0x4d/0x240
[  125.210660][ T5943]  filemap_fdatawrite+0x199/0x240
[  125.210674][ T5943]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  125.210701][ T5943]  ? do_raw_spin_unlock+0x4d/0x240
[  125.210710][ T5943]  f2fs_sync_dirty_inodes+0x31f/0x830
[  125.210723][ T5943]  f2fs_write_checkpoint+0x95a/0x1df0
[  125.210739][ T5943]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  125.210762][ T5943]  ? kill_f2fs_super+0x298/0x6c0
[  125.210771][ T5943]  kill_f2fs_super+0x2c3/0x6c0
[  125.210780][ T5943]  ? __pfx_kill_f2fs_super+0x10/0x10
[  125.210786][ T5943]  ? radix_tree_delete_item+0x2b6/0x400
[  125.210823][ T5943]  ? shrinker_free+0x2ce/0x3e0
[  125.210834][ T5943]  deactivate_locked_super+0xbc/0x130
[  125.210843][ T5943]  cleanup_mnt+0x425/0x4c0
[  125.210851][ T5943]  ? lockdep_hardirqs_on+0x9c/0x150
[  125.210862][ T5943]  task_work_run+0x1d4/0x260
[  125.210872][ T5943]  ? __pfx_task_work_run+0x10/0x10
[  125.210880][ T5943]  ? __x64_sys_umount+0x122/0x160
[  125.210890][ T5943]  ? exit_to_user_mode_loop+0x40/0x110
[  125.210901][ T5943]  exit_to_user_mode_loop+0xec/0x110
[  125.210910][ T5943]  do_syscall_64+0x2bd/0x3b0
[  125.210919][ T5943]  ? lockdep_hardirqs_on+0x9c/0x150
[  125.210928][ T5943]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  125.210934][ T5943]  ? exc_page_fault+0x9f/0xf0
[  125.210944][ T5943]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  125.210950][ T5943] RIP: 0033:0x7ff9caf8ff17
[  125.210958][ T5943] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  125.210963][ T5943] RSP: 002b:00007ffc03593ee8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  125.210971][ T5943] RAX: 0000000000000000 RBX: 00007ff9cb011c05 RCX: 00007ff9caf8ff17
[  125.210976][ T5943] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc03593fa0
[  125.210980][ T5943] RBP: 00007ffc03593fa0 R08: 0000000000000000 R09: 0000000000000000
[  125.210984][ T5943] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc03595030
[  125.210988][ T5943] R13: 00007ff9cb011c05 R14: 000000000001e876 R15: 00007ffc03595070
[  125.210999][ T5943]  </TASK>
[  125.211002][ T5943] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  125.366986][ T5943] CPU: 0 UID: 0 PID: 5943 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  125.367003][ T5943] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  125.367010][ T5943] Call Trace:
[  125.367015][ T5943]  <TASK>
[  125.367020][ T5943]  dump_stack_lvl+0x189/0x250
[  125.367042][ T5943]  ? __pfx_dump_stack_lvl+0x10/0x10
[  125.367056][ T5943]  ? __pfx_queue_work_on+0x10/0x10
[  125.367068][ T5943]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  125.367084][ T5943]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  125.367117][ T5943]  f2fs_handle_critical_error+0x37c/0x540
[  125.367142][ T5943]  f2fs_write_end_io+0x886/0xb60
[  125.367169][ T5943]  __submit_merged_bio+0x27a/0x6a0
[  125.367192][ T5943]  __submit_merged_write_cond+0x255/0x530
[  125.367215][ T5943]  f2fs_write_data_pages+0x261d/0x3000
[  125.367231][ T5943]  ? __lock_acquire+0xab9/0xd20
[  125.367277][ T5943]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  125.367333][ T5943]  ? check_path+0x21/0x40
[  125.367344][ T5943]  ? check_noncircular+0xe0/0x160
[  125.367399][ T5943]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  125.367417][ T5943]  do_writepages+0x32e/0x550
[  125.367444][ T5943]  ? do_raw_spin_unlock+0x4d/0x240
[  125.367463][ T5943]  filemap_fdatawrite+0x199/0x240
[  125.367479][ T5943]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  125.367537][ T5943]  ? do_raw_spin_unlock+0x4d/0x240
[  125.367555][ T5943]  f2fs_sync_dirty_inodes+0x31f/0x830
[  125.367581][ T5943]  f2fs_write_checkpoint+0x95a/0x1df0
[  125.367615][ T5943]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  125.367669][ T5943]  ? kill_f2fs_super+0x298/0x6c0
[  125.367687][ T5943]  kill_f2fs_super+0x2c3/0x6c0
[  125.367705][ T5943]  ? __pfx_kill_f2fs_super+0x10/0x10
[  125.367715][ T5943]  ? radix_tree_delete_item+0x2b6/0x400
[  125.367738][ T5943]  ? shrinker_free+0x2ce/0x3e0
[  125.367753][ T5943]  deactivate_locked_super+0xbc/0x130
[  125.367770][ T5943]  cleanup_mnt+0x425/0x4c0
[  125.367783][ T5943]  ? lockdep_hardirqs_on+0x9c/0x150
[  125.367830][ T5943]  task_work_run+0x1d4/0x260
[  125.367850][ T5943]  ? __pfx_task_work_run+0x10/0x10
[  125.367863][ T5943]  ? __x64_sys_umount+0x122/0x160
[  125.367884][ T5943]  ? exit_to_user_mode_loop+0x40/0x110
[  125.367905][ T5943]  exit_to_user_mode_loop+0xec/0x110
[  125.367922][ T5943]  do_syscall_64+0x2bd/0x3b0
[  125.367938][ T5943]  ? lockdep_hardirqs_on+0x9c/0x150
[  125.367953][ T5943]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  125.367965][ T5943]  ? exc_page_fault+0x9f/0xf0
[  125.367983][ T5943]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  125.367994][ T5943] RIP: 0033:0x7ff9caf8ff17
[  125.368022][ T5943] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  125.368031][ T5943] RSP: 002b:00007ffc03593ee8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  125.368044][ T5943] RAX: 0000000000000000 RBX: 00007ff9cb011c05 RCX: 00007ff9caf8ff17
[  125.368052][ T5943] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc03593fa0
[  125.368059][ T5943] RBP: 00007ffc03593fa0 R08: 0000000000000000 R09: 0000000000000000
[  125.368065][ T5943] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc03595030
[  125.368072][ T5943] R13: 00007ff9cb011c05 R14: 000000000001e876 R15: 00007ffc03595070
[  125.368103][ T5943]  </TASK>
[  125.368108][ T5943] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  126.096987][ T7374] net_ratelimit: 11 callbacks suppressed
[  126.096998][ T7374] openvswitch: netlink: IP tunnel dst address not specified
[  126.206359][ T7372] loop3: detected capacity change from 0 to 32768
[  126.217175][ T7372] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.551 (7372)
[  126.251122][ T7372] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  126.265878][ T7372] BTRFS info (device loop3): using crc32c (crc32c-lib) checksum algorithm
[  126.269470][ T7372] BTRFS warning (device loop3): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  126.422695][   T33] audit: type=1326 audit(1756720334.721:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7399 comm="syz.2.557" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f4fad98ebe9 code=0x0
[  126.445226][ T7372] BTRFS info (device loop3): rebuilding free space tree
[  126.496292][ T7372] BTRFS info (device loop3): disabling free space tree
[  126.499330][ T7372] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  126.504382][ T7372] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  126.517544][ T7372] BTRFS info (device loop3): setting nodatasum
[  126.520233][ T7372] BTRFS info (device loop3): setting nodatacow
[  126.525057][ T7372] BTRFS info (device loop3): enabling ssd optimizations
[  126.528211][ T7372] BTRFS info (device loop3): turning off barriers
[  126.531148][ T7372] BTRFS info (device loop3): turning on flush-on-commit
[  126.534483][ T7372] BTRFS info (device loop3): enabling disk space caching
[  126.537644][ T7372] BTRFS info (device loop3): force clearing of disk cache
[  126.549979][ T7372] BTRFS info (device loop3): doing ref verification
[  126.558273][ T7372] BTRFS info (device loop3): max_inline set to 4096
[  126.755017][ T6062] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  127.326165][ T7424] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  128.269141][ T7452] loop0: detected capacity change from 0 to 512
[  128.273438][ T7452] EXT4-fs: Ignoring removed nomblk_io_submit option
[  128.298008][ T7452] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  128.303357][ T7452] ext4 filesystem being mounted at /194/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  128.330683][ T7452] EXT4-fs error (device loop0): ext4_map_blocks:778: inode #2: block 7: comm syz.0.578: lblock 12 mapped to illegal pblock 7 (length 22)
[  128.375166][ T5943] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  128.749967][ T7473] loop0: detected capacity change from 0 to 2048
[  128.756942][ T7473] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  128.951524][ T5991] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  129.002827][ T7483] netlink: 12 bytes leftover after parsing attributes in process `syz.2.592'.
[  129.015242][ T7485] netlink: 100 bytes leftover after parsing attributes in process `syz.0.593'.
[  129.019176][ T7485] netlink: 8 bytes leftover after parsing attributes in process `syz.0.593'.
[  129.024103][ T7485] netlink: 4 bytes leftover after parsing attributes in process `syz.0.593'.
[  129.101507][ T5991] usb 4-1: Using ep0 maxpacket: 32
[  129.108067][ T5991] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  129.113906][ T5991] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  129.121799][ T5991] usb 4-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00
[  129.125816][ T5991] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  129.139993][ T5991] usb 4-1: config 0 descriptor??
[  129.563511][ T5991] hid-led 0003:27B8:01ED.0004: item fetching failed at offset 0/2
[  129.568100][ T5991] hid-led 0003:27B8:01ED.0004: probe with driver hid-led failed with error -22
[  129.598007][ T7507] A link change request failed with some changes committed already. Interface tunl0 may have been left with an inconsistent configuration, please check.
[  129.779923][ T5991] usb 4-1: USB disconnect, device number 8
[  129.914902][ T7514] loop0: detected capacity change from 0 to 2048
[  129.962905][ T7514]  loop0: p3 < > p4 < >
[  129.964788][ T7514] loop0: partition table partially beyond EOD, truncated
[  129.969930][ T7514] loop0: p3 start 4284289 is beyond EOD, truncated
[  130.906043][ T7531] loop3: detected capacity change from 0 to 4096
[  130.917292][ T7531] ntfs3(loop3): Different NTFS sector size (4096) and media sector size (512).
[  131.110249][ T7535] loop3: detected capacity change from 0 to 1024
[  131.294634][ T7549] netlink: 'syz.2.623': attribute type 15 has an invalid length.
[  131.482529][ T7551] loop3: detected capacity change from 0 to 32768
[  131.491040][ T7551] XFS (loop3): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  131.507662][ T7551] XFS (loop3): Ending clean mount
[  131.517132][ T7551] XFS (loop3): Quotacheck needed: Please wait.
[  131.544041][ T7551] XFS (loop3): Quotacheck: Done.
[  131.563670][   T33] audit: type=1800 audit(1756720339.861:4): pid=7551 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.624" name="file1" dev="loop3" ino=6150 res=0 errno=0
[  131.628142][ T6062] XFS (loop3): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  132.572550][ T1363] ieee802154 phy0 wpan0: encryption failed: -22
[  132.575924][ T1363] ieee802154 phy1 wpan1: encryption failed: -22
[  132.747430][ T7594] netlink: 4 bytes leftover after parsing attributes in process `syz.2.640'.
[  133.338194][ T7608] veth2: entered promiscuous mode
[  133.340380][ T7608] veth2: entered allmulticast mode
[  133.411247][ T7610] loop3: detected capacity change from 0 to 4096
[  133.426982][ T7610] ntfs3(loop3): Different NTFS sector size (4096) and media sector size (512).
[  133.582014][ T7610] ntfs3(loop3): Failed to initialize $Extend/$Reparse.
[  133.770919][ T7623] loop0: detected capacity change from 0 to 2048
[  133.794781][ T7623] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024)
[  133.890038][ T7623] syz.0.649: attempt to access beyond end of device
[  133.890038][ T7623] loop0: rw=524288, sector=33554430, nr_sectors = 2 limit=2048
[  133.911439][ T7624] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  134.163979][ T5950] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0
[  134.167528][ T5950] Bluetooth: hci2: Injecting HCI hardware error event
[  134.170539][ T5950] Bluetooth: hci2: hardware error 0x00
[  134.586807][ T7651] loop0: detected capacity change from 0 to 1024
[  134.590578][ T7651] EXT4-fs: Ignoring removed oldalloc option
[  134.595209][ T7651] EXT4-fs: Ignoring removed orlov option
[  134.597865][ T7651] EXT4-fs (loop0): stripe (2) is not aligned with cluster size (16), stripe is disabled
[  134.624079][ T7651] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  134.693044][ T7651] EXT4-fs error (device loop0): mb_free_blocks:2017: group 0, inode 15: block 177:freeing already freed block (bit 11); block bitmap corrupt.
[  134.705868][ T7658] bridge0: port 2(bridge_slave_1) entered disabled state
[  134.714755][ T7658] bridge_slave_1: left allmulticast mode
[  134.716637][ T7658] bridge_slave_1: left promiscuous mode
[  134.718844][ T7658] bridge0: port 2(bridge_slave_1) entered disabled state
[  134.727223][ T7658] A link change request failed with some changes committed already. Interface bridge_slave_1 may have been left with an inconsistent configuration, please check.
[  134.729401][ T5943] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  134.977907][ T7664] loop0: detected capacity change from 0 to 32768
[  135.028085][ T7664] ocfs2: Mounting device (7,0) on (node local, slot 0) with writeback data mode.
[  135.052868][ T5943] ocfs2: Unmounting device (7,0) on (node local)
[  135.226641][ T7684] loop0: detected capacity change from 0 to 4096
[  135.257052][ T7684] ntfs3(loop0): ino=0, "file0" failed to extend initialized size to 8fecc.
[  135.479901][ T7686] loop0: detected capacity change from 0 to 32768
[  135.495869][ T5991] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  135.534621][ T7686] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  135.858526][ T7686] XFS (loop0): Ending clean mount
[  135.864213][ T7686] XFS (loop0): Quotacheck needed: Please wait.
[  135.879557][ T5991] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  135.886175][ T5991] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  135.890492][ T5991] usb 4-1: New USB device found, idVendor=046d, idProduct=c623, bcdDevice= 0.00
[  135.891949][ T7686] XFS (loop0): Quotacheck: Done.
[  135.895475][ T5991] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  135.914833][ T5991] usb 4-1: config 0 descriptor??
[  135.954478][ T5943] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  136.243904][ T7709] netlink: 212376 bytes leftover after parsing attributes in process `syz.0.681'.
[  136.273744][ T5950] Bluetooth: hci2: Opcode 0x0c03 failed: -110
[  136.334710][ T5991] logitech 0003:046D:C623.0005: unknown main item tag 0x0
[  136.354127][ T5991] logitech 0003:046D:C623.0005: hidraw0: USB HID v0.00 Device [HID 046d:c623] on usb-dummy_hcd.3-1/input0
[  136.536917][   T47] usb 4-1: USB disconnect, device number 9
[  136.831736][ T5991] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  136.981584][ T5991] usb 1-1: Using ep0 maxpacket: 32
[  136.989556][ T5991] usb 1-1: config 0 has an invalid interface number: 20 but max is 0
[  136.996993][ T5991] usb 1-1: config 0 has no interface number 0
[  137.002294][ T5991] usb 1-1: New USB device found, idVendor=1485, idProduct=0001, bcdDevice=3e.65
[  137.006020][ T5991] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  137.009749][ T5991] usb 1-1: Product: syz
[  137.013834][ T5991] usb 1-1: Manufacturer: syz
[  137.015712][ T5991] usb 1-1: SerialNumber: syz
[  137.019560][ T5991] usb 1-1: config 0 descriptor??
[  137.110042][ T7757] loop3: detected capacity change from 0 to 1024
[  137.146250][ T7757] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  137.165452][ T7757] EXT4-fs error (device loop3): ext4_xattr_inode_iget:437: inode #11: comm syz.3.703: missing EA_INODE flag
[  137.174376][ T7757] EXT4-fs (loop3): Remounting filesystem read-only
[  137.177371][ T7757] EXT4-fs warning (device loop3): ext4_expand_extra_isize_ea:2848: Unable to expand inode 15. Delete some EAs or run e2fsck.
[  137.213070][ T6062] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  137.303914][ T7768] loop3: detected capacity change from 0 to 2048
[  137.314160][ T7768] EXT4-fs (loop3): unsupported inode size: 0
[  137.316198][ T7768] EXT4-fs (loop3): blocksize: 2048
[  137.362824][ T7772] Invalid source name
[  137.365522][ T7772] UBIFS error (pid: 7772): cannot open "/dev/sg0", error -22
[  137.456304][ T5991] kaweth 1-1:0.20: Firmware present in device.
[  137.643194][ T5991] kaweth 1-1:0.20: Statistics collection: 0
[  137.645962][ T5991] kaweth 1-1:0.20: Multicast filter limit: 0
[  137.648472][ T5991] kaweth 1-1:0.20: MTU: 0
[  137.650246][ T5991] kaweth 1-1:0.20: Read MAC address 00:00:00:00:00:00
[  138.017511][ T7803] netlink: 144 bytes leftover after parsing attributes in process `syz.2.724'.
[  138.232572][ T7810] netlink: 24 bytes leftover after parsing attributes in process `syz.2.726'.
[  138.246411][ T5991] kaweth 1-1:0.20: Error setting receive filter
[  138.249598][ T5991] kaweth 1-1:0.20: probe with driver kaweth failed with error -5
[  138.256448][ T5991] usb 1-1: USB disconnect, device number 8
[  138.434125][ T7822] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  138.864470][ T7844] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) !
[  138.942097][ T7850] loop0: detected capacity change from 0 to 2048
[  139.002161][ T7855] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  139.246944][ T7867] loop0: detected capacity change from 0 to 2048
[  139.255166][ T7867] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  139.327268][ T7857] loop3: detected capacity change from 0 to 40427
[  139.342821][ T7857] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  139.346818][ T7857] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  139.358732][ T7857] F2FS-fs (loop3): invalid crc value
[  139.385631][ T7876] loop0: detected capacity change from 0 to 256
[  139.475392][ T7880] netlink: 4 bytes leftover after parsing attributes in process `syz.2.760'.
[  139.501961][ T7880] bond_slave_0: entered promiscuous mode
[  139.504918][ T7880] bond_slave_1: entered promiscuous mode
[  139.507168][ T7857] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  139.507462][ T7880] team_slave_0: entered promiscuous mode
[  139.513116][ T7880] team_slave_1: entered promiscuous mode
[  139.520814][ T7882] loop0: detected capacity change from 0 to 512
[  139.520984][ T7880] 8021q: adding VLAN 0 to HW filter on device macvtap1
[  139.538725][ T7857] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  139.542284][ T7857] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  139.546947][ T7880] bond_slave_0: left promiscuous mode
[  139.549289][ T7880] bond_slave_1: left promiscuous mode
[  139.551835][ T7880] team_slave_0: left promiscuous mode
[  139.554164][ T7880] team_slave_1: left promiscuous mode
[  139.578232][ T7882] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  139.586824][ T7882] ext4 filesystem being mounted at /245/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  139.609418][ T7882] Quota error (device loop0): write_blk: dquota write failed
[  139.617147][ T7882] Quota error (device loop0): qtree_write_dquot: Error -28 occurred while creating quota
[  139.620536][ T7882] EXT4-fs error (device loop0): ext4_acquire_dquot:6937: comm syz.0.759: Failed to acquire dquot type 1
[  139.655166][ T5943] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  139.981621][ T5991] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  140.151553][ T5991] usb 1-1: Using ep0 maxpacket: 8
[  140.161943][ T5991] usb 1-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c
[  140.167752][ T5991] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  140.173270][ T5991] usb 1-1: Product: syz
[  140.178980][ T5991] usb 1-1: Manufacturer: syz
[  140.180446][ T5991] usb 1-1: SerialNumber: syz
[  140.449249][ T5991] usb 1-1: config 0 descriptor??
[  140.463059][ T5991] gspca_main: se401-2.14.0 probing 047d:5003
[  140.540905][ T7916] capability: warning: `syz.3.774' uses 32-bit capabilities (legacy support in use)
[  140.547904][ T7916] program syz.3.774 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  140.656175][ T7920] bridge0: port 1(bridge_slave_0) entered disabled state
[  140.664070][ T7920] bridge0: port 2(bridge_slave_1) entered disabled state
[  140.702219][ T7921] netlink: 'syz.3.776': attribute type 16 has an invalid length.
[  140.705547][ T7921] netlink: 'syz.3.776': attribute type 17 has an invalid length.
[  140.720723][ T7921] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  140.925004][ T7927] loop3: detected capacity change from 0 to 2048
[  140.937541][ T7927] UDF-fs: error (device loop3): udf_process_sequence: Primary Volume Descriptor not found!
[  140.945209][ T7927] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  140.953654][ T7927] UDF-fs: error (device loop3): udf_verify_fi: directory (ino 1376) has entry at pos 100 with incorrect tag 0
[  140.973747][ T7931] netlink: 'syz.2.781': attribute type 32 has an invalid length.
[  141.066476][ T7937] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  141.294824][ T7949] loop0: detected capacity change from 0 to 256
[  141.320425][ T7949] FAT-fs (loop0): Directory bread(block 64) failed
[  141.326714][ T7949] FAT-fs (loop0): Directory bread(block 65) failed
[  141.329612][ T7949] FAT-fs (loop0): Directory bread(block 66) failed
[  141.333982][ T7949] FAT-fs (loop0): Directory bread(block 67) failed
[  141.336739][ T7949] FAT-fs (loop0): Directory bread(block 68) failed
[  141.339168][ T7949] FAT-fs (loop0): Directory bread(block 69) failed
[  141.342096][ T7949] FAT-fs (loop0): Directory bread(block 70) failed
[  141.344743][ T7949] FAT-fs (loop0): Directory bread(block 71) failed
[  141.351544][ T7949] FAT-fs (loop0): Directory bread(block 72) failed
[  141.353955][ T7949] FAT-fs (loop0): Directory bread(block 73) failed
[  141.443228][ T5991] gspca_se401: read req failed req 0x06 error -19
[  141.450875][ T5991] usb 1-1: USB disconnect, device number 9
[  141.493230][ T7956] netlink: 20 bytes leftover after parsing attributes in process `syz.0.793'.
[  141.653925][ T7969] netlink: 'syz.2.795': attribute type 27 has an invalid length.
[  141.657218][ T7969] netlink: 'syz.2.795': attribute type 1 has an invalid length.
[  141.680455][ T7969] bridge0: port 1(bridge_slave_0) entered learning state
[  142.540899][ T7991] loop3: detected capacity change from 0 to 4096
[  142.545402][ T7991] ntfs3(loop3): Different NTFS sector size (4096) and media sector size (512).
[  142.566084][ T7991] ntfs3(loop3): Failed to load $Extend (-22).
[  142.569430][ T7991] ntfs3(loop3): Failed to initialize $Extend.
[  142.576290][ T7995] netlink: 'syz.2.810': attribute type 27 has an invalid length.
[  142.580016][ T7995] netlink: 'syz.2.810': attribute type 3 has an invalid length.
[  142.586072][ T7995] netlink: 132 bytes leftover after parsing attributes in process `syz.2.810'.
[  142.664169][ T7999] loop3: detected capacity change from 0 to 2048
[  142.668476][ T7999] UDF-fs: error (device loop3): udf_read_tagged: tag checksum failed, block 129: 0x32 != 0x7d
[  142.673478][ T7999] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  143.404065][ T8019] loop3: detected capacity change from 0 to 1764
[  143.437324][ T8019] loop3: detected capacity change from 0 to 128
[  143.445880][ T8019] omfs: Bad value for 'dmask'
[  143.455786][ T8019] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount.
[  143.504603][ T8019] CIFS mount error: No usable UNC path provided in device string!
[  143.504603][ T8019] 
[  143.510866][ T8019] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  144.268314][   T33] audit: type=1326 audit(1756720352.561:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8039 comm="syz.0.829" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff9caf8ebe9 code=0x7ffc0000
[  144.289642][   T33] audit: type=1326 audit(1756720352.571:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8039 comm="syz.0.829" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff9caf8ebe9 code=0x7ffc0000
[  144.317841][   T33] audit: type=1326 audit(1756720352.581:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8039 comm="syz.0.829" exe="/syz-executor" sig=0 arch=c000003e syscall=229 compat=0 ip=0x7ff9caf8ebe9 code=0x7ffc0000
[  144.357877][   T33] audit: type=1326 audit(1756720352.581:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8039 comm="syz.0.829" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff9caf8ebe9 code=0x7ffc0000
[  144.384761][   T33] audit: type=1326 audit(1756720352.581:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8039 comm="syz.0.829" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff9caf8ebe9 code=0x7ffc0000
[  145.426096][ T8057] netlink: 20 bytes leftover after parsing attributes in process `syz.0.836'.
[  146.496011][ T8075] loop0: detected capacity change from 0 to 1024
[  147.186269][ T8090] loop3: detected capacity change from 0 to 8
[  148.289526][ T8113] loop3: detected capacity change from 0 to 128
[  148.294627][ T8111] batman_adv: batadv0: Local translation table size (116) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:2a
[  148.551584][   T47] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  148.653890][ T8121] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  148.701592][   T47] usb 4-1: Using ep0 maxpacket: 32
[  148.705971][   T47] usb 4-1: New USB device found, idVendor=13d8, idProduct=0020, bcdDevice=f7.31
[  148.710030][   T47] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  148.722062][   T47] usb 4-1: config 0 descriptor??
[  148.743572][   T47] usb 4-1: selecting invalid altsetting 3
[  148.745896][   T47] comedi comedi5: could not set alternate setting 3 in high speed
[  148.748372][   T47] usbduxsigma 4-1:0.0: driver 'usbduxsigma' failed to auto-configure device.
[  148.754055][   T47] usbduxsigma 4-1:0.0: probe with driver usbduxsigma failed with error -22
[  149.910581][ T8142] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci1/hci1:200/input11
[  150.540422][ T5991] usb 4-1: USB disconnect, device number 10
[  150.801850][ T8171] netlink: 'syz.0.882': attribute type 11 has an invalid length.
[  151.173549][ T8180] comedi comedi3: 8255: I/O port conflict (0x3,4)
[  151.176640][ T8180] comedi comedi3: 8255: I/O port conflict (0x10000,4)
[  151.189618][ T8180] comedi comedi3: 8255: I/O port conflict (0x4,4)
[  151.197388][ T8180] comedi comedi3: 8255: I/O port conflict (0xc,4)
[  151.207022][ T8180] comedi comedi3: 8255: I/O port conflict (0x10,4)
[  151.209873][ T8180] comedi comedi3: 8255: I/O port conflict (0x7,4)
[  151.225489][ T8180] comedi comedi3: 8255: I/O port conflict (0x400000a,4)
[  151.233458][ T8180] comedi comedi3: 8255: I/O port conflict (0xfffffffffffffff8,4)
[  151.244687][ T8180] comedi comedi3: 8255: I/O port conflict (0x3,4)
[  151.250520][ T8180] comedi comedi3: 8255: I/O port conflict (0x1,4)
[  151.256831][ T8180] comedi comedi3: 8255: I/O port conflict (0x1,4)
[  151.264267][ T8180] comedi comedi3: 8255: I/O port conflict (0x1,4)
[  151.270583][ T8180] comedi comedi3: 8255: I/O port conflict (0x6,4)
[  151.662718][ T8186] netlink: 260 bytes leftover after parsing attributes in process `syz.0.889'.
[  151.666961][ T8186] netlink: 8 bytes leftover after parsing attributes in process `syz.0.889'.
[  151.825906][ T8184] loop3: detected capacity change from 0 to 40427
[  151.840026][ T8184] F2FS-fs (loop3): invalid crc value
[  151.989123][ T8197] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  151.993101][ T8197] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off.
[  151.997888][ T8197] overlayfs: missing 'lowerdir'
[  152.010616][ T8197] fuse: Unknown parameter './bus'
[  152.248630][ T8184] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  152.253991][ T8184] F2FS-fs (loop3): Start checkpoint disabled!
[  152.258367][ T8184] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[  152.269720][ T8184] syz.3.887: attempt to access beyond end of device
[  152.269720][ T8184] loop3: rw=2049, sector=45096, nr_sectors = 16 limit=40427
[  152.288090][ T6482] kworker/u9:31: attempt to access beyond end of device
[  152.288090][ T6482] loop3: rw=2049, sector=45112, nr_sectors = 8 limit=40427
[  152.293907][ T6482] CPU: 1 UID: 0 PID: 6482 Comm: kworker/u9:31 Not tainted syzkaller #0 PREEMPT(full) 
[  152.293924][ T6482] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  152.293932][ T6482] Workqueue: writeback wb_workfn (flush-7:3)
[  152.293953][ T6482] Call Trace:
[  152.293958][ T6482]  <TASK>
[  152.293963][ T6482]  dump_stack_lvl+0x189/0x250
[  152.293983][ T6482]  ? __pfx_dump_stack_lvl+0x10/0x10
[  152.293996][ T6482]  ? __pfx_queue_work_on+0x10/0x10
[  152.294007][ T6482]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  152.294023][ T6482]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  152.294046][ T6482]  f2fs_handle_critical_error+0x37c/0x540
[  152.294069][ T6482]  f2fs_write_end_io+0x886/0xb60
[  152.294096][ T6482]  __submit_merged_bio+0x27a/0x6a0
[  152.294116][ T6482]  __submit_merged_write_cond+0x255/0x530
[  152.294137][ T6482]  f2fs_write_data_pages+0x261d/0x3000
[  152.294181][ T6482]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  152.294208][ T6482]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  152.294242][ T6482]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  152.294264][ T6482]  ? trace_f2fs_writepages+0x7f/0x200
[  152.294278][ T6482]  ? f2fs_write_node_pages+0x478/0x6e0
[  152.294295][ T6482]  ? __pfx_f2fs_write_node_pages+0x10/0x10
[  152.294319][ T6482]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  152.294333][ T6482]  do_writepages+0x32e/0x550
[  152.294350][ T6482]  ? reacquire_held_locks+0x127/0x1d0
[  152.294360][ T6482]  ? writeback_sb_inodes+0x384/0x1010
[  152.294379][ T6482]  __writeback_single_inode+0x145/0xff0
[  152.294392][ T6482]  ? do_raw_spin_unlock+0x4d/0x240
[  152.294408][ T6482]  writeback_sb_inodes+0x6c7/0x1010
[  152.294500][ T6482]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  152.294549][ T6482]  ? rcu_is_watching+0x15/0xb0
[  152.294567][ T6482]  wb_writeback+0x43b/0xaf0
[  152.294585][ T6482]  ? queue_io+0x3b1/0x590
[  152.294600][ T6482]  ? __pfx_wb_writeback+0x10/0x10
[  152.294618][ T6482]  ? _raw_spin_unlock_irq+0x23/0x50
[  152.294635][ T6482]  wb_workfn+0x409/0xef0
[  152.294658][ T6482]  ? __pfx_wb_workfn+0x10/0x10
[  152.294674][ T6482]  ? __lock_acquire+0xab9/0xd20
[  152.294698][ T6482]  ? process_scheduled_works+0x9ef/0x17b0
[  152.294713][ T6482]  ? _raw_spin_unlock_irq+0x23/0x50
[  152.294724][ T6482]  ? process_scheduled_works+0x9ef/0x17b0
[  152.294733][ T6482]  ? process_scheduled_works+0x9ef/0x17b0
[  152.294744][ T6482]  process_scheduled_works+0xae1/0x17b0
[  152.294776][ T6482]  ? __pfx_process_scheduled_works+0x10/0x10
[  152.294801][ T6482]  worker_thread+0x8a0/0xda0
[  152.294834][ T6482]  kthread+0x711/0x8a0
[  152.294850][ T6482]  ? __pfx_worker_thread+0x10/0x10
[  152.294860][ T6482]  ? __pfx_kthread+0x10/0x10
[  152.294874][ T6482]  ? _raw_spin_unlock_irq+0x23/0x50
[  152.294894][ T6482]  ? lockdep_hardirqs_on+0x9c/0x150
[  152.294906][ T6482]  ? __pfx_kthread+0x10/0x10
[  152.294920][ T6482]  ret_from_fork+0x3fc/0x770
[  152.294933][ T6482]  ? __pfx_ret_from_fork+0x10/0x10
[  152.294948][ T6482]  ? __switch_to_asm+0x39/0x70
[  152.294960][ T6482]  ? __switch_to_asm+0x33/0x70
[  152.294970][ T6482]  ? __pfx_kthread+0x10/0x10
[  152.294983][ T6482]  ret_from_fork_asm+0x1a/0x30
[  152.295009][ T6482]  </TASK>
[  152.295014][ T6482] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  152.381497][ T5991] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  152.613399][ T5991] usb 1-1: config 0 has an invalid interface number: 212 but max is 0
[  152.616294][ T5991] usb 1-1: config 0 has no interface number 0
[  152.618777][ T5991] usb 1-1: config 0 interface 212 has no altsetting 0
[  152.639933][ T5991] usb 1-1: New USB device found, idVendor=05d1, idProduct=2021, bcdDevice=31.00
[  152.643475][ T5991] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  152.646543][ T5991] usb 1-1: Product: syz
[  152.648177][ T5991] usb 1-1: Manufacturer: syz
[  152.649656][ T5991] usb 1-1: SerialNumber: syz
[  152.654232][ T5991] usb 1-1: config 0 descriptor??
[  152.660454][ T5991] ftdi_sio 1-1:0.212: FTDI USB Serial Device converter detected
[  152.663825][ T5991] usb 1-1: Detected FT4232HP
[  152.830826][ T8211] loop3: detected capacity change from 0 to 1024
[  152.864210][ T5991] ftdi_sio ttyUSB0: Unable to read latency timer: -71
[  152.875985][ T5991] ftdi_sio ttyUSB0: Unable to write latency timer: -71
[  152.876578][ T6540] hfsplus: b-tree write err: -5, ino 4
[  152.879919][ T5991] usb 1-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  152.893584][ T5991] usb 1-1: USB disconnect, device number 10
[  152.912439][ T5991] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  152.918486][ T5991] ftdi_sio 1-1:0.212: device disconnected
[  153.131553][   T47] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  153.281515][   T47] usb 4-1: Using ep0 maxpacket: 16
[  153.288568][   T47] usb 4-1: unable to get BOS descriptor or descriptor too short
[  153.293766][   T47] usb 4-1: config 1 has an invalid interface number: 231 but max is 0
[  153.299104][   T47] usb 4-1: config 1 has no interface number 0
[  153.305522][   T47] usb 4-1: config 1 interface 231 has no altsetting 0
[  153.315088][   T47] usb 4-1: string descriptor 0 read error: -22
[  153.317740][   T47] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a0, bcdDevice=5c.f5
[  153.323986][   T47] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  153.549529][   T47] usbtest 4-1:1.231: Linux gadget zero
[  153.552746][   T47] usbtest 4-1:1.231: high-speed {control in/out int-out} tests (+alt)
[  153.614970][ T8229] netlink: 5 bytes leftover after parsing attributes in process `syz.2.907'.
[  153.713683][ T8237] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.911'.
[  153.717567][ T8237] openvswitch: netlink: ufid size 3068 bytes exceeds the range (1, 16)
[  153.753380][ T5848] usb 4-1: USB disconnect, device number 11
[  153.841557][   T47] usb 1-1: new full-speed USB device number 11 using dummy_hcd
[  153.992962][   T47] usb 1-1: config 0 has an invalid interface number: 251 but max is 0
[  153.996215][   T47] usb 1-1: config 0 has no interface number 0
[  153.998856][   T47] usb 1-1: config 0 interface 251 altsetting 0 endpoint 0x5 has an invalid bInterval 0, changing to 10
[  154.005926][   T47] usb 1-1: New USB device found, idVendor=05e3, idProduct=0505, bcdDevice=85.fd
[  154.009761][   T47] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  154.012983][   T47] usb 1-1: Product: syz
[  154.014414][   T47] usb 1-1: Manufacturer: syz
[  154.015993][   T47] usb 1-1: SerialNumber: syz
[  154.018992][   T47] usb 1-1: config 0 descriptor??
[  154.024101][   T47] usb 1-1: Found UVC 0.00 device syz (05e3:0505)
[  154.026284][   T47] usb 1-1: No valid video chain found.
[  154.229888][   T10] usb 1-1: USB disconnect, device number 11
[  154.449891][ T8246] loop3: detected capacity change from 0 to 32768
[  155.440968][ T8264] loop3: detected capacity change from 0 to 1764
[  155.458961][ T8264] I/O error, dev loop3, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  155.463665][ T8264] I/O error, dev loop3, sector 256 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  155.469406][ T8264] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256
[  155.475300][ T8264] I/O error, dev loop3, sector 512 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  155.478674][ T8264] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=512, location=512
[  155.482291][ T8264] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found
[  155.485356][ T8264] UDF-fs: Scanning with blocksize 512 failed
[  155.488125][ T8264] I/O error, dev loop3, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  155.495148][ T8264] I/O error, dev loop3, sector 512 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  155.498532][ T8264] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256
[  155.502907][ T8264] I/O error, dev loop3, sector 1024 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  155.506864][ T8264] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=512, location=512
[  155.510887][ T8264] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found
[  155.515129][ T8264] UDF-fs: Scanning with blocksize 1024 failed
[  155.518047][ T8264] I/O error, dev loop3, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  155.522726][ T8264] I/O error, dev loop3, sector 1024 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  155.525948][ T8264] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256
[  155.530076][ T8264] I/O error, dev loop3, sector 2048 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  155.535727][ T8264] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=512, location=512
[  155.539642][ T8264] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found
[  155.542905][ T8264] UDF-fs: Scanning with blocksize 2048 failed
[  155.546932][ T8264] I/O error, dev loop3, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  155.550936][ T8264] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256
[  155.556318][ T8264] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=512, location=512
[  155.560093][ T8264] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found
[  155.563541][ T8264] UDF-fs: Scanning with blocksize 4096 failed
[  155.566183][ T8264] UDF-fs: warning (device loop3): udf_fill_super: No partition found (1)
[  157.436409][ T8316] loop3: detected capacity change from 0 to 2048
[  157.464364][ T8317] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  157.625914][ T8314] loop0: detected capacity change from 0 to 40427
[  157.725302][ T8314] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  157.733997][ T8314] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  157.759313][ T8327] loop3: detected capacity change from 0 to 16
[  157.851794][ T5943] syz-executor: attempt to access beyond end of device
[  157.851794][ T5943] loop0: rw=2051, sector=77824, nr_sectors = 8 limit=40427
[  157.863895][ T5943] F2FS-fs (loop0): Issue discard(9728, 9728, 1) failed, ret: -5
[  158.568830][ T8353] loop0: detected capacity change from 0 to 512
[  158.600461][ T8353] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  158.607376][ T8353] ext4 filesystem being mounted at /306/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  158.621057][ T8353] EXT4-fs error (device loop0): ext4_empty_dir:3086: inode #12: block 32: comm syz.0.948: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0
[  158.634502][ T8353] EXT4-fs (loop0): Remounting filesystem read-only
[  158.637349][ T8353] EXT4-fs warning (device loop0): ext4_empty_dir:3089: inode #12: comm syz.0.948: directory missing '.'
[  158.674274][ T5943] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  159.140096][ T8373] netlink: 40 bytes leftover after parsing attributes in process `syz.2.963'.
[  159.412542][ T8387] netlink: 20 bytes leftover after parsing attributes in process `syz.2.970'.
[  159.536372][ T8393] loop3: detected capacity change from 0 to 1024
[  159.578352][ T8393] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  159.592816][ T8393] ext4 filesystem being mounted at /247/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  159.697286][ T6062] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  159.976908][ T8419] autofs: Bad value for 'fd'
[  160.014670][ T8420] loop0: detected capacity change from 0 to 4096
[  160.080351][   T33] audit: type=1800 audit(1756720368.371:10): pid=8420 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.985" name="file1" dev="loop0" ino=30 res=0 errno=0
[  160.276141][ T8436] netlink: 4 bytes leftover after parsing attributes in process `syz.2.992'.
[  160.989230][ T8469] loop0: detected capacity change from 0 to 1024
[  161.001516][ T8469] hfsplus: invalid catalog entry type in lookup
[  161.023376][ T6482] hfsplus: b-tree write err: -5, ino 4
[  161.233076][   T33] audit: type=1326 audit(1756720369.491:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8472 comm="syz.0.1009" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff9caf8ebe9 code=0x7ffc0000
[  161.399896][   T33] audit: type=1326 audit(1756720369.511:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8472 comm="syz.0.1009" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff9caf8ebe9 code=0x7ffc0000
[  161.637298][ T8477] loop0: detected capacity change from 0 to 40427
[  161.647937][ T8477] F2FS-fs (loop0): invalid crc value
[  161.690835][ T8477] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  161.696711][ T8477] F2FS-fs (loop0): Start checkpoint disabled!
[  161.700483][ T8477] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6
[  161.737427][ T6506] kworker/u9:55: attempt to access beyond end of device
[  161.737427][ T6506] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  161.743009][ T6506] CPU: 0 UID: 0 PID: 6506 Comm: kworker/u9:55 Not tainted syzkaller #0 PREEMPT(full) 
[  161.743020][ T6506] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  161.743025][ T6506] Workqueue: writeback wb_workfn (flush-7:0)
[  161.743038][ T6506] Call Trace:
[  161.743041][ T6506]  <TASK>
[  161.743045][ T6506]  dump_stack_lvl+0x189/0x250
[  161.743057][ T6506]  ? __pfx_dump_stack_lvl+0x10/0x10
[  161.743065][ T6506]  ? __pfx_queue_work_on+0x10/0x10
[  161.743072][ T6506]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  161.743082][ T6506]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  161.743096][ T6506]  f2fs_handle_critical_error+0x37c/0x540
[  161.743109][ T6506]  f2fs_write_end_io+0x886/0xb60
[  161.743124][ T6506]  __submit_merged_bio+0x27a/0x6a0
[  161.743137][ T6506]  __submit_merged_write_cond+0x255/0x530
[  161.743149][ T6506]  f2fs_write_data_pages+0x261d/0x3000
[  161.743175][ T6506]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  161.743191][ T6506]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  161.743213][ T6506]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  161.743230][ T6506]  ? check_buffer+0x259/0x750
[  161.743242][ T6506]  ? __rb_reserve_next+0x7d2/0xdb0
[  161.743257][ T6506]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  161.743268][ T6506]  do_writepages+0x32e/0x550
[  161.743317][ T6506]  ? reacquire_held_locks+0x127/0x1d0
[  161.743327][ T6506]  ? writeback_sb_inodes+0x384/0x1010
[  161.743340][ T6506]  __writeback_single_inode+0x145/0xff0
[  161.743367][ T6506]  ? do_raw_spin_unlock+0x4d/0x240
[  161.743378][ T6506]  writeback_sb_inodes+0x6c7/0x1010
[  161.743387][ T6506]  ? trace_buffer_unlock_commit_regs+0x14f/0x550
[  161.743405][ T6506]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  161.743433][ T6506]  ? rcu_is_watching+0x15/0xb0
[  161.743445][ T6506]  wb_writeback+0x43b/0xaf0
[  161.743457][ T6506]  ? queue_io+0x3b1/0x590
[  161.743467][ T6506]  ? __pfx_wb_writeback+0x10/0x10
[  161.743480][ T6506]  ? _raw_spin_unlock_irq+0x23/0x50
[  161.743491][ T6506]  wb_workfn+0x409/0xef0
[  161.743505][ T6506]  ? __pfx_wb_workfn+0x10/0x10
[  161.743515][ T6506]  ? __lock_acquire+0xab9/0xd20
[  161.743530][ T6506]  ? process_scheduled_works+0x9ef/0x17b0
[  161.743539][ T6506]  ? _raw_spin_unlock_irq+0x23/0x50
[  161.743547][ T6506]  ? process_scheduled_works+0x9ef/0x17b0
[  161.743553][ T6506]  ? process_scheduled_works+0x9ef/0x17b0
[  161.743560][ T6506]  process_scheduled_works+0xae1/0x17b0
[  161.743581][ T6506]  ? __pfx_process_scheduled_works+0x10/0x10
[  161.743596][ T6506]  worker_thread+0x8a0/0xda0
[  161.743615][ T6506]  kthread+0x711/0x8a0
[  161.743626][ T6506]  ? __pfx_worker_thread+0x10/0x10
[  161.743632][ T6506]  ? __pfx_kthread+0x10/0x10
[  161.743642][ T6506]  ? _raw_spin_unlock_irq+0x23/0x50
[  161.743650][ T6506]  ? lockdep_hardirqs_on+0x9c/0x150
[  161.743659][ T6506]  ? __pfx_kthread+0x10/0x10
[  161.743667][ T6506]  ret_from_fork+0x3fc/0x770
[  161.743676][ T6506]  ? __pfx_ret_from_fork+0x10/0x10
[  161.743686][ T6506]  ? __switch_to_asm+0x39/0x70
[  161.743694][ T6506]  ? __switch_to_asm+0x33/0x70
[  161.743702][ T6506]  ? __pfx_kthread+0x10/0x10
[  161.743711][ T6506]  ret_from_fork_asm+0x1a/0x30
[  161.743727][ T6506]  </TASK>
[  161.744621][ T6506] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  161.891756][ T8477] VFS:Filesystem freeze failed
[  162.271562][ T5991] usb 4-1: new full-speed USB device number 12 using dummy_hcd
[  162.391543][   T10] usb 1-1: new full-speed USB device number 12 using dummy_hcd
[  162.432971][ T5991] usb 4-1: config 0 has an invalid interface number: 105 but max is 0
[  162.436052][ T5991] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  162.440360][ T5991] usb 4-1: config 0 has no interface number 0
[  162.444513][ T5991] usb 4-1: New USB device found, idVendor=046c, idProduct=14e8, bcdDevice= b.28
[  162.447655][ T5991] usb 4-1: New USB device strings: Mfr=5, Product=2, SerialNumber=3
[  162.450361][ T5991] usb 4-1: Product: syz
[  162.451958][ T5991] usb 4-1: Manufacturer: syz
[  162.453654][ T5991] usb 4-1: SerialNumber: syz
[  162.457453][ T5991] usb 4-1: config 0 descriptor??
[  162.464356][ T5991] usb 4-1: Found UVC 0.00 device syz (046c:14e8)
[  162.466560][ T5991] uvcvideo 4-1:0.105: Entity type for entity Output 1 was not initialized!
[  162.479224][ T5991] usb 4-1: Failed to create links for entity 1
[  162.482562][ T5991] usb 4-1: Failed to register entities (-22).
[  162.553917][   T10] usb 1-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43
[  162.560590][   T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  162.567928][   T10] usb 1-1: config 0 descriptor??
[  162.578480][   T10] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state.
[  162.672793][ T2301] usb 4-1: USB disconnect, device number 12
[  162.985363][   T10] gp8psk: usb in 128 operation failed.
[  162.990474][   T10] gp8psk: usb in 137 operation failed.
[  162.993006][   T10] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[  162.997283][   T10] dvb-usb: Genpix SkyWalker-1 DVB-S receiver error while loading driver (-19)
[  163.010629][   T10] usb 1-1: USB disconnect, device number 12
[  163.556558][ T8539] loop3: detected capacity change from 0 to 40427
[  163.565453][ T8539] F2FS-fs (loop3): build fault injection rate: 771
[  163.573695][ T8544] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1042'.
[  163.577793][ T8539] F2FS-fs (loop3): invalid crc value
[  163.643641][ T8539] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  163.647309][ T8539] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  163.650649][ T8548] loop0: detected capacity change from 0 to 1024
[  163.655100][ T8548] EXT4-fs: Ignoring removed bh option
[  163.679834][ T8548] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-001000000000 r/w without journal. Quota mode: writeback.
[  163.707386][ T8548] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-001000000000.
[  163.713501][ T6062] syz-executor: attempt to access beyond end of device
[  163.713501][ T6062] loop3: rw=2049, sector=45096, nr_sectors = 16 limit=40427
[  163.724450][ T6062] CPU: 1 UID: 0 PID: 6062 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  163.724468][ T6062] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  163.724475][ T6062] Call Trace:
[  163.724480][ T6062]  <TASK>
[  163.724487][ T6062]  dump_stack_lvl+0x189/0x250
[  163.724508][ T6062]  ? __pfx_dump_stack_lvl+0x10/0x10
[  163.724521][ T6062]  ? __pfx_queue_work_on+0x10/0x10
[  163.724534][ T6062]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  163.724550][ T6062]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  163.724572][ T6062]  f2fs_handle_critical_error+0x37c/0x540
[  163.724594][ T6062]  f2fs_write_end_io+0x886/0xb60
[  163.724619][ T6062]  __submit_merged_bio+0x27a/0x6a0
[  163.724639][ T6062]  __submit_merged_write_cond+0x255/0x530
[  163.724659][ T6062]  f2fs_write_data_pages+0x261d/0x3000
[  163.724719][ T6062]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  163.724765][ T6062]  ? strncpy_from_user+0x1bc/0x290
[  163.724818][ T6062]  ? __lock_acquire+0xab9/0xd20
[  163.724840][ T6062]  ? do_raw_spin_lock+0x121/0x290
[  163.724863][ T6062]  ? do_raw_spin_unlock+0x4d/0x240
[  163.724878][ T6062]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  163.724895][ T6062]  do_writepages+0x32e/0x550
[  163.724920][ T6062]  ? do_raw_spin_unlock+0x4d/0x240
[  163.724937][ T6062]  filemap_fdatawrite+0x199/0x240
[  163.724952][ T6062]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  163.724999][ T6062]  ? do_raw_spin_unlock+0x4d/0x240
[  163.725016][ T6062]  f2fs_sync_dirty_inodes+0x31f/0x830
[  163.725040][ T6062]  f2fs_write_checkpoint+0x95a/0x1df0
[  163.725067][ T6062]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  163.725108][ T6062]  ? f2fs_stop_gc_thread+0x7f/0xb0
[  163.725121][ T6062]  ? kfree+0x18e/0x440
[  163.725137][ T6062]  ? kill_f2fs_super+0x298/0x6c0
[  163.725152][ T6062]  kill_f2fs_super+0x2c3/0x6c0
[  163.725168][ T6062]  ? __pfx_kill_f2fs_super+0x10/0x10
[  163.725177][ T6062]  ? radix_tree_delete_item+0x2b6/0x400
[  163.725200][ T6062]  ? shrinker_free+0x2ce/0x3e0
[  163.725215][ T6062]  deactivate_locked_super+0xbc/0x130
[  163.725232][ T6062]  cleanup_mnt+0x425/0x4c0
[  163.725268][ T6062]  ? lockdep_hardirqs_on+0x9c/0x150
[  163.725285][ T6062]  task_work_run+0x1d4/0x260
[  163.725302][ T6062]  ? __pfx_task_work_run+0x10/0x10
[  163.725316][ T6062]  ? __x64_sys_umount+0x122/0x160
[  163.725334][ T6062]  ? exit_to_user_mode_loop+0x40/0x110
[  163.725354][ T6062]  exit_to_user_mode_loop+0xec/0x110
[  163.725370][ T6062]  do_syscall_64+0x2bd/0x3b0
[  163.725386][ T6062]  ? lockdep_hardirqs_on+0x9c/0x150
[  163.725401][ T6062]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  163.725412][ T6062]  ? exc_page_fault+0x9f/0xf0
[  163.725428][ T6062]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  163.725440][ T6062] RIP: 0033:0x7fb4e238ff17
[  163.725451][ T6062] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  163.725462][ T6062] RSP: 002b:00007ffdf8fead28 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  163.725476][ T6062] RAX: 0000000000000000 RBX: 00007fb4e2411c05 RCX: 00007fb4e238ff17
[  163.725483][ T6062] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffdf8feade0
[  163.725491][ T6062] RBP: 00007ffdf8feade0 R08: 0000000000000000 R09: 0000000000000000
[  163.725497][ T6062] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffdf8febe70
[  163.725504][ T6062] R13: 00007fb4e2411c05 R14: 0000000000027ef6 R15: 00007ffdf8febeb0
[  163.725524][ T6062]  </TASK>
[  163.725666][ T6062] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  163.856635][ T6062] CPU: 0 UID: 0 PID: 6062 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  163.856647][ T6062] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  163.856651][ T6062] Call Trace:
[  163.856655][ T6062]  <TASK>
[  163.856658][ T6062]  dump_stack_lvl+0x189/0x250
[  163.856672][ T6062]  ? __pfx_dump_stack_lvl+0x10/0x10
[  163.856703][ T6062]  ? __pfx_queue_work_on+0x10/0x10
[  163.856710][ T6062]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  163.856720][ T6062]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  163.856735][ T6062]  f2fs_handle_critical_error+0x37c/0x540
[  163.856749][ T6062]  f2fs_write_end_io+0x886/0xb60
[  163.856767][ T6062]  __submit_merged_bio+0x27a/0x6a0
[  163.856780][ T6062]  __submit_merged_write_cond+0x255/0x530
[  163.856793][ T6062]  f2fs_write_data_pages+0x261d/0x3000
[  163.856819][ T6062]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  163.856835][ T6062]  ? strncpy_from_user+0x1bc/0x290
[  163.856870][ T6062]  ? __lock_acquire+0xab9/0xd20
[  163.856883][ T6062]  ? do_raw_spin_lock+0x121/0x290
[  163.856897][ T6062]  ? do_raw_spin_unlock+0x4d/0x240
[  163.856906][ T6062]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  163.856917][ T6062]  do_writepages+0x32e/0x550
[  163.856932][ T6062]  ? do_raw_spin_unlock+0x4d/0x240
[  163.856942][ T6062]  filemap_fdatawrite+0x199/0x240
[  163.856951][ T6062]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  163.856982][ T6062]  ? do_raw_spin_unlock+0x4d/0x240
[  163.856993][ T6062]  f2fs_sync_dirty_inodes+0x31f/0x830
[  163.857007][ T6062]  f2fs_write_checkpoint+0x95a/0x1df0
[  163.857025][ T6062]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  163.857051][ T6062]  ? f2fs_stop_gc_thread+0x7f/0xb0
[  163.857058][ T6062]  ? kfree+0x18e/0x440
[  163.857067][ T6062]  ? kill_f2fs_super+0x298/0x6c0
[  163.857077][ T6062]  kill_f2fs_super+0x2c3/0x6c0
[  163.857087][ T6062]  ? __pfx_kill_f2fs_super+0x10/0x10
[  163.857092][ T6062]  ? radix_tree_delete_item+0x2b6/0x400
[  163.857106][ T6062]  ? shrinker_free+0x2ce/0x3e0
[  163.857115][ T6062]  deactivate_locked_super+0xbc/0x130
[  163.857124][ T6062]  cleanup_mnt+0x425/0x4c0
[  163.857133][ T6062]  ? lockdep_hardirqs_on+0x9c/0x150
[  163.857144][ T6062]  task_work_run+0x1d4/0x260
[  163.857154][ T6062]  ? __pfx_task_work_run+0x10/0x10
[  163.857161][ T6062]  ? __x64_sys_umount+0x122/0x160
[  163.857172][ T6062]  ? exit_to_user_mode_loop+0x40/0x110
[  163.857184][ T6062]  exit_to_user_mode_loop+0xec/0x110
[  163.857193][ T6062]  do_syscall_64+0x2bd/0x3b0
[  163.857202][ T6062]  ? lockdep_hardirqs_on+0x9c/0x150
[  163.857211][ T6062]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  163.857217][ T6062]  ? exc_page_fault+0x9f/0xf0
[  163.857227][ T6062]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  163.857234][ T6062] RIP: 0033:0x7fb4e238ff17
[  163.857263][ T6062] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  163.857270][ T6062] RSP: 002b:00007ffdf8fead28 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  163.857278][ T6062] RAX: 0000000000000000 RBX: 00007fb4e2411c05 RCX: 00007fb4e238ff17
[  163.857283][ T6062] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffdf8feade0
[  163.857287][ T6062] RBP: 00007ffdf8feade0 R08: 0000000000000000 R09: 0000000000000000
[  163.857291][ T6062] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffdf8febe70
[  163.857295][ T6062] R13: 00007fb4e2411c05 R14: 0000000000027ef6 R15: 00007ffdf8febeb0
[  163.857309][ T6062]  </TASK>
[  163.857803][ T6062] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  163.858736][ T5943] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-001000000000.
[  164.272924][   T10] usb 1-1: new full-speed USB device number 13 using dummy_hcd
[  164.443508][   T10] usb 1-1: config 1 interface 0 altsetting 255 endpoint 0x82 has invalid wMaxPacketSize 0
[  164.447143][   T10] usb 1-1: config 1 interface 0 altsetting 255 endpoint 0x3 has invalid maxpacket 54257, setting to 64
[  164.459298][   T10] usb 1-1: config 1 interface 0 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  164.473623][   T10] usb 1-1: config 1 interface 0 has no altsetting 0
[  164.479982][   T10] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  164.485682][   T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  164.492354][   T10] usb 1-1: Product: syz
[  164.494116][   T10] usb 1-1: Manufacturer: syz
[  164.496073][   T10] usb 1-1: SerialNumber: syz
[  164.519405][ T8554] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  164.748710][   T10] cdc_ether 1-1:1.0: probe with driver cdc_ether failed with error -22
[  164.762546][   T10] usb 1-1: USB disconnect, device number 13
[  164.972630][ T8594] 9pnet_fd: Insufficient options for proto=fd
[  165.223723][ T8592] loop3: detected capacity change from 0 to 32768
[  165.240930][ T8592] ialloc: diAlloc returned -5!
[  165.377491][ T8598] loop0: detected capacity change from 0 to 1764
[  165.396717][ T8598] ISOFS: root inode is unusable. Disabling Rock Ridge and switching to Joliet.
[  165.400780][ T8598] isofs_fill_super: root inode is not a directory. Corrupted media?
[  166.443305][ T8626] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1073'.
[  166.699010][ T8635] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1078'.
[  166.710258][ T8635] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1078'.
[  167.015705][ T8643] overlayfs: failed to clone upperpath
[  167.832841][ T8645] netlink: 92 bytes leftover after parsing attributes in process `syz.3.1081'.
[  167.836711][ T8645] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1081'.
[  168.140825][ T8655] loop3: detected capacity change from 0 to 32768
[  168.240936][ T8661] loop3: detected capacity change from 0 to 256
[  168.473537][ T8665] loop3: detected capacity change from 0 to 32768
[  168.478370][ T8665] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1091 (8665)
[  168.493119][ T8665] BTRFS info (device loop3): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  168.497475][ T8665] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm
[  168.525408][ T8665] BTRFS info (device loop3): enabling ssd optimizations
[  168.529043][ T8665] BTRFS info (device loop3): enabling free space tree
[  168.703027][   T47] libceph: connect (1)[c::]:6789 error -101
[  168.705906][   T47] libceph: mon0 (1)[c::]:6789 connect error
[  168.738057][ T6062] BTRFS info (device loop3): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  168.744346][ T8685] ceph: No mds server is up or the cluster is laggy
[  169.928976][ T8723] loop3: detected capacity change from 0 to 16
[  169.936983][ T8723] erofs (device loop3): mounted with root inode @ nid 36.
[  170.068740][   T33] audit: type=1326 audit(1756720378.361:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8735 comm="syz.2.1116" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4fad98ebe9 code=0x0
[  170.321595][   T10] usb 4-1: new full-speed USB device number 13 using dummy_hcd
[  170.503439][   T10] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA4, changing to 0x84
[  170.508031][   T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid maxpacket 47999, setting to 64
[  170.512860][   T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  170.518486][   T10] usb 4-1: New USB device found, idVendor=1bc7, idProduct=1040, bcdDevice=b5.b1
[  170.521785][   T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  170.524321][   T10] usb 4-1: Product: syz
[  170.525827][   T10] usb 4-1: Manufacturer: syz
[  170.527482][   T10] usb 4-1: SerialNumber: syz
[  170.530464][   T10] usb 4-1: config 0 descriptor??
[  170.532903][ T8738] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  170.537296][   T10] option 4-1:0.0: GSM modem (1-port) converter detected
[  170.748292][   T47] usb 4-1: USB disconnect, device number 13
[  170.756267][   T47] option 4-1:0.0: device disconnected
[  171.674855][ T8753] netlink: 'syz.3.1123': attribute type 10 has an invalid length.
[  172.011550][ T5848] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  172.164061][ T5848] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  172.168662][ T5848] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  172.173113][ T5848] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  172.178584][ T5848] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  172.183638][ T5848] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  172.189239][ T5848] usb 4-1: config 0 descriptor??
[  172.609891][ T5848] plantronics 0003:047F:FFFF.0006: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[  173.158221][ T8779] batadv0: entered allmulticast mode
[  173.902004][    C1] plantronics 0003:047F:FFFF.0006: usb_submit_urb(ctrl) failed: -1
[  174.450349][ T8808] loop3: detected capacity change from 0 to 512
[  174.465327][ T8808] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  174.478194][ T8808] EXT4-fs (loop3): orphan cleanup on readonly fs
[  174.480887][ T8808] EXT4-fs error (device loop3): ext4_ext_check_inode:523: inode #3: comm syz.3.1146: pblk 0 bad header/extent: invalid eh_max - magic f30a, entries 7, max 0(0), depth 0(0)
[  174.488899][ T8808] EXT4-fs error (device loop3): ext4_quota_enable:7131: comm syz.3.1146: Bad quota inode: 3, type: 0
[  174.494001][ T8808] EXT4-fs warning (device loop3): ext4_enable_quotas:7172: Failed to enable quota tracking (type=0, err=-117, ino=3). Please run e2fsck to fix.
[  174.499861][ T8808] EXT4-fs (loop3): Cannot turn on quotas: error -117
[  174.505261][ T8808] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  174.515708][ T8808] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.1146: bg 0: block 64: padding at end of block bitmap is not set
[  174.543303][ T6062] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  174.626615][ T8816] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  174.631007][ T8816] batadv_slave_0: entered promiscuous mode
[  174.633466][ T8816] batadv_slave_0: entered allmulticast mode
[  174.637116][ T8816] batman_adv: batadv0: Removing interface: batadv_slave_0
[  174.640413][ T8816] A link change request failed with some changes committed already. Interface batadv_slave_0 may have been left with an inconsistent configuration, please check.
[  174.684587][ T2301] usb 4-1: USB disconnect, device number 14
[  175.101151][ T8837] loop3: detected capacity change from 0 to 512
[  175.109134][ T8837] EXT4-fs: Ignoring removed nobh option
[  175.126907][ T8837] EXT4-fs error (device loop3): ext4_orphan_get:1392: inode #15: comm syz.3.1158: iget: bad i_size value: 38620345925642
[  175.141229][ T8837] EXT4-fs error (device loop3): ext4_orphan_get:1397: comm syz.3.1158: couldn't read orphan inode 15 (err -117)
[  175.148125][ T8837] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  175.441508][   T10] usb 4-1: new full-speed USB device number 15 using dummy_hcd
[  175.604460][   T10] usb 4-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config
[  175.610741][   T10] usb 4-1: New USB device found, idVendor=7a69, idProduct=0001, bcdDevice=a8.6b
[  175.619742][   T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  175.625880][   T10] usb 4-1: Product: syz
[  175.628900][   T10] usb 4-1: Manufacturer: syz
[  175.634715][   T10] usb 4-1: SerialNumber: syz
[  175.646205][   T10] usb 4-1: dvb_usb_v2: found a '774 Friio White ISDB-T USB2.0' in warm state
[  176.070638][   T10] usb 4-1: dvb_usb_v2: this USB2.0 device cannot be run on a USB1.1 port (it lacks a hardware PID filter)
[  177.402617][ T8856] mmap: syz.2.1164 (8856) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  178.116368][ T5848] usb 4-1: USB disconnect, device number 15
[  178.138714][ T6062] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  178.531603][ T5848] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  178.681575][ T5848] usb 4-1: Using ep0 maxpacket: 8
[  178.686952][ T5848] usb 4-1: config index 0 descriptor too short (expected 301, got 45)
[  178.690187][ T5848] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  178.694110][ T5848] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  178.697692][ T5848] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  178.704122][ T5848] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  178.708785][ T5848] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  178.715222][ T5848] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  179.241307][ T2301] usb 4-1: USB disconnect, device number 16
[  179.967203][ T8906] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  180.245267][ T8908] loop3: detected capacity change from 0 to 32768
[  180.286074][ T8908] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  180.328275][ T8908] XFS (loop3): Ending clean mount
[  180.336061][ T8908] XFS (loop3): Quotacheck needed: Please wait.
[  180.364364][ T8908] XFS (loop3): Quotacheck: Done.
[  180.656024][ T6062] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  181.372108][ T2301] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  181.546848][ T2301] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  181.550419][ T2301] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  181.556701][ T2301] usb 4-1: Product: syz
[  181.558375][ T2301] usb 4-1: Manufacturer: syz
[  181.560270][ T2301] usb 4-1: SerialNumber: syz
[  181.569163][ T2301] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  181.610324][   T10] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  182.264612][   T47] usb 4-1: USB disconnect, device number 17
[  182.564109][   T55] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  182.569469][   T55] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  182.574348][   T55] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  182.579296][   T55] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  182.584932][   T55] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  182.599189][ T5943] syz-executor (5943) used greatest stack depth: 16880 bytes left
[  182.643429][ T5916] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  182.646038][   T10] ath9k_htc 4-1:1.0: ath9k_htc: Target is unresponsive
[  182.660411][   T10] ath9k_htc: Failed to initialize the device
[  182.677502][   T47] usb 4-1: ath9k_htc: USB layer deinitialized
[  182.729209][ T5916] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  182.808920][ T5916] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  182.885013][ T8964] chnl_net:caif_netlink_parms(): no params data found
[  182.943503][ T5916] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  183.083374][ T8964] bridge0: port 1(bridge_slave_0) entered blocking state
[  183.083500][ T8964] bridge0: port 1(bridge_slave_0) entered disabled state
[  183.083597][ T8964] bridge_slave_0: entered allmulticast mode
[  183.084717][ T8964] bridge_slave_0: entered promiscuous mode
[  183.107359][ T8964] bridge0: port 2(bridge_slave_1) entered blocking state
[  183.109842][ T8964] bridge0: port 2(bridge_slave_1) entered disabled state
[  183.112825][ T8964] bridge_slave_1: entered allmulticast mode
[  183.116098][ T8964] bridge_slave_1: entered promiscuous mode
[  183.210037][ T5916] bridge_slave_1: left allmulticast mode
[  183.223514][ T5916] bridge_slave_1: left promiscuous mode
[  183.227259][ T5916] bridge0: port 2(bridge_slave_1) entered disabled state
[  183.233979][ T5916] bridge_slave_0: left allmulticast mode
[  183.236230][ T5916] bridge_slave_0: left promiscuous mode
[  183.238558][ T5916] bridge0: port 1(bridge_slave_0) entered disabled state
[  183.837650][ T9007] loop3: detected capacity change from 0 to 4096
[  183.857015][ T9007] ntfs3(loop3): ino=5, "/" mi_enum_attr
[  183.862832][ T9007] ntfs3(loop3): ino=5, "/" mi_enum_attr
[  184.086482][ T5916] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  184.090853][ T5916] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  184.102223][ T5916] bond0 (unregistering): Released all slaves
[  184.120801][ T8964] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  184.137877][ T8964] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  184.197728][ T8964] team0: Port device team_slave_0 added
[  184.207791][ T8964] team0: Port device team_slave_1 added
[  184.210262][ T5916] tipc: Disabling bearer <udp:>
[  184.217478][ T5916] tipc: Left network mode
[  184.289492][ T8964] batman_adv: batadv0: Adding interface: batadv_slave_0
[  184.297011][ T8964] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  184.331847][ T8964] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  184.337992][ T8964] batman_adv: batadv0: Adding interface: batadv_slave_1
[  184.340883][ T8964] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  184.355077][ T8964] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  184.424684][ T9027] loop3: detected capacity change from 0 to 128
[  184.428298][ T9027] EXT4-fs: Ignoring removed nobh option
[  184.464014][ T9027] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  184.488022][ T9027] ext4 filesystem being mounted at /356/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  184.504572][ T8964] hsr_slave_0: entered promiscuous mode
[  184.507735][ T8964] hsr_slave_1: entered promiscuous mode
[  184.510681][ T8964] debugfs: 'hsr0' already exists in 'hsr'
[  184.513702][ T8964] Cannot create hsr debugfs directory
[  184.535664][ T9027] EXT4-fs (loop3): shut down requested (0)
[  184.565450][ T9027] syz.3.1236 (pid 9027) is setting deprecated v1 encryption policy; recommend upgrading to v2.
[  184.573226][ T5916] hsr_slave_0: left promiscuous mode
[  184.576310][ T5916] hsr_slave_1: left promiscuous mode
[  184.579113][ T5916] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  184.582815][ T5916] batadv0: mtu less than device minimum
[  184.587259][ T5916] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  184.593480][ T5916] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  184.599199][ T5916] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  184.604879][ T5916] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  184.610213][ T5916] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  184.615716][ T5916] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  184.621122][ T5916] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  184.626478][ T5916] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  184.632061][ T5916] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  184.641557][   T55] Bluetooth: hci0: command tx timeout
[  184.651307][ T5916] batman_adv: batadv0: Removing interface: batadv_slave_0
[  184.652052][ T6062] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  184.666960][ T5916] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  184.701516][ T5916] batman_adv: batadv0: Removing interface: batadv_slave_1
[  184.711098][ T5916] batman_adv: batadv0: Interface deactivated: dummy0
[  184.713873][ T5916] batman_adv: batadv0: Removing interface: dummy0
[  184.737178][ T5916] veth1_macvtap: left promiscuous mode
[  184.739439][ T5916] veth0_macvtap: left promiscuous mode
[  184.742390][ T5916] veth1_vlan: left promiscuous mode
[  184.865251][ T9035] loop3: detected capacity change from 0 to 32768
[  184.892912][ T9035] JBD2: journal file too short 1,0
[  184.895083][ T9035] (syz.3.1239,9035,1):ocfs2_journal_init:973 ERROR: Linux journal layer error
[  184.898089][ T9035] (syz.3.1239,9035,1):ocfs2_check_volume:2347 ERROR: Could not initialize journal!
[  184.901239][ T9035] (syz.3.1239,9035,1):ocfs2_check_volume:2432 ERROR: status = -22
[  184.906266][ T9035] (syz.3.1239,9035,1):ocfs2_mount_volume:1764 ERROR: status = -22
[  184.913562][ T9035] (syz.3.1239,9035,1):ocfs2_fill_super:1177 ERROR: status = -22
[  185.246874][ T9038] loop3: detected capacity change from 0 to 32768
[  185.263065][ T9038] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1240 (9038)
[  185.322752][ T9038] BTRFS info (device loop3): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  185.336886][ T9038] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm
[  185.389800][ T5916] team0 (unregistering): Port device team_slave_1 removed
[  185.400575][ T9038] BTRFS info (device loop3): rebuilding free space tree
[  185.453708][ T9038] BTRFS info (device loop3): setting nodatasum
[  185.456298][ T9038] BTRFS info (device loop3): allowing degraded mounts
[  185.459042][ T9038] BTRFS info (device loop3): enabling ssd optimizations
[  185.466738][ T9038] BTRFS info (device loop3): enabling free space tree
[  185.467339][ T5916] team0 (unregistering): Port device team_slave_0 removed
[  185.474285][ T9038] BTRFS info (device loop3): force clearing of disk cache
[  185.477277][ T9038] BTRFS info (device loop3): doing ref verification
[  185.485575][ T9038] BTRFS info (device loop3): force zlib compression, level 3
[  185.572988][ T6062] BTRFS info (device loop3): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  186.047850][ T9066] netlink: 'syz.3.1246': attribute type 49 has an invalid length.
[  186.106693][ T9068] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1247'.
[  186.180455][ T9072] loop3: detected capacity change from 0 to 128
[  186.222314][ T9072] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  186.235231][ T9072] ext4 filesystem being mounted at /365/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  186.318380][ T8964] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  186.324057][ T8964] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  186.334696][ T8964] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  186.340860][ T8964] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  186.722243][   T55] Bluetooth: hci0: command tx timeout
[  186.723816][ T8964] 8021q: adding VLAN 0 to HW filter on device bond0
[  186.737819][ T8964] 8021q: adding VLAN 0 to HW filter on device team0
[  186.747106][ T6506] bridge0: port 1(bridge_slave_0) entered blocking state
[  186.749525][ T6506] bridge0: port 1(bridge_slave_0) entered forwarding state
[  186.758698][ T6506] bridge0: port 2(bridge_slave_1) entered blocking state
[  186.761111][ T6506] bridge0: port 2(bridge_slave_1) entered forwarding state
[  186.800263][ T9093] trusted_key: syz.2.1254 sent an empty control message without MSG_MORE.
[  186.924282][ T8964] 8021q: adding VLAN 0 to HW filter on device batadv0
[  187.097146][ T8964] veth0_vlan: entered promiscuous mode
[  187.110269][ T6062] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  187.116289][ T8964] veth1_vlan: entered promiscuous mode
[  187.172894][ T8964] veth0_macvtap: entered promiscuous mode
[  187.190701][ T8964] veth1_macvtap: entered promiscuous mode
[  187.220457][ T8964] batman_adv: batadv0: Interface activated: batadv_slave_0
[  187.228930][ T8964] batman_adv: batadv0: Interface activated: batadv_slave_1
[  187.238362][ T6004] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  187.244838][ T6004] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  187.255496][ T6004] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  187.258411][ T6004] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  187.346942][ T6550] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  187.349701][ T6550] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  187.408692][ T6550] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  187.417478][ T6550] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  187.457574][ T9121] loop3: detected capacity change from 0 to 1024
[  187.483753][ T9121] hfsplus: walked past end of dir
[  187.491852][ T9121] hfsplus: walked past end of dir
[  187.748939][ T9125] loop4: detected capacity change from 0 to 32768
[  187.777329][ T9125] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[  187.843840][ T9127] loop3: detected capacity change from 0 to 32768
[  187.873965][ T8964] ocfs2: Unmounting device (7,4) on (node local)
[  189.163839][   T55] Bluetooth: hci0: command tx timeout
[  189.374246][ T9159] loop4: detected capacity change from 0 to 64
[  189.421339][ T8964] Trying to free block not in datazone
[  189.428712][ T8964] Trying to free block not in datazone
[  189.433655][ T8964] Trying to free block not in datazone
[  189.435705][ T8964] Trying to free block not in datazone
[  189.437658][ T8964] Trying to free block not in datazone
[  189.439976][ T8964] Trying to free block not in datazone
[  189.446446][ T8964] Trying to free block not in datazone
[  189.448852][ T8964] Trying to free block not in datazone
[  189.451268][ T8964] Trying to free block not in datazone
[  189.456399][ T8964] Trying to free block not in datazone
[  189.458771][ T8964] Trying to free block not in datazone
[  189.461124][ T8964] Trying to free block not in datazone
[  189.464212][ T8964] Trying to free block not in datazone
[  189.467395][ T8964] Trying to free block not in datazone
[  190.251718][ T5991] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  190.871609][ T5991] usb 5-1: Using ep0 maxpacket: 16
[  190.880023][ T5991] usb 5-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  190.884312][ T5991] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  190.887568][ T5991] usb 5-1: Product: syz
[  190.889391][ T5991] usb 5-1: Manufacturer: syz
[  190.891330][ T5991] usb 5-1: SerialNumber: syz
[  190.899516][ T5991] r8152-cfgselector 5-1: Unknown version 0x0000
[  190.901789][ T5991] r8152-cfgselector 5-1: config 0 descriptor??
[  191.209485][   T55] Bluetooth: hci0: command tx timeout
[  191.357022][ T9210] loop3: detected capacity change from 0 to 40427
[  191.369578][ T9210] F2FS-fs (loop3): invalid crc value
[  191.379199][ T5991] r8152-cfgselector 5-1: USB disconnect, device number 2
[  191.422558][ T9210] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  191.427433][ T9210] F2FS-fs (loop3): Start checkpoint disabled!
[  191.440744][ T9210] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[  191.533029][   T33] audit: type=1800 audit(1756720399.831:14): pid=9225 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1299" name="bus" dev="loop3" ino=10 res=0 errno=0
[  191.556965][ T9225] syz.3.1299: attempt to access beyond end of device
[  191.556965][ T9225] loop3: rw=10241, sector=45096, nr_sectors = 8 limit=40427
[  191.577651][ T9225] syz.3.1299: attempt to access beyond end of device
[  191.577651][ T9225] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  191.595156][ T9225] syz.3.1299: attempt to access beyond end of device
[  191.595156][ T9225] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  191.606704][ T9225] syz.3.1299: attempt to access beyond end of device
[  191.606704][ T9225] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  191.632319][ T9225] syz.3.1299: attempt to access beyond end of device
[  191.632319][ T9225] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  191.645162][ T9225] syz.3.1299: attempt to access beyond end of device
[  191.645162][ T9225] loop3: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  191.658503][ T9225] syz.3.1299: attempt to access beyond end of device
[  191.658503][ T9225] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  191.676330][ T9225] syz.3.1299: attempt to access beyond end of device
[  191.676330][ T9225] loop3: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  191.702374][ T9225] syz.3.1299: attempt to access beyond end of device
[  191.702374][ T9225] loop3: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  191.713085][ T9225] syz.3.1299: attempt to access beyond end of device
[  191.713085][ T9225] loop3: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  192.248012][ T6506] CPU: 0 UID: 0 PID: 6506 Comm: kworker/u9:55 Not tainted syzkaller #0 PREEMPT(full) 
[  192.248033][ T6506] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  192.248040][ T6506] Workqueue: writeback wb_workfn (flush-7:3)
[  192.248061][ T6506] Call Trace:
[  192.248066][ T6506]  <TASK>
[  192.248071][ T6506]  dump_stack_lvl+0x189/0x250
[  192.248091][ T6506]  ? __pfx_dump_stack_lvl+0x10/0x10
[  192.248105][ T6506]  ? __pfx_queue_work_on+0x10/0x10
[  192.248116][ T6506]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  192.248131][ T6506]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  192.248153][ T6506]  f2fs_handle_critical_error+0x37c/0x540
[  192.248175][ T6506]  f2fs_write_end_io+0x886/0xb60
[  192.248200][ T6506]  __submit_merged_bio+0x27a/0x6a0
[  192.248221][ T6506]  __submit_merged_write_cond+0x255/0x530
[  192.248243][ T6506]  f2fs_write_data_pages+0x261d/0x3000
[  192.248303][ T6506]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  192.248332][ T6506]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  192.248366][ T6506]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  192.248396][ T6506]  ? trace_f2fs_writepages+0x7f/0x200
[  192.248414][ T6506]  ? f2fs_write_node_pages+0x478/0x6e0
[  192.248431][ T6506]  ? __pfx_f2fs_write_node_pages+0x10/0x10
[  192.248451][ T6506]  ? irqentry_exit+0x74/0x90
[  192.248467][ T6506]  ? lockdep_hardirqs_on+0x9c/0x150
[  192.248484][ T6506]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  192.248501][ T6506]  do_writepages+0x32e/0x550
[  192.248520][ T6506]  ? reacquire_held_locks+0x127/0x1d0
[  192.248532][ T6506]  ? writeback_sb_inodes+0x384/0x1010
[  192.248551][ T6506]  __writeback_single_inode+0x145/0xff0
[  192.248567][ T6506]  ? do_raw_spin_unlock+0x4d/0x240
[  192.248585][ T6506]  writeback_sb_inodes+0x6c7/0x1010
[  192.248619][ T6506]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  192.248659][ T6506]  ? rcu_is_watching+0x15/0xb0
[  192.248680][ T6506]  wb_writeback+0x43b/0xaf0
[  192.248700][ T6506]  ? queue_io+0x3b1/0x590
[  192.248716][ T6506]  ? __pfx_wb_writeback+0x10/0x10
[  192.248738][ T6506]  ? _raw_spin_unlock_irq+0x23/0x50
[  192.248754][ T6506]  wb_workfn+0x409/0xef0
[  192.248777][ T6506]  ? __pfx_wb_workfn+0x10/0x10
[  192.248793][ T6506]  ? __lock_acquire+0xab9/0xd20
[  192.248816][ T6506]  ? process_scheduled_works+0x9ef/0x17b0
[  192.248858][ T6506]  ? _raw_spin_unlock_irq+0x23/0x50
[  192.248872][ T6506]  ? process_scheduled_works+0x9ef/0x17b0
[  192.248882][ T6506]  ? process_scheduled_works+0x9ef/0x17b0
[  192.248894][ T6506]  process_scheduled_works+0xae1/0x17b0
[  192.248926][ T6506]  ? __pfx_process_scheduled_works+0x10/0x10
[  192.248950][ T6506]  worker_thread+0x8a0/0xda0
[  192.248980][ T6506]  kthread+0x711/0x8a0
[  192.248997][ T6506]  ? __pfx_worker_thread+0x10/0x10
[  192.249007][ T6506]  ? __pfx_kthread+0x10/0x10
[  192.249024][ T6506]  ? _raw_spin_unlock_irq+0x23/0x50
[  192.249038][ T6506]  ? lockdep_hardirqs_on+0x9c/0x150
[  192.249052][ T6506]  ? __pfx_kthread+0x10/0x10
[  192.249067][ T6506]  ret_from_fork+0x3fc/0x770
[  192.249083][ T6506]  ? __pfx_ret_from_fork+0x10/0x10
[  192.249100][ T6506]  ? __switch_to_asm+0x39/0x70
[  192.249111][ T6506]  ? __switch_to_asm+0x33/0x70
[  192.249125][ T6506]  ? __pfx_kthread+0x10/0x10
[  192.249138][ T6506]  ret_from_fork_asm+0x1a/0x30
[  192.249165][ T6506]  </TASK>
[  192.249248][ T6506] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  192.485226][ T6506] CPU: 0 UID: 0 PID: 6506 Comm: kworker/u9:55 Not tainted syzkaller #0 PREEMPT(full) 
[  192.485245][ T6506] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  192.485252][ T6506] Workqueue: writeback wb_workfn (flush-7:3)
[  192.485273][ T6506] Call Trace:
[  192.485278][ T6506]  <TASK>
[  192.485284][ T6506]  dump_stack_lvl+0x189/0x250
[  192.485303][ T6506]  ? __pfx_dump_stack_lvl+0x10/0x10
[  192.485317][ T6506]  ? __pfx_queue_work_on+0x10/0x10
[  192.485328][ T6506]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  192.485344][ T6506]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  192.485367][ T6506]  f2fs_handle_critical_error+0x37c/0x540
[  192.485395][ T6506]  f2fs_write_end_io+0x886/0xb60
[  192.485419][ T6506]  __submit_merged_bio+0x27a/0x6a0
[  192.485441][ T6506]  __submit_merged_write_cond+0x255/0x530
[  192.485461][ T6506]  f2fs_write_data_pages+0x261d/0x3000
[  192.485504][ T6506]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  192.485532][ T6506]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  192.485573][ T6506]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  192.485601][ T6506]  ? trace_f2fs_writepages+0x7f/0x200
[  192.485618][ T6506]  ? f2fs_write_node_pages+0x478/0x6e0
[  192.485639][ T6506]  ? __pfx_f2fs_write_node_pages+0x10/0x10
[  192.485660][ T6506]  ? irqentry_exit+0x74/0x90
[  192.485675][ T6506]  ? lockdep_hardirqs_on+0x9c/0x150
[  192.485692][ T6506]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  192.485711][ T6506]  do_writepages+0x32e/0x550
[  192.485730][ T6506]  ? reacquire_held_locks+0x127/0x1d0
[  192.485741][ T6506]  ? writeback_sb_inodes+0x384/0x1010
[  192.485763][ T6506]  __writeback_single_inode+0x145/0xff0
[  192.485778][ T6506]  ? do_raw_spin_unlock+0x4d/0x240
[  192.485794][ T6506]  writeback_sb_inodes+0x6c7/0x1010
[  192.485857][ T6506]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  192.485909][ T6506]  ? rcu_is_watching+0x15/0xb0
[  192.485930][ T6506]  wb_writeback+0x43b/0xaf0
[  192.485953][ T6506]  ? queue_io+0x3b1/0x590
[  192.485971][ T6506]  ? __pfx_wb_writeback+0x10/0x10
[  192.485993][ T6506]  ? _raw_spin_unlock_irq+0x23/0x50
[  192.486013][ T6506]  wb_workfn+0x409/0xef0
[  192.486039][ T6506]  ? __pfx_wb_workfn+0x10/0x10
[  192.486055][ T6506]  ? __lock_acquire+0xab9/0xd20
[  192.486081][ T6506]  ? process_scheduled_works+0x9ef/0x17b0
[  192.486099][ T6506]  ? _raw_spin_unlock_irq+0x23/0x50
[  192.486111][ T6506]  ? process_scheduled_works+0x9ef/0x17b0
[  192.486121][ T6506]  ? process_scheduled_works+0x9ef/0x17b0
[  192.486132][ T6506]  process_scheduled_works+0xae1/0x17b0
[  192.486166][ T6506]  ? __pfx_process_scheduled_works+0x10/0x10
[  192.486192][ T6506]  worker_thread+0x8a0/0xda0
[  192.486225][ T6506]  kthread+0x711/0x8a0
[  192.486242][ T6506]  ? __pfx_worker_thread+0x10/0x10
[  192.486254][ T6506]  ? __pfx_kthread+0x10/0x10
[  192.486269][ T6506]  ? _raw_spin_unlock_irq+0x23/0x50
[  192.486282][ T6506]  ? lockdep_hardirqs_on+0x9c/0x150
[  192.486295][ T6506]  ? __pfx_kthread+0x10/0x10
[  192.486309][ T6506]  ret_from_fork+0x3fc/0x770
[  192.486324][ T6506]  ? __pfx_ret_from_fork+0x10/0x10
[  192.486342][ T6506]  ? __switch_to_asm+0x39/0x70
[  192.486355][ T6506]  ? __switch_to_asm+0x33/0x70
[  192.486366][ T6506]  ? __pfx_kthread+0x10/0x10
[  192.486387][ T6506]  ret_from_fork_asm+0x1a/0x30
[  192.486415][ T6506]  </TASK>
[  192.486421][ T6506] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  192.772510][ T5848] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  192.921522][ T5848] usb 5-1: Using ep0 maxpacket: 8
[  192.933364][ T5848] usb 5-1: config 36 has an invalid interface number: 44 but max is 0
[  192.936853][ T5848] usb 5-1: config 36 has an invalid interface descriptor of length 2, skipping
[  192.940695][ T5848] usb 5-1: config 36 has no interface number 0
[  192.951517][ T5848] usb 5-1: config 36 interface 44 has no altsetting 0
[  192.956947][ T5848] usb 5-1: New USB device found, idVendor=0711, idProduct=0902, bcdDevice=ad.ea
[  192.960770][ T5848] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  192.970057][ T5848] usb 5-1: Product: syz
[  192.972844][ T5848] usb 5-1: Manufacturer: syz
[  192.974779][ T5848] usb 5-1: SerialNumber: syz
[  193.049416][ T9242] loop3: detected capacity change from 0 to 32768
[  193.154433][ T9246] netlink: 'syz.3.1313': attribute type 6 has an invalid length.
[  193.200468][ T5848] sisusb 5-1:36.44: Invalid USB2VGA device
[  193.213938][ T5848] sisusb 5-1:36.44: probe with driver sisusb failed with error -22
[  193.225315][ T5848] usb 5-1: USB disconnect, device number 3
[  193.939498][   T33] audit: type=1326 audit(1756720402.231:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9290 comm="syz.2.1328" exe="/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f4fad985ba7 code=0x7ffc0000
[  193.957747][   T33] audit: type=1326 audit(1756720402.231:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9290 comm="syz.2.1328" exe="/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f4fad92adb9 code=0x7ffc0000
[  193.968866][   T33] audit: type=1326 audit(1756720402.231:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9290 comm="syz.2.1328" exe="/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f4fad985ba7 code=0x7ffc0000
[  193.985400][   T33] audit: type=1326 audit(1756720402.231:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9290 comm="syz.2.1328" exe="/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f4fad92adb9 code=0x7ffc0000
[  193.994829][   T33] audit: type=1326 audit(1756720402.231:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9290 comm="syz.2.1328" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fad98ebe9 code=0x7ffc0000
[  194.028106][   T33] audit: type=1326 audit(1756720402.251:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9290 comm="syz.2.1328" exe="/syz-executor" sig=0 arch=c000003e syscall=14 compat=0 ip=0x7f4fad98ebe9 code=0x7ffc0000
[  194.059148][   T33] audit: type=1326 audit(1756720402.251:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9290 comm="syz.2.1328" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fad98ebe9 code=0x7ffc0000
[  194.113690][   T33] audit: type=1326 audit(1756720402.251:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9290 comm="syz.2.1328" exe="/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f4fad98ebe9 code=0x7ffc0000
[  194.164531][ T1363] ieee802154 phy0 wpan0: encryption failed: -22
[  194.167630][ T1363] ieee802154 phy1 wpan1: encryption failed: -22
[  194.215745][   T33] audit: type=1326 audit(1756720402.251:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9290 comm="syz.2.1328" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fad98ebe9 code=0x7ffc0000
[  195.030322][ T9304] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1332'.
[  195.336902][ T9310] overlayfs: failed to clone lowerpath
[  195.794674][ T9332] loop3: detected capacity change from 0 to 8
[  195.999697][ T9332] SQUASHFS error: xz decompression failed, data probably corrupt
[  196.014928][ T9332] SQUASHFS error: Failed to read block 0x108: -5
[  196.033192][ T9332] SQUASHFS error: Unable to read metadata cache entry [106]
[  196.049905][ T9332] SQUASHFS error: Unable to read inode 0x11f
[  196.516721][ T9339] bad cache= option: no%e
[  196.516721][ T9339] 
[  196.519378][ T9339] CIFS: VFS: bad cache= option: no%e
[  196.531508][ T5848] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[  196.570996][ T9343] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1349'.
[  196.681566][ T5848] usb 4-1: Using ep0 maxpacket: 16
[  196.688398][ T5848] usb 4-1: config 0 has an invalid interface number: 126 but max is 0
[  196.691992][ T5848] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  196.696469][ T5848] usb 4-1: config 0 has no interface number 0
[  196.699354][ T5848] usb 4-1: config 0 interface 126 altsetting 0 has an endpoint descriptor with address 0xB7, changing to 0x87
[  196.706347][ T5848] usb 4-1: config 0 interface 126 altsetting 0 endpoint 0x87 has invalid maxpacket 34328, setting to 1024
[  196.711165][ T5848] usb 4-1: config 0 interface 126 altsetting 0 endpoint 0xA has invalid maxpacket 512, setting to 64
[  196.715681][ T5848] usb 4-1: config 0 interface 126 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0
[  196.719999][ T5848] usb 4-1: config 0 interface 126 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 4
[  196.726370][ T5848] usb 4-1: New USB device found, idVendor=0763, idProduct=1015, bcdDevice=56.88
[  196.729654][ T5848] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  196.735738][ T5848] usb 4-1: config 0 descriptor??
[  196.739490][ T9335] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  196.748058][ T5848] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  196.962113][ T5848] usb 4-1: USB disconnect, device number 18
[  198.409213][ T9355] loop4: detected capacity change from 0 to 32768
[  198.468708][ T9355] JBD2: Ignoring recovery information on journal
[  198.842677][ T9355] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[  198.902447][ T8964] ocfs2: Unmounting device (7,4) on (node local)
[  199.311226][ T9394] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1371'.
[  199.320253][ T9395] loop4: detected capacity change from 0 to 256
[  199.332471][ T9395] exfat: Deprecated parameter 'namecase'
[  199.346161][ T9395] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x1a9973fb, utbl_chksum : 0xe619d30d)
[  199.700802][ T9413] loop3: detected capacity change from 0 to 8
[  199.817174][ T9418] ==================================================================
[  199.820518][ T9418] BUG: KASAN: slab-use-after-free in xfrm_alloc_spi+0x570/0xf30
[  199.823689][ T9418] Read of size 4 at addr ffff88801fc74544 by task syz.3.1382/9418
[  199.827819][ T9418] 
[  199.828836][ T9418] CPU: 0 UID: 0 PID: 9418 Comm: syz.3.1382 Not tainted syzkaller #0 PREEMPT(full) 
[  199.828853][ T9418] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  199.828862][ T9418] Call Trace:
[  199.828867][ T9418]  <TASK>
[  199.828872][ T9418]  dump_stack_lvl+0x189/0x250
[  199.828891][ T9418]  ? __kasan_check_byte+0x12/0x40
[  199.828909][ T9418]  ? __pfx_dump_stack_lvl+0x10/0x10
[  199.828923][ T9418]  ? lock_release+0x4b/0x3e0
[  199.828943][ T9418]  ? __virt_addr_valid+0x4a5/0x5c0
[  199.828969][ T9418]  print_report+0xca/0x240
[  199.828981][ T9418]  ? xfrm_alloc_spi+0x570/0xf30
[  199.828995][ T9418]  kasan_report+0x118/0x150
[  199.829013][ T9418]  ? xfrm_alloc_spi+0x570/0xf30
[  199.829029][ T9418]  xfrm_alloc_spi+0x570/0xf30
[  199.829043][ T9418]  ? xfrm_alloc_spi+0x2a0/0xf30
[  199.829062][ T9418]  ? __pfx_xfrm_alloc_spi+0x10/0x10
[  199.829075][ T9418]  ? xfrm_find_acq+0x87/0xa0
[  199.829090][ T9418]  xfrm_alloc_userspi+0x70b/0xc90
[  199.829111][ T9418]  ? apparmor_capable+0x137/0x1b0
[  199.829125][ T9418]  ? __pfx_xfrm_alloc_userspi+0x10/0x10
[  199.829140][ T9418]  ? __nla_parse+0x40/0x60
[  199.829159][ T9418]  xfrm_user_rcv_msg+0x7a3/0xab0
[  199.829173][ T9418]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  199.829196][ T9418]  ? __pfx___mutex_trylock_common+0x10/0x10
[  199.829210][ T9418]  ? rcu_is_watching+0x15/0xb0
[  199.829222][ T9418]  ? trace_contention_end+0x39/0x120
[  199.829234][ T9418]  ? __mutex_lock+0x335/0x1350
[  199.829252][ T9418]  netlink_rcv_skb+0x208/0x470
[  199.829270][ T9418]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  199.829283][ T9418]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  199.829304][ T9418]  ? netlink_deliver_tap+0x2e/0x1b0
[  199.829320][ T9418]  ? netlink_deliver_tap+0x2e/0x1b0
[  199.829338][ T9418]  xfrm_netlink_rcv+0x79/0x90
[  199.829353][ T9418]  netlink_unicast+0x82f/0x9e0
[  199.829370][ T9418]  ? __pfx_netlink_unicast+0x10/0x10
[  199.829385][ T9418]  ? netlink_sendmsg+0x642/0xb30
[  199.829401][ T9418]  ? skb_put+0x11b/0x210
[  199.829413][ T9418]  netlink_sendmsg+0x805/0xb30
[  199.829432][ T9418]  ? __pfx_netlink_sendmsg+0x10/0x10
[  199.829450][ T9418]  ? aa_sock_msg_perm+0xf1/0x1d0
[  199.829461][ T9418]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  199.829474][ T9418]  ? __pfx_netlink_sendmsg+0x10/0x10
[  199.829490][ T9418]  __sock_sendmsg+0x21c/0x270
[  199.829506][ T9418]  ____sys_sendmsg+0x505/0x830
[  199.829520][ T9418]  ? __pfx_____sys_sendmsg+0x10/0x10
[  199.829535][ T9418]  ? import_iovec+0x74/0xa0
[  199.829549][ T9418]  ___sys_sendmsg+0x21f/0x2a0
[  199.829562][ T9418]  ? __pfx____sys_sendmsg+0x10/0x10
[  199.829583][ T9418]  ? __fget_files+0x2a/0x420
[  199.829600][ T9418]  ? __fget_files+0x3a0/0x420
[  199.829620][ T9418]  __x64_sys_sendmsg+0x19b/0x260
[  199.829633][ T9418]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  199.829648][ T9418]  ? rcu_is_watching+0x15/0xb0
[  199.829660][ T9418]  ? do_syscall_64+0xbe/0x3b0
[  199.829678][ T9418]  do_syscall_64+0xfa/0x3b0
[  199.829693][ T9418]  ? lockdep_hardirqs_on+0x9c/0x150
[  199.829709][ T9418]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  199.829750][ T9418]  ? exc_page_fault+0x9f/0xf0
[  199.829766][ T9418]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  199.829777][ T9418] RIP: 0033:0x7fb4e238ebe9
[  199.829790][ T9418] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  199.829802][ T9418] RSP: 002b:00007fb4e31ce038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  199.829817][ T9418] RAX: ffffffffffffffda RBX: 00007fb4e25c5fa0 RCX: 00007fb4e238ebe9
[  199.829826][ T9418] RDX: 0000000000000000 RSI: 0000200000000540 RDI: 0000000000000003
[  199.829834][ T9418] RBP: 00007fb4e2411e19 R08: 0000000000000000 R09: 0000000000000000
[  199.829841][ T9418] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  199.829848][ T9418] R13: 00007fb4e25c6038 R14: 00007fb4e25c5fa0 R15: 00007ffdf8feba98
[  199.829861][ T9418]  </TASK>
[  199.829866][ T9418] 
[  199.966098][ T9418] Allocated by task 7261:
[  199.967691][ T9418]  kasan_save_track+0x3e/0x80
[  199.969425][ T9418]  __kasan_slab_alloc+0x6c/0x80
[  199.971256][ T9418]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[  199.973325][ T9418]  xfrm_state_alloc+0x24/0x2f0
[  199.975077][ T9418]  __find_acq_core+0x8a7/0x1c00
[  199.976901][ T9418]  xfrm_find_acq+0x78/0xa0
[  199.978595][ T9418]  xfrm_alloc_userspi+0x6b3/0xc90
[  199.980515][ T9418]  xfrm_user_rcv_msg+0x7a3/0xab0
[  199.982402][ T9418]  netlink_rcv_skb+0x208/0x470
[  199.984186][ T9418]  xfrm_netlink_rcv+0x79/0x90
[  199.985918][ T9418]  netlink_unicast+0x82f/0x9e0
[  199.987705][ T9418]  netlink_sendmsg+0x805/0xb30
[  199.989525][ T9418]  __sock_sendmsg+0x21c/0x270
[  199.991285][ T9418]  ____sys_sendmsg+0x505/0x830
[  199.993001][ T9418]  ___sys_sendmsg+0x21f/0x2a0
[  199.994682][ T9418]  __x64_sys_sendmsg+0x19b/0x260
[  199.996518][ T9418]  do_syscall_64+0xfa/0x3b0
[  199.998248][ T9418]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  200.000450][ T9418] 
[  200.001348][ T9418] Freed by task 5991:
[  200.002838][ T9418]  kasan_save_track+0x3e/0x80
[  200.004517][ T9418]  kasan_save_free_info+0x46/0x50
[  200.006343][ T9418]  __kasan_slab_free+0x5b/0x80
[  200.008149][ T9418]  kmem_cache_free+0x18f/0x400
[  200.009934][ T9418]  xfrm_state_gc_task+0x52d/0x6b0
[  200.011786][ T9418]  process_scheduled_works+0xae1/0x17b0
[  200.013766][ T9418]  worker_thread+0x8a0/0xda0
[  200.015457][ T9418]  kthread+0x711/0x8a0
[  200.016976][ T9418]  ret_from_fork+0x3fc/0x770
[  200.018738][ T9418]  ret_from_fork_asm+0x1a/0x30
[  200.020495][ T9418] 
[  200.021407][ T9418] The buggy address belongs to the object at ffff88801fc74480
[  200.021407][ T9418]  which belongs to the cache xfrm_state of size 928
[  200.026405][ T9418] The buggy address is located 196 bytes inside of
[  200.026405][ T9418]  freed 928-byte region [ffff88801fc74480, ffff88801fc74820)
[  200.031404][ T9418] 
[  200.032296][ T9418] The buggy address belongs to the physical page:
[  200.034689][ T9418] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88801fc74000 pfn:0x1fc74
[  200.038346][ T9418] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  200.041454][ T9418] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  200.044199][ T9418] page_type: f5(slab)
[  200.045683][ T9418] raw: 00fff00000000040 ffff88801d7233c0 dead000000000122 0000000000000000
[  200.048907][ T9418] raw: ffff88801fc74000 00000000800e000b 00000000f5000000 0000000000000000
[  200.052004][ T9418] head: 00fff00000000040 ffff88801d7233c0 dead000000000122 0000000000000000
[  200.055137][ T9418] head: ffff88801fc74000 00000000800e000b 00000000f5000000 0000000000000000
[  200.058322][ T9418] head: 00fff00000000002 ffffea00007f1d01 00000000ffffffff 00000000ffffffff
[  200.061410][ T9418] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[  200.064491][ T9418] page dumped because: kasan: bad access detected
[  200.066900][ T9418] page_owner tracks the page as allocated
[  200.069018][ T9418] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 6859, tgid 6858 (syz.3.350), ts 101948906405, free_ts 101840951772
[  200.075832][ T9418]  post_alloc_hook+0x240/0x2a0
[  200.077612][ T9418]  get_page_from_freelist+0x21e4/0x22c0
[  200.079643][ T9418]  __alloc_frozen_pages_noprof+0x181/0x370
[  200.081806][ T9418]  alloc_pages_mpol+0x232/0x4a0
[  200.083613][ T9418]  allocate_slab+0x8a/0x370
[  200.085253][ T9418]  ___slab_alloc+0xbeb/0x1410
[  200.086907][ T9418]  kmem_cache_alloc_noprof+0x283/0x3c0
[  200.088896][ T9418]  xfrm_state_alloc+0x24/0x2f0
[  200.090588][ T9418]  pfkey_add+0x6e4/0x2e00
[  200.092074][ T9418]  pfkey_sendmsg+0xbfe/0x1090
[  200.093765][ T9418]  __sock_sendmsg+0x21c/0x270
[  200.095483][ T9418]  ____sys_sendmsg+0x52d/0x830
[  200.097253][ T9418]  ___sys_sendmsg+0x21f/0x2a0
[  200.098876][ T9418]  __sys_sendmmsg+0x227/0x430
[  200.100485][ T9418]  __x64_sys_sendmmsg+0xa0/0xc0
[  200.102284][ T9418]  do_syscall_64+0xfa/0x3b0
[  200.103982][ T9418] page last free pid 6580 tgid 6580 stack trace:
[  200.106222][ T9418]  __free_frozen_pages+0xbc4/0xd30
[  200.108020][ T9418]  __put_partials+0x156/0x1a0
[  200.109646][ T9418]  put_cpu_partial+0x17c/0x250
[  200.111489][ T9418]  __slab_free+0x2d5/0x3c0
[  200.113177][ T9418]  qlist_free_all+0x97/0x140
[  200.114894][ T9418]  kasan_quarantine_reduce+0x148/0x160
[  200.116922][ T9418]  __kasan_slab_alloc+0x22/0x80
[  200.118782][ T9418]  __kmalloc_noprof+0x224/0x4f0
[  200.120598][ T9418]  tomoyo_realpath_from_path+0xe3/0x5d0
[  200.122694][ T9418]  tomoyo_path_perm+0x213/0x4b0
[  200.124469][ T9418]  security_inode_getattr+0x12f/0x330
[  200.126421][ T9418]  vfs_fstatat+0xb1/0x170
[  200.127992][ T9418]  __x64_sys_newfstatat+0x116/0x190
[  200.129869][ T9418]  do_syscall_64+0xfa/0x3b0
[  200.131515][ T9418]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  200.133566][ T9418] 
[  200.134430][ T9418] Memory state around the buggy address:
[  200.136393][ T9418]  ffff88801fc74400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  200.139335][ T9418]  ffff88801fc74480: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  200.142242][ T9418] >ffff88801fc74500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  200.144994][ T9418]                                            ^
[  200.147178][ T9418]  ffff88801fc74580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  200.150002][ T9418]  ffff88801fc74600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  200.152869][ T9418] ==================================================================
[  200.155954][ T9418] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  200.158914][ T9418] CPU: 0 UID: 0 PID: 9418 Comm: syz.3.1382 Not tainted syzkaller #0 PREEMPT(full) 
[  200.162818][ T9418] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  200.166959][ T9418] Call Trace:
[  200.168361][ T9418]  <TASK>
[  200.169614][ T9418]  dump_stack_lvl+0x99/0x250
[  200.171351][ T9418]  ? __asan_memcpy+0x40/0x70
[  200.173043][ T9418]  ? __pfx_dump_stack_lvl+0x10/0x10
[  200.174902][ T9418]  ? __pfx__printk+0x10/0x10
[  200.176540][ T9418]  vpanic+0x281/0x750
[  200.177941][ T9418]  ? __pfx_vpanic+0x10/0x10
[  200.179612][ T9418]  ? irqentry_exit+0x74/0x90
[  200.181366][ T9418]  panic+0xb9/0xc0
[  200.182756][ T9418]  ? __pfx_panic+0x10/0x10
[  200.184296][ T9418]  ? _raw_spin_unlock_irqrestore+0xa8/0x110
[  200.186370][ T9418]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  200.188452][ T9418]  ? xfrm_alloc_spi+0x570/0xf30
[  200.190203][ T9418]  check_panic_on_warn+0x89/0xb0
[  200.191963][ T9418]  ? xfrm_alloc_spi+0x570/0xf30
[  200.193687][ T9418]  end_report+0x78/0x160
[  200.195145][ T9418]  kasan_report+0x129/0x150
[  200.196770][ T9418]  ? xfrm_alloc_spi+0x570/0xf30
[  200.198438][ T9418]  xfrm_alloc_spi+0x570/0xf30
[  200.200099][ T9418]  ? xfrm_alloc_spi+0x2a0/0xf30
[  200.201860][ T9418]  ? __pfx_xfrm_alloc_spi+0x10/0x10
[  200.203661][ T9418]  ? xfrm_find_acq+0x87/0xa0
[  200.205279][ T9418]  xfrm_alloc_userspi+0x70b/0xc90
[  200.207024][ T9418]  ? apparmor_capable+0x137/0x1b0
[  200.208765][ T9418]  ? __pfx_xfrm_alloc_userspi+0x10/0x10
[  200.210677][ T9418]  ? __nla_parse+0x40/0x60
[  200.212227][ T9418]  xfrm_user_rcv_msg+0x7a3/0xab0
[  200.213915][ T9418]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  200.215769][ T9418]  ? __pfx___mutex_trylock_common+0x10/0x10
[  200.217868][ T9418]  ? rcu_is_watching+0x15/0xb0
[  200.219543][ T9418]  ? trace_contention_end+0x39/0x120
[  200.221510][ T9418]  ? __mutex_lock+0x335/0x1350
[  200.223215][ T9418]  netlink_rcv_skb+0x208/0x470
[  200.224921][ T9418]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  200.226866][ T9418]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  200.228672][ T9418]  ? netlink_deliver_tap+0x2e/0x1b0
[  200.230576][ T9418]  ? netlink_deliver_tap+0x2e/0x1b0
[  200.232418][ T9418]  xfrm_netlink_rcv+0x79/0x90
[  200.234041][ T9418]  netlink_unicast+0x82f/0x9e0
[  200.235746][ T9418]  ? __pfx_netlink_unicast+0x10/0x10
[  200.237579][ T9418]  ? netlink_sendmsg+0x642/0xb30
[  200.239314][ T9418]  ? skb_put+0x11b/0x210
[  200.240826][ T9418]  netlink_sendmsg+0x805/0xb30
[  200.242505][ T9418]  ? __pfx_netlink_sendmsg+0x10/0x10
[  200.244315][ T9418]  ? aa_sock_msg_perm+0xf1/0x1d0
[  200.246087][ T9418]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  200.247971][ T9418]  ? __pfx_netlink_sendmsg+0x10/0x10
[  200.249843][ T9418]  __sock_sendmsg+0x21c/0x270
[  200.251605][ T9418]  ____sys_sendmsg+0x505/0x830
[  200.253354][ T9418]  ? __pfx_____sys_sendmsg+0x10/0x10
[  200.255283][ T9418]  ? import_iovec+0x74/0xa0
[  200.256997][ T9418]  ___sys_sendmsg+0x21f/0x2a0
[  200.258640][ T9418]  ? __pfx____sys_sendmsg+0x10/0x10
[  200.260540][ T9418]  ? __fget_files+0x2a/0x420
[  200.262349][ T9418]  ? __fget_files+0x3a0/0x420
[  200.264086][ T9418]  __x64_sys_sendmsg+0x19b/0x260
[  200.265859][ T9418]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  200.267779][ T9418]  ? rcu_is_watching+0x15/0xb0
[  200.269476][ T9418]  ? do_syscall_64+0xbe/0x3b0
[  200.271233][ T9418]  do_syscall_64+0xfa/0x3b0
[  200.272886][ T9418]  ? lockdep_hardirqs_on+0x9c/0x150
[  200.274737][ T9418]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  200.276897][ T9418]  ? exc_page_fault+0x9f/0xf0
[  200.278572][ T9418]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  200.280674][ T9418] RIP: 0033:0x7fb4e238ebe9
[  200.282232][ T9418] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  200.289102][ T9418] RSP: 002b:00007fb4e31ce038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  200.292018][ T9418] RAX: ffffffffffffffda RBX: 00007fb4e25c5fa0 RCX: 00007fb4e238ebe9
[  200.294831][ T9418] RDX: 0000000000000000 RSI: 0000200000000540 RDI: 0000000000000003
[  200.297651][ T9418] RBP: 00007fb4e2411e19 R08: 0000000000000000 R09: 0000000000000000
[  200.300541][ T9418] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  200.303347][ T9418] R13: 00007fb4e25c6038 R14: 00007fb4e25c5fa0 R15: 00007ffdf8feba98
[  200.306146][ T9418]  </TASK>
[  200.307971][ T9418] Kernel Offset: disabled
[  200.309546][ T9418] Rebooting in 86400 seconds..

VM DIAGNOSIS:
09:53:28  Registers:
info registers vcpu 0

CPU#0
RAX=1ffffffff33bde60 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd
RSI=000000000000114d RDI=000000000000114e RBP=ffffffff99def6b0 RSP=ffffc90021cfe990
R8 =ffff8880204d8237 R9 =1ffff1100409b046 R10=dffffc0000000000 R11=ffffffff854f32b0
R12=dffffc0000000000 R13=0000000000000000 R14=ffffffff99def420 R15=0000000000000000
RIP=ffffffff854f3327 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007fb4e31ce6c0 ffffffff 00c00000
GS =0000 ffff8880b861b000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000001b35021ff8 CR3=0000000128770000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=00007fb4e2597498 00007fb4e2597470 XMM03=00007fb4e25974a8 00007fb4e25974a0
XMM04=00007fb4e30fd100 00007fb4e2597460 XMM05=00007fb4e2597478 00007fb4e25974c0
XMM06=00007fb4e25974b8 00007fb4e25974b0 XMM07=00007fb4e25974a8 00007fb4e25974a0
XMM08=6161616161616161 6161616161616161 XMM09=0000000000000000 00007fb4e2412fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000001 RBX=0000000000000202 RCX=3e6820f109e69c00 RDX=0000000000000000
RSI=ffffffff8dba6cac RDI=ffffffff8be33680 RBP=ffff88810cf9e130 RSP=ffffc90021e6f0d0
R8 =ffffc90021e6f590 R9 =0000000000000000 R10=ffffc90021e6f278 R11=fffff520043cde51
R12=0000000000000000 R13=0000000000000000 R14=ffffffff8e139ee0 R15=ffff88810cf9d640
RIP=ffffffff8b79c195 RFL=00000082 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f4fae7db6c0 ffffffff 00c00000
GS =0000 ffff8881a3c1b000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007fa898b733e0 CR3=0000000125e56000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=2525252525252525 2525252525252525
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=0000000000000000 00000000000000ff XMM05=6161616161616161 6161616161616161
XMM06=6161616161616161 6161616161616161 XMM07=6161616161616161 6161616161616161
XMM08=6161616161616161 6161616161616161 XMM09=0000000000000000 00007fb4e2412fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
