last executing test programs:

4m30.809995664s ago: executing program 1 (id=266):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)=ANY=[@ANYBLOB="60000000140001002bbd7000ffdbdf25020000fd", @ANYRES32, @ANYBLOB="08000b00e000000108000200ac1414bb140006"], 0x60}}, 0x40010)

4m30.548790459s ago: executing program 1 (id=268):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000032680)=""/102392, 0x18ff8)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x80801)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0xa031, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4})
ioctl$UFFDIO_COPY(r1, 0xc028aa03, &(0x7f0000000100)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000339000/0x1000)=nil, 0x800000})

4m28.459871283s ago: executing program 1 (id=279):
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_i', @ANYRESDEC=0x0])
pipe(&(0x7f0000000580)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a010100000100000000000200fffc0900010073797a30000000000800024000000001cc000000030a01020000000000000000020000000900010073797a3000000000aa000300"], 0x1e4}}, 0x0)
write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc)
splice(r0, 0x0, r2, 0x0, 0x7fff, 0x0)

4m27.556307167s ago: executing program 1 (id=287):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x1001a, &(0x7f0000000240)={[{@jqfmt_vfsv1}, {@resuid={'resuid', 0x3d, 0xee01}}, {@barrier_val={'barrier', 0x3d, 0x3}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@block_validity}, {@jqfmt_vfsv1}]}, 0x1, 0x42e, &(0x7f0000000940)="$eJzs20tvG0UcAPD/rpOUvkgo5dEHECiIiEfSpAV64AICiQsSEhzKMSRpFeI2qAkSrSIICHFFlbgjjkh8Ak5wQcAJiSsfAFWqUC4tnIzW3k1sx3k4deKCfz9pk5ndcWb+3hl7dicbQM8azn4kEYci4o+IGKxlGwsM137dXlma+ntlaSqJSuXtv5JquVsrS1NF0eJ1B/PMSBqRfp7EiRb1Lly9NjdZLs9cyfNji5c+GFu4eu352UuTF2cuzlyeOHfu7Jnxl16ceKEjcWZtunX84/mTx9549/qbU+evv/fLd0kRf1McHTK82cGnKpUOV9ddh+vSSV8XG0JbShGRna7+6vgfjFKsnbzBeP2zrjYO2FWVSqVycOPDyxXgfyyJbrcA6I7iiz67/i22PZp63BVuvlK7AMrivp1vtSN9keZl+puubztpOCLOL//zdbbF7tyHAABo8EM2/3mu1fwvjQfryt2brw0NRcR9EXEkIu6PiKMR8UBEtexDEfFwm/U3L5Ksn/+kN3YU2DZl87+X87WtxvlfMfuLoVKeO1yNvz+5MFueOZ2/JyPRvy/Lj29Sx4+v/f7lRsfq53/ZltVfzAXzdtzo29f4munJxck7ibnezU8jjve1ij9ZXQlIIuJYRBzfYR2zz3x7cqNjW8e/iQ6sM1W+iXi6dv6Xoyn+QrL5+uTYPVGeOT1W9Ir1fv3ti7c2qv+O4u+A7PwfaNn/V+MfSurXaxfa+/v7tji+0/4/kLxTTQ/k+z6aXFy8Mh4xMNfYKar7J9bni/JZ/COnWo//I7H2TpyIiKwTPxIRj0bEY3nbH4+IJyLi1CYx/vzqk+/vPP7dlcU/3db5X0sMRPOe1onS3E/fN1Q61E782fk/W02N5Hu28/m3nXa135sBAADgvymNiEORpKOr6TQdHa39v/zROJCW5xcWn70w/+Hl6dozAkPRnxZ3ugbr7oeO55f1RX6iKX8mv2/8VWl/NT86NV+e7nbw0OMObjD+M3+Wut06YNd5Xgt6l/EPvcv4h95l/EPvajH+93ejHcDea/X9/0kX2gHsvabxb9kPeojrf+hdxj/0LuMfetLC/tj6IXkJiXWJSO+KZkjsUqLbn0wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACd8W8AAAD//9Oa5Js=")
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000000)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}, {@metacopy_on}]})
syz_mount_image$fuse(&(0x7f0000000140), &(0x7f0000000180)='./file0\x00', 0x8820, &(0x7f0000000240)=ANY=[], 0x1, 0x0, 0x0)
linkat(0xffffffffffffff9c, &(0x7f00000006c0)='./file2\x00', 0xffffffffffffff9c, &(0x7f0000000700)='./file7\x00', 0x0)
lsetxattr$security_capability(&(0x7f0000000100)='./file7\x00', &(0x7f00000001c0), &(0x7f0000000200)=@v2={0x2000000, [{0x6a1, 0x3}, {0x2, 0x5}]}, 0x14, 0x1)
openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file7\x00', 0x80002, 0x0)

4m27.318269207s ago: executing program 1 (id=289):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000280)={0xa, 0x4e22, 0x9, @loopback, 0x6}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x4e22, 0x23, @loopback, 0x23}, 0x1c)
r1 = dup(r0)
read$FUSE(r1, &(0x7f00000075c0)={0x2020}, 0x2020)
shutdown(r1, 0x1)
read$FUSE(r1, &(0x7f0000003680)={0x2020}, 0x2020)

4m26.948894106s ago: executing program 1 (id=291):
syz_mount_image$squashfs(&(0x7f0000000680), &(0x7f00000001c0)='./file1\x00', 0x0, &(0x7f0000000ac0)=ANY=[@ANYRES64=0x0, @ANYRES64, @ANYBLOB="88e2e648f70ad5763a343daf39cab3defb775f0676e8010000000000000015dc40799b832d5db4fea2b9894d580000000012e959ef6d35f305144c1452069473802c4df7db59920ba4dd1e8c77bf67c36b2e4e5eee8dc00f81923ca96c9f6d3abda7166fbcead960aee4f4a132d01f373ebd52d7e5610ff6e55180d1dd609fabc9a27c57623b2c11427b1c9e5845b18375004721e60307c9", @ANYRES16=0x0, @ANYBLOB="46403d5b0cd8d68d426a04b4787195ff7424a82544a22122bc0b10c80fba4c6d01267249f7c3a8ab208fa40142d5c00129ab0566d8b7a6e018744040a9323940df302191d4504c3c2904a667afaa6c07685f08ddb695d817be317e3fd0452ce21ae973", @ANYBLOB="cd099bf46634ae0ef20ed2ba2228c7861d77eb8e89debf07a0ac26cdadf7a684dc0ee6f5048a6a3e2e299d207a30c3fe1e73696eaac25bca2d9a44025207a0e36ed20b09f1d1d8752bbb15faa46ca426761546b6172b48665c3907", @ANYRESHEX, @ANYBLOB="565c3d1a135dcfa3316f89263710cde4cfdcd5a74eea89"], 0x6, 0x18f, &(0x7f0000000840)="$eJzsVb1OKkEU/mYZdrk3t6CmveTCLZTdRYlvIJWVDyCBFYmLPyyJQkhcKx6FxKew8B0sTGywoNACSxMzZn5YZmsSgma+BL7vnDk/c6Y4exJdRg6Az/moiTwECP7giRBQACUifQeO5Hdbck3ZMyrZU/47xS+Ko8HwtBGGQU8IeyHCFQRTrRPPyhU3X7CbtTftbcrsRvwcwRjFGpsuzf1bC29ilz3OR00ujgAwxhj3teSP6DEZAA9aTIECBeRIBiyJoWJbAiUAlX73ohINhludbqMdtIMz36/W3B3X3fUrx50wcOU/0VpYcpGB838AfLH90s6zAJ7Vgv2NNIh2NXVO9Fy+f2exDCj/TedaWq5eQ9a9T2qoRQv+FIf4hxyAq5ho3qKoRiFGq4MgowyPaveUPXPiYLt5HrbGICCLtAloUsObIpsYvm5U9+LFFceKi4rriieKp4odkv4mUVHhVVnleDm0bQHXjX6/5wG2VD4Pkyof6w/Hu37Y6eGKDgwMDAwMDAwMvgm+AgAA//+a42GE")
llistxattr(&(0x7f0000000080)='./file1\x00', 0x0, 0xfffffeb6)

4m26.742821854s ago: executing program 32 (id=291):
syz_mount_image$squashfs(&(0x7f0000000680), &(0x7f00000001c0)='./file1\x00', 0x0, &(0x7f0000000ac0)=ANY=[@ANYRES64=0x0, @ANYRES64, @ANYBLOB="88e2e648f70ad5763a343daf39cab3defb775f0676e8010000000000000015dc40799b832d5db4fea2b9894d580000000012e959ef6d35f305144c1452069473802c4df7db59920ba4dd1e8c77bf67c36b2e4e5eee8dc00f81923ca96c9f6d3abda7166fbcead960aee4f4a132d01f373ebd52d7e5610ff6e55180d1dd609fabc9a27c57623b2c11427b1c9e5845b18375004721e60307c9", @ANYRES16=0x0, @ANYBLOB="46403d5b0cd8d68d426a04b4787195ff7424a82544a22122bc0b10c80fba4c6d01267249f7c3a8ab208fa40142d5c00129ab0566d8b7a6e018744040a9323940df302191d4504c3c2904a667afaa6c07685f08ddb695d817be317e3fd0452ce21ae973", @ANYBLOB="cd099bf46634ae0ef20ed2ba2228c7861d77eb8e89debf07a0ac26cdadf7a684dc0ee6f5048a6a3e2e299d207a30c3fe1e73696eaac25bca2d9a44025207a0e36ed20b09f1d1d8752bbb15faa46ca426761546b6172b48665c3907", @ANYRESHEX, @ANYBLOB="565c3d1a135dcfa3316f89263710cde4cfdcd5a74eea89"], 0x6, 0x18f, &(0x7f0000000840)="$eJzsVb1OKkEU/mYZdrk3t6CmveTCLZTdRYlvIJWVDyCBFYmLPyyJQkhcKx6FxKew8B0sTGywoNACSxMzZn5YZmsSgma+BL7vnDk/c6Y4exJdRg6Az/moiTwECP7giRBQACUifQeO5Hdbck3ZMyrZU/47xS+Ko8HwtBGGQU8IeyHCFQRTrRPPyhU3X7CbtTftbcrsRvwcwRjFGpsuzf1bC29ilz3OR00ujgAwxhj3teSP6DEZAA9aTIECBeRIBiyJoWJbAiUAlX73ohINhludbqMdtIMz36/W3B3X3fUrx50wcOU/0VpYcpGB838AfLH90s6zAJ7Vgv2NNIh2NXVO9Fy+f2exDCj/TedaWq5eQ9a9T2qoRQv+FIf4hxyAq5ho3qKoRiFGq4MgowyPaveUPXPiYLt5HrbGICCLtAloUsObIpsYvm5U9+LFFceKi4rriieKp4odkv4mUVHhVVnleDm0bQHXjX6/5wG2VD4Pkyof6w/Hu37Y6eGKDgwMDAwMDAwMvgm+AgAA//+a42GE")
llistxattr(&(0x7f0000000080)='./file1\x00', 0x0, 0xfffffeb6)

3m8.391523151s ago: executing program 2 (id=1316):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'lrw(twofish)\x00'}, 0x58)
syz_mount_image$xfs(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x200800, &(0x7f0000000180)={[], [{@smackfstransmute={'smackfstransmute', 0x3d, ']-N.'}}, {@euid_lt}, {@fowner_lt}, {@smackfstransmute={'smackfstransmute', 0x3d, '^!:(*)^&&'}}, {@obj_user={'obj_user', 0x3d, '\xd8]\'^+\xcf\xd9'}}]}, 0x4, 0x9606, &(0x7f0000012cc0)="$eJzs2gm8pnPhuP/nDGOXMVRSaiqiRdYsUc0MZigkS7QjS8pSUqESSgoVEe3Zt2xlCWVrJdlbKCFUskRabMP8X8ecYYyLb/36/l++dV3X63XO8zz3c9/3+Tyf972cw2wyaYOJg8Ecg2mNG8zceddOnjLm6nXvOGrz+Y9d5tR7DnjsiouOH3mcMPI4cTAYjBp5e2jasrGD004fNZj14eWPNveccw3NOxgsO/JyZD+DFac9zHvF9PWmztTMAx169Ns+074ebr7hHzH85PAD9jpiMBiMmWH7ocFgaPfHfVBpm0yYPOlRq0fchq1Gjzyf8Wu2aV/zXjwYzHvmgI+PGdcdego+0vDP3P0l545e9yn42f9xbTJh8loz+Q+fi7OMLFtx+Byf+Rw0NvNxfttim648MoUPH2+DwfAl7jHnyn9Em0yYtPbgia/zg6NWuXCfqdOum7MPpt0o5hwMBnONXF/neapd6t9rwsTlHr5nT389wj79WN6djosT3n7yQ8M36cFgsMBgMHbN6feCqqqq+s9owsTlVoP7/xxPdv8/5ZSFz+z+X1VV9Z/bWhMmLjd8r5/p/j/Pk93/d1z4oj2n/bf/8StO2+qhp/ZDVFVV1b/UpLXw/j/mye7/K6522drd/6uqqv5zW3+dh+//88x0/1/wye7/bzl5lUVG1pv+e8ODM+xyaIb/n/DADMtnmWH5/TMsHz3DfmZcf7YZlt87w/LZh9+D9ccNBmOn/3vBKY8uHjtu+L2R5ffNsHz8o/9OZ9HVZ1g+YYblk2ZYPnFkrMPLJ8+wfPIM66/5JFNdVVX1f6b1l5u02mCGf2c/snih6e/T/f+Cs65b8qkab1VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVf1n9tAdZ587GAyGBoPBqMFgymDk+YyPg6lTp04dfn3K+Zdf/pQN9P9GQ+ddO3nKmKvXveOozec/dplT7zng0Vn6j+0//xPUv9Ow/xzHjxsMtt/oqR5KPQV1/rvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+4h+44+9yRY2DUYDBlMPJ89+mPZ+3/5reOrLryxqfedfCjWy46fpuRZ+ddO3nKNk/B2J+ChoY/65ir173jqM3nP3aZU+854L/g7PnP/wT17/Sw/zZDg8HI+T1m+Fxed8L6Gy4xGAwOvuvUjVcYPPLeSsPvrTJ2lsEsD2+6xMPf11iUd7z7mtMexw9/W/CRfZzy8P7XmnrYLEMzDWKGXnXejUe9a5N7lp/5cfEn/hyjpj854voz7p46derUxywcaY4n2Hj6/qd/lpnP85GxLzE89qV22u69S71/l12X3Ga7zbbecustt19muZWWX2HZZVZY+RVLbbXNtlsuPe37E8zZuIe/r/bPzNk8M8/ZHRNmnLOZP9sTzdm4J5+zh/c4ZdehDafP2az/4pyt9uRzNm6bkR+06PjRg00fnpqhwWDR1UcPdh5+sczsg8Gia4ysu9DwuquOHTUY7P/oBx1+Nvsjx+DQ7sPrbDJpg4mPjuzxn/Bx1+nHrLjo+JHHCSOPE6cNcdzg0UNx7OC000cNz8VjpnnuOecamncwWHbk5ch+BiuPvHvo9PWmztTMAx169Ns+074ebr7hnQw/effSZ18zfC7OtP3/H/0/Xf8f57XS0CMTNTTyNbLONK8Jk9d69Gc9PA3DczfLyLIVh01mnrP/zR433nGzDsY8yXgnrTVxueHFM83/9E3w+LpzsQs/PO3YGr/itK0e+n9GofHO8yTjXWsCjneeJxvv8R+59PRpu/pfG+9M17q1H/4+/p+51g2e/Fo3C+1gy0sWmfla97onHuJjzuPpczT7TCs90bVu50OW3X14/+Of/Fq39vDYRz/mWjdqMFh0tenXuuEL36TRg/2HXyw7/GLy6MGxwy+We/jFnIPzh1+8/J07bLvF8II1p8/J0sP7HT926GH3C1e8dfGpB06duvrIWMaPfexYR46PcTPezyeMnTaZ07edvt/hVafv95ZnTntv0sh+J/wL+52+LY33rvmmvTd5ZL8TZ9rv6CfZ7/RtH3c+LDH0yIXrCa43k2a63oz8jTP9xz3ma7ZpX/NePBjMeyb5zrTu/3jNpPN3jicZ74SJy602PL6Zzt9HDkc6fy+dfPXwvWLewWCwwGAwds3pY/8XG3qi8c765OOdCOOd9cnGe+Vx263zvzDewQzjfcxxtsn6046VNUeOs8n/wvE7fduZr2OjH3532mV/zX/mOjbucdexPWYZNdNkz9AT/c62Baw/7flCj/6ee+1Jx0yf+9Ez7fd/+p1ths8yBNexMTP9PT9qzRsGQzTnux+/6mVDBz35nI8ePPZvi+lzPn3bJ5vzyf/MnD/nyef8n/09eYkXTnt/9Ezjn3HO19vv2ftOn/PZZtrv/zTnk5/83vH4OR8/GE1zvvT90+btya6nTzTn07edPufDH3GVsbMO1hi+Z43M+aR/Zs4X+t85zueC9ac93/KRReccdeobp8/5zHP8P835pH91zsc9cpwv+vB7Lxg1mG22wc6b7bTTjstM+z795bLTvvO16N5rp83zk91Ln8ho+rZPdl6s/s8YjfmnjIb+J6OFZ30io0dPrSN32PEZ/6/XotX/VaMBX4uuPmbavD3Z70VPNOfTt6X74IIzbD/z36Hrr/Pw793zzHQfnL4J3gfPOWvtvafvcmSzB2ca5vT76gMzLJ9lhuX3z7B89Az7mXH92WZYfu8My4c/wmwzrD+dddzw37wjy6c8uvrY4V+exo0sv2+G5eMf3XbR1WdYPmGG5ZNmWD7x0UNj0ckzLJ88w/prDv7Fpv836W1mvsjXP1v//ddd/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+4h+44+9yRY2DUYDBlMO350MjjYPeh9W5/zfDjYDAYveKJU9d7qsf7FDd03rWTp4y5et07jtp8/mOXOfWeA/4Lzp7//E9Q/04P+28zNBiMnN9jthkMButOWH/DJQaDwXpTT1xx1OCR9xYafm/VsaMGg/2HHrOD2R9ZZ2j34XU2mbTBxMFgjpE1xj3uhz7uPHrMiouOH3mcMPI4cdr1adzg0eN17OC000cNZn14+aPNPedcQ/MOBsuOvBzZz2DFaQ/zXjF9vakzNfNAhx79ts+0r4ebb/hHDD/ZeevJzx2eq5m2/z/T9Gv1NqP+x1U7/93l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u/jX/jpb/thJ1l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5i3vojrPPHTkGRg0GUwbTng/tPvI4GDr5tBePHCKjd7nq6MOe6vE+xQ2dd+3kKWOuXveOozaf/9hlTr3ngP+Cs+c//xPUv9PD/tsMDQYj5/eYbQaDwboT1t9wicFgcNjRV+0yavDIewsNv7fq2FGDwf5Dj9nB7I+sM7T78DqbTNpg4mAwx8ga4x73Qx93Hj1mxUXHjzxOGHmcOO36NG7w6PE6dnDa6aMGsz68/NHmnnOuoXkHg2VHXo7sZ7DitId5r5i+3tSZmnmgQ49+22fa18PNN/wjhp/sNc+1Jw/P1Uzb/59p+rV6m1H/46qd/+7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5S/uoTvOPnfkGBg1GEwZTHs+auRxaPebb9ptw+HH4dfzr7n3tU/1eJ/ihs67dvKUMVeve8dRm89/7DKn3nPAf8HZ85//Cerfadh/juPHDQbbb/RUD6Wegjr/3eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvLX9xDd5x97sjTUY8uHbV7xwU2dN61k6eMuXrdO47afP5jlzn1ngOe6gH9uz2B/x75Yxb/PfPHLP4fzx+z+H8if8ziv1f+mMX/k/ljFv+988cs/p/KH7P4fzp/zOK/T/6YxX/f/DGL/375Yxb/z+SPWfw/mz9m8f9c/pjFf//8MYv/AfljFv/P549Z/A/MH7P4H5Q/ZvH/Qv6Yxf/g/DGL/yH5Yxb/L+aPWfy/lD9m8f9y/pjF/yv5Yxb/r+aPWfy/lj9m8f96/pjF/xv5Yxb/Q/PHLP6H5Y9Z/A/PH7P4H5E/ZvE/Mn/M4n9U/pjF/+j8MYv/MfljFv9j88cs/sflj1n8j88fs/h/M3/M4n9C/pjF/8T8MYv/SfljFv+T88cs/qfkj1n8v5U/ZvH/dv6Yxf/U/DGL/2n5Yxb/0/PHLP5n5I9Z/L+TP2bxPzN/zOJ/Vv6Yxf/s/DGL/3fzxyz+38sfs/ifkz9m8T83f8zif17+mMX//Pwxi/8F+WMW/+/nj1n8f5A/ZvH/Yf6Yxf9H+WMW/x/nj1n8f5I/ZvG/MH/M4n9R/pjF/6f5Yxb/i/PHLP4/yx+z+F+SP2bxvzR/zOJ/Wf6Yxf/y/DGL/xX5Yxb/K/PHLP5X5Y9Z/H+eP2bx/0X+mMX/l/ljFv9f5Y9Z/K/OH7P4X5M/ZvH/df6Yxf83+WMW/2vzxyz+v80fs/hflz9m8b8+f8zif0P+mMX/d/ljFv8b88cs/jflj1n8b84fs/j/Pn/M4v+H/DGL/x/zxyz+t+SPWfz/lD9m8b81f8zif1v+mMX/9vwxi/8d+WMW/z/nj1n878wfs/jflT9m8f9L/pjF/+78MYv/X/PHLP5/yx+z+P89f8zi/4/8MYv/PfljFv9788cs/vflj1n8788fs/g/kD9m8Z+SP2bxfzB/zOL/UP6YxX9q/pjEf5ZB/pjFfyh/zOI/Kn/M4j9L/pjFf9b8MYv/6Pwxi/9s+WMW/9nzxyz+c+SPWfznzB+z+M+VP2bxnzt/zOI/T/6YxX/e/DGL/9Pyxyz+8+WPWfzH5I9Z/OfPH7P4j80fs/gvkD9m8V8wf8zi//T8MYv/M/LHLP7PzB+z+C+UP2bxf1b+mMV/4fwxi/+z88cs/s/JH7P4L5I/ZvF/bv6Yxf95+WMW/3H5Yxb/5+ePWfxfkP/jmnXk0eD/wvwxy/m/aP6YxX+x/DGL/4vyxyz+i+ePWfyXyB+z+L84f8zi/5L8MYv/S/PHLP4vyx+z+C+ZP2bxf3n+mMV/qfwxi//S+WMW/2Xyxyz+y+aPWfyXyx+z+C+fP2bxf0X+mMV/hfwxi/+K+WMW/5Xyxyz+K+ePWfxfmT9m8V8lf8ziv2r+mMX/VfljFv9X549Z/F+TP2bxH58/ZvGfkD9m8Z+YP2bxXy1/zOK/ev6YxX+N/DGL/6T8MYv/ZJX/LP/0mhb/NVX+/3wW/7Xyxyz+r80fs/i/Ln/M4r92/pjFf538MYv/uvljFv/X549Z/NfLH7P4vyF/zOK/fv6YxX+D/DGL/4b5Yxb/jfLHLP5vzB+z+G+cP2bx3yR/zOL/pvwxi/+b88cs/m/JH7P4vzV/zOL/tvwxi//b88cs/u/IH7P4b5o/ZvHfLH/M4r95/pjF/535Yxb/LfLHLP5b5o9Z/LfKH7P4b50/ZvF/V/6YxX+b/DGL/7vzxyz+78kfs/hvmz9m8d8uf8ziv33+mMV/h/wxi/9788cs/u/LH7P475g/ZvF/f/6YxX+n/DGL/wfyxyz+H8wfs/h/KH/M4r9z/pjFf5f8MYv/rvljFv8P549Z/D+SP2bx/2j+mMV/t/wxi//H8scs/rvnj1n898gfs/jvmT9m8f94/pjF/xP5Yxb/vfLHLP6fzB+z+O+dP2bx/1T+mMX/0/ljFv998scs/vvmj1n898sfs/h/Jn/M4v/Z/DGL/+fyxyz+++ePWfwPyB+z+H8+f8zif2D+mMX/oPwxi/8X8scs/gfnj1n8D8kfs/h/MX/M4v+l/DGL/5fzxyz+X8kfs/h/NX/M4v+1/DGL/9fzxyz+38gfs/gfmj9m8T8sf8zif3j+mMX/iPwxi/+R+WMW/6Pyxyz+R+ePWfyPyR+z+B+bP2bxPy5/zOJ/fP6Yxf+b+WMW/xPyxyz+J+aPWfxPyh+z+J+cP2bxPyV/zOL/rfwxi/+388cs/qfmj1n8T8sfs/ifnj9m8T8jf8zi/538MYv/mfljFv+z8scs/mfnj1n8v5s/ZvH/Xv6Yxf+c/DGL/7n5Yxb/8/LHLP7n549Z/C/IH7P4fz9/zOL/g/wxi/8P88cs/j/KH7P4/zh/zOL/k/wxi/+F+WMW/4vyxyz+P80fs/hfnD9m8f9Z/pjF/5L8MYv/pfljFv/L8scs/pfnj1n8r8gfs/hfmT9m8b8qf8zi//P8MYv/L/LHLP6/zB+z+P8qf8zif3X+mMX/mvwxi/+v88cs/r/JH7P4X5s/ZvH/bf6Yxf+6/DGL//X5Yxb/G/LHLP6/yx+z+N+YP2bxvyl/zOJ/c/6Yxf/3+WMW/z/kj1n8/5g/ZvG/JX/M4v+n/DGL/635Yxb/2/LHLP63549Z/O/IH7P4/zl/zOJ/Z/6Yxf+u/DGL/1/yxyz+d+ePWfz/mj9m8f9b/pjF/+/5Yxb/f+SPWfzvyR+z+N+bP2bxvy9/zOJ/f/6Yxf+B/DGL/5T8MYv/g/ljFv+H8scs/lPzxyT+sw7yxyz+Q/ljFv9R+WMW/1nyxyz+s+aPWfxH549Z/GfLH7P4z54/ZvGfI3/M4j9n/pjFf678MYv/3PljFv958scs/vPmj1n8n5Y/ZvGfL3/M4j8mf8ziP3/+mMV/bP6YxX+B/DGL/4L5Yxb/p+ePWfyfkT9m8X9m/pjFf6H8MYv/s/LHLP4L549Z/J+dP2bxf07+mMV/kfwxi/9z88cs/s/LH7P4j8sfs/g/P3/M4v+C/DGL/wvzxyz+i+aPWfwXyx+z+L8of8ziv3j+mMV/ifwxi/+L88cs/i/JH7P4vzR/zOL/svwxi/+S+WMW/5fnj1n8l8ofs/gvnT9m8V8mf8ziv2z+mMV/ufwxi//y+WMW/1fkj1n8V8gfs/ivmD9m8V8pf8ziv3L+mMX/lfljFv9V8scs/qvmj1n8X5U/ZvF/df6Yxf81+WMW//H5Yxb/CfljFv+J+WMW/9Xyxyz+q+ePWfzXyB+z+E/KH7P4T84fs/ivmT9m8V8rf8zi/9r8MYv/6/LHLP5r549Z/NfJH7P4r5s/ZvF/ff6YxX+9/DGL/xsGl+cPWfzX7/zHLP4b5I9Z/DfMH7P4b5Q/ZvF/Y/6YxX/j/DGL/yb5Yxb/N+WPWfzfnD9m8X9L/pjF/635Yxb/t+WPWfzfnj9m8X9H/pjFf9P8MYv/ZvljFv/N88cs/u/MH7P4b5E/ZvHfMn/M4r9V/pjFf+v8MYv/u/LHLP7b5I9Z/N+dP2bxf0/+mMV/2/wxi/92+WMW/+3zxyz+O+SPWfzfmz9m8X9f/pjFf8f8MYv/+/PHLP475Y9Z/D+QP2bx/2D+mMX/Q/ljFv+d88cs/rvkj1n8d80fs/h/OH/M4v+R/DGL/0fzxyz+u+WPWfw/lj9m8d89f8ziv0f+mMV/z/wxi//H88cs/p/IH7P475U/ZvH/ZP6YxX/v/DGL/6fyxyz+n84fs/jvkz9m8d83f8ziv1/+mMX/M/ljFv/P5o9Z/D+XP2bx3z9/zOJ/QP6Yxf/z+WMW/wPzxyz+B+WPWfy/kD9m8T84f8zif0j+mMX/i/ljFv8v5Y9Z/L+cP2bx/0r+mMX/q/ljFv+v5Y9Z/L+eP2bx/0b+mMX/0Pwxi/9h+WMW/8Pzxyz+R+SPWfyPzB+z+B+VP2bxPzp/zOJ/TP6Yxf/Y/DGL/3H5Yxb/4/PHLP7fzB+z+J+QP2bxPzF/zOJ/Uv6Yxf/k/DGL/yn5Yxb/b+WPWfy/nT9m8T81f8zif1r+mMX/9Pwxi/8Z+WMW/+/kj1n8z8wfs/iflT9m8T87f8zi/938MYv/9/LHLP7n5I9Z/M/NH7P4n5c/ZvE/P3/M4n9B/pjF//v5Yxb/H+SPWfx/mD9m8f9R/pjF/8f5Yxb/n+SPWfwvzB+z+F+UP2bx/2n+mMX/4vwxi//P8scs/pfkj1n8L80fs/hflj9m8b88f8zif0X+mMX/yvwxi/9V+WMW/5/nj1n8f5E/ZvH/Zf6Yxf9X+WMW/6vzxyz+1+SPWfx/nT9m8f9N/pjF/9r8MYv/b/PHLP7X5Y9Z/K/PH7P435A/ZvH/Xf6Yxf/G/DGL/035Yxb/m/PHLP6/zx+z+P8hf8zi/8f8MYv/LfljFv8/5Y9Z/G/NH7P435Y/ZvG/PX/M4n9H/pjF/8/5Yxb/O/PHLP535Y9Z/P+SP2bxvzt/zOL/1/wxi//f8scs/n/PH7P4/yN/zOJ/T/6Yxf/e/DGL/335Yxb/+/PHLP4P5I9Z/Kfkj1n8H8wfs/g/lD9m8Z+aPybxHz3IH7P4D+WPWfxH5Y9Z/GfJH7P4z5o/ZvEfnT9m8Z8tf8ziP3v+mMV/jvwxi/+c+WMW/7nyxyz+c+ePWfznyR+z+M+bP2bxf1r+mMV/vvwxi/+Y/DGL//z5Yxb/sfljFv8F8scs/gvmj1n8n54/ZvF/Rv6Yxf+Z+WMW/4Xyxyz+z8ofs/gvnD9m8X92/pjF/zn5Yxb/RfLHLP7PzR+z+D8vf8ziPy5/zOL//Pwxi/8L8scs/i/MH7P4L5o/ZvFfLH/M4v+i/DGL/+L5Yxb/JfLHLP4vzh+z+L8kf8zi/9L8MYv/y/LHLP5L5o9Z/F+eP2bxXyp/zOK/dP6YxX+Z/DGL/7L5Yxb/5fLHLP7L549Z/F+RP2bxXyF/zOK/Yv6YxX+l/DGL/8r5Yxb/V+aPWfxXyR+z+K+aP2bxf1X+mMX/1fljFv/X5I9Z/Mfnj1n8J+SPWfwn5o9Z/FfLH7P4r54/ZvFfI3/M4j8pf8ziPzl/zOK/Zv6YxX+t/DGL/2vzxyz+r8sfs/ivnT9m8V8nf8ziv27+mMX/9fljFv/18scs/m/IH7P4r58/ZvHfIH/M4r9h/pjFf6P8MYv/G/PHLP4b549Z/DfJH7P4vyl/zOL/5vwxi/9b8scs/m/NH7P4vy1/zOL/9vwxi/878scs/pvmj1n8N8sfs/hvnj9m8X9n/pjFf4v8MYv/lvljFv+t8scs/lvnj1n835U/ZvHfJn/M4v/u/DGL/3vyxyz+2+aPWfy3yx+z+G+fP2bx3yF/zOL/3vwxi//78scs/jvmj1n8358/ZvHfKX/M4v+B/DGL/wfzxyz+H8ofs/jvnD9m8d8lf8ziv2v+mMX/w/ljFv+P5I9Z/D+aP2bx3y1/zOL/sfwxi//u+WMW/z3yxyz+e+aPWfw/nj9m8f9E/pjFf6/8MYv/J/PHLP57549Z/D+VP2bx/3T+mMV/n/wxi/+++WMW//3yxyz+n8kfs/h/Nn/M4v+5/DGL//75Yxb/A/LHLP6fzx+z+B+YP2bxPyh/zOL/hfwxi//B+WMW/0Pyxyz+X8wfs/h/KX/M4v/l/DGL/1fyxyz+X80fs/h/LX/M4v/1/DGL/zfyxyz+h+aPWfwPyx+z+B+eP2bxPyJ/zOJ/ZP6Yxf+o/DGL/9H5Yxb/Y/LHLP7H5o9Z/I/LH7P4H58/ZvH/Zv6Yxf+E/DGL/4n5Yxb/k/LHLP4n549Z/E/JH7P4fyt/zOL/7fwxi/+p+WMW/9Pyxyz+p+ePWfzPyB+z+H8nf8zif2b+mMX/rPwxi//Z+WMW/+/mj1n8v5c/ZvE/J3/M4n9u/pjF/7z8MYv/+fljFv8L8scs/t/PH7P4/yB/zOL/w/wxi/+P8scs/j/OH7P4/yR/zOJ/Yf6Yxf+i/DGL/0/zxyz+F+ePWfx/lj9m8b8kf8zif2n+mMX/svwxi//l+WMW/yvyxyz+V+aPWfyvyh+z+P88f8zi/4v8MYv/L/PHLP6/yh+z+F+dP2bxvyZ/zOL/6/wxi/9v8scs/tfmj1n8f5s/ZvG/Ln/M4n99/pjF/4b8MYv/7/LHLP435o9Z/G/KH7P435w/ZvH/ff6Yxf8P+WMW/z/mj1n8b8kfs/j/KX/M4n9r/pjF/7b8MYv/7fljFv878scs/n/OH7P435k/ZvG/K3/M4v+X/DGL/935Yxb/v+aPWfz/lj9m8f97/pjF/x/5Yxb/e/LHLP735o9Z/O/LH7P4358/ZvF/IH/M4j8lf8zi/2D+mMX/ofwxi//U/DGJ/2yD/DGL/1D+mMV/VP6YxX+W/DGL/6z5Yxb/0fljFv/Z8scs/rPnj1n858gfs/jPmT9m8Z8rf8ziP3f+mMV/nvwxi/+8+WMW/6flj1n858sfs/iPyR+z+M+fP2bxH5s/ZvFfIH/M4r9g/pjF/+n5Yxb/Z+SPWfyfmT9m8V8of8zi/6z8MYv/wvljFv9n549Z/J+TP2bxXyR/zOL/3Pwxi//z8scs/uPyxyz+z88fs/i/IH/M4v/C/DGL/6L5Yxb/xfLHLP4vyh+z+C+eP2bxXyJ/zOL/4vwxi/9L8scs/i/NH7P4vyx/zOK/ZP6Yxf/l+WMW/6Xyxyz+S+ePWfyXyR+z+C+bP2bxXy5/zOK/fP6Yxf8V+WMW/xXyxyz+K+aPWfxXyh+z+K+cP2bxf2X+mMV/lfwxi/+q+WMW/1flj1n8X50/ZvF/Tf6YxX98/pjFf0L+mMV/Yv6YxX+1/DGL/+r5Yxb/NfLHLP6T8scs/pPzxyz+a+aPWfzXyh+z+L82f8zi/7r8MYv/2vljFv918scs/uvmj1n8X58/ZvFfL3/M4v+G/DGL//r5Yxb/DfLHLP4b5o9Z/DfKH7P4vzF/zOK/cf6YxX+T/DGL/5vyxyz+b84fs/i/JX/M4v/W/DGL/9vyxyz+b88fs/i/I3/M4r9p/pjFf7P8MYv/5vljFv935o9Z/LfIH7P4b5k/ZvHfKn/M4r91/pjF/135Yxb/bfLHLP7vzh+z+L8nf8ziv23+mMV/u/wxi//2+WMW/x3yxyz+780fs/i/L3/M4r9j/pjF//35Yxb/nfLHLP4fyB+z+H8wf8zi/6H8MYv/zvljFv9d8scs/rvmj1n8P5w/ZvH/SP6Yxf+j+WMW/93yxyz+H8sfs/jvnj9m8d8jf8ziv2f+mMX/4/ljFv9P5I9Z/PfKH7P4fzJ/zOK/d/6Yxf9T+WMW/0/nj1n898kfs/jvmz9m8d8vf8zi/5n8MYv/Z/PHLP6fyx+z+O+fP2bxPyB/zOL/+fwxi/+B+WMW/4Pyxyz+X8gfs/gfnD9m8T8kf8zi/8X8MYv/l/LHLP5fzh+z+H8lf8zi/9X8MYv/1/LHLP5fzx+z+H8jf8zif2j+mMX/sPwxi//h+WMW/yPyxyz+R+aPWfyPyh+z+B+dP2bxPyZ/zOJ/bP6Yxf+4/DGL//H5Yxb/b+aPWfxPyB+z+J+YP2bxPyl/zOJ/cv6Yxf+U/DGL/7fyxyz+384fs/ifmj9m8T8tf8zif3r+mMX/jPwxi/938scs/mfmj1n8z8ofs/ifnT9m8f9u/pjF/3v5Yxb/c/LHLP7n5o9Z/M/LH7P4n58/ZvG/IH/M4v/9/DGL/w/yxyz+P8wfs/j/KH/M4v/j/DGL/0/yxyz+F+aPWfwvyh+z+P80f8zif3H+mMX/Z/ljFv9L8scs/pfmj1n8L8sfs/hfnj9m8b8if8zif2X+mMX/qvwxi//P88cs/r/IH7P4/zJ/zOL/q/wxi//V+WMW/2vyxyz+v84fs/j/Jn/M4n9t/pjF/7f5Yxb/6/LHLP7X549Z/G/IH7P4/y5/zOJ/Y/6Yxf+m/DGL/835Yxb/3+ePWfz/kD9m8f9j/pjF/5b8MYv/n/LHLP635o9Z/G/LH7P4354/ZvG/I3/M4v/n/DGL/535Yxb/u/LHLP5/yR+z+N+dP2bx/2v+mMX/b/ljFv+/549Z/P+RP2bxvyd/zOJ/b/6Yxf++/DGL//35Yxb/B/LHLP5T8scs/g/mj1n8H8ofs/hPzR+T+M8+yB+z+A/lj1n8R+WPWfxnyR+z+M+aP2bxH50/ZvGfLX/M4j97/pjFf478MYv/nPljFv+58scs/nPnj1n858kfs/jPmz9m8X9a/pjFf778MYv/mPwxi//8+WMW/7H5Yxb/BfLHLP4L5o9Z/J+eP2bxf0b+mMX/mfljFv+F8scs/s/KH7P4L5w/ZvF/dv6Yxf85+WMW/0Xyxyz+z80fs/g/L3/M4j8uf8zi//z8MYv/C/LHLP4vzB+z+C+aP2bxXyx/zOL/ovwxi//i+WMW/yXyxyz+L84fs/i/JH/M4v/S/DGL/8vyxyz+S+aPWfxfnj9m8V8qf8ziv3T+mMV/mfwxi/+y+WMW/+Xyxyz+y+ePWfxfkT9m8V8hf8ziv2L+mMV/pfwxi//K+WMW/1fmj1n8V8kfs/ivmj9m8X9V/pjF/9X5Yxb/1+SPWfzH549Z/Cfkj1n8J+aPWfxXyx+z+K+eP2bxXyN/zOI/KX/M4j85f8ziv2b+mMV/rfwxi/9r88cs/q/LH7P4r50/ZvFfJ3/M4r9u/pjF//X5Yxb/9fLHLP5vyB+z+K+fP2bx3yB/zOK/Yf6YxX+j/DGL/xvzxyz+G+ePWfw3yR+z+L8pf8zi/+b8MYv/W/LHLP5vzR+z+L8tf8zi//b8MYv/O/LHLP6b5o9Z/DfLH7P4b54/ZvF/Z/6YxX+L/DGL/5b5Yxb/rfLHLP5b549Z/N+VP2bx3yZ/zOL/7vwxi/978scs/tvmj1n8t8sfs/hvnz9m8d8hf8zi/978MYv/+/LHLP475o9Z/N+fP2bx3yl/zOL/gfwxi/8H88cs/h/KH7P475w/ZvHfJX/M4r9r/pjF/8P5Yxb/j+SPWfw/mj9m8d8tf8zi/7H8MYv/7vljFv898scs/nvmj1n8P54/ZvH/RP6YxX+v/DGL/yfzxyz+e+ePWfw/lT9m8f90/pjFf5/8MYv/vvljFv/98scs/p/JH7P4fzZ/zOL/ufwxi//++WMW/wPyxyz+n88fs/gfmD9m8T8of8zi/4X8MYv/wfljFv9D8scs/l/MH7P4fyl/zOL/5fwxi/9X8scs/l/NH7P4fy1/zOL/9fwxi/838scs/ofmj1n8D8sfs/gfnj9m8T8if8zif2T+mMX/qPwxi//R+WMW/2Pyxyz+x+aPWfyPyx+z+B+fP2bx/2b+mMX/hPwxi/+J+WMW/5Pyxyz+J+ePWfxPyR+z+H8rf8zi/+38MYv/qfljFv/T8scs/qfnj1n8z8gfs/h/J3/M4n9m/pjF/6z8MYv/2fljFv/v5o9Z/L+XP2bxPyd/zOJ/bv6Yxf+8/DGL//n5Yxb/C/LHLP7fzx+z+P8gf8zi/8P8MYv/j/LHLP4/zh+z+P8kf8zif2H+mMX/ovwxi/9P88cs/hfnj1n8f5Y/ZvG/JH/M4n9p/pjF/7L8MYv/5fljFv8r8scs/lfmj1n8r8ofs/j/PH/M4v+L/DGL/y/zxyz+v8ofs/hfnT9m8b8mf8zi/+v8MYv/b/LHLP7X5o9Z/H+bP2bxvy5/zOJ/ff6Yxf+G/DGL/+/yxyz+N+aPWfxvyh+z+N+cP2bx/33+mMX/D/ljFv8/5o9Z/G/JH7P4/yl/zOJ/a/6Yxf+2/DGL/+35Yxb/O/LHLP5/zh+z+N+ZP2bxvyt/zOL/l/wxi//d+WMW/7/mj1n8/5Y/ZvH/e/6Yxf8f+WMW/3vyxyz+9+aPWfzvyx+z+N+fP2bxfyB/zOI/JX/M4v9g/pjF/6H8MYv/1Pwxif8cg/wxi/9Q/pjFf1T+mMV/lvwxi/+s+WMW/9H5Yxb/2fLHLP6z549Z/OfIH7P4z5k/ZvGfK3/M4j93/pjFf578MYv/vPljFv+n5Y9Z/OfLH7P4j8kfs/jPnz9m8R+bP2bxXyB/zOK/YP6Yxf/p+WMW/2fkj1n8n5k/ZvFfKH/M4v+s/DGL/8L5Yxb/Z+ePWfyfkz9m8V8kf8zi/9z8MYv/8/LHLP7j8scs/s/PH7P4vyB/zOL/wvwxi/+i+WMW/8Xyxyz+L8ofs/gvnj9m8V8if8zi/+L8MYv/S/LHLP4vzR+z+L8sf8ziv2T+mMX/5fljFv+l8scs/kvnj1n8l8kfs/gvmz9m8V8uf8ziv3z+mMX/FfljFv8V8scs/ivmj1n8V8ofs/ivnD9m8X9l/pjFf5X8MYv/qvljFv9X5Y9Z/F+dP2bxf03+mMV/fP6YxX9C/pjFf2L+mMV/tfwxi//q+WMW/zXyxyz+k/LHLP6T88cs/mvmj1n818ofs/i/Nn/M4v+6/DGL/9r5Yxb/dfLHLP7r5o9Z/F+fP2bxXy9/zOL/hvwxi//6+WMW/w3yxyz+G+aPWfw3yh+z+L8xf8ziv3H+mMV/k/wxi/+b8scs/m/OH7P4vyV/zOL/1vwxi//b8scs/m/PH7P4vyN/zOK/af6YxX+z/DGL/+b5Yxb/d+aPWfy3yB+z+G+ZP2bx3yp/zOK/df6Yxf9d+WMW/23yxyz+784fs/i/J3/M4r9t/pjFf7v8MYv/9vljFv8d8scs/u/NH7P4vy9/zOK/Y/6Yxf/9+WMW/53yxyz+H8gfs/h/MH/M4v+h/DGL/875Yxb/XfLHLP675o9Z/D+cP2bx/0j+mMX/o/ljFv/d8scs/h/LH7P4754/ZvHfI3/M4r9n/pjF/+P5Yxb/T+SPWfz3yh+z+H8yf8ziv3f+mMX/U/ljFv9P549Z/PfJH7P475s/ZvHfL3/M4v+Z/DGL/2fzxyz+n8sfs/jvnz9m8T8gf8zi//n8MYv/gfljFv+D8scs/l/IH7P4H5w/ZvE/JH/M4v/F/DGL/5fyxyz+X84fs/h/JX/M4v/V/DGL/9fyxyz+X88fs/h/I3/M4n9o/pjF/7D8MYv/4fljFv8j8scs/kfmj1n8j8ofs/gfnT9m8T8mf8zif2z+mMX/uPwxi//x+WMW/2/mj1n8T8gfs/ifmD9m8T8pf8zif3L+mMX/lPwxi/+38scs/t/OH7P4n5o/ZvE/LX/M4n96/pjF/4z8MYv/d/LHLP5n5o9Z/M/KH7P4n50/ZvH/bv6Yxf97+WMW/3Pyxyz+5+aPWfzPyx+z+J+fP2bxvyB/zOL//fwxi/8P8scs/j/MH7P4/yh/zOL/4/wxi/9P8scs/hfmj1n8L8ofs/j/NH/M4n9x/pjF/2f5Yxb/S/LHLP6X5o9Z/C/LH7P4X54/ZvG/In/M4n9l/pjF/6r8MYv/z/PHLP6/yB+z+P8yf8zi/6v8MYv/1fljFv9r8scs/r/OH7P4/yZ/zOJ/bf6Yxf+3+WMW/+vyxyz+1+ePWfxvyB+z+P8uf8zif2P+mMX/pvwxi//N+WMW/9/nj1n8/5A/ZvH/Y/6Yxf+W/DGL/5/yxyz+t+aPWfxvyx+z+N+eP2bxvyN/zOL/5/wxi/+d+WMW/7vyxyz+f8kfs/jfnT9m8f9r/pjF/2/5Yxb/v+ePWfz/kT9m8b8nf8zif2/+mMX/vvwxi//9+WMW/wfyxyz+U/LHLP4P5o9Z/B/KH7P4T80fk/jPOcgfs/gP5Y9Z/Eflj1n8Z8kfs/jPmj9m8R+dP2bxny1/zOI/e/6YxX+O/DGL/5z5Yxb/ufLHLP5z549Z/OfJH7P4z5s/ZvF/Wv6YxX++/DGL/5j8MYv//PljFv+x+WMW/wXyxyz+C+aPWfyfnj9m8X9G/pjF/5n5Yxb/hfLHLP7Pyh+z+C+cP2bxf3b+mMX/OfljFv9F8scs/s/NH7P4Py9/zOI/Ln/M4v/8/DGL/wvyxyz+L8wfs/gvmj9m8V8sf8zi/6L8MYv/4vljFv8l8scs/i/OH7P4vyR/zOL/0vwxi//L8scs/kvmj1n8X54/ZvFfKn/M4r90/pjFf5n8MYv/svljFv/l8scs/svnj1n8X5E/ZvFfIX/M4r9i/pjFf6X8MYv/yvljFv9X5o9Z/FfJH7P4r5o/ZvF/Vf6Yxf/V+WMW/9fkj1n8x+ePWfwn5I9Z/Cfmj1n8V8sfs/ivnj9m8V8jf8ziPyl/zOI/OX/M4r9m/pjFf638MYv/a/PHLP6vyx+z+K+dP2bxXyd/zOK/bv6Yxf/1+WMW//Xyxyz+b8gfs/ivnz9m8d8gf8ziv2H+mMV/o/wxi/8b88cs/hvnj1n8N8kfs/i/KX/M4v/m/DGL/1vyxyz+b80fs/i/LX/M4v/2/DGL/zvyxyz+m+aPWfw3yx+z+G+eP2bxf2f+mMV/i/wxi/+W+WMW/63yxyz+W+ePWfzflT9m8d8mf8zi/+78MYv/e/LHLP7b5o9Z/LfLH7P4b58/ZvHfIX/M4v/e/DGL//vyxyz+O+aPWfzfnz9m8d8pf8zi/4H8MYv/B/PHLP4fyh+z+O+cP2bx3yV/zOK/a/6Yxf/D+WMW/4/kj1n8P5o/ZvHfLX/M4v+x/DGL/+75Yxb/PfLHLP575o9Z/D+eP2bx/0T+mMV/r/wxi/8n88cs/nvnj1n8P5U/ZvH/dP6YxX+f/DGL/775Yxb//fLHLP6fyR+z+H82f8zi/7n8MYv//vljFv8D8scs/p/PH7P4H5g/ZvE/KH/M4v+F/DGL/8H5Yxb/Q/LHLP5fzB+z+H8pf8zi/+X8MYv/V/LHLP5fzR+z+H8tf8zi//X8MYv/N/LHLP6H5o9Z/A/LH7P4H54/ZvE/In/M4n9k/pjF/6j8MYv/0fljFv9j8scs/sfmj1n8j8sfs/gfnz9m8f9m/pjF/4T8MYv/ifljFv+T8scs/ifnj1n8T8kfs/h/K3/M4v/t/DGL/6n5Yxb/0/LHLP6n549Z/M/IH7P4fyd/zOJ/Zv6Yxf+s/DGL/9n5Yxb/7+aPWfy/lz9m8T8nf8zif27+mMX/vPwxi//5+WMW/wvyxyz+388fs/j/IH/M4v/D/DGL/4/yxyz+P84fs/j/JH/M4n9h/pjF/6L8MYv/T/PHLP4X549Z/H+WP2bxvyR/zOJ/af6Yxf+y/DGL/+X5Yxb/K/LHLP5X5o9Z/K/KH7P4/zx/zOL/i/wxi/8v88cs/r/KH7P4X50/ZvG/Jn/M4v/r/DGL/2/yxyz+1+aPWfx/mz/2WP/RT/Vw/v2ewP+6/DHL+X99/pjF/4b8MYv/7/LHLP435o9Z/G/KH7P435w/ZvH/ff6Yxf8P+WMW/z/mj1n8b8kfs/j/KX/M4n9r/pjF/7b8MYv/7fljFv878scs/n/OH7P435k/ZvG/K3/M4v+X/DGL/935Yxb/v+aPWfz/lj9m8f97/pjF/x/5Yxb/e/LHLP735o9Z/O/LH7P4358/ZvF/IH/M4j8lf8zi/2D+mMX/ofwxi//U/DGJ/1yD/DGL/1D+mMV/VP6YxX+W/DGL/6z5Yxb/0fljFv/Z8scs/rPnj1n858gfs/jPmT9m8Z8rf+y/33+OR97K//H99/s/3Fzz5I9Z/OfNH7P4Py1/zOI/X/6YxX9M/pjFf/78MYv/2Pwxi/8C+WMW/wXzxyz+T88fs/g/I3/M4v/M/DGL/0L5Yxb/Z+WPWfwXzh+z+D87f8zi/5z8MYv/IvljFv/n5o9Z/J+XP2bxH5c/ZvF/fv6Yxf8F+WMW/xfmj1n8F80fs/gvlj9m8X9R/pjFf/H8MYv/EvljFv8X549Z/F+SP2bxf2n+mMX/ZfljFv8l88cs/i/PH7P4L5U/ZvFfOn/M4r9M/pjFf9n8MYv/cvljFv/l88cs/q/IH7P4r5A/ZvFfMX/M4r9S/pjFf+X8MYv/K/PHLP6r5I9Z/FfNH7P4vyp/zOL/6vwxi/9r8scs/uPzxyz+E/LHLP4T88cs/qvlj1n8V88fs/ivkT9m8Z+UP2bxn5w/ZvFfM3/M4r9W/pjF/7X5Yxb/1+WPWfzXzh+z+K+TP2bxXzd/zOL/+vwxi/96+WMW/zfkj1n8188fs/hvkD9m8d8wf8ziv1H+mMX/jfljFv+N88cs/pvkj1n835Q/ZvF/c/6Yxf8t+WMW/7fmj1n835Y/ZvF/e/6Yxf8d+WMW/03zxyz+m+WPWfw3zx+z+L8zf8ziv0X+mMV/y/wxi/9W+WMW/63zxyz+78ofs/hvkz9m8X93/pjF/z35Yxb/bfPHLP7b5Y9Z/LfPH7P475A/ZvF/b/6Yxf99+WMW/x3zxyz+788fs/jvlD9m8f9A/pjF/4P5Yxb/D+WPWfx3zh+z+O+SP2bx3zV/zOL/4fwxi/9H8scs/h/NH7P475Y/ZvH/WP6YxX/3/DGL/x75Yxb/PfPHLP4fzx+z+H8if8ziv1f+mMX/k/ljFv+988cs/p/KH7P4fzp/zOK/T/6YxX/f/DGL/375Yxb/z+SPWfw/mz9m8f9c/pjFf//8MYv/AfljFv/P549Z/A/MH7P4H5Q/ZvH/Qv6Yxf/g/DGL/yH5Yxb/L+aPWfy/lD9m8f9y/pjF/yv5Yxb/r+aPWfy/lj9m8f96/pjF/xv5Yxb/Q/PHLP6H5Y9Z/A/PH7P4H5E/ZvE/Mn/M4n9U/pjF/+j8MYv/MfljFv9j88cs/sflj1n8j88fs/h/M3/M4n9C/pjF/8T8MYv/SfljFv+T88cs/qfkj1n8v5U/ZvH/dv6Yxf/U/DGL/2n5Yxb/0/PHLP5n5I9Z/L+TP2bxPzN/zOJ/Vv6Yxf/s/DGL/3fzxyz+38sfs/ifkz9m8T83f8zif17+mMX//Pwxi/8F+WMW/+/nj1n8f5A/ZvH/Yf6Yxf9H+WMW/x/nj1n8f5I/ZvG/MH/M4n9R/pjF/6f5Yxb/i/PHLP4/yx+z+F+SP2bxvzR/zOJ/Wf6Yxf/y/DGL/xX5Yxb/K/PHLP5X5Y9Z/H+eP2bx/0X+mMX/l/ljFv9f5Y9Z/K/OH7P4X5M/ZvH/df6Yxf83+WMW/2vzxyz+v80fs/hflz9m8b8+f8zif0P+mMX/d/ljFv8b88cs/jflj1n8b84fs/j/Pn/M4v+H/DGL/x/zxyz+t+SPWfz/lD9m8b81f8zif1v+mMX/9vwxi/8d+WMW/z/nj1n878wfs/jflT9m8f9L/pjF/+78MYv/X/PHLP5/yx+z+P89f8zi/4/8MYv/PfljFv9788cs/vflj1n8788fs/g/kD9m8Z+SP2bxfzB/zOL/UP6YxX9q/pjEf+5B/pjFfyh/zOI/Kn/M4j9L/pjFf9b8MYv/6Pwxi/9s+WMW/9nzxyz+c+SPWfznzB+z+M+VP2bxnzt/zOI/T/6YxX/e/DGL/9Pyxyz+8+WPWfzH5I9Z/OfPH7P4j80fs/gvkD9m8V8wf8zi//T8MYv/M/LHLP7PzB+z+C+UP2bxf1b+mMV/4fwxi/+z88cs/s/JH7P4L5I/ZvF/bv6Yxf95+WMW/3H5Yxb/5+ePWfxfkD9m8X9h/pjFf9H8MYv/YvljFv8X5Y9Z/BfPH7P4L5E/ZvF/cf6Yxf8l+WMW/5fmj1n8X5Y/ZvFfMn/M4v/y/DGL/1L5Yxb/pfPHLP7L5I9Z/JfNH7P4L5c/ZvFfPn/M4v+K/DGL/wr5Yxb/FfPHLP4r5Y9Z/FfOH7P4vzJ/zOK/Sv6YxX/V/DGL/6vyxyz+r84fs/i/Jn/M4j8+f8ziPyF/zOI/MX/M4r9a/pjFf/X8MYv/GvljFv9J+WMW/8n5Yxb/NfPHLP5r5Y9Z/F+bP2bxf13+mMV/7fwxi/86+WMW/3Xzxyz+r88fs/ivlz9m8X9D/pjFf/38MYv/BvljFv8N88cs/hvlj1n835g/ZvHfOH/M4r9J/pjF/035Yxb/N+ePWfzfkj9m8X9r/pjF/235Yxb/t+ePWfzfkT9m8d80f8ziv1n+mMV/8/wxi/8788cs/lvkj1n8t8wfs/hvlT9m8d86f8zi/678MYv/NvljFv93549Z/N+TP2bx3zZ/zOK/Xf6YxX/7/DGL/w75Yxb/9+aPWfzflz9m8d8xf8zi//78MYv/TvljFv8P5I9Z/D+YP2bx/1D+mMV/5/wxi/8u+WMW/13zxyz+H84fs/h/JH/M4v/R/DGL/275Yxb/j+WPWfx3zx+z+O+RP2bx3zN/zOL/8fwxi/8n8scs/nvlj1n8P5k/ZvHfO3/M4v+p/DGL/6fzxyz+++SPWfz3zR+z+O+XP2bx/0z+mMX/s/ljFv/P5Y9Z/PfPH7P4H5A/ZvH/fP6Yxf/A/DGL/0H5Yxb/L+SPWfwPzh+z+B+SP2bx/2L+mMX/S/ljFv8v549Z/L+SP2bx/2r+mMX/a/ljFv+v549Z/L+RP2bxPzR/zOJ/WP6Yxf/w/DGL/xH5Yxb/I/PHLP5H5Y9Z/I/OH7P4H5M/ZvE/Nn/M4n9c/pjF//j8MYv/N/PHLP4n5I9Z/E/MH7P4n5Q/ZvE/OX/M4n9K/pjF/1v5Yxb/b+ePWfxPzR+z+J+WP2bxPz1/zOJ/Rv6Yxf87+WMW/zPzxyz+Z+WPWfzPzh+z+H83f8zi/738MYv/OfljFv9z88cs/uflj1n8z88fs/hfkD9m8f9+/pjF/wf5Yxb/H+aPWfx/lD9m8f9x/pjF/yf5Yxb/C/PHLP4X5Y9Z/H+aP2bxvzh/zOL/s/wxi/8l+WMW/0vzxyz+l+WPWfwvzx+z+F+RP2bxvzJ/zOJ/Vf6Yxf/n+WMW/1/kj1n8f5k/ZvH/Vf6Yxf/q/DGL/zX5Yxb/X+ePWfx/kz9m8b82f8zi/9v8MYv/dfljFv/r88cs/jfkj1n8f5c/ZvG/MX/M4n9T/pjF/+b8MYv/7/PHLP5/yB+z+P8xf8zif0v+mMX/T/ljFv9b88cs/rflj1n8b88fs/jfkT9m8f9z/pjF/878MYv/XfljFv+/5I9Z/O/OH7P4/zV/zOL/t/wxi//f88cs/v/IH7P435M/ZvG/N3/M4n9f/pjF//78MYv/A/ljFv8p+WMW/wfzxyz+D+WPWfyn5o9J/OcZ5I9Z/Ifyxyz+o/LHLP6z5I9Z/GfNH7P4j84fs/jPlj9m8Z89f8ziP0f+mMV/zvwxi/9c+WMW/7nzxyz+8+SPWfznzR+z+D8tf8ziP1/+mMV/TP6YxX/+/DGL/9j8MYv/AvljFv8F88cs/k/PH7P4PyN/zOL/zPwxi/9C+WMW/2flj1n8F84fs/g/O3/M4v+c/DGL/yL5Yxb/5+aPWfyflz9m8R+XP2bxf37+mMX/BfljFv8X5o9Z/BfNH7P4L5Y/ZvF/Uf6YxX/x/DGL/xL5Yxb/F+ePWfxfkj9m8X9p/pjF/2X5Yxb/JfPHLP4vzx+z+C+VP2bxXzp/zOK/TP6YxX/Z/DGL/3L5Yxb/5fPHLP6vyB+z+K+QP2bxXzF/zOK/Uv6YxX/l/DGL/yvzxyz+q+SPWfxXzR+z+L8qf8zi/+r8MYv/a/LHLP7j88cs/hPyxyz+E/PHLP6r5Y9Z/FfPH7P4r5E/ZvGflD9m8Z+cP2bxXzN/zOK/Vv6Yxf+1+WMW/9flj1n8184fs/ivkz9m8V83f8zi//r8MYv/evljFv835I9Z/NfPH7P4b5A/ZvHfMH/M4r9R/pjF/435Yxb/jfPHLP6b5I9Z/N+UP2bxf3P+mMX/LfljFv+35o9Z/N+WP2bxf3v+mMX/HfljFv9N88cs/pvlj1n8N88fs/i/M3/M4r9F/pjFf8v8MYv/VvljFv+t88cs/u/KH7P4b5M/ZvF/d/6Yxf89+WMW/23zxyz+2+WPWfy3zx+z+O+QP/aI/1Yn/1f7vzd/zHL+vy9/zOK/Y/6Yxf/9+WMW/53yxyz+H8gfs/h/MH/M4v+h/DGL/875Yxb/XfLHLP675o9Z/D+cP2bx/0j+mMX/o/ljFv/d8scs/h/LH7P4754/ZvHfI3/M4r9n/pjF/+P5Yxb/T+SPWfz3yh+z+H8yf8ziv3f+mMX/U/ljFv9P549Z/PfJH7P475s/ZvHfL3/M4v+Z/DGL/2fzxyz+n8sfs/jvnz9m8T8gf8zi//n8MYv/gfljFv+D8scs/l/IH7P4H5w/ZvE/JH/M4v/F/DGL/5fyxyz+X84fs/h/JX/M4v/V/DGL/9fyxyz+X88fs/h/I3/M4n9o/pjF/7D8MYv/4fljFv8j8scs/kfmj1n8j8ofs/gfnT9m8T8mf8zif2z+mMX/uPwxi//x+WMW/2/mj1n8T8gfs/ifmD9m8T8pf8zif3L+mMX/lPwxi/+38scs/t/OH7P4n5o/ZvE/LX/M4n96/pjF/4z8MYv/d/LHLP5n5o9Z/M/KH7P4n50/ZvH/bv6Yxf97+WMW/3Pyxyz+5+aPWfzPyx+z+J+fP2bxvyB/zOL//fwxi/8P8scs/j/MH7P4/yh/zOL/4/wxi/9P8scs/hfmj1n8L8ofs/j/NH/M4n9x/pjF/2f5Yxb/S/LHLP6X5o9Z/C/LH7P4X54/ZvG/In/M4n9l/pjF/6r8MYv/z/PHLP6/yB+z+P8yf8zi/6v8MYv/1fljFv9r8scs/r/OH7P4/yZ/zOJ/bf6Yxf+3+WMW/+vyxyz+1+ePWfxvyB+z+P8uf8zif2P+mMX/pvwxi//N+WMW/9/nj1n8/5A/ZvH/Y/6Yxf+W/DGL/5/yxyz+t+aPWfxvyx+z+N+eP2bxvyN/zOL/5/wxi/+d+WMW/7vyxyz+f8kfs/jfnT9m8f9r/pjF/2/5Yxb/v+ePWfz/kT9m8b8nf8zif2/+mMX/vvwxi//9+WMW/wfyxyz+U/LHLP4P5o9Z/B/KH7P4T80fk/jPO8gfs/gP5Y9Z/Eflj1n8Z8kfs/jPmj9m8R+dP2bxny1/zOI/e/6YxX+O/DGL/5z5Yxb/ufLHLP5z549Z/OfJH7P4z5s/ZvF/Wv6YxX++/DGL/5j8MYv//PljFv+x+WMW/wXyxyz+C+aPWfyfnj9m8X9G/pjF/5n5Yxb/hfLHLP7Pyh+z+C+cP2bxf3b+mMX/OfljFv9F8scs/s/NH7P4Py9/zOI/Ln/M4v/8/DGL/wvyxyz+L8wfs/gvmj9m8V8sf8zi/6L8MYv/4vljFv8l8scs/i/OH7P4vyR/zOL/0vwxi//L8scs/kvmj1n8X54/ZvFfKn/M4r90/pjFf5n8MYv/svljFv/l8scs/svnj1n8X5E/ZvFfIX/M4r9i/pjFf6X8MYv/yvljFv9X5o9Z/FfJH7P4r5o/ZvF/Vf6Yxf/V+WMW/9fkj1n8x+ePWfwn5I9Z/Cfmj1n8V8sfs/ivnj9m8V8jf8ziPyl/zOI/OX/M4r9m/pjFf638MYv/a/PHLP6vyx+z+K+dP2bxXyd/zOK/bv6Yxf/1+WMW//Xyxyz+b8gfs/ivnz9m8d8gf8ziv2H+mMV/o/wxi/8b88cs/hvnj1n8N8kfs/i/KX/M4v/m/DGL/1vyxyz+b80fs/i/LX/M4v/2/DGL/zvyxyz+m+aPWfw3yx+z+G+eP2bxf2f+mMV/i/wxi/+W+WMW/63yxyz+W+ePWfzflT9m8d8mf8zi/+78MYv/e/LHLP7b5o9Z/LfLH7P4b58/ZvHfIX/M4v/e/DGL//vyxyz+O+aPWfzfnz9m8d8pf8zi/4H8MYv/B/PHLP4fyh+z+O+cP2bx3yV/zOK/a/6Yxf/D+WMW/4/kj1n8P5o/ZvHfLX/M4v+x/DGL/+75Yxb/PfLHLP575o9Z/D+eP2bx/0T+mMV/r/wxi/8n88cs/nvnj1n8P5U/ZvH/dP6YxX+f/DGL/775Yxb//fLHLP6fyR+z+H82f8zi/7n8MYv//vljFv8D8scs/p/PH7P4H5g/ZvE/KH/M4v+F/DGL/8H5Yxb/Q/LHLP5fzB+z+H8pf8zi/+X8MYv/V/LHLP5fzR+z+H8tf8zi//X8MYv/N/LHLP6H5o9Z/A/LH7P4H54/ZvE/In/M4n9k/pjF/6j8MYv/0fljFv9j8scs/sfmj1n8j8sfs/gfnz9m8f9m/pjF/4T8MYv/ifljFv+T8scs/ifnj1n8T8kfs/h/K3/M4v/t/DGL/6n5Yxb/0/LHLP6n549Z/M/IH7P4fyd/zOJ/Zv6Yxf+s/DGL/9n5Yxb/7+aPWfy/lz9m8T8nf8zif27+mMX/vPwxi//5+WMW/wvyxyz+388fs/j/IH/M4v/D/DGL/4/yxyz+P84fs/j/JH/M4n9h/pjF/6L8MYv/T/PHLP4X549Z/H+WP2bxvyR/zOJ/af6Yxf+y/DGL/+X5Yxb/K/LHLP5X5o9Z/K/KH7P4/zx/zOL/i/wxi/8v88cs/r/KH7P4X50/ZvG/Jn/M4v/r/DGL/2/yxyz+1+aPWfx/mz9m8b8uf8zif33+mMX/hvwxi//v8scs/jfmj1n8b8ofs/jfnD9m8f99/pjF/w/5Yxb/P+aPWfxvyR+z+P8pf8zif2v+mMX/tvwxi//t+WMW/zvyxyz+f84fs/jfmT9m8b8rf8zi/5f8MYv/3fljFv+/5o9Z/P+WP2bx/3v+mMX/H/ljFv978scs/vfmj1n878sfs/jfnz9m8X8gf8ziPyV/zOL/YP6Yxf+h/DGL/9T8MYn/0wb5Yxb/ofwxi/+o/DGL/yz5Yxb/WfPHLP6j88cs/rPlj1n8Z88fs/jPkT9m8Z8zf8ziP1f+mMV/7vwxi/88+WMW/3nzxyz+T8sfs/jPlz9m8R+TP2bxnz9/zOI/Nn/M4r9A/pjFf8H8MYv/0/PHLP7PyB+z+D8zf8ziv1D+mMX/WfljFv+F88cs/s/OH7P4Pyd/zOK/SP6Yxf+5+WMW/+flj1n8x+WPWfyfnz9m8X9B/pjF/4X5Yxb/RfPHLP6L5Y9Z/F+UP2bxXzx/zOK/RP6Yxf/F+WMW/5fkj1n8X5o/ZvF/Wf6YxX/J/DGL/8vzxyz+S+WPWfyXzh+z+C+TP2bxXzZ/zOK/XP6YxX/5/DGL/yvyxyz+K+SPWfxXzB+z+K+UP2bxXzl/zOL/yvwxi/8q+WMW/1Xzxyz+r8ofs/i/On/M4v+a/DGL//j8MYv/hPwxi//E/DGL/2r5Yxb/1UX+c/wL61r81xD5/ytZ/Cflj1n8J+ePWfzXzB+z+K+VP2bxf23+mMX/dfljFv+188cs/uvkj1n8180fs/i/Pn/M4r9e/pjF/w35Yxb/9fPHLP4b5I9Z/DfMH7P4b5Q/ZvF/Y/6YxX/j/DGL/yb5Yxb/N+WPWfzfnD9m8X9L/pjF/635Yxb/t+WPWfzfnj9m8X9H/pjFf9P8MYv/ZvljFv/N88cs/u/MH7P4b5E/ZvHfMn/M4r9V/pjFf+v8MYv/u/LHLP7b5I9Z/N+dP2bxf0/+mMV/2/wxi/92+WMW/+3zxyz+O+SPWfzfmz9m8X9f/pjFf8f8MYv/+/PHLP475Y9Z/D+QP2bx/2D+mMX/Q/ljFv+d88cs/rvkj1n8d80fs/h/OH/M4v+R/DGL/0fzxyz+u+WPWfw/lj9m8d89f8ziv0f+mMV/z/wxi//H88cs/p/IH7P475U/ZvH/ZP6YxX/v/DGL/6fyxyz+n84fs/jvkz9m8d83f8ziv1/+mMX/M/ljFv/P5o9Z/D+XP2bx3z9/zOJ/QP6Yxf/z+WMW/wPzxyz+B+WPWfy/kD9m8T84f8zif0j+mMX/i/ljFv8v5Y9Z/L+cP2bx/0r+mMX/q/ljFv+v5Y9Z/L+eP2bx/0b+mMX/0Pwxi/9h+WMW/8Pzxyz+R+SPWfyPzB+z+B+VP2bxPzp/zOJ/TP6Yxf/Y/DGL/3H5Yxb/4/PHLP7fzB+z+J+QP2bxPzF/zOJ/Uv6Yxf/k/DGL/yn5Yxb/b+WPWfy/nT9m8T81f8zif1r+mMX/9Pwxi/8Z+WMW/+/kj1n8z8wfs/iflT9m8T87f8zi/938MYv/9/LHLP7n5I9Z/M/NH7P4n5c/ZvE/P3/M4n9B/pjF//v5Yxb/H+SPWfx/mD9m8f9R/pjF/8f5Yxb/n+SPWfwvzB+z+F+UP2bx/2n+mMX/4vwxi//P8scs/pfkj1n8L80fs/hflj9m8b88f8zif0X+mMX/yvwxi/9V+WMW/5/nj1n8f5E/ZvH/Zf6Yxf9X+WMW/6vzxyz+1+SPWfx/nT9m8f9N/pjF/9r8MYv/b/PHLP7X5Y9Z/K/PH7P435A/ZvH/Xf6Yxf/G/DGL/035Yxb/m/PHLP6/zx+z+P8hf8zi/8f8MYv/LfljFv8/5Y9Z/G/NH7P435Y/ZvG/PX/M4n9H/pjF/8/5Yxb/O/PHLP535Y9Z/P+SP2bxvzt/zOL/1/wxi//f8scs/n/PH7P4/yN/zOJ/T/6Yxf/e/DGL/335Yxb/+/PHLP4P5I9Z/Kfkj1n8H8wfs/g/lD9m8Z+aPybxn2+QP2bxH8ofs/iPyh+z+M+SP2bxnzX/xzTLyKPFf3T+mMV/tvwxi//s+WMW/znyxyz+c+aPWfznyh+z+M+dP2bxnyd/zOI/b/6Yxf9p+WMW//nyxyz+Y/LHLP7z549Z/Mfmj1n8F8gfs/gvmD9m8X96/pjF/xn5Yxb/Z+aPWfwXyh+z+D8rf8ziv3D+mMX/2fljFv/n5I9Z/BfJH7P4Pzd/zOL/vPwxi/+4/DGL//Pzxyz+L8gfs/i/MH/M4r9o/pjFf7H8MYv/i/LHLP6L549Z/JfIH7P4vzh/zOL/kvwxi/9L88cs/i/LH7P4L5k/ZvF/ef6YxX+p/DGL/9L5Yxb/ZfLHLP7L5o9Z/JfLH7P4L58/ZvF/Rf6YxX+F/DGL/4r5Yxb/lfLHLP4r549Z/F+ZP2bxXyV/zOK/av6Yxf9V+WMW/1fnj1n8X5M/ZvEfnz9m8Z+QP2bxn5g/ZvFfLX/M4r96/pjFf438MYv/pPwxi//k/DGL/5r5Yxb/tfLHLP6vzR+z+L8uf8ziv3b+mMV/nfwxi/+6+WMW/9fnj1n818sfs/i/IX/M4r9+/pjFf4P8MYv/hvljFv+N8scs/m/MH7P4b5w/ZvHfJH/M4v+m/DGL/5vzxyz+b8kfs/i/NX/M4v+2/DGL/9vzxyz+78gfs/hvmj9m8d8sf8ziv3n+mMX/nfljFv8t8scs/lvmj1n8t8ofs/hvnT9m8X9X/pjFf5v8MYv/u/PHLP7vyR+z+G+bP2bx3y5/zOK/ff6YxX+H/DGL/3vzxyz+78sfs/jvmD9m8X9//pjFf6f8MYv/B/LHLP4fzB+z+H8of8ziv3P+mMV/l/wxi/+u+WMW/w/nj1n8P5I/ZvH/aP6YxX+3/DGL/8fyxyz+u+ePWfz3yB+z+O+ZP2bx///Yo6cEUAgACIDZeNm2bdu2bdv1kW3btm3btm3zAnuCduYKc6D/qOX/IP9Ry//B/qOW/0P8Ry3/h/qPWv4P8x+1/B/uP2r5P8J/1PJ/pP+o5f8o/1HL/9H+o5b/Y/xHLf/H+o9a/o/zH7X8H+8/avk/wX/U8n+i/6jl/yT/Ucv/yf6jlv9T/Ect/6f6j1r+T/Mftfyf7j9q+T/Df9Tyf6b/qOX/LP9Ry//Z/qOW/3P8Ry3/5/qPWv7P8x+1/J/vP2r5v8B/1PJ/of+o5f8i/1HL/8X+o5b/S/xHLf+X+o9a/i/zH7X8X+4/avm/wn/U8n+l/6jl/yr/Ucv/1f6jlv9r/Ect/9f6j1r+r/Mftfxf7z9q+b/Bf9Tyf6P/qOX/Jv9Ry//N/qOW/1v8Ry3/t/qPWv5v8x+1/N/uP2r5v8N/1PJ/p/+o5f8u/1HL/93+o5b/e/xHLf/3+o9a/u/zH7X83+8/avl/wH/U8v+g/6jl/yH/Ucv/w/6jlv9H/Ect/4/6j1r+H/Mftfw/7j9q+X/Cf9Ty/6T/qOX/Kf9Ry//T/qOW/2f8Ry3/z/qPWv6f8x+1/D/vP2r5f8F/1PL/ov+o5f8l/1HL/8v+o5b/V/xHLf+v+o9a/l/zH7X8v+4/avl/w3/U8v+m/6jl/y3/Ucv/2/6jlv93/Ect/+/6j1r+3/Mftfy/7z9q+f/Af9Ty/6H/qOX/I/9Ry//H/qOW/0/8Ry3/n/qPWv4/8x+1/H/uP2r5/8J/1PL/pf+o5f8r/1HL/9f+o5b/b/xHLf/f+o9a/r/zH7X8f+8/avn/wX/U8v+j/6jl/yf/Ucv/z/6jlv9f/Ect/7/6j1r+f/Mftfz/7j9q+f/Df9Ty/6f/qOX/L/9Ry//f/qOW/3/8Ry3///qPSv4HDOQ/avkf2H/U8j+I/6jlf1D/Ucv/YP6jlv/B/Uct/0P4j1r+h/QftfwP5T9q+R/af9TyP4z/qOV/WP9Ry/9w/qOW/+H9Ry3/I/iPWv5H9B+1/A/wH7X8j+Q/avkf2X/U8j+K/6jlf1T/Ucv/aP6jlv/R/Uct/2P4j1r+x/QftfyP5T9q+R/bf9TyP47/qOV/XP9Ry/94/qOW//H9Ry3/E/iPWv4n9B+1/E/kP2r5n9h/1PI/if+o5X9S/1HL/2T+o5b/yf1HLf9T+I9a/qf0H7X8T+U/avmf2n/U8j+N/6jlf1r/Ucv/dP6jlv/p/Uct/zP4j1r+Z/QftfzP5D9q+Z/Zf9TyP4v/qOV/Vv9Ry/9s/qOW/9n9Ry3/c/iPWv7n9B+1/M/lP2r5n9t/1PI/j/+o5X9e/1HL/3z+o5b/+f1HLf8L+I9a/hf0H7X8L+Q/avlf2H/U8r+I/6jlf1H/Ucv/Yv6jlv/F/Uct/0v4j1r+l/Qftfwv5T9q+V/af9Tyv4z/qOV/Wf9Ry/9y/qOW/+X9Ry3/K/iPWv5X9B+1/K/kP2r5X9l/1PK/iv+o5X9V/1HL/2r+o5b/1f1HLf9r+I9a/tf0H7X8r+U/avlf23/U8r+O/6jlf13/Ucv/ev6jlv/1/Uct/xv4j1r+N/Qftfxv5D9q+d/Yf9Tyv4n/qOV/U/9Ry/9m/qOW/839Ry3/W/iPWv639B+1/G/lP2r539p/1PK/jf+o5X9b/1HL/3b+o5b/7f1HLf87+I9a/nf0H7X87+Q/avnf2X/U8r+L/6jlf1f/Ucv/bv6jlv/d/Uct/3v4j1r+9/Qftfzv5T9q+d/bf9Tyv4//qOV/X/9Ry/9+/qOW//39Ry3/B/iP/nf/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAf+zbbWydZeHH8bvbOsb+/JMRF1yGJptcKCTCbPeQ8YKwydhWB914HgMc3dqNjXabXYddAffwYhIhPEgyyRIlypahhJnQSAwEK4ho0EVNNPgAiEIUjRMh6Ja4WHPa09Ieu8Zz1etalM/nRc+577Pfva3Jd/e9wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/ns1NC48Mr5m2KnxQw8+eLil73XO0ZU3H/htz4UDr+WPl41wyXFDD3p7e3vnPDd7R/nwlKIoSj/bzvLxpMpx6fo767/Q2X8UFvS8tOT4lJ83Hjmw5vRH6rqP3l/bd7a2uGndhtaWj40rinBxbdFZOqirKYqwuLa4r3RQXzpYUls8UjqY3XdwavHt0sH5aze3NpdOLI3+nsH/iobGncX4YcUWw/40GNr/zvpv3TnwOsolB642oSj3f0XX99+q+GzACfofuH5YWNl/1b9B4ISq6/+FBQOvo1zyX+7/k59a9cpIn524/4Hrh4/rH9IZ4fl/WKOVz/0Vz/8zRrjk4P6qmq7jpf4vve3ZmeVTE/6d5/93rx8urux/3LDn/9Jz/KKB5/9TiiJcMsZvB7ynNDTuOjLa/X/0/idMr9jUDO3/jPbN+0v9P77ke0+UT9VW2f+iUe7/45ZW/FqB6jQ0frm34v5fRf/FR0a45GD/bz/x64dL/T/2+wfOHPJZNf1fUtn/rI62LbO2bu86b0Nb0/qW9S2b6mbPnzOvvm7eBXNn9T0S9H8d43cF3hvGdv8vJldsaoqiZXB/TfeBp0v9z33wwTnlU5Oq7H/xqPf/Ge7/MKIPjSsmTiw6mzo62uv6vw4c1vd/7f9hI/Rfxd//zzqn/MNqy681RTFtcH/XmXevKPX/zqFnd5dPTayy/yWj9r9g8OcFIozx/t9csRnW/8FDL/U9/y+79+AZ5VPV/v1/6aj9v+r+D2PR0FjxP/z8h5X631VcFtlpaPDf/yCdHP0/9s4NPXHr8An9Qzo5+v/d546eG7cOy/QP6eTof8LGB56PW4dL9Q/p5Oh/+dT5K+LW4TL9Qzo5+l/76rl/jluHRv1DOjn6P+dLuzvj1mG5/iGdHP0/1D5nW9w6rNA/pJOj/5+e9tBrcetwuf4hnRz9Hzt2z41x63CF/iGdHP137zn7B3HrcKX+IZ0c/V++bmGIW4er9A/p5Oh/+rQ/Ph63DlfrH9LJ0f+8P/39tLh1uEb/kE6O/u/4/Ip9cetwrf4hnRz9j7/+lRfj1mGl/iGdHP0vPXvbwrh1uE7/kE6O/pt/0twbtw6r9A/p5Oh/1td/tCFuHa7XP6STo//Dyx/dE7cON+gf0snR/566YkrcOtyof0gnR/9f++7ph+LW4ZP6h3Ry9P+bp56cH7cOq/UP6eTo/7kP3P6NuHW4Sf+QTo7+713z4llx69Ckf0gnR/8P733+i3HrsEb/kE6O/t94o+3/4tZhrf4hnRz9T5506utx69Csf0gnR/8Lb/1Ke9w6tOgf0snRf9vu7h/GrcM6/UM6Ofr/8PFpq+LWYb3+IZ0c/a+cu/f9cetws/4hnRz9v2/Zhbvi1mGD/iGdHP1f1PPRi+LWYaP+IZ0c/Xc889mvxq3DLfqHdHL0v3fma4vj1qFV/5BOjv5fXr30x3Hr0KZ/SCdH/289et2muHXYpH9IJ0f/T/7s7WNx67BZ/5BOjv7//4JFf41bhy36h3Ry9L94yZtr49bhU/qHdHL0v7H7Hy/HrUO7/iGdHP3PPHz1srh12Kp/SCdH/985r25/3Dp06B/SydH/nVfuq49bh236h3Ry9L//4F13x63DrfqHdHL0/+YvZkyPW4dP6x/SydH//VMOXRu3Dp36h3Ry9P/LTbXPxK3Ddv1DOjn6/9u+qTvi1qFL/5BOjv6ffr3nD3HrcJv+IZ0c/a+e8KuJcetwu/4hnRz9T+3acl/cOtyhf0gnR//z72k6P24dPqN/SCdH/1v/8sI349Zhh/4hna3bu25pam1taffGG2+8GXxzsv9kAlJ7N/qT/SsBAAAAAAAAAAAAAABOJMc/JzrZv0cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+yQ4cCAAAAAAA+b82QlVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVRV24FgAAAAAQJi/dRC9GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBXAAAA//+O1eBI")
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000300)="c99b57381801238c09d0ff0f1d0dbd301e5a47b2f3caa73dcd2a6a370554375a", 0x20)

3m7.608332662s ago: executing program 2 (id=1321):
r0 = creat(&(0x7f00000002c0)='./file0\x00', 0x0)
r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
write$qrtrtun(r0, &(0x7f0000000340)="6a0cc193beb70a52", 0x8)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r2, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000280)='./file0\x00', &(0x7f0000000140)=[0x7], 0x0, 0x0, 0x1}}, 0x40)

3m7.445638283s ago: executing program 2 (id=1327):
syz_mount_image$nilfs2(&(0x7f0000000ec0), &(0x7f0000000f00)='./file0\x00', 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00d77fbe9e57a634f929f74bee0c10f9cecfc3ead3b77b247312d0ad8ba2e74f257f47c684e0aec5cb3009a5028bd4f70eef4b274a5c38fec4079e5f43b598a9e97e460422eae305e57ae786347345f1de885fa6957858a8b0377854b8190607303abd6aee330a8caac51797b7a15b53acc98e0d526b12f36eb277aead8d55f85523364369522d5f49efa95367a99d00d2c3049e41e7d9ffffffd7a5af9bb021ff2474356bb2c975e3e8f87f1064a983db4d47057c94053fbf53a474536fe59f83bfc1843bd6449160b0c4842dbbeef31ac9bd265bf70f693c8c0c0b783b82271433a5d3d3bcd4c7f8395e4830262a3c414bfbe76d431c2001567510239dd2f2bbc049000000000000000000000092675a0b4430360148a763030694149b66a254a61956fb1b6bcd6cfc49f4f84694e73ed9c4b4d6b46d1e077fc89f36d8e5fd41d863a5bdb87562aa6e34ebb8e16b0b210786e0ae945cf920870ccd9657e2d7639d2d2bc46706950fc40406f22ac773d5043bddfe88faba3a973a67a0a8c64c95ba285267c76a7a31636f1e09ea085c771b3aae335b25fcb6b11358349c0f04abad13df1d0a2f732b059707f13b539692bd95cfea76185a8146ff55219ed65edb3f89f2fd4112fa45eaaee3ad02b5f2ff9c85453a6af8f4a408bc729aec69f33404b61ad21da92b8c813ca3de184e899a596543ca6d9be9f93840870ccda17746cd6461ad770ab337102b891bcd84c1596a60db767d62478ccb6dc3bf80474432a6123cdaf8a02bc6ac95c722c79aae41084a61bdc51f288b3980ba19e39dc078"], 0x1, 0xf01, &(0x7f0000002d40)="$eJzs3U9oHNf9APA3q3+2pVirJL9flKSx1aSpE7eVXdmH9FQHTAshhFx6T3CsxFRJTZ0eEmIs9+RCDykhl5QeUpJbwT0UmlAooVDonxx67im0l5bigiGXGqwtkt9brZ413dVImtVqPx/46unNG833O16xnjfafRuAodVY+3r69GwRwrsfv3P221dWfr267Wh7j7m1r0XsNUMIYx39IjveZ3HD7ZtvnVttV7K2CAtrX9N4eO5G+2cnQwjLYS58Eprh6PHm59dGnl388L1Pj12++Mwru3T6AAAwVK7/aemvT/7jj1+duXX9yJkw0d6ers+bsT8Zr/tPxuv7dN3fCBv7RUd0Gs/2G4nRyPYbyfYbzfKMluQby44zVrLfeJd8Ix3bNjtPAAAAGESNOMdthqIx3zHPbYZGY37+zrx/1WfT48X8axeWFi/1sVgAAACgks+vrL3oVgghhBBiiONWq9Xqdw1CCCHE7kZrut93IAAAAIBhk9YdaK8PllvOVxbYnvbRmr3lv/F0Y/Ofhx1Q9++//IOV/4OrnnEAAKhuv15NpvNK19FpHYN8HcGR7Oe2ev3fyI4zusU6y9YVHJT1BsvqzP9d96qy+rf6OPZLWf35eph7VVn9+Tqde1VZ/RM111FVWf0Haq6jqrL6D9ZcR1Vl9R+quY6qyuqfrLmOqsrqn6q5jqrK6r+n5jqqKqv/cM11VFVW/6C8rLas/mbNdVRVVv9MzXVUVVb/vTXXUVVZ/ffVXEdVZfXfX3Md/fJIbNO/w5FsvHP+nM/pBmWOBwAAAMPuP31b/++bfV/7YNhi7W/Ce6AOIYTY9Vg1twfqEEIIsUnEFcj6XofYwbi6B2oQPcSVft58AAAAAPaE9L6A9K73VpTGR7qMj3YZH+syPt5lfKLLOAAAABDCb64tPvh2sf4+/+2uh5fWjUrrL211HaN8PcKt5t/uumfbzT8o65YBAAAwXIpvfbJy/Oz7r8/cun7kTMfsdyXOd9M6oKPx3sBHsZ9eFzCV9Ys0hz6zMU+jZL/8/sA9Zcd7fpsnCgAAAEMszd+boWjMd8y7m6HRmJ9fn4/PhrFi8cLS+ZOxnz6f5Q/TYxOr279ec90AAABA79bn+5vP/9Pn+M6G8WL+tQtLi5fu9Kfa28canfcFpte3F533BZrZ9oWS7adiP31+5yvTB9e2z5/73tJLO33yAAAAMCQuvfHmd19cWjr/fd/4xje+aX/T72cmAABgp33493f+/INTU7+98/7/9fXv0vv/52K/Gdf2+0vcIb1OIL0P4K7367+wMc902X4XN+7XzPYbiTGR1X2g4zihY73B9HMzG/oj6/s2Nx5nvCTfZJZvKsuXr1Mwmu2fzu9wtj1fnzDtN51tz9dhHM1yFFn+RwMAAACUO/H6qxdPXHrjza9dePXFl8+/fP61UycXvrHw1MLC6YUTa6/rP9H56n4AAABgEK2/6LfflQAAAAAAAAAAAAAAAAAAAMDwquPjxPp9jgAAADDs/n0lhLAshBBC1Bdrn3G6B+oQQgghxODHhOuKnqPVyj9pHgAAAGB33b751rnYXt10h+ViR/O1j9YM4UDH9pVYx+8f/9njq5G233h64/2SQztaDcOu4/f/3KY77PDvv/yDlf+Dqzubv/2c17zTpOe98ue/xsYDnKmW98s/+ecTnfkfGu0xf37+z1fLfyzLfyz0lr/1fpb/hWr5n8jyH+ox/13nf7Fa/idj/tlUz2O95t/4+E/ENp3HwR7zH8/O/6XQa/7s/Js9Jsx8JeYHgGHU6HcBuyRdJaTr6MnYT+cbLzdD/uqHrV7/N7LjjG678o3HTddBD8R+ul6ayvImW61/MjvePRXrzA3Kq0rK6t+px3G3ldU/VnMdVZXVP15zHVWV1T9Rcx1VldV/oOY6qiqrv9d5aL+V1T8o95XL6p+suY6qyuqfqrmOqsrq3+r/4/1SVv/hmuuoqqz+6ZrrqKqs/oq31WpXVv9MzXVUVVb/vTXXUVVZ/ffVXEdVZfXff/emQbkk2pKHY1s2H07zz+k4lvrNrD+xyb/lfr23AAAAAIPmX9b/E0IIIYQQQggh9n20Wv2+A0E/7e67mQHYqzz/DzeP/3Dz+A83jz//S3oNf5H1k5Eu46Ndxse6jI9n4/nv60SX8fuy47aiNH5/l/H/6zJ+uMv4A13GZ7uMP9hl/KEu4w93GQcAAGA4/H9szQ8BAABg/7r8i49+/KtjL9ycuXX9yJkwfte68ydjfyL+bf1a7Ofr3idj8W/+P4z9n8f2d7H9W7a/158AAADA7kufE+Pv/wAAALB/pc8pNf8HAACA/Wsmtub/AAAAsH/dG1vzfwAAANjHigObb45tui/waGx7XdcPANj7vhDbR2J7JLZHY/vF2KbrgMdi+6Wa6gMAds5Pv/Ojp94u1tf7P5WN347bU3uX5Tt3CorGxpX8D8b2UGwf77Ge/PMAes2fHO4xz27ln95mfgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABg/2isfT19erYI4d2P3zk7ffnsy6vbjrb3mFv7WsReM4Qw1v65NLre/2Xc8fbNt86ttiuxbcW2CAuhCEV7PDx3o51pMoSwHObCJ6EZjh5vfn5t5NnFD9/79Njli8+8sov/BAAAALDv/TcAAP//vcAp6A==")
renameat2(0xffffffffffffff9c, &(0x7f0000000580)='./file1\x00', 0xffffffffffffff9c, &(0x7f00000005c0)='./bus\x00', 0x0)

3m7.302015834s ago: executing program 2 (id=1333):
syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x22000b0, 0x0, 0x0, 0x0, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x89101a, 0x0)
r1 = open_tree(r0, &(0x7f0000000080)='./file0/file0\x00', 0x89901)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000040)='./file0/../file0\x00', 0x162)

3m7.206325308s ago: executing program 2 (id=1334):
pipe(&(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
socket$nl_xfrm(0x10, 0x3, 0x6)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000000)=ANY=[@ANYBLOB="98030000", @ANYRES16=r3, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32], 0x398}}, 0x0)
write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc)
splice(r0, 0x0, r2, 0x0, 0x4ffe6, 0x0)

3m6.520838184s ago: executing program 2 (id=1337):
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='ns\x00')
fchdir(r0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x0, 0x0)
getdents64(r1, &(0x7f00000000c0)=""/57, 0x39)
getdents64(r1, 0x0, 0x18)

3m6.084450267s ago: executing program 33 (id=1337):
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='ns\x00')
fchdir(r0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x0, 0x0)
getdents64(r1, &(0x7f00000000c0)=""/57, 0x39)
getdents64(r1, 0x0, 0x18)

1.64111179s ago: executing program 3 (id=3989):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)={0x70, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @empty}, {0x8, 0x2, @loopback}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_SEQ_ADJ_REPLY={0xc, 0x10, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8}]}]}, 0x70}}, 0x0)

1.588743653s ago: executing program 3 (id=3992):
setresgid(0xffffffffffffffff, 0xee01, 0x0)
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
fchdir(r1)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0)
syz_open_procfs$namespace(r0, &(0x7f0000000100)='ns/net\x00')

1.555399363s ago: executing program 3 (id=3993):
r0 = io_uring_setup(0x261a, &(0x7f00000003c0))
io_uring_register$IORING_REGISTER_BUFFERS2(r0, 0x11, 0xffffffffffffffff, 0x20)

1.470508672s ago: executing program 3 (id=3995):
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xd, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="b40000000000000061171c0000000000c6070000000000009500000000000000"], &(0x7f0000000080)='GPL\x00', 0x4, 0x3e0, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x76, 0x0, 0xffffffffffffffff, 0x46}, 0x48)

1.411171839s ago: executing program 3 (id=3996):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$sock_int(r0, 0x1, 0x1d, &(0x7f0000000000)=0xb6, 0x4)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
recvfrom(r0, 0x0, 0x0, 0x32, 0x0, 0x0)
syz_emit_ethernet(0x2e, &(0x7f00000003c0)={@multicast, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0xc, 0x0, @gue={{0x1, 0x0, 0x0, 0x40, 0x100, @void}}}}}}}, 0x0)

744.60821ms ago: executing program 4 (id=4017):
r0 = socket$inet(0x2, 0x1, 0x0)
setsockopt$inet_opts(r0, 0x0, 0x4, &(0x7f0000000000)="8907040400", 0x5)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000000c0)='bridge_slave_1\x00', 0x10)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x38}}, 0x10)
connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @broadcast}, 0x10)

670.81188ms ago: executing program 4 (id=4018):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
setsockopt$bt_l2cap_L2CAP_OPTIONS(r0, 0x6, 0x1, &(0x7f0000000000)={0x8, 0xc, 0xff8, 0xe, 0x4, 0x2, 0xe65b}, 0xc)

670.549523ms ago: executing program 4 (id=4019):
mkdir(&(0x7f00000002c0)='./bus\x00', 0x0)
mkdir(&(0x7f0000000200)='./bus/file0\x00', 0x0)
mkdir(&(0x7f0000000280)='./file0\x00', 0x0)
mkdir(&(0x7f0000000240)='./file0/file0\x00', 0x0)
mount(&(0x7f0000000040)=@filename='./bus/file0\x00', &(0x7f0000000100)='./file0/file0\x00', 0x0, 0x3000, 0x0)
rmdir(&(0x7f00000000c0)='./bus/file0\x00')
r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='mountinfo\x00')
read$FUSE(r0, &(0x7f0000003480)={0x2020}, 0x2020)

570.217393ms ago: executing program 4 (id=4020):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc9ffc}]})
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0xc000, 0x0)
faccessat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x2)

569.983413ms ago: executing program 3 (id=4021):
r0 = syz_open_dev$swradio(&(0x7f0000000080), 0x0, 0x2)
ioctl$VIDIOC_ENUM_FMT(r0, 0xc0585611, &(0x7f00000000c0)={0x0, 0xb, 0x0, "3e58f67896b2f2098200902177392faff604cb7ef87e7610bc39ef64257f5d33"})
poll(&(0x7f0000000000)=[{r0, 0x285}, {r0, 0x40}], 0x2, 0x10000)

557.682955ms ago: executing program 4 (id=4022):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x401, 0x0)
ioctl$IOMMU_IOAS_ALLOW_IOVAS(r0, 0x3b82, &(0x7f0000000000)={0xfffffffffffffde7, 0x0, 0x3, 0x0, &(0x7f0000000180)=[{0x2df, 0x2000000020000003}, {0x7ff, 0x1080}, {0x7, 0x4}]})

450.197452ms ago: executing program 4 (id=4023):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000140)=ANY=[@ANYBLOB="120100009e173610ef171e7206de0102030109021200010000000009040000000206"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000340)={0x1c, &(0x7f0000019100)={0x0, 0x6, 0x1, ']'}, 0x0, 0x0})

140.990041ms ago: executing program 0 (id=4033):
r0 = socket$netlink(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$team(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000240)={'team0\x00', <r2=>0x0})
sendmsg$TEAM_CMD_OPTIONS_SET(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000840)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01005ee1fadefcdbdf250100000008000100", @ANYRES32=r2], 0x58}, 0x1, 0x1000000, 0x0, 0x24004000}, 0x24040840)

80.871802ms ago: executing program 0 (id=4034):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff8000}]})
close_range(r0, 0xffffffffffffffff, 0x0)
openat$ptp0(0xffffffffffffff9c, &(0x7f0000000040), 0x121101, 0x0)
clock_settime(0xfffffffb, &(0x7f0000000140))

80.627498ms ago: executing program 0 (id=4035):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000040)={0x0, 0x3}, &(0x7f0000000140)=0x8)

80.539637ms ago: executing program 0 (id=4036):
r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$SNDCTL_SEQ_OUTOFBAND(r0, 0x40085112, &(0x7f000001c640)=@e={0xff, 0xc})

237.29µs ago: executing program 0 (id=4037):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000080850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='sys_enter\x00', r0}, 0x10)
renameat(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)

0s ago: executing program 0 (id=4038):
syz_mount_image$ext4(&(0x7f0000000440)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0xa00008, &(0x7f0000000040), 0x1, 0x7ba, &(0x7f00000007c0)="$eJzs3c9rG9kdAPDvyPKPOGnsQqFNT4ZCawiRa9dNWig0pYdSaCDQnpMIWTGpZStYcoiNIQml0EsPLT0UmkvOTZvecu2Pa3vp39BDScjuOmGz7GHxMtIolm3JcRJLyuLPB8Z+783I733nzbx51gxSAMfWVPojF3EmYjhNTmTlSWQFkY+42Nzu5dZmKV2S2N7++YdJY5sXW5ulaHtN6mSW+VpE/PPXEWdz++utrW8sFSuV8mqWn6kv35yprW+cu7FcXCwvllfOz87Pz1347oXz6dpHp48i1o//s3Hq6e9+8q2/Xvz0V1999Nt/JXExTmXr2uM4KlMxle2T4XQX7vLjo65swJJBN4C3kp6aQ82zPM7ERAwd0JM/7GvLAIBeuRMR2wDAMZO4/gPAMdN6H+DF1maptUTzfs7dgb4x0SfPfhQRY834W/c3m2vyzXt2/x1r3Acdf5E07pG0JBExeQT1T0XE/cdXHqZL9Og+JEAnd+9FxLXJqb3jfzrC7X1m4U19+xDbTO3JG/+gf/6ezn++t3/+F5HLzv+xxs+985/RDufu23j9+Z97sis7fASVtknnfz9oe7btZVv8mcmhLPelxpxvOLl+o1JOx7bTETEdw6NpfvaAOqaff/a827r2+d9Hv//ln9P60987W+Se5Ed3v2ahWC++S8ztnt2L+Hq+U/zJq/5Pusx/Lx+yjp9+/zd/6rYujT+Nt7Xsj7+3th9EfLNj/+88B5Uc+HziTONwmGkdFB387X9/HO9Wf3v/33+c1rRZav0v0A9p/48fHP9k0v68Zu3N6/j3g4l/dFu3O/4rD9P6d8ff+fgfSX7RSI9kZbeL9frqbMRI8rP95XM7r71drOdjbmf7NP7pb3Q+/w86/tNh6FqW3n7Nw4/5px/85e3j7600/oW0/5MsiNf2/5snHr1cGupW/+H6f76Rms5K9o9/+X1/97ANfKedBwAAAAAAAAAAAAAAAAAAAAAAAACHlIuIU5HkCq/SuVyh0PwO76/EeK5SrdXPXq+urSxE47uyJ2M41/qoy4m2z0OdzT4Pv5Wf25P/TkR8OSL+MHqikS+UqpWFQQcPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJmTXb7/P/X/0UG3DgDombFBNwAA6DvXfwA4frpc/0c6F5/oaVsAgP5oXP+T/KCbAQD0kff/AeD4cf0HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgxy5fupQu259sbZbS/MKt9bWl6q1zC+XaUmF5rVQoVVdvFhar1cVKuVCqLnf9Q3ebvyrV6s35WFm7PVMv1+oztfWNq8vVtZX61RvLxcXy1fJw3yIDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgMOrrW8stdJLxUqlvJqWSOxL3HkvmnEv66pB7w2J9yIxGhG9qqJ9lDjR93EJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Ivi8wAAAP//rBIcPQ==")
chdir(&(0x7f0000000100)='./file0\x00')
link(&(0x7f0000000440)='./file0\x00', &(0x7f0000000700)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')

kernel console output (not intermixed with test programs):

EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  219.234619][ T5879] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  219.260885][T11054] vlan3: entered promiscuous mode
[  219.262675][T11054] hsr0: entered promiscuous mode
[  219.383654][ T5879] usb 5-1: Using ep0 maxpacket: 16
[  219.389861][ T5879] usb 5-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  219.394372][ T5879] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  219.397123][ T5879] usb 5-1: Product: syz
[  219.398574][ T5879] usb 5-1: Manufacturer: syz
[  219.400249][ T5879] usb 5-1: SerialNumber: syz
[  219.407906][ T5879] r8152-cfgselector 5-1: Unknown version 0x0000
[  219.410190][ T5879] r8152-cfgselector 5-1: config 0 descriptor??
[  219.828594][ T5879] r8152-cfgselector 5-1: USB disconnect, device number 11
[  221.278643][T11100] loop4: detected capacity change from 0 to 4096
[  221.282279][T11100] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512).
[  221.965880][T11123] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  222.354251][T11137] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2012'.
[  222.766616][T11149] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2018'.
[  223.563639][   T47] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  223.640923][T11208] netlink: 23 bytes leftover after parsing attributes in process `syz.0.2045'.
[  223.713412][   T47] usb 5-1: Using ep0 maxpacket: 32
[  223.717873][   T47] usb 5-1: config 0 has an invalid interface number: 151 but max is 0
[  223.721411][   T47] usb 5-1: config 0 has no interface number 0
[  223.731762][   T47] usb 5-1: New USB device found, idVendor=0499, idProduct=6bb7, bcdDevice=68.2f
[  223.735899][   T47] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  223.739144][   T47] usb 5-1: Product: syz
[  223.740979][   T47] usb 5-1: Manufacturer: syz
[  223.744316][   T47] usb 5-1: SerialNumber: syz
[  223.756159][   T47] usb 5-1: config 0 descriptor??
[  223.988911][   T47] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  224.019685][   T47] usb 5-1: USB disconnect, device number 12
[  224.136170][T11233] Invalid ELF header magic: != ELF
[  224.894300][ T1279] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  225.043077][ T1279] usb 5-1: Using ep0 maxpacket: 8
[  225.046886][ T1279] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  225.050491][ T1279] usb 5-1: New USB device found, idVendor=2833, idProduct=0201, bcdDevice=2a.d5
[  225.055141][ T1279] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  225.059132][ T1279] usb 5-1: config 0 descriptor??
[  225.062926][ T1279] uvcvideo 5-1:0.0: probe with driver uvcvideo failed with error -22
[  225.266157][ T1279] usb 5-1: USB disconnect, device number 13
[  225.489751][T11270] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2073'.
[  225.538677][T11272] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2074'.
[  226.183121][   T47] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  226.318795][T11300] netlink: 'syz.0.2087': attribute type 12 has an invalid length.
[  226.322007][T11300] netlink: 9472 bytes leftover after parsing attributes in process `syz.0.2087'.
[  226.333449][   T47] usb 5-1: Using ep0 maxpacket: 8
[  226.337486][   T47] usb 5-1: config 32 has an invalid descriptor of length 48, skipping remainder of the config
[  226.341336][   T47] usb 5-1: too many endpoints for config 32 interface 0 altsetting 48: 48, using maximum allowed: 30
[  226.353462][   T47] usb 5-1: config 32 interface 0 altsetting 48 has 0 endpoint descriptors, different from the interface descriptor's value: 48
[  226.360016][   T47] usb 5-1: config 32 interface 0 has no altsetting 0
[  226.362461][   T47] usb 5-1: New USB device found, idVendor=19b5, idProduct=0021, bcdDevice=98.c7
[  226.367107][   T47] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  226.584000][   T47] usb 5-1: string descriptor 0 read error: -71
[  226.586320][   T47] hub 5-1:32.0: bad descriptor, ignoring hub
[  226.588159][   T47] hub 5-1:32.0: probe with driver hub failed with error -5
[  226.616065][   T47] usb 5-1: USB disconnect, device number 14
[  227.161817][T11317] loop4: detected capacity change from 0 to 2048
[  227.216157][T11317] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  227.247537][T11317] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4128793 free clusters
[  227.258144][T11317] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 10 with max blocks 23 with error 28
[  227.262589][T11317] EXT4-fs (loop4): This should not happen!! Data will be lost
[  227.262589][T11317] 
[  227.266010][T11317] EXT4-fs (loop4): Total free blocks count 0
[  227.268441][T11317] EXT4-fs (loop4): Free/Dirty block details
[  227.270603][T11317] EXT4-fs (loop4): free_blocks=66060288
[  227.272430][T11317] EXT4-fs (loop4): dirty_blocks=48
[  227.275509][T11317] EXT4-fs (loop4): Block reservation details
[  227.278945][T11317] EXT4-fs (loop4): i_reserved_data_blocks=3
[  227.284209][T11316] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[  227.487874][T11348] tipc: Started in network mode
[  227.489425][T11348] tipc: Node identity 6e123e211646, cluster identity 4711
[  227.492365][T11348] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  227.496430][T11348] syzkaller0: entered promiscuous mode
[  227.498461][T11348] syzkaller0: entered allmulticast mode
[  227.508103][T11348] tipc: Resetting bearer <eth:syzkaller0>
[  227.512563][T11347] tipc: Resetting bearer <eth:syzkaller0>
[  227.527325][T11347] tipc: Disabling bearer <eth:syzkaller0>
[  227.669183][   T33] audit: type=1800 audit(2000000049.360:474): pid=11366 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2118" name="file1" dev="tmpfs" ino=3980 res=0 errno=0
[  227.863869][   T33] audit: type=1326 audit(2000000049.560:475): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11372 comm="syz.0.2121" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2449f8ebe9 code=0x7ffc0000
[  227.882633][   T33] audit: type=1326 audit(2000000049.560:476): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11372 comm="syz.0.2121" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2449f8ebe9 code=0x7ffc0000
[  227.894265][   T33] audit: type=1326 audit(2000000049.560:477): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11372 comm="syz.0.2121" exe="/syz-executor" sig=0 arch=c000003e syscall=12 compat=0 ip=0x7f2449f8ebe9 code=0x7ffc0000
[  227.901058][   T33] audit: type=1326 audit(2000000049.560:478): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11372 comm="syz.0.2121" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2449f8ebe9 code=0x7ffc0000
[  227.924111][   T33] audit: type=1326 audit(2000000049.570:479): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11372 comm="syz.0.2121" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2449f8ebe9 code=0x7ffc0000
[  228.247772][ T1279] usb 5-1: new full-speed USB device number 15 using dummy_hcd
[  228.279966][T11385] bond2: entered allmulticast mode
[  228.335275][T11390] bridge1: entered allmulticast mode
[  228.415126][ T1279] usb 5-1: New USB device found, idVendor=1e7d, idProduct=3232, bcdDevice= 0.00
[  228.418458][ T1279] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  228.425584][ T1279] usb 5-1: config 0 descriptor??
[  228.838064][ T1279] ryos 0003:1E7D:3232.000F: unknown main item tag 0x0
[  228.840109][ T1279] ryos 0003:1E7D:3232.000F: unknown main item tag 0x0
[  228.842211][ T1279] ryos 0003:1E7D:3232.000F: unknown main item tag 0x0
[  228.844735][ T1279] ryos 0003:1E7D:3232.000F: unknown main item tag 0x0
[  228.850080][ T1279] ryos 0003:1E7D:3232.000F: hidraw0: USB HID v0.01 Device [HID 1e7d:3232] on usb-dummy_hcd.4-1/input0
[  229.046523][  T793] usb 5-1: USB disconnect, device number 15
[  229.095964][   T33] audit: type=1326 audit(2000000050.790:480): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11405 comm="syz.3.2137" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7efc1f78ebe9 code=0x0
[  229.251843][T11409] overlayfs: missing 'lowerdir'
[  229.390062][   T33] audit: type=1326 audit(2000000051.080:481): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11412 comm="syz.0.2140" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2449f8ebe9 code=0x0
[  230.081361][T11431] loop4: detected capacity change from 0 to 32768
[  230.118999][T11431] ocfs2: Mounting device (7,4) on (node local, slot 0) with writeback data mode.
[  230.156470][ T9457] ocfs2: Unmounting device (7,4) on (node local)
[  230.833365][  T793] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  230.993219][  T793] usb 5-1: Using ep0 maxpacket: 8
[  230.997993][  T793] usb 5-1: unable to get BOS descriptor or descriptor too short
[  231.001320][  T793] usb 5-1: config 8 has an invalid interface number: 24 but max is 1
[  231.006272][  T793] usb 5-1: config 8 has an invalid interface number: 242 but max is 1
[  231.009455][  T793] usb 5-1: config 8 has no interface number 0
[  231.011816][  T793] usb 5-1: config 8 has no interface number 1
[  231.017105][T11478] netlink: 60 bytes leftover after parsing attributes in process `syz.0.2169'.
[  231.020993][T11475] netlink: 60 bytes leftover after parsing attributes in process `syz.0.2169'.
[  231.022253][  T793] usb 5-1: config 8 interface 24 altsetting 2 endpoint 0xE has invalid maxpacket 1535, setting to 1024
[  231.029103][  T793] usb 5-1: config 8 interface 24 altsetting 2 endpoint 0x85 has an invalid bInterval 255, changing to 11
[  231.035446][T11478] netlink: 60 bytes leftover after parsing attributes in process `syz.0.2169'.
[  231.039282][  T793] usb 5-1: config 8 interface 24 has no altsetting 0
[  231.043979][  T793] usb 5-1: config 8 interface 242 has no altsetting 0
[  231.049632][  T793] usb 5-1: New USB device found, idVendor=10cf, idProduct=5503, bcdDevice=75.af
[  231.057119][  T793] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  231.062138][  T793] usb 5-1: Product: syz
[  231.064211][  T793] usb 5-1: Manufacturer: syz
[  231.066111][  T793] usb 5-1: SerialNumber: syz
[  231.071126][T11469] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  231.086334][T11482] netlink: 'syz.3.2172': attribute type 1 has an invalid length.
[  231.088732][T11482] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2172'.
[  231.175414][T11488] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2174'.
[  231.298719][  T793] comedi comedi5: driver 'vmk80xx' has successfully auto-configured 'K8055 (VM110)'.
[  231.319006][  T793] vmk80xx 5-1:8.242: driver 'vmk80xx' failed to auto-configure device.
[  231.325899][  T793] usb 5-1: USB disconnect, device number 16
[  232.712804][T11523] overlayfs: failed to clone upperpath
[  233.462520][T11541] loop4: detected capacity change from 0 to 16
[  233.468680][T11541] erofs (device loop4): negative i_size @ nid 36
[  233.497390][T11544] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2199'.
[  233.686625][T11561] tipc: Enabling of bearer <udp:syz1> rejected, failed to enable media
[  233.984132][  T793] usb 5-1: new high-speed USB device number 17 using dummy_hcd
[  234.027093][T11574] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  234.083411][T11574] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  234.139674][T11574] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  234.163198][  T793] usb 5-1: Using ep0 maxpacket: 8
[  234.171907][  T793] usb 5-1: config 0 interface 0 altsetting 3 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  234.177174][  T793] usb 5-1: config 0 interface 0 has no altsetting 0
[  234.180731][  T793] usb 5-1: New USB device found, idVendor=05ac, idProduct=0230, bcdDevice= 0.00
[  234.186759][  T793] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  234.192157][  T793] usb 5-1: config 0 descriptor??
[  234.202601][  T793] input: bcm5974 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input12
[  234.401239][ T5279] bcm5974 5-1:0.0: could not read from device
[  234.408091][ T5279] bcm5974 5-1:0.0: could not read from device
[  234.410961][  T793] usb 5-1: USB disconnect, device number 17
[  234.685424][T11588] mac80211_hwsim hwsim10 wlan1: entered allmulticast mode
[  234.752894][   T33] audit: type=1326 audit(2000000056.440:482): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11591 comm="syz.3.2220" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7efc1f78ebe9 code=0x0
[  235.264298][ T5946] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[  235.510720][ T5946] usb 5-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36
[  235.515051][ T5946] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  235.518537][ T5946] usb 5-1: Product: syz
[  235.520406][ T5946] usb 5-1: Manufacturer: syz
[  235.522432][ T5946] usb 5-1: SerialNumber: syz
[  235.528760][ T5946] usb 5-1: config 0 descriptor??
[  235.536855][ T5946] ch341 5-1:0.0: ch341-uart converter detected
[  235.658002][T11609] netlink: 'syz.3.2227': attribute type 28 has an invalid length.
[  236.598961][ T5946] usb 5-1: failed to send control message: -71
[  236.601201][ T5946] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -71
[  236.609400][ T5946] usb 5-1: USB disconnect, device number 18
[  236.613375][ T5946] ch341 5-1:0.0: device disconnected
[  236.962195][T11632] netlink: 'syz.0.2237': attribute type 3 has an invalid length.
[  236.965916][T11632] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.2237'.
[  237.298786][T11644] macvlan2: entered promiscuous mode
[  237.300484][T11644] macvlan2: entered allmulticast mode
[  238.306592][T11670] overlayfs: failed to clone upperpath
[  238.813163][T11673] loop4: detected capacity change from 0 to 40427
[  238.819347][T11673] F2FS-fs (loop4): Wrong segment_count / block_count (31 > 0)
[  238.821906][T11673] F2FS-fs (loop4): Can't find valid F2FS filesystem in 2th superblock
[  238.828011][T11673] F2FS-fs (loop4): invalid crc value
[  238.868644][T11673] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  238.876502][T11673] F2FS-fs (loop4): Try to recover 2th superblock, ret: 0
[  238.879250][T11673] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  238.933899][ T9457] syz-executor: attempt to access beyond end of device
[  238.933899][ T9457] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  238.938515][ T9457] CPU: 0 UID: 0 PID: 9457 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  238.938529][ T9457] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  238.938536][ T9457] Call Trace:
[  238.938540][ T9457]  <TASK>
[  238.938544][ T9457]  dump_stack_lvl+0x189/0x250
[  238.938563][ T9457]  ? __pfx_dump_stack_lvl+0x10/0x10
[  238.938574][ T9457]  ? __pfx_queue_work_on+0x10/0x10
[  238.938583][ T9457]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  238.938596][ T9457]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  238.938612][ T9457]  f2fs_handle_critical_error+0x37c/0x540
[  238.938630][ T9457]  f2fs_write_end_io+0x886/0xb60
[  238.938648][ T9457]  __submit_merged_bio+0x27a/0x6a0
[  238.938664][ T9457]  __submit_merged_write_cond+0x255/0x530
[  238.938679][ T9457]  f2fs_write_data_pages+0x261d/0x3000
[  238.938709][ T9457]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  238.938743][ T9457]  ? __mod_zone_page_state+0xd7/0x140
[  238.938761][ T9457]  ? folios_put_refs+0x560/0x640
[  238.938776][ T9457]  ? __pfx_folios_put_refs+0x10/0x10
[  238.938784][ T9457]  ? rcu_is_watching+0x15/0xb0
[  238.938798][ T9457]  ? __lock_acquire+0xab9/0xd20
[  238.938820][ T9457]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  238.938832][ T9457]  do_writepages+0x32e/0x550
[  238.938849][ T9457]  ? do_raw_spin_unlock+0x4d/0x240
[  238.938861][ T9457]  filemap_fdatawrite+0x199/0x240
[  238.938874][ T9457]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  238.938909][ T9457]  ? do_raw_spin_unlock+0x4d/0x240
[  238.938921][ T9457]  f2fs_sync_dirty_inodes+0x31f/0x830
[  238.938962][ T9457]  f2fs_write_checkpoint+0x95a/0x1df0
[  238.938985][ T9457]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  238.939018][ T9457]  ? kill_f2fs_super+0x298/0x6c0
[  238.939030][ T9457]  kill_f2fs_super+0x2c3/0x6c0
[  238.939041][ T9457]  ? __pfx_kill_f2fs_super+0x10/0x10
[  238.939048][ T9457]  ? radix_tree_delete_item+0x2b6/0x400
[  238.939064][ T9457]  ? shrinker_free+0x2ce/0x3e0
[  238.939075][ T9457]  deactivate_locked_super+0xbc/0x130
[  238.939088][ T9457]  cleanup_mnt+0x425/0x4c0
[  238.939098][ T9457]  ? lockdep_hardirqs_on+0x9c/0x150
[  238.939111][ T9457]  task_work_run+0x1d4/0x260
[  238.939124][ T9457]  ? __pfx_task_work_run+0x10/0x10
[  238.939134][ T9457]  ? __x64_sys_umount+0x122/0x160
[  238.939147][ T9457]  ? exit_to_user_mode_loop+0x40/0x110
[  238.939163][ T9457]  exit_to_user_mode_loop+0xec/0x110
[  238.939174][ T9457]  do_syscall_64+0x2bd/0x3b0
[  238.939185][ T9457]  ? lockdep_hardirqs_on+0x9c/0x150
[  238.939195][ T9457]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  238.939204][ T9457]  ? exc_page_fault+0x9f/0xf0
[  238.939215][ T9457]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  238.939223][ T9457] RIP: 0033:0x7f399bb8ff17
[  238.939233][ T9457] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  238.939241][ T9457] RSP: 002b:00007ffe21458b48 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  238.939250][ T9457] RAX: 0000000000000000 RBX: 00007f399bc11c05 RCX: 00007f399bb8ff17
[  238.939256][ T9457] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe21458c00
[  238.939261][ T9457] RBP: 00007ffe21458c00 R08: 0000000000000000 R09: 0000000000000000
[  238.939266][ T9457] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe21459c90
[  238.939271][ T9457] R13: 00007f399bc11c05 R14: 000000000003a4df R15: 00007ffe21459cd0
[  238.939285][ T9457]  </TASK>
[  238.939289][ T9457] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  239.229201][T11692] overlayfs: failed to clone upperpath
[  239.308065][T11696] loop4: detected capacity change from 0 to 2048
[  239.316836][T11696] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: writeback.
[  239.441277][T11704] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  239.449873][T11700] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  239.456979][ T5844] Bluetooth: hci0: ACL packet too small
[  239.458654][T11700] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1004 with error 28
[  239.463547][T11700] EXT4-fs (loop4): This should not happen!! Data will be lost
[  239.463547][T11700] 
[  239.466721][T11700] EXT4-fs (loop4): Total free blocks count 0
[  239.468857][T11700] EXT4-fs (loop4): Free/Dirty block details
[  239.470752][T11700] EXT4-fs (loop4): free_blocks=2415919104
[  239.472858][T11700] EXT4-fs (loop4): dirty_blocks=1008
[  239.475556][T11700] EXT4-fs (loop4): Block reservation details
[  239.477673][T11700] EXT4-fs (loop4): i_reserved_data_blocks=63
[  239.497325][T11704] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  239.555271][T11704] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  240.151741][ T1090] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 8 with error 28
[  240.296580][T11738] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount.
[  240.307444][T11738] CIFS: Unable to determine destination address
[  240.981101][T11758] could not allocate digest TFM handle sha1-avx2
[  240.983754][T11763] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2291'.
[  241.181943][T11756] loop4: detected capacity change from 0 to 40427
[  241.189205][T11756] F2FS-fs (loop4): Image doesn't support compression
[  241.198613][T11756] F2FS-fs (loop4): invalid crc value
[  241.234373][T11773] netdevsim netdevsim3: Firmware load for '../file0/../file0/../file0' refused, path contains '..' component
[  241.291758][T11756] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  241.296397][T11756] F2FS-fs (loop4): Start checkpoint disabled!
[  241.307157][T11756] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6
[  241.320328][   T33] audit: type=1800 audit(2000524351.011:483): pid=11756 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.2290" name="file1" dev="loop4" ino=10 res=0 errno=0
[  241.342003][T11756] syz.4.2290: attempt to access beyond end of device
[  241.342003][T11756] loop4: rw=2049, sector=45096, nr_sectors = 128 limit=40427
[  241.395523][T11756] syz.4.2290: attempt to access beyond end of device
[  241.395523][T11756] loop4: rw=2049, sector=45224, nr_sectors = 128 limit=40427
[  241.404826][T11756] syz.4.2290: attempt to access beyond end of device
[  241.404826][T11756] loop4: rw=2049, sector=45352, nr_sectors = 128 limit=40427
[  241.419592][T11756] syz.4.2290: attempt to access beyond end of device
[  241.419592][T11756] loop4: rw=2049, sector=77824, nr_sectors = 128 limit=40427
[  241.429585][T11756] syz.4.2290: attempt to access beyond end of device
[  241.429585][T11756] loop4: rw=2049, sector=77952, nr_sectors = 128 limit=40427
[  241.441618][T11756] syz.4.2290: attempt to access beyond end of device
[  241.441618][T11756] loop4: rw=2049, sector=78080, nr_sectors = 128 limit=40427
[  241.449310][T11756] syz.4.2290: attempt to access beyond end of device
[  241.449310][T11756] loop4: rw=2049, sector=78208, nr_sectors = 128 limit=40427
[  241.459265][T11756] syz.4.2290: attempt to access beyond end of device
[  241.459265][T11756] loop4: rw=2049, sector=78336, nr_sectors = 128 limit=40427
[  241.466468][T11756] syz.4.2290: attempt to access beyond end of device
[  241.466468][T11756] loop4: rw=2049, sector=78464, nr_sectors = 128 limit=40427
[  241.583370][  T147] CPU: 0 UID: 0 PID: 147 Comm: kworker/u9:2 Not tainted syzkaller #0 PREEMPT(full) 
[  241.583397][  T147] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  241.583406][  T147] Workqueue: writeback wb_workfn (flush-7:4)
[  241.583431][  T147] Call Trace:
[  241.583437][  T147]  <TASK>
[  241.583444][  T147]  dump_stack_lvl+0x189/0x250
[  241.583467][  T147]  ? __pfx_dump_stack_lvl+0x10/0x10
[  241.583482][  T147]  ? __pfx_queue_work_on+0x10/0x10
[  241.583496][  T147]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  241.583514][  T147]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  241.583540][  T147]  f2fs_handle_critical_error+0x37c/0x540
[  241.583567][  T147]  f2fs_write_end_io+0x886/0xb60
[  241.583595][  T147]  __submit_merged_bio+0x27a/0x6a0
[  241.583619][  T147]  __submit_merged_write_cond+0x255/0x530
[  241.583643][  T147]  f2fs_write_data_pages+0x261d/0x3000
[  241.583692][  T147]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  241.583815][  T147]  ? f2fs_write_meta_pages+0x357/0x450
[  241.583845][  T147]  ? __lock_acquire+0xab9/0xd20
[  241.583868][  T147]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  241.583889][  T147]  do_writepages+0x32e/0x550
[  241.583914][  T147]  ? reacquire_held_locks+0x127/0x1d0
[  241.583927][  T147]  ? writeback_sb_inodes+0x384/0x1010
[  241.583949][  T147]  __writeback_single_inode+0x145/0xff0
[  241.583959][  T147]  ? do_raw_spin_unlock+0x4d/0x240
[  241.583972][  T147]  writeback_sb_inodes+0x6c7/0x1010
[  241.583996][  T147]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  241.584028][  T147]  ? rcu_is_watching+0x15/0xb0
[  241.584043][  T147]  wb_writeback+0x43b/0xaf0
[  241.584058][  T147]  ? queue_io+0x321/0x590
[  241.584070][  T147]  ? __pfx_wb_writeback+0x10/0x10
[  241.584085][  T147]  ? _raw_spin_unlock_irq+0x23/0x50
[  241.584098][  T147]  wb_workfn+0x409/0xef0
[  241.584115][  T147]  ? __pfx_wb_workfn+0x10/0x10
[  241.584127][  T147]  ? __lock_acquire+0xab9/0xd20
[  241.584144][  T147]  ? process_scheduled_works+0x9ef/0x17b0
[  241.584156][  T147]  ? _raw_spin_unlock_irq+0x23/0x50
[  241.584166][  T147]  ? process_scheduled_works+0x9ef/0x17b0
[  241.584179][  T147]  ? process_scheduled_works+0x9ef/0x17b0
[  241.584188][  T147]  process_scheduled_works+0xae1/0x17b0
[  241.584212][  T147]  ? __pfx_process_scheduled_works+0x10/0x10
[  241.584230][  T147]  worker_thread+0x8a0/0xda0
[  241.584253][  T147]  kthread+0x711/0x8a0
[  241.584266][  T147]  ? __pfx_worker_thread+0x10/0x10
[  241.584274][  T147]  ? __pfx_kthread+0x10/0x10
[  241.584286][  T147]  ? _raw_spin_unlock_irq+0x23/0x50
[  241.584295][  T147]  ? lockdep_hardirqs_on+0x9c/0x150
[  241.584307][  T147]  ? __pfx_kthread+0x10/0x10
[  241.584317][  T147]  ret_from_fork+0x3fc/0x770
[  241.584329][  T147]  ? __pfx_ret_from_fork+0x10/0x10
[  241.584341][  T147]  ? __switch_to_asm+0x39/0x70
[  241.584351][  T147]  ? __switch_to_asm+0x33/0x70
[  241.584360][  T147]  ? __pfx_kthread+0x10/0x10
[  241.584370][  T147]  ret_from_fork_asm+0x1a/0x30
[  241.584389][  T147]  </TASK>
[  241.584394][  T147] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  241.786211][T11792] netlink: 132 bytes leftover after parsing attributes in process `syz.3.2305'.
[  242.008424][T11798] netlink: 'syz.4.2302': attribute type 1 has an invalid length.
[  242.071378][T11798] gretap1: entered promiscuous mode
[  242.085773][T11798] bond1: (slave gretap1): making interface the new active one
[  242.089931][T11798] bond1: (slave gretap1): Enslaving as an active interface with an up link
[  242.109264][T11798] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2302'.
[  242.128010][T11798] 8021q: adding VLAN 0 to HW filter on device bond1
[  244.231112][   T33] audit: type=1326 audit(2000524353.921:484): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11886 comm="syz.4.2348" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f399bb8ebe9 code=0x0
[  245.921209][T11925] loop4: detected capacity change from 0 to 32768
[  246.667543][T11941] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2370'.
[  246.670520][T11941] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2370'.
[  247.154777][T11948] Device name cannot be null; rc = [-22]
[  249.108933][T11982] loop4: detected capacity change from 0 to 4096
[  249.117007][T11982] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512).
[  249.145934][T11982] ntfs3(loop4): Mark volume as dirty due to NTFS errors
[  249.311066][T11979] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  249.327481][T11979] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  249.328572][T11982] overlay: ./file0 is not a directory
[  249.334446][T11979] bond0 (unregistering): Released all slaves
[  249.518802][T11987] loop4: detected capacity change from 0 to 512
[  249.533940][T11987] EXT4-fs (loop4): orphan cleanup on readonly fs
[  249.536554][T11987] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -13
[  249.540088][T11987] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters
[  249.549024][T11987] EXT4-fs error (device loop4): ext4_clear_blocks:876: inode #13: comm syz.4.2387: attempt to clear invalid blocks 2 len 1
[  249.554158][T11987] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #13: comm syz.4.2387: invalid indirect mapped block 1819239214 (level 0)
[  249.559005][T11987] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #13: comm syz.4.2387: invalid indirect mapped block 1819239214 (level 1)
[  249.565114][T11987] EXT4-fs (loop4): 1 truncate cleaned up
[  249.568154][T11987] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  249.578852][T11987] EXT4-fs (loop4): warning: mounting fs with errors, running e2fsck is recommended
[  249.586522][T11987] EXT4-fs error (device loop4): __ext4_remount:6736: comm syz.4.2387: Abort forced by user
[  249.590037][T11987] EXT4-fs (loop4): Remounting filesystem read-only
[  249.592247][T11987] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 r/w.
[  249.617693][ T9457] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  249.868711][T11998] loop4: detected capacity change from 0 to 1024
[  249.905888][T11998] hfsplus: bad catalog entry type
[  249.971505][   T26] hfsplus: b-tree write err: -5, ino 4
[  250.319605][T12017] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci1/hci1:200/input13
[  251.885740][T12053] loop4: detected capacity change from 0 to 32768
[  251.922218][T12053] JBD2: Ignoring recovery information on journal
[  251.927254][T12053] JBD2: corrupted journal superblock
[  251.929424][T12053] JBD2: error -117 scanning journal
[  251.937460][T12053] (syz.4.2414,12053,0):ocfs2_journal_wipe:1216 ERROR: status = -117
[  251.943296][T12053] (syz.4.2414,12053,1):ocfs2_check_volume:2363 ERROR: status = -117
[  251.948455][T12053] (syz.4.2414,12053,1):ocfs2_check_volume:2432 ERROR: status = -117
[  251.958654][T12053] (syz.4.2414,12053,1):ocfs2_mount_volume:1764 ERROR: status = -117
[  251.991242][T12053] (syz.4.2414,12053,1):ocfs2_fill_super:1177 ERROR: status = -117
[  252.178444][T12084] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies.
[  252.295866][T12094] loop4: detected capacity change from 0 to 2048
[  252.304584][T12094] UDF-fs: error (device loop4): udf_read_tagged: tag checksum failed, block 129: 0x32 != 0x7d
[  252.308490][T12094] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  253.082586][ T5909] usb 5-1: new full-speed USB device number 19 using dummy_hcd
[  253.237228][ T5909] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  253.241480][ T5909] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  253.245663][ T5909] usb 5-1: New USB device found, idVendor=256c, idProduct=006e, bcdDevice= 0.00
[  253.249666][ T5909] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  253.257702][ T5909] usb 5-1: config 0 descriptor??
[  253.871557][ T5909] usb 5-1: string descriptor 0 read error: -71
[  253.874731][ T5909] uclogic 0003:256C:006E.0010: failed retrieving string descriptor #200: -71
[  253.878266][ T5909] uclogic 0003:256C:006E.0010: failed retrieving pen parameters: -71
[  253.880816][ T5909] uclogic 0003:256C:006E.0010: failed probing pen v2 parameters: -71
[  253.884246][ T5909] uclogic 0003:256C:006E.0010: failed probing parameters: -71
[  253.886693][ T5909] uclogic 0003:256C:006E.0010: probe with driver uclogic failed with error -71
[  253.894089][ T5909] usb 5-1: USB disconnect, device number 19
[  254.303268][ T5844] Bluetooth: hci1: command tx timeout
[  254.352547][T12147] Illegal XDP return value 846549310 on prog  (id 192) dev syz_tun, expect packet loss!
[  254.707561][T12163] loop4: detected capacity change from 0 to 32768
[  254.820752][T12163] bcachefs (loop4): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,str_hash=crc32c,noacl,usrquota,grpquota,nojournal_transaction_names,allocator_stuck_timeout=256
[  254.820771][T12163]   allowing incompatible features above 0.0: (unknown version)
[  254.820777][T12163]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  254.840761][T12163] bcachefs (loop4): Using encoding defined by superblock: utf8-12.1.0
[  254.853494][T12163] bcachefs (loop4): initializing new filesystem
[  254.862647][T12163] bcachefs (loop4): going read-write
[  254.910792][T12163] bcachefs (loop4): marking superblocks
[  254.939654][T12163] bcachefs (loop4): initializing freespace
[  254.944410][T12163] bcachefs (loop4): done initializing freespace
[  254.950602][T12163] bcachefs (loop4): reading snapshots table
[  254.952554][T12163] bcachefs (loop4): reading snapshots done
[  254.978167][T12163] bcachefs (loop4): done starting filesystem
[  255.022554][ T9457] bcachefs (loop4): shutting down
[  255.026459][ T9457] bcachefs (loop4): going read-only
[  255.028505][ T9457] bcachefs (loop4): finished waiting for writes to stop
[  255.043255][ T9457] bcachefs (loop4): flushing journal and stopping allocators, journal seq 2
[  255.077127][ T9457] bcachefs (loop4): flushing journal and stopping allocators complete, journal seq 3
[  255.081805][ T9457] bcachefs (loop4): clean shutdown complete, journal seq 4
[  255.087156][ T9457] bcachefs (loop4): marking filesystem clean
[  255.102793][ T9457] bcachefs (loop4): shutdown complete
[  255.349383][ T1363] ieee802154 phy0 wpan0: encryption failed: -22
[  255.352033][ T1363] ieee802154 phy1 wpan1: encryption failed: -22
[  255.440457][T12192] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2474'.
[  255.466030][T12192] bridge_slave_1: left allmulticast mode
[  255.468474][T12192] bridge_slave_1: left promiscuous mode
[  255.470947][T12192] bridge0: port 2(bridge_slave_1) entered disabled state
[  255.482738][T12192] bridge_slave_0: left allmulticast mode
[  255.491164][T12192] bridge_slave_0: left promiscuous mode
[  255.495648][T12192] bridge0: port 1(bridge_slave_0) entered disabled state
[  256.734632][ T5946] usb 5-1: new low-speed USB device number 20 using dummy_hcd
[  256.797754][ T5909] Process accounting resumed
[  256.885959][ T5946] usb 5-1: config 179 has an invalid interface number: 65 but max is 0
[  256.889177][ T5946] usb 5-1: config 179 has no interface number 0
[  256.891810][ T5946] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 10
[  256.897086][ T5946] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0
[  256.900828][ T5946] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 10
[  256.905801][ T5946] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 58368, setting to 8
[  256.910288][ T5946] usb 5-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  256.916790][ T5946] usb 5-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  256.920179][ T5946] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  256.928107][T12224] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  256.937658][ T5946] xpad 5-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90
[  256.953872][ T5946] xpad 5-1:179.65: probe with driver xpad failed with error -90
[  256.961470][T12228] Process accounting resumed
[  256.999287][T12232] overlayfs: failed to clone upperpath
[  257.148648][ T5946] usb 5-1: USB disconnect, device number 20
[  258.125748][T12258] loop4: detected capacity change from 0 to 40427
[  258.130085][T12258] F2FS-fs (loop4): build fault injection rate: 14
[  258.132700][T12258] F2FS-fs (loop4): build fault injection type: 0x3bfe8c
[  258.138129][T12258] F2FS-fs (loop4): invalid crc value
[  258.143513][    C1] F2FS-fs (loop4): inject read IO error in f2fs_read_end_io of blk_update_request+0x57e/0xe60
[  258.156863][    C1] F2FS-fs (loop4): inject read IO error in f2fs_read_end_io of blk_update_request+0x57e/0xe60
[  258.186494][T12258] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  258.189337][T12258] F2FS-fs (loop4): inject page alloc in f2fs_grab_cache_folio of __get_meta_folio+0x157/0x4f0
[  258.194301][T12258] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  258.199664][T12258] F2FS-fs (loop4): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_new_node_folio+0x1d9/0xa40
[  258.207571][T12258] F2FS-fs (loop4): inject inconsistent footer in sanity_check_node_footer of f2fs_convert_inline_inode+0x722/0x880
[  258.211442][T12258] F2FS-fs (loop4): inconsistent node block, node_type:1, nid:10, node_footer[nid:10,ino:10,ofs:0,cpver:0,blkaddr:0]
[  258.234687][ T9457] bio_check_eod: 29 callbacks suppressed
[  258.234712][ T9457] syz-executor: attempt to access beyond end of device
[  258.234712][ T9457] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  258.240642][ T9457] CPU: 1 UID: 0 PID: 9457 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  258.240654][ T9457] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  258.240660][ T9457] Call Trace:
[  258.240664][ T9457]  <TASK>
[  258.240668][ T9457]  dump_stack_lvl+0x189/0x250
[  258.240687][ T9457]  ? __pfx_dump_stack_lvl+0x10/0x10
[  258.240697][ T9457]  ? __pfx_queue_work_on+0x10/0x10
[  258.240707][ T9457]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  258.240720][ T9457]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  258.240736][ T9457]  f2fs_handle_critical_error+0x37c/0x540
[  258.240755][ T9457]  f2fs_write_end_io+0x886/0xb60
[  258.240773][ T9457]  __submit_merged_bio+0x27a/0x6a0
[  258.240788][ T9457]  __submit_merged_write_cond+0x255/0x530
[  258.240803][ T9457]  f2fs_write_data_pages+0x261d/0x3000
[  258.240833][ T9457]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  258.240874][ T9457]  ? folios_put_refs+0x559/0x640
[  258.240891][ T9457]  ? __lock_acquire+0xab9/0xd20
[  258.240909][ T9457]  ? do_raw_spin_lock+0x121/0x290
[  258.240925][ T9457]  ? do_raw_spin_unlock+0x4d/0x240
[  258.240934][ T9457]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  258.240947][ T9457]  do_writepages+0x32e/0x550
[  258.240964][ T9457]  ? do_raw_spin_unlock+0x4d/0x240
[  258.240976][ T9457]  filemap_fdatawrite+0x199/0x240
[  258.240988][ T9457]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  258.241027][ T9457]  ? do_raw_spin_unlock+0x4d/0x240
[  258.241040][ T9457]  f2fs_sync_dirty_inodes+0x31f/0x830
[  258.241056][ T9457]  f2fs_write_checkpoint+0x95a/0x1df0
[  258.241077][ T9457]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  258.241110][ T9457]  ? kill_f2fs_super+0x298/0x6c0
[  258.241122][ T9457]  kill_f2fs_super+0x2c3/0x6c0
[  258.241133][ T9457]  ? __pfx_kill_f2fs_super+0x10/0x10
[  258.241140][ T9457]  ? radix_tree_delete_item+0x2b6/0x400
[  258.241156][ T9457]  ? shrinker_free+0x2ce/0x3e0
[  258.241167][ T9457]  deactivate_locked_super+0xbc/0x130
[  258.241180][ T9457]  cleanup_mnt+0x425/0x4c0
[  258.241190][ T9457]  ? lockdep_hardirqs_on+0x9c/0x150
[  258.241204][ T9457]  task_work_run+0x1d4/0x260
[  258.241217][ T9457]  ? __pfx_task_work_run+0x10/0x10
[  258.241226][ T9457]  ? __x64_sys_umount+0x122/0x160
[  258.241240][ T9457]  ? exit_to_user_mode_loop+0x40/0x110
[  258.241256][ T9457]  exit_to_user_mode_loop+0xec/0x110
[  258.241267][ T9457]  do_syscall_64+0x2bd/0x3b0
[  258.241278][ T9457]  ? lockdep_hardirqs_on+0x9c/0x150
[  258.241288][ T9457]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  258.241297][ T9457]  ? exc_page_fault+0x9f/0xf0
[  258.241309][ T9457]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  258.241316][ T9457] RIP: 0033:0x7f399bb8ff17
[  258.241326][ T9457] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  258.241333][ T9457] RSP: 002b:00007ffe21458b48 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  258.241343][ T9457] RAX: 0000000000000000 RBX: 00007f399bc11c05 RCX: 00007f399bb8ff17
[  258.241348][ T9457] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe21458c00
[  258.241353][ T9457] RBP: 00007ffe21458c00 R08: 0000000000000000 R09: 0000000000000000
[  258.241358][ T9457] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe21459c90
[  258.241364][ T9457] R13: 00007f399bc11c05 R14: 000000000003f04a R15: 00007ffe21459cd0
[  258.241379][ T9457]  </TASK>
[  258.241382][ T9457] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  258.889512][T12310] loop4: detected capacity change from 0 to 1024
[  258.908773][T12310] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  258.915470][T12310] ext4 filesystem being mounted at /280/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  258.930860][   T33] audit: type=1800 audit(2000524368.621:485): pid=12310 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.2527" name="file1" dev="loop4" ino=15 res=0 errno=0
[  258.949524][T12310] EXT4-fs error (device loop4): ext4_map_blocks:814: inode #15: block 1: comm syz.4.2527: lblock 1 mapped to illegal pblock 1 (length 3)
[  258.964405][T12310] EXT4-fs error (device loop4): ext4_map_blocks:814: inode #15: block 3: comm syz.4.2527: lblock 3 mapped to illegal pblock 3 (length 1)
[  258.971013][T12310] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 1 with error 117
[  258.976484][T12310] EXT4-fs (loop4): This should not happen!! Data will be lost
[  258.976484][T12310] 
[  259.445642][  T147] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters
[  259.456964][  T147] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 32 with max blocks 36 with error 28
[  259.461960][  T147] EXT4-fs (loop4): This should not happen!! Data will be lost
[  259.461960][  T147] 
[  259.466436][  T147] EXT4-fs (loop4): Total free blocks count 0
[  259.468386][  T147] EXT4-fs (loop4): Free/Dirty block details
[  259.470246][  T147] EXT4-fs (loop4): free_blocks=4293918720
[  259.472089][  T147] EXT4-fs (loop4): dirty_blocks=48
[  259.474423][  T147] EXT4-fs (loop4): Block reservation details
[  260.759347][T12329] loop4: detected capacity change from 0 to 32768
[  260.778773][T12329] JBD2: Ignoring recovery information on journal
[  261.768035][T12329] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[  261.869197][ T9457] ocfs2: Unmounting device (7,4) on (node local)
[  262.126180][T12364] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2545'.
[  262.143384][T12364] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2545'.
[  262.620737][T12387] loop4: detected capacity change from 0 to 512
[  262.627903][T12387] EXT4-fs error (device loop4): ext4_orphan_get:1392: inode #15: comm syz.4.2555: iget: bad extended attribute block 1
[  262.632718][T12387] EXT4-fs error (device loop4): ext4_orphan_get:1397: comm syz.4.2555: couldn't read orphan inode 15 (err -117)
[  262.639086][T12387] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  262.668813][ T9457] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  262.806780][T12390] netdevsim netdevsim4: Firmware load for '/../file0' refused, path contains '..' component
[  263.149320][T12404] loop4: detected capacity change from 0 to 40427
[  263.152425][T12404] F2FS-fs (loop4): Image doesn't support compression
[  263.155573][T12404] F2FS-fs (loop4): build fault injection rate: 690
[  263.160131][T12404] F2FS-fs (loop4): invalid crc value
[  263.197725][T12404] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  263.201065][T12404] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  263.237622][ T9457] syz-executor: attempt to access beyond end of device
[  263.237622][ T9457] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  263.244875][ T9457] CPU: 1 UID: 0 PID: 9457 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  263.244890][ T9457] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  263.244896][ T9457] Call Trace:
[  263.244900][ T9457]  <TASK>
[  263.244904][ T9457]  dump_stack_lvl+0x189/0x250
[  263.244924][ T9457]  ? __pfx_dump_stack_lvl+0x10/0x10
[  263.244934][ T9457]  ? __pfx_queue_work_on+0x10/0x10
[  263.244944][ T9457]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  263.244956][ T9457]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  263.244972][ T9457]  f2fs_handle_critical_error+0x37c/0x540
[  263.244991][ T9457]  f2fs_write_end_io+0x886/0xb60
[  263.245009][ T9457]  __submit_merged_bio+0x27a/0x6a0
[  263.245025][ T9457]  __submit_merged_write_cond+0x255/0x530
[  263.245040][ T9457]  f2fs_write_data_pages+0x261d/0x3000
[  263.245070][ T9457]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  263.245110][ T9457]  ? read_node_folio+0x240/0x3f0
[  263.245150][ T9457]  ? __lock_acquire+0xab9/0xd20
[  263.245173][ T9457]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  263.245185][ T9457]  do_writepages+0x32e/0x550
[  263.245204][ T9457]  ? do_raw_spin_unlock+0x4d/0x240
[  263.245217][ T9457]  filemap_fdatawrite+0x199/0x240
[  263.245229][ T9457]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  263.245285][ T9457]  ? do_raw_spin_unlock+0x4d/0x240
[  263.245300][ T9457]  f2fs_sync_dirty_inodes+0x31f/0x830
[  263.245321][ T9457]  f2fs_write_checkpoint+0x95a/0x1df0
[  263.245343][ T9457]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  263.245377][ T9457]  ? kill_f2fs_super+0x298/0x6c0
[  263.245389][ T9457]  kill_f2fs_super+0x2c3/0x6c0
[  263.245401][ T9457]  ? __pfx_kill_f2fs_super+0x10/0x10
[  263.245408][ T9457]  ? radix_tree_delete_item+0x2b6/0x400
[  263.245424][ T9457]  ? shrinker_free+0x2ce/0x3e0
[  263.245436][ T9457]  deactivate_locked_super+0xbc/0x130
[  263.245449][ T9457]  cleanup_mnt+0x425/0x4c0
[  263.245459][ T9457]  ? lockdep_hardirqs_on+0x9c/0x150
[  263.245472][ T9457]  task_work_run+0x1d4/0x260
[  263.245486][ T9457]  ? __pfx_task_work_run+0x10/0x10
[  263.245495][ T9457]  ? __x64_sys_umount+0x122/0x160
[  263.245509][ T9457]  ? exit_to_user_mode_loop+0x40/0x110
[  263.245525][ T9457]  exit_to_user_mode_loop+0xec/0x110
[  263.245536][ T9457]  do_syscall_64+0x2bd/0x3b0
[  263.245547][ T9457]  ? lockdep_hardirqs_on+0x9c/0x150
[  263.245557][ T9457]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  263.245566][ T9457]  ? exc_page_fault+0x9f/0xf0
[  263.245577][ T9457]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  263.245585][ T9457] RIP: 0033:0x7f399bb8ff17
[  263.245595][ T9457] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  263.245603][ T9457] RSP: 002b:00007ffe21458b48 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  263.245613][ T9457] RAX: 0000000000000000 RBX: 00007f399bc11c05 RCX: 00007f399bb8ff17
[  263.245619][ T9457] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe21458c00
[  263.245624][ T9457] RBP: 00007ffe21458c00 R08: 0000000000000000 R09: 0000000000000000
[  263.245629][ T9457] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe21459c90
[  263.245634][ T9457] R13: 00007f399bc11c05 R14: 00000000000402b3 R15: 00007ffe21459cd0
[  263.245649][ T9457]  </TASK>
[  263.246389][ T9457] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  263.970673][T12436] syzkaller0: entered allmulticast mode
[  263.972655][T12436] syzkaller0: entered promiscuous mode
[  263.983914][T12436] syzkaller0 (unregistering): left allmulticast mode
[  263.986445][T12436] syzkaller0 (unregistering): left promiscuous mode
[  264.103596][ T5894] usb 5-1: new high-speed USB device number 21 using dummy_hcd
[  264.264347][ T5894] usb 5-1: Using ep0 maxpacket: 16
[  264.268261][ T5894] usb 5-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4
[  264.271530][ T5894] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  264.291667][ T5894] usb 5-1: config 0 descriptor??
[  264.298016][ T5894] gspca_main: sonixj-2.14.0 probing 0471:0327
[  264.854166][T12471] CIFS mount error: No usable UNC path provided in device string!
[  264.854166][T12471] 
[  264.857890][T12471] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  265.393866][ T5894] gspca_sonixj: reg_w1 err -71
[  265.414655][ T5894] sonixj 5-1:0.0: probe with driver sonixj failed with error -71
[  265.421719][ T5894] usb 5-1: USB disconnect, device number 21
[  265.948508][T12481] trusted_key: syz.4.2596 sent an empty control message without MSG_MORE.
[  266.202592][T12494] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2602'.
[  266.207548][T12494] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2602'.
[  266.273934][ T5946] usb 5-1: new high-speed USB device number 22 using dummy_hcd
[  266.425661][ T5946] usb 5-1: config 0 has an invalid interface number: 229 but max is 0
[  266.428159][ T5946] usb 5-1: config 0 has no interface number 0
[  266.429976][ T5946] usb 5-1: New USB device found, idVendor=0dfc, idProduct=0001, bcdDevice= c.19
[  266.442276][ T5946] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  266.447963][ T5946] usb 5-1: config 0 descriptor??
[  266.654488][ T5946] usb 5-1: USB disconnect, device number 22
[  267.292570][T12549] bridge0: port 2(bridge_slave_1) entered disabled state
[  267.316545][   T33] audit: type=1326 audit(2000524377.011:486): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12553 comm="syz.0.2630" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2449f8ebe9 code=0x7ffc0000
[  267.329609][   T33] audit: type=1326 audit(2000524377.011:487): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12553 comm="syz.0.2630" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2449f8ebe9 code=0x7ffc0000
[  267.341434][T12556] loop4: detected capacity change from 0 to 512
[  267.341664][   T33] audit: type=1326 audit(2000524377.021:488): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12553 comm="syz.0.2630" exe="/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f2449f8ebe9 code=0x7ffc0000
[  267.346732][T12556] EXT4-fs: Ignoring removed oldalloc option
[  267.356007][   T33] audit: type=1326 audit(2000524377.021:489): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12553 comm="syz.0.2630" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2449f8ebe9 code=0x7ffc0000
[  267.370911][   T33] audit: type=1326 audit(2000524377.021:490): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12553 comm="syz.0.2630" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2449f8ebe9 code=0x7ffc0000
[  267.372712][T12556] EXT4-fs error (device loop4): ext4_xattr_inode_iget:433: comm syz.4.2631: Parent and EA inode have the same ino 15
[  267.381182][   T33] audit: type=1326 audit(2000524377.021:491): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12553 comm="syz.0.2630" exe="/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f2449f8ebe9 code=0x7ffc0000
[  267.391747][T12556] EXT4-fs (loop4): Remounting filesystem read-only
[  267.395487][T12556] EXT4-fs warning (device loop4): ext4_evict_inode:274: xattr delete (err -30)
[  267.399118][T12556] EXT4-fs (loop4): 1 orphan inode deleted
[  267.401700][   T33] audit: type=1326 audit(2000524377.021:492): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12553 comm="syz.0.2630" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2449f8ebe9 code=0x7ffc0000
[  267.402814][T12556] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  267.429309][   T33] audit: type=1326 audit(2000524377.021:493): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12553 comm="syz.0.2630" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2449f8ebe9 code=0x7ffc0000
[  267.442894][   T33] audit: type=1326 audit(2000524377.021:494): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12553 comm="syz.0.2630" exe="/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f2449f8ebe9 code=0x7ffc0000
[  267.465236][   T33] audit: type=1326 audit(2000524377.021:495): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12553 comm="syz.0.2630" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2449f8ebe9 code=0x7ffc0000
[  267.489709][ T9457] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  268.647528][T12608] tipc: Enabling of bearer <udp:s> rejected, failed to enable media
[  270.058687][T12647] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  270.404434][ T5894] usb 5-1: new high-speed USB device number 23 using dummy_hcd
[  270.555608][ T5894] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  270.564690][ T5894] usb 5-1: New USB device found, idVendor=1781, idProduct=0938, bcdDevice=9b.49
[  270.567877][ T5894] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  270.570695][ T5894] usb 5-1: Product: syz
[  270.572263][ T5894] usb 5-1: Manufacturer: syz
[  270.574769][ T5894] usb 5-1: SerialNumber: syz
[  270.578815][ T5894] usb 5-1: config 0 descriptor??
[  270.788557][  T793] usb 5-1: USB disconnect, device number 23
[  271.922615][T12748] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2714'.
[  271.925588][T12748] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2714'.
[  272.015671][T12742] loop4: detected capacity change from 0 to 32768
[  272.232667][T12760] loop4: detected capacity change from 0 to 2048
[  272.249393][T12760] loop4: detected capacity change from 0 to 128
[  272.460441][T12766] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512
[  272.471285][T12766] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512
[  272.481358][T12766] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512
[  272.491531][T12766] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512
[  272.511755][T12766] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512
[  272.542585][T12766] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512
[  272.559885][T12766] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512
[  272.584939][T12766] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512
[  272.588517][T12766] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512
[  272.610131][T12766] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512
[  274.602683][T12817] loop4: detected capacity change from 0 to 512
[  274.611497][T12817] EXT4-fs: journaled quota format not specified
[  274.945411][T12817] loop4: detected capacity change from 0 to 8
[  275.225643][T12823] 8021q: VLANs not supported on lo
[  275.328369][T12825] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2748'.
[  275.439073][T12831] binder: 12830:12831 ioctl 40046210 0 returned -14
[  275.563496][T12839] IPv6: addrconf: prefix option has invalid lifetime
[  276.542245][T12872] openvswitch: netlink: IP tunnel attribute has 8 unknown bytes.
[  277.757927][T12891] syz.4.2776 (12891): drop_caches: 2
[  277.975111][T12914] loop4: detected capacity change from 0 to 4096
[  277.978798][T12914] ntfs3(loop4): Different NTFS sector size (4096) and media sector size (512).
[  278.005860][   T33] kauditd_printk_skb: 38 callbacks suppressed
[  278.005871][   T33] audit: type=1800 audit(2000524387.701:534): pid=12914 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.2789" name="file1" dev="loop4" ino=33 res=0 errno=0
[  278.142863][T12923] openvswitch: netlink: IP tunnel attribute has 8 unknown bytes.
[  279.581481][T12943] loop4: detected capacity change from 0 to 131072
[  279.584730][T12943] F2FS-fs (loop4): Segment count (31) mismatch with total segments from devices (0)
[  279.587646][T12943] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  279.591449][T12943] F2FS-fs (loop4): invalid crc value
[  279.629882][T12943] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  279.634518][T12943] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  279.636911][T12943] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4
[  280.573717][   T33] audit: type=1326 audit(2000524390.271:535): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12981 comm="syz.4.2816" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f399bb8ebe9 code=0x7ffc0000
[  280.587461][   T33] audit: type=1326 audit(2000524390.271:536): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12981 comm="syz.4.2816" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f399bb8ebe9 code=0x7ffc0000
[  280.596199][   T33] audit: type=1326 audit(2000524390.271:537): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12981 comm="syz.4.2816" exe="/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7f399bb8ebe9 code=0x7ffc0000
[  280.604522][   T33] audit: type=1326 audit(2000524390.271:538): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12981 comm="syz.4.2816" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f399bb8ebe9 code=0x7ffc0000
[  280.611286][   T33] audit: type=1326 audit(2000524390.271:539): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12981 comm="syz.4.2816" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f399bb8ebe9 code=0x7ffc0000
[  280.621312][   T33] audit: type=1326 audit(2000524390.271:540): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12981 comm="syz.4.2816" exe="/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7f399bb8ebe9 code=0x7ffc0000
[  280.628919][   T33] audit: type=1326 audit(2000524390.271:541): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12981 comm="syz.4.2816" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f399bb8ebe9 code=0x7ffc0000
[  280.635899][   T33] audit: type=1326 audit(2000524390.271:542): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12981 comm="syz.4.2816" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f399bb8ebe9 code=0x7ffc0000
[  280.642655][   T33] audit: type=1326 audit(2000524390.271:543): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12981 comm="syz.4.2816" exe="/syz-executor" sig=0 arch=c000003e syscall=72 compat=0 ip=0x7f399bb8ebe9 code=0x7ffc0000
[  280.833239][  T793] usb 5-1: new high-speed USB device number 24 using dummy_hcd
[  280.983180][  T793] usb 5-1: Using ep0 maxpacket: 16
[  280.989489][  T793] usb 5-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6
[  280.992270][  T793] usb 5-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3
[  280.995140][  T793] usb 5-1: Product: syz
[  280.996457][  T793] usb 5-1: Manufacturer: syz
[  280.997871][  T793] usb 5-1: SerialNumber: syz
[  281.000776][  T793] usb 5-1: config 0 descriptor??
[  281.215241][T12982] netlink: 4388 bytes leftover after parsing attributes in process `syz.4.2816'.
[  281.222263][  T793] usb 5-1: USB disconnect, device number 24
[  281.788000][T13010] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2828'.
[  282.081198][T13038] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2842'.
[  282.116306][T13038] loop4: detected capacity change from 0 to 256
[  282.136582][T13038] FAT-fs (loop4): Directory bread(block 64) failed
[  282.141065][T13038] FAT-fs (loop4): Directory bread(block 65) failed
[  282.146548][T13038] FAT-fs (loop4): Directory bread(block 66) failed
[  282.148569][T13038] FAT-fs (loop4): Directory bread(block 67) failed
[  282.150628][T13038] FAT-fs (loop4): Directory bread(block 68) failed
[  282.152703][T13038] FAT-fs (loop4): Directory bread(block 69) failed
[  282.165020][T13038] FAT-fs (loop4): Directory bread(block 70) failed
[  282.167192][T13038] FAT-fs (loop4): Directory bread(block 71) failed
[  282.169450][T13038] FAT-fs (loop4): Directory bread(block 72) failed
[  282.171427][T13038] FAT-fs (loop4): Directory bread(block 73) failed
[  282.509764][T13059] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2849'.
[  282.525009][T13046] loop4: detected capacity change from 0 to 32768
[  282.556191][T13046] XFS (loop4): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  282.567654][T13046] XFS (loop4): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x50.
[  282.572548][T13046] XFS (loop4): Tail block (0x29) overwrite detected. Updated to 0x30
[  282.581627][T13046] XFS (loop4): Ending clean mount
[  282.620098][ T9457] XFS (loop4): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  282.849869][T13082] sctp_transport_update_pmtu: 48 callbacks suppressed
[  282.849916][T13082] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512
[  282.868147][T13082] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512
[  282.871525][T13082] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512
[  282.896306][T13082] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512
[  282.900478][T13082] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512
[  282.908835][T13082] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512
[  282.925401][T13082] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512
[  282.928948][T13082] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512
[  282.932532][T13082] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512
[  282.946020][T13082] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512
[  283.409637][T13088] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2860'.
[  284.131983][   T33] kauditd_printk_skb: 83 callbacks suppressed
[  284.131995][   T33] audit: type=1800 audit(2000524393.821:627): pid=13114 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2873" name="nullb0" dev="tmpfs" ino=995 res=0 errno=0
[  284.144442][T13106] loop4: detected capacity change from 0 to 32768
[  284.165680][T13106] JBD2: Ignoring recovery information on journal
[  284.198413][T13106] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[  284.212404][   T33] audit: type=1800 audit(2000524393.901:628): pid=13106 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.2869" name="file1" dev="loop4" ino=17058 res=0 errno=0
[  284.486462][T13106] (syz.4.2869,13106,1):ocfs2_dio_end_io:2401 ERROR: Direct IO failed, bytes = -28
[  284.575200][ T9457] ocfs2: Unmounting device (7,4) on (node local)
[  284.940140][T13132] loop4: detected capacity change from 0 to 40427
[  284.942652][T13132] F2FS-fs: quotafile must be on filesystem root
[  284.971053][T13148] netlink: 'syz.3.2887': attribute type 10 has an invalid length.
[  284.992386][T13148] team0: Device veth1_macvtap failed to register rx_handler
[  285.330671][T13162] netlink: 452 bytes leftover after parsing attributes in process `syz.4.2889'.
[  285.786928][T13173] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2895'.
[  285.790038][T13173] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2895'.
[  285.796262][T13174] sctp: [Deprecated]: syz.3.2896 (pid 13174) Use of struct sctp_assoc_value in delayed_ack socket option.
[  285.796262][T13174] Use struct sctp_sack_info instead
[  286.353351][ T5879] usb 5-1: new high-speed USB device number 25 using dummy_hcd
[  286.503138][ T5879] usb 5-1: Using ep0 maxpacket: 16
[  286.506839][ T5879] usb 5-1: too many configurations: 60, using maximum allowed: 8
[  286.521179][ T5879] usb 5-1: New USB device found, idVendor=0471, idProduct=032c, bcdDevice=ba.e9
[  286.524880][ T5879] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=204
[  286.528072][ T5879] usb 5-1: Product: syz
[  286.529767][ T5879] usb 5-1: Manufacturer: syz
[  286.531608][ T5879] usb 5-1: SerialNumber: syz
[  286.537096][ T5879] usb 5-1: config 0 descriptor??
[  286.543680][ T5879] pwc: Philips SPC 880NC USB webcam detected.
[  286.751306][ T5879] pwc: Warning: more than 1 configuration available.
[  286.754425][ T5879] pwc: Failed to set LED on/off time (-71)
[  286.756960][ T5879] pwc: send_video_command error -71
[  286.758914][ T5879] pwc: Failed to set video mode VGA@30 fps; return code = -71
[  286.761761][ T5879] Philips webcam 5-1:0.0: probe with driver Philips webcam failed with error -71
[  286.767679][ T5879] usb 5-1: USB disconnect, device number 25
[  287.352472][T13197] .: renamed from bond0
[  287.693524][   T24] usb 5-1: new high-speed USB device number 26 using dummy_hcd
[  287.843329][   T24] usb 5-1: Using ep0 maxpacket: 32
[  287.847393][   T24] usb 5-1: config 0 interface 0 has no altsetting 0
[  287.852206][   T24] usb 5-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[  287.855345][   T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  287.857880][   T24] usb 5-1: Product: syz
[  287.859173][   T24] usb 5-1: Manufacturer: syz
[  287.860643][   T24] usb 5-1: SerialNumber: syz
[  287.865365][   T24] usb 5-1: config 0 descriptor??
[  288.180948][T13223] lo speed is unknown, defaulting to 1000
[  288.184945][T13223] lo speed is unknown, defaulting to 1000
[  288.187953][T13223] lo speed is unknown, defaulting to 1000
[  288.194586][T13223] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  288.202159][T13223] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  288.219616][T13223] lo speed is unknown, defaulting to 1000
[  288.222549][T13223] lo speed is unknown, defaulting to 1000
[  288.225622][T13223] lo speed is unknown, defaulting to 1000
[  288.278987][   T24] gs_usb 5-1:0.0: Configuring for 2 interfaces
[  288.508605][T13234] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2923'.
[  288.518705][T13234] team0: left allmulticast mode
[  288.520674][T13234] team_slave_0: left allmulticast mode
[  288.522795][T13234] team_slave_1: left allmulticast mode
[  288.525067][T13234] team0: left promiscuous mode
[  288.526858][T13234] team_slave_0: left promiscuous mode
[  288.529207][T13234] team_slave_1: left promiscuous mode
[  288.531525][T13234] bridge0: port 3(team0) entered disabled state
[  288.538442][T13234] bridge_slave_1: left allmulticast mode
[  288.545950][T13234] bridge_slave_1: left promiscuous mode
[  288.548195][T13234] bridge0: port 2(bridge_slave_1) entered disabled state
[  288.566714][T13234] bridge_slave_0: left allmulticast mode
[  288.568799][T13234] bridge_slave_0: left promiscuous mode
[  288.570921][T13234] bridge0: port 1(bridge_slave_0) entered disabled state
[  288.699786][   T24] gs_usb 5-1:0.0: Disabling termination support for channel 0 (-EPROTO)
[  288.751201][   T24] gs_usb 5-1:0.0: Couldn't get bit timing const for channel 1 (-EPROTO)
[  288.807013][   T24] gs_usb 5-1:0.0: probe with driver gs_usb failed with error -71
[  288.812263][   T24] usb 5-1: USB disconnect, device number 26
[  289.557779][T13244] loop4: detected capacity change from 0 to 32768
[  289.568680][T13244] JBD2: Ignoring recovery information on journal
[  289.624914][T13244] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[  289.689651][ T9457] ocfs2: Unmounting device (7,4) on (node local)
[  289.996733][T13264] input: syz0 as /devices/virtual/input/input14
[  290.287758][T13271] loop4: detected capacity change from 0 to 32768
[  290.294763][T13271] XFS (loop4): DAX unsupported by block device. Turning off DAX.
[  290.298415][T13271] XFS (loop4): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  290.315924][T13271] XFS (loop4): Ending clean mount
[  290.321333][T13271] XFS (loop4): Quotacheck needed: Please wait.
[  290.370727][T13271] XFS (loop4): Quotacheck: Done.
[  290.379059][   T33] audit: type=1804 audit(2000524400.071:629): pid=13271 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.2940" name="/newroot/365/file0/file1" dev="loop4" ino=6150 res=1 errno=0
[  290.407716][ T9457] XFS (loop4): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  290.692423][T13283] loop4: detected capacity change from 0 to 2048
[  290.701516][T13286] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  291.063073][  T793] usb 5-1: new full-speed USB device number 27 using dummy_hcd
[  291.226364][  T793] usb 5-1: unable to get BOS descriptor or descriptor too short
[  291.229815][  T793] usb 5-1: not running at top speed; connect to a high speed hub
[  291.234074][  T793] usb 5-1: config 2 has an invalid interface number: 212 but max is 1
[  291.237618][  T793] usb 5-1: config 2 has an invalid interface number: 226 but max is 1
[  291.240706][  T793] usb 5-1: config 2 has no interface number 0
[  291.244606][  T793] usb 5-1: config 2 has no interface number 1
[  291.247134][  T793] usb 5-1: config 2 interface 212 altsetting 9 endpoint 0x1 has invalid maxpacket 512, setting to 64
[  291.252069][  T793] usb 5-1: config 2 interface 226 altsetting 0 has a duplicate endpoint with address 0x1, skipping
[  291.257665][  T793] usb 5-1: config 2 interface 226 altsetting 0 endpoint 0x85 has invalid maxpacket 37745, setting to 64
[  291.262208][  T793] usb 5-1: config 2 interface 226 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[  291.266419][  T793] usb 5-1: config 2 interface 226 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  291.271281][  T793] usb 5-1: config 2 interface 212 has no altsetting 0
[  291.278121][  T793] usb 5-1: New USB device found, idVendor=0738, idProduct=4540, bcdDevice=c6.ce
[  291.281539][  T793] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  291.285053][  T793] usb 5-1: Product: syz
[  291.286631][  T793] usb 5-1: Manufacturer: syz
[  291.288392][  T793] usb 5-1: SerialNumber: syz
[  291.516462][  T793] input: Mad Catz Beat Pad as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:2.226/input/input15
[  291.529879][T13302] netlink: 'syz.3.2952': attribute type 1 has an invalid length.
[  291.547603][  T793] usb 5-1: USB disconnect, device number 27
[  291.558434][T13302] netlink: 'syz.3.2952': attribute type 2 has an invalid length.
[  291.563820][T13302] netlink: 'syz.3.2952': attribute type 1 has an invalid length.
[  291.566259][T13302] netlink: 'syz.3.2952': attribute type 2 has an invalid length.
[  292.069481][T13335] netlink: 'syz.3.2968': attribute type 29 has an invalid length.
[  292.075608][T13335] netlink: 'syz.3.2968': attribute type 29 has an invalid length.
[  292.080514][T13335] netlink: 500 bytes leftover after parsing attributes in process `syz.3.2968'.
[  292.583096][ T5879] usb 5-1: new high-speed USB device number 28 using dummy_hcd
[  292.737129][ T5879] usb 5-1: New USB device found, idVendor=0572, idProduct=cb01, bcdDevice=26.65
[  292.740544][ T5879] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  292.743434][ T5879] usb 5-1: Product: syz
[  292.744869][ T5879] usb 5-1: Manufacturer: syz
[  292.746494][ T5879] usb 5-1: SerialNumber: syz
[  292.750566][ T5879] usb 5-1: config 0 descriptor??
[  292.962928][ T5879] usb 5-1: ignoring: probably an ADSL modem
[  293.374521][ T5879] cxacru 5-1:0.0: usbatm_usb_probe: bind failed: -19!
[  293.409391][T13390] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  293.569265][ T5844] Bluetooth: hci2: unexpected event for opcode 0x2042
[  293.577691][ T5946] usb 5-1: USB disconnect, device number 28
[  294.268659][ T5879] IPVS: starting estimator thread 0...
[  294.271794][T13411] IPVS: sed: SCTP 172.20.20.187:0 - no destination available
[  294.353102][T13413] IPVS: using max 62 ests per chain, 148800 per kthread
[  294.381014][T13426] loop4: detected capacity change from 0 to 256
[  294.392882][T13426] FAT-fs (loop4): Directory bread(block 64) failed
[  294.399271][T13426] FAT-fs (loop4): Directory bread(block 65) failed
[  294.401845][T13426] FAT-fs (loop4): Directory bread(block 66) failed
[  294.403992][T13426] FAT-fs (loop4): Directory bread(block 67) failed
[  294.406238][T13426] FAT-fs (loop4): Directory bread(block 68) failed
[  294.408302][T13426] FAT-fs (loop4): Directory bread(block 69) failed
[  294.410447][T13426] FAT-fs (loop4): Directory bread(block 70) failed
[  294.412886][T13426] FAT-fs (loop4): Directory bread(block 71) failed
[  294.416789][T13426] FAT-fs (loop4): Directory bread(block 72) failed
[  294.419378][T13426] FAT-fs (loop4): Directory bread(block 73) failed
[  294.475427][T13428] overlayfs: conflicting lowerdir path
[  294.841526][ T5879] IPVS: starting estimator thread 0...
[  294.945446][T13438] IPVS: using max 61 ests per chain, 146400 per kthread
[  295.585578][T13454] netlink: 'syz.3.3018': attribute type 1 has an invalid length.
[  295.588385][T13454] netlink: 'syz.3.3018': attribute type 4 has an invalid length.
[  295.591382][T13454] netlink: 9462 bytes leftover after parsing attributes in process `syz.3.3018'.
[  295.609268][T13454] netlink: 'syz.3.3018': attribute type 1 has an invalid length.
[  295.612122][T13454] netlink: 'syz.3.3018': attribute type 4 has an invalid length.
[  295.632392][T13454] netlink: 9462 bytes leftover after parsing attributes in process `syz.3.3018'.
[  295.656837][T13452] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  295.768653][T13452] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  295.871327][T13452] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  295.945113][T13452] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  296.074925][ T5713] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  296.101496][ T5713] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  296.121371][ T5713] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  296.139012][ T5713] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  296.414410][T13497] syz.4.3038 (13497) used obsolete PPPIOCDETACH ioctl
[  297.139848][T13505] overlayfs: failed to clone upperpath
[  297.822504][T13533] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3054'.
[  297.852399][T13535] loop4: detected capacity change from 0 to 128
[  297.865548][T13535] EXT4-fs: Ignoring removed nobh option
[  297.871099][T13535] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  297.880882][T13535] ext4 filesystem being mounted at /386/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  297.919260][ T9457] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  298.853757][T13557] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3063'.
[  298.857182][T13557] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3063'.
[  298.860546][T13557] netlink: 108 bytes leftover after parsing attributes in process `syz.4.3063'.
[  298.933746][T13559] loop4: detected capacity change from 0 to 512
[  298.971793][T13559] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  298.977004][T13559] ext4 filesystem being mounted at /389/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  299.066624][ T9457] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  299.261640][T13575] loop4: detected capacity change from 0 to 256
[  299.283601][T13575] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256
[  299.292493][T13575] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=512, location=512
[  299.299857][T13575] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found
[  299.302694][T13575] UDF-fs: Scanning with blocksize 512 failed
[  299.308620][T13575] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256
[  299.317104][T13575] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  299.317576][T13579] netlink: 'syz.3.3072': attribute type 1 has an invalid length.
[  299.325684][T13579] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3072'.
[  299.401321][T13575] overlay: ./file1 is not a directory
[  299.809905][T13614] loop4: detected capacity change from 0 to 256
[  299.818848][T13614] exfat: Unknown parameter 'reep_last_dots'
[  299.987031][T13614] loop4: detected capacity change from 0 to 32768
[  299.989370][T13614] ocfs2: Unknown parameter 'journal_async_'
[  301.003506][T13666] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3113'.
[  301.214010][T13671] lo speed is unknown, defaulting to 1000
[  301.343304][   T33] audit: type=1800 audit(2000524411.031:630): pid=13675 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.3116" name="nullb0" dev="tmpfs" ino=995 res=0 errno=0
[  302.322840][T13693] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3124'.
[  302.437601][T13697] loop4: detected capacity change from 0 to 2048
[  302.440398][T13697] udf: Unknown parameter 'GzubAZWσ'
[  303.956252][T13735] loop4: detected capacity change from 0 to 164
[  303.968966][T13735] rock: directory entry would overflow storage
[  303.971011][T13735] rock: sig=0x4f50, size=4, remaining=3
[  303.977758][T13735] isofs: Unable to find the ".." directory for NFS.
[  304.483574][ T5946] usb 5-1: new high-speed USB device number 29 using dummy_hcd
[  304.634316][ T5946] usb 5-1: Using ep0 maxpacket: 8
[  304.650673][ T5946] usb 5-1: unable to get BOS descriptor or descriptor too short
[  304.658323][ T5946] usb 5-1: config 2 has an invalid interface number: 164 but max is 0
[  304.662856][ T5946] usb 5-1: config 2 has no interface number 0
[  304.667762][ T5946] usb 5-1: config 2 interface 164 has no altsetting 0
[  304.675695][ T5946] usb 5-1: New USB device found, idVendor=0424, idProduct=9730, bcdDevice=50.16
[  304.679192][ T5946] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  304.682748][ T5946] usb 5-1: Product: syz
[  304.687064][ T5946] usb 5-1: Manufacturer: syz
[  304.688933][ T5946] usb 5-1: SerialNumber: syz
[  304.905281][ T5946] smsc95xx v2.0.0
[  304.906482][ T5946] smsc95xx 5-1:2.164 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[  304.909679][ T5946] smsc95xx 5-1:2.164: probe with driver smsc95xx failed with error -22
[  304.922669][ T5946] usb 5-1: USB disconnect, device number 29
[  305.356059][T13797] bridge0: the hash_elasticity option has been deprecated and is always 16
[  305.953116][ T5909] usb 5-1: new high-speed USB device number 30 using dummy_hcd
[  306.106417][ T5909] usb 5-1: New USB device found, idVendor=1b80, idProduct=e396, bcdDevice=a7.b1
[  306.110794][ T5909] usb 5-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  306.115787][ T5909] usb 5-1: Manufacturer: syz
[  306.120184][ T5909] usb 5-1: config 0 descriptor??
[  306.329154][ T5909] usb 5-1: dvb_usb_v2: usb_bulk_msg() failed=-22
[  306.334466][ T5909] dvb_usb_af9015 5-1:0.0: probe with driver dvb_usb_af9015 failed with error -22
[  306.338600][ T5909] usb 5-1: USB disconnect, device number 30
[  306.898956][T13862] loop4: detected capacity change from 0 to 256
[  307.241895][T13881] netlink: 11 bytes leftover after parsing attributes in process `syz.0.3211'.
[  307.702743][T13914] loop4: detected capacity change from 0 to 4096
[  307.706128][T13914] ntfs3(loop4): Different NTFS sector size (2048) and media sector size (512).
[  307.825994][T13924] loop4: detected capacity change from 0 to 1024
[  307.851900][ T3655] hfsplus: b-tree write err: -5, ino 4
[  307.929369][T13930] netlink: 'syz.0.3234': attribute type 4 has an invalid length.
[  307.959533][T13932] ntfs3(nullb0): Primary boot signature is not NTFS.
[  307.961992][T13932] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00
[  307.989516][T13933] netlink: 'syz.0.3234': attribute type 4 has an invalid length.
[  308.007493][   T47] lo speed is unknown, defaulting to 1000
[  308.012507][   T47] syz2: Port: 1 Link DOWN
[  308.020028][   T47] lo speed is unknown, defaulting to 1000
[  308.021850][   T47] syz2: Port: 1 Link ACTIVE
[  308.197686][T13947] loop4: detected capacity change from 0 to 1024
[  308.200334][T13947] EXT4-fs: Ignoring removed nobh option
[  308.202199][T13947] EXT4-fs: Ignoring removed bh option
[  308.253968][T13947] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  308.311988][ T9457] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  308.376216][T13962] loop4: detected capacity change from 0 to 128
[  309.411890][T13976] loop4: detected capacity change from 0 to 40427
[  309.428181][T13976] F2FS-fs (loop4): Wrong SSA boundary, start(3584) end(4096) blocks(0)
[  309.433297][T13976] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  309.441159][T13976] F2FS-fs (loop4): build fault injection type: 0x6
[  309.456616][T13976] F2FS-fs (loop4): invalid crc value
[  309.536795][T13983] Invalid option length (1047378) for dns_resolver key
[  309.578058][T13976] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  309.623715][T13976] F2FS-fs (loop4): Start checkpoint disabled!
[  309.630640][T13976] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  309.632846][T13976] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6
[  309.677695][T13976] syz.4.3253: attempt to access beyond end of device
[  309.677695][T13976] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  310.099432][ T3655] kworker/u10:5: attempt to access beyond end of device
[  310.099432][ T3655] loop4: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  310.114450][ T3655] CPU: 1 UID: 0 PID: 3655 Comm: kworker/u10:5 Not tainted syzkaller #0 PREEMPT(full) 
[  310.114465][ T3655] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  310.114472][ T3655] Workqueue: writeback wb_workfn (flush-7:4)
[  310.114489][ T3655] Call Trace:
[  310.114494][ T3655]  <TASK>
[  310.114499][ T3655]  dump_stack_lvl+0x189/0x250
[  310.114515][ T3655]  ? __pfx_dump_stack_lvl+0x10/0x10
[  310.114525][ T3655]  ? __pfx_queue_work_on+0x10/0x10
[  310.114534][ T3655]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  310.114547][ T3655]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  310.114563][ T3655]  f2fs_handle_critical_error+0x37c/0x540
[  310.114581][ T3655]  f2fs_write_end_io+0x886/0xb60
[  310.114599][ T3655]  __submit_merged_bio+0x27a/0x6a0
[  310.114614][ T3655]  __submit_merged_write_cond+0x255/0x530
[  310.114629][ T3655]  f2fs_write_data_pages+0x261d/0x3000
[  310.114659][ T3655]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  310.114678][ T3655]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  310.114705][ T3655]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  310.114723][ T3655]  ? trace_f2fs_writepages+0x7f/0x200
[  310.114735][ T3655]  ? f2fs_write_node_pages+0x478/0x6e0
[  310.114748][ T3655]  ? __pfx_f2fs_write_node_pages+0x10/0x10
[  310.114767][ T3655]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  310.114779][ T3655]  do_writepages+0x32e/0x550
[  310.114793][ T3655]  ? reacquire_held_locks+0x127/0x1d0
[  310.114802][ T3655]  ? writeback_sb_inodes+0x384/0x1010
[  310.114818][ T3655]  __writeback_single_inode+0x145/0xff0
[  310.114828][ T3655]  ? do_raw_spin_unlock+0x4d/0x240
[  310.114840][ T3655]  writeback_sb_inodes+0x6c7/0x1010
[  310.114864][ T3655]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  310.114897][ T3655]  ? rcu_is_watching+0x15/0xb0
[  310.114911][ T3655]  wb_writeback+0x43b/0xaf0
[  310.114925][ T3655]  ? queue_io+0x321/0x590
[  310.114937][ T3655]  ? __pfx_wb_writeback+0x10/0x10
[  310.114952][ T3655]  ? _raw_spin_unlock_irq+0x23/0x50
[  310.114964][ T3655]  wb_workfn+0x409/0xef0
[  310.114980][ T3655]  ? __pfx_wb_workfn+0x10/0x10
[  310.115015][ T3655]  ? __lock_acquire+0xab9/0xd20
[  310.115033][ T3655]  ? process_scheduled_works+0x9ef/0x17b0
[  310.115046][ T3655]  ? _raw_spin_unlock_irq+0x23/0x50
[  310.115055][ T3655]  ? process_scheduled_works+0x9ef/0x17b0
[  310.115062][ T3655]  ? process_scheduled_works+0x9ef/0x17b0
[  310.115071][ T3655]  process_scheduled_works+0xae1/0x17b0
[  310.115095][ T3655]  ? __pfx_process_scheduled_works+0x10/0x10
[  310.115112][ T3655]  worker_thread+0x8a0/0xda0
[  310.115123][ T3655]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  310.115137][ T3655]  ? __kthread_parkme+0x7b/0x200
[  310.115153][ T3655]  kthread+0x711/0x8a0
[  310.115164][ T3655]  ? __pfx_worker_thread+0x10/0x10
[  310.115172][ T3655]  ? __pfx_kthread+0x10/0x10
[  310.115183][ T3655]  ? _raw_spin_unlock_irq+0x23/0x50
[  310.115193][ T3655]  ? lockdep_hardirqs_on+0x9c/0x150
[  310.115203][ T3655]  ? __pfx_kthread+0x10/0x10
[  310.115213][ T3655]  ret_from_fork+0x3fc/0x770
[  310.115226][ T3655]  ? __pfx_ret_from_fork+0x10/0x10
[  310.115244][ T3655]  ? __switch_to_asm+0x39/0x70
[  310.115260][ T3655]  ? __switch_to_asm+0x33/0x70
[  310.115272][ T3655]  ? __pfx_kthread+0x10/0x10
[  310.115283][ T3655]  ret_from_fork_asm+0x1a/0x30
[  310.115302][ T3655]  </TASK>
[  310.115307][ T3655] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  310.457463][T14023] loop4: detected capacity change from 0 to 256
[  310.472558][T14023] FAT-fs (loop4): Directory bread(block 64) failed
[  310.475451][T14023] FAT-fs (loop4): Directory bread(block 65) failed
[  310.477650][T14023] FAT-fs (loop4): Directory bread(block 66) failed
[  310.479681][T14023] FAT-fs (loop4): Directory bread(block 67) failed
[  310.481738][T14023] FAT-fs (loop4): Directory bread(block 68) failed
[  310.487234][T14023] FAT-fs (loop4): Directory bread(block 69) failed
[  310.489618][T14023] FAT-fs (loop4): Directory bread(block 70) failed
[  310.491661][T14023] FAT-fs (loop4): Directory bread(block 71) failed
[  310.493813][T14023] FAT-fs (loop4): Directory bread(block 72) failed
[  310.496042][T14023] FAT-fs (loop4): Directory bread(block 73) failed
[  310.549874][T14031] loop4: detected capacity change from 0 to 8
[  310.571982][T14031] SQUASHFS error: Unable to read directory block [249:c]
[  311.327996][   T33] audit: type=1326 audit(2000524421.021:631): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14058 comm="syz.3.3291" exe="/syz-executor" sig=31 arch=c000003e syscall=39 compat=0 ip=0x7efc1f785ba7 code=0x0
[  311.533372][T14061] loop4: detected capacity change from 0 to 4096
[  311.548604][T14062] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  311.776334][T14072] x_tables: ip_tables: DSCP target: only valid in mangle table, not syz0
[  311.908258][T14080] loop4: detected capacity change from 0 to 4096
[  311.915095][T14080] ntfs3(loop4): It is recommened to use chkdsk.
[  311.918522][T14080] ntfs3(loop4): try to read out of volume at offset 0x3fffffc0c00
[  311.921681][T14080] ntfs3(loop4): try to read out of volume at offset 0x3fffffc0c00
[  311.925498][T14080] ntfs3(loop4): try to read out of volume at offset 0x3fffffc0c00
[  311.928519][T14080] ntfs3(loop4): try to read out of volume at offset 0x3fffffc0c00
[  311.931460][T14080] ntfs3(loop4): try to read out of volume at offset 0x3fffffc1c00
[  311.935391][T14080] ntfs3(loop4): try to read out of volume at offset 0x3fffffc2c00
[  311.939382][T14080] ntfs3(loop4): try to read out of volume at offset 0x3fffffc4c00
[  311.941999][T14080] ntfs3(loop4): try to read out of volume at offset 0x3fffffc8c00
[  311.946333][T14080] ntfs3(loop4): try to read out of volume at offset 0x3fffffd0c00
[  312.011606][T14081] delete_channel: no stack
[  312.202305][T14088] overlay: Unknown parameter 'subj_role'
[  312.373284][ T5909] usb 5-1: new high-speed USB device number 31 using dummy_hcd
[  312.486717][T14094] ecryptfs_validate_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README
[  312.491516][T14094] Error validating options; rc = [-22]
[  312.524337][ T5909] usb 5-1: Using ep0 maxpacket: 16
[  312.535109][ T5909] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  312.539183][ T5909] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  312.543461][ T5909] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  312.548516][ T5909] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  312.552461][ T5909] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  312.559192][ T5909] usb 5-1: config 0 descriptor??
[  312.982450][ T5909] microsoft 0003:045E:07DA.0011: unknown main item tag 0x0
[  312.985613][ T5909] microsoft 0003:045E:07DA.0011: ignoring exceeding usage max
[  312.990432][ T5909] microsoft 0003:045E:07DA.0011: unknown main item tag 0x0
[  313.001014][ T5909] microsoft 0003:045E:07DA.0011: unknown main item tag 0x0
[  313.008279][ T5909] microsoft 0003:045E:07DA.0011: unknown main item tag 0x0
[  313.013407][ T5909] microsoft 0003:045E:07DA.0011: unknown main item tag 0x0
[  313.020840][ T5909] microsoft 0003:045E:07DA.0011: unknown main item tag 0x0
[  313.024228][ T5909] microsoft 0003:045E:07DA.0011: unknown main item tag 0x0
[  313.033108][ T5909] microsoft 0003:045E:07DA.0011: unknown main item tag 0x0
[  313.036414][ T5909] microsoft 0003:045E:07DA.0011: unknown main item tag 0x0
[  313.041236][ T5909] microsoft 0003:045E:07DA.0011: unknown main item tag 0x0
[  313.046317][ T5909] microsoft 0003:045E:07DA.0011: unsupported Resolution Multiplier 0
[  313.177194][ T5909] microsoft 0003:045E:07DA.0011: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.4-1/input0
[  313.181702][ T5909] microsoft 0003:045E:07DA.0011: no inputs found
[  313.187344][ T5909] microsoft 0003:045E:07DA.0011: could not initialize ff, continuing anyway
[  313.197796][ T5909] usb 5-1: USB disconnect, device number 31
[  313.605763][T14142] netlink: 'syz.0.3332': attribute type 1 has an invalid length.
[  315.107850][T14213] CIFS mount error: No usable UNC path provided in device string!
[  315.107850][T14213] 
[  315.111322][T14213] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  316.788248][ T1363] ieee802154 phy0 wpan0: encryption failed: -22
[  316.790883][ T1363] ieee802154 phy1 wpan1: encryption failed: -22
[  318.101086][T14307] loop4: detected capacity change from 0 to 512
[  318.105213][T14307] EXT4-fs: Ignoring removed nomblk_io_submit option
[  318.107845][T14307] EXT4-fs: Mount option(s) incompatible with ext3
[  318.127114][T14307] gfs2: Unexpected value for 'barrier'
[  318.439106][T14337] loop4: detected capacity change from 0 to 256
[  319.739570][T14390] bridge0: port 1(bridge_slave_0) entered disabled state
[  319.819657][T14390] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  319.831298][T14390] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  320.060771][T14390] gretap1: left promiscuous mode
[  320.067402][   T12] netdevsim netdevsim4 eth0: unset [1, 0] type 2 family 0 port 6081 - 0
[  320.070464][   T12] netdevsim netdevsim4 eth1: unset [1, 0] type 2 family 0 port 6081 - 0
[  320.074560][   T12] netdevsim netdevsim4 eth2: unset [1, 0] type 2 family 0 port 6081 - 0
[  320.087485][   T12] netdevsim netdevsim4 eth3: unset [1, 0] type 2 family 0 port 6081 - 0
[  320.247540][T14402] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3450'.
[  320.563090][ T5946] usb 5-1: new high-speed USB device number 32 using dummy_hcd
[  320.746465][ T5946] usb 5-1: New USB device found, idVendor=2133, idProduct=0018, bcdDevice= 0.00
[  320.750097][ T5946] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  320.759319][ T5946] usb 5-1: config 0 descriptor??
[  320.928978][T14419] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3458'.
[  321.046253][T14423] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'syz0'
[  321.086174][T14425] netlink: 16186 bytes leftover after parsing attributes in process `syz.3.3461'.
[  321.141606][T14429] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3463'.
[  321.182578][ T5946] hid_parser_main: 1 callbacks suppressed
[  321.182621][ T5946] viewsonic 0003:2133:0018.0012: unknown main item tag 0x0
[  321.188569][ T5946] viewsonic 0003:2133:0018.0012: item fetching failed at offset 3/5
[  321.192339][ T5946] viewsonic 0003:2133:0018.0012: probe with driver viewsonic failed with error -22
[  321.348662][ T5844] Bluetooth: hci0: Malformed MSFT vendor event: 0x02
[  321.435682][T14449] tmpfs: User quota block hardlimit too large.
[  321.616403][T14459] netlink: 'syz.0.3478': attribute type 1 has an invalid length.
[  321.841895][T14474] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3485'.
[  322.098424][T14489] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3491'.
[  322.225750][T14497] netlink: 'syz.3.3496': attribute type 2 has an invalid length.
[  322.228906][T14497] netlink: 'syz.3.3496': attribute type 1 has an invalid length.
[  322.231890][T14497] netlink: 152 bytes leftover after parsing attributes in process `syz.3.3496'.
[  323.336934][T14536] devpts: Bad value for 'max'
[  323.344624][ T5946] usb 5-1: USB disconnect, device number 32
[  323.558805][T14557] loop4: detected capacity change from 0 to 128
[  323.570643][   T33] audit: type=1800 audit(2000524433.261:632): pid=14557 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.3520" name="file1" dev="loop4" ino=1048648 res=0 errno=0
[  323.594224][T14557] FAT-fs (loop4): error, fat_free: invalid cluster chain (i_pos 52)
[  323.596831][T14557] FAT-fs (loop4): Filesystem has been set read-only
[  324.123565][ T5946] usb 5-1: new high-speed USB device number 33 using dummy_hcd
[  324.495496][ T5946] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  324.498950][ T5946] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  324.502154][ T5946] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00
[  324.505435][ T5946] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  324.509631][ T5946] usb 5-1: config 0 descriptor??
[  324.919720][ T5946] pyra 0003:1E7D:2CF6.0013: unknown main item tag 0x0
[  324.922213][ T5946] pyra 0003:1E7D:2CF6.0013: unknown main item tag 0x0
[  324.924815][ T5946] pyra 0003:1E7D:2CF6.0013: unknown main item tag 0x0
[  324.926985][ T5946] pyra 0003:1E7D:2CF6.0013: unknown main item tag 0x0
[  324.929153][ T5946] pyra 0003:1E7D:2CF6.0013: unknown main item tag 0x0
[  324.931256][ T5946] pyra 0003:1E7D:2CF6.0013: unknown main item tag 0x0
[  324.933734][ T5946] pyra 0003:1E7D:2CF6.0013: unknown main item tag 0x0
[  324.937558][ T5946] pyra 0003:1E7D:2CF6.0013: hidraw0: USB HID v0.00 Device [HID 1e7d:2cf6] on usb-dummy_hcd.4-1/input0
[  325.286994][   T33] audit: type=1800 audit(2000524434.981:633): pid=14601 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.3540" name="nullb0" dev="tmpfs" ino=995 res=0 errno=0
[  325.857055][T14626] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3550'.
[  325.917820][ T5844] Bluetooth: hci0: unexpected event 0x09 length: 10 > 3
[  325.922643][ T5946] pyra 0003:1E7D:2CF6.0013: couldn't init struct pyra_device
[  325.928868][ T5946] pyra 0003:1E7D:2CF6.0013: couldn't install mouse
[  325.937159][ T5946] pyra 0003:1E7D:2CF6.0013: probe with driver pyra failed with error -71
[  325.946659][ T5946] usb 5-1: USB disconnect, device number 33
[  326.067607][T14642] netlink: 212376 bytes leftover after parsing attributes in process `syz.0.3558'.
[  326.240226][T14652] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3562'.
[  326.288020][T14655] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3563'.
[  326.707681][T14670] loop4: detected capacity change from 0 to 512
[  326.717350][T14670] EXT4-fs (loop4): orphan cleanup on readonly fs
[  326.719754][ T5946] libceph: connect (1)[c::]:6789 error -101
[  326.719977][T14670] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -13
[  326.725100][T14670] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters
[  326.737230][T14670] EXT4-fs error (device loop4): ext4_clear_blocks:876: inode #13: comm syz.4.3568: attempt to clear invalid blocks 2 len 1
[  326.739751][ T5946] libceph: mon0 (1)[c::]:6789 connect error
[  326.744518][T14670] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #13: comm syz.4.3568: invalid indirect mapped block 1819239214 (level 0)
[  326.750782][T14670] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #13: comm syz.4.3568: invalid indirect mapped block 1819239214 (level 1)
[  326.757250][T14670] EXT4-fs (loop4): 1 truncate cleaned up
[  326.760981][T14670] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  326.786267][T14673] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3569'.
[  326.790855][ T9457] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  327.018134][ T5946] libceph: connect (1)[c::]:6789 error -101
[  327.021513][ T5946] libceph: mon0 (1)[c::]:6789 connect error
[  327.323410][   T33] audit: type=1326 audit(2000524437.011:634): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14683 comm="syz.4.3574" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f399bb8ebe9 code=0x7ffc0000
[  327.335851][   T33] audit: type=1326 audit(2000524437.011:635): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14683 comm="syz.4.3574" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f399bb8ebe9 code=0x7ffc0000
[  327.344295][   T33] audit: type=1326 audit(2000524437.011:636): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14683 comm="syz.4.3574" exe="/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f399bb8ebe9 code=0x7ffc0000
[  327.352284][   T33] audit: type=1326 audit(2000524437.021:637): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14683 comm="syz.4.3574" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f399bb8ebe9 code=0x7ffc0000
[  327.362059][   T33] audit: type=1326 audit(2000524437.021:638): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14683 comm="syz.4.3574" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f399bb8ebe9 code=0x7ffc0000
[  327.369896][   T33] audit: type=1326 audit(2000524437.021:639): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14683 comm="syz.4.3574" exe="/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f399bb90b07 code=0x7ffc0000
[  327.379329][   T33] audit: type=1326 audit(2000524437.021:640): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14683 comm="syz.4.3574" exe="/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7f399bb90a7c code=0x7ffc0000
[  327.452078][   T33] audit: type=1326 audit(2000524437.031:641): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14683 comm="syz.4.3574" exe="/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7f399bb909b4 code=0x7ffc0000
[  327.465839][T14690] pim6reg: entered allmulticast mode
[  327.560660][ T5946] libceph: connect (1)[c::]:6789 error -101
[  327.568029][ T5946] libceph: mon0 (1)[c::]:6789 connect error
[  328.196249][T14692] loop4: detected capacity change from 0 to 32768
[  328.201126][T14692] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.3576 (14692)
[  328.211131][T14692] BTRFS info (device loop4): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  328.219071][T14692] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm
[  328.222805][T14692] BTRFS info (device loop4): using free-space-tree
[  328.271890][T14692] BTRFS info (device loop4): rebuilding free space tree
[  328.319809][ T9457] BTRFS info (device loop4): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  328.479025][   T47] libceph: connect (1)[c::]:6789 error -101
[  328.487216][   T47] libceph: mon0 (1)[c::]:6789 connect error
[  328.793929][  T793] usb 5-1: new high-speed USB device number 34 using dummy_hcd
[  328.954447][  T793] usb 5-1: Using ep0 maxpacket: 32
[  328.957788][  T793] usb 5-1: config 0 has an invalid interface number: 58 but max is 27
[  328.960585][  T793] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  328.963923][  T793] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 28
[  328.967223][  T793] usb 5-1: config 0 has no interface number 0
[  328.969216][  T793] usb 5-1: config 0 interface 58 altsetting 0 endpoint 0x6 has invalid maxpacket 56166, setting to 64
[  328.972703][  T793] usb 5-1: config 0 interface 58 altsetting 0 endpoint 0x7 has invalid maxpacket 64800, setting to 64
[  328.976491][  T793] usb 5-1: config 0 interface 58 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  328.980423][  T793] usb 5-1: config 0 interface 58 altsetting 0 endpoint 0x8 has an invalid bInterval 0, changing to 7
[  328.984249][  T793] usb 5-1: config 0 interface 58 altsetting 0 endpoint 0x8 has invalid wMaxPacketSize 0
[  328.987528][  T793] usb 5-1: config 0 interface 58 altsetting 0 has 5 endpoint descriptors, different from the interface descriptor's value: 6
[  328.995026][  T793] usb 5-1: New USB device found, idVendor=05ac, idProduct=021c, bcdDevice=5c.24
[  328.998206][  T793] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  329.001336][  T793] usb 5-1: Product: syz
[  329.003135][  T793] usb 5-1: Manufacturer: syz
[  329.005183][  T793] usb 5-1: SerialNumber: syz
[  329.008505][  T793] usb 5-1: config 0 descriptor??
[  329.222703][  T793] appletouch 5-1:0.58: Could not find int-in endpoint
[  329.225215][  T793] appletouch 5-1:0.58: probe with driver appletouch failed with error -5
[  329.228277][  T793] usbhid 5-1:0.58: couldn't find an input interrupt endpoint
[  329.234240][  T793] usb 5-1: USB disconnect, device number 34
[  329.302731][T14666] ceph: No mds server is up or the cluster is laggy
[  329.705274][T14729] netlink: 14 bytes leftover after parsing attributes in process `syz.3.3587'.
[  329.901025][T14729] . (unregistering): (slave bond_slave_0): Releasing backup interface
[  329.904126][T14729] bond_slave_0: left promiscuous mode
[  329.909385][T14729] . (unregistering): (slave bond_slave_1): Releasing backup interface
[  329.915040][T14729] bond_slave_1: left promiscuous mode
[  329.920955][T14729] . (unregistering): (slave batadv0): Releasing backup interface
[  329.925131][T14729] batadv0: left promiscuous mode
[  329.936264][T14729] . (unregistering): Released all slaves
[  330.059031][T14747] futex_wake_op: syz.3.3595 tries to shift op by 32; fix this program
[  330.163715][T14754] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3598'.
[  331.151504][T14791] IPVS: Scheduler module ip_vs_sip not found
[  331.167601][T14791] IPVS: length: 146 != 8
[  331.836855][   T33] kauditd_printk_skb: 9 callbacks suppressed
[  331.836870][   T33] audit: type=1326 audit(2000524441.451:651): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14777 comm="syz.3.3610" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc1f78ebe9 code=0x7fc00000
[  331.914787][T14815] loop4: detected capacity change from 0 to 22
[  331.917437][T14815] MTD: Attempt to mount non-MTD device "/dev/loop4"
[  331.937019][T14815] romfs: Mounting image 'rom 637cf1fa' through the block layer
[  332.051496][T14825] usb usb1: usbfs: process 14825 (syz.4.3629) did not claim interface 0 before use
[  332.309120][T14839] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3636'.
[  332.367058][T14841] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3637'.
[  332.518291][T14854] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3643'.
[  332.521815][T14854] veth0_to_bond: entered allmulticast mode
[  332.617611][T14860] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  332.618553][T14862] overlayfs: failed to clone upperpath
[  332.702628][T14872] loop4: detected capacity change from 0 to 64
[  332.731578][T14870] Trying to free block not in datazone
[  333.021141][T14882] loop4: detected capacity change from 0 to 32768
[  333.025538][T14882] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.3657 (14882)
[  333.032851][T14882] BTRFS info (device loop4): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  333.038067][T14882] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm
[  333.041585][T14882] BTRFS info (device loop4): disk space caching is enabled
[  333.044727][T14882] BTRFS warning (device loop4): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  333.069334][T14882] BTRFS info (device loop4): rebuilding free space tree
[  333.080474][T14882] BTRFS info (device loop4): disabling free space tree
[  333.083157][T14882] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  333.086689][T14882] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  333.124849][ T9457] BTRFS info (device loop4): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  333.348356][T14901] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  333.387271][T14907] loop4: detected capacity change from 0 to 16
[  333.412003][   T33] audit: type=1326 audit(2000524443.101:652): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14910 comm="syz.3.3663" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc1f78ebe9 code=0x7ffc0000
[  333.425467][   T33] audit: type=1326 audit(2000524443.101:653): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14910 comm="syz.3.3663" exe="/syz-executor" sig=0 arch=c000003e syscall=161 compat=0 ip=0x7efc1f78ebe9 code=0x7ffc0000
[  333.434585][   T33] audit: type=1326 audit(2000524443.101:654): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14910 comm="syz.3.3663" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc1f78ebe9 code=0x7ffc0000
[  333.697393][ T5894] usb 5-1: new high-speed USB device number 35 using dummy_hcd
[  333.856916][ T5894] usb 5-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac
[  333.861205][ T5894] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  333.871627][ T5894] usb 5-1: Product: syz
[  333.880258][ T5894] usb 5-1: Manufacturer: syz
[  333.881952][ T5894] usb 5-1: SerialNumber: syz
[  333.888255][ T5894] usb 5-1: config 0 descriptor??
[  333.895025][ T5894] gspca_main: sunplus-2.14.0 probing 055f:c230
[  334.699582][ T5894] gspca_sunplus: reg_r err -71
[  334.701579][ T5894] sunplus 5-1:0.0: probe with driver sunplus failed with error -71
[  334.708413][ T5894] usb 5-1: USB disconnect, device number 35
[  335.066507][T14983] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3698'.
[  335.378036][T15001] netlink: 132 bytes leftover after parsing attributes in process `syz.4.3708'.
[  335.390568][T15003] kAFS: unable to lookup cell 'syz169@=R'
[  335.482648][T15011] 9pnet_fd: Insufficient options for proto=fd
[  337.311545][   T33] audit: type=1326 audit(2000524447.001:655): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15075 comm="syz.3.3741" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc1f78ebe9 code=0x7ffc0000
[  337.340071][   T33] audit: type=1326 audit(2000524447.001:656): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15075 comm="syz.3.3741" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc1f78ebe9 code=0x7ffc0000
[  337.350950][   T33] audit: type=1326 audit(2000524447.021:657): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15075 comm="syz.3.3741" exe="/syz-executor" sig=0 arch=c000003e syscall=162 compat=0 ip=0x7efc1f78ebe9 code=0x7ffc0000
[  337.384444][   T33] audit: type=1326 audit(2000524447.081:658): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15075 comm="syz.3.3741" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc1f78ebe9 code=0x7ffc0000
[  337.399390][   T33] audit: type=1326 audit(2000524447.081:659): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15075 comm="syz.3.3741" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc1f78ebe9 code=0x7ffc0000
[  337.542496][   T33] audit: type=1326 audit(2000524447.231:660): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15086 comm="syz.3.3746" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc1f78ebe9 code=0x7ffc0000
[  337.558626][   T33] audit: type=1326 audit(2000524447.231:661): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15086 comm="syz.3.3746" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc1f78ebe9 code=0x7ffc0000
[  337.567131][   T33] audit: type=1326 audit(2000524447.251:662): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15086 comm="syz.3.3746" exe="/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7efc1f78ebe9 code=0x7ffc0000
[  337.574650][   T33] audit: type=1326 audit(2000524447.251:663): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15086 comm="syz.3.3746" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc1f78ebe9 code=0x7ffc0000
[  337.581783][   T33] audit: type=1326 audit(2000524447.251:664): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15086 comm="syz.3.3746" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc1f78ebe9 code=0x7ffc0000
[  339.503205][ T5909] usb 5-1: new high-speed USB device number 36 using dummy_hcd
[  339.863063][ T5909] usb 5-1: Using ep0 maxpacket: 16
[  339.866998][ T5909] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  339.870805][ T5909] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[  339.874787][ T5909] usb 5-1: config 0 interface 0 has no altsetting 0
[  339.877332][ T5909] usb 5-1: New USB device found, idVendor=0458, idProduct=0138, bcdDevice= 0.00
[  339.880417][ T5909] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  339.885323][ T5909] usb 5-1: config 0 descriptor??
[  340.049083][T15177] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3786'.
[  340.051961][T15177] bridge_slave_0: default FDB implementation only supports local addresses
[  340.305144][ T5909] kye 0003:0458:0138.0014: unknown main item tag 0x0
[  340.307967][ T5909] kye 0003:0458:0138.0014: unknown main item tag 0x0
[  340.317391][ T5909] kye 0003:0458:0138.0014: unknown main item tag 0x0
[  340.319580][ T5909] kye 0003:0458:0138.0014: unknown main item tag 0x0
[  340.322089][ T5909] kye 0003:0458:0138.0014: unknown main item tag 0x0
[  340.333554][ T5909] kye 0003:0458:0138.0014: unknown main item tag 0x0
[  340.335863][ T5909] kye 0003:0458:0138.0014: unknown main item tag 0x0
[  340.341653][ T5909] kye 0003:0458:0138.0014: unknown main item tag 0x0
[  340.347517][ T5909] kye 0003:0458:0138.0014: unknown main item tag 0x0
[  340.349699][ T5909] kye 0003:0458:0138.0014: unknown main item tag 0x0
[  340.356261][ T5909] kye 0003:0458:0138.0014: collection stack underflow
[  340.358755][ T5909] kye 0003:0458:0138.0014: item 0 0 0 12 parsing failed
[  340.361341][ T5909] kye 0003:0458:0138.0014: parse failed
[  340.363545][ T5909] kye 0003:0458:0138.0014: probe with driver kye failed with error -22
[  340.478041][T15209] netlink: 212376 bytes leftover after parsing attributes in process `syz.0.3801'.
[  340.506584][ T5894] usb 5-1: USB disconnect, device number 36
[  341.314763][T15257] loop4: detected capacity change from 0 to 128
[  341.346458][T15257] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  341.360943][T15257] ext4 filesystem being mounted at /551/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  341.410665][ T9457] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  341.987998][T15295] loop4: detected capacity change from 0 to 2048
[  341.992703][T15295] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  342.034810][T15297] loop4: detected capacity change from 0 to 16
[  342.042009][T15297] erofs (device loop4): mounted with root inode @ nid 36.
[  342.434487][T15299] loop4: detected capacity change from 0 to 65536
[  342.441172][T15299] XFS (loop4): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[  342.461096][T15299] XFS (loop4): Ending clean mount
[  342.466724][T15299] XFS (loop4): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[  343.153060][  T793] usb 5-1: new high-speed USB device number 37 using dummy_hcd
[  343.315496][  T793] usb 5-1: Using ep0 maxpacket: 32
[  343.319869][  T793] usb 5-1: config 0 has an invalid interface number: 247 but max is 0
[  343.322644][  T793] usb 5-1: config 0 has no interface number 0
[  343.332458][  T793] usb 5-1: config 0 interface 247 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  343.337153][  T793] usb 5-1: config 0 interface 247 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  343.341991][  T793] usb 5-1: New USB device found, idVendor=1d50, idProduct=60c6, bcdDevice=62.9b
[  343.345002][  T793] usb 5-1: New USB device strings: Mfr=1, Product=3, SerialNumber=0
[  343.353262][  T793] usb 5-1: Product: syz
[  343.354609][  T793] usb 5-1: Manufacturer: syz
[  343.357975][  T793] usb 5-1: config 0 descriptor??
[  343.564630][  T793] usb 5-1: USB disconnect, device number 37
[  344.070686][T15385] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  344.073906][T15385] overlayfs: missing 'lowerdir'
[  344.438242][T15393] loop4: detected capacity change from 0 to 512
[  344.469216][T15393] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  344.473846][T15393] ext4 filesystem being mounted at /567/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  344.488420][T15393] EXT4-fs error (device loop4): ext4_do_update_inode:5653: inode #2: comm syz.4.3882: corrupted inode contents
[  344.495353][T15393] EXT4-fs error (device loop4): ext4_dirty_inode:6538: inode #2: comm syz.4.3882: mark_inode_dirty error
[  344.499463][T15393] EXT4-fs error (device loop4): ext4_do_update_inode:5653: inode #2: comm syz.4.3882: corrupted inode contents
[  344.504165][T15393] EXT4-fs error (device loop4): __ext4_ext_dirty:206: inode #2: comm syz.4.3882: mark_inode_dirty error
[  345.040640][T15411] netlink: 'syz.3.3889': attribute type 1 has an invalid length.
[  345.044651][T15411] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3889'.
[  345.092156][ T9457] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  345.170273][   T33] kauditd_printk_skb: 17 callbacks suppressed
[  345.170286][   T33] audit: type=1326 audit(2000524454.861:682): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15416 comm="syz.4.3892" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f399bb8ebe9 code=0x0
[  346.541852][T15437] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  346.563677][ T5909] usb 5-1: new high-speed USB device number 38 using dummy_hcd
[  346.586775][T15439] netlink: 68 bytes leftover after parsing attributes in process `syz.0.3900'.
[  346.737754][ T5909] usb 5-1: New USB device found, idVendor=07d0, idProduct=4101, bcdDevice=3f.fc
[  346.741488][ T5909] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  346.746504][ T5909] usb 5-1: Product: syz
[  346.748028][ T5909] usb 5-1: Manufacturer: syz
[  346.749558][ T5909] usb 5-1: SerialNumber: syz
[  346.754972][ T5909] usb 5-1: config 0 descriptor??
[  346.950531][ T5909] cypress_m8 5-1:0.0: Nokia CA-42 V2 Adapter converter detected
[  346.954938][ T5909] nokiaca42v2 ttyUSB0: required endpoint is missing
[  346.963962][ T5909] usb 5-1: USB disconnect, device number 38
[  346.966766][ T5909] cypress_m8 5-1:0.0: device disconnected
[  347.101875][T15459] bridge_slave_0: entered promiscuous mode
[  347.106875][T15459] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[  347.744258][ T5909] usb 5-1: new high-speed USB device number 39 using dummy_hcd
[  347.895468][ T5909] usb 5-1: unable to get BOS descriptor or descriptor too short
[  347.905028][ T5909] usb 5-1: config 3 has an invalid interface number: 8 but max is 3
[  347.908082][ T5909] usb 5-1: config 3 has an invalid descriptor of length 0, skipping remainder of the config
[  347.911979][ T5909] usb 5-1: config 3 has 1 interface, different from the descriptor's value: 4
[  347.915896][ T5909] usb 5-1: config 3 has no interface number 0
[  347.918510][ T5909] usb 5-1: config 3 interface 8 altsetting 6 endpoint 0x82 has an invalid bInterval 52, changing to 9
[  347.922711][ T5909] usb 5-1: config 3 interface 8 altsetting 6 endpoint 0x82 has invalid maxpacket 8241, setting to 1024
[  347.930160][ T5909] usb 5-1: config 3 interface 8 altsetting 6 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  347.935600][ T5909] usb 5-1: config 3 interface 8 has no altsetting 0
[  347.940588][ T5909] usb 5-1: New USB device found, idVendor=05ac, idProduct=921d, bcdDevice=c2.be
[  347.944251][ T5909] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  347.947408][ T5909] usb 5-1: Product: syz
[  347.949069][ T5909] usb 5-1: Manufacturer: syz
[  347.950884][ T5909] usb 5-1: SerialNumber: syz
[  348.171527][ T5909] appledisplay 5-1:3.8: Error while getting initial brightness: -71
[  348.175184][    C0] usb 5-1: appledisplay_complete - usb_submit_urb failed with result -1
[  348.179545][ T5909] appledisplay 5-1:3.8: probe with driver appledisplay failed with error -71
[  348.187579][ T5909] usb 5-1: USB disconnect, device number 39
[  348.261255][T15494] netlink: 'syz.3.3925': attribute type 1 has an invalid length.
[  348.279586][T15494] smc: adding net device bond0 with user defined pnetid SYZ2
[  348.285383][T15494] 8021q: adding VLAN 0 to HW filter on device bond0
[  348.304109][T15494] bond0: (slave veth5): Enslaving as an active interface with a down link
[  348.594893][T15515] overlayfs: failed to clone upperpath
[  348.907813][T15540] loop4: detected capacity change from 0 to 256
[  348.910364][T15540] exfat: Deprecated parameter 'utf8'
[  348.918759][T15540] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xabf88b1f, utbl_chksum : 0xe619d30d)
[  349.010924][T15544] loop4: detected capacity change from 0 to 2048
[  349.014852][T15544] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024)
[  349.028252][T15545] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  349.056677][T15544] NILFS (loop4): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157
[  349.060133][T15544] NILFS error (device loop4): nilfs_bmap_lookup_contig: broken bmap (inode number=16)
[  349.074703][T15544] Remounting filesystem read-only
[  349.076713][T15544] NILFS (loop4): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157
[  349.080129][T15544] NILFS error (device loop4): nilfs_bmap_lookup_contig: broken bmap (inode number=16)
[  349.084054][T15544] NILFS (loop4): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157
[  349.087343][T15544] NILFS error (device loop4): nilfs_bmap_lookup_contig: broken bmap (inode number=16)
[  349.090563][T15544] NILFS (loop4): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157
[  349.096138][T15544] NILFS error (device loop4): nilfs_bmap_lookup_contig: broken bmap (inode number=16)
[  349.101642][T15544] NILFS (loop4): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157
[  349.108526][T15544] NILFS error (device loop4): nilfs_bmap_lookup_contig: broken bmap (inode number=16)
[  349.115000][T15544] NILFS (loop4): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157
[  349.118223][T15544] NILFS error (device loop4): nilfs_bmap_lookup_contig: broken bmap (inode number=16)
[  349.121468][T15544] NILFS (loop4): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157
[  349.125670][T15544] NILFS error (device loop4): nilfs_bmap_lookup_contig: broken bmap (inode number=16)
[  349.129115][T15544] NILFS (loop4): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157
[  349.132303][T15544] NILFS error (device loop4): nilfs_bmap_lookup_contig: broken bmap (inode number=16)
[  349.135580][T15544] NILFS (loop4): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157
[  349.138934][T15544] NILFS error (device loop4): nilfs_bmap_lookup_contig: broken bmap (inode number=16)
[  349.142157][T15544] NILFS (loop4): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157
[  349.146539][T15544] NILFS error (device loop4): nilfs_bmap_lookup_contig: broken bmap (inode number=16)
[  349.149955][T15544] NILFS (loop4): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157
[  349.153578][T15544] NILFS error (device loop4): nilfs_bmap_lookup_contig: broken bmap (inode number=16)
[  349.157470][T15544] NILFS (loop4): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157
[  349.160880][T15544] NILFS error (device loop4): nilfs_bmap_lookup_contig: broken bmap (inode number=16)
[  349.169626][T15544] NILFS (loop4): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157
[  349.173296][T15544] NILFS error (device loop4): nilfs_bmap_lookup_contig: broken bmap (inode number=16)
[  349.177076][T15544] NILFS (loop4): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157
[  349.180504][T15544] NILFS error (device loop4): nilfs_bmap_lookup_contig: broken bmap (inode number=16)
[  349.185216][T15544] NILFS (loop4): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157
[  349.188853][T15544] NILFS error (device loop4): nilfs_bmap_lookup_contig: broken bmap (inode number=16)
[  349.192398][T15544] NILFS (loop4): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157
[  349.196119][T15544] NILFS error (device loop4): nilfs_bmap_lookup_contig: broken bmap (inode number=16)
[  349.200019][   T33] audit: type=1800 audit(2000524458.891:683): pid=15544 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.3948" name="file2" dev="loop4" ino=16 res=0 errno=0
[  349.496911][ T5894] usb 5-1: new high-speed USB device number 40 using dummy_hcd
[  349.644575][ T5894] usb 5-1: Using ep0 maxpacket: 16
[  349.655974][ T5894] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  349.659894][ T5894] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  349.672227][ T5894] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  349.676913][ T5894] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  349.680108][ T5894] usb 5-1: Product: syz
[  349.682457][ T5894] usb 5-1: Manufacturer: syz
[  349.693358][ T5894] usb 5-1: SerialNumber: syz
[  349.995746][T15594] sch_tbf: burst 0 is lower than device ip6gre0 mtu (65485) !
[  350.107531][ T5894] usb 5-1: cannot find UAC_HEADER
[  350.121346][ T5894] snd-usb-audio 5-1:1.0: probe with driver snd-usb-audio failed with error -22
[  350.125841][ T5894] usb 5-1: USB disconnect, device number 40
[  350.534222][T15604] netlink: 'syz.0.3975': attribute type 79 has an invalid length.
[  350.577240][T15606] netlink: 'syz.0.3976': attribute type 2 has an invalid length.
[  351.888506][T15681] netlink: 'syz.4.4010': attribute type 1 has an invalid length.
[  351.924472][T15685] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4012'.
[  351.977237][T15691] loop4: detected capacity change from 0 to 512
[  351.982553][T15691] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem
[  351.989557][T15691] EXT4-fs (loop4): invalid journal inode
[  351.991431][T15691] EXT4-fs (loop4): can't get journal size
[  351.999715][T15691] EXT4-fs (loop4): 1 truncate cleaned up
[  352.002472][T15691] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  352.029445][ T9457] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  352.243968][   T33] audit: type=1326 audit(2000524461.931:684): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15702 comm="syz.4.4020" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f399bb8ebe9 code=0x7ffc0000
[  352.263033][   T33] audit: type=1326 audit(2000524461.931:685): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15702 comm="syz.4.4020" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f399bb8ebe9 code=0x7ffc0000
[  352.270739][   T33] audit: type=1326 audit(2000524461.941:686): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15702 comm="syz.4.4020" exe="/syz-executor" sig=0 arch=c000003e syscall=259 compat=0 ip=0x7f399bb8ebe9 code=0x7ffc0000
[  352.280180][   T33] audit: type=1326 audit(2000524461.941:687): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15702 comm="syz.4.4020" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f399bb8ebe9 code=0x7ffc0000
[  352.288950][   T33] audit: type=1326 audit(2000524461.941:688): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15702 comm="syz.4.4020" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f399bb8ebe9 code=0x7ffc0000
[  352.303088][   T33] audit: type=1326 audit(2000524461.941:689): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15702 comm="syz.4.4020" exe="/syz-executor" sig=0 arch=c000003e syscall=269 compat=0 ip=0x7f399bb8ebe9 code=0x7ffc0000
[  352.315927][   T33] audit: type=1326 audit(2000524461.941:690): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15702 comm="syz.4.4020" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f399bb8ebe9 code=0x7ffc0000
[  352.593212][ T5909] usb 5-1: new high-speed USB device number 41 using dummy_hcd
[  352.675318][T15729] netlink: 60 bytes leftover after parsing attributes in process `syz.0.4033'.
[  352.744416][ T5909] usb 5-1: Using ep0 maxpacket: 16
[  352.750961][ T5909] usb 5-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  352.754294][ T5909] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  352.756890][ T5909] usb 5-1: Product: syz
[  352.758347][ T5909] usb 5-1: Manufacturer: syz
[  352.759970][ T5909] usb 5-1: SerialNumber: syz
[  352.764451][ T5909] r8152-cfgselector 5-1: Unknown version 0x0000
[  352.766655][ T5909] r8152-cfgselector 5-1: config 0 descriptor??
[  352.891282][T15741] ==================================================================
[  352.893916][T15741] BUG: KASAN: slab-use-after-free in xfrm_state_find+0x2cf2/0x5400
[  352.896425][T15741] Read of size 1 at addr ffff8880359fe2b0 by task syz.0.4039/15741
[  352.899329][T15741] 
[  352.900897][T15741] CPU: 0 UID: 0 PID: 15741 Comm: syz.0.4039 Not tainted syzkaller #0 PREEMPT(full) 
[  352.900909][T15741] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  352.900915][T15741] Call Trace:
[  352.900921][T15741]  <TASK>
[  352.900927][T15741]  dump_stack_lvl+0x189/0x250
[  352.900942][T15741]  ? __kasan_check_byte+0x12/0x40
[  352.900956][T15741]  ? __pfx_dump_stack_lvl+0x10/0x10
[  352.900966][T15741]  ? lock_release+0x4b/0x3e0
[  352.900982][T15741]  ? __virt_addr_valid+0x4a5/0x5c0
[  352.900993][T15741]  print_report+0xca/0x240
[  352.901002][T15741]  ? xfrm_state_find+0x2cf2/0x5400
[  352.901036][T15741]  kasan_report+0x118/0x150
[  352.901048][T15741]  ? xfrm_state_find+0x2cf2/0x5400
[  352.901062][T15741]  xfrm_state_find+0x2cf2/0x5400
[  352.901077][T15741]  ? rcu_is_watching+0x15/0xb0
[  352.901089][T15741]  ? xfrm_state_find+0x1da/0x5400
[  352.901101][T15741]  ? __pfx_xfrm_state_find+0x10/0x10
[  352.901112][T15741]  ? ip4_string+0x927/0xbc0
[  352.901124][T15741]  ? __pfx_ip4_string+0x10/0x10
[  352.901133][T15741]  ? rcu_is_watching+0x15/0xb0
[  352.901141][T15741]  ? __switch_to+0xdae/0x1670
[  352.901153][T15741]  xfrm_resolve_and_create_bundle+0x768/0x2f80
[  352.901169][T15741]  ? __pfx_xfrm_resolve_and_create_bundle+0x10/0x10
[  352.901179][T15741]  ? __lock_acquire+0xab9/0xd20
[  352.901193][T15741]  ? xfrm_sk_policy_lookup+0x9d/0x750
[  352.901205][T15741]  ? xfrm_sk_policy_lookup+0x9d/0x750
[  352.901215][T15741]  ? xfrm_expand_policies+0x41f/0x6a0
[  352.901225][T15741]  xfrm_lookup_with_ifid+0x2a7/0x1a70
[  352.901236][T15741]  ? __pfx_xfrm_lookup_with_ifid+0x10/0x10
[  352.901245][T15741]  ? rcuref_put+0x1b7/0x210
[  352.901254][T15741]  ? __pfx_rcuref_put+0x10/0x10
[  352.901263][T15741]  ? __pfx_aa_label_sk_perm+0x10/0x10
[  352.901276][T15741]  xfrm_lookup_route+0x3c/0x1c0
[  352.901286][T15741]  __ip4_datagram_connect+0x9a5/0x1270
[  352.901299][T15741]  __ip6_datagram_connect+0x9f0/0x1150
[  352.901312][T15741]  ? __pfx___ip6_datagram_connect+0x10/0x10
[  352.901322][T15741]  ? __local_bh_enable_ip+0x12d/0x1c0
[  352.901331][T15741]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  352.901341][T15741]  ip6_datagram_connect_v6_only+0x63/0xa0
[  352.901351][T15741]  __sys_connect+0x316/0x440
[  352.901364][T15741]  ? __pfx___sys_connect+0x10/0x10
[  352.901378][T15741]  ? rcu_is_watching+0x15/0xb0
[  352.901387][T15741]  __x64_sys_connect+0x7a/0x90
[  352.901398][T15741]  do_syscall_64+0xfa/0x3b0
[  352.901409][T15741]  ? lockdep_hardirqs_on+0x9c/0x150
[  352.901419][T15741]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  352.901429][T15741]  ? exc_page_fault+0x9f/0xf0
[  352.901439][T15741]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  352.901447][T15741] RIP: 0033:0x7f2449f8ebe9
[  352.901457][T15741] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  352.901465][T15741] RSP: 002b:00007f244adee038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  352.901475][T15741] RAX: ffffffffffffffda RBX: 00007f244a1b5fa0 RCX: 00007f2449f8ebe9
[  352.901481][T15741] RDX: 000000000000001c RSI: 0000200000000000 RDI: 0000000000000005
[  352.901488][T15741] RBP: 00007f244a011e19 R08: 0000000000000000 R09: 0000000000000000
[  352.901494][T15741] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  352.901499][T15741] R13: 00007f244a1b6038 R14: 00007f244a1b5fa0 R15: 00007fff6e1d5398
[  352.901508][T15741]  </TASK>
[  352.901512][T15741] 
[  353.018841][T15741] Allocated by task 14183:
[  353.020755][T15741]  kasan_save_track+0x3e/0x80
[  353.022689][T15741]  __kasan_slab_alloc+0x6c/0x80
[  353.024717][T15741]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[  353.026968][T15741]  xfrm_state_alloc+0x24/0x2f0
[  353.028971][T15741]  __find_acq_core+0x8a7/0x1c00
[  353.031085][T15741]  xfrm_find_acq+0x78/0xa0
[  353.032926][T15741]  xfrm_alloc_userspi+0x6b3/0xc90
[  353.035042][T15741]  xfrm_user_rcv_msg+0x7a3/0xab0
[  353.037110][T15741]  netlink_rcv_skb+0x208/0x470
[  353.039116][T15741]  xfrm_netlink_rcv+0x79/0x90
[  353.041154][T15741]  netlink_unicast+0x82f/0x9e0
[  353.043267][T15741]  netlink_sendmsg+0x805/0xb30
[  353.045194][T15741]  __sock_sendmsg+0x21c/0x270
[  353.047044][T15741]  ____sys_sendmsg+0x505/0x830
[  353.048897][T15741]  ___sys_sendmsg+0x21f/0x2a0
[  353.050790][T15741]  __x64_sys_sendmsg+0x19b/0x260
[  353.052780][T15741]  do_syscall_64+0xfa/0x3b0
[  353.054546][T15741]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  353.056581][T15741] 
[  353.057330][T15741] Freed by task 793:
[  353.058571][T15741]  kasan_save_track+0x3e/0x80
[  353.060130][T15741]  kasan_save_free_info+0x46/0x50
[  353.061993][T15741]  __kasan_slab_free+0x5b/0x80
[  353.063872][T15741]  kmem_cache_free+0x18f/0x400
[  353.065660][T15741]  xfrm_state_gc_task+0x52d/0x6b0
[  353.067402][T15741]  process_scheduled_works+0xae1/0x17b0
[  353.069325][T15741]  worker_thread+0x8a0/0xda0
[  353.070795][T15741]  kthread+0x711/0x8a0
[  353.072106][T15741]  ret_from_fork+0x3fc/0x770
[  353.073536][T15741]  ret_from_fork_asm+0x1a/0x30
[  353.075240][T15741] 
[  353.076065][T15741] The buggy address belongs to the object at ffff8880359fdf80
[  353.076065][T15741]  which belongs to the cache xfrm_state of size 928
[  353.080405][T15741] The buggy address is located 816 bytes inside of
[  353.080405][T15741]  freed 928-byte region [ffff8880359fdf80, ffff8880359fe320)
[  353.084676][T15741] 
[  353.085455][T15741] The buggy address belongs to the physical page:
[  353.087470][T15741] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880359fdf80 pfn:0x359fc
[  353.090772][T15741] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  353.093302][T15741] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  353.095721][T15741] page_type: f5(slab)
[  353.096950][T15741] raw: 00fff00000000040 ffff88801af85500 0000000000000000 0000000000000001
[  353.099617][T15741] raw: ffff8880359fdf80 00000000000e000b 00000000f5000000 0000000000000000
[  353.102174][T15741] head: 00fff00000000040 ffff88801af85500 0000000000000000 0000000000000001
[  353.104783][T15741] head: ffff8880359fdf80 00000000000e000b 00000000f5000000 0000000000000000
[  353.107604][T15741] head: 00fff00000000002 ffffea0000d67f01 00000000ffffffff 00000000ffffffff
[  353.110840][T15741] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[  353.114154][T15741] page dumped because: kasan: bad access detected
[  353.116370][T15741] page_owner tracks the page as allocated
[  353.118189][T15741] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 7440, tgid 7436 (syz.2.504), ts 106305943543, free_ts 97313881180
[  353.123939][T15741]  post_alloc_hook+0x240/0x2a0
[  353.125420][T15741]  get_page_from_freelist+0x21e4/0x22c0
[  353.127212][T15741]  __alloc_frozen_pages_noprof+0x181/0x370
[  353.129066][T15741]  alloc_pages_mpol+0x232/0x4a0
[  353.130581][T15741]  allocate_slab+0x8a/0x370
[  353.131988][T15741]  ___slab_alloc+0xbeb/0x1410
[  353.133480][T15741]  kmem_cache_alloc_noprof+0x283/0x3c0
[  353.135161][T15741]  xfrm_state_alloc+0x24/0x2f0
[  353.136693][T15741]  pfkey_add+0x6e4/0x2e00
[  353.138037][T15741]  pfkey_sendmsg+0xbfe/0x1090
[  353.139491][T15741]  __sock_sendmsg+0x21c/0x270
[  353.140975][T15741]  ____sys_sendmsg+0x505/0x830
[  353.142443][T15741]  ___sys_sendmsg+0x21f/0x2a0
[  353.143848][T15741]  __x64_sys_sendmsg+0x19b/0x260
[  353.145344][T15741]  do_syscall_64+0xfa/0x3b0
[  353.146817][T15741]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  353.148676][T15741] page last free pid 23 tgid 23 stack trace:
[  353.150497][T15741]  __free_frozen_pages+0xbc4/0xd30
[  353.152437][T15741]  __tlb_remove_table+0x2d2/0x3b0
[  353.154372][T15741]  tlb_remove_table_rcu+0x85/0x100
[  353.156346][T15741]  rcu_core+0xcab/0x1770
[  353.157714][T15741]  handle_softirqs+0x286/0x870
[  353.159179][T15741]  run_ksoftirqd+0x9b/0x100
[  353.160587][T15741]  smpboot_thread_fn+0x542/0xa60
[  353.162100][T15741]  kthread+0x711/0x8a0
[  353.163324][T15741]  ret_from_fork+0x3fc/0x770
[  353.164717][T15741]  ret_from_fork_asm+0x1a/0x30
[  353.166171][T15741] 
[  353.167008][T15741] Memory state around the buggy address:
[  353.169117][T15741]  ffff8880359fe180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  353.171597][T15741]  ffff8880359fe200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  353.174036][T15741] >ffff8880359fe280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  353.176416][T15741]                                      ^
[  353.178471][T15741]  ffff8880359fe300: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc
[  353.180861][T15741]  ffff8880359fe380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  353.183281][T15741] ==================================================================
[  353.189437][T15741] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  353.191762][T15741] CPU: 0 UID: 0 PID: 15741 Comm: syz.0.4039 Not tainted syzkaller #0 PREEMPT(full) 
[  353.194593][T15741] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  353.197789][T15741] Call Trace:
[  353.199047][T15741]  <TASK>
[  353.200162][T15741]  dump_stack_lvl+0x99/0x250
[  353.201666][T15741]  ? __asan_memcpy+0x40/0x70
[  353.203221][T15741]  ? __pfx_dump_stack_lvl+0x10/0x10
[  353.205068][T15741]  ? __pfx__printk+0x10/0x10
[  353.206496][T15741]  vpanic+0x281/0x750
[  353.207920][T15741]  ? preempt_schedule+0xae/0xc0
[  353.209855][T15741]  ? __pfx_vpanic+0x10/0x10
[  353.211299][T15741]  ? preempt_schedule_common+0x83/0xd0
[  353.212982][T15741]  ? preempt_schedule+0xae/0xc0
[  353.214521][T15741]  ? __pfx_preempt_schedule+0x10/0x10
[  353.216213][T15741]  panic+0xb9/0xc0
[  353.217461][T15741]  ? __pfx_panic+0x10/0x10
[  353.218855][T15741]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[  353.220777][T15741]  ? xfrm_state_find+0x2cf2/0x5400
[  353.222659][T15741]  check_panic_on_warn+0x89/0xb0
[  353.224226][T15741]  ? xfrm_state_find+0x2cf2/0x5400
[  353.225846][T15741]  end_report+0x78/0x160
[  353.227257][T15741]  kasan_report+0x129/0x150
[  353.229064][T15741]  ? xfrm_state_find+0x2cf2/0x5400
[  353.230842][T15741]  xfrm_state_find+0x2cf2/0x5400
[  353.232425][T15741]  ? rcu_is_watching+0x15/0xb0
[  353.234073][T15741]  ? xfrm_state_find+0x1da/0x5400
[  353.235811][T15741]  ? __pfx_xfrm_state_find+0x10/0x10
[  353.237568][T15741]  ? ip4_string+0x927/0xbc0
[  353.238950][T15741]  ? __pfx_ip4_string+0x10/0x10
[  353.240565][T15741]  ? rcu_is_watching+0x15/0xb0
[  353.242028][T15741]  ? __switch_to+0xdae/0x1670
[  353.243460][T15741]  xfrm_resolve_and_create_bundle+0x768/0x2f80
[  353.245592][T15741]  ? __pfx_xfrm_resolve_and_create_bundle+0x10/0x10
[  353.247978][T15741]  ? __lock_acquire+0xab9/0xd20
[  353.249779][T15741]  ? xfrm_sk_policy_lookup+0x9d/0x750
[  353.251643][T15741]  ? xfrm_sk_policy_lookup+0x9d/0x750
[  353.253623][T15741]  ? xfrm_expand_policies+0x41f/0x6a0
[  353.255327][T15741]  xfrm_lookup_with_ifid+0x2a7/0x1a70
[  353.257004][T15741]  ? __pfx_xfrm_lookup_with_ifid+0x10/0x10
[  353.258759][T15741]  ? rcuref_put+0x1b7/0x210
[  353.260137][T15741]  ? __pfx_rcuref_put+0x10/0x10
[  353.261703][T15741]  ? __pfx_aa_label_sk_perm+0x10/0x10
[  353.263354][T15741]  xfrm_lookup_route+0x3c/0x1c0
[  353.264845][T15741]  __ip4_datagram_connect+0x9a5/0x1270
[  353.266644][T15741]  __ip6_datagram_connect+0x9f0/0x1150
[  353.268326][T15741]  ? __pfx___ip6_datagram_connect+0x10/0x10
[  353.270113][T15741]  ? __local_bh_enable_ip+0x12d/0x1c0
[  353.271840][T15741]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  353.273964][T15741]  ip6_datagram_connect_v6_only+0x63/0xa0
[  353.276245][T15741]  __sys_connect+0x316/0x440
[  353.278057][T15741]  ? __pfx___sys_connect+0x10/0x10
[  353.280047][T15741]  ? rcu_is_watching+0x15/0xb0
[  353.282147][T15741]  __x64_sys_connect+0x7a/0x90
[  353.284064][T15741]  do_syscall_64+0xfa/0x3b0
[  353.285861][T15741]  ? lockdep_hardirqs_on+0x9c/0x150
[  353.287891][T15741]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  353.290275][T15741]  ? exc_page_fault+0x9f/0xf0
[  353.292138][T15741]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  353.294332][T15741] RIP: 0033:0x7f2449f8ebe9
[  353.295748][T15741] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  353.301768][T15741] RSP: 002b:00007f244adee038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  353.304361][T15741] RAX: ffffffffffffffda RBX: 00007f244a1b5fa0 RCX: 00007f2449f8ebe9
[  353.306803][T15741] RDX: 000000000000001c RSI: 0000200000000000 RDI: 0000000000000005
[  353.309275][T15741] RBP: 00007f244a011e19 R08: 0000000000000000 R09: 0000000000000000
[  353.312431][T15741] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  353.315339][T15741] R13: 00007f244a1b6038 R14: 00007f244a1b5fa0 R15: 00007fff6e1d5398
[  353.318413][T15741]  </TASK>
[  353.320198][T15741] Kernel Offset: disabled
[  353.321609][T15741] Rebooting in 86400 seconds..

VM DIAGNOSIS:
13:52:46  Registers:
info registers vcpu 0

CPU#0
RAX=1ffffffff33bdc05 RBX=00000000000003f9 RCX=0000000000000000 RDX=00000000000003f9
RSI=0000000000001955 RDI=0000000000001956 RBP=ffffc90003bd6ef0 RSP=ffffc90003bd6d18
R8 =0000000000000003 R9 =0000000000000004 R10=dffffc0000000000 R11=ffffffff854efea0
R12=dffffc0000000000 R13=dffffc0000000000 R14=ffffffff99dee3a0 R15=0000000000000000
RIP=ffffffff854eff17 RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f244adee6c0 ffffffff 00c00000
GS =0000 ffff8880b861c000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=000000110c2dd5ea CR3=00000001272d2000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=00007f244a187498 00007f244a187470 XMM03=00007f244a1874a8 00007f244a1874a0
XMM04=00007f244aced100 00007f244a187460 XMM05=00007f244a187478 00007f244a1874c0
XMM06=00007f244a1874b8 00007f244a1874b0 XMM07=00007f244a1874a8 00007f244a1874a0
XMM08=6161616161616161 6161616161616161 XMM09=0000000000000000 00007f244a012fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=de118d1a273ca500 RBX=ffffffff819683a8 RCX=de118d1a273ca500 RDX=0000000000000001
RSI=ffffffff8d9b6935 RDI=ffffffff8be33300 RBP=ffffc90000177f20 RSP=ffffc90000177de0
R8 =ffff888136632f9b R9 =1ffff11026cc65f3 R10=dffffc0000000000 R11=ffffed1026cc65f4
R12=ffffffff8fa37e30 R13=0000000000000001 R14=0000000000000001 R15=1ffff110200d0000
RIP=ffffffff8b7943f3 RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8881a3c1c000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=000055555f667808 CR3=000000011e1f6000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=2525252525252525 2525252525252525
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=0000000000000000 00000000000000ff XMM05=7712c53e93b9f1e8 728370bf3cb3486e
XMM06=63e772d7f3a22482 dabb339f3c035440 XMM07=bd0dad416e16bee6 46815929601aad29
XMM08=6161616161616161 6161616161616161 XMM09=0000000000000000 00007f399bc12fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
