last executing test programs:

2m29.780332175s ago: executing program 1 (id=17):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
getsockopt$netlink(r0, 0x10e, 0xa, 0x0, &(0x7f00000018c0))

2m29.611923603s ago: executing program 1 (id=18):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f0000000940)=@framed={{0x18, 0x7}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r3}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x100000}}]}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x4, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0xffffffdd, 0xa}, [@ldst={0x3, 0x2, 0x3, 0x1c10a1, 0x0, 0x32}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x19, &(0x7f0000000000), 0xb5, 0x10, &(0x7f0000000000), 0x7}, 0x48)

2m28.689942949s ago: executing program 1 (id=26):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_DYING(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x14, 0x6, 0x1, 0x301, 0x0, 0x0, {0xa, 0x0, 0x4}}, 0x14}, 0x1, 0x0, 0x0, 0x2404c031}, 0x20000000)

2m28.548684925s ago: executing program 1 (id=28):
syz_mount_image$hfsplus(&(0x7f0000000600), &(0x7f0000000640)='./file0\x00', 0x0, &(0x7f0000000680), 0x1, 0x5cf, &(0x7f00000006c0)="$eJzs3cFrHNcdB/DvrK21pIKzduwkLoWKFEKJqS1pnVSFQts0LaKEEuglEHIQ9SoWXjtB2hQlh6KW/gX9C1KKesiph55KCzn03H9BJcdCT77o5jKzs9q1vVHkWNGu4s8HZt5782be/ObnmWFmhNkAT63VtzKzkyKrV9/YLtt7u+3u3m77zqCe5FySRjKbpCgX/y3JZ8lO+lOuDDpGyke8M9+898nbV9b7rdl6qtYvDtvuaA5iafVjrcrjGm/5iccbHuFCkot1CRN3f+A/Y7uf8LoEAKZZkZwZt7yVzNcP6+V7QP+puP+MfartTDoAAAAAOAHP7Gc/2zk/6TgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgNKl//7+op8agvpBi8Pv/zXpZ6vqp9umkAwAAAAAAAACAY/Dt/exnO+cH7ftF9Tf/F6vGpWr+jXyQrXSymWvZzlp66WUzS0laIwM1t9d6vc2lI2y5PHbL5ZM5XgAAAAAAAAD4mvp9Vod//wcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgGlQJGf6RTVdGtRbaZytV2mWs53kH4P6afbppAMAAACAE/DMfvaznfOD9v2ieud/rnrvn80HuZteNtJLN53crL4F9N/6G3u77e7ebvtOOT067k/+91hhVCOm/+1h/J4XqzUuH2yxmp/nV7mahbyZzWzkN1lLL50s5PWqtpYirfrrRWsQ5/h4f/xA680vivWFKpK5rGejiu1afp330s3NNKpjqNY5fI+/K7NT/Kh2xBzdrMvyiH5Rl9OhVWVk5iAji3Xuy2xcODwTj3mePLynpTQOvkFd+gpyPl+XZa5fn+qcL4+cfc8dnonkpT//8d6t7t3bt9a3rk7PIX1JD2eiPZKJ55+qTDTrbPTvoo93t3yx2vZ8NvLLvJeb6eTV3MhKlvNKbmQpP8grI3m9fIRrrfF419p3vltXZpL8rC6nQ5nXCyN5Hb3Ttaq+0SXDLF08/jvS2W/WlfJkfW3q7kgXHro3DzLx7OGZ+NP9cr7VvXt789ba+0fc30t1WWbgp1OVifJ8uVj+Y1WtB8+Osu/ZsX1LVd+lg77GI32XD/q+6Ept1s9wj460XPU9P7avXfW9MNI37ikHgKk3//J8c+6/c/+e+3juD3O35t6Yfe3cyrlvNTPzr7N/P/PXxl8aPyxezsf57fD9HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+PK2Pvzo9lq329lUUVFROahM+s4EfNWu9+68f33rw4++t3Fn7d3Ou527N1a+3371xtLKyvX1jW5nsT+fdJQAwHEaPvRPOhIAAAAAAAAAAAAAAODznMR/J570MQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF9vq29lZidFlhavLZbtvd12t5wG9eGas0mKsvLPJJ8lO+lPaY0MV3zeft6Zb9775O0r68OxZgfrF4dtdzQPxNJ4KKYnHW/5iccbHuFCkot1CRP3/wAAAP//pMgDdQ==")

2m28.421150081s ago: executing program 1 (id=31):
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="b0"], 0xb0)
write$FUSE_GETXATTR(r2, &(0x7f00000000c0)={0x18}, 0x18)
write$FUSE_INIT(r2, &(0x7f0000000200)={0x50}, 0x50)
mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x40800, 0x0)
read$FUSE(r3, &(0x7f0000002ac0)={0x2020}, 0x2020)

2m28.311405229s ago: executing program 1 (id=32):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0x7fffffbf}]})
r1 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r1, 0xc0184800, &(0x7f0000000100)={0x4, <r2=>r0})
ioctl$DMA_BUF_IOCTL_SYNC(r2, 0x40086201, &(0x7f0000000180)=0x7)
ioctl$vim2m_VIDIOC_EXPBUF(r2, 0xc0405610, 0x0)

2m13.323835627s ago: executing program 32 (id=32):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0x7fffffbf}]})
r1 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r1, 0xc0184800, &(0x7f0000000100)={0x4, <r2=>r0})
ioctl$DMA_BUF_IOCTL_SYNC(r2, 0x40086201, &(0x7f0000000180)=0x7)
ioctl$vim2m_VIDIOC_EXPBUF(r2, 0xc0405610, 0x0)

1m50.976314336s ago: executing program 0 (id=360):
mknod$loop(&(0x7f0000000440)='./file0\x00', 0xfff, 0x1)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
utimensat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', &(0x7f0000000100)={{0x77359400}, {0x0, 0x3fffffff}}, 0x0)

1m49.980089636s ago: executing program 0 (id=368):
r0 = syz_open_procfs$pagemap(0xffffffffffffffff, &(0x7f0000000080))
ioctl$PAGEMAP_SCAN(r0, 0xc0606610, &(0x7f0000000100)={0x60, 0x0, &(0x7f00001c9000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2})

1m49.806058945s ago: executing program 0 (id=370):
syz_mount_image$nilfs2(&(0x7f0000000ec0), &(0x7f0000000f00)='./file0\x00', 0x3210052, &(0x7f0000000300)={[{}, {@errors_remount_ro}, {@norecovery}, {@order_strict}, {@nobarrier}, {@order_strict}, {@nodiscard}, {@order_relaxed}], [], 0x2c}, 0x3, 0xedf, &(0x7f0000005400)="$eJzs3U9sHNUZAPA367+JTbwGCgZKSKEVgYIdkkhNb0GgHhGX3kEhoRGGooYeiICEHhCVEEVCnCoOVFwolVKkVgJVqlBPbU+teusJ9UKlKpWCemmkxFWc99a7L57uemzP/vv9pM9v37zZ+b7ZjZyZ8ezbAIytxvrPo0eXihDe++zdx199pvjttWX3tNY4sP6ziL1mCGGqrV9k2/siLrhy6ZUTm7VFOLz+M/XDExdbz50LIZwPB8LnoRk+Xln96qP3Hzv4yRuzt7199rnXdmn3W/L9AACAUXThz6t/f+Cff3po8fKF/cfDTGt5Oj5vxv5cPO4/FA+U0/FyI3T2i7ZoN52tNxGjka03ka03meWZLMk3lW1nqmS96S75JtqWbbafAAAAMIzSeW0zFI3ljn6jsbx8/bz/mi8WpovlF06vnjrTp0IBAACAyv5zbv2mWyHESMShAahBCCGEEEIIMYixttDvKxAAAADAuMnnC7vB+Z2dqau1tWZv+S8+2tj8+bAD6v73L/9w5f/wdb9xAACoblSPJtN+pePoNI9BPo/gRPa8rR7/N7LtTG6xzrJ5BYdlvsGyOvPXdVCV1b/V97FfyurP58McVGX15/N0Dqqy+mdqrqOqsvpna66jqrL699RcR1Vl9e+tuY6qyuqfq7mOqsrqn6+5jqoa4b5Nl99UeyXVlL3++2quo6qy+oflttqy+pvdnjgg/8GV1b9Ycx1VldV/c811VFVW/y0111FVWf231lxHv9wd2/Q67M/G28+f83O6YTnHAwAAgHH3X/P/CSGEEEIIIcQAxtpC/2sQoxTn+n0BAgAAAOi79LmA9Kn3tSiNT3QZn+wyPtVlfLrL+EyXcQAAACCE37156o53io3P+W93Prw0b1Saf2mr8xjl8xFuNf925z3bbv5hmbcMAACA8VJ87/OrDz7+wUuLly/sP9529ns1nu+meUAn47WBT2M/3Rcwn/WLdA59vDNPo2S9/PrATWXbe3KbOwoAAABjLJ2/N0PRWG47726GRmN5eeN8fClMFadOr548FPvp+1n+uDA1c235IzXXDQAAAPRu43x/8/P/9D2+S2G6WH7h9OqpM9f7863lU4326wILG8uL9usCzWz54ZLlR2I/fX/nDxb2rC9fPvHD1Wd2eucBAABgTJx5+exzT6+unvyRBx544EHrQb9/MwEAADvtyy/fnfrxkfnfX//8/8b8d+nz/wdivxnn9vtLXCHdJ5A+B3DD5/Wf6syzULbei53rNbP1JmLMZHXPtm0ntM03mJ63WJav2bmd6ZJ8c1m++SxfPk/BZLZ+yrcvW57PT5jWW8iW5/MwTmY5iiz/vQEAAADKrbz0/IsrZ14++/Dp559+9uSzJ184cvjYd48dO/TIdx5ZWb+vf6X97n4AAABgGG3c9NvvSgAAAAAAAAAAAAAAAAAAAGB81fF1Yv3eRwAAABh3/z4XQjgfo9n2WAhxLa5/BWb/6xBCCCGE6B4TA1CDEGJgY20t/6Z5AAAAgN115dIrJ9rbG5wvdjRfa2vN683VmDe18w//bfFapNUuPtp5vWTvjlbDuKv737/8w5X/w9d3Nv9setDz779G5waOV8t7/8ovl9rz3znZY/58/5+slv9glv/+0Fv+tQ+y/E9Vy/9Aln9vj/lv2P8Xq+V/MOZfiv2D9/Wav/P9n4lt2o89Peb/drb/z4Re82f73+wxYeahmB8AxlGj3wXsknSUkI6j52I/7W883Az53Q9bPf5vZNuZ3HblndtNx0G3x346XprP8iZbrX8u295NFevMDctdJWX179T7uNvK6p+quY6qyuqfrrmOqsrqn6m5jqrK6p+tuY6qyurv9Ty038rqH5brymX1z9VcR1Vl9c/XXEdVZfVv9f/xfimrf1/NdVRVVv9CzXVUVVZ/xctqtSurf7HmOqoqq//mmuuoqqz+W2quo6qy+m+tuY5+uSu2ZefD6fxzIY6lfjPrz2zyWo7qtQUAAAAYNv861/85CIQQQgghBigmB6AGIYQQYsdjba3fVyDop/ZPAxTDctM7ANu2u7NZMOi8/+PN+z/evP/8P+ke/iLrJxNdxie7jE91GZ/OxvN/rzNdxm/JtrsWpfFbu4x/rcv4vi7jt3cZX+oyfkeX8Tu7jN/VZRwAAIDxcFtsnR8CAADA6Hr1V5++9Zv7n7q0ePnC/uNh+oZ55w/F/kz82/qbsZ/Pe59Mxb/5/yT2fxHbP8T2H9n67j8BAACA3Ze+J8bf/wEAAGB0pe8pdf4PAAAAo2sxts7/AQAAYHTdHFvn/wAAADDCitnNF8c2XRe4N7a9zusHAAy+r8f27tjuj+09sf1GbNNxwH2x/WZN9QEAO+fn3//psXeKjfn+j2TjV+Ly1N7g/PUrBUWjcyb/PbHdG9tv9VhP/n0AveZP9vWYZ7fyL2wzPwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwOhrrP48eXSpCeO+zdx//2fRbf7227J7WGgfWfxax1wwhTLWel0Y3+r+OK1659MqJ9vZqbItwOBShaC0PT1xsZZoLIZwPB8LnoRk+Xln96qP3Hzv4yRuzt7199rnXdvEl6Ng/AAAAGEX/CwAA///clx9N")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
ioctl$F2FS_IOC_START_ATOMIC_WRITE(r0, 0x80086e8a, 0x1000000000000)

1m49.467871397s ago: executing program 0 (id=371):
syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000480)='./file0\x00', 0x0, &(0x7f0000000040)={[{@norecovery}, {@grpquota}, {@debug}, {@discard}]}, 0xee, 0x498, &(0x7f0000001b40)="$eJzs3E1sFFUcAPD/bL/5kIr4AYJW8YOotLR8yMGLRhMPmpjoAeOplkKQQg2tiZBG0QMeDYl349HEu4knvRj1YEy86t2QENML6GnMzM4s23a3n0sX3N8v2e17M7N97z9vXuf1vd0NoGMNZU9JxLaI+CMidlSzCw8Yqv64OT838c/83EQSafrm30l+3I35uYny0PJ1W6uZNI3oy5J9Dcq98k7E+NTU5IUiPzJ77v2RmYuXDp45N3568vTk+bHjx48c3td7bOxovj9dZ3yV4mcW1409H03v3f3q21dfnzhx9d2fv8nqu63YXx/HuqRLazhUPbuLPZo9Pbmhwu4ov2ZP2+s2JN3NDx7ehAqxel0RkTVXT55LoisGavt2xCuftrFqwG2Wpmna6P4cdfftFPifSvRv6FDlvT77/7d8bM7I485w/cWIOFhk5ucmbtbi767NHfQs+v+2lYYi4sTlf7/MHtGKeQgAgBV8n41/nms0/qvEA3XH3VOsoQxGxL0RsTMi7ouIXRFxf0R+7IMR5x5aY/mLV0iWjn8q19YV2Cpl478XirWtmwvGf+XoLwa7itz2PP6e5NSZqclDxTk5ED19WX50mTJ+ePn3z8t0/6J99eO/7JGVX44Fi3pc6140QXdyfHY8T6Rp+vHGwo/rn0Ts6W4UfxLlMk4SEbsjYs86yzjzzNd7m+1bOf5lLLPOtFrpVxFPV9v/8sLx/62mSurXJwciorY+Ofr8sbGjI/0xNXlopLwqlvrltytvNCt/Q/G3QNb+Wxpe/7VV4MGkP2Lm4qWz+XrtzNrLuPLnZ3V9esHqchZ/5duINV//vclbebq32Pbh+OzshdGI3uS1pdvHbr22zJfHZ/Ef2N+4/++sq/HDEZFdxPsi4pFiETdru8ci4vGI2L9M/D+99MR7zfY1b/9ms/Ktdb04Ucu2f9S3/9oTXWd//K5Z+UPFGmQU56Fx+x/JUweKLbW/f8tYbQXXddIAAADgLlPJ3wOfVIZr6UpleLj6Hv5dsaUyNT0z++yp6Q/On6y+V34weirlTNeOuvnQ0WJuuMyPLcofLuaNv+gayPPDE9NTJ9sdPHS4rU36f+avrnbXDrjtWrCOBtyl9H/oXPo/dC79HzqX/g+dq1H/3+gHC4C7g/s/dK68/z91ud3VANrA/R86l/4PHanpZ+MrG/rIf9NE0upf2DBRfnfCZpS1cqL8LopNL31g3S/vX/nURaW9Z7VjEt1L2iK6W1pEX8NdbfyjBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0EL/BQAA///5etKr")
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
r0 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x1d4)
getdents64(r0, 0xfffffffffffffffe, 0xffffffffffffff15)

1m49.258050992s ago: executing program 0 (id=372):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000181000010000000000000000000000000a40000000060a010400000000000000000200050000000000000400000000000000796e7365740000180002800900010073797a3000000000080004400000000014"], 0x68}}, 0x0)
r0 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000340), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="44f100", @ANYRES16=r0], 0x44}, 0x1, 0x0, 0x0, 0x4}, 0x0)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3)
ioctl$FS_IOC_GETFSLABEL(r1, 0x400452c8, &(0x7f0000000100))

1m48.876998452s ago: executing program 0 (id=373):
r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00'}, 0x80)
r1 = bpf$ITER_CREATE(0xb, &(0x7f00000004c0)={r0}, 0x8)
close(r1)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r0, 0x8, 0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000000)={r1, 0xffffffffffffffff, 0x0, r1}, 0x10)

1m48.451760754s ago: executing program 33 (id=373):
r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00'}, 0x80)
r1 = bpf$ITER_CREATE(0xb, &(0x7f00000004c0)={r0}, 0x8)
close(r1)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r0, 0x8, 0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000000)={r1, 0xffffffffffffffff, 0x0, r1}, 0x10)

17.265959554s ago: executing program 3 (id=1464):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000180), r0)
sendmsg$NLBL_MGMT_C_ADD(r0, &(0x7f0000001b80)={0x0, 0x0, &(0x7f0000001d40)={&(0x7f0000001c00)={0xe4, r1, 0xe701ac47a3d23ecd, 0x0, 0x2, {}, [@NLBL_MGMT_A_DOMAIN={0xce, 0x1, 'C\xec\xf8\xa0w\x15|\xd8\xbcs\xe1\xb93\x14\xcd\xcb\xb6\xb9\xbb\x84\xe5\xbc\xdb\x7f\x9a\xf2\xea\xcc\x91:v@\xe83-\x1d\xaagQl\x7f\tKt\fc\x1f\x17]\xd5\xd0\xf0\xa8\xeb\xd2g\x92\x04\x00\x00\x00od\xe6,\xd3@I\x17\xf3\xbees0\xad\xc6\xbf/*\xb6(o\x91t\x12\x93U6\xf4@n\xdc\xdc\x8a7y\x81FY\xbe\xbbc\xd2\xc3\x01\xa5\xe2V\x8c\xb3im~\xd2V\xdaG\xbdbF\xc8n\x86\xac\x9c\xfb\xda\xe2&\"\xb4:\x13\xe9\tc\x85\xb4\xcb\x17\xbfm\x846\xe7\x7fp\x9eCdb\xad;\xa2\x8fs\xbf6\xe8\xe3Xg3&\xe2 \xd6\n\x9d=~<\x93/\xaf\x89\x06+\x96]\xb5+\xee\xff8^D*\xdb\xb8\xd8t\x80\xd4\x8fK=E0\xe8R\x83'}]}, 0xe4}}, 0x4008900)

17.265524798s ago: executing program 3 (id=1465):
r0 = syz_mount_image$btrfs(&(0x7f00000055c0), &(0x7f0000005600)='./file0\x00', 0x0, &(0x7f00000000c0), 0x1, 0x5599, &(0x7f0000005680)="$eJzs3X1oVecdB/BzTaKhFpPV1alY6RSqdGVTW5DNUeNLZjvfkhq0NTXGaWudrViZW9qJCwliOi2NSh2jrjhkRVtWApO+iFPXoUM2psikszLnim44ahZ1gh2Tjdx7n+u955rk1nVNXz6fknvuc3/nec5zD+eP+731OTcCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAKIoSm289OevImvqxM8fNeeA/j7y669ljk5aNPnL25/N3TCuqWv1U3fSGlrq5UzqaKxfPP3p1/aEoSqT6pfsvnHzfA4/OWTizNAxYX53alpd3ecjk4+lUo2/Oi539cv8WRVFUEhugKL2tLMpqJ+IHiFblD9it6k1X3lxWM/XtxssXJg6vHbU3/63TqbS3J9Bb0tfVmWvXUkXysU9sj0w769JL5Fyiqf7xC+4jeRMAwAcypiq5yXwcTX/EzbQb4/VYuyLWbo21wyeE1uzGjUiN27ered4er/fSPCtSUaFfl/OM1dPnP9OuivePtWNR4wPMM3fXdKQp7WqeK2P13ponAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwMfJu5PmXZgy/cXLfSfV7hiy4a+z+mxcv+9UbfVLd+2sPrHujf61ddMbWurmTulorlw8/+jV9YeiqDzZL5Hqnnhj08Kn+tbNfHDzQ2srZ0w49FpRetywLc7aOfpjePLVsij6VlblTBj23IAoqsotJJvRj/MLy5JP7g8FAAAAPk2GJB/7ZNqpOFiS004k02Qi+V+QCovVm668uaxm6tuNly9MHF47au+Nj1fVxXgV1x0v0y6/9pfICsYh/sbHu1YPu67KG6d78RHjef7YtHdmnBlRf27rlfNNTWsv7h534K73tkw93/zNd/av6Hf/cyPy8n959/k/nDn5HwAAgP+F/B8fp3s95f+3ZlfOaPvDvT/6/biv/31o9cZ3m/YmVg09vmLkd+ZNPPXa869fzcv/t+ccMi//hxmH/N8nurH8DwAAAB9n/+/8X5E3Tvd6yv/PHDwxdM+ogzWN0furyv6VOLhk36nnvtZ8ec29216oPDvrsf55+X9MYfm/OHva4cXfhQkvL4uiMYWfVAAAACBH+P/u175aCHk99c1BPK+/PP7FnRdLZxYvKf7yrl3bnl5TevcdA5fWLn5l9EtDnjg8/9nVefm/orD8X/LRvF0AAACgAIs23L100D/mjd+2pH32rVePVg66Z/vRO25un7G6Zv2kFbec/kpe/q8qLP/36523AwAAAFzHsfmPLFrxt9071v16xOQxpe9PGTn7e3WX9hwe++9RNR0vjP/GW3n5v76w/H9Tepte+ZDqdCj8K4QtZVFU2vlkZarwm6h1YqYAAAAAfEhCTm/44eylDZuf2fbPizV3vtJ8y8utf374C+V3bpz2s+9vOT63adO+vPy/svv7/4c7HYT1/zn3/8tb/59VSN31b4IbAwAAAPBZlL+eP9weP/XLBV39/n6h6/8fe3r4o1u/+5Olv7itfHfitpNPfumJ5ocrfzpwYHvL6JHNRYNL8vJ/Y2H5vyh7+2H+/h8AAADcgE/a7/89lDdO93q6//+0BesOL2gf+/kDLe3Pjxn02znFDy7Y+af2m/c/Oax9/7nzLcPy8n9rYfk/bPtnv70D4fw0l0XR4M4n6bsJ7grTXR4rtJVkFVInPtZjTuiRLrT1yyokrYz1GFcWRV/sfNIYK3wuFFpjhY4B6cL2WOFIKKSvh0zh1VjhQLjStg5ITzdeeD0U0gss2sIKiv6ZJRGxHpe66tFZuG6Pk5mDAwAAfKaE8JzOsiW5zSgeZdsSPe1wU0879Olph6KediiO7RDfsavXo/rcQnj9L6dXv/f48l/WTmi4Z+7kPcOOP37f2bE/+PbaX83uv6XxxKUpTXn5f3th+T+cir6pTVfr/6Ow/j/9u4aZ9f/1oVAeK7SFQlX8jgFV4RipsLshHKO8Kt2jY3CmAAAAAJ9q4XuBol6eBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBf9u49Sq6qThTw7nd30uk0OI6AykSdJEZMdydBlICLPERUjHQYZFTGPEg65NEkIQ8kwYWBsBwUdQLBxDvDXQS4WYCixDgEERgSlcC9RHnNMAzyFLiBUSFc3nCZ3NV9aleqzulKV0wa0tzv+6NrV/3289Sja59zah8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPj/w+BDv7LgilOeuWnkC3936imNC59+bsxlB3/kiPqb5h48/PUtd8+6fcrxZ10w5eSJO1YeO+Mrd7/591tDaO8uV5EUr/j5RVOX1U6Z9KWLv3zOsZ8/auum2ly9uXgY2PWnMnfn/Njqk4NCuKEihOp0YGRjEqjJ3W+M9b2vMYQDwq5AvkTHgKREuuFwW0MI68KuQL6qGxtCaCwInHTvL2/9blfikoYQhoYQ6tJtPFyXtNGQDgyrTQID0oEF1UnglZ2JfODnlUkA9lp8M+Rf9BvaizM091yuxOuvZp917O2VHl5VTDSXzven8X3cqQK16Qfa9+ppy1RHn8i8PTZ7t/WDd1tmO6/ytBV+kcp9Q9m5K1QXKmd2zJq+tHNJfKQytLRUlaqpj57nh5//+ow9Sfeb12HsQPM+eR1W7dh+59mNn7pu9aD1r64ce+WWve3mQwWbtDDd1+pC7jXXb57HaJzPk37w9st8SxriS1cI4V9vqNv26hcuf/nTa7ZcPem8v13zzIjTW9veuO+F6yctWLXg+v/+i8z8v3n38//4co63lUW5Y6tvNCVz8/hIY0w815TMzQEAAKDf6A97Tac+NOvF4b/5xD9PvvHR7YOO/5tFqw/+de2Wdz34VOX4Z285ecT81zLz/yHlHf+Ph/wbC0e7OYRx3YmVg0M4qPvxJHBN7M6pg0P4QHeqvTgwPhXYHMLB3YkR+apSJepjiSGpwPamXGBcKrA1BtpTgfUxsCoVOD8GNqQCM2JgcyowIQbCnOJxfKQpN46yAw0xMC3ZiBviWQgvNMXWUtvqd/mqAAAA9pHc7LCm+G7BuQ57myFOLzc09JYhnoFdMkNdqob0DDY/rSpZQ3VvNVT2VkN+3Ct2P/xMzRW91Zw5DaOiOMPSb/7h/rFfXDW3euj22sNemnfczN8d8/41O1s++uPanT8cd9fahsz8v2338/+6HjpSkTn+H8Lk7r8xd2Uu0pmPT2svygAAAADshdETP/ZPl733l9fdcuLnfzv4jiOv2PjDqbVjv/XK0nt+uGLCudt+dEFm/j+uvPP/4z6RqoLMYVvcDTFvcAhtxYGk2qOygeSo98BcAAAAAPqD/PH4/LHwObnb5BTt9Hw6m799D/PHA//jesw//pC/fmzDf8z99k8nTjli7TmPzd9+1+EfrWn7m+cf/tIF86Z947JvZub/7eWd/z+g+DbpxNbYi9WDQ6gvCNwee9kV6DYkBh47pjiQG//WuAEujFXlTkzIV3VhLDEtBtpSgXWlStydL3FQcSD3ZOUbX5kfx5xciYIAAAAAvOXi7oB4XD6e/3/fgg/PPmpb3aG3rKr46V/uuKZz4vVtNc+M/VXT61/4whNff63xzMz8f9qenf/fPQ/OnN7fOTCE1uoQqtI/DNg2IFkYMAYaK3KJWwYkdVWlqzp3QAhHdw0sXdXjufX/q9NrDN7bkFQVAwd98Ornh3UlrmwIobUwcP8pl3+sK7EkFcg3/sWGEP6qa7Tpxq+vTxqvSTe+tj6EQwsC+apOrQ+hq7HadFW/rMtdxyBd1XV1IbyrIJCv6oi6EJYFAPqp+K90ZuGDi5ctnze9s7NjUR8m4j78hjBrTmdHy4wFnTPrSvRpZqrPRcsYnZsdU8nlkFLiEkWr7lk7tJx0/neCbYV9ye3Hz5w4mLsfvwvVdI9zdE3R3THpIX/4Q9kmQsE3qbdryAMKK9n1JGbqj/lrw8BQv3Rxx6KWs6YvWbJoVPK33Oyjk79xUMm2GpXeVgN66tt+8PIYXlhJ65LTF7YuXrZ85JzTp5/WcVrH/NFtYw5vO3LMqCM+3to1qrbkby9DHd5T1amh7rz8rR/qIdUFlbwVnxoSEhL9LfE/zjj95DuOnPOpE+5d+oGj1oybcPaNh89qXXPb9ZPWT3ts8I9GXZKZ/y/c/fw/furET/7c+gyljv83x8P8yeO7DvNPi4F15R7/by51ND9/YsCQVGBFDKxwmB8AAIB3hrg7Mu52jHutH6q74qrDL3329C2jJn7tzOaRv57wwXEHfvqML99x3H/+3/d/7xN//N+Z+f+K8n7/v4/W/88vXf+5Usv8j4gl2kqt/59e5j+//v+KUuv/p5f5z6//v+5tWP9/aT6Q2iQvWP8fAAB4J3jr1v/vdXn/9AUCMhl6Xd4/fYGATIZel/Ev9wIBe7z+/5PHXPv0B97/TPvPrr/j8ekXn3HOx9fUD9uxrL7l9m//+y9u/MqpgzLz/1Xlzf8t3A8AAAD7j2uPffLfjr3q+7ec3Pjsj2sWzT7/5vNuahz2WsWsjfMnDJh8zez/ysz/15U3/3/r1/8Lpc7/H1Iq0F5qYUDr/wEAANBPlVr/b/tP6i+9sHHHuk0bXv/ske9+/Tt3fOdrry34wQ8+89H3zV48adyEmzPz/w3lzf/jaReVRbljb95oSta0C+k17Z5ryv9kAAAAAPqHytDSUlNm3qKVUcf/+W3GpUB3ly504nE//WT70HffPufaKa3/cN99Ha2H3NnUsH7+zi+d8PTyp05YeWVm/r+5vPl/0e8yqnZsv/Psxk9d98bqQetfXTn2yi27jv8DAAAAfafc/RIAAAAAAAAAAAAAAMDb770Lxoy/t+Xxd1+0evn5zdddcfmbm1q3fPUfL6na/uHZf7hg7uiGzO//w+TucqV+/x+v+xd/X/AXRbljq72v/5e7f9LxP1nWvWThtqYQPlQYmHfevANC7tr8wwsDt351xHu6EuelS9z8yISnuhJT04HPjDzw5a7E0anAtLhI4sHpQLyq4suDUoG4vOJ96UDcHhvSgdpc4FuDknFUpLfVM43JtqpIb6sHG0MYXBDIb6sbGpM2KtIDvCQVyA/wjHQgDvALuUBlulc/GZj0KgYaY9HLBia9AgBgvxW/BdaEWXM6O9riV/h4e0h18W1UtGTZudlqq8psPi5NtuqetUPLSVelv4vuutZ4TajrGsKozNfVwiwV3aPcN7X0sun+osSQe1vtra82XW3pETUkI2qZsaBzZk2vAx/Te5bR1b1mGZWZ7BRmqezepGXUUkZfyhhRmdumjC7H+5WhpaUqlWtsDDaHIr29Isr9vX5Pa/6VekV0+cSXb/rD41ubPn3Ye9pPO/+eyvff+6sDr3jxQ688dN1hm/7bR9b++urM/L+5vPl/XeG4Xs5dDGBFvLLeUYNDmFbmiAAAAOCdb/b8Ry6+4FcXbX+sfdhTC1ovuvWBZT9YXt10zfnHPnjzmS+d8r2pexu/9skTfvvAb3+0cdj4WxaOGfDEWVdedtw9d92xetvxb95w2P8ZOePRzPx/SHnz/7hjLHcoONnbsTle/3/l4BC6L63fnASuicM9dXAIH+hOtccSyQX1PxdLtCWBa+IOkxGxxLT24qrqY2BDKrC9KRfYnApsjYHcXoqrQ25XzkVNIXysOzW5uMTCWKI5FTghBoakAi0x0JYKDIqBcanAHwflAu2pwJ0xEOYUb6ufDcptKwAAgD2Rm2fVFN8N6XnehureMlT0lmFAbxkqe8tQ11uGUqOI9zfGDDWFx+NzGeJDNelaG1K1ZDLEi+Hvcb8yGcLdxTnTBTNN588kaS7OGTN8+x8f/OT0lx6+YemP3hh+4rmf/PH3tm16be4Tp40cPO3VsfNGfPuPmfl/W3nz/wHFt0nrW+P8f9f1/5LA7bF7q+Op40Ni4LFjigO5HQNb42T3wnxV7bkSuUn7hbHEuBgYkgosjIFxqcC0ybnAuvcUB3Iz7XzjK/ONz8mVKAgAAADAWy7uIIi7aeL8/9K/mz353O+0dqyc9dWnps0Y+ukDL33fpcfcNOk3c9cedOCpd14zLzP/H1fe/D+2N7CwsfNjb54cFMINFbt6kw+MbEwCcT9GY/x5/PsaQzigYAdHvkTHgKREbarhcFtD8gv12nRVNzYkawzE+yfd+8tbv9uVuKQhhKEFe1/ybTxcl7TRkA4Mq00CA9KBBdVJIO75yQd+XpkEYK/l9wrGF1TuVJe85p7LlXj9vVOuCZoeXmYfaA/5evrNVV+pSz+Q26eat2dPW6Y6+kTm7bHZu60/vtuavdsKv0jlvqHs3BWqC5UzO2ZNX9q5JD5S+EvWjD56nnv6Jevu0vvgdbjiz+9t7+rSHWhLfXy09Vyu59dhRayuasf2O89u/NR1qwetf3Xl2Cu3lN2NEuIm/cuvjR/2UMHm7Wt1Ifea63efJ+0+T/rjv4EhnrYQwqbnvlF/5okn/tsB/7Rw0/cf/a/mV7/1zTs2blzW1HJz1ZpJF3722sz8v728+X916rbba3FjLh4cwocLNu62uPknDk4+BwsCyafku7KB5JD7E00lPzkBAABgX8vv7sjvL5iTu01OCE/Pk7P52/cwf9xfMa7H/OX2+4TP3/0vf7vid6u/uGX9AxW/+f3GK04YM3XhYwvvu3jiP/+v31/16I2Z+f+03c//61PddPzf8X/6iOP/Pdrfd0XXpx9YsVe7ojPV0Scc/+/R/v5uc/y/R47/O/7fE8f/e+H4f4/296ct8y1poS9dIYSnn/2XC//hgmUnPfTqu4+4+IE/PTjx7IobOv9j+kPPdLzx0Vdm3XpoZv6/sLz5v/X/el60L7/+37RS6/8tLLX+3wrr/wEAAH2qxEJz6XleZvW+TIb06n2ZDL0uENjrEoPW/9vj9f82nFz9+1/P/ffvf+6+pw+vnHr/f46eP++m4UcdM+KqNU+t+NcX2lsy8/8V5c3/48thYGHr/WX9vyGTS1S1KgYWWhgQAACA/VGpHQQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC8vcaceedL33lh+2G3Lrlt5cnj/3r1qV//7NEH/+zKnZ/YHL7x4vKX7ply/FkXTDl54o6Vx874yt1v/v3WEOZ0l6tIilf8/KKpy2qnTPrSxV8+59jPH7V1U12u3prc7XuLcsdW32gKYV3BI40x8VxT151dgZOO/8my6q7EtqYQPlQYmHfevAO6EuubQhheGLj1qyPe05U4L13i5kcmPNWVmJoOfGbkgS93JY7OBSrS3b10UNLdinR3vzsohMEFgXx35w4qrirfxnG5QGW6jasakzZioDEW/UFj0kYMdMYSc+pDaK0OoSpd1f+sS6qqSlf1i7qkqqp0VefUhXB0CKE6XdUjtUlV1emR31WbVBUDB33w6ueHdSXW1YbQWhi4/5TLP9aVOCMVyDd+Ym0If9X1kkk3vrEmabwm3fglNSEcGkKoTZd4sTopUZsu8Xh1CO8qCOQbn10dwrLAO0L88JlZ+ODiZcvnTe/s7FjUh4naXFsNYdaczo6WGQs6Z9al+lRKRUF657nZeGWZY3/4+a/P6Lpddc/aoeWkq3Plarq7PLqm6O6YfdX7ij7qfezXgMJKdj0fmfpj/towMNQvXdyxqOWs6UuWLBqV/C03++jkb1UummyrUftqW5Xrz91WwwsraV1y+sLWxcuWj5xz+vTTOk7rmD+6bczhbUeOGXXEx1u7RtWW/N0XQ708G6/q46EeUl1QyVvxASAhIdHfEpVFn25t+/u/7MwX/V0drQl13R/QmWlFYZaK7lHui0GP3318Xw46MyXJjGhUZuKQyTK69yxjMpOJXVkakizd3+syk8PCmiq7N2m8XxlaWkr+p2suvlu4+f7Uw+YtV9x05aYBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+H/swIEAAAAAAJD/ayNUVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYQcOBAAAAACA/F8boaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqgo7cCwAAAAAIMzfOoyeDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuBQAAP//CAsM0g==")
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x1d)
ioctl$BTRFS_IOC_RM_DEV_V2(r1, 0x5000943a, &(0x7f0000000880)={{r0}, 0x0, 0x8, @inherit={0x0, 0x0}, @devid})

16.935799932s ago: executing program 3 (id=1467):
mlock2(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x0)
mlock2(&(0x7f0000006000/0x1000)=nil, 0x1000, 0x1)
mlock2(&(0x7f0000003000/0x4000)=nil, 0x4000, 0x0)

16.935604174s ago: executing program 3 (id=1468):
process_madvise(0xffffffffffffffff, &(0x7f00000003c0)=[{0xffffffffffffffff}], 0x1, 0x0, 0x0)

16.855721401s ago: executing program 3 (id=1469):
syz_usb_connect$uac1(0x5, 0x9c, &(0x7f0000000000)=ANY=[@ANYBLOB="12011003000000406b1d010140000102030109028a0003018040080904000000010100000a240107005002010208240803ff00fab008240403cd82ab090c2402030502058102000c81090401000001020000090401010101020000090501090800037c090725010700addc09040200000102000009040201010102000008240201060308050724010412011009058209ff"], &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0})

16.321864687s ago: executing program 3 (id=1477):
syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f00000002c0)='./file0\x00', 0x10, &(0x7f0000000600), 0x1, 0x59d, &(0x7f0000001100)="$eJzs3c9vFGUfAPDvs7stlAItb97kfZGDTUiERG1pwWiMiRDx5sEfJJ5IrG0hhAUaWhNBjJDgf6B/gIk3E2M8EmOIevHqzcSriSESA714WzO7s2WB3f7cMsh8PsnQ55mnk+8zu3z7zDw7MxtAaY1l/1Qi9kbEfIoY6WirRd441vq9u3euzCzduTKTotF4568UKV/X/v2U/xzON94eEb/8kOI/1YfjLly6fHa6Xp+7mNcnFs/NTyxcuvz8mXPTp+dOz52fmnxx8oUjh6eOHOrLfu6KiJ/Gj9eun3pt3zczX+755LuvbqQ4Gjvz9s796JexGFt+TTplr+tL/Q5WkGq+P51vcaoV2CHWpf3+DUTE/2IkqnHvzRuJT98qtHPAlmqkiAZQUkn+Q0m1jwOy89/2UuwRCfCo3D7WmgC4m1pze0vL+V9rzQ3G9ubcwI6lFJ3TOiki+jEzl8WYfyaNZEts0Twc0N3VaxHx/27jf2rm5mhzFj/L/8p9+V+JiDfzn9n6tzcYf+yBuvyHR2cz+f9eR/6/v8H48h8AAAAAAAD65+axiHiu2+d/leXrf6LL9T/DEXG0D/FX//yvcqsPYYAubh+LeCUi2tf+LXXkf260mtd2Na8HGEinztTnDkXE7og4GAPbsvrkCjHG9v080LOt4/q/bMnit68FzPtxq7bt/m1mpxenN7PPQMvtaxFP1brlf1oe/1OX8T8b++fXGKNx/NUfe7Wtnv/AVml8EXGg6/h/78kVaeXnc0w0jwcm2kcFD/vo5I1ve8WX/1CcbPzfsXL+j6bO5/UsrD/Gx3/+ton87378P5hONB85M5iv+3B6cfHiZMRgeuPh9VPr7zM8idr50M6XLP8P7u9+/r/S8f9QRFxdY8wT379+vVeb8R+KM3QtYnZd4//6C/vf/fzvXvHXNv4faY7pB/M15v9gZWtN0KL7CQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/RpWI2BmpMr5crlTGxyOGI+K/saNSv7Cw+OypCx+cn83amt//X2l/0+9Iq57a3/8/2lGfeqB+OCL2RMRn1aFmfXzmQn226J0HAAAAAAAAAAAAAAAAAACAx8Rwj/v/M39Ui+4dsOVqRXcAKIz8h/KS/1Be8h/KS/5Decl/KC/5D+Ul/6G85D+UV7Xx9cmi+wAAAAAAAPTNnqdv/poi4urLQ80lM5i3DRTaM2CrHS26A0BhPOIHysulf1Beq53jmwOAJ19apX37hrcEAAAAAAAAAAAAAPrlwF73/0NZVYruAFCY3vf/ezIAPOnc/w/l5RwfcP8/AAAAAAAAAAAAADz+Fi5dPjtdr89d3Ghh2+Y2V1BYa+H33a3/s49Lf9ZfiNSHjHtEhaL/MgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAG3/BAAA//9r5fVk")
mount$bind(0x0, &(0x7f0000000100)='.\x00', 0x0, 0x21, 0x0)
quotactl$Q_SYNC(0xffffffff80000100, 0x0, 0x0, 0x0)

14.676098399s ago: executing program 2 (id=1492):
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
futex_waitv(&(0x7f0000004040)=[{0x0, &(0x7f0000000080), 0x2}, {0x3, &(0x7f0000003fc0)=0x1000000003, 0x82}], 0x2, 0x0, 0x0, 0x1)

14.612652476s ago: executing program 2 (id=1493):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00')
r1 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000040))
epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r0, &(0x7f0000000c40))

14.612451894s ago: executing program 2 (id=1494):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000480), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_PORT_GET(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)={0x3c, r1, 0x701, 0x0, 0x0, {0x2e}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0xc008}, 0x4008010)

14.537227404s ago: executing program 2 (id=1495):
r0 = socket$inet6(0xa, 0x5, 0x0)
bind$inet6(r0, &(0x7f0000000140)={0xa, 0x4e23, 0x401, @private2={0xfc, 0x2, '\x00', 0x1}, 0xfffffffc}, 0x17)

14.536647824s ago: executing program 2 (id=1496):
bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0xc, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa98}, [@ldst={0x3, 0x0, 0x3, 0x1, 0xa, 0x61}]}, &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

14.444685192s ago: executing program 2 (id=1497):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_ADDFB2(r1, 0xc06864b8, &(0x7f00000001c0)={0x0, 0xae, 0x3ff, 0xe, 0x0, [], [0x2b8, 0x80000], [0x106, 0x4, 0x1000], [0x80000000]})
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, 0x0)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x4008094)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
sync()
open_tree(0xffffffffffffff9c, 0x0, 0xc0800)
mbind(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x1b2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
bind$netlink(r3, 0x0, 0x0)
r4 = socket$inet6(0xa, 0x3, 0x7)
connect$inet6(r4, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_IPV6_XFRM_POLICY(r4, 0x29, 0x23, &(0x7f0000000340)={{{@in6=@dev={0xfe, 0x80, '\x00', 0xff}, @in=@empty, 0x0, 0x0, 0x1, 0x4, 0xa}, {0xbd1, 0x0, 0x3}, {0x81, 0x2}, 0x1fffffc, 0x0, 0x1, 0x0, 0x0, 0x2}, {{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x8000, 0x33}, 0x0, @in6=@empty, 0x1, 0x0, 0x0, 0x7, 0x6, 0x0, 0x10000}}, 0xe8)
sendmmsg(r4, &(0x7f0000000480), 0x2e9, 0xffe0)
socket$alg(0x26, 0x5, 0x0)

1.315996094s ago: executing program 34 (id=1477):
syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f00000002c0)='./file0\x00', 0x10, &(0x7f0000000600), 0x1, 0x59d, &(0x7f0000001100)="$eJzs3c9vFGUfAPDvs7stlAItb97kfZGDTUiERG1pwWiMiRDx5sEfJJ5IrG0hhAUaWhNBjJDgf6B/gIk3E2M8EmOIevHqzcSriSESA714WzO7s2WB3f7cMsh8PsnQ55mnk+8zu3z7zDw7MxtAaY1l/1Qi9kbEfIoY6WirRd441vq9u3euzCzduTKTotF4568UKV/X/v2U/xzON94eEb/8kOI/1YfjLly6fHa6Xp+7mNcnFs/NTyxcuvz8mXPTp+dOz52fmnxx8oUjh6eOHOrLfu6KiJ/Gj9eun3pt3zczX+755LuvbqQ4Gjvz9s796JexGFt+TTplr+tL/Q5WkGq+P51vcaoV2CHWpf3+DUTE/2IkqnHvzRuJT98qtHPAlmqkiAZQUkn+Q0m1jwOy89/2UuwRCfCo3D7WmgC4m1pze0vL+V9rzQ3G9ubcwI6lFJ3TOiki+jEzl8WYfyaNZEts0Twc0N3VaxHx/27jf2rm5mhzFj/L/8p9+V+JiDfzn9n6tzcYf+yBuvyHR2cz+f9eR/6/v8H48h8AAAAAAAD65+axiHiu2+d/leXrf6LL9T/DEXG0D/FX//yvcqsPYYAubh+LeCUi2tf+LXXkf260mtd2Na8HGEinztTnDkXE7og4GAPbsvrkCjHG9v080LOt4/q/bMnit68FzPtxq7bt/m1mpxenN7PPQMvtaxFP1brlf1oe/1OX8T8b++fXGKNx/NUfe7Wtnv/AVml8EXGg6/h/78kVaeXnc0w0jwcm2kcFD/vo5I1ve8WX/1CcbPzfsXL+j6bO5/UsrD/Gx3/+ton87378P5hONB85M5iv+3B6cfHiZMRgeuPh9VPr7zM8idr50M6XLP8P7u9+/r/S8f9QRFxdY8wT379+vVeb8R+KM3QtYnZd4//6C/vf/fzvXvHXNv4faY7pB/M15v9gZWtN0KL7CQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/RpWI2BmpMr5crlTGxyOGI+K/saNSv7Cw+OypCx+cn83amt//X2l/0+9Iq57a3/8/2lGfeqB+OCL2RMRn1aFmfXzmQn226J0HAAAAAAAAAAAAAAAAAACAx8Rwj/v/M39Ui+4dsOVqRXcAKIz8h/KS/1Be8h/KS/5Decl/KC/5D+Ul/6G85D+UV7Xx9cmi+wAAAAAAAPTNnqdv/poi4urLQ80lM5i3DRTaM2CrHS26A0BhPOIHysulf1Beq53jmwOAJ19apX37hrcEAAAAAAAAAAAAAPrlwF73/0NZVYruAFCY3vf/ezIAPOnc/w/l5RwfcP8/AAAAAAAAAAAAADz+Fi5dPjtdr89d3Ghh2+Y2V1BYa+H33a3/s49Lf9ZfiNSHjHtEhaL/MgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAG3/BAAA//9r5fVk")
mount$bind(0x0, &(0x7f0000000100)='.\x00', 0x0, 0x21, 0x0)
quotactl$Q_SYNC(0xffffffff80000100, 0x0, 0x0, 0x0)

882.351123ms ago: executing program 4 (id=1545):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x301, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x40, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8}, @NFTA_HOOK_HOOKNUM={0x8}]}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x6c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x44, 0x4, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, @last={{0x9}, @val={0x4}}}, {0x2c, 0x1, 0x0, 0x1, @immediate={{0xe}, @val={0x18, 0x2, 0x0, 0x1, [@NFTA_IMMEDIATE_DREG={0x8, 0x1, 0x1, 0x0, 0x1}, @NFTA_IMMEDIATE_DATA={0xc, 0x2, 0x0, 0x1, [@NFTA_DATA_VALUE={0x5, 0x1, 'L'}]}]}}}]}]}], {0x14}}, 0xf4}}, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000140)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x6, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @initdev={0xac, 0x1e, 0x0, 0x0}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}, 0x0)

811.43028ms ago: executing program 4 (id=1546):
r0 = socket$inet(0x2, 0x1, 0x100)
setsockopt$sock_int(r0, 0x1, 0x48, &(0x7f0000000040)=0x3, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10)

752.849368ms ago: executing program 4 (id=1547):
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'netdevsim0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000004640)={&(0x7f00000003c0)=@newqdisc={0x44, 0x24, 0xf0b, 0x0, 0x4, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8}, {0x18, 0x2, [@TCA_RED_PARMS={0x14, 0x1, {0x1, 0x8, 0x9, 0x13, 0x20, 0x3, 0xfd}}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x20008040}, 0x0)

671.753183ms ago: executing program 4 (id=1548):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="dc1000003e000701feffffff00000000017c00000800428004000800b810018006002000800a000038102080b3f5502e3f49bbd161b96d3e3f351635030c6a8e6ec97e54fe89e00c3d869057340f8b8470cf9c041092005610a059d34c8c220d1d0b4867978f622f795279382db86fed00b3a59a5e3118d0073db5696b61ed9bcc52b8eb3e5dca837128e3ee5157d166f323b6ba2fdc6f5489f4df0fb50854fca9adb67c0be007cc3b637559909adf81403d36acfc547b13deb8f100edb9eb828b7ea2bab9945fe24b60429ec2548b5c273d3c9b34977ad6765603a76996aa236dca3f15b09b6ffb85712c444ac49c50d1c5d740d7087c609e732a15d8455598825162b5b79c9391e89f40db3bf165bf4c0583aed81026b2d0fa7d7961cd97acca6d7a81f4af44781676718ac2c09a5c9266733928e1beebbaef4932337218d82aec9e8b039688c99ca844b48e0f2c70744eb7785c6a93c4d9849c1530d56c93c277b97bb31368635a6210217522dc0bcc3b03597ecdffd073653aba43676bca30c717d0e951b7871a4246404ff29718bd4fcb6d4753f5871d1c1cef0a04f205199137440c1d23c3d3d54e0f56d188e7d3b79019523bee9585a345f937295d7c9430fa2712520110d70a406a52053dfe026b6cf8e2327296d8f3af0a98af0313367c4f5c5fc6ef8d22d3325f2712f491ad8451cdc8d4258fe8b4013200d3f971bcbd9e0ec39df690d4dd5a43efa182f1fd8b9b563ecc67ed1e0ba845a2daca527bc363797a59b89b97a69d4895cff8f7360e1f61c05ed730d769ab57fedc4869a17e6d36f71181975233f3fdc3b20b02dfc55f20724636f566d381667a56926f3d4fad3aae32f87d3b8cb68afcbc48ddd3f8358343672196f6851e7864ccc790093c62b64ecffb3e192e369b73b1a5abff47fc1bdd53e02551999644c930ffd59f4da7ff7dd2d76556b99108aa03edd4bbae92f802ac7434642ca89a9b79dea5f31b1f28a9b56b67e7fedb73b2a6165e2f39ca58592a22084e8c74accb3fa10a51ba57aa56acb6e3bebce201626a16f637ed367f38cf1a798202e2e8687b0e9d3e63015daed0a161f25d0e91cce0543aaef26a9b623fb0d549c5dd47fddb230d709f4655ea9eafb24d61aa6a9a2d36f290b75e9810f5302ff29b4d07de40f265c17523d0fc305a5ca203aef61c9b2c1a2e78bf453e74721f0a7c48cb43194b8e53427b17bc06d71e94a7aebc58e015de75c1fd864ad5e5c877b80517579368124a4e792a3287e0380d6710e138fe2959f67c768a970cbab62e6361690e8c89d0989ed200b1651d7cce964e2454f6a0732457c5036a1097b1eaf2cfc2de1696af4b742a450b6a0fcf97754e1dbc7884abe0f7759ef5a985decc21b91eda1e714725470ab4a911b23d4b94ccc49f63585e591c289efe4b33d4ffdbabec06546f30886e31429d5c93ed4ed01139b9f063e255ce7d53999c662704375745bb2a5ce96aa81a7ced635088df89302f4d3ada2679dd9828885c3487a6fd6c431a9d416d6ee013be5e0082530225fa7519d2d1a0ea1343eca421bf4311a435afc9150ce9d7cd8783e2340547fc64c0386cc50b481aef98b9e324f3f62a3ced5097223391a1d93a78e003707d6f15019be64f8a9f206aaf3a880ab8b7a2b9bf0ebd8168cad864b36d9c18a30dea2161251c198e6996f7bf4446e75a844f4ffcc97be666dec2d1917335628dd33da07dcb7f26f36aa881f76dad2d010654b5edb2ea83088de742adc36ef1e79f0d03bd2dcf7fc9718f2263e7088a3703d6e1d996f49e38f7ab001ca571d5b0898d91e456f0f3292ade1a6634ef1290f81af76aacb2979656fe74f7260804044d26e0aa0aecd1888c22350074a70f6c9e145435fc6fef442be1d087eed43f40f34488fecfad3094785ba45f4c8e78790455e50d63f028700f03eb71f1bc4682b1a11f35028f1e50badc4168eac2930a4e0cdaabbd1490d37be86045835792d74158d4a7877ece14c34900714b6d10326318bd1ddfdcd9b54c15443aac6be3665bbb51afdbaaea9b964397a9f1e20f38ad8932eca43e67a8e2ac110e7b4b1e06ef2bfe0c54a991c4db9fc057dc481b2b058b43b7d45ee8393eb922ab2af58d660e6e659726b114ddff0a5ecd45d029a815026e6dcbb9594f61106122144d2506059925062e8c95125c4f710486b608869b7c5c54c26c87a3749e095f729fffe1276d681527243742764d7313edcf8ee3d16fdfff84295d19aed32ceaaa855a4db733e118d45fc74e9e48096f8639081340cff07405241d611ce78ce7fda92166c7d4661ec753540ac5de803e0a8e226d87e9f865f02cec07ba62f6be554d121bead73d09f9f8eeb64c588089cddf8c1a7d3fc418c124c03b82a45dbfd04bf0643488133236b2ad7aa05f5830dfce2a2678fff10178f0b6d37264ca1a8c26e75635124a6b596949afc2d244caf1a03e14302c184fa477dc2266b4da3837dfb9989a1b8ddf9e24e9875aa8695d3434ae4409c82d7455a719dfb564becc6a5e74369237639389e548c3e559cfa669fca8a9565596ee8214f373d42ee0e43ae944dbc43bf927d3e960f14bf696770ca0a00636dd5b1b00aa2dc42ab9fb3781deb72df0d42c0cce04f2cfa8d13714f234bc5d24990c780c7398bffa9e64afe05bea92a1d1b34665f84d473f364dc1d60f3a1980be3f13d05fe9ab083ad6a7470f92709367930351c2b57829f0636a6665bab0303e0d3979e83c1a971de06f5d0c207f5e053e94c5f2b939962704a94d49c4f4b9199676235e22bd7d8bd149ed2551dcc79834f391964070afb4ccb4dc1f3035630fbd077fe93cc5982217c8228477806c05d4a0cd728ca06b672625a648111db157386cbb78da359c9fe216c8179b09ff5a77091e3f42b0224d0eb0ae7a9722bfc42308d2f08d2b6ff6684bf1870398d55462eb9713d9ce139585bd2d55144a6708f3ce86bc239eab6ea1c06c9a06af749b7581cd14882dcf89874108aa86cd305f41f8c6285454df09f34c61183bc1f7499f3a05a185f40e6ba3eb65e9e1850efe2676b2ec9cc2e64996bf60d6f16287e9d4663808a260f87c4dc377d6f263df7266182caedb644c56da0ef0c0b271e31256e1994037db62a18d66a96620604f4e7a43b8e353d520230e01536faf8cc920385eca7769e89bfecadbd71093d8c5c0fd25207d9efbd3a6722202ee3b1a0da019b7006da0891d18abe4a8af9ef4bf311d95c48ead0f44c826f67096ad46a6c48a6f1f69f27a95f5cfc2e4f23e1408f15ceff9d413b514ed679bd695d0cc340a2f7d711ba050fdb4c159eb309b34c4eea3066373354083edcebd9ce7edae65f4e792f26f447d4615cbd5f51ade0f77a210ca29e6f33d928d55f1a07ce0180494f3cbdd0feb39aeaeb05d480ac291178d37224ff8155922ef50ddd4a9c4a6c10726fa6012dee7b87cc0a25f01dc273fe205d41166cccd1af4b3cfa12f03e3380c7f351d1f7d8435836acc43ac1ed60bf08a635431ff317ac6506dc293f8c2320294df3c062a930c6de4e5118d89304b093308bdb422722371a612ea6a80273f59c34ee7d5f5c8eb3711d888bc9f6b591ada92a03d8738a7fe8709f1c82efdfafdc5e3887ec744374872743f358b66603c3badce42267006663fbde835ce05ac3ce4ed863a45c269e1a244ba07cb34dcf212ae67aee03873157ce4de62b10839988e7178ef13a1a7a9137406ae049f069e61a30ac9a5e01c292b93ec9124de6aefab2e0a6b96168ba03e036c379ea0dd289cc5bb6b3a5a3016f9a2e44ca297e57978ce3528c728efa8ac7d33e8f32caeb4d5acb683b08955593d2c3c66b151c3b564d2e89a949c56a136bc7a28fd34427a04455e71735c8e29cfcce47e6e1520ab2b8f05da260e9c1db2b657a31907c0587947ccd8c811dca22d45bc02f010191f706c105f151bee70351ee8ddce609aa672effdc339421ec64501993b2e837daffc73d3d718eada3465317012287d4b75417dc6db53e7674549c5e4eec25486989a0625372ac26fd04217cd7b0d93c6aa62046b25361969db04a433f622d8d5f5a9121c0737fe511ff924937c577039572e53ff26ff5769cea0830bb3f5aa64900e800cfd473ad6eceb0f852aa52ccfc6dfa5031d21ab04f23b15983c04d2aa0da50de15cbb380ef270e4d280806786897fdc426b694a16bd664965219759209646c81cfa01f79f202f33471b7628f3d47f8db9dcd7262aab93d6385a4001c83645e25449ab220b3e8618d6a70f85a357cd7a881a3449fdecfa86601c49da0ee652d95aaac0808e9c458d46982a30f21ff381d2dd2c2f10a240d64decc0066c19dc8f0e7b476fc5899388adb7123973081351a5d20892b12aa227c568d45b80e0557d83f16e5f554c2b5a536d1f0d5ebaa158bb47a94d3415e22c814ea34dec89f949da60ed22507ab48c61d2617bf2af88494fa440defdd928ebecc27a516efe3bb6d1c66a369fdc43dfb9961a55e79f3edcc2336e4ea115a9d34453305269b4b465e049df8a8ca637f61c6371e0c5bdbc0cbcc2942f4d8bd74e478388b90015faf8cb560d10f429326cf869c09ef881395195c1db1e20cab41cc46bfae1189f0289f94ff363c768afff0ed7fb1e2a65fb014e8fa4dc3805e06b64783ef5fe1c2603a34f4323f2a96a2d6f5448f88fe493095c0b3416dacbc981f4f7e9ede557f1dc1b667a82d1475ebaff4b200381715f3a0082d8d598955678071bcc32e49e97182bcbe0a4af63e1f9cbde7095b3f92721554c024b018392e75d447d382cce26b2b7d06398be6934cb094fae3df45f79f60d14a30ce8967b4dc79056df2bee235b20678e1a13620a99fe1540c5c7b07c029225aed27ce9a227ce7beba1ee82a66314edf5dd1ee32c774f52e7f6fccbb81f8b16624966914b6aed3f3c46d56ecfd814f4c0e54e47af6bcb9ef4c2112e68fa1ecbad76df94ad3d20ed14242f0602464fddfcb10a0bda39466a98caa7f74406a61afbf756037d473c12aaa62bd073dd5e0ac7b3cea8e9b3ece5dfc57f7ef8686e0c995ae058f3cf4e06ad698ed6acaf035d02d3370aff119d6a20ddc164e4aab9f38da52e641e9615404de939c753b383aca4e3141fae2c1f17a17089b21920325f15de91aae9411515b97e7b06d281cb16cd90e74610d880877470572050f990e400733afe4082b7ca561a56d0ee8871548369957c1f2904d9cac9e73f3fc82e28fa4045b58acf02d371c1a51c2dfff30184031fa744f594ed88495c8fda61abbe3a29f20110adc5f3a0d480f61593807839b3c31b1dad3d4fbb2ef55eb71e7d54d3bebe77339c2d45f063c14ce53ac089014d53227467d43a43fbc36de3c57abd2b9ec6b4df1e8d77bc017e5c5d255086a5889e8df99aabadf26f63e7dc2f9ff239153ea6f73137759fdfda7976c3be7b1d8e8413c5eb390fa5a6ebc7284271df7b229deb26c37c984b387cc4eeddfaac57540edd642c6e115e774e35c9a2432888dde8f48a13a55e0d9f8cafb5bc6f76820787fcd859965e0d49630f0f2f8dff2ca75cb1c805d06a7559c749fd6c600a67d1ba99b93fcdd8cdd88bb50aef0a4a2a1cfeebf42645d10baf687f576a940fcdaaa326ae55ae726824bacd3d834bf64c8687b18fa13a1126b518824191320e56f99226cc1afd73309433f9ed22a72384224a3f68e53d932ee71d18b9d8860b6ee621c91031b26e0bb7133d4f775f6f5c7d37f54943e2c0dc317d6ad1f7b26f9a4a82f32b2f71756db9cc377be83bb2cf0b19e9f8e7dae8f3c8dd33c0f12360d8875cee11c2cf2b37b00e4273948e6cf2fc233150e5d84d33d4aced0e77206e90862e77246d2d1562f32fc1cb94f7f6a3ad578b25a03e18b78947c11227ac0bdb5786d2a876f885238cd063607acc276044c77300c880f14737bdabf4b65fedb09536d82fce7f1ac1069fdf698e9baf2d3e3bad18133ee6419561819f8acaa9ed5f548d68c46a67f0e42b8d4f0999198734cd978a1029ae827ed6687cd175338291f8d2a883e4548e876421815f762b8c1a9e6a696dbf075d16265de1e801804bb49bab981200080002"], 0x10dc}, 0x1, 0x0, 0x0, 0x4000c000}, 0xc000)

621.511615ms ago: executing program 4 (id=1549):
r0 = syz_mount_image$btrfs(&(0x7f0000000000), &(0x7f00000015c0)='./file0\x00', 0x0, &(0x7f0000000040)={[{@clear_cache}, {@metadata_ratio}, {@ssd_spread}]}, 0x0, 0x559e, &(0x7f0000005680)="$eJzs3X9sVeX9B/BzWwoN+C39jhUYfxAgBoMkyJYtjqB4MQa24eKlgsKcCEQlBivYRDcYqUWSZcaghU4EF5GQaDJjscM/FMywy7CMZfzY5hZjs4JSaZZsAzVrHDG69N77XO49l9tembNOXy/SnvPcz3me+9yT88d9X/qcGwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAURUcSc9+d0f3i0ZE1X77/Hz+e+OjGn4zfvX/roVvu23T/gjMjbto5a1nf+mlN8zdsbDjS/PS+ObdGUSLdL5Htf9u136q/88bbvlsdBly+MLOtrS31lJmuJzON4QUP9vcr/FkRRVFVbIDK7PbV7E5FwQC53cbiAQf0Tuui6O7J8ya1dT01bklyYU/xS6df9VBPYKhkr6ue89dSMv27InZErp136SUKLtFM//gF96m8CADgY5mZSm9yb0ezb3Fz7eZ4PdZOxtotsXZ4h9CS37gYmXGHl5rnpHh9iOaZzESFESXnGatnz3+unYr3j7VjUeNjzLPw0GykqS41z7Wx+lDNEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOCzZOzxo2tWtD2y575fdtQceff9OVc+8KWOw22LT4y8eunKHWum/HTWsr7105rmb9jYcKT56X1zbo2i2nS/RKZ74kTL5b9NjZ3fvXfcG427n6vpq8yOG7bD8g6OXg87s0ZH0cq8Sk8Y9q81UZQqLKSb0Y7iwl3pnW+HAgAAAJ8nX0n/rsi1M3GwqqCdSKfJRPpfkAmL77Quiu6ePG9SW9dT45YkF/Zc/HipEuMlLzherl17/ieRF4xD/I2Pd74eDm0sGmdg8RHjef7SMWPefmty/eSvT5v7xA3PjOru+r8nZ2xJ/bGu5oUrru+tf/a6ovxfO3D+D2dO/gcAAOA/If/HxxnYYPn/jqVTt7z+i2Grft3a8MTB+h1/bv3OMzsXneq54Ud9L09N3v7o1UX5f1LBUxbl/zDjkP8roovL/wAAAPBZ9t/O/8micQY2WP5vONM3+wcHX6vr+PucxXt+9dAVi8+e/tv8U7t3DV9zR8v6uoeuLMr/M8vL/8Pypx0e/F2Y8OrRUTSz/JMKAAAAFAj/737+o4WQ1zOfHMTz+rX/vKp5380ffPMbD97zpzff/s2xA7MnrdteN/PgyzfVf1j5ve3dRfk/WV7+r/p0Xi4AAABQhuePrpw773jPucfPvtB18vDu3pMznjyzrqnvdOslLatXbTr2WlH+T5WX/0cMzcsBAAAALuDeO59bsfnVl/oe2H/X2Ck9FVc1XpK4ZduOqU0TPuq8tPfy7VuL8v/y8vL/yOw2u/Ih06kz/BVC6+goqu7fWZspHIparskVAAAAgE9IyOlbP1ixbOzOsb3jj59+rObQG4dn/2Vt55yN13RXdW/uXNZ4WdH9AkJiL3X//3Cng7D+v+D+f0Xr//MKmbv+zXZjAAAAAL6Iitfzh9vjZ765oNT375e7/n9J3cQTiba33lv11XMHzo1ZsP/7129aV9/be8+El37/wz9M/6i6KP83l5f/K/O3n+T3/wEAAMBF+F/7/r+lReMMbLD7/zdV9DWsWrd3+uota7csTCw7UH3qwdV731+w5l9Tb36+qea6A0X5v6W8/B+2o/JfXkc4P5tGR9H4/p3s3QR/Hqa7OlZor8orZE58rMeNoUe20D4ir5C2Ntbja6OjaHL/TnOs8P+h0BIrnK3JFnbFCsdCIXs95Ap7YoWOcKVtq8lON154MRSyCyzawwqKUbklEbEe75Xq0V+4YI+u3JMDAAB8oYTwnM2yVYXNKB5l2xODHTBysAMqBjugcrADhsUOiB9Y6vFoeWEhPH575yMbNjVMSb7y8NzHfvbms40T9j1+WV3v5g9f2XbvxJ3TW6YW5f9d5eX/cCqGZzal1v9HYf1/9nsNc+v/l4dCbazQHgqp+B0DUuE5MmH34fActalsj7PjcwUAAAD4XAufC1QO8TwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/s3evcdJVd0JAj/d9INumqaNE9GMk3TUgGakaWwNw+AoaoxGRZpZddxkNBBoEGmE8FgFURtQZxziZ3ztrJnoCAoiu+qHGFeDwUhcxIw6iWLiA/Cxjq7r+h6VGM2E/XTfOkXVrS67EFDa+X7/6DpVv/O89eg69946FwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/xjuPfjlk4YunP0PHzace8nqqqmL/kfH6Mv+cNW3vvjUPy5b9G9h/i9GnLll3kEXHjd/wbR/6Vi++ogzQmjtKleWFC977oqvPtS613HP3jFw48wbb63fUpWpNxMP/Tr/lGfuXBxbfbF/CHeXhVCRDgypSwKVmft1sb5960LYI2wLZEu01SYl0g2HB2pCWBK2BbJVra4JoS4ncMqG+++7vDNxTU0IXwkhVKfbeKY6aaMmHRhUlQRq04HpFUngt1sT2cBPypMA7LD4Zsi+6Fe15mdo6L5ckddf5U7r2KcrPbw+MdFQPN/rR+3iTuWoSj/QukNPW0F17BIFb4+13m294N1WsJ2v8LTlfpHKfEPZui1UHcontk0aP6d9dnykPDQ19SlW0y56np9+e/6E7Un3mtdh7EDDTnkdXvrYiun9lo2+9OrNvxqz4ayaA3a0m0/lbNLc9K5WHTKvuV7zPEajfJ70grdfwbekRl+6Qghbzz17xtfnTDz7iD63PLnu1QcfrNty9pwFvzhz4nmLLj55w7/Pf6lg/t/w0fP/+HKOt+V5uWOrH9Ync/P4SF1MvFmfzM0BAACg1+gNe01Xnv/6X73+/bWtMxed/u23Dj73w71afz3i/gFVB7yxrqn1/I2ff6Vg/t9Y2vH/eMi/Lne0a0MY1ZVYNCCEvbseTwIrY3e+OyCEL3elWvMDR6UCa0PYpytxULaqVIm+sURjKvByfSYwKhVYHwOtqcDyGLgiFbg4BlalAhNiYG0qcHQMhCn54/hqfWYcJQdqYmBcshFXxbMQ3qmPraW21aZsVQAAADtJZnZYmX8351yHHc0Qp5eranrKEM/ALpqhOlVDegabnVYVraGipxrKe6ohO+6Ojx5+Qc1lPdVccBpGWX6GG9f85X2LXjzsC2P3mvj5xUMvmPKz8eGst++uerx5yYtv7XvEzesK5v/NHz3/r+6mI2UFx/9DGNv1N+Yuz0Tas/FxrXkZAAAAgB1w0R//xR61Lw85oGHT+2X3zl/7xKMrfrl5j1NOf3/c8a//8PCaxnsL5v+jSjv/P+4T6ZOTOTwSd0NMHRBCc34gqXZkYSA56t0vEwAAAIDeIHs8PnssfErmNjlFOz2fLszfup3544H/Ud3m//09/7P2jq3/+mLZBd89d0TNgKX/9GrHhBNOPvqW47/1zj4VB/yyvGD+31ra+f+1+bdJJ9bHXlw9IIS+OYEHYy87A10aY+D5I/MDmfGvjxtgcawqc2JCtqrFscS4GGhOBZYUK/FotsTe+YHMk5VtfFF2HFMyJXICAAAA8ImLuwPicfl4/n/LGSNO++vvzfrbha88eN7qCy75q+Ed80eedP/THzbMvXJp2PTmEQXz/3Hbd/5/1zy44PT+9n4hDK0IoU/6hwGP1CYLA8ZAXVkmcW9tUlefdFULa0MY2TmwdFUvZNb/r0ivMfh4TVJVDOy93y1vD+pMLKsJYWhu4IlvLz2sMzEnFcg2flpNCF/qHG268bv6Jo1Xphu/tm8IX8wJZKua0DeEzsaq0lX9r+rMdQzSVa2qDmHPnEC2quHVIcwNAPRW8X/pxNwHZ82dN3V8e3vbzF2YiDvxa8KkKe1tTROmt0+sLtKniak+561jtKBwTKVe+mZTZo2ixSsnV5aSzv5QsDm3rcyO/IIzBzP345ehyq5xHlKZd7clPeQD9y9sIuR8lSo25PJdPOTa3Eq2PYkF9cf8VaFf6DtnVtvMpvPGz549c1jyt9TshyR/43GmZFsNS2+r2u76VsLLo+hyWSkfd1sNyq1k6OxpM4bOmjtvyJRp4ye3TW47p+XQP2sZMXz410YM7RxUc/K3h5EO6q7m1Ei3Li1xWDtxpF+oyKnkk/jQkJCQ6G2J/f7L5odH77n+nOt/9tqPz+/3zdPu3fvImT889KqpD1Xve/ji24ccWDD/n/HR8//4qRM/+DPrMxQ7/t8QD/Mnj287zD8uBpaUevy/odjR/OyJAY2pQEcMdDjMDwAAwGdD3B0Z92bGndKbb1m/buOSlrk/aHin5dY17Utvuum+U39y58ATvjQ47LXhuhM+VzD/7yjt9/87af3/7NL1JxRb5v+gWKK52Pr/6WX+s+v/dxRb/z+9zH92/f8ln8L6/3OygdQmecf6/wAAwGfBJ7f+f4/L+6cvEFCQocfl/dMXCCjI0OMy/qVeIGC71/9f8+Bff6Wq35g7/qTlN/WXvPZ39xzWeuS6zTP/5Etb10+877qxt6wpmP9fUdr838L9AAAAsPv4z5ddU3H02Xff0bJu6sZxbw5+98m3lgzq80HF0Q+3j3xh4Bu3nlcw/19S2vz/k1//LxQ7/7+xWKC12MKA1v8DAACglyq2/t89Q1sa/zCm/x+eHvab5Q/ePPqnj/z898v3+/mJPyvfZ8Gxz8+8bFLB/H9VafP/eNpFeV7u2JsP65M17UJ6Tbs367M/GQAAAIDeoTw0NVWWmDdvYdSjPn6bT2eWAv2odK7vvXLt2ZtfmH7c46ev+7uaEwbvOWHaBasa/2b4gXd+ftQley7ddGrB/H9tafP/vN9lXPrYiun9lo2+9MOrN/9qzIazag7YdvwfAAAA2HVK3S8BAAAAAAAAAAAAAAB8+s7tWHzhI8uOfe+bt//F/kcseXXwbXcd+Lsh/V664qoHJq1648zJXy/4/X8Y21Wu2O//43X/4u8L/igvd2y15/X/MvdPOfH2uV1LFj5SH8L+uYGpC6fuETLX5h+cG7jvjIMGdiYWpkusefbolzoT30kHjh/yuS2dicNTgXFxkcR90oF4VcUt/VOBuLzi4+lA3B6r0oGqTOCy/sk4ytLb6pW6ZFuVpbfVxroQBuQEstvq7rqkjbL0AK9JBbID/F46EAd4ciZQnu7V7f2SXsVAXSx6Q7+kVwAA7Lbit8DKMGlKe1tz/Aofb79QkX8b5S1ZtqCw2rISm9+UWZps8crJlaWk+6S/i2671nhlqO4cwrCCr6u5Wcq6Rrlzaulh0/1RkSH3tNpbeZFyadu76aqKj6gmGVHThOntEyt7HHhLz1kOqegxy7CCyU5ulvKuTVpCLSX0pYQRlbhtSuhyvF8empr6pHL9eQw2hDw9vSJK/b1+7jp/xV4FuXluO/TKt758zE+f++CfP/9E/2+cVnP7rO+/e+KvX7//wEOOuG5C05otBfP/htLm/9W549qSuRhAR7yy3sgBIYwrcUQAAADw2XfbRbfecfr09a9MWlvx5GOPTS0fc3rl1vl3zp93ycZ7Fx9/2cErdjR+2Fm//f5vBu//b89e9dJPR+7zwA03/58nD3v8z3//8I8eeqduZZ+x7xXM/xtLm//HPViZQ8HJ3o618fr/iwaE0HVp/YYksDIO97sDQvhyV6o1lkguqH9CLNGcBFbGHSYHxRLjWvOr6hsDq1KBl+szgbWpwPoYyOyluCVkduVcWR/CYV2psfklZsQSDanAmBhoTAWaYqA5FegfA6NSgdf6ZwKtqcDDMRCm5G+rH/fPbCsAAIDtkZlnVebfDel53qqKnjKU9ZShtqcM5T1lqO4pQ7FRxPt3xAyVqZNXynIyVaZrrUnVUpAhXgx/u/tVkCE8mp8zXbCg6Xj+QfZ8g7L8DFf+4NlT1w+e/tDqzcd8beBt/zhkz4Obp9e9t+CGp3475pzrnv/TQQXz/+bS5v+1+bdJ6+vj/H/b9f+SwIOxe1fHU8cbY+D5I/MDmR0D6+Nkd3G2qtZMicykfXEsMSoGGlOBGTEwKhUYNzYTWDIwP5CZaWcbX5RtfEqmRE4AAAAAPnFxB0HcTRPn/zce9YOr3x8wccuyeTPvH9vyxMmjv3H1XT+6d/9ld767YvCAce99p2D+P6q0+X9sr19uYxfH3rzYP4S7y7b1JhsYUpcE4n6Muvjz+H3rQtgjZwdHtkRbbVKiKtVweKAm+YV6Vbqq1TXJGgPx/ikb7r/v8s7ENTUhfCVn70u2jWeqkzZq0oFBVUmgNh2YXpEE4p6fbOAn5UkAdlh2r2B8QWVOdclq6L5ckdffZ+WaoOnhFewD7SZfd7+52lWq0w9k9qlmbd/TVlAdu0TB22Otd1tvfLc1eLflfpHKfEPZui1UHcontk0aP6d9dnwk95esBXbR85z7K9VS0jvhddjx8Xvbs+p0B5pTHx/N3Zfr/nVYFqu79LEV0/stG33p1Zt/NWbDWTUHlNyNIuIPhX+05X9XPpWzeXe16pB5zfW6z5NWnye98d9Ao6cthHDZ9cfsu+TdX+/33A3Pnbqu7Maxr/7lrHs2Lf+bysNHrXv/yaGjLy+Y/7eWNv+vSN12+V3cmLMGhHBgzsZ9JG7+YwYkn4M5geRTcs/CQHLI/V/ri35yAgAAwM6W3d2R3V8wJXObnBCenicX5m/dzvxxf8WobvOX2u9j121cedLQN6474G8vOPGNv7/28Kceuv6ysnXL//vYD1avuXzxe08UzP/HffT8v2+qm47/O/7PLuL4f7d2913RfdMPdOzQruiC6tglHP/v1u7+bnP8v1uO/zv+3x3H/3vg+H+3dvenreBb0gxfujonwdff+fPfTbzpg7mN+x180lPPHDrxun+6quXuu0555b+de9601761uWD+P6O0+b/1/7pftC+7/t+4Yuv/zSi2/l+H9f8AAIBdqshCc+l5XsHqfQUZ0qv3FWTocYHAHpcYtP7fdq//t3Dkv1904Q+fb7n2nTvHXb5m07Fnvvr0utXPzFpx3Lnnv9V6112tBfP/jtLm//Hl0C+39d6y/l/j2CJVXREDMywMCAAAwO6o2A4CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPl2HnvbO+5d8/R/aBv1ixc1/f+v/+7/P1q594JvfuGn4L6f86RllazZcM+LMLfMOuvC4+Qum/UvH8tVHnBHClK5yZUnxsueu+OpDrXsd9+wdAzfOvPHW+i3VmXorM7d/nJc7tvphfQhLch6pi4k36zvvbAuccuLtcys6E4/Uh7B/bmDqwql7dCaW14cwODdw3xkHDexMLEyXWPPs0S91Jr6TDhw/5HNbOhOHZwJl6e5e1z/pblm6u5f3D2FATiDb3bP751eVbeO4TKA83caKuqSNGKiLRa+tS9qIgfZYYkrfEIZWhNAnXdU/VydV9UlXdU91UlWfdFUXVYcwMoRQka7quaqkqor0yB+tSqqKgb33u+XtQZ2JpVUhDM0NPPHtpYd1JmamAtnG/1NVCF/qfMmkG/9xZdJ4Zbrx/1oZwhdDCFXpEu9VJCWq0iVeqAhhz5zAto1YEcLcwGdD/PSZmPvgrLnzpo5vb2+buQsTVZm2asKkKe1tTROmt0+sTvWpmLKc9NYFH3/sm96eP6HzdvHKyZWlpCsy5Sq7unxIZd7dlt2997FftbmVbHs+CuqP+atCv9B3zqy2mU3njZ89e+aw5G+p2Q9J/vbJRJNtNay3bKtBuZUMnT1txtBZc+cNmTJt/OS2yW3ntBz6Zy0jhg//2oihnYNqTv7ujJEu/eRH+oWKnEo+ife/hIREb0uU5326Ne/un+MFX/S3dbQyVHd9QBdMK3KzlHWNcmcM+qiPOeKP8zWlxxENK5g4FGQ5pOcsLQWTiW1ZapIsXV/rCiaHuTWVd23SeL88NDX1KbYdGvLv5m7e13dg8z6d2XSlpgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+P/swIEAAAAAAJD/ayNUVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYQcOBAAAAACA/F8boaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqgo7cCwAAAAAIMzfOoyeDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4FAAA//8fSxmR")
ioctl$BTRFS_IOC_QUOTA_CTL(r0, 0xc0109428, &(0x7f0000000140)={0x1, 0xfffffffffffffffc})
chdir(&(0x7f0000000140)='./file0\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x15)
pwrite64(r1, &(0x7f0000000140)='2', 0xfdef, 0xe7c)

0s ago: executing program 4 (id=1550):
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r0)
ptrace$getregset(0x4205, r0, 0x201, &(0x7f0000000240)={0x0})

kernel console output (not intermixed with test programs):

ng mounted at /129/file2 supports timestamps until 2038-01-19 (0x7fffffff)
[  106.039193][ T6760] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  106.057686][ T5853] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  106.112728][ T6765] loop3: detected capacity change from 0 to 8
[  106.122774][ T6765] SQUASHFS error: Failed to read block 0x62: -5
[  106.131050][ T6765] squashfs image failed sanity check
[  106.866241][ T6814] loop2: detected capacity change from 0 to 2048
[  106.880625][ T6814] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  106.896580][ T5901] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  106.906973][   T96] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  106.978237][ T6816] loop2: detected capacity change from 0 to 4096
[  107.058209][   T96] usb 4-1: Using ep0 maxpacket: 32
[  107.060919][ T5901] usb 1-1: Using ep0 maxpacket: 16
[  107.071350][   T96] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  107.075811][   T96] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  107.080065][ T5901] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  107.084461][ T5901] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  107.090879][ T5901] usb 1-1: New USB device found, idVendor=28bd, idProduct=0074, bcdDevice= 0.00
[  107.094074][ T5901] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  107.097163][   T96] usb 4-1: New USB device found, idVendor=0c70, idProduct=f0b6, bcdDevice= 0.00
[  107.100444][   T96] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  107.105713][ T5901] usb 1-1: config 0 descriptor??
[  107.108453][   T96] usb 4-1: config 0 descriptor??
[  107.552783][ T5901] uclogic 0003:28BD:0074.0004: interface is invalid, ignoring
[  107.563390][   T96] aquacomputer_d5next 0003:0C70:F0B6.0003: hidraw0: USB HID vff.fc Device [HID 0c70:f0b6] on usb-dummy_hcd.3-1/input0
[  107.728496][   T96] usb 4-1: USB disconnect, device number 5
[  107.778150][   T10] usb 1-1: USB disconnect, device number 7
[  107.794536][ T6836] loop2: detected capacity change from 0 to 128
[  107.811584][ T6836] ufs: ufs_fill_super(): fragment size 3263967611 is not a power of 2
[  108.123948][ T6848] netlink: 27 bytes leftover after parsing attributes in process `syz.2.327'.
[  108.735381][ T6861] loop3: detected capacity change from 0 to 32768
[  108.736105][ T6857] loop0: detected capacity change from 0 to 32768
[  108.745615][ T6861] bcachefs (/dev/loop3): error validating superblock: Invalid superblock section journal_seq_blacklist: entry 1 out of order with next entry (56 > 0)
[  108.745615][ T6861] journal_seq_blacklist (size 640):
[  108.745615][ T6861] 0-56 0-0 0-34 0-0 0-0 45-0 45-26 6-11 0-0 0-11 33-11 5-0 0-0 0-4 4-8 0-0 0-0 0-0 0-0 0-0 0-2 0-0 0-0 0-0 0-0 0-0 0-0 1-12 0-2 0-0 0-0 0-0 0-0 0-1 0-0 2-17 182-41 0-0 0-0
[  108.745615][ T6861] 
[  108.770966][ T6861] bcachefs: bch2_fs_get_tree() error: invalid_sb_journal_seq_blacklist
[  109.066057][ T6879] syzkaller1: entered promiscuous mode
[  109.068757][ T6879] syzkaller1: entered allmulticast mode
[  109.176977][ T6883] loop2: detected capacity change from 0 to 2048
[  109.183419][ T6883] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  109.196031][ T6883] UDF-fs: unknown compression code (0)
[  109.204234][ T6883] UDF-fs: unknown compression code (0)
[  109.213735][ T6887] netlink: 'syz.3.346': attribute type 29 has an invalid length.
[  109.240004][ T6887] netlink: 'syz.3.346': attribute type 29 has an invalid length.
[  109.243963][ T6887] netlink: 500 bytes leftover after parsing attributes in process `syz.3.346'.
[  109.344145][ T6893] netlink: 8 bytes leftover after parsing attributes in process `syz.3.349'.
[  109.358751][ T6893] IPVS: Error joining to the multicast group
[  109.410871][ T6894] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2
[  109.414577][ T6894] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[  109.623091][ T6889] loop0: detected capacity change from 0 to 32768
[  109.633319][ T6889] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.347 (6889)
[  109.673690][ T6889] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  109.688322][ T6889] BTRFS info (device loop0): using crc32c (crc32c-lib) checksum algorithm
[  109.691981][ T6889] BTRFS info (device loop0): disk space caching is enabled
[  109.694904][ T6889] BTRFS warning (device loop0): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  109.839498][ T6920] netlink: 4768 bytes leftover after parsing attributes in process `syz.3.354'.
[  109.851335][ T6889] BTRFS info (device loop0): rebuilding free space tree
[  109.907944][ T6889] BTRFS info (device loop0): disabling free space tree
[  109.915549][ T6889] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  109.927768][ T6889] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  110.113494][ T5853] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  110.459274][ T6926] loop3: detected capacity change from 0 to 32768
[  110.484906][ T6926] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.356 (6926)
[  110.494330][ T6926] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  110.506579][ T6926] BTRFS info (device loop3): using sha256 (sha256-lib) checksum algorithm
[  110.519705][ T6926] BTRFS info (device loop3): using free-space-tree
[  110.679961][ T6346] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  110.855442][ T6960] netlink: 12 bytes leftover after parsing attributes in process `syz.3.363'.
[  111.198773][ T6958] loop2: detected capacity change from 0 to 32768
[  111.214344][ T6958] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.364 (6958)
[  111.236217][ T6958] BTRFS info (device loop2): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  111.246190][ T6958] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm
[  111.249484][ T6958] BTRFS info (device loop2): disk space caching is enabled
[  111.251764][ T6958] BTRFS warning (device loop2): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  111.426922][ T6958] BTRFS info (device loop2): rebuilding free space tree
[  111.479777][ T6958] BTRFS info (device loop2): disabling free space tree
[  111.484733][ T6958] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  111.489471][ T6958] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  111.532809][ T5855] BTRFS info (device loop2): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  111.659244][ T6987] loop0: detected capacity change from 0 to 4096
[  111.698909][ T6991] netlink: 892 bytes leftover after parsing attributes in process `syz.2.369'.
[  111.823618][ T6992] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  111.953914][ T6994] loop0: detected capacity change from 0 to 512
[  111.961020][ T6994] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[  111.967813][ T6994] EXT4-fs (loop0): invalid journal inode
[  111.969949][ T6994] EXT4-fs (loop0): can't get journal size
[  111.975275][ T6994] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=e056c118, mo2=0002]
[  111.980007][ T6994] System zones: 1-12, 13-13
[  111.993277][ T6994] EXT4-fs (loop0): 1 truncate cleaned up
[  112.004192][ T6994] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  112.096108][ T5853] EXT4-fs error (device loop0): __ext4_iget:5464: inode #11: block 1828716567: comm syz-executor: invalid block
[  112.115837][ T5853] EXT4-fs error (device loop0): __ext4_iget:5464: inode #11: block 1828716567: comm syz-executor: invalid block
[  112.413371][ T5853] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  112.561184][ T5874] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  112.598776][ T6998] loop2: detected capacity change from 0 to 2048
[  112.603865][ T6998] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024)
[  112.637919][ T6999] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  112.641402][ T6998] syz.2.374: attempt to access beyond end of device
[  112.641402][ T6998] loop2: rw=524288, sector=33554430, nr_sectors = 2 limit=2048
[  112.713954][ T6998] syz.2.374: attempt to access beyond end of device
[  112.713954][ T6998] loop2: rw=0, sector=9437254, nr_sectors = 2 limit=2048
[  112.730786][ T6998] NILFS (loop2): I/O error reading meta-data file (ino=6, block-offset=0)
[  112.734582][ T5874] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  112.854253][ T5874] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  112.956045][ T5874] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  113.281614][ T5238] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  113.290121][ T5238] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  113.293259][ T5238] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  113.298911][ T5238] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  113.302374][ T5238] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  113.408885][ T7020] loop2: detected capacity change from 0 to 512
[  113.445017][ T7020] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  113.468872][ T7018] loop3: detected capacity change from 0 to 32768
[  113.470066][ T7020] EXT4-fs (loop2): blocks per group (34) and clusters per group (32768) inconsistent
[  113.473507][ T7018] bcachefs (/dev/loop3): error validating superblock: Invalid superblock section clean: entry type btree_keys overruns end of section
[  113.473507][ T7018] clean (size 2912):
[  113.473507][ T7018] flags:          0
[  113.473507][ T7018] journal_seq:    8
[  113.473507][ T7018] prio_ptrs: 
[  113.473507][ T7018] usage: type=key_version v=0
[  113.473507][ T7018] usage: type=reserved v=0
[  113.473507][ T7018] usage: type=reserved v=0
[  113.473507][ T7018] usage: type=reserved v=0
[  113.473507][ T7018] usage: type=reserved v=0
[  113.473507][ T7018] data_usage: btree: 1/1 [0]=2816
[  113.473507][ T7018] data_usage: journal: 1/1 [0]=0
[  113.473507][ T7018] data_usage: user: 1/1 [0]=32
[  113.473507][ T7018] dev_usage: dev=0  
[  113.473507][ T7018]   free: buckets=83 sectors=0 fragmented=0
[  113.473507][ T7018]   sb: buckets=25 sectors=6152 fragmented=248
[  113.473507][ T7018]   journal: buckets=8 sectors=2048 fragmented=0
[  113.473507][ T7018]   btree: buckets=11 sectors=2816 fragmented=0
[  113.473507][ T7018]   user: buckets=1 sectors=32 fragmented=224
[  113.473507][ T7018]   cached: buckets=0 sectors=0 fragmented=0
[  113.473507][ T7018]   parity: buckets=0 sectors=0 fragmented=786432
[  113.473507][ T7018]   stripe: buckets=0 sectors=0 fragmented=0
[  113.473507][ T7018]   need_gc_gens: buckets=0 sectors=0 fragmented=0
[  113.473507][ T7018]   need_discard: buckets=0 sectors=0 fragmented=0
[  113.473507][ T7018] clock: read=0
[  113.473507][ T7018] clock: write=1288
[  113.473507][ T7018] btree_root: btree=extents level=0 u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 249e7ae2a
[  113.475153][ T7018] bcachefs: bch2_fs_get_tree() error: invalid_sb_clean
[  113.810341][ T5901] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  113.881850][ T5874] bond0 (unregistering): Released all slaves
[  113.891044][ T5874] bond1 (unregistering): Released all slaves
[  113.974897][ T5901] usb 3-1: config 0 has an invalid interface number: 111 but max is 0
[  113.989417][ T5901] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  113.993477][ T5901] usb 3-1: config 0 has no interface number 0
[  113.995941][ T5901] usb 3-1: too many endpoints for config 0 interface 111 altsetting 99: 44, using maximum allowed: 30
[  114.009111][ T5901] usb 3-1: config 0 interface 111 altsetting 99 has 0 endpoint descriptors, different from the interface descriptor's value: 44
[  114.014141][ T5901] usb 3-1: config 0 interface 111 has no altsetting 0
[  114.034065][ T5901] usb 3-1: New USB device found, idVendor=13e5, idProduct=0001, bcdDevice=4e.53
[  114.056248][ T5901] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  114.078587][ T5901] usb 3-1: config 0 descriptor??
[  114.098484][ T5901] usb 3-1: selecting invalid altsetting 0
[  114.299395][   T10] usb 3-1: USB disconnect, device number 6
[  114.417463][ T7014] chnl_net:caif_netlink_parms(): no params data found
[  114.470867][ T7035] loop3: detected capacity change from 0 to 4096
[  114.535667][ T5874] hsr_slave_0: left promiscuous mode
[  114.541411][ T5874] hsr_slave_1: left promiscuous mode
[  114.545108][ T7035] ntfs3(loop3): Failed to initialize $Secure (-22).
[  114.574650][ T5874] veth1_macvtap: left promiscuous mode
[  114.579511][ T5874] veth0_macvtap: left promiscuous mode
[  114.581908][ T5874] veth1_vlan: left promiscuous mode
[  114.584178][ T5874] veth0_vlan: left promiscuous mode
[  115.377700][ T5858] Bluetooth: hci1: command tx timeout
[  115.627304][ T7014] bridge0: port 1(bridge_slave_0) entered blocking state
[  115.630834][ T7014] bridge0: port 1(bridge_slave_0) entered disabled state
[  115.633954][ T7014] bridge_slave_0: entered allmulticast mode
[  115.671662][ T7014] bridge_slave_0: entered promiscuous mode
[  115.681674][ T7014] bridge0: port 2(bridge_slave_1) entered blocking state
[  115.689460][ T7014] bridge0: port 2(bridge_slave_1) entered disabled state
[  115.692108][ T7014] bridge_slave_1: entered allmulticast mode
[  115.695317][ T7014] bridge_slave_1: entered promiscuous mode
[  115.852489][ T7053] netlink: 'syz.2.396': attribute type 21 has an invalid length.
[  115.864145][ T7014] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  115.888085][ T7014] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  116.003788][ T7014] team0: Port device team_slave_0 added
[  116.018598][ T7014] team0: Port device team_slave_1 added
[  116.122859][ T7014] batman_adv: batadv0: Adding interface: batadv_slave_0
[  116.125630][ T7014] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  116.138945][ T7014] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  116.146211][ T7014] batman_adv: batadv0: Adding interface: batadv_slave_1
[  116.149558][ T7014] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  116.163500][ T7014] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  116.269275][ T7014] hsr_slave_0: entered promiscuous mode
[  116.279678][ T7014] hsr_slave_1: entered promiscuous mode
[  116.282618][ T7014] debugfs: 'hsr0' already exists in 'hsr'
[  116.285595][ T7014] Cannot create hsr debugfs directory
[  116.532242][ T7014] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  116.541046][ T7014] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  116.548061][ T7014] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  116.554659][ T7014] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  116.593266][ T7014] bridge0: port 2(bridge_slave_1) entered blocking state
[  116.596100][ T7014] bridge0: port 2(bridge_slave_1) entered forwarding state
[  116.658872][ T1090] bridge0: port 2(bridge_slave_1) entered disabled state
[  116.680347][ T7014] 8021q: adding VLAN 0 to HW filter on device bond0
[  116.701702][ T7014] 8021q: adding VLAN 0 to HW filter on device team0
[  116.710512][ T4277] bridge0: port 1(bridge_slave_0) entered blocking state
[  116.713284][ T4277] bridge0: port 1(bridge_slave_0) entered forwarding state
[  116.725311][ T1090] bridge0: port 2(bridge_slave_1) entered blocking state
[  116.728404][ T1090] bridge0: port 2(bridge_slave_1) entered forwarding state
[  116.892941][ T7014] 8021q: adding VLAN 0 to HW filter on device batadv0
[  117.081328][ T7097] loop2: detected capacity change from 0 to 1024
[  117.085186][ T7014] veth0_vlan: entered promiscuous mode
[  117.094472][ T7014] veth1_vlan: entered promiscuous mode
[  117.115616][ T7097] hfsplus: write access to a journaled filesystem is not supported, use the force option at your own risk, mounting read-only.
[  117.145353][ T7014] veth0_macvtap: entered promiscuous mode
[  117.158677][ T7014] veth1_macvtap: entered promiscuous mode
[  117.169605][ T7014] batman_adv: batadv0: Interface activated: batadv_slave_0
[  117.180306][ T7014] batman_adv: batadv0: Interface activated: batadv_slave_1
[  117.188448][   T12] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  117.195362][   T12] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  117.199940][   T12] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  117.207970][   T12] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  117.291277][  T454] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  117.293647][  T454] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  117.322427][  T454] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  117.324832][  T454] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  117.444528][ T7105] loop3: detected capacity change from 0 to 764
[  117.447497][ T5858] Bluetooth: hci1: command tx timeout
[  117.463880][ T7105] iso9660: Unknown parameter 'over	'
[  117.800970][ T7123] loop3: detected capacity change from 0 to 16
[  117.851832][ T7123] erofs (device loop3): EXPERIMENTAL EROFS subpage compressed block support in use. Use at your own risk!
[  117.859153][ T7123] erofs (device loop3): mounted with root inode @ nid 36.
[  118.149900][ T7131] loop3: detected capacity change from 0 to 2048
[  118.169232][ T7131] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  118.228891][ T7125] loop4: detected capacity change from 0 to 32768
[  118.271901][ T7125] JBD2: Ignoring recovery information on journal
[  118.313552][ T7137] loop3: detected capacity change from 0 to 8
[  118.355145][ T7125] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[  118.375679][ T7137] SQUASHFS error: Unable to read directory block [629:46]
[  118.514414][ T7014] ocfs2: Unmounting device (7,4) on (node local)
[  118.636488][  T794] usb 3-1: new full-speed USB device number 7 using dummy_hcd
[  118.640388][ T7147] loop4: detected capacity change from 0 to 128
[  118.665823][ T7147] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback.
[  118.670424][ T7147] ext4 filesystem being mounted at /8/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  118.693798][ T7145] loop3: detected capacity change from 0 to 40427
[  118.715417][ T7145] F2FS-fs (loop3): invalid crc value
[  118.767725][ T7014] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  118.800534][  T794] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  118.813835][ T7145] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  118.821732][  T794] usb 3-1: New USB device found, idVendor=054c, idProduct=02e1, bcdDevice=e2.c8
[  118.824979][  T794] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  118.825441][ T7145] F2FS-fs (loop3): Start checkpoint disabled!
[  118.834742][  T794] usb 3-1: Product: syz
[  118.841555][ T7152] loop4: detected capacity change from 0 to 64
[  118.842391][  T794] usb 3-1: Manufacturer: syz
[  118.845085][  T794] usb 3-1: SerialNumber: syz
[  118.855781][ T7145] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[  118.862524][   T33] audit: type=1800 audit(1755627916.636:5): pid=7152 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.432" name="file2" dev="loop4" ino=6 res=0 errno=0
[  118.869772][  T794] usb 3-1: config 0 descriptor??
[  118.878265][  T794] pn533_usb 3-1:0.0: NFC: Could not find bulk-in or bulk-out endpoint
[  118.907339][ T7145] F2FS-fs (loop3): disabling checkpoint not compatible with read-only
[  119.083366][ T7162] netlink: 8 bytes leftover after parsing attributes in process `syz.4.437'.
[  119.087539][  T794] usb 3-1: USB disconnect, device number 7
[  119.178785][ T7164] ALSA: seq fatal error: cannot create timer (-19)
[  119.266990][ T7167] loop3: detected capacity change from 0 to 4096
[  119.338295][ T5238] Bluetooth: hci4: unexpected event 0x0f length: 0 < 4
[  119.474419][  T794] kernel write not supported for file /vcsa (pid: 794 comm: kworker/0:2)
[  119.526639][ T5238] Bluetooth: hci1: command tx timeout
[  120.468857][ T7195] loop2: detected capacity change from 0 to 32768
[  120.503660][ T7195] XFS (loop2): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  120.517544][ T7195] XFS (loop2): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x50.
[  120.524420][ T7195] XFS (loop2): Tail block (0x29) overwrite detected. Updated to 0x30
[  120.536992][ T7195] XFS (loop2): Ending clean mount
[  120.570622][ T5855] XFS (loop2): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  121.096559][   T10] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  121.148580][ T5316] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  121.246633][   T10] usb 3-1: Using ep0 maxpacket: 32
[  121.250725][   T10] usb 3-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92
[  121.254582][   T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  121.261011][   T10] usb 3-1: config 0 descriptor??
[  121.266089][   T10] gspca_main: nw80x-2.14.0 probing 055f:d001
[  121.301158][ T5316] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  121.305099][ T5316] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  121.311313][ T5316] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00
[  121.314836][ T5316] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  121.322507][ T5316] usb 4-1: config 0 descriptor??
[  121.366724][ T5858] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  121.369331][ T5238] Bluetooth: hci4: command 0x1003 tx timeout
[  121.490855][ T7219] loop4: detected capacity change from 0 to 256
[  121.607376][ T5238] Bluetooth: hci1: command tx timeout
[  121.974909][ T7225] : entered promiscuous mode
[  122.162013][ T5316] kovaplus 0003:1E7D:2D50.0005: unknown main item tag 0x0
[  122.176572][ T5316] kovaplus 0003:1E7D:2D50.0005: unknown main item tag 0x0
[  122.190941][ T5316] kovaplus 0003:1E7D:2D50.0005: unknown main item tag 0x0
[  122.197578][   T10] gspca_nw80x: reg_w err -110
[  122.199209][   T10] nw80x 3-1:0.0: probe with driver nw80x failed with error -110
[  122.204935][ T5316] kovaplus 0003:1E7D:2D50.0005: unknown main item tag 0x0
[  122.213803][ T5316] kovaplus 0003:1E7D:2D50.0005: unknown main item tag 0x0
[  122.224755][ T5316] kovaplus 0003:1E7D:2D50.0005: hidraw0: USB HID v0.00 Device [HID 1e7d:2d50] on usb-dummy_hcd.3-1/input0
[  122.516534][   T24] usb 5-1: new full-speed USB device number 2 using dummy_hcd
[  122.671599][   T24] usb 5-1: unable to get BOS descriptor or descriptor too short
[  122.675706][   T24] usb 5-1: not running at top speed; connect to a high speed hub
[  122.680482][   T24] usb 5-1: config 1 has an invalid interface number: 4 but max is 0
[  122.683601][   T24] usb 5-1: config 1 has no interface number 0
[  122.686142][   T24] usb 5-1: config 1 interface 4 has no altsetting 0
[  122.691723][   T24] usb 5-1: New USB device found, idVendor=2c7c, idProduct=030e, bcdDevice=1a.d0
[  122.695406][   T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  122.699065][   T24] usb 5-1: Product: syz
[  122.700850][   T24] usb 5-1: Manufacturer: syz
[  122.702810][   T24] usb 5-1: SerialNumber: syz
[  122.925291][   T24] qmi_wwan 5-1:1.4: probe with driver qmi_wwan failed with error -22
[  122.939266][   T24] usb 5-1: USB disconnect, device number 2
[  123.116162][ T5316] kovaplus 0003:1E7D:2D50.0005: couldn't init struct kovaplus_device
[  123.119666][ T5316] kovaplus 0003:1E7D:2D50.0005: couldn't install mouse
[  123.124273][ T5316] kovaplus 0003:1E7D:2D50.0005: probe with driver kovaplus failed with error -71
[  123.133357][ T5316] usb 4-1: USB disconnect, device number 6
[  123.698022][ T7234] loop3: detected capacity change from 0 to 764
[  123.706625][   T24] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  123.712623][ T7234] Symlink component flag not implemented
[  123.714618][ T7234] Symlink component flag not implemented (7)
[  124.032782][   T96] usb 3-1: USB disconnect, device number 8
[  124.289157][   T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  124.293006][   T24] usb 5-1: New USB device found, idVendor=17ef, idProduct=6047, bcdDevice= 0.00
[  124.305477][   T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  124.316025][   T24] usb 5-1: config 0 descriptor??
[  124.329212][ T7240] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'syz0'
[  124.441315][ T7246] netlink: 36 bytes leftover after parsing attributes in process `syz.2.470'.
[  124.446611][ T7246] netlink: 20 bytes leftover after parsing attributes in process `syz.2.470'.
[  124.449588][ T7246] netlink: 8 bytes leftover after parsing attributes in process `syz.2.470'.
[  124.745149][ T7258] loop3: detected capacity change from 0 to 8
[  124.766104][   T24] lenovo 0003:17EF:6047.0006: hidraw0: USB HID v0.00 Device [HID 17ef:6047] on usb-dummy_hcd.4-1/input0
[  124.898931][ T7262] loop3: detected capacity change from 0 to 2048
[  124.931542][ T7262] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  124.937765][ T7262] ext4 filesystem being mounted at /118/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  125.093087][ T7260] loop2: detected capacity change from 0 to 32768
[  125.108218][ T7260] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  125.133755][ T7260] XFS (loop2): Ending clean mount
[  125.140312][ T7260] XFS (loop2): Quotacheck needed: Please wait.
[  125.168988][ T7260] XFS (loop2): Quotacheck: Done.
[  125.220225][ T5855] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  125.516227][ T7279] loop2: detected capacity change from 0 to 4096
[  125.537089][ T7279] ntfs3(loop2): Mark volume as dirty due to NTFS errors
[  125.561468][ T7279] ntfs3(loop2): Failed to load $Extend (-22).
[  125.564494][ T7279] ntfs3(loop2): Failed to initialize $Extend.
[  125.745897][ T6346] EXT4-fs error (device loop3): ext4_free_inode:354: comm syz-executor: bit already cleared for inode 11
[  125.757020][ T5316] usb 5-1: USB disconnect, device number 3
[  125.763800][ T6346] EXT4-fs error (device loop3) in ext4_free_inode:361: Corrupt filesystem
[  125.779815][ T6346] EXT4-fs error (device loop3) in ext4_free_inode:361: Corrupt filesystem
[  125.790993][ T6346] EXT4-fs error (device loop3) in ext4_free_inode:361: Corrupt filesystem
[  125.795337][ T6346] EXT4-fs error (device loop3) in ext4_free_inode:361: Corrupt filesystem
[  125.802135][ T6346] EXT4-fs error (device loop3) in ext4_free_inode:361: Corrupt filesystem
[  125.805532][ T6346] EXT4-fs error (device loop3) in ext4_free_inode:361: Corrupt filesystem
[  125.813240][ T6346] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  126.349270][   T33] audit: type=1326 audit(1755627924.126:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7297 comm="syz.3.487" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39e978ebe9 code=0x7ffc0000
[  126.410078][   T33] audit: type=1326 audit(1755627924.146:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7297 comm="syz.3.487" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39e978ebe9 code=0x7ffc0000
[  126.458847][   T33] audit: type=1326 audit(1755627924.166:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7297 comm="syz.3.487" exe="/syz-executor" sig=0 arch=c000003e syscall=61 compat=0 ip=0x7f39e978ebe9 code=0x7ffc0000
[  126.512993][   T33] audit: type=1326 audit(1755627924.166:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7297 comm="syz.3.487" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39e978ebe9 code=0x7ffc0000
[  126.567987][   T33] audit: type=1326 audit(1755627924.166:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7297 comm="syz.3.487" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39e978ebe9 code=0x7ffc0000
[  126.642730][ T7300] tipc: Enabling of bearer </h:s> rejected, media not registered
[  127.767144][ T7312] loop4: detected capacity change from 0 to 32768
[  127.772775][ T7312] bcachefs: bch2_fs_parse_param() Error parsing option move_bytes_in_flight: option_value
[  127.980754][ T7317] netlink: 'syz.4.495': attribute type 3 has an invalid length.
[  127.993713][ T7317] netlink: 'syz.4.495': attribute type 27 has an invalid length.
[  128.530124][ T7326] loop2: detected capacity change from 0 to 256
[  128.557263][ T7326] exfat: Deprecated parameter 'utf8'
[  128.570249][ T7326] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xabf88b1f, utbl_chksum : 0xe619d30d)
[  128.898566][ T7341] loop4: detected capacity change from 0 to 4096
[  128.905709][ T7341] ntfs3(loop4): Different NTFS sector size (4096) and media sector size (512).
[  129.623900][ T7351] loop3: detected capacity change from 0 to 128
[  129.636574][   T10] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  129.788988][   T10] usb 5-1: Using ep0 maxpacket: 32
[  129.792810][   T10] usb 5-1: config 0 has an invalid interface number: 126 but max is 0
[  129.796034][   T10] usb 5-1: config 0 has no interface number 0
[  129.806737][   T10] usb 5-1: config 0 interface 126 altsetting 16 bulk endpoint 0x6 has invalid maxpacket 1023
[  129.810734][   T10] usb 5-1: config 0 interface 126 altsetting 16 bulk endpoint 0x82 has invalid maxpacket 8
[  129.814696][   T33] audit: type=1800 audit(1755627927.576:11): pid=7359 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.513" name="bus" dev="overlay" ino=690 res=0 errno=0
[  129.841878][   T10] usb 5-1: config 0 interface 126 has no altsetting 0
[  129.848876][   T10] usb 5-1: New USB device found, idVendor=09c4, idProduct=0011, bcdDevice=b0.1c
[  129.852631][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  129.855944][   T10] usb 5-1: Product: syz
[  129.866527][   T10] usb 5-1: Manufacturer: syz
[  129.872596][   T10] usb 5-1: SerialNumber: syz
[  129.887726][   T10] usb 5-1: config 0 descriptor??
[  129.890675][ T7345] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  129.893827][ T7345] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  130.118432][   T10] ir_usb 5-1:0.126: IR Dongle converter detected
[  130.135770][   T10] usb 5-1: IRDA class descriptor not found, device not bound
[  130.143066][   T10] usb 5-1: USB disconnect, device number 4
[  130.266246][ T7368] loop3: detected capacity change from 0 to 32768
[  130.286193][ T7368] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  130.336750][ T7368] XFS (loop3): Ending clean mount
[  130.344159][ T7368] XFS (loop3): Quotacheck needed: Please wait.
[  130.369370][ T7368] XFS (loop3): Quotacheck: Done.
[  130.463634][ T6346] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  131.329859][ T7394] loop4: detected capacity change from 0 to 40427
[  131.342399][ T7394] F2FS-fs (loop4): Invalid Fs Meta Ino: node(0) meta(2) root(0)
[  131.344893][ T7394] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  131.388121][ T7394] F2FS-fs (loop4): invalid crc value
[  131.394611][ T7394] F2FS-fs (loop4): Current segment's next free block offset is inconsistent with bitmap, logtype:3, segno:0, type:0, next_blkoff:3, blkofs:6
[  131.433029][ T7394] F2FS-fs (loop4): Failed to initialize F2FS segment manager (-117)
[  131.570307][ T7411] loop3: detected capacity change from 0 to 256
[  131.577877][ T7411] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  131.893822][ T7415] loop4: detected capacity change from 0 to 1024
[  132.021200][ T7415] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  132.667287][ T1366] ieee802154 phy0 wpan0: encryption failed: -22
[  132.927079][ T1366] ieee802154 phy1 wpan1: encryption failed: -22
[  132.973994][ T7014] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  133.318980][ T7439] loop2: detected capacity change from 0 to 4096
[  133.448131][ T7448] fuse: Bad value for 'fd'
[  133.683455][ T7456] bond1: entered allmulticast mode
[  133.689373][ T7456] 8021q: adding VLAN 0 to HW filter on device bond1
[  133.693670][ T7456] bridge0: port 3(bond1) entered blocking state
[  133.696303][ T7456] bridge0: port 3(bond1) entered disabled state
[  133.699982][ T7456] bond1: entered promiscuous mode
[  133.703049][ T7456] bridge0: port 3(bond1) entered blocking state
[  133.704591][   T33] audit: type=1800 audit(1755628187.470:12): pid=7439 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.544" name="file1" dev="loop2" ino=30 res=0 errno=0
[  133.705327][ T7456] bridge0: port 3(bond1) entered forwarding state
[  133.721732][ T3573] bridge0: port 3(bond1) entered disabled state
[  133.870657][ T7470] netlink: 8 bytes leftover after parsing attributes in process `syz.4.557'.
[  133.992258][ T7478] netlink: 8 bytes leftover after parsing attributes in process `syz.4.560'.
[  133.998591][ T7478] openvswitch: netlink: nsh attribute has 5276 unknown bytes.
[  134.001658][ T7478] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  134.225065][   T10] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  134.385545][   T10] usb 3-1: Using ep0 maxpacket: 8
[  134.390279][   T10] usb 3-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[  134.393740][   T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  134.426134][   T10] pvrusb2: Hardware description: Terratec Grabster AV400
[  134.428878][   T10] pvrusb2: **********
[  134.430878][   T10] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[  134.434766][   T10] pvrusb2: Important functionality might not be entirely working.
[  134.444956][   T10] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[  134.449305][   T10] pvrusb2: **********
[  134.623548][ T2399] pvrusb2: Invalid write control endpoint
[  134.661034][ T2399] pvrusb2: Invalid write control endpoint
[  134.666744][ T2399] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[  134.670539][ T2399] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[  134.673132][ T2399] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[  134.678658][ T2399] pvrusb2: Device being rendered inoperable
[  134.684515][ T2399] cx25840 2-0044: Unable to detect h/w, assuming cx23887
[  134.687891][ T2399] cx25840 2-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a)
[  134.694036][ T2399] pvrusb2: Attached sub-driver cx25840
[  134.697117][ T2399] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[  134.701921][ T2399] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[  134.828260][   T96] usb 3-1: USB disconnect, device number 9
[  135.851770][ T7518] netlink: 'syz.3.579': attribute type 12 has an invalid length.
[  135.860236][ T7518] netlink: 132 bytes leftover after parsing attributes in process `syz.3.579'.
[  136.512042][ T5891] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  137.857741][ T7549] netlink: 60 bytes leftover after parsing attributes in process `syz.2.592'.
[  137.895245][ T7549] netlink: 60 bytes leftover after parsing attributes in process `syz.2.592'.
[  137.902103][ T7549] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  137.967533][ T7551] bridge1: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[  137.976527][ T7551] bridge1: entered allmulticast mode
[  138.162013][ T7568] loop4: detected capacity change from 0 to 512
[  138.197492][ T7568] EXT4-fs (loop4): orphan cleanup on readonly fs
[  138.221898][ T7568] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.601: bg 0: block 248: padding at end of block bitmap is not set
[  138.232898][ T7568] Quota error (device loop4): write_blk: dquota write failed
[  138.239451][ T7568] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota
[  138.245533][ T7568] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.601: Failed to acquire dquot type 1
[  138.257737][ T7568] EXT4-fs (loop4): 1 truncate cleaned up
[  138.267229][ T7568] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  138.280868][ T7568] EXT4-fs (loop4): warning: mounting fs with errors, running e2fsck is recommended
[  138.289586][ T7568] EXT4-fs warning (device loop4): read_mmp_block:115: Error -117 while reading MMP block 0
[  138.314250][ T7014] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  138.566488][ T7582] loop4: detected capacity change from 0 to 2048
[  138.586756][ T7582] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  140.360439][ T7603] loop4: detected capacity change from 0 to 512
[  140.363631][ T7603] EXT4-fs: quotafile must be on filesystem root
[  140.907771][ T7608] loop4: detected capacity change from 0 to 32768
[  140.926540][ T7608] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.618 (7608)
[  140.951132][ T7608] BTRFS info (device loop4): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  140.957689][ T7608] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm
[  140.981293][ T7608] BTRFS info (device loop4): using free-space-tree
[  141.110150][   T33] audit: type=1800 audit(1755628194.884:13): pid=7608 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.618" name="file1" dev="loop4" ino=260 res=0 errno=0
[  141.362307][   T10] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  141.420497][ T7014] BTRFS info (device loop4): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  141.516807][   T10] usb 3-1: Using ep0 maxpacket: 32
[  141.523175][   T10] usb 3-1: config 0 has an invalid interface number: 242 but max is 0
[  141.528807][   T10] usb 3-1: config 0 has no interface number 0
[  141.536417][   T10] usb 3-1: New USB device found, idVendor=0547, idProduct=2720, bcdDevice=eb.4e
[  141.541259][   T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  141.549318][   T10] usb 3-1: Product: syz
[  141.551207][   T10] usb 3-1: Manufacturer: syz
[  141.553960][   T10] usb 3-1: SerialNumber: syz
[  141.564094][   T10] usb 3-1: config 0 descriptor??
[  141.754325][ T7647] netlink: 36 bytes leftover after parsing attributes in process `syz.4.629'.
[  141.787861][   T10] cdc_subset 3-1:0.242: probe with driver cdc_subset failed with error -71
[  141.810594][   T10] usb 3-1: USB disconnect, device number 10
[  141.890470][ T7653] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2
[  142.024844][ T7661] netlink: 4 bytes leftover after parsing attributes in process `syz.3.636'.
[  142.028401][ T7661] netlink: 'syz.3.636': attribute type 3 has an invalid length.
[  142.202107][ T7669] 9pnet: p9_errstr2errno: server reported unknown error @cF	S+
[  142.297646][ T7663] loop4: detected capacity change from 0 to 32768
[  142.338104][ T7663] XFS (loop4): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  142.376974][ T7663] XFS (loop4): Ending clean mount
[  142.390388][ T7663] XFS (loop4): Quotacheck needed: Please wait.
[  142.431271][ T7663] XFS (loop4): Quotacheck: Done.
[  142.513091][ T7663] XFS (loop4): User initiated shutdown received.
[  142.515911][ T7663] XFS (loop4): Metadata I/O Error (0x4) detected at xfs_fs_goingdown+0x105/0x150 (fs/xfs/xfs_fsops.c:466).  Shutting down filesystem.
[  142.533492][ T7663] XFS (loop4): Please unmount the filesystem and rectify the problem(s)
[  142.583696][ T7014] XFS (loop4): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  143.451530][   T10] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  143.513015][ T7739] loop2: detected capacity change from 0 to 4096
[  143.597785][   T26] ntfs3(loop2): ino=5, mi_enum_attr
[  143.622150][   T10] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  143.632714][   T10] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  143.640733][   T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  143.653328][   T10] usb 5-1: config 0 descriptor??
[  143.662954][   T10] pwc: Askey VC010 type 2 USB webcam detected.
[  143.906892][ T7759] netlink: 'syz.3.678': attribute type 1 has an invalid length.
[  143.909948][ T7759] netlink: 'syz.3.678': attribute type 2 has an invalid length.
[  143.917679][ T7759] netlink: 'syz.3.678': attribute type 1 has an invalid length.
[  143.921086][ T7759] netlink: 'syz.3.678': attribute type 2 has an invalid length.
[  143.969331][   T33] audit: type=1800 audit(1755628197.745:14): pid=7761 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.679" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0
[  144.063333][   T10] pwc: recv_control_msg error -32 req 02 val 2b00
[  144.068184][   T10] pwc: recv_control_msg error -32 req 02 val 2700
[  144.073555][   T10] pwc: recv_control_msg error -32 req 02 val 2c00
[  144.076917][   T10] pwc: recv_control_msg error -32 req 04 val 1000
[  144.081166][   T10] pwc: recv_control_msg error -32 req 04 val 1300
[  144.087552][   T10] pwc: recv_control_msg error -32 req 04 val 1400
[  144.092286][   T10] pwc: recv_control_msg error -32 req 02 val 2000
[  144.095736][   T10] pwc: recv_control_msg error -32 req 02 val 2100
[  144.100442][   T10] pwc: recv_control_msg error -32 req 04 val 1500
[  144.103444][   T10] pwc: recv_control_msg error -32 req 02 val 2500
[  144.106520][   T10] pwc: recv_control_msg error -32 req 02 val 2400
[  144.313270][   T10] pwc: recv_control_msg error -71 req 02 val 2900
[  144.316423][   T10] pwc: recv_control_msg error -71 req 02 val 2800
[  144.320166][   T10] pwc: recv_control_msg error -71 req 04 val 1100
[  144.323710][   T10] pwc: recv_control_msg error -71 req 04 val 1200
[  144.328320][   T10] pwc: Registered as video103.
[  144.332080][   T10] input: PWC snapshot button as /devices/platform/dummy_hcd.4/usb5/5-1/input/input5
[  144.349474][   T10] usb 5-1: USB disconnect, device number 5
[  144.752765][ T7782] netlink: 240 bytes leftover after parsing attributes in process `syz.2.689'.
[  144.756360][ T7782] NCSI netlink: No device for ifindex 1024
[  145.741318][ T7790] loop4: detected capacity change from 0 to 32768
[  145.767517][ T7790] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.693 (7790)
[  146.434045][ T7790] BTRFS info (device loop4): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  146.438222][ T7790] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm
[  146.469497][ T7790] BTRFS info (device loop4): using free-space-tree
[  146.724975][ T7014] BTRFS info (device loop4): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  146.993630][ T7830] netlink: 4 bytes leftover after parsing attributes in process `syz.3.703'.
[  147.254640][ T7838] netlink: 12 bytes leftover after parsing attributes in process `syz.3.707'.
[  147.265480][ T7829] loop4: detected capacity change from 0 to 32768
[  147.305287][ T7829] JBD2: Invalid start block of journal: 2147483648
[  147.309042][ T7829] (syz.4.702,7829,1):ocfs2_journal_init:973 ERROR: Linux journal layer error
[  147.312566][ T7829] (syz.4.702,7829,1):ocfs2_check_volume:2347 ERROR: Could not initialize journal!
[  147.321267][ T7829] (syz.4.702,7829,1):ocfs2_check_volume:2432 ERROR: status = -22
[  147.326738][ T7829] (syz.4.702,7829,1):ocfs2_mount_volume:1764 ERROR: status = -22
[  147.348285][   T24] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  147.352031][ T7829] (syz.4.702,7829,1):ocfs2_fill_super:1177 ERROR: status = -22
[  147.537764][   T24] usb 3-1: Using ep0 maxpacket: 32
[  147.551859][   T24] usb 3-1: config 0 has an invalid interface number: 8 but max is 0
[  147.555950][   T24] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  147.567188][   T24] usb 3-1: config 0 has no interface number 0
[  147.581258][   T24] usb 3-1: config 0 interface 8 altsetting 248 endpoint 0xC has an invalid bInterval 0, changing to 7
[  147.589122][   T24] usb 3-1: config 0 interface 8 altsetting 248 has 1 endpoint descriptor, different from the interface descriptor's value: 10
[  147.594330][   T24] usb 3-1: config 0 interface 8 has no altsetting 0
[  147.615521][   T24] usb 3-1: New USB device found, idVendor=04da, idProduct=390d, bcdDevice=2d.bb
[  147.619534][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  147.622665][   T24] usb 3-1: Product: syz
[  147.624318][   T24] usb 3-1: Manufacturer: syz
[  147.626121][   T24] usb 3-1: SerialNumber: syz
[  147.637379][   T24] usb 3-1: config 0 descriptor??
[  147.795115][ T7866] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  147.857350][   T24] ath6kl: Failed to submit usb control message: -71
[  147.861934][   T24] ath6kl: unable to send the bmi data to the device: -71
[  147.864458][   T24] ath6kl: Unable to send get target info: -71
[  147.877512][   T24] ath6kl: Failed to init ath6kl core: -71
[  147.880112][   T24] ath6kl_usb 3-1:0.8: probe with driver ath6kl_usb failed with error -71
[  147.897927][   T24] usb 3-1: USB disconnect, device number 11
[  148.283590][ T7884] loop4: detected capacity change from 0 to 32768
[  148.287628][ T7884] btrfs: Deprecated parameter 'usebackuproot'
[  148.292436][ T7884] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  148.296668][ T7884] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.723 (7884)
[  148.305201][ T7884] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  148.312390][ T7884] BTRFS info (device loop4): using crc32c (crc32c-lib) checksum algorithm
[  148.323817][ T7884] BTRFS info (device loop4): disk space caching is enabled
[  148.326604][ T7884] BTRFS warning (device loop4): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  148.454217][ T7884] BTRFS error (device loop4 state M): cannot disable free-space-tree
[  148.492625][ T7904] loop2: detected capacity change from 0 to 512
[  148.530127][ T7014] BTRFS info (device loop4 state M): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  149.229024][ T7916] loop4: detected capacity change from 0 to 32768
[  149.282163][ T7916] JBD2: Ignoring recovery information on journal
[  149.337579][ T7916] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[  149.372019][ T7916] OCFS2: ERROR (device loop4): int ocfs2_xattr_find_entry(struct inode *, int, const char *, struct ocfs2_xattr_search *): corrupted xattr entries
[  149.372068][ T7916] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted.
[  149.383389][ T7916] OCFS2: File system is now read-only.
[  149.423957][ T7014] ocfs2: Unmounting device (7,4) on (node local)
[  149.676626][ T7934] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  149.680002][ T7934] IPv6: NLM_F_CREATE should be set when creating new route
[  149.682780][ T7934] IPv6: NLM_F_CREATE should be set when creating new route
[  149.992721][ T7942] netlink: 8 bytes leftover after parsing attributes in process `syz.3.741'.
[  149.996431][ T7942] netlink: 16 bytes leftover after parsing attributes in process `syz.3.741'.
[  150.037324][ T5914] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  150.089887][ T7944] libceph: resolve '4' (ret=-3): failed
[  150.197124][ T5914] usb 5-1: Using ep0 maxpacket: 16
[  150.207980][ T5914] usb 5-1: unable to get BOS descriptor or descriptor too short
[  150.218457][ T5914] usb 5-1: config 15 has an invalid interface number: 174 but max is 2
[  150.221663][ T5914] usb 5-1: config 15 has an invalid interface number: 99 but max is 2
[  150.224836][ T5914] usb 5-1: config 15 has an invalid interface number: 5 but max is 2
[  150.237345][ T5914] usb 5-1: config 15 has an invalid interface descriptor of length 2, skipping
[  150.243307][ T5914] usb 5-1: config 15 has no interface number 0
[  150.245778][ T5914] usb 5-1: config 15 has no interface number 1
[  150.256786][ T5914] usb 5-1: config 15 has no interface number 2
[  150.262430][ T5914] usb 5-1: config 15 interface 174 altsetting 1 bulk endpoint 0x8 has invalid maxpacket 32
[  150.266303][ T5914] usb 5-1: config 15 interface 174 altsetting 1 endpoint 0x2 has invalid maxpacket 1023, setting to 64
[  150.282729][ T5914] usb 5-1: config 15 interface 174 altsetting 1 has a duplicate endpoint with address 0xC, skipping
[  150.290823][ T5914] usb 5-1: config 15 interface 174 altsetting 1 endpoint 0xE has invalid maxpacket 1023, setting to 64
[  150.295357][ T5914] usb 5-1: config 15 interface 174 altsetting 1 has an endpoint descriptor with address 0xB7, changing to 0x87
[  150.300101][ T5914] usb 5-1: config 15 interface 5 altsetting 128 has a duplicate endpoint with address 0x8, skipping
[  150.304501][ T5914] usb 5-1: config 15 interface 5 altsetting 128 has a duplicate endpoint with address 0x8, skipping
[  150.309748][ T5914] usb 5-1: config 15 interface 5 altsetting 128 has an invalid descriptor for endpoint zero, skipping
[  150.314654][ T5914] usb 5-1: config 15 interface 5 altsetting 128 has 3 endpoint descriptors, different from the interface descriptor's value: 5
[  150.320275][ T5914] usb 5-1: config 15 interface 174 has no altsetting 0
[  150.323119][ T5914] usb 5-1: config 15 interface 99 has no altsetting 0
[  150.325718][ T5914] usb 5-1: config 15 interface 5 has no altsetting 0
[  150.329077][ T5914] usb 5-1: language id specifier not provided by device, defaulting to English
[  150.339299][ T5914] usb 5-1: New USB device found, idVendor=1199, idProduct=6859, bcdDevice=fd.7d
[  150.344623][ T5914] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  150.359082][ T5914] usb 5-1: Product: syz
[  150.360721][ T5914] usb 5-1: Manufacturer: syz
[  150.362504][ T5914] usb 5-1: SerialNumber: syz
[  150.419557][ T7938] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  150.675898][ T5914] sierra 5-1:15.174: Sierra USB modem converter detected
[  150.687316][ T5914] usb 5-1: Sierra USB modem converter now attached to ttyUSB0
[  150.693884][ T5914] usb 5-1: Sierra USB modem converter now attached to ttyUSB1
[  150.706329][ T5914] sierra 5-1:15.99: Sierra USB modem converter detected
[  150.714635][ T5914] usb 5-1: Sierra USB modem converter now attached to ttyUSB2
[  150.726174][ T5914] sierra 5-1:15.5: Sierra USB modem converter detected
[  150.732746][ T5914] usb 5-1: Sierra USB modem converter now attached to ttyUSB3
[  150.747175][ T5914] usb 5-1: USB disconnect, device number 6
[  150.758404][ T5914] sierra ttyUSB0: Sierra USB modem converter now disconnected from ttyUSB0
[  150.765907][ T5914] sierra ttyUSB1: Sierra USB modem converter now disconnected from ttyUSB1
[  150.770878][ T5914] sierra 5-1:15.174: device disconnected
[  150.776307][ T5914] sierra ttyUSB2: Sierra USB modem converter now disconnected from ttyUSB2
[  150.780378][ T5914] sierra 5-1:15.99: device disconnected
[  150.789915][ T5914] sierra ttyUSB3: Sierra USB modem converter now disconnected from ttyUSB3
[  150.793951][ T5914] sierra 5-1:15.5: device disconnected
[  151.658866][ T7993] netlink: 32 bytes leftover after parsing attributes in process `syz.4.764'.
[  151.795846][ T8001] loop4: detected capacity change from 0 to 2048
[  151.814940][ T8001] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  152.740121][ T8028] loop2: detected capacity change from 0 to 512
[  152.763603][ T8028] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  152.774188][ T8028] ext4 filesystem being mounted at /260/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  152.792478][   T33] audit: type=1800 audit(1755628206.570:15): pid=8028 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.779" name="file1" dev="loop2" ino=15 res=0 errno=0
[  152.811933][   T33] audit: type=1800 audit(1755628206.590:16): pid=8028 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.779" name="file2" dev="loop2" ino=16 res=0 errno=0
[  152.842483][ T5855] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  152.929098][ T5914] IPVS: starting estimator thread 0...
[  153.026217][ T8034] IPVS: using max 38 ests per chain, 91200 per kthread
[  153.100515][ T8041] loop2: detected capacity change from 0 to 256
[  153.299334][ T8052] overlayfs: failed to clone upperpath
[  153.455469][   T10] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  153.479596][ T8067] loop4: detected capacity change from 0 to 512
[  153.509875][ T8067] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  153.530180][ T8067] EXT4-fs (loop4): 1 truncate cleaned up
[  153.533958][ T8067] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  153.557919][ T8067] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.795: bg 0: block 256: padding at end of block bitmap is not set
[  153.570020][ T8067] EXT4-fs (loop4): Remounting filesystem read-only
[  153.605515][   T10] usb 3-1: Using ep0 maxpacket: 16
[  153.607534][ T7014] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  153.629079][   T10] usb 3-1: unable to get BOS descriptor or descriptor too short
[  153.637485][   T10] usb 3-1: config 1 has an invalid interface number: 231 but max is 0
[  153.645449][   T10] usb 3-1: config 1 has no interface number 0
[  153.647965][   T10] usb 3-1: config 1 interface 231 has no altsetting 0
[  153.661426][   T10] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a0, bcdDevice=5c.f5
[  153.665090][   T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  153.674485][   T10] usb 3-1: Product: syz
[  153.679619][   T10] usb 3-1: Manufacturer: syz
[  153.681401][   T10] usb 3-1: SerialNumber: syz
[  153.703671][ T8078] process 'syz.4.800' launched './file0' with NULL argv: empty string added
[  153.924316][   T10] usbtest 3-1:1.231: couldn't get endpoints, -71
[  153.933942][   T10] usbtest 3-1:1.231: probe with driver usbtest failed with error -71
[  153.945557][   T10] usb 3-1: USB disconnect, device number 12
[  153.994598][   T24] IPVS: starting estimator thread 0...
[  154.019255][ T8100] mmap: syz.3.811 (8100) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  154.086493][ T8098] IPVS: using max 61 ests per chain, 146400 per kthread
[  154.126489][ T8106] fuse: Bad value for 'fd'
[  154.311423][ T8118] netlink: 'syz.3.820': attribute type 4 has an invalid length.
[  154.543204][ T8131] loop6: detected capacity change from 0 to 2560
[  154.555274][ T8131] Buffer I/O error on dev loop6, logical block 0, async page read
[  154.557884][ T8131] Buffer I/O error on dev loop6, logical block 0, async page read
[  154.560803][ T8131] Buffer I/O error on dev loop6, logical block 0, async page read
[  154.563786][ T8131] Buffer I/O error on dev loop6, logical block 0, async page read
[  154.574420][ T8131] Buffer I/O error on dev loop6, logical block 0, async page read
[  154.577704][ T8131] Buffer I/O error on dev loop6, logical block 0, async page read
[  154.580734][ T8131] Buffer I/O error on dev loop6, logical block 0, async page read
[  154.583618][ T8131] Buffer I/O error on dev loop6, logical block 0, async page read
[  154.587004][ T8131] ldm_validate_partition_table(): Disk read failed.
[  154.589736][ T8131] Buffer I/O error on dev loop6, logical block 0, async page read
[  154.592634][ T8131] Buffer I/O error on dev loop6, logical block 0, async page read
[  154.596032][ T8131] Dev loop6: unable to read RDB block 0
[  154.598224][ T8131]  loop6: unable to read partition table
[  154.602427][ T8131] loop_reread_partitions: partition scan of loop6 (3) failed (rc=-5)
[  155.049004][ T8153] trusted_key: encrypted_key: keyword 'new' not allowed when called from .update method
[  155.051740][ T8155] netlink: 4 bytes leftover after parsing attributes in process `syz.2.837'.
[  155.344695][   T96] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  155.495013][   T96] usb 5-1: Using ep0 maxpacket: 8
[  155.500920][   T96] usb 5-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  155.513606][   T96] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x94, changing to 0x84
[  155.517615][   T96] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 239, changing to 11
[  155.521674][   T96] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid maxpacket 9059, setting to 1024
[  155.528773][   T96] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  155.531277][ T8163] netlink: 'syz.3.841': attribute type 10 has an invalid length.
[  155.536641][   T96] usb 5-1: New USB device found, idVendor=04e8, idProduct=ff30, bcdDevice=a6.d1
[  155.540035][   T96] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  155.540452][ T8163] syz_tun: entered promiscuous mode
[  155.542903][   T96] usb 5-1: Product: syz
[  155.547617][   T96] usb 5-1: Manufacturer: syz
[  155.549488][   T96] usb 5-1: SerialNumber: syz
[  155.555236][ T8163] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[  155.559736][   T96] usb 5-1: config 0 descriptor??
[  155.571142][ T8163] netlink: 'syz.3.841': attribute type 10 has an invalid length.
[  155.586700][ T8163] 8021q: adding VLAN 0 to HW filter on device bond0
[  155.592598][ T8163] team0: Port device bond0 added
[  155.636440][   T96] rc_core: IR keymap rc-imon-rsc not found
[  155.638888][   T96] Registered IR keymap rc-empty
[  155.642765][   T96] rc rc0: iMON Station as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0
[  155.651151][   T96] input: iMON Station as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0/input6
[  155.789901][  T794] usb 5-1: USB disconnect, device number 7
[  156.134597][ T5238] Bluetooth: hci3: unexpected event 0x01 length: 13 > 1
[  156.242665][ T8183] loop2: detected capacity change from 0 to 40427
[  156.250943][ T8183] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[  156.254153][ T8183] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  156.260827][ T8183] F2FS-fs (loop2): invalid crc value
[  156.318243][ T8183] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  156.324865][ T8183] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  156.327632][ T8183] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  157.464329][ T5316] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  157.613482][ T5316] usb 3-1: Using ep0 maxpacket: 32
[  157.618143][ T5316] usb 3-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config
[  157.621616][ T5316] usb 3-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xEC, changing to 0x8C
[  157.625405][ T5316] usb 3-1: config 155 interface 0 altsetting 0 endpoint 0x8C has an invalid bInterval 200, changing to 11
[  157.628965][ T5316] usb 3-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11
[  157.635338][ T5316] usb 3-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30
[  157.638151][ T5316] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  157.641695][ T5316] usb 3-1: Product: syz
[  157.643214][ T5316] usb 3-1: Manufacturer: syz
[  157.644973][ T5316] usb 3-1: SerialNumber: syz
[  157.674105][ T5316] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:155.0/input/input7
[  157.863814][ T5316] imon:send_packet: packet tx failed (-71)
[  157.895983][ T5316] imon 3-1:155.0: panel buttons/knobs setup failed
[  157.898746][ T5316] imon 3-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR
[  157.902173][ T5316]  (id 0x00)
[  157.963313][ T5316] rc_core: IR keymap rc-imon-pad not found
[  157.966004][ T5316] Registered IR keymap rc-empty
[  157.968278][ T5316] imon 3-1:155.0: Looks like you're trying to use an IR protocol this device does not support
[  157.972506][ T5316] imon 3-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol
[  157.976499][ T5316] imon:send_packet: packet tx failed (-71)
[  158.003412][ T5316] imon 3-1:155.0: remote input dev register failed
[  158.006670][ T5316] imon 3-1:155.0: imon_init_intf0: rc device setup failed
[  158.037732][ T5316] imon 3-1:155.0: unable to initialize intf0, err 0
[  158.040432][ T5316] imon:imon_probe: failed to initialize context!
[  158.044004][ T5316] imon 3-1:155.0: unable to register, err -19
[  158.052650][ T5316] usb 3-1: USB disconnect, device number 13
[  158.191639][ T8237] netlink: 4 bytes leftover after parsing attributes in process `syz.3.870'.
[  158.563819][ T8248] loop4: detected capacity change from 0 to 512
[  158.573996][ T8248] EXT4-fs (loop4): mounting ext2 file system using the ext4 subsystem
[  158.600205][ T8248] EXT4-fs error (device loop4): ext4_orphan_get:1392: inode #15: comm syz.4.875: iget: bad i_size value: 360287970189639680
[  158.613789][ T8248] EXT4-fs error (device loop4): ext4_orphan_get:1397: comm syz.4.875: couldn't read orphan inode 15 (err -117)
[  158.629087][ T8248] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  158.649684][ T8248] EXT4-fs error (device loop4): ext4_empty_dir:3090: inode #12: block 13: comm syz.4.875: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=12, rec_len=0, size=4096 fake=1
[  158.661034][ T8248] EXT4-fs warning (device loop4): ext4_empty_dir:3093: inode #12: comm syz.4.875: directory missing '.'
[  158.703978][ T7014] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  158.757562][ T8246] loop2: detected capacity change from 0 to 32768
[  158.804495][ T8246] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[  158.822948][ T8246] OCFS2: ERROR (device loop2): int ocfs2_validate_dx_root(struct super_block *, struct buffer_head *): Dir Index Root # 28549323745621536 has bad signature 
[  158.831000][ T8246] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted.
[  158.837441][ T8246] OCFS2: File system is now read-only.
[  158.839275][ T8246] (syz.2.874,8246,1):ocfs2_find_entry_dx:1037 ERROR: status = -30
[  158.875890][ T5855] ocfs2: Unmounting device (7,2) on (node local)
[  159.008066][ T8262] netlink: 8 bytes leftover after parsing attributes in process `syz.4.882'.
[  159.012727][ T8262] netlink: 4 bytes leftover after parsing attributes in process `syz.4.882'.
[  159.015607][ T8262] netlink: 'syz.4.882': attribute type 13 has an invalid length.
[  159.020957][ T8262] netlink: 'syz.4.882': attribute type 12 has an invalid length.
[  159.183825][ T8275] loop4: detected capacity change from 0 to 2048
[  159.219803][ T8277] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  159.270662][   T33] audit: type=1800 audit(1755628213.053:17): pid=8275 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.886" name="file1" dev="loop4" ino=15 res=0 errno=0
[  159.743519][ T8293] netlink: 12 bytes leftover after parsing attributes in process `syz.4.892'.
[  159.765332][ T8293] netlink: 12 bytes leftover after parsing attributes in process `syz.4.892'.
[  160.116675][ T8301] loop2: detected capacity change from 0 to 4096
[  160.139228][ T8304] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  160.229040][ T8307] netlink: 'syz.3.900': attribute type 10 has an invalid length.
[  160.233960][ T8307] macvlan0: entered promiscuous mode
[  160.235949][ T8307] macvlan0: entered allmulticast mode
[  160.248815][ T8307] veth1_vlan: entered allmulticast mode
[  160.255907][ T8307] bond0: (slave macvlan0): Enslaving as an active interface with an up link
[  160.526190][ T8321] loop4: detected capacity change from 0 to 1024
[  160.536604][ T8321] EXT4-fs: Ignoring removed nobh option
[  160.538384][ T8321] EXT4-fs: Ignoring removed bh option
[  160.567313][ T8321] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  160.584408][ T8321] netlink: 'syz.4.906': attribute type 4 has an invalid length.
[  160.586916][ T8321] netlink: 17 bytes leftover after parsing attributes in process `syz.4.906'.
[  160.605865][   T96] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  160.612563][ T7014] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  160.751999][   T96] usb 3-1: Using ep0 maxpacket: 32
[  160.764445][   T96] usb 3-1: unable to get BOS descriptor or descriptor too short
[  160.774442][   T96] usb 3-1: config 9 has an invalid interface number: 55 but max is 0
[  160.777709][   T96] usb 3-1: config 9 has no interface number 0
[  160.803302][   T96] usb 3-1: config 9 interface 55 has no altsetting 0
[  160.825937][   T96] usb 3-1: New USB device found, idVendor=2fc1, idProduct=f4e0, bcdDevice=5a.b5
[  160.829778][   T96] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  160.836609][   T96] usb 3-1: Product: syz
[  160.838331][   T96] usb 3-1: Manufacturer: syz
[  160.840727][   T96] usb 3-1: SerialNumber: syz
[  161.015423][  T794] libceph: connect (1)[c::]:6789 error -101
[  161.024660][  T794] libceph: mon0 (1)[c::]:6789 connect error
[  161.035365][  T794] libceph: connect (1)[c::]:6789 error -101
[  161.038095][  T794] libceph: mon0 (1)[c::]:6789 connect error
[  161.048997][ T8352] ceph: No mds server is up or the cluster is laggy
[  161.072247][   T96] usb 3-1: USB disconnect, device number 14
[  161.679986][ T8388] program syz.2.934 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  161.905872][ T8400] loop4: detected capacity change from 0 to 512
[  161.925171][ T8400] EXT4-fs: Ignoring removed mblk_io_submit option
[  161.929499][ T8402] netlink: 4 bytes leftover after parsing attributes in process `syz.3.941'.
[  161.936242][ T8402] netlink: 4 bytes leftover after parsing attributes in process `syz.3.941'.
[  161.972887][ T8400] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem
[  161.978292][ T8400] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a043c11c, mo2=0002]
[  161.992660][ T8400] System zones: 1-12
[  162.003369][ T8400] EXT4-fs error (device loop4): ext4_iget_extra_inode:5104: inode #15: comm syz.4.940: corrupted in-inode xattr: e_value size too large
[  162.013526][ T8394] loop2: detected capacity change from 0 to 32768
[  162.018167][ T8400] EXT4-fs error (device loop4): ext4_orphan_get:1397: comm syz.4.940: couldn't read orphan inode 15 (err -117)
[  162.046619][ T8400] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  162.099132][ T8394] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[  162.167231][ T7014] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  162.172767][ T5855] (syz-executor,5855,1):ocfs2_inode_is_valid_to_delete:948 ERROR: Skipping delete of system file 72
[  162.193429][ T5855] ocfs2: Unmounting device (7,2) on (node local)
[  162.643488][ T8423] loop4: detected capacity change from 0 to 1024
[  162.736045][ T8427] IPv6: sit1: Disabled Multicast RS
[  162.738797][ T8427] sit1: entered allmulticast mode
[  162.934855][ T8433] tipc: Started in network mode
[  162.936548][ T8433] tipc: Node identity 26907f0e172e, cluster identity 4711
[  162.939078][ T8433] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  162.942284][ T8433] syzkaller0: entered promiscuous mode
[  162.944083][ T8433] syzkaller0: entered allmulticast mode
[  162.959740][ T8433] sch_tbf: burst 12 is lower than device syzkaller0 mtu (1514) !
[  162.965550][ T8433] tipc: Resetting bearer <eth:syzkaller0>
[  162.970137][ T8432] tipc: Resetting bearer <eth:syzkaller0>
[  162.982977][ T8432] tipc: Disabling bearer <eth:syzkaller0>
[  163.250219][   T40] hfsplus: b-tree write err: -5, ino 4
[  163.336546][ T8435] loop2: detected capacity change from 0 to 32768
[  163.340052][ T8435] bcachefs: bch2_fs_parse_param() Error parsing option move_bytes_in_flight: option_value
[  163.614397][ T8457] netlink: 4 bytes leftover after parsing attributes in process `syz.2.964'.
[  163.653893][ T8459] netlink: 72 bytes leftover after parsing attributes in process `syz.4.965'.
[  164.062137][ T5316] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  164.210266][ T5316] usb 3-1: Using ep0 maxpacket: 16
[  164.231807][ T5316] usb 3-1: config 8 has an invalid interface number: 206 but max is 0
[  164.238044][ T5316] usb 3-1: config 8 has no interface number 0
[  164.244798][ T5316] usb 3-1: config 8 interface 206 altsetting 1 has an endpoint descriptor with address 0xF7, changing to 0x87
[  164.251059][ T5316] usb 3-1: config 8 interface 206 altsetting 1 endpoint 0x87 has invalid maxpacket 33058, setting to 1024
[  164.255639][ T5316] usb 3-1: config 8 interface 206 altsetting 1 has 2 endpoint descriptors, different from the interface descriptor's value: 9
[  164.266932][ T5316] usb 3-1: config 8 interface 206 has no altsetting 0
[  164.289722][ T5316] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=35.bb
[  164.294747][ T5316] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  164.298269][ T5316] usb 3-1: Product: syz
[  164.303847][ T5316] usb 3-1: Manufacturer: syz
[  164.309350][ T5316] usb 3-1: SerialNumber: syz
[  164.633469][ T5316] garmin_gps 3-1:8.206: Garmin GPS usb/tty converter detected
[  164.769126][ T5316] usb 3-1: Garmin GPS usb/tty converter now attached to ttyUSB0
[  164.966842][ T5316] usb 3-1: USB disconnect, device number 15
[  165.029680][ T5316] garmin_gps ttyUSB0: Garmin GPS usb/tty converter now disconnected from ttyUSB0
[  165.043633][ T5316] garmin_gps 3-1:8.206: device disconnected
[  165.515244][ T8488] netlink: 4 bytes leftover after parsing attributes in process `syz.2.979'.
[  165.561305][ T8482] loop4: detected capacity change from 0 to 32768
[  165.575440][ T8482] (syz.4.976,8482,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  165.584263][ T8482] (syz.4.976,8482,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  165.608853][ T8482] JBD2: Ignoring recovery information on journal
[  165.639971][ T8482] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[  165.762388][ T7014] ocfs2: Unmounting device (7,4) on (node local)
[  165.860569][   T10] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[  165.943733][ T8500] loop4: detected capacity change from 0 to 1024
[  165.959696][ T8500] hfsplus: write access to a journaled filesystem is not supported, use the force option at your own risk, mounting read-only.
[  165.982468][ T8500] hfsplus: filesystem is marked journaled, leaving read-only.
[  166.023504][   T10] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[  166.026811][   T10] usb 3-1: config 0 has no interface number 0
[  166.029963][   T10] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  166.034571][   T10] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  166.038507][   T10] usb 3-1: config 0 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  166.049666][   T10] usb 3-1: New USB device found, idVendor=28bd, idProduct=0042, bcdDevice= 0.00
[  166.053377][   T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  166.066765][ T8504] netlink: 72 bytes leftover after parsing attributes in process `syz.4.986'.
[  166.069816][   T10] usb 3-1: config 0 descriptor??
[  166.204240][ T8508] netlink: 8 bytes leftover after parsing attributes in process `syz.4.988'.
[  166.211820][ T8508] netlink: 8 bytes leftover after parsing attributes in process `syz.4.988'.
[  166.487959][   T10] hid (null): report_id 35660 is invalid
[  166.634011][ T8521] trusted_key: syz.3.994 sent an empty control message without MSG_MORE.
[  166.713916][   T10] input: HID 28bd:0042 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.1/0003:28BD:0042.0007/input/input9
[  167.087915][   T10] uclogic 0003:28BD:0042.0007: input,hidraw0: USB HID v0.00 Keypad [HID 28bd:0042] on usb-dummy_hcd.2-1/input1
[  167.096011][   T10] usb 3-1: USB disconnect, device number 16
[  167.124334][ T8531] af_packet: tpacket_rcv: packet too big, clamped from 4 to 4294967272. macoff=96
[  167.609702][ T8547] loop4: detected capacity change from 0 to 4096
[  167.613720][ T8547] ntfs3(loop4): Primary boot: invalid index size -14.
[  167.616683][ T8547] ntfs3(loop4): try to read out of volume at offset 0x1ffe00
[  167.708840][ T8551] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1008'.
[  167.993494][ T8545] loop2: detected capacity change from 0 to 40427
[  168.010661][ T8545] F2FS-fs (loop2): Small segment_count (9 < 1 * 24)
[  168.017649][ T8545] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  168.033082][ T8571] ref_ctr_offset mismatch. inode: 0x765 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0x4
[  168.060524][ T8576] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1019'.
[  168.175751][ T8582] loop4: detected capacity change from 0 to 512
[  168.179007][ T8545] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  168.198757][ T8545] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  168.201386][ T8545] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  168.216593][ T8582] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  168.226315][ T8545] syz.2.1005: attempt to access beyond end of device
[  168.226315][ T8545] loop2: rw=2049, sector=53248, nr_sectors = 8 limit=40427
[  168.241223][ T8582] ext4 filesystem being mounted at /184/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  168.276627][ T5855] syz-executor: attempt to access beyond end of device
[  168.276627][ T5855] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  168.297055][ T5855] CPU: 1 UID: 0 PID: 5855 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  168.297071][ T5855] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  168.297077][ T5855] Call Trace:
[  168.297083][ T5855]  <TASK>
[  168.297096][ T5855]  dump_stack_lvl+0x189/0x250
[  168.297114][ T5855]  ? __pfx_dump_stack_lvl+0x10/0x10
[  168.297125][ T5855]  ? __pfx_queue_work_on+0x10/0x10
[  168.297134][ T5855]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  168.297147][ T5855]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  168.297164][ T5855]  f2fs_handle_critical_error+0x37c/0x540
[  168.297182][ T5855]  f2fs_write_end_io+0x886/0xb60
[  168.297201][ T5855]  __submit_merged_bio+0x27a/0x6a0
[  168.297217][ T5855]  __submit_merged_write_cond+0x255/0x530
[  168.297232][ T5855]  f2fs_write_data_pages+0x261d/0x3000
[  168.297264][ T5855]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  168.297301][ T5855]  ? __mod_zone_page_state+0xd7/0x140
[  168.297319][ T5855]  ? folios_put_refs+0x560/0x640
[  168.297335][ T5855]  ? __pfx_folios_put_refs+0x10/0x10
[  168.297343][ T5855]  ? rcu_is_watching+0x15/0xb0
[  168.297358][ T5855]  ? __lock_acquire+0xab9/0xd20
[  168.297380][ T5855]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  168.297426][ T5855]  do_writepages+0x32e/0x550
[  168.297450][ T5855]  ? do_raw_spin_unlock+0x4d/0x240
[  168.297469][ T5855]  filemap_fdatawrite+0x199/0x240
[  168.297482][ T5855]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  168.297520][ T5855]  ? do_raw_spin_unlock+0x4d/0x240
[  168.297533][ T5855]  f2fs_sync_dirty_inodes+0x31f/0x830
[  168.297551][ T5855]  f2fs_write_checkpoint+0x95a/0x1df0
[  168.297573][ T5855]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  168.297605][ T5855]  ? call_rcu+0x6ff/0x9c0
[  168.297614][ T5855]  ? lockdep_hardirqs_on+0x9c/0x150
[  168.297626][ T5855]  ? kill_f2fs_super+0x298/0x6c0
[  168.297638][ T5855]  kill_f2fs_super+0x2c3/0x6c0
[  168.297650][ T5855]  ? __pfx_kill_f2fs_super+0x10/0x10
[  168.297658][ T5855]  ? radix_tree_delete_item+0x2b6/0x400
[  168.297673][ T5855]  ? shrinker_free+0x2ce/0x3e0
[  168.297684][ T5855]  deactivate_locked_super+0xbc/0x130
[  168.297696][ T5855]  cleanup_mnt+0x425/0x4c0
[  168.297707][ T5855]  ? lockdep_hardirqs_on+0x9c/0x150
[  168.297722][ T5855]  task_work_run+0x1d4/0x260
[  168.297735][ T5855]  ? __pfx_task_work_run+0x10/0x10
[  168.297745][ T5855]  ? __x64_sys_umount+0x122/0x160
[  168.297759][ T5855]  ? exit_to_user_mode_loop+0x40/0x110
[  168.297774][ T5855]  exit_to_user_mode_loop+0xec/0x110
[  168.297786][ T5855]  do_syscall_64+0x2bd/0x3b0
[  168.297798][ T5855]  ? lockdep_hardirqs_on+0x9c/0x150
[  168.297808][ T5855]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  168.297818][ T5855]  ? exc_page_fault+0x9f/0xf0
[  168.297829][ T5855]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  168.297838][ T5855] RIP: 0033:0x7f9bc8d8ff17
[  168.297849][ T5855] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  168.297858][ T5855] RSP: 002b:00007ffdffe8df98 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  168.297868][ T5855] RAX: 0000000000000000 RBX: 00007f9bc8e11c05 RCX: 00007f9bc8d8ff17
[  168.297875][ T5855] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffdffe8e050
[  168.297880][ T5855] RBP: 00007ffdffe8e050 R08: 0000000000000000 R09: 0000000000000000
[  168.297885][ T5855] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffdffe8f0e0
[  168.297891][ T5855] R13: 00007f9bc8e11c05 R14: 00000000000290c9 R15: 00007ffdffe8f120
[  168.297907][ T5855]  </TASK>
[  168.297911][ T5855] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  168.434957][ T7014] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  168.838646][ T8604] capability: warning: `syz.3.1032' uses 32-bit capabilities (legacy support in use)
[  169.142943][ T8618] loop2: detected capacity change from 0 to 512
[  169.146564][ T8618] EXT4-fs: Ignoring removed mblk_io_submit option
[  169.175237][ T8618] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem
[  169.189468][ T8618] EXT4-fs (loop2): DAX unsupported by block device.
[  169.687411][   T24] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  169.837373][   T24] usb 5-1: Using ep0 maxpacket: 32
[  169.844126][   T24] usb 5-1: config 0 has an invalid interface number: 64 but max is 0
[  169.848187][   T24] usb 5-1: config 0 has no interface number 0
[  169.853601][   T24] usb 5-1: New USB device found, idVendor=0abf, idProduct=3370, bcdDevice=d8.af
[  169.858709][   T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  169.862029][   T24] usb 5-1: Product: syz
[  169.863783][   T24] usb 5-1: Manufacturer: syz
[  169.865758][   T24] usb 5-1: SerialNumber: syz
[  169.870925][   T24] usb 5-1: config 0 descriptor??
[  170.118298][   T24] usb 5-1: USB disconnect, device number 8
[  170.185902][   T33] audit: type=1326 audit(1755628224.978:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8633 comm="syz.2.1044" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9bc8d8ebe9 code=0x0
[  170.467169][   T10] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[  170.616981][   T10] usb 3-1: Using ep0 maxpacket: 8
[  170.628753][   T10] usb 3-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  170.632069][   T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  170.653286][   T10] usb 3-1: config 0 descriptor??
[  170.853152][ T8664] netem: change failed
[  171.787125][ T8689] ref_ctr going negative. vaddr: 0x200000ffd000, curr val: -19135, delta: 1
[  171.790892][ T8689] ref_ctr increment failed for inode: 0x804 offset: 0x5 ref_ctr_offset: 0x1000 of mm: 0xffff8880243ba040
[  171.934158][ T8691] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1072'.
[  172.051528][ T8697] loop4: detected capacity change from 0 to 8192
[  172.077854][ T8697] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  172.184748][ T8701] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1076'.
[  172.188332][ T8701] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1076'.
[  172.191878][ T8701] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1076'.
[  172.351338][ T8707] unknown channel width for channel at 909000KHz?
[  172.399950][ T8709] netlink: 'syz.4.1080': attribute type 1 has an invalid length.
[  172.430861][ T8709] 8021q: adding VLAN 0 to HW filter on device bond2
[  172.455362][ T8709] bond2: (slave gretap1): making interface the new active one
[  172.460915][ T8709] bond2: (slave gretap1): Enslaving as an active interface with an up link
[  172.473822][ T8709] vlan2: entered allmulticast mode
[  172.476366][ T8709] bond2: entered allmulticast mode
[  172.478579][ T8709] gretap1: entered allmulticast mode
[  172.481860][ T8709] bond2: (slave vlan2): the slave hw address is in use by the bond; couldn't find a slave with a free hw address to give it (this should not have happened)
[  172.687348][   T10] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  172.690597][   T10] asix 3-1:0.0: probe with driver asix failed with error -71
[  172.696676][   T10] usb 3-1: USB disconnect, device number 17
[  172.885067][ T8712] overlayfs: failed to clone upperpath
[  173.274396][ T8726] loop2: detected capacity change from 0 to 1024
[  173.306621][   T71] hfsplus: b-tree write err: -5, ino 4
[  173.333783][ T8728] netlink: 666 bytes leftover after parsing attributes in process `syz.2.1089'.
[  173.347203][   T10] usb 5-1: new full-speed USB device number 9 using dummy_hcd
[  173.380894][ T8730] loop2: detected capacity change from 0 to 1024
[  173.407643][ T8730] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  173.429749][ T8730] fuse: Unknown parameter '00000000000000000000'
[  173.509053][   T10] usb 5-1: unable to get BOS descriptor or descriptor too short
[  173.514264][   T10] usb 5-1: not running at top speed; connect to a high speed hub
[  173.519809][   T10] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  173.523939][   T10] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 147, changing to 4
[  173.530765][   T10] usb 5-1: config 1 interface 2 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  173.539874][   T10] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  173.543117][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  173.547247][   T10] usb 5-1: Product: syz
[  173.548638][   T10] usb 5-1: Manufacturer: syz
[  173.550273][   T10] usb 5-1: SerialNumber: syz
[  173.941365][ T8736] netlink: 212376 bytes leftover after parsing attributes in process `syz.3.1091'.
[  173.963984][   T10] usb 5-1: USB disconnect, device number 9
[  174.012923][ T6280] udevd[6280]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  174.060772][ T8740] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1093'.
[  174.280463][ T5855] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  174.341385][ T8752] Bluetooth: MGMT ver 1.23
[  174.554219][ T8768] loop4: detected capacity change from 0 to 1024
[  174.587005][ T8768] EXT4-fs error (device loop4): __ext4_fill_super:5500: comm syz.4.1106: inode #2: comm syz.4.1106: iget: illegal inode #
[  174.602262][ T8768] EXT4-fs (loop4): get root inode failed
[  174.604597][ T8768] EXT4-fs (loop4): mount failed
[  174.809910][ T8776] loop4: detected capacity change from 0 to 256
[  174.859170][ T8776] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x53fda505, utbl_chksum : 0xe619d30d)
[  174.877069][ T8776] exFAT-fs (loop4): bogus allocation bitmap size(need : 2, cur : 17179869186)
[  175.979608][ T8799] loop2: detected capacity change from 0 to 2048
[  176.116325][ T8799] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  176.136886][ T8799] EXT4-fs (loop2): Online resizing not supported with bigalloc
[  176.212490][ T5855] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  176.575609][ T8811] loop2: detected capacity change from 0 to 512
[  176.590035][ T8811] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  176.625330][ T8811] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a00ee018, mo2=0002]
[  176.628221][ T8811] System zones: 1-12
[  176.631437][ T8811] EXT4-fs (loop2): orphan cleanup on readonly fs
[  176.643014][ T8811] EXT4-fs warning (device loop2): ext4_expand_extra_isize_ea:2848: Unable to expand inode 15. Delete some EAs or run e2fsck.
[  176.650447][ T8811] EXT4-fs (loop2): 1 truncate cleaned up
[  176.653616][ T8811] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  176.683298][   T33] audit: type=1800 audit(1755628231.462:19): pid=8818 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1122" name="SYSV00000000" dev="tmpfs" ino=2 res=0 errno=0
[  176.747440][ T5855] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  176.870733][ T8822] loop4: detected capacity change from 0 to 512
[  176.920158][ T8822] EXT4-fs error (device loop4): ext4_iget_extra_inode:5104: inode #15: comm syz.4.1126: corrupted in-inode xattr: invalid ea_ino
[  176.927324][ T8822] EXT4-fs error (device loop4): ext4_orphan_get:1397: comm syz.4.1126: couldn't read orphan inode 15 (err -117)
[  176.932008][ T8822] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  177.293731][    T9] usb 3-1: new high-speed USB device number 18 using dummy_hcd
[  177.443542][    T9] usb 3-1: Using ep0 maxpacket: 16
[  177.446841][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  177.450337][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  177.454002][    T9] usb 3-1: New USB device found, idVendor=1770, idProduct=ff00, bcdDevice= 0.00
[  177.457608][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  177.462372][    T9] usb 3-1: config 0 descriptor??
[  177.495763][ T8839] pim6reg: entered allmulticast mode
[  177.594578][ T7014] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  177.883247][ T5316] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  177.900983][    T9] gt683r_led 0003:1770:FF00.0008: hidraw0: USB HID v0.00 Device [HID 1770:ff00] on usb-dummy_hcd.2-1/input0
[  178.033191][ T5316] usb 5-1: Using ep0 maxpacket: 16
[  178.037699][ T5316] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  178.042301][ T5316] usb 5-1: New USB device found, idVendor=056e, idProduct=00fe, bcdDevice= 0.00
[  178.046786][ T5316] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  178.052998][ T5316] usb 5-1: config 0 descriptor??
[  178.095034][ T5901] usb 3-1: USB disconnect, device number 18
[  178.108675][ T5880] gt683r_led 0003:1770:FF00.0008: failed to send set report request: -19
[  178.117483][ T5880] gt683r_led 0003:1770:FF00.0008: failed to send set report request: -19
[  178.474015][ T5316] elecom 0003:056E:00FE.0009: unknown main item tag 0x0
[  178.477250][ T5316] elecom 0003:056E:00FE.0009: unknown main item tag 0x0
[  178.480258][ T5316] elecom 0003:056E:00FE.0009: unknown main item tag 0x0
[  178.483239][ T5316] elecom 0003:056E:00FE.0009: unknown main item tag 0x0
[  178.486231][ T5316] elecom 0003:056E:00FE.0009: unknown main item tag 0x0
[  178.490121][ T5316] elecom 0003:056E:00FE.0009: unknown main item tag 0x0
[  178.493349][ T5316] elecom 0003:056E:00FE.0009: unknown main item tag 0x0
[  178.496168][ T5316] elecom 0003:056E:00FE.0009: unknown main item tag 0x0
[  178.498872][ T5316] elecom 0003:056E:00FE.0009: unknown main item tag 0x0
[  178.501235][ T5316] elecom 0003:056E:00FE.0009: unknown main item tag 0x0
[  178.505403][ T5316] elecom 0003:056E:00FE.0009: hidraw0: USB HID v0.00 Device [HID 056e:00fe] on usb-dummy_hcd.4-1/input0
[  178.666990][    T9] usb 5-1: USB disconnect, device number 10
[  178.686301][ T8854] loop2: detected capacity change from 0 to 4096
[  178.740743][ T8854] ntfs3(loop2): Mark volume as dirty due to NTFS errors
[  178.754582][ T8854] ntfs3(loop2): Failed to load $Extend (-22).
[  178.757215][ T8854] ntfs3(loop2): Failed to initialize $Extend.
[  179.242617][ T5316] usb 3-1: new high-speed USB device number 19 using dummy_hcd
[  179.339434][ T8897] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant.
[  179.339434][ T8897] The task syz.4.1156 (8897) triggered the difference, watch for misbehavior.
[  179.409583][ T5316] usb 3-1: New USB device found, idVendor=0545, idProduct=808b, bcdDevice=31.ad
[  179.413207][ T5316] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  179.419804][ T5316] usb 3-1: config 0 descriptor??
[  179.429147][ T5316] gspca_main: tv8532-2.14.0 probing 0545:808b
[  179.731411][ T5316] usb 3-1: USB disconnect, device number 19
[  180.453531][ T5316] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  180.823696][ T5316] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  180.828064][ T5316] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  180.834561][ T5316] usb 5-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  180.837760][ T5316] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  180.842868][ T5316] usb 5-1: config 0 descriptor??
[  181.025457][ T8929] veth0: entered promiscuous mode
[  181.028759][ T8929] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1173'.
[  181.069398][ T8929] veth0 (unregistering): left promiscuous mode
[  181.272109][ T5316] cm6533_jd 0003:0D8C:0022.000A: invalid report_size -101239751
[  181.275263][ T5316] cm6533_jd 0003:0D8C:0022.000A: item 0 4 1 7 parsing failed
[  181.278826][ T5316] cm6533_jd 0003:0D8C:0022.000A: parse failed
[  181.281377][ T5316] cm6533_jd 0003:0D8C:0022.000A: probe with driver cm6533_jd failed with error -22
[  181.473298][ T5316] usb 5-1: USB disconnect, device number 11
[  182.060341][ T8977] syz_tun: entered allmulticast mode
[  182.076832][ T8976] syz_tun: left allmulticast mode
[  182.160347][ T8985] loop4: detected capacity change from 0 to 128
[  182.180460][ T8985] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  182.190856][ T8985] ext4 filesystem being mounted at /220/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  182.197532][ T8985] EXT4-fs warning (device loop4): verify_group_input:137: Cannot add at group 25 (only 1 groups)
[  182.228255][ T7014] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  182.509606][ T9013] netlink: 2 bytes leftover after parsing attributes in process `syz.4.1212'.
[  182.706647][ T9029] loop4: detected capacity change from 0 to 1024
[  182.731159][ T9029] hfsplus: cannot replace xattr
[  182.755024][   T40] hfsplus: b-tree write err: -5, ino 4
[  183.096285][ T9050] netlink: 'syz.2.1231': attribute type 1 has an invalid length.
[  183.254775][ T9059] loop4: detected capacity change from 0 to 4096
[  183.273418][ T9059] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  183.277085][ T9059] EXT4-fs (loop4): Test dummy encryption mode enabled
[  183.299185][ T9059] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  183.348069][ T7014] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  183.351385][ T9055] loop2: detected capacity change from 0 to 32768
[  183.394039][ T9055] ocfs2: Mounting device (7,2) on (node local, slot 0) with writeback data mode.
[  183.514479][ T5855] ocfs2: Unmounting device (7,2) on (node local)
[  183.747229][ T9078] loop4: detected capacity change from 0 to 512
[  183.759573][ T9078] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  183.890882][ T9082] loop2: detected capacity change from 0 to 32768
[  183.920363][ T9078] EXT4-fs (loop4): 1 truncate cleaned up
[  183.923173][ T9078] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  183.966132][ T7014] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  184.016798][ T9082] bcachefs (loop2): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,nojournal_transaction_names
[  184.016815][ T9082]   allowing incompatible features above 0.0: (unknown version)
[  184.016820][ T9082]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  184.031890][ T9082] bcachefs (loop2): Using encoding defined by superblock: utf8-12.1.0
[  184.034580][ T9082] bcachefs (loop2): initializing new filesystem
[  184.041918][ T9082] bcachefs (loop2): going read-write
[  184.059871][ T9082] bcachefs (loop2): marking superblocks
[  184.063531][ T9109] loop4: detected capacity change from 0 to 512
[  184.065690][ T9082] bcachefs (loop2): initializing freespace
[  184.069512][ T9082] bcachefs (loop2): done initializing freespace
[  184.073173][ T9082] bcachefs (loop2): reading snapshots table
[  184.075194][ T9082] bcachefs (loop2): reading snapshots done
[  184.104021][ T9082] bcachefs (loop2): done starting filesystem
[  184.133279][ T9109] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  184.152822][ T9109] ext4 filesystem being mounted at /245/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  184.159833][ T9082] syz.2.1244 (9082) used greatest stack depth: 17320 bytes left
[  184.186600][ T5855] bcachefs (loop2): shutting down
[  184.188283][ T5855] bcachefs (loop2): going read-only
[  184.189918][ T5855] bcachefs (loop2): finished waiting for writes to stop
[  184.195209][ T5855] bcachefs (loop2): flushing journal and stopping allocators, journal seq 2
[  184.197075][ T7014] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  184.252984][ T5855] bcachefs (loop2): flushing journal and stopping allocators complete, journal seq 3
[  184.262596][ T5855] bcachefs (loop2): clean shutdown complete, journal seq 4
[  184.266633][ T5855] bcachefs (loop2): marking filesystem clean
[  184.295294][ T5855] bcachefs (loop2): shutdown complete
[  184.542118][ T9119] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1256'.
[  184.546048][ T9119] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  184.874911][ T9129] ptrace attach of "/syz-executor exec"[6346] was attempted by "\x22"[9129]
[  184.973323][ T9135] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1264'.
[  185.489451][    T9] usb 5-1: new full-speed USB device number 12 using dummy_hcd
[  185.654038][    T9] usb 5-1: New USB device found, idVendor=13d8, idProduct=0011, bcdDevice=d0.62
[  185.657427][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  185.663102][    T9] usb 5-1: Product: syz
[  185.664710][    T9] usb 5-1: Manufacturer: syz
[  185.666487][    T9] usb 5-1: SerialNumber: syz
[  185.673010][    T9] usb 5-1: config 0 descriptor??
[  185.696018][    T9] comedi comedi5: This driver needs USB 2.0 to operate. Aborting...
[  185.700578][    T9] usbduxfast 5-1:0.0: driver 'usbduxfast' failed to auto-configure device.
[  185.836826][ T9159] loop2: detected capacity change from 0 to 512
[  185.859528][ T9159] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  185.876569][ T9159] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  185.882905][    T9] usb 5-1: USB disconnect, device number 12
[  185.883227][ T9159] ext4 filesystem being mounted at /351/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  185.916658][ T9159] EXT4-fs error (device loop2): __ext4_new_inode:1279: comm syz.2.1275: failed to insert inode 16: doubly allocated?
[  185.950189][ T5855] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  186.797926][ T9183] loop4: detected capacity change from 0 to 32768
[  186.822921][ T9183] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.1284 (9183)
[  186.843718][ T9183] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  186.847929][ T9183] BTRFS info (device loop4): using sha256 (sha256-lib) checksum algorithm
[  186.851369][ T9183] BTRFS info (device loop4): using free-space-tree
[  187.031271][ T7014] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  187.443704][ T9218] loop4: detected capacity change from 0 to 256
[  187.447543][ T9218] exFAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  187.452283][ T9218] exFAT-fs (loop4): Medium has reported failures. Some data may be lost.
[  187.467823][ T9218] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  187.468957][    T9] usb 3-1: new high-speed USB device number 20 using dummy_hcd
[  187.567607][ T9220] netlink: 9896 bytes leftover after parsing attributes in process `syz.4.1294'.
[  187.630558][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  187.635163][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  187.641741][    T9] usb 3-1: New USB device found, idVendor=054c, idProduct=0268, bcdDevice= 0.00
[  187.645683][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  187.661230][    T9] usb 3-1: config 0 descriptor??
[  188.112207][    T9] sony 0003:054C:0268.000B: hiddev0,hidraw0: USB HID v80.00 Device [HID 054c:0268] on usb-dummy_hcd.2-1/input0
[  188.125980][    T9] sony 0003:054C:0268.000B: failed to claim input
[  188.303374][    T9] usb 3-1: USB disconnect, device number 20
[  188.588912][ T9263] loop4: detected capacity change from 0 to 256
[  188.653131][ T9263] exfat: Deprecated parameter 'utf8'
[  188.731967][ T9263] exfat: Deprecated parameter 'utf8'
[  188.745077][ T9263] exfat: Deprecated parameter 'utf8'
[  188.801113][ T9263] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x743489c8, utbl_chksum : 0xe619d30d)
[  189.475261][ T9288] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1323'.
[  189.577860][   T24] usb 3-1: new full-speed USB device number 21 using dummy_hcd
[  189.610997][ T9292] 9pnet_fd: Insufficient options for proto=fd
[  189.743952][   T24] usb 3-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  189.753718][   T24] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x94, changing to 0x84
[  189.765513][   T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10
[  189.779980][   T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  189.788886][   T24] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  189.802399][   T24] usb 3-1: New USB device found, idVendor=084e, idProduct=1001, bcdDevice=ed.ae
[  189.806087][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  189.816247][   T24] usb 3-1: Product: syz
[  189.822231][   T24] usb 3-1: Manufacturer: syz
[  189.824082][   T24] usb 3-1: SerialNumber: syz
[  189.848360][   T24] usb 3-1: config 0 descriptor??
[  189.862658][   T24] input: KB Gear Tablet as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input10
[  190.078392][   T24] usb 3-1: USB disconnect, device number 21
[  190.216935][ T9302] netlink: 'syz.3.1330': attribute type 2 has an invalid length.
[  190.684368][ T9315] loop2: detected capacity change from 0 to 256
[  190.743257][ T9315] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d)
[  191.041403][ T5858] Bluetooth: hci2: command 0x0406 tx timeout
[  191.387192][    T9] usb 3-1: new high-speed USB device number 22 using dummy_hcd
[  191.544814][    T9] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  191.554808][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  191.558400][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  191.561712][    T9] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  191.565956][    T9] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  191.568750][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  191.583277][    T9] usb 3-1: config 0 descriptor??
[  191.661286][ T5238] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0
[  191.664002][ T5238] Bluetooth: hci1: Injecting HCI hardware error event
[  191.668610][ T5238] Bluetooth: hci1: hardware error 0x00
[  192.010976][    T9] plantronics 0003:047F:FFFF.000C: ignoring exceeding usage max
[  192.064486][    T9] plantronics 0003:047F:FFFF.000C: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  192.996179][ T9340] macsec2: entered promiscuous mode
[  193.736101][ T5238] Bluetooth: hci1: Opcode 0x0c03 failed: -110
[  193.911757][ T9382] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1365'.
[  193.914755][ T9382] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1365'.
[  194.011814][ T9388] syzkaller0: entered promiscuous mode
[  194.014145][ T9388] syzkaller0: entered allmulticast mode
[  194.017360][   T24] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  194.060533][ T1366] ieee802154 phy0 wpan0: encryption failed: -22
[  194.063124][ T1366] ieee802154 phy1 wpan1: encryption failed: -22
[  194.173768][   T24] usb 5-1: Using ep0 maxpacket: 32
[  194.176931][ T5914] usb 3-1: USB disconnect, device number 22
[  194.181061][   T24] usb 5-1: config 0 has an invalid interface number: 223 but max is 0
[  194.184394][   T24] usb 5-1: config 0 has no interface number 0
[  194.189412][   T24] usb 5-1: config 0 interface 223 has no altsetting 0
[  194.199200][   T24] usb 5-1: New USB device found, idVendor=110a, idProduct=1618, bcdDevice=77.8e
[  194.202919][   T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  194.210625][   T24] usb 5-1: Product: syz
[  194.212437][   T24] usb 5-1: Manufacturer: syz
[  194.214423][   T24] usb 5-1: SerialNumber: syz
[  194.226864][   T24] usb 5-1: config 0 descriptor??
[  194.646270][   T24] mxuport 5-1:0.223: mxuport_recv_ctrl_urb - usb_control_msg failed (-71)
[  194.649741][   T24] mxuport 5-1:0.223: probe with driver mxuport failed with error -5
[  194.666116][   T24] usb 5-1: USB disconnect, device number 13
[  196.868110][ T9407] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1377'.
[  196.870983][ T9407] netlink: 'syz.2.1377': attribute type 30 has an invalid length.
[  196.876611][ T9407] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1377'.
[  197.454688][ T9413] loop2: detected capacity change from 0 to 4096
[  198.006112][ T9427] loop2: detected capacity change from 0 to 64
[  198.283718][ T9416] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1380'.
[  198.288447][ T9416] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1380'.
[  198.294874][ T9436] loop2: detected capacity change from 0 to 128
[  198.310379][ T9436] EXT4-fs: Ignoring removed nobh option
[  198.338237][ T9436] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=16, mo=a842c118, mo2=0002]
[  198.341064][ T9436] System zones: 1-3, 19-19, 35-36
[  198.345574][ T9436] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  198.354547][ T9436] ext4 filesystem being mounted at /384/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  199.779878][ T9456] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  199.809154][ T9458] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1397'.
[  199.926385][ T5855] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  200.172159][   T24] usb 5-1: new full-speed USB device number 14 using dummy_hcd
[  200.182714][ T9482] macvlan0: left allmulticast mode
[  200.184857][ T9482] veth1_vlan: left allmulticast mode
[  200.324156][   T24] usb 5-1: config 2 has an invalid interface number: 4 but max is 0
[  200.327373][   T24] usb 5-1: config 2 has no interface number 0
[  200.329858][   T24] usb 5-1: config 2 interface 4 has no altsetting 0
[  200.335055][   T24] usb 5-1: New USB device found, idVendor=0489, idProduct=e027, bcdDevice=93.1d
[  200.338754][   T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  200.342486][   T24] usb 5-1: Product: syz
[  200.344253][   T24] usb 5-1: Manufacturer: syz
[  200.346164][   T24] usb 5-1: SerialNumber: syz
[  200.582457][   T24] usb 5-1: USB disconnect, device number 14
[  202.318429][   T96] usb 3-1: new high-speed USB device number 23 using dummy_hcd
[  202.474745][   T96] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  202.483144][   T96] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 3
[  202.486019][   T96] usb 3-1: New USB device found, idVendor=0489, idProduct=e057, bcdDevice= 0.00
[  202.488836][   T96] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  202.498011][   T96] usb 3-1: config 0 descriptor??
[  202.716712][   T96] Bluetooth: Can't get state to change to load ram patch err
[  202.719888][   T96] Bluetooth: Loading patch file failed
[  202.725229][   T96] ath3k 3-1:0.0: probe with driver ath3k failed with error -71
[  202.729761][   T96] usb 3-1: USB disconnect, device number 23
[  203.778521][ T9583] pimreg3: entered allmulticast mode
[  204.017590][ T9597] netlink: 1 bytes leftover after parsing attributes in process `syz.3.1462'.
[  204.021567][ T9597] netlink: 1 bytes leftover after parsing attributes in process `syz.3.1462'.
[  204.599368][ T9605] loop2: detected capacity change from 0 to 40427
[  204.608525][ T9605] F2FS-fs: heap/no_heap options were deprecated
[  204.614372][ T9605] F2FS-fs (loop2): Insane cp_payload (553648128 >= 504)
[  204.616885][ T9605] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  204.620187][ T9605] F2FS-fs (loop2): build fault injection type: 0x0
[  204.623792][ T9605] F2FS-fs (loop2): invalid crc value
[  204.665097][ T9605] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  204.670951][ T9605] F2FS-fs (loop2): Try to recover 1th superblock, ret: -30
[  204.673725][ T9605] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  204.745216][ T9613] comedi comedi2: fl512: I/O port conflict (0x1009e1,16)
[  204.822771][ T9615] loop4: detected capacity change from 0 to 2048
[  204.850895][ T9615] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  204.876489][ T7014] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  204.929360][ T9619] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  205.598596][ T9625] loop4: detected capacity change from 0 to 40427
[  205.614386][ T9625] F2FS-fs (loop4): invalid crc value
[  205.660661][ T9625] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  205.665412][ T9625] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  205.714738][ T7014] syz-executor: attempt to access beyond end of device
[  205.714738][ T7014] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  205.722540][ T7014] CPU: 0 UID: 0 PID: 7014 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  205.722555][ T7014] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  205.722561][ T7014] Call Trace:
[  205.722564][ T7014]  <TASK>
[  205.722568][ T7014]  dump_stack_lvl+0x189/0x250
[  205.722584][ T7014]  ? __pfx_dump_stack_lvl+0x10/0x10
[  205.722594][ T7014]  ? __pfx_queue_work_on+0x10/0x10
[  205.722603][ T7014]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  205.722614][ T7014]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  205.722629][ T7014]  f2fs_handle_critical_error+0x37c/0x540
[  205.722645][ T7014]  f2fs_write_end_io+0x886/0xb60
[  205.722661][ T7014]  __submit_merged_bio+0x27a/0x6a0
[  205.722675][ T7014]  __submit_merged_write_cond+0x255/0x530
[  205.722689][ T7014]  f2fs_write_data_pages+0x261d/0x3000
[  205.722716][ T7014]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  205.722748][ T7014]  ? ktime_get+0x3e/0x1f0
[  205.722757][ T7014]  ? ktime_get+0x3e/0x1f0
[  205.722767][ T7014]  ? seqcount_lockdep_reader_access+0x15f/0x1c0
[  205.722776][ T7014]  ? __pfx_seqcount_lockdep_reader_access+0x10/0x10
[  205.722791][ T7014]  ? __lock_acquire+0xab9/0xd20
[  205.722807][ T7014]  ? do_raw_spin_lock+0x121/0x290
[  205.722821][ T7014]  ? do_raw_spin_unlock+0x4d/0x240
[  205.722831][ T7014]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  205.722843][ T7014]  do_writepages+0x32e/0x550
[  205.722859][ T7014]  ? do_raw_spin_unlock+0x4d/0x240
[  205.722870][ T7014]  filemap_fdatawrite+0x199/0x240
[  205.722882][ T7014]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  205.722913][ T7014]  ? do_raw_spin_unlock+0x4d/0x240
[  205.722924][ T7014]  f2fs_sync_dirty_inodes+0x31f/0x830
[  205.722939][ T7014]  f2fs_write_checkpoint+0x95a/0x1df0
[  205.722958][ T7014]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  205.723018][ T7014]  ? kill_f2fs_super+0x298/0x6c0
[  205.723028][ T7014]  kill_f2fs_super+0x2c3/0x6c0
[  205.723040][ T7014]  ? __pfx_kill_f2fs_super+0x10/0x10
[  205.723046][ T7014]  ? radix_tree_delete_item+0x2b6/0x400
[  205.723061][ T7014]  ? shrinker_free+0x2ce/0x3e0
[  205.723071][ T7014]  deactivate_locked_super+0xbc/0x130
[  205.723082][ T7014]  cleanup_mnt+0x425/0x4c0
[  205.723092][ T7014]  ? lockdep_hardirqs_on+0x9c/0x150
[  205.723104][ T7014]  task_work_run+0x1d4/0x260
[  205.723116][ T7014]  ? __pfx_task_work_run+0x10/0x10
[  205.723125][ T7014]  ? __x64_sys_umount+0x122/0x160
[  205.723138][ T7014]  ? exit_to_user_mode_loop+0x40/0x110
[  205.723151][ T7014]  exit_to_user_mode_loop+0xec/0x110
[  205.723162][ T7014]  do_syscall_64+0x2bd/0x3b0
[  205.723173][ T7014]  ? lockdep_hardirqs_on+0x9c/0x150
[  205.723183][ T7014]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  205.723191][ T7014]  ? exc_page_fault+0x9f/0xf0
[  205.723202][ T7014]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  205.723209][ T7014] RIP: 0033:0x7f5c5ad8ff17
[  205.723218][ T7014] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  205.723227][ T7014] RSP: 002b:00007ffc9ba05478 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  205.723237][ T7014] RAX: 0000000000000000 RBX: 00007f5c5ae11c05 RCX: 00007f5c5ad8ff17
[  205.723243][ T7014] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc9ba05530
[  205.723247][ T7014] RBP: 00007ffc9ba05530 R08: 0000000000000000 R09: 0000000000000000
[  205.723252][ T7014] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc9ba065c0
[  205.723260][ T7014] R13: 00007f5c5ae11c05 R14: 000000000003232a R15: 00007ffc9ba06600
[  205.723281][ T7014]  </TASK>
[  205.723286][ T7014] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  206.044572][ T9642] loop2: detected capacity change from 0 to 256
[  206.072304][ T9642] exfat: Deprecated parameter 'namecase'
[  206.103598][ T9642] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x1a9973fb, utbl_chksum : 0xe619d30d)
[  206.296326][ T9655] loop2: detected capacity change from 0 to 1024
[  206.304590][ T9655] EXT4-fs: Ignoring removed bh option
[  206.318775][ T9655] EXT4-fs: inline encryption not supported
[  206.330873][ T9655] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  206.350714][ T9655] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000]
[  206.376260][ T9655] EXT4-fs error (device loop2): ext4_map_blocks:778: inode #3: block 2: comm syz.2.1486: lblock 2 mapped to illegal pblock 2 (length 1)
[  206.390106][ T9655] Quota error (device loop2): qtree_write_dquot: dquota write failed
[  206.393121][ T9655] EXT4-fs error (device loop2): ext4_map_blocks:778: inode #3: block 48: comm syz.2.1486: lblock 0 mapped to illegal pblock 48 (length 1)
[  206.420874][ T9655] Quota error (device loop2): v2_write_file_info: Can't write info structure
[  206.425029][ T9655] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.1486: Failed to acquire dquot type 0
[  206.434881][ T9655] EXT4-fs error (device loop2) in ext4_reserve_inode_write:6334: Corrupt filesystem
[  206.446241][ T9655] EXT4-fs error (device loop2): ext4_evict_inode:254: inode #11: comm syz.2.1486: mark_inode_dirty error
[  206.452088][ T9655] EXT4-fs warning (device loop2): ext4_evict_inode:257: couldn't mark inode dirty (err -117)
[  206.459309][ T9655] EXT4-fs (loop2): 1 orphan inode deleted
[  206.463225][ T9655] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  206.470763][ T1090] EXT4-fs error (device loop2): ext4_map_blocks:778: inode #3: block 1: comm kworker/u9:4: lblock 1 mapped to illegal pblock 1 (length 1)
[  206.482714][ T1090] Quota error (device loop2): remove_tree: Can't read quota data block 1
[  206.486345][ T1090] EXT4-fs error (device loop2): ext4_release_dquot:6969: comm kworker/u9:4: Failed to release dquot type 0
[  206.499992][ T9655] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  206.534225][ T5855] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  206.695324][ T9662] loop4: detected capacity change from 0 to 32768
[  206.744600][ T9662] XFS (loop4): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  206.771156][ T9662] XFS (loop4): Ending clean mount
[  207.565739][ T7014] XFS (loop4): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  208.285169][ T9690] loop4: detected capacity change from 0 to 32768
[  208.302021][ T9690] XFS (loop4): logbuf size must be greater than or equal to log stripe size
[  209.640840][ T9713] loop4: detected capacity change from 0 to 4096
[  209.645775][ T9713] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512).
[  209.673072][   T33] audit: type=1800 audit(1755628264.488:20): pid=9713 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1506" name="file1" dev="loop4" ino=30 res=0 errno=0
[  211.246827][   T24] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  211.406757][   T24] usb 5-1: Using ep0 maxpacket: 16
[  211.410409][   T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  211.413788][   T24] usb 5-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  211.417042][   T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  211.423265][   T24] usb 5-1: config 0 descriptor??
[  211.486834][ T5238] Bluetooth: hci3: command 0x0406 tx timeout
[  211.839067][   T24] mcp2221 0003:04D8:00DD.000D: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.4-1/input0
[  212.242185][  T794] usb 5-1: USB disconnect, device number 15
[  213.086364][ T5880] usb 5-1: new low-speed USB device number 16 using dummy_hcd
[  213.257836][ T5880] usb 5-1: config 4 has an invalid interface number: 19 but max is 0
[  213.260897][ T5880] usb 5-1: config 4 has no interface number 0
[  213.262857][ T5880] usb 5-1: config 4 interface 19 altsetting 8 endpoint 0x5 is Bulk; changing to Interrupt
[  213.265950][ T5880] usb 5-1: config 4 interface 19 has no altsetting 0
[  213.268844][ T5880] usb 5-1: New USB device found, idVendor=19d2, idProduct=ff42, bcdDevice=b8.2c
[  213.272718][ T5880] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  213.279711][ T9740] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  213.489785][ T5880] usb 5-1: string descriptor 0 read error: -71
[  213.494802][ T5880] option 5-1:4.19: GSM modem (1-port) converter detected
[  213.502127][ T5880] usb 5-1: USB disconnect, device number 16
[  213.505045][ T5880] option 5-1:4.19: device disconnected
[  214.275087][  T794] usb 5-1: new full-speed USB device number 17 using dummy_hcd
[  214.427069][  T794] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  214.431094][  T794] usb 5-1: New USB device found, idVendor=20d6, idProduct=cb17, bcdDevice= 0.00
[  214.434476][  T794] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  214.440941][  T794] usb 5-1: config 0 descriptor??
[  214.443602][ T9742] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  214.651625][  T794] usbhid 5-1:0.0: can't add hid device: -71
[  214.653872][  T794] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  214.659767][  T794] usb 5-1: USB disconnect, device number 17
[  215.695459][ T9750] loop4: detected capacity change from 0 to 32768
[  215.710891][ T9750] XFS (loop4): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  215.748185][ T9750] XFS (loop4): Corruption warning: Metadata has LSN (1024:16) ahead of current LSN (1:80). Please unmount and run xfs_repair (>= v4.3) to resolve.
[  215.753926][ T9750] XFS (loop4): Metadata CRC error detected at xfs_inobt_read_verify+0x42/0xe0, xfs_inobt block 0xc 
[  215.758037][ T9750] XFS (loop4): Unmount and run xfs_repair
[  215.760167][ T9750] XFS (loop4): First 128 bytes of corrupted metadata buffer:
[  215.762867][ T9750] 00000000: 49 41 42 33 00 00 00 01 ff ff ff ff ff ff ff ff  IAB3............
[  215.766118][ T9750] 00000010: 00 00 00 00 00 00 00 0c 00 00 04 00 00 00 00 10  ................
[  215.769343][ T9750] 00000020: d7 dc 42 4e 79 90 42 cb 9f 91 9c b7 20 0a 10 1d  ..BNy.B..... ...
[  215.772669][ T9750] 00000030: 00 00 00 00 4a d4 d4 6c 00 00 18 00 00 00 40 37  ....J..l......@7
[  215.776135][ T9750] 00000040: ff ff ff ff ff ff fe 00 00 00 00 00 00 00 00 00  ................
[  215.779334][ T9750] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  215.782551][ T9750] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  215.785864][ T9750] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  215.789317][ T9750] XFS (loop4): metadata I/O error in "xfs_btree_read_buf_block+0x290/0x470" at daddr 0xc len 4 error 74
[  215.793430][ T9750] XFS (loop4): Failed to read root inode 0x1800, error 117
[  215.796613][ T9750] XFS (loop4): Uncorrected metadata errors detected; please run xfs_repair.
[  216.244432][  T794] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[  216.404530][  T794] usb 5-1: Using ep0 maxpacket: 16
[  216.408652][  T794] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  216.412332][  T794] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  216.418281][  T794] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  216.421575][  T794] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  216.426643][  T794] usb 5-1: Product: syz
[  216.428279][  T794] usb 5-1: Manufacturer: syz
[  216.430059][  T794] usb 5-1: SerialNumber: syz
[  216.434904][  T794] usb 5-1: config 0 descriptor??
[  216.649038][   T24] usb 5-1: USB disconnect, device number 18
[  218.591151][ T9775] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1531'.
[  218.595175][ T9775] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1531'.
[  219.730721][ T9789] loop4: detected capacity change from 0 to 32768
[  219.759344][ T9789] XFS (loop4): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  219.775906][ T9789] XFS (loop4): Ending clean mount
[  219.784061][ T9789] XFS (loop4): Quotacheck needed: Please wait.
[  219.819771][ T9789] XFS (loop4): Quotacheck: Done.
[  219.872545][ T7014] XFS (loop4): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  220.094792][ T9802] loop4: detected capacity change from 0 to 4096
[  220.101184][ T9802] ntfs3(loop4): Different NTFS sector size (2048) and media sector size (512).
[  220.289700][ T9806] loop4: detected capacity change from 0 to 1024
[  220.345681][ T5238] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  220.353261][ T5238] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  220.364073][ T5238] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  220.368324][ T5238] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  220.377136][ T5238] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  220.577913][ T9807] chnl_net:caif_netlink_parms(): no params data found
[  220.735102][ T9807] bridge0: port 1(bridge_slave_0) entered blocking state
[  220.737496][ T9807] bridge0: port 1(bridge_slave_0) entered disabled state
[  220.740557][ T9807] bridge_slave_0: entered allmulticast mode
[  220.755739][ T9807] bridge_slave_0: entered promiscuous mode
[  220.763809][ T9807] bridge0: port 2(bridge_slave_1) entered blocking state
[  220.766763][ T9807] bridge0: port 2(bridge_slave_1) entered disabled state
[  220.769726][ T9807] bridge_slave_1: entered allmulticast mode
[  220.774132][ T9807] bridge_slave_1: entered promiscuous mode
[  220.816834][ T9807] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  220.823915][ T9807] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  220.870871][ T9807] team0: Port device team_slave_0 added
[  220.880370][ T9807] team0: Port device team_slave_1 added
[  220.920627][ T9807] batman_adv: batadv0: Adding interface: batadv_slave_0
[  220.925482][ T9807] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  220.938301][ T9807] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  220.945562][ T9807] batman_adv: batadv0: Adding interface: batadv_slave_1
[  220.948327][ T9807] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  220.958648][ T9807] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  220.979384][ T9826] loop4: detected capacity change from 0 to 32768
[  220.984607][ T9826] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.1549 (9826)
[  221.004291][ T9826] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  221.008324][ T9826] BTRFS info (device loop4): using sha256 (sha256-lib) checksum algorithm
[  221.017471][ T9826] BTRFS info (device loop4): using free-space-tree
[  221.023228][ T9807] hsr_slave_0: entered promiscuous mode
[  221.026336][ T9807] hsr_slave_1: entered promiscuous mode
[  221.029079][ T9807] debugfs: 'hsr0' already exists in 'hsr'
[  221.031234][ T9807] Cannot create hsr debugfs directory
[  221.124047][ T9826] BTRFS info (device loop4): rebuilding free space tree
[  221.303765][   T12] BTRFS info (device loop4): qgroup scan completed (inconsistency flag cleared)
[  221.382637][ T9807] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  221.396871][ T9807] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  221.415675][ T9807] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  221.419670][ T7014] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  221.430069][ T9807] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  221.557089][ T9807] bridge0: port 2(bridge_slave_1) entered blocking state
[  221.560112][ T9807] bridge0: port 2(bridge_slave_1) entered forwarding state
[  221.563383][ T9807] bridge0: port 1(bridge_slave_0) entered blocking state
[  221.566382][ T9807] bridge0: port 1(bridge_slave_0) entered forwarding state
[  221.571924][   T34] INFO: task syz-executor:5849 blocked for more than 143 seconds.
[  221.574978][   T34]       Not tainted syzkaller #0
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  221.591988][   T34] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  221.601375][   T34] task:syz-executor    state:D stack:20504 pid:5849  tgid:5849  ppid:1      task_flags:0x400140 flags:0x00004004
[  221.631440][   T34] Call Trace:
[  221.632818][   T34]  <TASK>
[  221.634047][   T34]  __schedule+0x1798/0x4cc0
[  221.635756][   T34]  ? do_raw_spin_lock+0x121/0x290
[  221.637336][   T34]  ? __lock_acquire+0xab9/0xd20
[  221.638827][   T34]  ? __pfx___schedule+0x10/0x10
[  221.640647][   T34]  ? schedule+0x91/0x360
[  221.648911][   T34]  schedule+0x165/0x360
[  221.650331][   T34]  v9fs_evict_inode+0x170/0x320
[  221.660989][   T34]  ? __pfx_v9fs_evict_inode+0x10/0x10
[  221.663525][   T34]  ? __pfx_var_wake_function+0x10/0x10
[  221.665263][   T34]  ? do_raw_spin_unlock+0x4d/0x240
[  221.666933][   T34]  ? __pfx_v9fs_evict_inode+0x10/0x10
[  221.668730][   T34]  evict+0x504/0x9c0
[  221.669963][   T34]  ? __pfx_evict+0x10/0x10
[  221.671724][   T34]  ? do_raw_spin_unlock+0x4d/0x240
[  221.673608][   T34]  ? _raw_spin_unlock+0x28/0x50
[  221.675291][   T34]  ? iput+0x6d8/0x9d0
[  221.676561][   T34]  __dentry_kill+0x209/0x660
[  221.678023][   T34]  ? dput+0x37/0x2b0
[  221.679867][   T34]  dput+0x19f/0x2b0
[  221.681160][   T34]  shrink_dcache_for_umount+0xa0/0x170
[  221.684259][   T34]  generic_shutdown_super+0x67/0x2c0
[  221.686023][   T34]  kill_anon_super+0x3b/0x70
[  221.687460][   T34]  v9fs_kill_super+0x4c/0x90
[  221.688923][   T34]  deactivate_locked_super+0xbc/0x130
[  221.690543][   T34]  cleanup_mnt+0x425/0x4c0
[  221.692380][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  221.695388][   T34]  task_work_run+0x1d4/0x260
[  221.696784][   T34]  ? __pfx_task_work_run+0x10/0x10
[  221.698422][   T34]  ? __x64_sys_umount+0x122/0x160
[  221.699939][   T34]  ? exit_to_user_mode_loop+0x40/0x110
[  221.702615][   T34]  exit_to_user_mode_loop+0xec/0x110
[  221.704339][   T34]  do_syscall_64+0x2bd/0x3b0
[  221.705898][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  221.707606][   T34]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  221.709570][   T34]  ? exc_page_fault+0x9f/0xf0
[  221.711079][   T34]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  221.713526][   T34] RIP: 0033:0x7f0ebf38ff17
[  221.714984][   T34] RSP: 002b:00007ffd1a634078 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  221.717706][   T34] RAX: 0000000000000000 RBX: 00007f0ebf411c05 RCX: 00007f0ebf38ff17
[  221.720133][   T34] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd1a634130
[  221.726142][   T34] RBP: 00007ffd1a634130 R08: 0000000000000000 R09: 0000000000000000
[  221.729241][   T34] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd1a6351c0
[  221.731985][   T34] R13: 00007f0ebf411c05 R14: 0000000000011cbc R15: 00007ffd1a635200
[  221.734741][   T34]  </TASK>
[  221.745614][   T34] 
[  221.745614][   T34] Showing all locks held in the system:
[  221.748169][   T34] 1 lock held by rcu_exp_gp_kthr/18:
[  221.749066][   T26] bridge0: port 1(bridge_slave_0) entered disabled state
[  221.750017][   T34] 3 locks held by kworker/1:0/24:
[  221.754954][   T34]  #0: ffff88801a480d48 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  221.758299][   T34]  #1: ffffc900001c7bc0 (deferred_process_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  221.766371][   T34]  #2: ffffffff8f537c88 (rtnl_mutex){+.+.}-{4:4}, at: switchdev_deferred_process_work+0xe/0x20
[  221.769536][   T34] 4 locks held by kworker/u9:0/26:
[  221.771132][   T34]  #0: ffff88801a489148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  221.775102][   T34]  #1: ffffc900001efbc0 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  221.778570][   T34]  #2: ffffffff8f537c88 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0xe/0x60
[  221.781670][   T34]  #3: ffffffff8e13f938 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x3b9/0x730
[  221.785626][   T34] 1 lock held by khungtaskd/34:
[  221.787090][   T34]  #0: ffffffff8e139ea0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[  221.790148][   T34] 3 locks held by kworker/0:2/794:
[  221.792618][   T34]  #0: ffff88801a480d48 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  221.796031][   T34]  #1: ffffc9000481fbc0 ((work_completion)(&data->fib_event_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  221.799914][   T34]  #2: ffff88802bb46240 (&data->fib_lock){+.+.}-{4:4}, at: nsim_fib_event_work+0x26b/0x3180
[  221.803465][   T34] 1 lock held by syslogd/5280:
[  221.805275][   T34]  #0: ffff88804b039f98 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140
[  221.808257][   T34] 2 locks held by getty/5679:
[  221.809759][   T34]  #0: ffff88801f51d0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  221.813439][   T34]  #1: ffffc900029062f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400
[  221.816652][   T34] 3 locks held by kworker/u8:2/5717:
[  221.818237][   T34]  #0: ffff88810834b948 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  221.822038][   T34]  #1: ffffc90002e9fbc0 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  221.826596][   T34]  #2: ffffffff8f537c88 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_dad_work+0x112/0x14b0
[  221.829766][   T34] 1 lock held by syz-executor/5849:
[  221.834238][   T34]  #0: ffff88803317e0e0 (&type->s_umount_key#59){++++}-{4:4}, at: deactivate_super+0xa9/0xe0
[  221.838282][   T34] 1 lock held by syz.3.1477/9629:
[  221.840177][   T34]  #0: ffff88803317e0e0 (&type->s_umount_key#59){++++}-{4:4}, at: super_lock+0x2a9/0x3b0
[  221.843900][   T34] 1 lock held by syz.2.1497/9685:
[  221.845471][   T34]  #0: ffff88803317e0e0 (&type->s_umount_key#59){++++}-{4:4}, at: super_lock+0x2a9/0x3b0
[  221.848445][   T34] 1 lock held by syz-executor/9807:
[  221.850033][   T34]  #0: ffffffff8f537c88 (rtnl_mutex){+.+.}-{4:4}, at: inet6_rtm_newaddr+0x5b7/0xd20
[  221.853459][   T34] 1 lock held by syz.4.1550/9849:
[  221.855135][   T34]  #0: ffffffff8e13f938 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x3b9/0x730
[  221.858337][   T34] 
[  221.870579][   T34] =============================================
[  221.870579][   T34] 
[  221.873845][   T34] NMI backtrace for cpu 1
[  221.873861][   T34] CPU: 1 UID: 0 PID: 34 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
[  221.873877][   T34] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  221.873886][   T34] Call Trace:
[  221.873892][   T34]  <TASK>
[  221.873900][   T34]  dump_stack_lvl+0x189/0x250
[  221.873922][   T34]  ? __pfx_dump_stack_lvl+0x10/0x10
[  221.873939][   T34]  ? __pfx__printk+0x10/0x10
[  221.873967][   T34]  nmi_cpu_backtrace+0x39e/0x3d0
[  221.873985][   T34]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  221.874003][   T34]  ? __pfx__printk+0x10/0x10
[  221.874024][   T34]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  221.874047][   T34]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[  221.874065][   T34]  watchdog+0xf93/0xfe0
[  221.874088][   T34]  ? watchdog+0x1de/0xfe0
[  221.874111][   T34]  kthread+0x711/0x8a0
[  221.874131][   T34]  ? __pfx_watchdog+0x10/0x10
[  221.874149][   T34]  ? __pfx_kthread+0x10/0x10
[  221.874167][   T34]  ? _raw_spin_unlock_irq+0x23/0x50
[  221.874184][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  221.874200][   T34]  ? __pfx_kthread+0x10/0x10
[  221.874218][   T34]  ret_from_fork+0x3fc/0x770
[  221.874234][   T34]  ? __pfx_ret_from_fork+0x10/0x10
[  221.874252][   T34]  ? __switch_to_asm+0x39/0x70
[  221.874269][   T34]  ? __switch_to_asm+0x33/0x70
[  221.874285][   T34]  ? __pfx_kthread+0x10/0x10
[  221.874302][   T34]  ret_from_fork_asm+0x1a/0x30
[  221.874331][   T34]  </TASK>
[  221.874337][   T34] Sending NMI from CPU 1 to CPUs 0:
[  221.934193][    C0] NMI backtrace for cpu 0
[  221.934209][    C0] CPU: 0 UID: 0 PID: 9849 Comm: syz.4.1550 Not tainted syzkaller #0 PREEMPT(full) 
[  221.934224][    C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  221.934233][    C0] RIP: 0010:unwind_next_frame+0x34e/0x2390
[  221.934252][    C0] Code: 8f 0f 83 48 11 00 00 48 c7 c0 9c 76 b1 8f 49 29 c5 48 c7 c6 e4 7b 2a 90 49 c1 fd 02 4a 8d 14 6d 00 00 00 00 4c 01 ea 48 01 d2 <48> 01 f2 48 bd 00 00 00 00 00 fc ff df 0f 84 37 01 00 00 4c 8d 62
[  221.934263][    C0] RSP: 0018:ffffc90008b2f538 EFLAGS: 00000246
[  221.934275][    C0] RAX: ffffffff8fbf4a98 RBX: ffffffff8fbf4a9c RCX: ffffffff8fbf4aa0
[  221.934284][    C0] RDX: 0000000000000000 RSI: ffffffff903f39e4 RDI: ffffffff8be332a0
[  221.934293][    C0] RBP: ffffffff8fbf4aa0 R08: 0000000000000001 R09: ffffffff8172c195
[  221.934301][    C0] R10: ffffc90008b2f658 R11: ffffffff81ac3910 R12: ffffffff82128da9
[  221.934310][    C0] R13: 0000000000000000 R14: ffffc90008b2f608 R15: ffffffff8fbf4a9c
[  221.934319][    C0] FS:  0000555593b92500(0000) GS:ffff8880b861c000(0000) knlGS:0000000000000000
[  221.934329][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  221.934338][    C0] CR2: 00007f6f51887e20 CR3: 0000000020cd2000 CR4: 00000000000006f0
[  221.934367][    C0] Call Trace:
[  221.934373][    C0]  <TASK>
[  221.934381][    C0]  ? unwind_next_frame+0xa5/0x2390
[  221.934395][    C0]  ? vfree+0x25a/0x400
[  221.934412][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  221.934427][    C0]  arch_stack_walk+0x11c/0x150
[  221.934443][    C0]  ? vfree+0x25a/0x400
[  221.934459][    C0]  stack_trace_save+0x9c/0xe0
[  221.934472][    C0]  ? __pfx_stack_trace_save+0x10/0x10
[  221.934533][    C0]  save_stack+0xf5/0x1f0
[  221.934549][    C0]  ? __pfx_save_stack+0x10/0x10
[  221.934563][    C0]  ? __free_frozen_pages+0xbc4/0xd30
[  221.934579][    C0]  ? vfree+0x25a/0x400
[  221.934598][    C0]  __reset_page_owner+0x71/0x1f0
[  221.934612][    C0]  __free_frozen_pages+0xbc4/0xd30
[  221.934632][    C0]  vfree+0x25a/0x400
[  221.934647][    C0]  ? __pfx_kcov_close+0x10/0x10
[  221.934663][    C0]  kcov_close+0x28/0x50
[  221.934677][    C0]  __fput+0x44c/0xa70
[  221.934694][    C0]  task_work_run+0x1d4/0x260
[  221.934711][    C0]  ? __pfx_task_work_run+0x10/0x10
[  221.934727][    C0]  ? kmem_cache_free+0x18f/0x400
[  221.934745][    C0]  do_exit+0x6b5/0x2300
[  221.934762][    C0]  ? do_raw_spin_lock+0x121/0x290
[  221.934778][    C0]  ? __pfx_do_exit+0x10/0x10
[  221.934791][    C0]  ? cgroup_freezing+0x20/0x350
[  221.934812][    C0]  do_group_exit+0x21c/0x2d0
[  221.934827][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[  221.934844][    C0]  get_signal+0x1286/0x1340
[  221.934863][    C0]  arch_do_signal_or_restart+0x9a/0x750
[  221.934881][    C0]  ? kvm_clock_get_cycles+0x47/0x60
[  221.934900][    C0]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  221.934923][    C0]  ? exit_to_user_mode_loop+0x40/0x110
[  221.934941][    C0]  exit_to_user_mode_loop+0x75/0x110
[  221.934957][    C0]  do_syscall_64+0x2bd/0x3b0
[  221.934973][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[  221.934988][    C0]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  221.935001][    C0]  ? exc_page_fault+0x9f/0xf0
[  221.935016][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  221.935027][    C0] RIP: 0033:0x7f5c5ad8ebe9
[  221.935038][    C0] Code: Unable to access opcode bytes at 0x7f5c5ad8ebbf.
[  221.935044][    C0] RSP: 002b:00007ffc9ba06348 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  221.935057][    C0] RAX: fffffffffffffdfc RBX: 00000000000361ad RCX: 00007f5c5ad8ebe9
[  221.935065][    C0] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f5c5afb5fac
[  221.935073][    C0] RBP: 0000000000000032 R08: 7fffffffffffffff R09: 000000019ba0663f
[  221.935097][    C0] R10: 00007ffc9ba06440 R11: 0000000000000246 R12: 00007f5c5afb5fac
[  221.935106][    C0] R13: 00007ffc9ba06440 R14: 00000000000361df R15: 00007ffc9ba06460
[  221.935120][    C0]  </TASK>
[  222.065374][   T26] bridge0: port 2(bridge_slave_1) entered disabled state
[  222.067098][   T34] Kernel panic - not syncing: hung_task: blocked tasks
[  222.067115][   T34] CPU: 1 UID: 0 PID: 34 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
[  222.067133][   T34] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  222.067144][   T34] Call Trace:
[  222.067152][   T34]  <TASK>
[  222.067160][   T34]  dump_stack_lvl+0x99/0x250
[  222.067185][   T34]  ? __asan_memcpy+0x40/0x70
[  222.067203][   T34]  ? __pfx_dump_stack_lvl+0x10/0x10
[  222.067220][   T34]  ? __pfx__printk+0x10/0x10
[  222.067250][   T34]  vpanic+0x281/0x750
[  222.067270][   T34]  ? __pfx_vpanic+0x10/0x10
[  222.067285][   T34]  ? __x2apic_send_IPI_mask+0x1e4/0x260
[  222.067306][   T34]  ? preempt_schedule+0xae/0xc0
[  222.067327][   T34]  ? preempt_schedule_common+0x83/0xd0
[  222.067350][   T34]  panic+0xb9/0xc0
[  222.067367][   T34]  ? __pfx_panic+0x10/0x10
[  222.067385][   T34]  ? preempt_schedule_thunk+0x16/0x30
[  222.067411][   T34]  ? nmi_trigger_cpumask_backtrace+0x2bb/0x300
[  222.067431][   T34]  watchdog+0xfd2/0xfe0
[  222.067456][   T34]  ? watchdog+0x1de/0xfe0
[  222.067508][   T34]  kthread+0x711/0x8a0
[  222.067528][   T34]  ? __pfx_watchdog+0x10/0x10
[  222.067547][   T34]  ? __pfx_kthread+0x10/0x10
[  222.067566][   T34]  ? _raw_spin_unlock_irq+0x23/0x50
[  222.067585][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  222.067603][   T34]  ? __pfx_kthread+0x10/0x10
[  222.067622][   T34]  ret_from_fork+0x3fc/0x770
[  222.067639][   T34]  ? __pfx_ret_from_fork+0x10/0x10
[  222.067660][   T34]  ? __switch_to_asm+0x39/0x70
[  222.067678][   T34]  ? __switch_to_asm+0x33/0x70
[  222.067695][   T34]  ? __pfx_kthread+0x10/0x10
[  222.067714][   T34]  ret_from_fork_asm+0x1a/0x30
[  222.067743][   T34]  </TASK>
[  222.068698][   T34] Kernel Offset: disabled

VM DIAGNOSIS:
18:26:59  Registers:
info registers vcpu 0

CPU#0
RAX=1ffffffff1b7bda2 RBX=0000000000000000 RCX=3063ffd5d662dd00 RDX=0000000000000000
RSI=ffffffff8be332e0 RDI=ffffffff8be332a0 RBP=ffffc900037ef410 RSP=ffffc900037ef348
R8 =ffffffff8fa37e37 R9 =1ffffffff1f46fc6 R10=dffffc0000000000 R11=fffffbfff1f46fc7
R12=dffffc0000000000 R13=ffff888011271000 R14=ffffffff8dbded10 R15=dffffc0000000000
RIP=ffffffff81a65e5a RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000555593b92500 ffffffff 00c00000
GS =0000 ffff8880b861c000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000555593bb5608 CR3=0000000024dda000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=000000ff00000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=00ff000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=0000000000000000 0000000000000000 XMM05=0000000000000000 0000000000000000
XMM06=0000000000000000 0000000000000000 XMM07=0000000000000000 0000000000000000
XMM08=0000000000000000 0000000000000000 XMM09=0000000000000000 0000000000000000
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=1ffff9200087df3b RBX=ffffc900043ef9c0 RCX=0000000000000000 RDX=ffffffff9041c3c2
RSI=0000000000000000 RDI=ffffc900043ef9e8 RBP=dffffc0000000000 RSP=ffffc900043ef8b8
R8 =ffffc900043ef9e7 R9 =0000000000000000 R10=ffffc900043ef9d8 R11=fffff5200087df3d
R12=ffffc900043efef0 R13=ffffc900043ef9d8 R14=ffffc900043ef988 R15=1ffffffff2083878
RIP=ffffffff8172d2af RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f5b4c2b9c80 ffffffff 00c00000
GS =0000 ffff8881a3c1c000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00005617157c90e0 CR3=00000000230d2000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=ffffffff00000000 0000000000000000
XMM02=ffff000000000000 ffffffffffffff00 XMM03=00000000000000ff ffffffffffffffff
XMM04=0000000000000000 0000000000000000 XMM05=382d633737342d65 3739322d61373666
XMM06=653539336632785c 646975752d796266 XMM07=32785c6b73696466 32785c2f736b6e69
XMM08=00000000ffffffff ffffffffffffffff XMM09=6666786300000000 343a37622f643565
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
