last executing test programs:

12.328385838s ago: executing program 1 (id=1064):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)=@newtaction={0x60, 0x30, 0x871a15abc695fb3d, 0x0, 0x0, {}, [{0x4c, 0x1, [@m_ctinfo={0x48, 0x1, 0x0, 0x0, {{0xb}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CTINFO_ACT={0x18, 0x3, {0x5, 0x3003, 0x3, 0x9, 0x8}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}]}]}, 0x60}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[], 0xa0}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
r0 = socket(0x10, 0x3, 0x0)
sendmmsg(r0, &(0x7f0000000000), 0x4000000000001f2, 0x0)

12.103267217s ago: executing program 1 (id=1068):
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000240)='/proc/vmstat\x00', 0x0, 0x0)
r1 = syz_io_uring_setup(0x49d, &(0x7f0000000080)={0x0, 0x79ae, 0x400, 0x0, 0x32f}, &(0x7f00000004c0)=<r2=>0x0, &(0x7f00000003c0)=<r3=>0x0)
syz_io_uring_submit(r2, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x40, 0x6000, @fd=r0, 0x6, &(0x7f0000000580)=""/207, 0xcf, 0x2, 0x1})
io_uring_enter(r1, 0xfd0, 0xced0, 0x8, 0x0, 0xffffff86)

11.872331367s ago: executing program 1 (id=1072):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000900)=[@in={0x2, 0x4e23, @loopback}, @in6={0xa, 0x0, 0x0, @loopback, 0x7ff}], 0x2c)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000280)=[@in6={0xa, 0x4e23, 0x0, @loopback, 0x7}], 0x1c)

11.53628441s ago: executing program 1 (id=1074):
r0 = getpid()
r1 = syz_pidfd_open(r0, 0x0)
setns(r1, 0x24020000)
umount2(&(0x7f00000000c0)='.\x00', 0x0)

11.285167402s ago: executing program 1 (id=1078):
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200130002eb0e00000000000000000105000600200000000a00000040010000000500e50000070000001f00001a000000030000a95a6e870200010000e9ff070040000200000000050005000000cc580a"], 0x80}}, 0x0)
sendmmsg(r0, &(0x7f0000000180), 0x400008a, 0x0)

10.708441996s ago: executing program 1 (id=1083):
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r0, &(0x7f0000000000), 0x10)
sendmsg$can_bcm(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000380)=ANY=[@ANYBLOB="05"], 0x48}}, 0x0)
sendmsg$can_bcm(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)=ANY=[@ANYBLOB="0500000003"], 0x48}}, 0x0)

5.856378789s ago: executing program 2 (id=1112):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94)
r0 = openat$ptp0(0xffffffffffffff9c, &(0x7f00000002c0), 0x800, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xdc}}, 0x0)
ioctl$PTP_EXTTS_REQUEST2(r0, 0x40603d10, &(0x7f0000000040))

5.799518546s ago: executing program 3 (id=1113):
sched_setscheduler(0x0, 0x2, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r0 = getpid()
process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)

5.596217102s ago: executing program 2 (id=1115):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
fchmod(0xffffffffffffffff, 0x0)

4.372504789s ago: executing program 2 (id=1121):
r0 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000340), 0x129202, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000040))
ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f00000000c0)=0x2000)
write$binfmt_elf32(r0, 0x0, 0x4cd)

4.220454218s ago: executing program 3 (id=1122):
r0 = syz_open_dev$video(&(0x7f00000000c0), 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='pagemap\x00')
pread64(r1, &(0x7f0000001240)=""/102400, 0x19000, 0x1000000000)
ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f0000001400)={0xa, @vbi={0x0, 0x0, 0x34565348, 0x0, [0x2], [0x0, 0xf]}})

4.067803258s ago: executing program 2 (id=1123):
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=ANY=[@ANYBLOB="4000000010001fff000000000000000000060000", @ANYRES32=0x0, @ANYBLOB="0000000000000000180012800e0001007769726567756172640000000400028008000a00b8"], 0x40}}, 0x0)

3.932467685s ago: executing program 3 (id=1125):
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2e, &(0x7f0000000180)=0x7b, 0x4)
shutdown(r0, 0x0)
recvmmsg(r0, &(0x7f00000066c0), 0xa0d, 0x0, 0x0)

3.66449314s ago: executing program 3 (id=1127):
r0 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'netdevsim0\x00', <r1=>0x0})
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000005a40)=ANY=[@ANYBLOB="b400000010000904000000000000000000002200", @ANYRES32=0x0, @ANYBLOB="fffffffed9526cfd8400128009000100766c616e000000007400028006000100000600000c000200367da1650e000000280003800c00010001800000002000000c000100a1000000c84200000c0001000800000008000000340004800c00010006000000ff0300000c00010004000000080000000c00010004000000020000000c000100050000000300000008000500", @ANYRES32=r1, @ANYBLOB='\b\x00\n\x00', @ANYRESOCT], 0xb4}}, 0x0)

3.073447985s ago: executing program 0 (id=1131):
capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000040)={0x0, 0xbab5, 0x0, 0x4, 0xffffffff})
chdir(&(0x7f0000000480)='./cgroup\x00')
fchmodat(0xffffffffffffff9c, &(0x7f0000000300)='.\x00', 0xffffff70)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)

2.927472644s ago: executing program 0 (id=1133):
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10)
syz_emit_ethernet(0x46, &(0x7f0000000000)={@multicast, @remote, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x1, 0x38, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}, @local}, @time_exceeded={0x3, 0x0, 0x0, 0x12, 0x0, 0x3f18, {0x5, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @loopback, @loopback}, "00186371ae9b1c03"}}}}}, 0x0)

2.785904393s ago: executing program 0 (id=1135):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bond0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000000c0)=@newlink={0x44, 0x10, 0x403, 0x4, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20101}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @ipvlan={{0xb}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r2}, @IFLA_NUM_TX_QUEUES={0x8, 0x1f, 0x8}]}, 0x44}, 0x1, 0xba01}, 0x8d0)

2.484414001s ago: executing program 4 (id=1137):
syz_mount_image$exfat(&(0x7f0000000340), &(0x7f0000000080)='./file0\x00', 0x1000000, &(0x7f0000000380)=ANY=[@ANYBLOB="646d61736b3d30303030303030303030303030303030303030303030372c666d61736b3d30303030303030303030303030303030303030303030322c696f636861727365743d69736f383835392d31332c616c6c6f775f7574696d653d30303030303030303030303030303030303030303030312c646d61736b3d30303030303030303030303030303337313630373234312c696f636861727365743d63703933322c6572726f72733d72656d6f756e742d726f2c666d61736b3d30303030303030303030303030303030303030303030352c756d61736b3d30303030303030303030303030303030303030303030362c696f636861727365743d63703836362c00ce0a5a71797b7256e90d2c78b433e66c4b4bc11d1f2c4d0cc1067826fa1a2c7e4d91d9b0179d604e463f435112f83befe3fe654c7636195294441b3602771ab07c8432acef3d5d173bdcde62c060457d460e95674bf5088b838b15ca8513626878d244b25d4f64d3c7eeeeeb484c2ffa3f8b4ad3ae9cb028b2b4d6e1aa1ec5406b99aa5b65ee0d12a169116f65688cbd61df820a0edfc5c40da44e70327aafebaa4a7c8bb964a37c5d89a99fb4fd0b149070fb825786654ff7ddcf75358ded9cd800000000a0c3328e6a138baad4bd205d6fb08d", @ANYRES16, @ANYBLOB="ebe050f9a6e26556b98b3a694ca1d9f8df1d1907a2607c94fad06b78ed9f520e602e86e81adc6386a9cd7f05df985b7d7649fbe21aac9ea3cd407d5b9c5b0b7ff5572dc06f5dc6fa7d1206852880bc490a27a1ec2e3d77acc8c7454c8cfc31b1cddd5727a3a7bb058f019d781f3174f03a4f699b28b8ee3491fe8da4a5d8b2431b5b560ae1638b532ebadbb95c3d0ecece79ca4492a146892118cd97d3a346c6e0eccede0661be772eb19221fdc8f58e6d741bd5212bb2a9b57a1666e4bb084eecf00117c99520a8", @ANYRESHEX=0x0, @ANYRESHEX], 0x1, 0x151f, &(0x7f0000000680)="$eJzs3AvYjdW2OPAx5pwvH4mV5JY55nhZyWWSJLkk5JIkSZLklpAkSRKSW25JSELuSe4huYXkfr/fk2RLkiQkJJn/R7W3s097n3rO7vydfb7xe56XOb53jbHmXOP71nrXfL71fd1uYKU6lcvXYmb4l+Av/3UFgBQA6AMAmQAgAoBimYtlvnQ+ncau/9qdiD/Xg1Ou9AzElST9T92k/6mb9D91k/6nbtL/1E36n7pJ/1M36b8QqdmWqTmukSP1Hn98/9/916dl///fkLz+/5/1h37SpP+pm/Q/dZP+p27S/9RN+p+6Sf9TN+l/6ib9FyI1u2J7zxoA/qxaF39dzP/MXP/2WP26xX3F9+z/8RH9t/KuzHedEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQojU5ly4zADAX8dXel5CCCGEEEIIIYT484S0V3oGQgghhBBCCCGE+J+HAEaDgQjSQFpIgXSQHq6CDHA1ZIRMkIBrIDNcC1ngOsgK2SA75ICcIRPkAgsEDhhiyA15IAk3QF64EfJBfigABcFDISgMN0ERuBmKwi1QDGYtALgNSkBJKAWl4XYoA3dAWSgH5eFOqAAVoRJUhrugCtwNVeEeqAb3QnW4D2rA/VATHoBa8CDUhoegDjwMdeERqAf1oQE0hEb/rfwXoBO8CJ2hC3SFbtAdXoIe0BN6QW/oAy9DX3gF+sGr0B8GwEB4DQbB6zAY3oAhMBSGwZswHEbASBgFo2EMjIW3YBy8DePhHZgAE2ESTIYpMBWmwbswHWbATHgPZsH7MBvmwFyYB/PhA1gAC2ERfAiL4SNYAkthGSyHFbASVsFqWIMnYB2shw2wETbBZtgCW2EbbIcdsBN2we5ye+Bj2AufwD74FPbDZ7/Nh7X/Rf5Z+Pv89ggIqFChQYNpMA2mYAqmx/SYATNgRsyICUxgZsyMWTALZsWsmB2zY07MibkwFxISMjLmxtyYxCTmxbyYD/NhASyAHj0WxsJYBG/GolgUi2ExLI7FsQSWxJJYGktjGSyDZbEslr9tDgBWwEpYCe/Cu/BurIpVsRpWw+pYHWtgDayJNbEW1sLaWBvrYB2si3WxHtbDBtgAG2EjbIyNsQk2wWbYDJtjc2yBLbAltsRW2ApbY2tsg22wLbbFdtgO22MH7IAv4Av4Ir6IXbCC6obdsTv2wB7YC3tjb3wZ++Ir+Aq+iv1xAA7E1/A1fB0H4xkcgkNxGA7DMmoEjsRRyGoMjsWxOA7H4XgcjxNwIk7EyTgFp+I0nIbTcQbOwPdwFr6P7+McnIPzcD7OxwW4EBfhIlyMZ3EJLsVluBxX4EpcgatxDa7Gdbge1+FG3IibcTNuxa24HbfjTtyJu3E3fowf4yf4CfbH/bgfD+ABPIgH8RAewsN4GI/gka1XAeAxPIbH8TiewJN4Ck/iaTyNZ/AsnsNzeB7P4wV8LueXtXfnX9sf1CVGGZVGpVEpKkWlV+lVBpVBZVQZVUIlVGaVWWVRWVRWlVVlV9lVTpVT5VK5FClSrGKVW+VWSZVUeVVelU/lUwVUAeWVV4VVYVVEFVFFVVFVTN2qiqvbVAlVUjX1pVVpVUY182VVOVVelVcVVEVVSVVWlVUVVUVVVVVVNVVNVVfVVQ11v6qpumEvfFBd6kwdNQDrqoFYT9VXDVRD9To+qhqrwdhENVXN1ONqKA7BFqqxb6meUq3USGytnlGj8FnVVo3Bdup51V51UB3VC6qTauI7qy5qAnZT3dVk7KF6ql6qt5qOFdWljlVSr6r+aoAaqF5T8/B1NVi9oYaooWqYelMNVyPUSDVKjVZj1Fj1lhqn3lbj1TtqgpqoJqnJaoqaqqapd9V0NUPNVO+pWep9NVvNUXPVPDVffaAWqIVqkfpQLVYfqSVqqVqmlqsVaqVapVarNWqtWqfWqw1qo9qkNqstaqvaprarHWqn2qV2qz3qY7VXfaL2qU/VfvWZOqD+og6qz9Uh9YU6rL5UR9RX6qj6Wh1T36jjqos6oU6qU+o7dVp9r86os+qc+kGdVz+qC+ondVEFBRq10lobHek0Oq1O0el0en2VzqCv1hl1Jp3Q1+jM+lqdRV+ns+psOrvOoXPq63UubTVpp1nHOrfOo5P6Bp1X36jz6fy6gC6ovS6kC+ubdBF9sy6qb9HF9K26uL5Nl9AldSldWt+uy+g7dFldTpfXd+oKuqKupCvru3QVfbeuqu/R1fS9urq+T9fQ9+ua+gFdSz+oa+uHdB39sK6rH9H1dH3dQDfUjfSjurF+TDfRTXUz/bhurp/QLfSTuqV+SrfST+vW+hndRj+r2+rndDv9vG6vO+iO+id9UQfdWXfRXXW3qLt+SffQPXUv3Vv30S/rvvoV3U+/qvvrAXqgfk0P0q/rwfoNPUQP1cP0m3q4HqFH6lF6tB6jx+q39Dj9th6v39ET9EQ9SU/WU/RU3evXSjP/QP7b/yC/38/3vllv0Vv1Nr1d79A79S69W+/Re/RevVfv0/v0fr1fH9AH9EF9UB/Sh/RhfVgf0Uf0UX1UH9PH9HF9XJ/QJ/UP+jt9Wn+vz+iz+qz+QZ/X5/WFXx8DMGiU0caYyKQxaU2KSWfSm6tMBnO1yWgymYS5xmQ215os5jqT1WQz2U0Ok9Ncb3IZa8g4wyY2uU0ekzQ3mLzmRpPP5DcFTEHjTSFT2Nz0L+f/k/ktn/TLxUvoAmAam8amiWlimplmprlpblqYFqalaWlamVamtWlt2pg2pq1pa9qZdqa9aW86mo6mk+lkOiOYrqar6W5eMj1MT9PL9DZ9zMumr+lr+pl+pr/pbwaagWaQGWQGm8FmiBliDAAMN8PNSDPSjDajzVgz1owz48x4M95MMBPMJDPJTDFTzDQzzUw3081MM9PMMrPMbDPbzDVzzXwz3ywwC8wis8gsNovNErPULDXLzXKz0qw0q81qs9asNevNerPRbDRLzBazxWwz28wOs8PsMrvMHrPH7DV7zT6zz+w3+80Bc8AcNAfNIXPIHDaHzRFzxBw1R80xc8wcN8fNCXPCnDKnzGlz2pwxZ8w5c86cN+fNBXPBXDQXL132RSpSkYlMlCZKE6VEKVH6KH2UIcoQZYwyRokoEWWOMkdZouuirFG2KHuUI8oZXR/limxEkYs4iqPcUZ4oGd0Q5Y1ujPJF+aMCUcHIR4WiwtFNUZHo5qhodEtULLo1Kh7dFpWISkalotLR7VGZ6I6obFQuKh/dGVWIKkaVosrRXVGV6O6oanRPVC26N6oe3RfViO6PakYPRLWiB6Pa0UNRnejhqG70SFQvqh81iBpGjf7U+iGcyfaY72y72LTQzXa3L9ketqftZXvbPvZl29e+YvvZV21/O8AOtK/ZQfZ1O9i+YYfYoXaYfdMOtyPsSDvKjrZj7Fj7lh1n37bj7Tt2gp1oJ9nJdoqdaqfZd+10O8POtO/ZWfZ9O9vOsXPtPDvffmAX2IV2kf3QLrYf2SV2qV1ml9sVdqVdZVfbNXatXWfX2w12o91kN9stdqvdZrfbHXan3WV32z32Y7vXfmL32U/tfvuZPWBTfr2+/8Ietl/aI/Yre9R+bY/Zb+xx+609YU/aU/Y7e9p+b8/Ys/ac/cGetz/aC/Yne9GGSxf3l17eyZChNJSGUiiF0lN6ykAZKCNlpAQlKDNlpiyUhbJSVspO2Skn5aRclIsuYWLKTbkpSUnKS3kpH+WjAlSAPHkqTIWpCBWholSUilExKk7FqQSVoFJUim6n2+kOuoPKUTm6k+6kilSRKlNlqkJVqCpVpWpUjapTdapBNagm1aRaVItqU22qQ3WoLtWlelSPGlADakSNqDE1pibUhJpRM2pOzakFtaCW1JJaUStqTa2pDbWhttSW2lE7ak/tqSN1pE7UiTpTZ+pKXak7dace1IN6US/qQ32oL/WlftSP+lN/GkgDaRANosE0mIbQUBpGb9JwGkEjaRSNpjE0lsbSOBpH42k8TaAJNIkm0RSaQtNoGk2n6TSTZtIsmkWzaTbNpbk0n+bTAlpAi2gRLabFtISW0DJaRitoBa2iVbSG1tA6WkcbaANtok20hbbQNtpGO2gH7aJdtIf20F7aS/toH+2n/XSADtBBOkiH6BAdpsN0hI7QUTpKERyj43ScTtAJOkWn6DSdpjN0hs7ROTpPP9IF+okuUqAUl86ld1e5DO5ql9Flcv85zu5yuJzuepfLWZfVZfu7mJxz+Vx+V8AVdN4VcoXdTb+JS7iSrpQr7W53Zdwdruxv4iprdvzyi+juXlfZ3eWquLtdVXePq+buddXdfa6Ge9jVdI+4Wq6+q+0aujruYVfXPeLqufqugWvomrsnXAv3pGvpnnKt3NO/iRe4hW6NW+vWufVur/vEnXM/uKPua3fe/eg6uy6uj3vZ9XWvuH7uVdffDfhNPMy96Ya7EW6kG+VGuzG/iSe5yW6Km+qmuXfddDfjN/F894Gb5Ra52W6Om+vm/RxfmtMi96Fb7D5yS9xSt8wtdyvcSrfKrf7bXJe7jW6T2+z2uI/dNrfd7XA73S63++f40jr2uU/dfveZO+K+cgfd5+6QO+YOuy9/ji+t75j7xh1337oT7qQ75b5zp9337ow7+/P6L639O/eTu+iCA0ZWrNlwxGk4LadwOk7PV3EGvpozciZO8DWcma/lLHwdZ+VsnJ1zcE6+nnOxZWLHzDHn5jyc5Bs4L9/I+Tg/F+CC7LkQF+abuAjfzEX5Fi7Gt3Jxvo1LcEkuxaX5di7Dd3BZLsfl+U6uwBW5Elfmu7gK381V+R6uxvdydb6Pa/D9XJMf4Fr8INfmh7gOP8x1+RGux/W5ATfkRvwoN+bHuAk35Wb8ODfnJ7gFP8kt+SluxU9za36G2/Cz3Jaf43b8PLfnDtyRX+BO/CJ35i7clbtxdwTuwT25F/fmPvwy9+VXuB+/yv15AA/k13gQv86D+Q0ewkN5GL/Jw3kEj+RRPJrH8Fh+i8fx2zye3+EJPJEn8WSewlN5Gr/L03kGz+T3eBa/z7N5Ds/leTyfP+AFvJAX8Ye8mD/iJbyUl/FyXsEreRWv5jW8ltfxet7AG3kTb+YtvJW38XZG3sm7Lj3N88e8lz/hffwp7+fP+AD/hQ/y53yIv+DD/CUf4a/4KH/Nx/gbPs7f8gk+yaf4Oz7N3/MZPsvn+Ac+zz/yBf6JL3JgiDFWsY5NHMVp4rRxSpwuTh9fFWeIr44zxpniRHxNnDm+Ns4SXxdnjbPF2eMccc74+jhXbGOKXcxxHOeO88TJ+IY4b3xjnC/OHxeIC8Y+LhQXjm+Ki8Q3x0XjW+Ji8a1x8fi2uERcMn743tLx7XGZ+I64bFwuLh/fGVeIK8aV4srxXXGV+O64anxPXC2+Ny4a3xfXiO+Pa8YPxLXiB+Pa8UNxnfjhuG78SFwvrh83iBvGjeJH48bxY3GTuGncLH48bh4/EbeIn4xbxk/FreKnf/d817hb3D1+KX4pDuEePTc5Lzk/+UFyQXJhclHyw+Ti5EfJJcmlyWXJ5ckVyZXJVcnVyTXJtcl1yfXJDcmNyU3JzckQKqcFj1557Y2PfBqf1qf4dD69v8pn8Ff7jD6TT/hrfGZ/rc/ir/NZfTaf3efwOf31Ppe3nrzz7GOf2+fxSX+Dz+tv9Pl8fl/AF/TeF/KFfUPfyDfyjf1jvolv6iN43D/un/BP+Cf9k/4p38o/7Vv7Z3wb/6xv65/zz/nnfXvfwXf0L/hO/kXf2XfxXX1X39139z18D9/L9/J9fB/f1/f1/Xw/39/39wP9QD/ID/KD/WA/xA/xw/wwP9wP9yP9SD/aj/Zj/Vg/zo/z4/14P8FP8JP8JD/FT/HT/DQ/3U/3M/1MPyvfLD/bz/Zz/Vw/38/3C/wCv8gv8ov9Yr/EL/HL/DK/wq/wq/wqv8av8ev8Or/Bb/Cb/Ca/xW/x2/w2v8Pv8Lv8Lr/H7/F7/V6/z+/z+/1+f8AfOBf8QX/If+EP+y/9Ef+VP+q/9sf8N/64/9af8Cf9Kf+dP+2/92f8WX/O/+DP+x/9Bf+Tv+iDH5t4KzEu8XZifOKdxITExMSkxOTElMTUxLTEu4npiRmJmYn3ErMS7ydmJ+Yk5ibmJeYnPkgsSCxMLEp8mFic+CixJLE0sSyxPLEisTIRwvXb4pA75AnJcEPIG24M+UL+UCAUDD4UCoXDTaFIuDkUDbeEYuHWUDzcFkqEkqFUeCTUC/VDg9AwNAqPhsbhsdAkNA3NwuOheXgitAhPhpbhqdAqPB1ah2dCm/BsaBueC+3C86F96BA6hhdCp/Bi6Bx06Bq6he7hpdAj9Ay9Qu/QJ7wc+oZXQr/waugfBoSB4bUwKLweBoc3wpAwNAwLb4bhYUQYGUaF0WFMGBveCuPC22F8eCdMCBPDpDA5TAlTw7TwbpgeZoSZ4b0wK7wfZoc5YW6YF+aHD8KCsDAsCh+GxeGjsCQsDcvC8lAnZWVYFVaHNWFtWBfWhw1hY9gUNoctYWvYFraHHWFn2BV2hz3h47A3fBL2hU/D/vBZOBD+Eg6Gz8Oh8EU4HL4MR8JX4Wj4OhwL34Tj4dtwIpwMp8J34XT4PpwJZ8O58EM4H34MF8JP4aJ8Zk0IIYQQ4g/Rv3O+299F6m//ql+/0h0Art6e4/B/rrkh6y/jnipn8wQAPNWl3YN/PSpU6Nq166+3XaIhyjMHABKX89PA5XgpNIMnoCU0hSL/cH49VYfz/Dv1k7cCpP8POSlwOb5c/+Z/Un/ErN+tPwcgX57LOengcny5ftHf1I5+rp+t8e/UT/f5WIAm/yEvA/wa/3WL9+f6heExeBpa/t0thRBCCCGEEEKIX/RUpdr83vvbS+/Pc5rLOWnhl9j8gffn8MsnDIQQQgghhBBCCHEFPduh45OPtmzZtM0/GZT756dkkFoGaf53TOPffgDwv2Iaf2xwpZ+ZhBBCCCGEEH+2yxf9V3omQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCFE6vX/48+JXek1CiGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEFfa/wsAAP//IwonAg==")
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3813009, 0x0, 0x1, 0x0, 0x0)
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
getdents64(r0, &(0x7f0000000f80)=""/4096, 0x1000)

2.325313672s ago: executing program 4 (id=1138):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000010001004900000001"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r0, <r1=>0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0x7, r1}, 0x38)

2.193133519s ago: executing program 4 (id=1139):
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
r1 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaef2, 0x1000, 0x2, 0xbfcffffc}, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000280)=<r3=>0x0)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x2000, 0x0, {0x2}})
io_uring_enter(r1, 0x47f6, 0xfff5, 0x2, 0x0, 0x0)

2.096438471s ago: executing program 4 (id=1140):
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f0000001d80)=[{&(0x7f0000000280)=ANY=[@ANYBLOB="240000001c0001"], 0x24}], 0x1, 0x0, 0x0, 0x20004880}, 0x20008004)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000001dc0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20004081}, 0xc000)

830.494173ms ago: executing program 2 (id=1141):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan1\x00', <r1=>0x0})
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r0)
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f0000000480)={0x34, r2, 0x1, 0x0, 0x0, {{0x2}, {@val={0x8, 0x3, r1}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @chandef_params=[@NL80211_ATTR_CHANNEL_WIDTH={0x8}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x9}]]}, 0x34}, 0x1, 0x0, 0x0, 0x40}, 0x40)

678.356273ms ago: executing program 0 (id=1142):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x9, 0x4, 0xdd, 0xa}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c012500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000800000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x45, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000001680)=ANY=[@ANYBLOB="1800000000030000000000000000000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x8}, 0x94)

572.441296ms ago: executing program 3 (id=1143):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x12, 0x5, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x6}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r1, 0x2000000, 0xe, 0x0, &(0x7f00000004c0)="630b008646dc3f0adf33c9f7b986", 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2}, 0x50)

570.784047ms ago: executing program 4 (id=1144):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x18, 0xb, &(0x7f00000007c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000730000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xd, '\x00', 0x0, 0x2}, 0x94)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)={0x18, r1, 0x301, 0x70bd26, 0x25dfdbfc, {0x24}, [@HEADER={0x4}]}, 0x18}}, 0x0)

498.466716ms ago: executing program 2 (id=1145):
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000480)='./file0\x00', 0x18000, &(0x7f0000003b40)=ANY=[@ANYRES32=0x0, @ANYRES16, @ANYRES16=0x0, @ANYBLOB="b022fd84099290ab8ebe39cfc17f80bc2926131e9437a1dea9ca1756900531c14b67f7a9edd0d80c7c73649053153a8d8db6d3c0d3b3fa951f57d14071b61a27d968a0ae7bd580d2d9fd9034451c3ecffae80b234e72fb11e3a60c1208bd5262c5009e3e45582ed4203850292ed682fc5e26f5c2af47718ee5b4f2ed68f0b21b813ec22c4c61d3f22f5a01ebea6c484d8ef4ca90180b4587e0bee2f782fef574aa1e0ebc5d9e42452910d03c12feff7848f72ac5430476b9dc2457a09efdc6f181c408abe7b30cccd2c8fb85389e1cacd4f4b29a3d4a55941bf1bb416203732d6712d5a89470876ae6daec66f3fe1b39982c2781b115e20af7ce0a0c7c77db1073adc6e11597bd9f540f90f60b92dc84a5c764379c0b9426ff4f547182502633aa754dcfc63e46c7cef8e3a0c29bf5184ac150e90d884c59cba3dae7c531fb114534292629d8532c0f67ee37f2c349ea8f28199aff2aa335df5db411287a73adfbfff212cf7b6d277a361c55af160d98b5c3db84da37d80e07269c33f60f111ec3c09d8843e1f5499e71de9b48882b9415d45b20393888ec49f307d535580947b5a5b40b465382aa4a579f317d91792f8ed70e9401863bc0a21d7e15f828ae8f13c673a30cba6f10f89c8a018cc8bbe7072ffe1c5d4ef11f0f82cf967faef8608f8b289245f87607917b0c2578dbbe5186ac78b8cd9a5aff567aebe8a73dd547fdc503885a2df4953f3497688b7b1ede6a2e529b25ecc246a7bcb00077059d7e0100aa20cb4d1dbac6eec0a9f803601c799eddb9b271f0530842291167abffb982fe47a496e884ee3c17850f970cb3ac3342b832b8b984e2eb4836afb7727f7310a347add2a1094cfff7b44516593bbf15f3a9e0e2a788e99bdec6706ae9a39b4f8983ae38d4cdf866d9670de91036ea86646f195ec4b4ce462ea624b8875825262a301f9235496b935506109287bbcf4754e3fa637428a2e39a80cd07ffafd756839abddc721421754fcae705ab432fcdd6f3c004dfad9e6bfa87746dd41649dcd2bf1728a3d6d2ddf27a52957422a27f9e478530873d9f1861b71f2378540648b171bcbd44533723ae1a89e56e2f570c0571eb3c66fac65e3abad003a828f2d21cc990e57b80dd3762fe1204eb320591d6a93f9052b80494b2f52ad89d6374cf33040e2484c3384946450bb65835d65bebb4a91c0f82e598e5aa7ff9ba79f27bbd46240287721d2759fa24cec97658d8f17b3f424293f7253b74dae4b966c8089c546936953d8ce63463c26f1e296f56e17e7f890b6001ed5d9f739036842e989b40c02d3fe5227b1fb08a98f1b1f0c336346698e70171e74e40c5304a356b29c947672f8a0535b7ce3a66b276d09ca3d9fff030e41598649a310875f5b5801c471182c1f617c907f06b5f36a1f9294b0f4a95d0fc98682b1e38f2f94fb08f20c5e5c7afaa9fbbd84734a98dd9b33188f6b79334b09ca8e2de56457242f904b114a2c313b193fe421d7fa97da5ab77f363e83b4698bf903022d13826ded79a905f07f97dc0fc4cc290b969ee37075a4a80a0d86d0696eeea2048ebd1a97f8319b3342e515ae5c9e25ee933d926ae0f31af55aeb07da6508756ac9549ba8bbc0095a17cb647df12f926e595a531d7208ef75cfd6239f65a0584121c75e00f7c77990b90e6350b1a84eba4430979bb726ab02050573af29156bed8e243527593dc0c6de41d0b6775818a96ee97d153826a217e8d7e88c6c44baa781a495afeba3882a06f5b1a87b1e8ee1edf404ac3ade6f5af1f6cd22c01506b5f84befb55c86f79b56e4d5754be8f564f57852f991c2275cbf55937666e022c2b2f0d020156152377859b345f74fe66791421e5571a7900df89c9bef5c3cb19113fae5d524ae2edea5ca91baf096c02e1e860c9b5a97882da598ef1e39fcb61d83f997675a772ac37c0fbe65a9d379b9204a915fdb6a7c7cdbd14c0893cd5e8cfd56f4021756d6c6a25b258a69922a41f3c7bc43b69f46293b381a27ae5a3cfcf2526f8eadcb540ec87d6009d6a2939882140f9a447c5be4328a0681aa3002f6a9dfd836b362fb1d423d7c9571aeb50e2a6acb9ab4e85574baf27b1028db0f6647aa7fe995c1fbf8ab422bb15acf9ae6de73972c9549cb601297bbb1c740e8761af16c4785c4827b5dc5e52f4a82000f6f87670ec19fea4e04e564fc83c0ccf1b7fa2bb9ac3e56addfa7f5f6d1d3d3c92dea5de9fa42f1414a769b0cdc40e306fee0ad66573628b83a07fe087fcb3377848e1a7869e592c83bb594284da28a4f5db381059d56e5d4989042dadbbe6000b66184ca8fe9d293f6c70988f3d7b8ee00546a21aaeca498ae06fa7becc5a55914c7a1ab714d955a8b0bd72e8d6bbf4dd451b525fcbc9fb5c10747dee3c755d39be5c2d52345c56185a8d6cee878b72255acabf7dbefafaed94838532fd01ea6244c4ac929de6846084a07d19de7098e62b613775abe326d402f707c4fbb3968b0aac7f1f27537cbdecee19151b310bcbe2c848ef41eea747e85f87d5a160b2cb6b28d137e30c69770c1651e44a66f8e3394bec03c8256b89fd59bec449c6a2bdb351f53d05e463f75b834624b8c7b557dc38a398d726d0846fc2f062b5b32d10af38ce844c6811aaef73ace1d86813bc37433670f6180f9bd112ae00133077fc7a0bd12d7b4b3a53a3c16a9cb0e8112f18691aa3bd2215afdaa1d00c8ea4f4a302ea9ebc94afaad2549f646a8ae66b953fa9cd649a02c4b152cc6c7b55d99ddc3d0fd1fcd84da355eb02581dba9e4d9dd235d2d4c4e094161440e70926221d76ce70c8762485c8b801550cc208e5d1bfd184e622ff0950a912dd47163c838fd562f09ca1690e76da55a471ec67cb83bbb103975bd4683f0393ec8b843f55ba2c0bdc6c90b50031cfe751792bd5d0cb50c8ee93086794e18c4ed66d6bd09b499f8ff2f63a8920701ab0af5b4b75402b1d65b1eb515dc46e181a1699f21e67349c904f02f8358e28faff2ade65703d14dc2774b02acc731eee0941675502d95e0c32a7304f6e9af85ef220daea0de24cf79e35a59412e62835d3032f88d9ed7befd4f708bfd2d236bd188b6f951bbe13e3add84f111e20324a523426611ec15fb376e7306cbec6867f0b945047a4facf78154e68a66a36972d5a18af1403baa9b4b51fddd072ee1f0087add02485b40323bd708b76406e10a927a913d91c5d771d3aeb3cfafb54b1016785c61ed13060d5f1b550676a656b874fd392ae61c5044218df55cbb72b819990ffdb130fb17a14f7cb5a2a8aafedc6526d83762dbf320f15758030eeecf5652dccf04cdc68827400c768a21daff47212b87357ff0bcb36cae4d113a5d9815b07332cb42329321664d93e43e6dcd6115987007fc623088004f8ac943736eb2a045a25b1bbfbbc97571eabf875d924f6b7b0e524b1afa0ff499473aa7976de83b91928e84f8e445728778fe0e5a356a57f09ed254848cec31b7c5c9c7a2fca21befe15ffc9317e96f7ad582684ce625791b99563781bf64983e77be4f1a5893beec4b560fc15e9c21dd0c29bf2879dfaa257ba5ec97957050d5b2c1f25eb4064488c139dbf88f3b7c70850d6fdbf0603cdd4011bf76e0d9ee5c2b128b50dba5689a8f04d4caf62d777eab31aab4b4195da780901352d284885bf417eb05367ee1b5f2f8c5cfe7f0394fb977f3a3f96084375e22ccf6c3ee4659d68d2b1948a4a1783a4db2282c67d39613fa67be4dd144793b76c09dd563ef3d169f34318acbd62d3b2d64f9173d16e9801132918c3390172c6f64d049b4c894d593419e5f4d5a513fc5a64ddcd05b034e6d16fe88ff89a520c464f842ad5a62a6fc46f0e9d56d05d6f5e625d25f537cca62910981dd463255318d8273db13d27fdc6c17c2c54776ba3a246c413957f297b8ecb1adb5c3f1d4d8e4d7705bdb9268f956d2845b68511edd51cdc5d05de5d6d4b3f573592986fed325f1f3c6a9ef7740f9d843e11981d1ca515c7e722ec4d691c5e4d3a146e39bcf407f66418f754bb2508cb4cc843aa9d8eb63850e5b9103682ecc1fc8f972f394be9d31cb9efd0f693d4ec41fe8d0993b45d2f422f9ab604d3371c1bda1daa3206a027c4de5c8f2cf6d1fc7e6d1423a6c71e84f24e0a4dfbf4a331deff2ae649df9681a08846efc9f0001e7ef106f1bfa25ee2799b13f1f076e30e58078d186afb65301497e982478babf143972cc7072f70829b8faee46e56a1451ff7ddd0dd35816bfa29eee361de60fbc3222e89d70f1495be94d0e82072a0e572e3055c905552e6c45d2af3d4f505a99d947667059c1c92ce2d3549077539c4cec4c07337361eeb9f78813bf9e77b0a79f391ae6eb663deb53317f61ef8ddffdbd0ca2d8095c10c106b0968325bc1e88829d92399b809f1b881e9b9f0aeada5c5ee20fd0866070e3d5d41e62f5b6d2d25441babcdf9d3dc8ae3c140a6f352daf00ed38e248b236acd27f24bdebae0f272a5820ef77fb603fe3cc910a9d842129259e61d25dcf546cd770e4cccab470b20fa5f5972a6dd15853483de6e032f9726c166e81e8e0f9db4df397cc4a10b6e58708a31f48d7d2bae4ef92828c37088068b2ae433110dc7c08e6017d8b26e4e0382ca8fa62dc6f53c4cc2f0f78af72335c494f57f2414afe247e2291c395895bb18f701b6f4331feb759110c543dd94a238e782ad552047677558a50e7683d71a9e222fd19a9343e1d64528640a8099dedd19e4c747dda18ff25b15bddf750a54533b6ecfc75ad4a2909485f7fd759d45c74727b2e7300eae71a8784f5dd7f25b4b000ed3254264131cbbae316fb3a3bfbeb309dd2d18104629db354f447791eb882bf0333a520b8dba745b673d071b07e1de3e02fe751a1cf5908435b1a38edbd60483abdb15452c868844ceb96c449ab72999a55c79f9ce7405797142ef7095b4caf99d7bbe51cd4e963e4ffbbd2648761abd3894b5420a0add261ff9c0eff61aafd1ac5195ff15cadb5b0c7ce34d4d2d68146f3dae677e833b8be0f8a876153bb65398def38e4bf539d3a00047b19c483062fc1c2547b7d4f7d99b7035212ccfffeeb21ed7bbd6165ac7fbafbca3cef86fff655305706dd0baa607c50543bb0d66f0f4dbdd9c365fdb7b875dc5e7ee59afccc321ad1e31cc84687afda71231bb2e4dc3ce79ff3ce4bbafed8821a5b71bbf3844f110e2dd9557b596ac792d97506d22c0410bce435e20fa2e2d435361b5b6ac85f44763769723a7b629258f45e10578f70bef2e9c05af8032e357697dfcd30de9b3e953a36d6cb7a03ce69288b663f692793904dd8fb4ab6dc31ddf7f6942ef84c1e68c78bf9974f830ee2fccca84113cee98b47ed41a87fe610c5348dc38d4ada19862772317a70754870347ad87dbbb4c52349b0261aa8e108fcf387b24d4e2a77ba76e8472fd74ab6fa021277a24ef7a48d395b0fd1f9c0cf83bac56b433ffbfe5984a362e337969febf259988162c2b4842bd2fc0b230fee93a085003e615088abfe41889f7b5e0f380ffe55b66c1f7419993c3dd4aac5891494a183ddca2e415e1749489c925715f3c44d94b90d2d735f2b923bdbbbf1646580ab135356a9ee29bc19e73ded9a33798a69d248574e0c9e9f40a1c1ba52bc66a578d08b75f271a9e9f447efede09d6b3b57e0aa6322c18fd6f5e1c9d2753e0a6513cc04124ab89802eb9c504f0e5550868ab597629d7cc7447ed1b01b2ff4cf511aa098710b208b5aa0f595039a2f0e7294c5fe3b0c3e6c40000000000000000000000000000000002588beb10115f4b22f4ac997c86c49201ee9dceb2142ae61555bbbc4ef8cdd468a8ffbe6cbfc8877dd87292c70e10669bc99d8d5710f7719cc2cffc86cd529b6da2511d07aef4a1d9533ab58a76f80ad7fe91a17397d3c83481", @ANYBLOB="fe2ecf20a9a17bd2ed7e803f830375c150a1f848f604c2c1f932d2b7163be4b2b9a5bd521d185cfbee555b27608594beba6325923aaf5db74cff01000053db92c6c5fcbba0abd975fc76bea49b00513afc856ed89d3fadeda3075725ae7f45fb95e7cdb28c6b886959b7dde2c87c73f6008cf6eed7861f24b7423704b95f3d05b92d3d7ff9d392833ecd02443320b60131a350360fcc1d659e2a03cb469caf0498bacae0735a161345b3d71a55f14ef636b6f832c7a6071fce83904dfd871b6d8e03648dbaa3a039eb5673792cae80335732030f9aeabaf3bb3cc4ca5fe75271d69b2e78beb2b81fc3cf3a18a7ae93a3cdbe6599b99408275e2b4b4477c6fcf4806134e839e13533ec000000000000006a1c000000000000000000000000000000000000000000000000000069c3288311b7414705e975eb3f1b77a120", @ANYRES64], 0x8, 0x2eb, &(0x7f00000004c0)="$eJzs3E1PE10UwPHTF0pbAmXx5DGaGG50o5sJVNdKYyAxNpEgNb4kJgNMtenYkpkGU2NEV26NH8IFYcmORPkCbNzpxo07NiYuZGEc0+kMhTKAlNIi/H8JmcPce6b3zgzk3AnD+r23T4t5W8vrFQnHlYRERDZEBiUsvpC3DbtxTLZ6JZf7fnw+f+f+g1uZbHZsUqnxzNSVtFJqYOjDsxcJr9tKr6wNPlr/nv629v/a2fXfU08KtirYqlSuKF1Nl79W9GnTULMFu6gpNWEaum2oQsk2rHp7ud6eN8tzc1Wll2b7k3OWYdtKL1VV0aiqSllVrKqKPNYLJaVpmupPCvaTW5yc1DMtJs+0eTA4IpaV0SMiktjRklvsyoAAAEBXNdf/YVHtrP+XLqxW+u4uD3j1/0osqP6/+qV+rG31f1xEAut///MD63/9YPX/zorodDlU/Y/jYSi2Y1eoEdYarYye9H5+Xa8fLg27AfU/AAAAAAAAAAAAAAAAAAAAAAD/gg3HSTmOk/K3/leviMRFxP8+IDUiIte7MGS00SGuP06Axot70QER8818bj5X33odVkXEFEOGJSW/3PvBU4v9N49UzaB8NBe8/IX5XMRtyeSl4OaPSKpHmvMdZ/xmdmxE1W3P75Hk1vy0pOS/4Px0YH5MLl3ckq9JSj7NSFlMmXXH0ch/OaLUjdvZpvyE2w8AAAAAgJNAU5sC1++atlt7PX9zfd38fCDSWF8PB67Po3Iu2t25AwAAAABwWtjV50XdNA1rjyAh+/dpPYge0ZH9Gf5tlv+3DEc30z0C/8O3NcW9nW0/LaEDnJZdgrC0kjVUm4067Cz8x0a79ZGJ0c5fQTc48+79z/Yd8NpyfJ+Zth5E9r4Bejr2CwgAAABAxzSKfn/PaHcHBAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAKdSJ/47W7TkCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAx8WfAAAA//+SWQVN")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='freezer.state\x00', 0x275a, 0x0)
ftruncate(r0, 0x8800000)
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x100)

359.252854ms ago: executing program 0 (id=1146):
sendmsg$RDMA_NLDEV_CMD_STAT_GET(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000800}, 0x0)
r0 = openat$rtc(0xffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH(r0, 0x7005, 0x0)
readv(r0, &(0x7f0000000000)=[{&(0x7f00000012c0)=""/191, 0x4}], 0x3)

275.831704ms ago: executing program 3 (id=1147):
syz_mount_image$sysv(&(0x7f0000000080), &(0x7f0000000000)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0, &(0x7f0000001780)=ANY=[], 0x21, 0x9e8d, &(0x7f0000000400)="$eJw8mlP0Zcf2cH+djm3bTmZs27Ztewad5GwbsW3btm3bNvob/b/3fmuch/OwR1XtueaqUVW7bhngrQO8bYC3D/COAd45wLsGePcA7xngvQO8b4D3D/CBAT44wIcG+PAAHxngowN8bICPD/CJAT45wKcG+PQAnxngswN8boDPD/CFAb44wJcG+PIAXxngqwN8bYCvD/CNAb45wLcG+PYA3xnguwN8b4DvD/CDAX44wI8G+PEAPxngpwP8bICfD/CLkSf45QC/GuDXA/xmgN8O8LsBfj/AHwb44wB/GuDPA/xlgL8O8LcB/j7APwb45wD/GuDfA/xngP8OcOQAhwIcFuBoAY4McPQAxwhwzADHCnDsAMcJcNwAxwtw/AAnCHDCACcKcOIAJwlw0gAnC3DyAKcIcMoApwpw6gCnCXDaAKcLcPoAZwhwxgBnCnDmAGcJcNYAZwtw9gDnCHDOAOcKcO4A5wlw3gDnC3D+ABcIcMEAFwpw4QAJGLZIgIsGuFiAiwe4RIBLBrhUgEsHuEyAywa4XIDLB7hCgCsGuFKAKwe4SoCrnjA0NIrH6gGuEeCaAa4V4NoBrhPgugGuF+D6AW4Q4IYBbhTgxgFuEuCmAW4W4OYBbhHglgFuFeDWAW4T4LYBbhfg9gHuEOCOAe4U4M4B7hLgrgHuFuDuAe4R4J4B7hXg3gHuE+C+Ae4X4P4BHhDggQEeFODBAR4S4KEBHhbg4QEeEeCRAR4V4NEBHhOgAR4b4HEBHh/gCQGOCPDEAE8K8ORRLoxCEGAYYBRgHGASYBpgFmAeYBFgGWAVYB1gE2AbYPdff04J8NQATwvw9ADPCPDMAM8K8OwAzwnw3ADPC/D8AC8I8MIALwrw4gAvCfDSAC8L8PIArwjwygCvCvDqAK8J8NoArwvw+gBvCPDGAG8K8OYAbwnw1gBvC/D2AO8I8M4A7wrw7gDvCfDeAO8L8P4AHwjwwQAfCvDhAB8J8NEAHwvw8QCfCPDJAJ8K8OkAnwnw2QCfC/D5AF8I8MUAXwrw5QBfCfDVAF8L8PUA3wjwzQDfCvDtAN8J8N0A3wvw/QA/CPDDAD8K8OMAPwnw0wA/C/DzAL8I8MsAvwrw6wC/CfDbAL8L8PsAfwjwxwB/CvDnAH8J8NcAfwvw9wD/CPDPAP8K8O8A/wnw3//W+1CIw8IRjhbi8BBHD3GMEMcMcawQxw5xnBDHDXG8EMcPcYIQJwxxohAnDnGSECcNcbIQJw9xihCnDHGqEKcOcZoQpw1xuhCnD3GGEGcMcaYQZw5xlhBnDXG2EGcPcY4Q5wxxrhDnDnGeEOcNcb4Q5w9xgRAXDHGhEBcOkRAXCXHREBcLcfEQlwhxyRCXCnHpEJcJcdkQlwtx+RBXCHHFEFcKceUQVwlx1RBXC3H1ENcIcc0Q1wpx7RDXCXHdENcLcf0QNwhxwxA3CnHjEDcJcdMQNwsZ2jzELULcMsStQtw6xG1C3DbE7ULcPsQdQtwxxJ1C3DnEXULcNcTdQtw9xD1C3DPEvULcO8R9Qtw3xP1C3D/EA0I8MMSDQjw4xENCPDTEw0I8PMQjQjwyxKNCPDrEY0I0xGNDPC7E40M8IcQRIZ4Y4kkhnjxqDC8MDQUhhiFGIcYhJiGmIWYh5iEWIZYhViHWITYhtiF2IfYhnhLiqSGeFuLpIZ4R4pkhnhXi2SGeE+K5IZ4X4vkhXhDihSFeFOLFIV4S4qUhXhbi5SFeEeKVIV4V4tUhXhPitSFeF+L1Id4Q4o2jcrf5fEOjDQ0N3RLirSHeFuLtId4R4p0h3hXi3SHeE+K9Id4X4v0hPhDigyE+FOLIsYaGhlb6v9//xeMhPhHikyE+FeLTIT4T4rMhPhfi8yG+EOKLIb40+pAvh/hKyFivhvhaiK+H+EaIb4b4Vohvh/hOiO+G+F6I74f4QYgfhvhRiB+H+EmIn4b4WYifh/hFiF+G+FWIX4f4TYjfhvhdiN+H+EOIP4b4U4g/h/hLiL+G+FuIv4f4R4h/hvhXiH+H+E+I/4561xCHIhwW4WjRGENDQzh6hGNEOGaEY0U4doTjRDhuhONFOH6EE0Q4YYQTRThxhJNEOGmEk0U4eYRTRDhlhFNFOHWE00Q4bYTTRTh9hDNEOGOEM0U4c4SzRDhrhLNFOHuEc0Q4Z4RzRTh3hPNEOG+E80U4f4QLRLhghAtFuHCERLhIhItGuFiEi0e4RIRLRrhUhEtHuEyEy0a4XITLR7hChCtGuFKEK0e4SoSrRrhahKtHuEaEa0a4VoRrR7hOhOtGuF6E60e4QYQbRrjR0NDQiAg3iXDTCDeLcPMIt4hwywi3inDrCLeJcNsIt4tw+wh3iHDHCHeKcOcId4lw1wh3i3D3CPeIcM8I94pw7wj3iXDfCPeLcP8ID4jwwAgPivDgCA+J8NAID4vw8AiPiPDICI+K8OgIj4nQCI+N8LgIj4/whAhHjf3ECE+K8OQIBxEGEYYRRhHGESYRphFmEeYRFhGWEVYR1hE2EbYRdhH2EZ4S4akRnhbh6RGeEeGZEZ4V4dkRnhPhuRGeF+H5EV4Q4YURXhThxRFeEuGlEV4W4eURXhHhlRFeFeHVEV4T4bURXhfh9RHeEOGNEd4U4c0R3hLhrREOH8LbI7wjwjsjvCvCuyO8J8J7I4bdF+H9ET4Q4YMRPhSNN/RwhI9E+GiEj0X4eIRPRPhkhE9F+HSEz0T4bITPRfh8hC9E+GKEL0X4coSvRPhqhK9F+HqEb0T4ZoRvRfh2hO9E+G6E70X4foQfRPhhhB9F+HGEn0T4aYSfRfh5hF9E+GWEX0X4dTTO0DcRfhvhdxF+H+EPEf4Y4U8R/hzhLxH+GuFvEf4e4R8R/hnhXxH+HeE/Ef4b4ciROBTjsBhHi3F4jKPHOEaMY8Y4VoxjxzhOjOPGOF6M48c4QYwTxjhRjBPHOEmMk8Y4WYyTxzhFjFPGOFWMU8c4TYzTxjhdjNPHOEOMM8Y4U4wzxzhLjLPGOFuMs8c4R4xzxjhXjHPHOE+M88Y4X4zzx7hAjAvGuFCMC8dIjIvEuGiMi8W4eIxLxLhkjEvFuHSMy8S4bIzLxbh8jCvEuGKMK8W4coyrxLhqjKvFuHqMa8S4Zoxrxbh2jOvEuG6M68W4fowbxLhhjBvFuHGMm8S4aYybxbh5jFvEuGWMW8W4dYzbxLhtjNvFuH2MO8S4Y4w7xbhzjLvEuGuMu8W4e4x7xLhnjHvFuHeM+8S4b4z7xbh/jAfEeGCMB8V4cIyHxHhojIfFeHiMR8R4ZIxHxXh0jMfEaIzHxnhcjMfHeEKMI2I8McaTYjw5xkGMQYxhjFGMcYxJjGmMWYx5jEWMZYxVjHWMTYxtjF2MfYynxHhqjKfFeHqMZ8R4ZoxnxXh2jOfEeG6M58V4fowXxHhhjBfFeHGMl8R4aYyXxXh5jFfEeGWMV8V4dYzXxHhtjNfFeH2MN8R4Y4w3xXhzjLfEeGuMt8V4e4x3xHhnjHfFeHeM98R4b4z3xXh/jA/E+GCMD8X4cIyPxPhojI/F+HiMT8T4ZIxPxfh0jM/E+GyMz8X4fIwvxPhijC/F+HKMr8T4aoyvxfh6jG/E+GaMb8X4dozvxPhujO/F+H6MH8TD/7vawI9j/CTGT2P8LMbPY/wixi9j/CrGr2P8ZlTuRj1+4tDQ9zH+EOOPMf4U488x/hLjrzH+FuPvMf4R458x/hXj3zH+E+O/MY6McSjBYQmOluDwBEdPcIwEx0xwrATHTnCcBMdNcLwEx09wggQnTHCiBCdOcJKHcdIEJ0tw8gSnSHDKBKdKcOoEp0lw2gSnS3D6BGdIcMYEZ0pw5gRnSXDWBGdLcPYE50hwzgTnSnDuBOdJcN4E50tw/gQXSHDBBBdKOOG/4FwkwUUTXCzBxRNcIsElE1wqwaUTXCbBZRNcLsHlE1whwRUTXCnBlRNcJcFVE1wtwdUTXCNhnP+1vXaC6yS4boLrJbh+ghskuGGCGyW4cYKbJLhpgpsluHmCWyS4ZYJbJbh1gtskuG2C2yW4fYI7JLhjgjsluHOCuyS4a4K7Jbh7gnskuGcyhnsluHeC+yS4b4L7Jbh/ggckeGCCByV4cIKHJHhogocleHiCRyR4ZIJHJXh0gsckaILHJnhcgscneEKCIxI8McGTEjw5wUGCQYJhglGCcYJJgmmCWYJ5gkWCZYJVgnWCTYJtgl2CfYKnJHhqgqcleHqCZyR4ZoJnJXh2guckeG6C5yV4foIXJHhhghcleHGClyR4aYKXJXh5glckeGWCVyV4dYLXJHhtgtcleH2CNyR4Y4I3JXhzgrckeGuCQ8Px9gTvSPDOBO9K8O4E70nw3gTvS/D+BB9I8MEEH0rw4QQfSfDRBB9L8PEEnxj2XxMSfDrBZxJ8NsHnEnw+wRcSfDHBlxJ8OcFXEnw1wdcSfD3BNxJ8M8G3Enw7wXcSfDfB9xJ8P8EPEvwwwY8S/DjBTxL8NMHPEvw8wS8S/DLBrxL8OsFvEvw2we8S/D7BHxL8McGfEvw5wV8S/DXB3xL8PcE/Evwzwb8S/DvBfxL8N9lx3FHzzVCKw1IcLcXhKY6e4hgpjpniWCmOneI4KY6b4ngpjp/iBClOmOJEKU6c4iQpTpriZClOnuIUKU6Z4lQpTp3iNClOm+J0KU6f4gwpzpjiTCnOnOIsKc6a4mwpzp7iHCnOmeJcKc6d4jwpzpvifCnOn+ICKS6Y4kIpLpwiKS6S4qIpLpbi4ikukeKSKS6V4tIpLpPisikul+LyKa6Q4ooprpTiyimukuKqKa6W4uoprpHimimuleLaKa6T4roprpfi+ilukOKGKW6U4sYpbpLipiluluLmKW6R4pZDQ26V4tYpbpPitilul+L2Ke6Q4o4p7pTizinukuKuKe6W4u4p7pHininuleLeKe6T4r4p7pfi/ikekOKBKR6U4sEpHpLioSkeluLhKR6R4pEpHpXi0Skek6IpHpvicSken+IJKY5I8cQUT0rx5BQHKQYphilGKcYpJimmKWYp5ikWKZYpVinWKTYptil2KfYpnpLiqSmeluLpKZ6R4pkpnpXi2Smek+K5KZ6X4vkpXpDihSlelOLFKV6S4qUpXpbi5SlekeKVKV6V4tUpXpPitSlel+L1Yw8NjXL4xhRvSvHmFG9J8dYUb0vx9hTvSPHOFO9K8e4U70nx3hTvS/H+FB9I8cEUH0rx4RQfSfHRFB9L8fEUn0jxyRSfSvHpFJ9J8dkUn0vx+RRfSPHFFF9K8eUUX0nx1RRfS/H1FN9I8c0U30rx7RTfSfHdFN9L8f0UP0jxwxQ/SvHjFD9J8dMUP0vx8xS/SPHLFL9K8esUv0nx2xS/S/H7FH9I8ccUf0rx5xR/SfHXFH9L8fcU/0jxzxT/SvHvFP9J8d8UR6Y4lOGwDEfLcHiGo2c4RoZjZjhWhmNnOE6G42Y4XobjZzhBhhNmOFGGE2c4SYaTZjhZhpNnOEWGU2Y4VYZTZzhNhtNmOF2G02c4w8hhQ6P6nSnDmTOcJcNZM5wtw9kznCPDOTOcK8O5M5wnw3kznC/D+TNcIMMFM1wow4UzJMNFMlw0w8UyXDzDJTJcMsOlMlw6w2UyXDbD5TJcPsMVMlwxw5UyXDn7z7n3qhmuluHqGa6R4ZoZrpXh2hmuk+G6Ga6X4foZbpDhhhlulOHGGW6S4aYZbpbh5hlukeGWGW6V4dYZbpPhthlul+H2Ge6Q4Y4Z7pThzhnukuGuGe6W4e4Z7pHhnhnuleHeGe6T4b4Z7pfh/hkekOGBGR6U4cEZHpLhoRkeluHhGR6R4ZEZHpXh0Rkek6EZHpvhcRken+EJGY7I8MQMT8rw5AwHGQYZhhlGGcYZJhmmGWYZ5hkWGZYZVhnWGTYZthl22cf/fx17aoanZXh6hmdkeGaGZ2V4dobnZHhuhudleH6GF2R4YYYXZXhxhpdkeGmGl2V4eYZXZHhlhldleHWG12R4bYbXZXh9hjdkeGOGN2V4c4a3ZHhrhrdleHuGd2R4Z4Z3ZXh3hvdkeG+G92V4f4YPZPhghg9l+HCGj2T4aIaPZfh4hk9k+GSGT2X4dIbPZPhshs9l+HyGL2T4YoYvZfhyhq9k+GqGr838XxwZvpnhWxm+neE7Gb6b4XsZvp/hBxl+mOFHGX6c4ScZfprhZxl+nuEXGX6Z4VcZfp2N9f8Zf5fh9xn+kOGPGf6U4c8Z/pLhrxn+luHvGf6R4Z8Z/pXh3xn+k+G/GY7McCjHYTmOluPwHEfPcYwcx8xxrBzHznGcHMfNcbwcx89xghwnzHGiHCfOcZIcJ81xshwnz3GKHKfMcaocp85xmhynzXG6HKfPcYYcZ8xxphxnznGWHGfNcbYcZ89xjhznzHGuHOfOcZ4c581xvpzR589xgRwXzHGhHBfOkRwXyXHRHBfLcfEcl8hxyRyXynHpHJfJcdkcl8tx+RxXyHHFHFfKceUcV8lx1RxXy3H1HNfIcc0c18px7RzXyXHdHNfLcf0cN8hxwxw3+i+/TXLcNMfNctw8xy1y3DLHrXLcOsdtctw2x+1y3D7HHXLcMcedctw5x11y3DXH3XLcPcc9ctwzx71y3DvHfXLcN8f9ctw/xwNyPDDHg3I8OMdDcjw0x8NyPDzHI3I8Msejcjw6x2NyNMdjczwux+NzPCHHETmemONJOZ6c4yDHIMcwxyjHOMckxzTHLMc8xyLHMscqxzrHJsc2xy7HPsdTcjw1x9NyPD3HM3I8M8ezcjw7x3NyPDfH83I8P8cLcrwwx4tyvDjHS3K8NMfLcrw8xytyvDLHq3K8Osdrcrw2x+tyvD7HG3K8Mcebcrw5x1tyvDXH23K8Pcc7crwzx7tyvDvHe3K8N/+/vaP35/hAjg/m+FCOD+f4SI6P5vhYjo/n+ESOT+b4VI5P5/hMjs/m+FyOz+f4Qo4v5vhSji/n+EqOr+b4Wo6v5/hGjm/m+FaOb+f4To7v5vheju/n+EGOH+b4UY4f5/hJjp/m+FmOn+f4RY5f5vhVjl/n+E2O3+b4XY7f5/hDjj/m+FOOP+f4S46/5vhbjr/n+EeOf+bDhv7K8e8c/8nx3xxH5jhU4LACRytweIGjFzhGgWMWOFaBYxc4ToHjFjhegeMXOEGBExY4UcGoychJCpy0wMkKnLzAKQqcssCpCpy6wGkKnLbA6QqcvsAZCpyxwJkKnLnAWQqctcDZCpy9wDkKnLPAuQqcu8B5Cpy3wPkKnL/ABQpcsMCFCly4QApcpMBFC1yswMULXKLAJQtcqsClC1ymwGULXK7A5QtcocAVC1ypwJULXKXAVQtcrcDVC1yjwDULXKvAtQtcp8B1C1yvwPUL3KDADQvcqMCNC9ykwE2HD7lZgZsXuEWBWxa4VYFbF7hNgdsWuF2B2xe4Q4E7FrhTgTsXuEuBuxa4W4G7F7hHgXsWuFeBexe4T4H7FrhfgfsXeECBBxZ4UIEHF3hIgYcWeFiBhxd4RIFHFnhUgUcXeEyBFnhsgccVeHyBJxQ4osATCzypwJMLHBQYFBgWGBUYF5gUmBaYFZgXWBRYFlgVWBfYFNgW2BXYF3hKgacWeFqBpxd4RoFnFnhWgWcXeE6B5xZ4XoHnF3hBgRcWeFGBFxd4SYGXFnhZgZcXeEWBVxZ4VYFXF3hNgdcWeF2B1xd4Q4E3FnhTgTcXeEuBtxZ4W4G3F3hHgXcWeFeBdxd4T4H3FnhfgfcPDfOBAh8s8KECHy7wkQIfLfCxAh8v8IkCnyzwqQKfLvCZAp8t8LkCny/whQJfLPClAl8u8JUCXy3wtQJfL/CNAt8s8K0C3y7wnQLfLfC9At8v8IMCPyzwowI/LvCTAj8t8LMCPy/wiwK/LPCrAr8u8JsCvy3wuwK/L/CHAn8s8KcCfy7wlwJ/LfC3An8v8I8C/yzwrwL/LvCfAv8tcGSBQyUOK3G0EoeXOHqJY5Q4ZoljlTh2ieOUOG6J45U4fokTlDhhiROVOHGJk5Q4aYmTlTh5iVOUOGWJU5U4dYnTlDhtidOVOH2JM5Q4Y4kzlThzibOUOGuJs5U4e4lzlDhniXOVOHeJ85Q4b4nzlTj//85iSlyoxIVLpMRFSly0xMVKXLzEJUpcssSlSly6xGVKXLbE5UpcvsQVSlyxxJVKXLnEVUpctcTVSly9xDVKXLPEtUpcu8R1Sly3xPVKXL/EDUrcsMSNSty4xE1K3LTEzUrcvMQtStyyxK1K3LrEbUrctsTtSty+xB1K3LHEnUrcucRdSty1xN1K3L3EPUrcs8S9Sty7xH1K3LfE/Urcv8QDSjywxINKPLjEQ0o8tMTDSjy8xCNKPLLEo0o8usRjSrTEY0s8rsTjSzyhxBElnljiSSWeXOKgxKDEsMSoxLjEpMS0xKzEvGSoKLEssSqxLrEpsS2xK7Ev8ZQSTy3xtBJPL/GMEs8s8awSzy7xnBLPLfG8Es8v8YISLyzxohIvLvGSEi8t8bISLy/xihKvLPGqEq8u8ZoSry3xuhKvL/GGEm8s8aYSby7xlhJvLfG2Em8v8Y4S7yzxrhLvLvGeEu8t8b4S7y/xgRIfLPGhEh8u8ZFRdTCEj5X4eIlPlPhkiU+V+HSJz5T4bInPlfh8iS+U+GKJL5X4comvlPhqia+V+HqJb5T4Zolvlfh2ie+U+O7IYf/f4w9K/LDEj0r8uMRPSvy0xM9K/LzEL34b+Z8o8esSvynx2xK/K/H7En8o8ccSfyrx5xJ/KfHXEn8r8fcS/yjxzxL/KvHvEv8p8d8SR7U3VOGwCkercHiFo1c4RoVjVjhWhWNXOE6F41Y4XoXjVzhBhRNWOFGFE1c4SYWTVjhZhZNXOEWFU1Y4VYVTVzhNhdNWOF2F01c4Q4UzDh8aGtX3zBXOUuGsFc5W4ewVzlHhnBXOVeHcFc5T4bwVzlfh/BUuUOGCFS5U4cIVUuEiFS5a4WIVLl7hEhUuWeFSFS5d4TIVLlvhchUuX+EKFa5Y4UoVrlzhKhWuWuFqFa5e4RoVrlnhWhWuXeE6Fa5b4XoVrl/hBhVuWOFGFW5c4SYVblrhZhVuXuEWFW5Z4VYVbl3hNhVuW+F2FW5f4Q4V7ljhThXuXOEuFe5a4W4V7l7hHhXuWeFeFe5d4T4V7lvhfhXuX+EBFR5Y4UEVHlzhIRUeWuFhFR5e4REVHlnhURUeXeExFVrhsRUeV+HxFZ5Q4YgKT6zwpApPrnBQYVBhWGFUYVxhUmFaYVZhXmFRYVlhVWFdYVNhW2FXYV/hKRWeWuFpFZ5e4RkVnlnhWRWeXeE5I/DcCs+r8PwKL6jwwgovqvDiCi+p8NIKL6vw8gqvqPDKCq+q8OoKr6nw2gqvGzn8/xy6ocIbK7ypwpsrvKXCWyu8rcLbK7yjwjsrvKvCuyu8p8J7K7yvwvsrfKDCByt8qMKHK3ykwkcrfKzCxyt8osInK3yqwqcrfKbCZyt8rsLnK3yhwhcrfKnClyt8pcJXK3ytwtcrfKPCNyt8q8K3K3ynwncrfK/C9yv8oMIPK/yowo8r/KTCTyv8rMLPK/yiwi8r/KrCryv8psJvK/yuwu8r/KHCHyv8qcKfK/ylwl8r/K3C3yv8o8I/K/yrwr8r/KfCfyscWeFQjcNqHK3G4TWOXuMYNY5Z41g1jl3jOPWwoXFrHK/G8WucoMYJa5yoxolrnKTGSWucrMbJa5yixilrnKrGqWucpsZpa5yuxulrnKHGGWucqcaZa5ylxllrnK3G2Wuco8Y5a5yrxrlrnKfGeWucr8b5a1ygxgVrXKjGhWukxkVqXLTGxWpcvMYlalyyxqVqXLrGZWpctsblaly+xhVqXLHGlWpcucZValy1xtVqXL3GNWpcs8a1aly7xnVqXLfG9Wpcv8YNatywxo1q3LjGTWrctMbNaty8xi1q3LLGrWrcusZtaty2xu1q3L7GHWrcscadaty5xl1q3LXG3WrcvcY9atyzxr1q3LvGfWrct8b9aty/xgNqPLDGg2o8uMZDajy0xsNqPLzGI2o8ssajajy6xmNqtMZjazyuxuNrPKHGETWeWONJozwYGjlyUGNQY1hjVGNcY1JjWmNWY15jUWNZY1VjXWNTY1tjV2Nf4yk1nlrjaTWeXuMZNZ5Z41k1nl3jOTWeW+N5NZ5f4wU1XljjRTVeXOMlNV5a42U1Xl7jFTVeWeNVNV5d4zU1XlvjdTVeX+MNNd5Y40013lzjLTXeWuNto3weGhq6o8Y7a7yrxrtrvKfGe2u8r8b7a3ygxgdrfKjGh2t8pMZHa3ysxsdrfKLGJ2t8qsana3ymxmdrfK7G52t8ocYXa3ypxpdrfKXGV2t8rcbXa3yjxjdrfKvGt2t8p8Z3a3yvxvdr/KDGD2v8qMaPa/ykxk9r/KzGz2v8osYva/yqxq9r/KbGb2v8rsbva/yhxh9r/KnGn2v8pcZfa/ytxt9r/KPGP2v8q8a/a/ynxn9rHFnjUIPDGhytweENjt7gGA2O2eDYQzh2g+M0OG6D4zU4foMTNDhhgxM1OHGDkzQ4aYOTNTh5g1M0OGWDUzU4dYPTNDhtg9M1OH2DMzQ4Y4MzNThzg7M0OGuDszU4e4NzNDhng3M1OHeD8zQ4b4PzNTh/gws0uGCDCzW4cIM0uEiDiza4WIOLN7hEg0s2uFSDSze4TIPLNrhcg8s3uEKDKza4UoMrN7hKg6s2uFqDqze4RoNrNrhWg2s3uE6D6za4XoPrN7hBgxs2uFGDGze4SYObNrhZg5s3uEWDWza4VYNbN7hNg9s2uF2D2ze4Q4M7Nv/hu3ODuzS4a4O7Nbh7g3s0uGeDezW4d4P7NLhvg/s1uH+DBzR4YIMHNXhwg4c0eGiDhzV4eINHNHhkw9bjDw15dIPHNGiDxzZ4XIPHN3hCgyMaRoxy4KQGT25w0GDQYNhg1GDcYNJg2mDWYN5g0WDZYNVg3WDTYNtg12Df4CkNntrgaQ2e3uAZDZ7Z4FkNnt3gOQ2e2+B5DZ7f4AXNf+p0VFzc4CUNXtrgZQ1e3uAVDV7Z4FUNXt3gNQ1e2+B1DV7f4A0N3tjgTQ3e3OAto+OtDd7W4O0N3tHgnQ3e1eDdDd7T4L0N3tfg/Q0+0OCDDT7U4MMNPtLgow0+1uDjDT7R4JMNPtXg0w0+0+CzDT7X4PMNvtDgiw2+1ODLDb7S4KsNvtbg6w2+0eCbDb7V4NsNvtPguw2+1+D7DX7Q4IcNftTgxw1+0uCnDX7W4OcNftHglw1+1eDXDX7T4LcNftfg9w3+0OCPDf7U4M8N/tLgrw3+1uDvDf7R4J8N/tXg3w3+0+C/DY5scKjFYS2O1uLwFkdvcYz//h+rxbFbHKfFcVscr8XxW5ygxQlbnKjFiVucpMVJW5ysxclbnKLFKVucqsWpW5ymxWlbnK7F6VucocUZW5ypxZlbnKXFWVucrcXZW5yjxTlbnKvFuVucp8V5W5yvxflbXKDFBVtcqMWFW6TFRVpctMXFWly8xSVaXLLFpVpcehgu0+KyLS7X4vLtMFdoccUWV2px5RZXaXHVFldrcfUW12hxzRbXanHtFtdpcd0W12tx/RY3aHHDFjdqceMWN2lx0xY3a3HzFrdoccsWt2px6xa3aXHbFrdrcfsWd2hxxxZ3anHnFndpcdcWd2tx9xb3aHHPFvdqGXPvFvdpcd8W92tx/xYPaPHAFg9q8eAWD2nx0BYPa/HwUTkd+s/+8qgWj27xmBZt8dgWj2vx+JYNTmhxRIsntnhS+x8XBi0GLYYtRi3GLSYtpi1mLeYtFi2WLVbt0LC6xabFtsWuxb7FU1o8tcXTWjy9xTNaPLPFs1o8u8VzWjy3xfNaPL/FC1q8sMWLWry4xUtavLTFy1q8vMUrWryyxatavLrFa1q8tsXrWry+xRtaHLPFm1q8ucVbWry1xdtavL3FO1q8s8W7Wry7xXtavLfF+1q8v8UHWnywxYdafLjFR1p8tMXHWny8xSdafLLFp1p8usVnWny2xedafL7FF1p8scWXWny5xVdafLXF11p8vcU3WnyzxbdafLvFd1p8t8X3Wny/xQ9a/LDFj1r8uMVPWvy0ZWi0oaEVP2/xixa/bPGrFr9u8ZsWv23xuxa/b/GHFn9s8acWf27xlxZ/bfG3Fn9v8Y8W/2zxrxb/bvGfFv9tceSonHc4rMPROhze4egdjtHhmB2O1eHYHY7T4bgdjtfh+B1O0OGEHU7U4cQdTtLhpB1O1uHkHU7R4ZQdTtXh1B1O0+G0HU7X4fQdztDhjB3O1OHMHc7S4awdztbh7B3O0eGcHc7V4dwdztPhvB3O1+H8HS7Q4YIdLtThwh3S4SIdLtrhYh0u3uESHS7Z4VIdLt3hMh0u2+FyHS7f4QodrtjhSh2u3OEqHa7a4Wodrt6N4xodrtnhWh2u3eE6Ha7b8b+Pr27Q4YYdbtThxh1u0uGmHW7W4eYdbtHhlh1u1eHWHW7T4bYdbtfh9h3u0OGOHe7U4c4d7tLhrh3u1uHuHe7R4Z4d7tXh3h3u0+G+He7X4f4dHtDhgR0e1OHBHR7S4aEdHtbh4R0e0eGRHR7V4dEdHtOhHR7b4XEdHt/hCR2OOAFP7PCkDk/ucNBh0GHYYdRh3GHSYdph1mHeYdFh2WHVYd1h02HbYddh3+EpHZ7a4Wkdnt7hGR2e2eFZHZ7d4TkdntvheR2e3+EFHV7Y4UUdXtzhJR1e2uFlHV7e4RUdXtnhVR1e3eE1HV7b4XUdXt/hDR3e2OFNHd7c4S0d3trhbR3e3uEd3X88v6vDuzu8p8N7O7yvw/s7fKDDBzt8qMOHO3ykw0c7fKzDxzt8osMnO3yqw6c7fKbDZzt8rsPnO3yhwxc7fKnDlzt8pcNXO3ytw9c7fKPDNzt8q8O3O3ynw3c7fK/D9zv8oMMPO/yow487/KTDTzv8rMPPO/yiwy87/KrDrzv8psNvO/yuw+87/KHDHzv8qcOfO/ylw187/K3D3zv8o8M/O/yrw787/KfDfzscOYpLj8N6HK3H4T2O3uMYPY7Z41g9jt3jOD2O2+N4PY7f4wQ9TtjjRD1O3OMkPU7a42Q9Tt7jFD1O2eNUPU7d4zQ9TtvjdD1O3+MMPc7Y40w9ztz/5y7zrD3O1uPsPc7R45w9ztXj3D3O0+O8Pc7X4/w9LtDjgj0u1OPCPdLjIj0u2uNiPS7e4xI9LtnjUj0u3eMyPS7b43I9Lt/jCj2u2ONKPa7c4yo9rtrjav+7it3jmj2u1ePaPa7T47o9rtfj+j1u0OOGPW7U48Y9btLjpj1u1uPmPW7R45Y9btXj1j1u0+O2PW7X4/Y97tDjjj3u1OPOPe7S46497tbj7j3u0eOePe7V49497tPjvj3u1+P+PR7Q44E9HtTjwT0e0uOhPR7W4+E9HtHjkT0e1ePRPR4z1pD2eGyPx/V4/CjuPY7o8cQeT+rx5B4HPQY9hj1GPcY9Jj2mPWY95j0WPZY9Vj3WPTY9tj12PfY9ntLjqT2e1uPpPZ7R45k9ntXj2T2e0+O5PZ7X4/k9XtDjhT1e1OPFPV7S46U9Xtbj5T1e0eOVPV7V49U9XtPjtT1e1+P1Pd7Q44093tTjzT3e0uOtPd7W4+093tHjnT3e1ePdPd7T47093tfj/T0+0OODPT7U48M9PtLjoz0+1uPjPT7R45M9PtXj0z0+0+OzPT7X4/M9vtDjiz2+1OPLPb7S46s9vtbj6z2+0eObPb7V49s9vtPjuz2+1+P7PX7Q44c9ftTjxz1+0uOnPX7W4+c9ftHjlz1+1ePXPX7T4/8j4hyjBjuahftMMslMbNvGjp2Jbdu2sYOJ7Tk2nti2bdu2rfnWvPf97v15zlq9urp6V62q6ur+dhR+Nwq/H4U/jMIfR+FPo/DnUfjLKPx1FP42Cn8fhX+Mwj9H4V+j8O9R+M8o/HcUjh6FAwEOCXCsAMcOcGiA4wQ4boDDAhwe4HgBjh/gBAFOGOBEAU4c4CQBThrgZAFOHuAUAU4Z4FQBTh3gNAFOG+B0AU4f4AwBzhjgTAHOHOAsAc4a4GwBzh7gHAHOGeBcwcDIuQOcJ8B5A5wvwPkDXCDABQNcKMCFA1wkwEUDZK+BgTHrWDzAJQJcMsClAlw6wGUCXDbA5QJcPsAVAlwxwJUCXDnAEQGuEuCqAa4W4OoBrhHgmgGuFeDaQwdcJ8B1A1wvwPUD3CDADQPcKMCNA9wkwE0D3CzAzQPcIsAtA9wqwK0D3CbAbQPcLsDtA9whwB0D3CnAnQPcJcBdA9wtwN0D3CPAPQPcK8C9A9wnwH0D3C/A/QM8IMADAzwowIMDPCTAQwM8LMDDAzwiwCMDPCrAowM8JsBjAzTA4wI8PsATAjwxwJEBnhTgyQGeEuCpAZ4W4OkBnhHgmQGeFeDZAZ4T4LkBnhfg+QFeEOCFAV4U4MUBXhLgqICBMSyFAUYBxgEmAaYBZgHmARYBlgFWAdYBNgG2AXYB9gEOBnhpgJcFeHmAVwR4ZYBXBXh1gNcEeG2A1wV4fYA3BHhjgDcFeHOAtwR4a4C3BXh7gHcEeGeAdwV4d4D3BHhvgPcFeH+ADwT4YIAPBfhwgI8E+GiAjwX4eIBPBPhkgE8F+HSAzwT4bIDPBfh8gC8E+GKALwX4coCvBPhqgK8F+HqAbwT4ZoBvBfh2gO8E+G6A7wX4foAfBP/Tz/dRgB8H+EmAnwb4WYCfB/hFgF8G+FWAXwf4TYDfBvhdgN8H+EOAPwb4U4A/B/hLgL8G+FuAvwf4R4B/BvhXgH8H+E+AoyfB0QEOhDgkxLFCHDvEoSGOE+K4IQ4LcXiI44U4fogThDhhiBOFOHGIk4Q4aYiThTh5iFOEOGWIU4U4dYjThDhtiNOFOH2IM4Q4Y4gzhThziLOEOGuIs4U4e4hzhDhniHOFOHeI84Q4b4jzhTh/iAuEuGCIC4W4cIiLhLhoiIS4WIiLh7hEiEuGuFSIS4e4TIjLhrhciMuHuEKIK4a4UogrhzgixFVCXDXE1UJcPcQ1QlwzxLVCXDvEdUJcN8T1Qlw/xA1C3DDEjULcOMRNQtw0xM1C3DzELULcMsStQtw6xG1C3DbE7ULcPsQdQtwxxJ1C3DnEXULcNcTdQtw9xD1C3DPEvULcO8R9Qtw3xP1C3D/EA0I8MMSDQjw4xENCPDRk4P/nJkeEeGSIR4V4dIjHhHhsiIZ4XIjHh3hCiCeGODLEk0I8OcRTQjw1xNNCPD3EM0I8M8SzQjw7xHNCPDfE80I8P8QLQrwwxItCvDjES0IcFWIQYhhiFGIcYhJiGmIWYj6Gt5H/c5xdhViH2ITYhtiF2Ic4GOKlIV72XzavCPHKEK8K8eoQrwnx2hCvC/H6EG8I8cYQbwrx5hBvCfHWEG8L8fYQ7wjxzhDvCvHuEO8J8d4Q7wvx/hAfCPHBEB8K8eEQHwnx0RAfC/HxEJ8I8ckQnwrx6RCfCfHZEJ8L8fkQXwjxxRBfCvHlEF8J8dUQXwvx9RDfCPHNEN8K8e0Q3wnx3RDfC/H9ED8I8cMQPwrx4xA/CfHTED8L8fMQvwjxyxC/CvHrEL8J8dsQvwvx+xB/CPHHEH8K8ecQfwnx1xB/C/H3EP8I8c8Q/wrx7xD/CfHfEEeHOBDhkAjHinDsCIdGOE6E40Y4LMLhEY4X4fgRThDhhBFOFOHEEU4S4aQRThbh5BFOEeGUEU4V4dQRThPhtBFOF+H0Ec4Q4YwRzhThzBHOEuGsEc4W4ewRzhHhnBHOFeHcEc4T4bwRzhfh/BEuEOGCES4U4cIRLhLhohES4WIRLh7hEhEuGeFSES4d4TIRLhvhchEuH+EKEa4Y4UoRrhzhiAhXiXDVCFeLcPUI14hwzQjXinDtCNeJcN0I14tw/Qg3iHDDCDeKcOMIN4lw0wg3i3DzCLeIcMsIt4pw6wi3iXDbCLeLcPsId4hwxwh3inDnCHeJcNcId4tw9wj3iHDPCPeKcO8I94lw3wj3i3D/CA+I8MAID4rw4AgPifDQCA+L8PAIj4jwyAiPivDoCI+J8NgIjfC4CI+P8IQIT4xwZIQnRXhyhKdEeGqEp0V4eoRnRHhmhGdFeHaE50R4boTnRXh+hBdEeGGEF0V4cYSXRDgqwiDCMMIowjjCJMI0wizCPMIiwjLCKsI6wibCNsIuwj7CwQgvjfCyCC+P8IoIr4zwqgivjvCaCK+N8LoIr4/whghvjPCmCG+O8JYIb43wtghvj/COCO+M8K4I747wngjvjfC+CO+P8IEIH4zwoQgfjvCRCB+N8LEIH4/wiQifjPCpCJ+O8JkIn43wuQifj/CFCF+M8KUIX47wlQhfjfC1CF+P8I0I34zwrQjfjvCdCN+N8L0I34/wgwg/jPCjCD+O8JMIP43wswg/j/CLCL+M8KsIv47wmwi/jfC7CL+P8IcIf4zwpwh/jvCXCH+N8LcIf4/wjwj/jPCvCP+O8J8I/41wdIQDMQ6JcawYx45xaIzjxDhujMNiHB7jeDGOH+MEMU4Y40QxQyaOcZIYJ41xshgnj3GKGKeMcaoYp45xmhinjXG6GKePcYYYZ4xxphhnjnGWGGeNcbYYZ49xjhjnjHGuGOeOcZ4Y541xvhjnj3GBGBeMcaEYF45xkRgXjZEYF4tx8RiXiHHJGJeKcekYl4lx2RiXi3H5GFeIccUYV4px5RhHxLhKjKvGuFqMq8e4RoxrxrhWjGvHuE6M68a4Xozrx7hBjBvGuFGMG8e4SYybxrhZjJvHuEWMW8a4VYxbx7hNjNvGuF2M28e4Q4w7xrhTjDvHuEuMu8a4W4y7x7hHjHvGuFeMe8e4T4z7xrhfjPvHeECMB8Z4UIwHx3hIjIfGeFiMh8d4RIxHxnhUjEfHeEyMx8ZojMfFeHyMJ8R4YowjYzwpxpNjPCXGU2M8LcbTYzwjxjNjPCvGs2M8J8ZzYzwvxvNjvCDGC2O8KMaLY7wkxlExBjGGMUYxxjEmMaYxZjHmMRYxljFWMdYxNjG2MXYx9jEOxnhpjJfFeHmMV8R4ZYxXxXh1jNfEeG2M18V4/RgZdsUbY7wpxptjvCXGW2O8LcbbY7wjxjtjvCvGu2O8J8Z7Y7wvxvtjfCDGB2N8KMaHY3wkxkdjfCzGx2N8IsYnY3wqxqdjfCbGZ2N8LsbnY3whxhdjfCnGl2N8JcZXY3wtxtdjfCPGN2N8K8a3Y3wnxndjfC/G92P8IMYPY/woxo9j/CTGT2P8LMbPY/wixi9j/CrGr2P8JsZvY/wuxu9j/CHGH2P8KcafY/wlxl9j/C3G32P8I8Y/Y/wrxr9j/CfGf2McHeNAgkMSHCvBsRMcmuA4CY6b4LAEhyc4XoLjJzhBghMmOFGCEyc4SYKTJjhZgpMnOEWCUyY4VYJTJzhNgtMmOF2C0yc4Q4IzJjhTgjMnOEuCsyY4W4KzJzhHgnMmOFeCcyc4T4LzJjhfgvMnuECCCya4UIILJ7hIgosmSIKLJbh4gkskuGSCSyW4dILLJLhsgsslODB0yP/enVopwZUTHDFiwFUSXDXB1RJcPcE1ElwzwbUSXDvBdRJcN8H1Elw/wQ0S3DDBjRLcOMFNEtw0wc2SoQObJ7hFglsmuFWCWye4TYLbJrhdgtsnuEOCOya4U4I7J7hLMvx/5do9wT0S3DPBvRLcO8F9Etw3wf0S3D/BA5LB8Q9M8KAED07wkAQPTfCwBA9P8IgEj0zwqASPTvCYBI9N0ASPS/D4BE9I8MQERyZ4UoInJ3hKgqcmeFqCpyd4RoJnJnhWgmcneE6C5yZ4XoLnJ3hBghcmeFGCFyd4SYKjEgwSDBOMEowTTBJME8wSzBMsEiwTrBKsE2wSbBPsEuwTHEzw0gQvS/DyBK9I8MoEr0rw6gSvSfDaBK9L8PoEb0jwxgRvSvDmBG9J8NYEb0vw9gTvSPDOBO9K8O4E70nw3gTvS/D+BB9I8MEEH0rw4QQfSfDRBB9L8PEEn0jwyQSfSvDpBJ9J8NkEn0vw+QRfSPDFBF9K8OUEX0nw1QRfS/D1BN9I8M0E30rw7QTfSfDdBN9L8P0EP0jwwwQ/SvDjBD9J8NMEP0vw8wS/SPDLBL9K8OsEv0nw2wS/S/D7BH9I8McEf0rw5wR/SfDXBH9L8PcE/0jwzwT/SvDvBP9J8N8ER4+xiRSHpDg8xbFTHJriOCmOm+Kw//4fL8XxU5wgxQlTnCjFiVOcJMVJU5wsxclTnCLFKVOcKsWpU5wmxWlTnC7F6VOcIcUZU5wpxZlTnCXFWVOcLcXZU5wjxTlTnCvFuVOcJ8V5U5wvxflTXCDFBVNcKMWFU1wkxUVTJMXFUlw8xSVSXDLFpVJcOsVlUlw2xeVSXD7FFVJcMcWVUlw5xREprpLiqimuluLqKa6R4poprpXi2imuk+K6Ka6X4vopbpDihilulOLGKW6S4qYpbpbi5ilukeKWKW6V4tYpbpPitilul+L2Ke6Q4o4p7pTizinukuKuKe6W4u4p7pHininuleLeKe6T4r4p7pfi/ikekOKBKR6U4sEpHpLioSkeluLhKR6R4pEpHpXi0Skek+KxKZricSken+IJKZ6Y4sgUT0rx5BRPSfHUFE9L8fQUz0jxzBTPSvHsFM9J8dwUz0vx/BQvSPHCFC9K8eIUL0lxVIpBimGKUYpxikmKaYpZinmKRYplilWKdYpNim2KXYp9ioMpXpriZSlenuIVKV6Z4lUpXp3iNSlem+J1KV6f4g0p3pjiTSnenOItKd6a4m0p3p7iHSnemeJdKd6d4j0p3pvifSnen+IDKT6Y4kMpPpziIyk+muJjKT6e4hMpPpniUyk+neIzKT6b4nMpPp/iCym+mOJLKb6c4ispvpriaym+nuIbKb6Z4lspvp3iOym+m+J7Kb6f4gcpfpjiRyl+nOInKX6a4mcpfp7iFyl+meJXKX6d4jcpfpvidyl+n+IPKf6Y4k8p/pziLyn+muJvKf6e4h8p/pniXyn+neI/Kf6b4ugUBzIckuFYGY6d4dAMx8lw3AyHZTg8w/EyHD/DCTKcMMOJMpw4w0kynDTDyTKcPMMpMpwyw6kynPPRgYFpMpw2w+kynD7DGTKcMcOZMpw5w1kynDXD2TKcPcM5xozLcK4M585wngznzXC+DOfPcIEMF8xwoQwXznCRDBfNkAwXy3DxDJfIcMkMl8pw6QyXyXDZDJfLcPkMV8hwxQxXynDlDEdkuEqGq2a4WoarZ7hGhmtmuFaGa2e4TobrZrhehutnuEGGG2a4UYYbZ7hJhptmuFmGm2e4RYZbZrhVhltnuE2G22a4XYbbZ7hDhjtmuFOGO2e4S4a7ZrhbhrtnuEeGe2a4V4Z7Z7hPhvtmuF+G+2d4QIYHZnhQhgdneEiGh2Z4WIaHZ3hEhkdmeFSGR2d4TIbHZmiGx2V4fIYnZHhihiMzPCnDkzM8JcNTMzwtw9MzPCPDMzM8K8OzMzwnw3MzPC/D8zO8IMMLM7wow4szvCTDURkGGYYZRhnGGSYZphlmGeYZFhmWGVYZ1hk2GbYZdmPYGxgYGMzw0gwvy/DyDK/I8MoMr8rw6gyvyfDaDK/L8PoMb8jwxgxvyvDmDG/J8NYMb8vw9gzvyPDODO/K8O4M78nw3gzvy/D+DB/I8MEMH8rw4QwfyfDRDB/L8PEMn8jwyQyfyvDpDJ/J8NkMn8vw+QxfyPDFDF/K8OUMX8nw1Qxfy/D1DN/I8M0M38rw7QzfyfDdDN/L8P0MP8jwwww/yvDjDD/J8NMMP8vw8wy/yPDLDL/K8OsMv8nw2wy/y/D7DH/I8McMf8rw5wx/yfDXDH/L8PcM/8jwzwz/yvDvDP/J8N8MR2c4kOOQHMfKcewch+Y4To7j5jgsx+E5jpfj+DlOkOOEOU6U48Q5TpLjpDlOluPkOU6R45Q5TpXj1DlOk+O0OU6X4/Q5zpDjjDnOlOPMOc6S46w5zpbj7DnOkeOcOc6V49w5zpPjvDnOl+P8OS6Q44I5LpTjwjkukuOiOZLjYjkunuMSOS6Z41I5Lp3jMjkum+NyOS6f4wo5rpjjSjmunOOIHFfJcdUcV8tx9RzXyHHNHNfKce0c18lx3RzXy3H9HDfIccMcN8px4xw3yXHTHDfLcfMctxj133A+x61z3CbHbXPcLsftc9whxx1z3CnHnXPcJcddc9wtx91z3CPHPXPcK8e9c9wnx31z3C/H/XM8IMcDczwox4NzPGJgYODQHA/L8fAx3zkemeNROR6d4zE5HpujOR6X4/E5npDjiTmOzPGkHE/O8ZQcT83xtBxPz/GMHM/M8awcz87xnBzPzfG8HM/P8YIcL8zxohwvzvGSHEflGOQY5hjlGOeY5JjmmOWY51jkWOZY5Vjn2OTY5tjl2Oc4mOOlOV6W4+U5XpHjlTlelePVOV6T47U5Xpfj9TnekOONOd6U48053pLjrTneluPtOd6R45053pXj3Tnek+O9Od6X4/05PpDjgzk+lOPDOT6S46M5Ppbj4zk+keOTOT6V49M5PpPjszk+l+PzOb6Q44s5vpTjyzm+kuOrOb6W4+s5vpHjmzm+lePbOb6T47s5vpfj+zl+kOOHOX6U48c5fpLjpzl+luPnOX6R45c5fpXj1zl+k+O3OX6X4/c5/pDjjzn+lOPPOf6S4685/pbj7zn+keOfOf6Vz7jI3zn+k+O/OY7OcaDAIQWOVeDYBQ4tcJwCxy1wWIHDCxyvwPELnKDACQucqMCJC5ykwEkLnKzAyQucosApC5yqwKkLnKbAaQucrsDpC5yhwBkLnKnAmQucpcBZC5ytwNkLnKPAOQucq8C5C5ynwHkLnK/A+QtcoMAFC1yowIULXKTARQukwMUKXLzAJQpcssClCly6wGUKXLbA5QpcvsAVClyxwJUKXLnAEQWuUuCqBa5W4OoFrlHgmgWuVeDaBa5T4LoFrlfg+gVuUOCGBW5U4MYFblLgpgVuVuDmBW5R4JYFblXg1gVuU+C2BW5X4PYF7lDgjgXuVODOBe5S4K4F7lbg7gXuUeCeBe5V4N4F7lPgvgXuV+D+BR5Q4IEFHlTgwQUeUuChBR5W4OEFHlHgkQUeVeDRBR5T4LEFWuBxBR5f4AkFnljgyAJPKvDkAk8p8NQCTyvw9ALPKPDMAs8q8OwCzynw3ALPK/D8Ai8o8MICLyrw4gIvKXBUgUGBYYFRgXGBSYFpgVmBeYFFgWWBVYF1gU2BbYFdgX2BgwVeWuBlBV5e4BUFXlngVQVeXeA1BV5b4HUFXl/gDQXeWOBNBd5c4C0F3lrgbQXeXuAdBd5Z4F0F3l3gPQXeW+B9Bd5f4AMFPljgQwU+XODHBT5a4GMFPl7gEwU+WeBTBT5d4DMFPlvgcwU+X+ALBb5Y4EsFvlzgKwW+WuBrBb5e4BsFvlngWwW+PXRgYIzNvVvgewW+X+AHBX5Y4Ef/nfuTAj8t8LMCPy/wiwK/LPCrAr8u8JsCvy3wuwK/L/CHAn8s8KcCfy7wlwJ/LfC3An8v8I8C/yzwrwL/LvCfAv8tcHSBAyUOKXGsEscucWiJ45Q4bonDShxezuJ4JY5f4gQlTljiRCVOXOIkJU5a4mQlTl7iFCVOWeJUJU5d4jQlTlvidOWw/9S2ZihxxhJnKnHmEmcpcdYSZytx9hLnKHHOEucqce4S5ylx3hLnK3H+EhcoccESFypx4RIXKXHREilxsRIXL3GJEpcscakSly5xmRKXLXG5EpcvcYUSVyxxpRJXLnFEiauUuGqJq5W4eolrlLhmiWuVuHaJ65S4bonrlbh+iRuUuGGJG5W4cYmblLhpiZuVuHmJW5S4ZYlblbh1iduUuG2J25W4fYk7lLhjiTuVuHOJu5S4a4m7lbh7iXuUuGeJe5W4d4n7lLhvifuVuH+JB5R4YIkHlXhwiYeUeGjJv6NHj/bwEo8o8cgSjyrx6BKPKfHYEi3xuBKPL/GEEk8scWSJJ5V4comnlHhqiaeVeHqJZ5R4ZolnlXh2ieeUeG6J55V4fokXlHhhiReVeHGJl5Q4qsSgxLDEqMS4xKTEtMSsxLzEosSyxKrEusSmxLbErsS+xMESLy3xshIvL/GKEq8ckxiUeHWJ15R4bYnXlXh9iTeUeGOJN5V4c4m3lHhribeVeHuJd5R4Z4l3lXh3ifeUeG+J95V4f4kPlPhgiQ+V+HCJj5T4aImPlfh4iU+U+GSJT5X4dInPlPhsic+V+HyJL5T4Yokvlfhyia+U+GqJr5X4eolvlPhmiW+V+HaJ75T4bonvlfh+iR+U+GGJH5X4cYmflPhpiZ+V+HmJX5T4ZYlflfh1id+U+G2J35X4fYk/lPhjiT+V+HOJv5T4a4m/lfh7iX+U+GeJf5X4d4n/lPhviaNLHKhwSIVjVTh2hUMrHKfCcSscVuHwCsercPwKJ6hwwgonqnDiCiepcNIKJ6tw8gqnqHDKCqeqcOoKp6lw2goHBgZGjgmHZ6hwxgpnqnDmCmepcNYKZ6tw9grnqHDOCueqcO4K56lw3grnq3D+6v9q9wtVuHCFi1S4aIVUuFiFi1e4RIVLVrhUhUtXuEyFy1a4XIXLV7hChStWuFKFK1c4osJVKly1wtUqXL3CNSpcs8K1Kly7wnUqXLfC9Spcv8INKtywwo0q3LjCTSrctMLNKty8wi0q3LLCrSrcusJtKty2wu0q3L7CHSrcscKdKty5wl0q3LXC3SrcvcI9Ktyzwr0q3LvCfSrct8L9Kty/wgMqPLDCgyo8uMJDKjy0wsMqPLzCIyo8ssKjKjy6wmMqPLZCKzyuwuMrPKHCEyscWeFJFZ5c4SnV/71DfXqFZ1R4ZoVnVXh2hedUeG6F51V4foUXVHhhhRdVeHGFl1Q4qsKgwrDCqMK4wqTCtMKswrzCosKywqrCusKmwrbCrsK+wsEKL63wsgovr/CKCq+s8KoKr67wmgqvrfC6Cq+v8IYKb6zwpgpvrvCWCm+t8LYKb6/wjgrvrPCuCu+u8J4K763wvgrvr/CBCh+s8KEKH67wkQofrfCxCh+v8IkKn6zwqQqfrvCZCp+t8LkKn6/whQpfrPClCl+u8JUKX63wtQpfr/CNCt+s8K0K367wnQrfrfC9Ct+v8IMKP6zwowo/rvCTCj+t8LMKP6/wiwq/rPCrCr+u8JsKv63wuwq/r/CHCn+s8KcKf67wlwp/rfC3Cn+v8I8K/6zwrwr/rvCfCv+tcPQY26xxSI1j1Th2jUNrHKfGcWscVuPwGsercfwaJ6hxwhonqnHiGiepcdIaJ6tx8hqnqHHKGqeqceoap6lx2hqnq3H6GmeoccYaZ6px5hpnqXHWGmercfYa56hxzhrnqnHuGuepcd4a56tx/hoXqHHBGheqceEaF6lx0RqpcbEaF69xiRqXrHGpGpeucZkal61xuRqXr3GFGlescaUaV65xRI2r1LhqjavVuHqNa9S4Zo1r1bh2jevUuG6N69W4fo0b1LhhjRvVuHGNm9S4aY2b1bh5jVvUuGWNW9W4dY3b1LhtjdvVuH2NO9S4Y4071bhzjbvUuGuNu9W4e4171LhnjXvVuHeN+9S4b4371bh/jQfUeGCNB9V4cI2H1HhojYfVeHiNR9R4ZI1H1Xh0jcfUeGyN1nhcjcfXeEKNJ9Y4ssaTajy5xlNqPLXG02o8vcYzajyzxrNqPLvGc2o8t8bzajy/xgtqvLDGi2q8uMZLahxVY1BjWGNUY1xjUmNaY1ZjXmNRY1ljVWNdY1NjW2NXY1/jYI2X1nhZjZfXeEWNV9Z4VY1X13hNjdfWeF2N19d4Q4031v8TY95c4y013lrjbTXeXuMdNd5Z41013l3jPTXeW/+fr3ugxgdrfKjGh2t8pMZHa3ysxsdrfKLGJ2t8qub1/99j+WyNz9X4fI0v1PhijS/V+HKNr9T4ao2v1fh6jW/U+GaNb9X4do3v1Phuje/V+H6NH9T4YY0f1fhxjZ/U+GmNn9X4eY1f1PhljV/V+HWN39T4bY3f1fh9jT/U+GONP9X4c42/1Phrjb/V+HuNf9T4Z41/1fh3jf/U+G+No2scaHBIg2M1OHaDQxscp8FxGxzW4PAGx2tw/AYnaHDCBidqcOIGJ2lw0gYna3DyBqdocMoGp2pw6ganaXDaBqdrcPoGZ2hwxgZnanDmBmdpcNYGZ2tw9gbnaHDOBudqcO4G52lw3gbna3D+BhdocMEGF2pw4QYXaXDRBmlwsQYXb3CJBpdscKkGl25wmQaXbXC5BpdvcIUGV2xwpQZXbnBEg6s0uGqDqzW4eoNrNLhmg2s1uHaD6zS4boPrNbh+gxs0uGGDGzW4cYObNLhpg5s1DB/DxhYNbtngVg1u3eA2DW7b4HYNbt/gDg3u2OBODe7c4C4N7trgbg3u3uAeDe7Z4F4N7t3gPg3u2+B+De7f4AENHtjgQQ0e3OAhDR7a4GENHt7gEQ0e2eBRDR7d4DENHtugDR7X4PENntDgiQ2ObPCkBk9u8JQGT23wtAZPb/CMBs9s8KwGz27wnAbPbfC8Bs9v8IIGL2zwogYvbvCSBkc1GDQYNhg1GDeYNJg2mDWYN1g0WDZYNVg32DTYNtg12Dc42OClDV7W4OUNXtHglQ1e1eDVDV7T4LUNXtfg9Q3e0OCNDd7U4M0N3tLgrQ3e1uDtDd7R4J0N3tXg3Q3e0+C9Dd7X4P0NPtDggw0+1ODDDT7S4KMNPtbg4w0+0eCTDT7V4NMNPtPgs80YNzDkP/7jhQZfbPClBl9u8JUGX23wtQZfb/CNBt9s8K0G327wnQbfbfC9Bt9v8IMGP2zwowY/bvCTBj9t8LMGP2/wiwa/bPCrBr9u8JsGv23wuwa/b/CHBn9s8KcGf27wlwZ/bfC3Bn9v8I8G/2zwrwb/bvCfBv9tcHSDAy0OaXGsFsducWiL47Q4bovDWhze4ngtjt/iBC1O2OJELU7c4iQtTtriZC1O3uIULU7Z4lQtXjMxTtPitC1O1+L0Lc7Q4owtztTizC3O0uKsLc7W4uwtztHinC3O1eLcLc7T4rwtztfi/C0u0OKCLS7U4sItLtLioi3S4mItLt7iEi0u2eJSLS7d4jItLtvici0u3+IKLa7Y4kotrtziiBZXaXHVFldrcfUW12hxzRbXanHtlmHrtLhui+u1uH6LG7S4YYsbtbhxi5u0uGmLm7W4eYtbtLhli1u1uHWL27S4bYvbDYzYcYyud2hxxxZ3anHnFndpcdcWd2tx9xb3aHHPFvdqce8W92lx3xb3a0/6D28HtHhgiwe1eHCLh7R4aIuHtXh4i0e0eGSLR7V4dIvHtHhsi7Z4XIvHt3hCiye2OLLFk1o8ucVTWjy1xdNaPL3FM1o8s8WzWjy7xXNaPLfF81o8v8ULWrywxYtavLjFS1oc1WLQYthi1GLcYtJi2mLWYt5i0WLZYtVi3WLTYtti12Lf4mA7i5e2eFmLl7d4RYtXtnhVi1ePYavFa1u8rsXrW7yhxRtbvKnFm1u8pcVbW7ytxdtbvKPFO1u8q8W7W7ynxXtbvK/F+1t8oMUHW3yoxYdbfKTFR1t8rMXHW3yixSdbfKrFp1t8psVnW3yuxedbfKHFF1t8qR33P/vzSouvtvhai6+3+EaLb7b4Votvt/hOi++2+F6L77f4QYsftvhRix+3+EmLn7b4WYuft/hFi1+2+FWLX7f4TYvftvhdi9+3+EOLP7Yn+1OLP7f4S4u/tvhbi7+3+EeLf7b4V4t/t/hPi/+2OLrFgQ6HdDhWh2N3OLTDcToct8NhHQ7vcLwOx+9wgg4n7HCiDifucJIOJ+1wsg4n73CKDqfscKoOp+5wmg6n7XC6DqfvcIYOZ+xwpg5n7nCWDmftcLYOZ+9wjg7n7HCuDufucJ4O5+1wvg7n73CBDhfscKEOF+5wkQ4X7ZAOF+tw8Q6X6HDJDpfqcOkOl+lw2Q6X63D5DlfocMUOV+pw5Q5HdLhKh6t2uFqHq3e4RodrdrhWh2t3uE6H63a4Xofrd7hBhxt2uFGHG3e4SYebdrhZh5t3uEWHW3a4VYdbd7hNh9t2uF2H23e4Q4c7drhThzt3uEuHu3a4W4e7d7hHh3t2uFeHe3e4T4f7drhfh/t3eECHB3Z4UIcHd3hIh4d2eFiHh3d4RIdHdnhUh0d3eEyHx3Zoh8d1eHyHJ3R4YocjOzypw5M7PKXDUzs8rcPTOzyjwzM7PKvDszs8p8NzOzyvw/M7vKDDCzu8qMOLO7ykw1EdBh2GHUYdxh0mHaYdZh3mHRYdlh1WHdYdNh22HXYd9h0Odnhph5d1eHmHV3R4ZYdXdXh1h9d0eG2H13V4fYc3dHhjhzd1eHOHt3R4a4e3dXh7h3d0eGeHd3V4d4f3dHhvh/d1eH+HD3T4YIcPdfhwh490+GiHj3X4eIdPdPhkh091+HSHz3T4bIfPdfh8hy90+GKHL3X4coevdPhqh691+HqHb3T4Zodvdfh2h+90+G6H73X4focfdPhhhx91+HGHn3T4aYefdfh5h190+GWHX3X4dYffdPhth991+H2HP3T4Y4c/dfhzh790+GuHv3X4e4d/dPhnh391+HeH/3T4b4ejOxzocUiPY/U4do9Dexynx3F7HNbj8B7H63H8HifoccIeJ+px4h4n6XHSHifrcfIep+hxyh6n6nHqHqfpcdoep+tx+mE4Q48z9jhTjzP3OEuPs/Y4W4+z9zhHj3P2OFePc/c4T4/z9jhfj/P3uECPC/a4UI8L97hIj4v2SI+L9bh4j0v0uGSPS/W4dI/L9Lhsj8v1uHyPK/S4Yo8r9bhyjyN6XKXHVXtcrcfVe1yjxzV7XKvHtXtcp8d1e1yvx/VHDgyM0dmGPW7U48Y9btLjpj1u1uPmPW7R45Y9btXj1j1u0+O2PW7X4/Y97tDjjj3u1OPOPe7S46497tbj7j3u0eOePe7V49497tPjvj3u1+P+PR7Q44E9HtTjwT0e0uOhPR7W4+E9HtHjkT0e1ePRPR7T47E92uNxPR7f4wk9ntjjyB5P6vHkHk/p8dQeT+vx9B7P6PHMHs/q8ewez+nx3B7P6/H8Hi/o8cIeL+rx4h4v6XFUj0GPYY9Rj3GPSY9pj1mPeY9Fj2WPVY91j02PbY9dj32Pgz1e2uNlPV7e4xU9XtnjVT1e3eM1PV7b43U9Xt/jDT3e2ONNPd7c4y093trjbT3e3uMdPd7Z41093t3jPT3e2+N9Pd7f4wM9PjhkYGCMLh7u8ZEeH+3xsR4f7/GJHp/s8aken+7xmR6f7fG5Hp/v8YUeX+zxpR5f7vGVHl/t8bUeX+/xjR7f7PGtHt/u8Z0e3+3xvR7f7/GDHj/s8aMeP+7xkx4/7fGzHj/v8Ysev+zxqx6/7vGbHr/t8bsev+/xhx5/7PGnHn/u8Zcef+3xtx5/7/GPHv/s8a8e/+7xnx7/7XF0jwODOGQQxxrEsQdx6CCOM4jjDuKwQRw+iOMN4viDOMEgTjiIEw3ixIM4ySBOOoiTDeLkgzjFIE45iFMN4tSDOM3g/yPqHIMou5o1PJnYNmZi44mdiW3btvHEtm1tGye2bdu2Pbfmfvnu/XXqbFR1vd1vr169V3fjNAFOG+B0AU4f4AwBzhjgTAEOC3B4gDMHOEuAswY4W4CzBzhHgHMGOFeAcwc4T4DzBvz+bydkFwhwwQAXCpAAFw5wkQAXDXCxABcPcIkAlwxwqQCXDnCZAJcNcLkAlw9whQBHBLhigCsFuHKAqwS4aoCrBbh6gGsEuGaAawW4doDrBLhugOsFuH6AGwS4YYAbBbhxgJsEuGmAmwW4eYBbBLhlgFsFuHWA2wS4bYDbBbh9gDsEuGOAOwW4c4C7BLhrgLsFuHuAewS4Z4B7Bbh3gPsEuG+A+wW4f4AHBHhggAcFeHCAhwR4aICHBXh4gEcEeGSARwVogEcHeEyAxwZ4XIDHB3hCgCcGeFKAJwd4SoCnBnhagKcHeEaAZwZ4VoBnB3hOgOcGeF6A5wd4QYAXBnhRgBcHeEmAlwZ4WYCXB3hFgFcGeFWAVwd4TYDXBnhdgNcHeEOANwZ4U4A3BxgEGAYYBRgHmASYBpgFmAdYBFgGWAVYB9gE2AbYBdgHOAjwlgBvDfC2AG8P8I4A7wzwrgDvDvCeAO8N8L4A7w/wgQAfDPChAB8O8JEAHw3wsQAfD/CJAJ8M8KkAnw7wmQCfDfC5AJ8P8IUAXwzwpQBfDvCVAF8N8LUAXw/wjQDfDPCtAN8O8J0A3w3wvQDfD/CDAD8M8KMAPw7wkwA/DfCzAD8P8IsAvwzwq3/5+E2A3wb4XYDfB/hDgD8G+FOAPwf4S4C/BvhbgL8H+EeAfwb4V4B/B/hPgCMDHBLiaCEODXH0EMcIccwQxwpx7BDHCXHcEMcLcfwQJwhxwhAnCnHiECcJcdIQJwtx8hCnCHHKEKcKceoQpwlx2hCnC3H6EGcIccYQZwpxWIjDQ5w5xFlCnDXE2UKcPcQ5QpwzxLlCnDvEeUKcN8T5Qpw/xAVCXDDEhUIkxIVDXCTERUNcLMTFQ1wixCVDXCrEpUNcJsRlQ1wuxOVDXCHEESGuGOJKIa4c4iohrhriaiGuHuIaIa4Z4lohrh3iOiGuG+J6Ia4f4gYhbhjiRiFuHOImIW4a4mYhbh7iFiFuGeJWIW4d4jYhbhvidiFuH+IOIe4Y4k4h7hziLiHuGuJuIe4e4h4h7hniXiHuHeI+Ie4b4n4h7h/iASEeGOJBIR4c4iEhHhriYSEeHuIRIR4Z4lEhGuLRIR4T4rEhHhfi8SGeEOKJIZ4U4skhnhLiqSGeFuLpIZ4R4pkhnhXi2SGeE+K5IZ4X4vkhXhDihSFeFOLFIV4S4qUhXhbi5SFeEeKVIV4V4tUhXhPitSFeF+L1Id4Q4o0h3hTizSEGIYYhRiHGISYhpiFmIeYhFiGWIVYh1iE2IbYhdiH2IQ5CvCXEW0O8LcTbQ7wjxDtDvCvEu0O8J8R7Q7wvxPtDfCDEB0N8KMSHQ3wkxEdDfCzEx0N8IsQnQ3wqxKdDfCbEZ0N8LsTnQ3whxBdDfCnEl0N8JcRXQ3wtxNdDfCPEN0N8K8S3Q3wnxHdDfC/E90P8IMQPQ/woxI9D/CTET0P8LMTPQ/wixC9D/CrEr0P8JsRvQ/wuxO9D/CHEH0P8KcSfQ/wlxF9D/C3E30P8I8Q/Q/wrxL9D/CfEkSEOiXC0CIdGOHqEY0Q4ZoRjRTh2hONEOG6E40U4foQTRDhhhBNFOHGEk0Q4aYSTRTh5hFNEOGWEU0U4dYTTRDhthNNFOH2EM0Q4Y4QzRTgswuERzhzhLBHOGuFsEc4e4RwRzhnhXBHOHeE8Ec4b4XwRzh/hAhEuGOFCERLhwhEuEuGiES4W4eIRLhHhkhEuFeHSES4T4bIRLhfh8hGuEOGICFeMcKUIV45wlQhXjXC1CFePcI0I14xwrQjXjnCdCNeNcL0I149wgwg3jHCjCDeOcJMIN41wswg3j3CLCLeMcKsIt45wmwi3jXC7CLePcIcId4xwpwh3jnCXCHeNcLcId49wjwj3jHCvCPeOcJ8I941wvwj3j/CACA+M8KAID47wkAgPjfCwCA+P8IgIj4zwqAiN8OgIj4nw2AiPi/D4CE+I8MQIT4rw5AhPifDUCE+L8PQIz4jwzAjPivDsCM+J8NwIz4vw/AgviPDCCC+K8OIIL4nw0ggvi/DyCK+I8MoIr4rw6givifDaCK+L8PoIb4jwxghvivDmCIMIwwijCOMIkwjTCLMI8wiLCMsIqwjrCJsI2wi7CPsIBxHeEuGtEd4W4e0R3hHhnRHeFeHdEd4T4b0R3hfh/RE+EOGDET4U4cMRPhLhoxE+FuHjET4R4ZMRPhXh0xE+E+GzET4X4fMRvhDhixG+FOHLEb4S4asRvhbh6xG+EeGbEb4V4dsRvhPhuxG+F+H7EX4QDf3P/O8IP47wkwg/jfCzCD+P8IsIv4zwqwi/jvCbCL+N8LsIv4/whwh/jPCnCH+O8JcIf43wtwh/j/CPCP+M8K8I/47wnwhHRjgkxtFiHBrj6DGOEeOYMY4V49gxjhPjuDGOF+P4MU4Q44QxThTjxDFOEuOkMU4W4+QxThHjlDFOFePUMU4T47QxThfj9DHOEOOMMc4U47AYh8c4c4yzxDhrjLPFOHuMc8Q4Z4xzxTh3jPPEOG+M88U48t+p3wvGuFCMxLhwjIvEuGiMi8W4eIxLxLhkjEvFuHSMy8S4bIzLxbh8jCvEOCLGFWNcKcaVY1wlxlVjXC3G1WNcI8Y1Y1wrxrVjXCfGdWNcL8b1Y9wgxg1j3CjGjWPcJMZNY9wsxs1j3CLGIf/24t06xm1i3DbG7WLcPsYdYtwxxp1i3DnGXWLcNcbdYtw9xj1ijt8zxr1i3DvGfWLcN8b9Ytw/xgNiPDDGg2I8OMZDYjw0xsNiPDzGI2I8MsajYjTGo2M8JsZjYzwuxuNjPCHGE2M8KcaTYzwlxlNjPC3G02M8I8YzYzwrxrNjPCfGc2M8L8bzY7wgxgtjvCjGi2O8JMZLY7wsxstjvCLGK2O8KsarY7wmxmtjvC7G62O8IcYbY7wpxptjDGIMY4xijGNMYkxjzGLMR9EkxjLGKsY6xiZm7FHXuhj7GAcx3hLjrTHeFuPtMd4R450x3hXj3THeE+O9Md4X4/0xPhDjgzE+FOPDMT4S46MxPhbj4zE+EeOTMT4V49MxPhPjszE+F+PzMb4Q44sxvhTjyzG+EuOrMb4W4+sxvhHjmzG+FePbMb4T47sxvhfj+zF+EOOHMX4U48cxfhLjpzF+FuPnMX4R45cxfhXj1zF+E+O3MX4X4/cx/hDjjzH+FOPPMf4S468x/hbj7zH+EeOfMf4V498x/jOKR6NsM8HREhya4OgJjpHgmAmOleDYCY6T4LgJjpfg+AlOkOCECU6U4MQJTpLgpAlOluDkCU4x6t1/D0lMneA0CU6b4HQJTp/gDAnOmOBMCQ5LcHiCMyc4S4KzJjhbgrMnOEeCcyY4V4JzJzhPgvMmOF+C8ye4QIILJrhQgiS4cIKLJLhogosluHiCSyS4ZIJLJbh0gsskuGyCyyW4fIIrJDgiwRUTXCnBlRNcJcFVE1wtwdUTXCPBNRNcK8G1E1wnwXUTXC/B9RPcIMENE9wowY0T3CTBTRPcLMHNE9wiwS0T3CrBrRPcJsFtE9wuwe0T/lv4704J7pzgLgnumuBuCe6e4B4J7pngXgnuneA+Ce6b4H4J7p/gAQkemOBBCR6c4CEJHprgYQkenuARCR6Z4FEJmuDRCR7zL6bHJXh8gickeGKCJyV4coKnJHhqgqcleHqCZyR4ZoJnJXh2guckeG6C5yV4foIXJHhhghcleHGClyR4aYKXJXh5glckeGWCVyV4dYLXJHhtgtcleH2CNyR4Y4I3JXhzgkGCYYJRgnGCSYJpglmCeYJFgmWCVYJ1gk2CbYJdgn2CgwRvSfDWBG9L8PYE70jwzgTvSvDuBO9J8N4E70vw/gQfSPDBBB9K/jPT8pEEH03wsQQfT/CJBJ9M8KkEn07wmQSfTfC5BJ9P8IUEX0zwpQRfTvCVBF9N8LUEX0/wjQTfTPCtBN9O8J0E303wvQTfT/CDBD9M8KMEP07wkwQ/TfCzBD9P8IsEv0zwqwS/TvCbBL9N8LsEv0/whwR/TPCnBH9O8JcEf03wtwR/T/CPBP9M8K8E/07wnwRHJjgkxdFSHJri6CmOkeKYKY6V4tgpjpPiuCmOl+L4KU6Q4oQpTpTixClOkuKkKU6W4uQpTpHilClOleLUKU6T4rQpTpfi9CnOkOKMKc6U4rAUh6c4c4qzpDhrirOlOHuKc6Q4Z4pzpTh3ivOkOG+K86U4f4oLpLhgigulSIoLp7hIioumuFiKi6e4RIpLprhUikunuEyKy6a4XIrLp7hCiiNSXDHFlVJcOcVVUlw1xdVSXD3FNVJcM8W1UsZZO8V1Ulw3xfVSXD/FDVLcMMWNUtw4xU1S3DRlyChcN09xixS3THGrFLdOcZsUt01xuxS3T3GHFHdMcacUd05xlxR3TXG3FHdPcY8U90xxrxT3TnGfFPdNcb8U90/xgBQPTPGgFA9O8ZAUD03xsBQPT/GIFI9M8agUTfHoFI9J8dgUj0vx+BRPSPHEFE9K8eQUT0nx1BRPSxnlyj0jxTNTPCvFs1M8J8VzUzwvxfNTvCDFC1O8KMWLU7wkxUtTvCzFy1O8IsUrU7wqxatTvCbFa1O8LsXrU7whxRtTvCnFm1MMUgxTjFKMU0xSTFPMUsxTLFIsU6xSrFNsUmxT7FLsUxykeEuKt6Z4W4q3p3hHinemeFeKd6d4T4r3pnhfiven+ECKD6b4UIoPp/hIio+m+FiKj6f4RPrryCdTfCrFp1N8JsVnU3wuxedTfCHFF1N8KcWXU3wlxVdTfC3F11N8I8U3U3wrxbdTfCfFd1N8L8X3U/wgxQ9Txv3vevBJip+m+FmKn6f4RYpfpvhVil+n+E2K36b4XYrfp/hDij+m+FOKP6f4S4q/pvhbir+n+EeKf6b4V4p/p/hPiiNTHJLhaBkOzXD0DMfIcMwMx8pw7AzHyXDcDMfLcPwMJ8hwwgwnynDiDCfJcNIMJ8tw8gynyHDKDKfKcOoMp8lw2gyny3D6DGfIcMYMZ8pwWIbDM5w5w1kynDXD2TKcPcM5Mpwzw7kynDvDeTKcN8P5Mpw/wwX+Ww6QIRkunOEiQ//zf7EMF89wiQyXzHCpDJfOcJkMl81wuQyXz3CFDEdkuGKGK2W4coarZLhqhqtluHqGa2S4ZoZrZbh2hutkuG6G62W4foYbZLhhhhtluHGGm2S4aYabZbh5hltkuGWGW2W4dYbbZLhthttluH2GO2S4Y4Y7ZbhzhrtkuGuGu2W4e4Z7ZLhnhntluHeG+2S4b4b7Zbh/hgdkeGCGB2V4cIaHZHhohodleHiGR2R4ZIZHZWiGR2d4TIbHZnhchsdneEKGJ2Z4UoYnZ3hKhqdmeFqGp2d4RoZnZnhWhmdneE6G52Z4XobnZ3hBhhdmeFGGF2d4SYaXZnhZhpdneEWGV2Z4VYZXZ3hNhtdmeF2G12d4Q4Y3ZnhThkP+jYjCDKMM4wyTDNMMswzzDIsMywyrDOsMmwzbDLsM+wwHGd6S4a0Z3pbh7RnekeGdGd6V4d0Z3pPhvRnel+H9GT6Q4YMZPpThwxk+kuGjGT6W4eMZPpHhkxk+leHTGT6T4bMZPjdK5vfwhQxfzPClDF/O8JUMX83wtQxfz/CNDN/M8K0M387wnQzfzfC9DN/P8IMh+GGGH2X4cYafZPhphp9l+HmGX2T4ZYZfZfh1ht9k+G2G32X4fYY/ZPhjhj9l+HOGv2T4a4a/Zfh7hn9k+GeGf2X4d4b/ZDhylOw5jpbj0BxHz3GMHMfMcawcx85xnBzHzXG8HMfPcYIcJ8xxohwnznGSHCfNcbIcJ89xihynzHGqHKfOcZocp81xuhynz3GGHGfMcaYch+U4PMeZc5wlx1lznC3H2XOcI8c5c5wrx7lznCf//330/DkukOOCOS6UIzkunOMiOS6a42I5Lp7jEjkumeNSOS6d4zI5Lpvjcjkun+MKOY7IccUcV8px5RxXyXHVHFfLcfUc18hxzRzXynHtHNfJcd0c18tx/Rw3yHHDHDfKceMcN8lx0xw3y3HznNFH+fItc9wqx61z3CbHbXPcLsftc9whxx1z3CnHnf/Fe9ccd8tx9xz3GD7EPXPcK8e9c9wnx31z3C/H/XM8IMcDczwox4NzPCTHQ3M8LMfDczwixyNzPCpHczw6x2NyPDbH43I8PscTcjwxx5NyPDnHU3I8NcfTcjw9xzNyPDPHs3I8O8dzcjw3x/NyPD/HC3K8MMeLcrw4x0tyvDTHy3K8PMcrcrwyx6tyvDrHa3K8Nsfrcrw+xxtyvDHHm3K8OccgxzDHKMc4xyTHNMcsxzzHIscyxyofa0idY5Njm2OXY5/jIMdbcrw1x9vGwNtzvCPHO3O8K8e7c7wnx3tzvC/H+3N8IMcHc3wox4dzfCTHR3N8LMfHc3wixydzfCrHp3N8Jsdnc3wux+dzfCHHF3N8KceXc3wlx1dzfC3H13N8I8c3c3wrx7dzfCfHd3N8L8f3c/wgxw9z/CjHj3P8JMdPc/wsx89z/CLHL3P8Ksevc/xmlO6G4Hc5fp/jDzn+mONPOf6c4y85/prjbzn+nuMfOf6Z4185/p3jPzmOHMWpAkcrcGiBoxc4RoFjFjhWgWMXOE6B4xY4XoHjFzhBgRMWOFGBExf4T4GTFjhZgZMXOEWBUxY4VYFTFzhNgdMWOF2B0xc4Q4EzFjhTgcMKHF7gzAXOUuCsBc5W4OwFzlHgnAXOVeDcBc5T4LwFzlfg/AUuUOCCBS5UIAUuXOAiBS5a4GIFLl7gEgUuWeBSBS5d4DIFLlvgcgUuX+AKBY4ocMUCVypw5QJXKXDVAlcrcPUC1yhwzQLXKnDtAtcpcN0C1ytw/QI3KHDDAjcqcOMCNylw0wI3K3DzArcocMsCtypw6wK3KXDbArcrcPsCdyhwxwJ3KnDnAncpcNcCdytw9wL3KHDPAvcqcO8C9ylw3wL3K3D/Ag8o8MACDyrw4AIPKfDQAg8r8PACjyjwyAKPKtACjy7wmAKPLfC4Ao8v8IQCTyzwpAJPLvCUAk8t8LQCTy/wjALPLPCsAs8u8JwCzy3wvALPL/CCAi8s8KICLy7wkgIvLfCyAi8v8IoCryzwqgKvLvCaAq8t8LoCry/whgJvLPCmAm8uMCgwLDAqMC4wKTAt/jc2Ni+wKLAssCqwLrApJvrf3HlXYF/goMBbCry1wNsKvL3AOwq8s8C7Cry7wHsKvLfA+wq8v8AHCnywwIcKfLjARwp8tMDHCny8wCcKfLLApwp8usBnCny2wOcKfH4UlkPwxQJfKvDlAl8p8NUCXyvw9QLfKPDNAt8q8O0C3ynw3QLfK/D9Aj8o8MMCPyrw4wI/KfDTAj8r8PMCvyjwywK/KvDrAr8p8NsCvyvw+wJ/KPDHAn8q8OcCfynw1wJ/K/D3Av8o8M8C/yrw7395O7LAISWOVuLQEkcvcYwSxyxxrBLHLnGcEsctcbwSxy9xghInLHGiEicucZISJy1xshInL3GKEqcscaoSpy5xmhKnLXG6EqcvcYYSZyxxphKHlTi8xJlLnKXEWUucrcTZS5yjxDlLnKvEuUucp8R5S5yvxPlLXKDEBUtcqERKXPh7XKTERUtcrMTFS1yixCVLXKrEpUtcpsRlS1yuxOVLXKHEESWuWOJKJa5c4iolrlriaiWuXuIaJa5Z4lolrl3iOiWuW+J6Ja5f4gYlbljiRiVuXOImJW5a4mYlbl7iFiVuWeJWJW5d4jYlblvidiVuX+IOJe5Y4k4l7lziLiXuWuJuJe5e4h4l7lniXiXuXeI+Je5b4n4l7l/iASUeWOJBJR5c4iElHlriYSUeXuIRJR5Z4lElWuLRJR5T4rElHlfi8SWeUOKJJZ5U4sklnlLiqSWeVuLpJZ5R4pklnlXi2SWeU+K5JZ5X4vklXlDihSVeVOLFJV5S4qUlXlbi5SVeUeKVJV5V4tUlXlPitSVeV+L1Jd5Q4o0l3lTizSUGJYYlRiXGJSYlpiVmJeYlFiWWJVYl1iU2JbYldiW+PD8OSrylxFtLvK3E20u8o8Q7S7yrxLtLvKfEe0u8r8T7S3ygxAdLfKjEh0t8pMRHS3ysxMdLfKLEJ0t8qsSnS3ymxGdLfK7E50t8ocQXS3xplAwlvlLiqyW+VuLrJb5R4pslvlXi2yW+U+K7Jb5X4vslflDihyV+VOLHJX5S4qclflbi5yV+UeKXJX5V4tclflPityV+V+L3Jf5Q4o8l/lTizyX+UuKvJf5W4u8l/lHinyX+VeLfJf5T4sgSh1Q42sixh4z6Hb3CMSocs8KxKhy7wnEqHLfC8Socv8IJKpywwokqnLjCSSqctMLJKpy8wikqnLLCqSqcusJpKpy2wukqnL7CGSqcscKZKhxW4fAKZ65wlgpnrXC2CmevcI4K56xwrgrnrnCeCuetcL4K569wgQoXrHChCqlw4QoXqXDRChercPEKl6hwyQqXqnDpCpepcNkKl6tw+QpXqHBEhStWuFKFK1e4SoWrVrhahatXuEaFa1a4VoVrV7hOhetWuF6F61e4QYUbVrhRhRtXuEmFm1a4WYWbV7hFhVtWuNUonP9NWWxb4XYVbl/hDhXuWOFOFe5c4S4V7lrhbhXuXuEeFe5Z4V4V7l3hPhXuW+F+Fe5f4QEVHljhQRUeXOEhFR5a4WEVHl7hERUeWeFRFVrh0RUeU+GxFR5X4fEVnlDhiRWeVOHJFZ5S4akVnlbh6RWeUeGZFZ5V4dkVnlPhuRWeV+H5FV5Q4YUVXlThxRVeUuGlFV5W4eUVXlHhlRVeVeHVFV5T4bUVXlfh9RXeUOGNFd5U4c0VBhWGFUYVxhUmFaYVZhXmFRYVlhVWFdYVNhW2FXYV9hUOKrylwlsrvK3C2yu8o8I7K7yrwrsrvKfCeyu8r8L7K3ygwgcrfKjChyt8pMJHK3yswscrfKLCJyt8qsKnK3ymwmcrfK7C5yt8ocIXK3ypwpcrfKXCVyt8rcLXK3yjwjcrfKvCtyt8p8J3K3yvwversf6vFvmjCj+u8JMKP63ws5Ej/3Orwi8r/KrCryv8psJvK/yuwu8r/KHCHyv8qcKfK/ylwl8r/K3C3yv8o8I/K/yrwr8r/KfCkRUOqXG0GofWOHqNY9Q4Zo1j1Th2jePUOG6N49U4fo0T1DhhjRPVOHHNkElqnLTGyWqcvMYpapyyxqlqnLrGaWqctsbpapy+xhlqnLHGmWocVuPwGmeucZYaZ61xthpnr3GOGuesca4a565xnhrnrXG+GuevcYEaF6xxoRqpceEaF6lx0RoXq3HxGpeocckal6px6RqXqXHZGpercfkaV6hxRI0r1rhSjSvXuEqNq9a4Wo2r17hGjWvWuFaNa9e4To3r1rhejevXuEGNG9a4UY0b17hJjZvWuFmNm9e4RY1b1rhVjVvXuE2N29a4XY3b17hDjTvWuFONO9e4S4271rhbjbvXuEeNe9a4V41717hPjfvWuF+N+9d4QI0H1nhQjQfXeEiNh9Z4WI2H13hEjUfWeFSN1nh0jcfUeGz9n5h1lO5PqPHE+v+/255S46k1nlbj6TWeUeOZNZ5V49k1nlMzbJTdnFfj+TVeUOOFNV5U48U1XlLjpTVeVuPlNV5R45U1XlXj1TVeU+O1NV5X4/U13lDjjTXeVOPNNQY1hjVGNcY1JjWmNWY15jUWNZY1VjXWNTY1tjV2NfY1Dmq8pcZba7ytxttrvKPGO2u8q8a7a7ynxntrvK/G+2t8oMYHa3yoxodrfKTGR2t8rMbHa3yixidrfKrGp2t8psZna3yuxudrfKHGF2t8qcaXa3ylxldrfK3G12t8o8Y3a3yrxrdrfKfGd2t8r8b3a/ygxg9r/KjGj2v8pMZPa/ysxs9r/KLGL2v8qsava/ymxm9r/K7G72v8ocYfa/ypxp9r/KXGX2v8rcbfh/6r2Br/qvHvGv+pcWSNQxocrcGhDY7e4BgNjtngWA2O3eA4DY7b4HgNjt/gBA1O2OBEDU7c4CQNTtrgZA1O3uAUDU7Z4FQNTt3gNA1O2+B0DU7f4AwNztjgTA0Oa3B4gzM3OEuDszY4W4OzNzhHg3M2OFeDczc4T4PzNjhfg/M3uECDCza4UIM0uHCDizS4aIOLNbh4g0s0uGSDSzW4dIPLNLhsg8s1uHyDKzQ4osEVG1ypwZUbXKXBVRtcrcHVG1yjwTUbXKvBtRtcp8F1G1yvwfUb3KDBDRvcqMGNG9ykwU0b3KzBzRvcosEtG9yqwa0b3KbBf0aOHLldg9s3uEODOza4U4M7N7hLg7s2uFuDuze4R4N7NrhXg3s3uE+D+za4X4P7N3hAgwc2eFCDBzd4SIOHNnhYg4c3eESDRzZ4VIOOsoMxh3hMg8c2eFyDxzd4QoMnNnhSgyc3eEqDpzZ4WoOnN3hGg2c2eFaDZzd4ToPnNnheg+c3eEGDFzZ4UYMXN3hJg5c2eFmDlzdj/N/adlWDVzd4TYPXNnhdg9c3eEODNzZ4038fbf6TN40ajBtMGkwbzBrMGywaLBusGqwbbBpsG+wa7BscNHhLg7c2eFuDtzd4R4N3NvyXCd7T4L0N3tfg/Q0+0OCDDT7U4MMNPtLgow0+1uDjDT7R4JMNPtXg0w0+0+CzDT7X4PMNvtDgiw2+1ODLDb7S4KsNvtbg6w2+0eCbDb7V4NsNvtPguw2+1+D7DX7Q4IfNmBOPwunjBj9p8NMGP2vw8wa/aPDLBr9q8OsGv2nw2wa/a/D7Bn9o8McGf2rw5wZ/afDXBn9r8PcG/2jwzwb/avDvUTbY4MgGh7Q4WotDWxy9xTFaHLPFsVocu8VxWhy3xfFaHL/FCVqcsMWJWpy4xUlanLTFyVqcvMUpWpyyxalanLrFaVqctsXpWpy+xRlanLHFmVoc1uLwFmducZYWZ21xthZnb3GOFudsca4W525xnhbnbXG+FudvcYHfLvqPJlukxYVbXKTFRVtcrMXFW1yixSVbXKrFpVtcpsVlW1yuxeVbXKHFES2u2OJKLa7c4iotrtriai2u3uIaLa7Z4lotrt3iOi2u2+J67f/2NRuyQYsbtrhRixu3uEmLm7a4WYubt7hFi1u2uFWLW7e4TYvbtrhdi9u3uEOLO7a4U4s7t7hLi7u2uFuLu7e4R4t7trhXi3u3uE+L+7a4X4v7t3hAiwe2eFCLB7d4SIuHtnhYi4e3eESLR7Z4VIu2eHSLx7R4bIvHtXh8iye0eGKLJ7V4countHhqi6e1eHqLZ7R4ZotntXh2i+e0eG6L57V4fosXtHhhixe1eHGLl7R4aYuXtXh5i1e0eGWLV7V4dYvXtHhti9e1eH2LN7R4Y4s3tXhzi0GLYYtRi3GLSYtpi1mLeYtFi2WLVYt1i02LbYtdi32LgxZvafHWFm9r8fYW72jxzhbvavHuFu9p8d4W72vx/hYfaPHBFh9q8eEWH2nx0RYfa/HxFp9o8ckWn2rx6RafafHZFp9r8fkWX2jxxRZfavHlFl9p8dUWX2vx9RbfaPHNFt9q8e0W32nx3Rbfa/H9Fj9o8cMWP2rx4xY/afHTFj9r8fMWv2jxyxa/avHrFr9p8dsWv2vx+xZ/aPHHFn9q8ecWf2nx1xZ/a/H3Fv9o8c8W/2rx7xb/aXHkKBvucLQOh3Y4eodjdDhmh2N1OPYoL9zhuB2O1+H4HU7Q4YQdTtThxB1O0uGkHU7W4eQdTtHhlB1O1eHUHU7T4bQdTtfh9B3O0OGMHc7U4bAOh3c4c4ezdDhrh7N1OHuHc3Q4Z4dzdTh3h/N0OG+H83U4f4cLdLhghwt1SIcLd7hIh4t2uFiHi3e4RIdLdrhUh0t3uEyHy3a4XIfLd7hChyM6XLHDlTpcucNVOly1w9U6XL3DNTpcs8O1Oly7w3U6XLfD9Tpcv8MNOtyww4063LjDTTrctMPNOty8wy063LLDrTrcusNtOty2w+063L7DHTrcscOdOty5w1063LXD3TrcvcM9Otyzw7063LvDfTrct8P9Oty/wwM6PLDDgzo8uMNDOjy0w8M6PLzDIzo8ssOjOrTDozs8psNjOzyuw+M7PKHDEzs8qcOTOzylw1M7PK3D0zs8o8MzOzyrw7M7PKfDczs8r8PzO7ygwws7vKjDizu8pMNLO7ysw8s7vKLDKzu8qsOrO7ymw2s7vK7D6zu8ocMbO7ypw5s7DDoMO4w6jDtMOkw7zDrMOyw6LDusOqw7bDpsO+w67DscdHhLh7d2eFuHt3d4R4d3dnhXh3d3eE+H93Z4X4f3d/hAhw92+FCHD3f4SIePdvhYh493+ESHT3b4VIdPd/hMh892+FyHz3f4QocvdvhShy93+EqHr3b4Woevd/hGh292+FaHb3f4Tofvdvheh+93+EGHH3b4UYcfd/hJh592+FmHn3f4RYdfdvhVh193+E2H33b4XYffd/hDhz92+FOHP3f4S4e/dvhbh793+EeHf3b4V4d/d/hPhyM7HNLjaD0O7XH0Hsfoccwex+px7B7H6XHcHsfrcfweJ+hxwh4n6nHiHifpcdIeJ+tx8h6n6HHKHqfqceoep+lx2h6n63H6HmfoccYeZ+pxWI/De5y5x1l6nLXH2Xqcvcc5epyzx7l6nLvHeXqct8f5epy/xwV6XLDHhXqkx4V7XKTHRXtcrMfFe1yixyV7XKrHpXtcpsdle1yux+V7XKHHET2u2ONKPa7c4yo9rtrjaj2u3uMaPa7Z41o9rt3jOj2u2+N6Pa7f4wY9btjjRj1u3OMmPW7a42Y9bt7jFj1u2XPCKJy37nGbHrftcbset+9xhx537HGnHnfucZced+1xtx5373GPHvccgXv1uHeP+/S4b4/79bh/jwf0eGCPB/V4cI+H9Hhoj4f1eHiPR/R4ZI9H9WiPR/d4TI/H9nhcj8f3eEKPJ/Z4Uo8n93hKj6f2eFqPp/d4Ro9n9nhWj2f3eE6P5/Z4Xo/n93hBjxf2eFGPF/d4SY+X9nhZj5f3eEWPV/Z4VY9X93hNj9f2eF2P1/d4Q4839nhTjzf3GPQY9hj1GPeY9Jj2mPWY91j0WPZY9Vj32PTY9tj12Pc46PGWHm/t8bYeb+/xjh7v7PGuHu/uWZAhQ7y3x/t6vL/HB3p8sMeHeny4x0d6fLTHx3p8vMcnenzyvy0De3ymx2d7fK7H5/uh/7fHeanHl3t8pcdX+z/S13p8vcc3enyzx7d6fLvHd3p8t8f3eny/xw96/LDHj3r8uMdPevy0x896/LzHL3r8ssevevy6x296/LbH73r8vscfevyxx596/LnHX3r8tcffevy9xz96/LPHv3r8u8d/ehzZ45ABjjbAoQMcfYBjDHDMAY41wLEHOM4Axx3geAMcf4ATDHDCAU40BCce4CQDnHSAkw1w8gFOMcApBzjVAKce4DQDnHaA0w1w+gHOMMAZBzjTAIcNcPgAZx7gLAOcdYCzDXD2Ac4xwDkHONcA5x7gPAOcd/D/58MWGOCCA1xogAxw4QEuMsBFB7jYABcf4BIDXHKASw1w6QEuM8BlB7jcAJcf4AoDHDHAFQe40gBXHuAqA1x1gKsNcPUBrjHANQe41gDXHuA6A1x3gOsNcP0BbjDADQe40QA3HuAmA9x0gJsNcPMBbjHALQe41QC3HuA2A/wfot7BD4zj+/5O0qC2betd27ZtmynfRWortW1jbdR2m9o2UibPq79P+3z/gN2Zc+49O7MzZ+7sGOBOAe4c4C4B7hrgbgHuHuAeAe4Z4F4B7h3gPgHuG+B+Ae4f4AEBHhjgQQEeHOAhAR4a4GEBHh7g8ACPCPDIAI8K8OgAjwnw2AAN8LgAjw/whABPDHBEgCcFeHKApwR4aoCnBXh6gGcEeGaAZwV4doDnBHhugOcFeH6AFwR4YYAXBTgywIsDvCTASwO8LMDLA7wiwCsDvCrAqwO8JsBrA7wuwOsDvCHAGwO8KcCbA7wlwFsDvC3A2wO8I8A7A7wrwLsDvCfAewO8L8D7A3wgwAcDfCjAhwN8JMAgwDDAKMA4wCTANMAswDzAIsAywCrAOsAmwDbALsA+wEcDfCzAxwN8IsAnA3wqwKcDfCbAZwN8LsDnA3whwBcDfCnAlwN8JcBXA3wtwNcDfCPANwMcFeBbAb4d4DsBvhvgewG+H+AHAX4Y4EcBfhzgJwF+GuBnAX4e4BcBfhngVwF+HeA3AX4b4HcBfh/gDwH+GOBPAf4c4C8B/hrg6AB/C/D3AP8I8M8A/wrw7wDHBDj2Hz2FODDEQSGOE+LgEIeEODTEYSGOG+J4IY4f4gQhThjiRCFOHOIkIU4a4mQhTh7iFCFOGeJUIU4d4jQhThvidCFOH+IMIc4Y4kwhzhziLCHOGuJsIc4e4hwhzhniXCHOHeI8Ic4b4nwhzh/iAiEuGOJCIS4c4iIhLhoiIS4W4uIhLhHikgP/NQqGuEyIy4a4XIjLh7hC+D/MK4W4coirhLhqiKuFuHqIa4S4Zohrhbh2iOuEuG6I64W4fogbhLhhiBuFuHGIm4S4aYibhbh5iFuEuGWIW4W4dYjbhLhtiNuFuH2IO4S4Y4g7hbhziLuEuGuIu4W4e4h7hLhniHuFuHeI+4S4b4j7hbh/iAeEeGCIB4V48Mhhsw3/F+dhIR4e4vAQjwjxyBCPCvHoEI8J8dgQDfG4EI8P8YQQTwxxRIgnhXhyiKeEeGqIp4V4eohnhHhmiGeFeHaI54R4bojnhXh+iBeEeGGIF4U4MsSLQ7wkxEvH/q9Pl4d4RYhXhnhViFeHeE2I14Z4XYjXh3hDiDeGeFOIN4d4S4i3hnhbiLeHeEeId4Z4V4h3h3hPiPeGeF+I94f4QIgPhvhQiA+H+EiIQYhhiFGIcYhJiGmIWYh5iEWIZYhViHWITYhtiF2IfYiPhvhYiI+H+ESIT4b4VIhPh/hMiM+G+FyIz4f4QogvhvhSiC+H+EqIr4b4Woivh/hGiG+GOCrEt0J8O8R3Qnw3xPdCfD/ED/7V2EchfhziJyF+GuJnIX4e4hchfhniVyF+HeI3IX4b4nchfh/iDyH+GOJPIf4c4i8h/hri6BB/C/H3EP8I8c8Q/wrx7xDHhDj2Hy1EODDCQRGOE+HgCIdEODTCYRGOG+F4EY4f4QQRThjhRBFOHOEkEU4a4WQRTh7hFBFOGeFUEU4d4TQRThvhdBFOH+EMEc4Y4UwRzhzhLBHOGuFsEc4e4RwRzhnhXBHOHeE8Ec4b4XwRzh/hAhEuGOFCES4c4SIRLhohES4W4eIRLhHhkhEuFeHSES4T4bIRLhfh8hGuEOGKEa4U4coRrhLhqhGuFuHqEa4R4ZoRrhXh2hGuE+G6Ea4X4foRbhDhhhFuFOHGEW4S4aYDxnWzCDf/b34Y4VYRbh3hNhFuG+F2EW4f4Q4R7hjhThHuHOEuEe4a4W4R7h7hHhHuGeFeEe4d4T4R7hvhfhHuH+EBER4Y4UERHhzhIREeGuFhER4e4fAIj4jwyAiPivDoCI+J8NgIjfC4CI+P8IR/+B+AIyI8KcKTIzwlwlMjPC3C0yM8I8IzIzwrwrMjPCfCcyM8L8LzI7wgwgsjvCjCkRFeHOElEV4a4WURXh7hFRFeGeFVEV4d4TURXhvhdRFeH+ENEd4Y4U0R3hzhLRHeGuFtEd4e4R0R3hnhXRHeHeE9Ed4b4X0R3h/hAxE+GOFDET4c4SMRBhGGEUYRxhEmEaYRZhHmERYRlhFWEdYRNhG2EXYR9hE+GuFjET4e4RMRPhnhUxE+HeEzET4b4XMRPh/hCxG+GOFLEb4c4SsRvhrhaxG+HuEbEb4Z4agI34rw7QjfifDdCN+L8P0IP4jwwwg/ivDjCD+J8NMIP4vw8wi/iPDLCL+K8Ovo/84IfRfh9xH+EOGPEf4U4c8R/hLhrxGOjvC3CH+P8I8I/4zwrwj/jnBMhGMjHBDjwBgHxThOjINjHBLj0BiHxfjfAdXxY5wgxgljnCjGiWOcJMZJY5wsxsljnCLGKWOcKsapY5wmxmljnC7G6WOcIcYZY5wpxpljnCXGWWOcLcbZY5wjxjljnCvGuWOcJ8Z5Y5wvxvljXCDGBWNcKMaFY1wkxkVjJMbFYlw8xiViXDLGpWJcOsZlYlw2xuViXD7GFWJcMcaVYlw5xlViXDXG1WJcPcY1YlwzxrViXDvGdWL+s+24fowbxLhhjBvFuHGMm8S4aYybxbh5jFvEuOU/3P370DYxbhvjdjFuH+MOMe4Y404x7hzjLjHuGuNuMe4e4x4x7hnjXjHuHeM+Me4b434x7h/jATEeGONBMR4c4yExHhrjYTEeHuPwGI+I8cgYj4rx6BiPifHYGI3xuBiPj/GEGE+McUSMJ8V4coynxHhqjKfFeHqMZ8R4ZoxnxXh2jOfEeG6M58V4fowXxHhhjBfFODLGi2O8JMZLY7wsxstjvCLGK2O8KsarY7wmxmtjvC7G62O8IcYbY7wpxptjvCXGW2O8LcbbY7wjxjtjvCvGu2O8J8Z7Y7wvxvtjfCDGB2N8KMaHY3wkxiDGMMYoxjjGJMY0xizGPMYixjLGKsY6xibGNsYuxj7GR2N8LGbgv9uRPhnjUzE+HeMzMT7733c+xhdifDHGl2J8OcZXYnw1xtdifD3GN2J8M8ZRMb4V49sxvhPjuzG+Fw/5/9cNPozxoxg/jvGTGD+N8bMYP4/xixi/jPGrGL+O8ZsYv43xuxi/j/GHGH+M8acYf47xlxh/jXF0jL/F+HuMf8T4Z4x/xfh3jGNiHBvjgAQHJjgowXESHJzgkASHJjgswXETHC/B8ROcIMEJE5wowYkTnCTBSROcLMHJE5wiwSkTnCrBqROcJsFpE5wuwekTnGHogAH/tDdTgjMnOEuCsyY4W4KzJzhHgnMmOFeCcyc4T4LzJjhfgvMnuECCCya4UIILJ7hIgosmSIKLJbh4gkskuGSCSyW4dILLJLhsgssluHyCKyS4YoIrJbhygqskuGqCqyW4eoJrJLhmgmsluHaC6yS4boLrJbh+ghskuGGCGyW4cYKbJLhpgpsluHmCWyS4ZYJbJbh1gtskuG2C2yW4fYI7JLhjMs7/i/nOCe6S4K4J7pb8r5b8HgnumeBeCe6d4D4J7pvgfgnun+ABCR6Y4EEJHpzgIQkemuBhCR6e4PAEj0jwyASPSvDoBI9J8NgETfC4BI9P8IQET0xwRIInJXhygqckeGqCpyV4eoJnJHhmgmcleHaC5yR4boLnJXh+ghckeGGCFyU4MsGLE7wkwUsTvCzByxO8IsErE7wqwasTvCbBaxO8LsHrE7whwRsTvOm/gSbBWxO8LcHbE7wjwTsTvCvBuxO8J8F7E7wvwfsTfCDBBxN8KMGHE3wkwSDBMMEowTjBJME0wSzBPMEiwTLBKsE6wSbBNsEuwT7BRxN8LMHHE3wiwScTfCrBpxN8JsFnE3wuwecTfCHBFxN8KcGXE3wlwVcTfC3B1xN8I8E3ExyV4FsJvp3gOwm+m+B7Cb6f4AcJfpjgRwl+nOAnCX6a4GcJfp7gFwl+meBXCX6d4DcJfpvgdwl+n+APCf6Y4E8J/pzgLwn+muDoBH9L8PcE/0jwzwT/SvDvBMckODbBASkOTHFQiuOkODjFISkOTXFYiuOmOF6K46c4QYoTpjhRihOnOEmKk6Y4WYqTpzhFilOmOFWKU6c4TYrTpjhditOnOEOKM6Y4U4ozpwz5p+1ZU5wtxdlTnCPFOVOcK8W5U5wnxXlTnC/F+VNcIMUFU1woxYVTXCTFRVMkxcVSXDzFJVJcMsWlUlw6xWVSXDbF5VJcPsUVUlwxxZVSXDnFVVJcNcXVUlw9xTVSXDPFtVJcO8V1Ulw3xfVSXD/FDVLcMMWNUtw4xU1S3DTFzVLcPMUtUtwyxa1S3DrFbVLcNsXt0rEnbp/iDinumOJOKe6c4i4p7pribinunuIeKe6Z4l4p7p3iPinum+J+Ke6f4gEpHpjiQSkenOIhKR6a4mEpHp7i8BSPSPHIFI9K8egUj0nx2BRN8bgUj0/xhBRPTHFEiieleHKKp6R4aoqnpXh6imekeGaKZ6V4dornpHhuiueleH6KF6R4YYoXpTgyxYtTvCTFS1O8LMXLU7wixStTvCrFq1O8JsVrU7wuxetTvCHFG1O8KcWbU7wlxVtTvC3F21O8I8U7U7wrxbtTvCfFe1O8L8X7U3wgxQdTfCjFh1N8JMUgxTDFKMU4xSTFNMUsxTzFIsUyxSrFOsUmxTbFLsU+xUdTfCzFx1N8IsUnU3wqxadTfCbFZ1N8LsXnU3whxRdTfCnFl1N8JcVXU3wtxddTfCPFN1McleJbKb6d4jspvpvieym+n+IHKX6Y4kcpfpziJyl+muJnKX6e4hcpfpniVyl+neI3KX6b4ncpfp/iDyn+mOJPKf6c4i8p/pri6BR/S/H3FP9I8c8U/0rx7xTHpDg2xQEZDsxwUIbjZDg4wyEZDs1wWIbjZjhehuNnOEGGE2Y4UYYTZzhJhpNmOFmGk2c4RYZTZjhVhlNnOE2G02Y4XYbTZzhDhjNmOFOGM2c4S4azZjhbhrNnOEeGc2Y4V8aA/+bc82Y4X4bzZ7hAhgtmuFCGC2e4SIaLZsggXCzDxTNcIsMlM1wqw6UzXCbDZTNcLsPlM1whwxUzXCnDlTNcJcNVM1wtw9UzXCPDNTNcK8O1M1wnw3UzXC/D9TPcIMMNM9wow40z3CTDTTPcLMPNM9wiwy0z3CrDrTPcJsNtM9wuw+0z3CHDHTPcKcOdM9wlw10z3C3D3TPcI8M9M9wrw70z3CfDfTPcL8P9MzwgwwMzPCjDgzM8JMNDMzwsw8MzHJ7hERkemeFRGR6d4TEZHpuhGR6X4fEZnpDhiRmOyPCkDE/O8JQMT83wtAxPz/CMDM/M8KwMz87wnAzPzfC8DM/P8IIML8zwogxHZnhxhpdkeGmGl2V4eYZXZHhlhldleHWG12R4bYbXZXh9hjdkeGOGN2V4c4a3ZHhrhrdleHuGd2R4Z4Z3ZXh3hvdkeG+G92V4f4YPZPhghg9l+HCGj2QYZBhmGGUYZ5hkmGaYZZhnWGRYZlhlWGfYZNhm2GXYZ/hoho9l+HiGT2T4ZIZPZfh0hs9k+GyGz2X4fIYvZPhihi9l+HKGr2T4aoavZfh6hm9k+GaGozJ8K8O3M3wnw3czfC/D9zP8IMMPM/wow48z/CTDTzP8LMPPM/wiwy8z/CrDrzP8JsNvM/wuw+8z/CHDHzP8KcOfM/wlw18zHJ3hbxn+nuEfGf6Z4V8Z/p3hmAzHZjggx4E5DspxnBwH5zgkx6E5Dstx3BzHy3H8HCfIccIcJ8px4hwnyXHSHCfLcfIcp8hxyhynynHqHKfJcdocp8tx+hxnyP9XW2mmHGfOcZYcZ81xthxnz3GOHOfMca4c585xnhznzXG+HOfPcYEcF8xxoRwXznGRHBfNkRwXy3HxHJfIcckcl8px6RyXyXHZHJfLcfkcV8hxxRxXynHlHFfJcdUcV8tx9RzXyHHNHNfKce0c18lx3RzXy3H9HDfIccMcN8px4xw3yXHTHDfLcfMct8hxyxy3ynHrHLfJcdsct8tx+xx3yHHHHHfKceccd8lx1xx3y3H3HPfIcc8c98px7xz3yXHfHPfLcf8cD8gHDTgwx4NyPDjHQ3I8NMfDcjw8x+E5HpHjkTkelePROR4zYPCAf+JsjsfleHyOJ+R4Yo4jcjwpx5NzPCXHU3M8LcfTczwjxzNzPCvHs3M8J8dzczwvx/NzvCDHC3O8KMeROV6c4yU5XprjZTlenuMVOV6Z41U5Xp3jNTlem+N1OV6f4w053pjjTTnenOMtOd6a42053p7jHTnemeNdOd6d4z053pvjfTnen+MDOT6Y40M5PpzjIzkGOYY5RjnGOSY5pjlmOeY5FjmWOVY51jk2ObY5djn2OT6a42M5Pp7jEzk+meNTOT6d4zM5Ppvjczk+n+MLOb6Y40s5vpzjKzm+muNrOb6e4xs5vpnjqBzfyvHtHN/J8d0c38vx/Rw/yPHDHD/K8eMcP8nx0xw/y/HzHL/I8cscv8rx6xy/yfHbHL/L8fscf8jxxxx/yvHnHH/J8dccR+f4W46/5/hHjn/m+FeOf+c4JsexOQ4ocGCBgwocp8DBBQ4pcGiBwwoct8DxChy/wAkKnLDAiQqcuMBJCpy0wMkKnLzAKQqcssCpCpy6wGkKnLbA6QqcvsAZCpyxwJkKnLnAWQqctcDZCpy9wDkKnLPAuQqcu8B5Cpy3wPkKnL/ABQpcsMCFCly4wEUKXLRAClyswMULXKLAJQtcqsClC1ymwGULXK7A5QtcocAVC1ypwJULXKXAVQtcrfg/n/qaBa5V4NoFrlPgugWuV+D6BW5Q4IYFblTgxgVuUuCmBW5W4OYFblHglgVuVeDWBW5T4LYFblfg9gXuUOCOBe5U4M4F7lLgrgXuVuDuBe5R4J4F7lXg3gXuU+C+BaPHjh3r/gUeUOCBBR5U4MEFHlLgoQUeVuDhBQ4v8IgCjyzwqAKPLvCYAo8t0AKPK/D4Ak8o8MQCRxR4UoEnF3hKgacWeFqBpxd4RoFnFnhWgWcXeE6B5xZ4XoHnF3hBgRcWeFGBIwu8uMBLCry0wMsKvLzAKwq8ssCrCry6wGsKvLbA6wq8vsAbCryxwJsKvLnAWwq8tcDbCry9wDsKvLPAuwq8u8B7Cry3wPsKvL/ABwp8sMCHCny4wEcKDAoMC4wKjAtMCkwLzArMCywKLAusCqwLbApsC+wK7At8tMDHCny8wCcKfLLApwp8usBnCny2wOcKfL7AFwp8scCXCny5wFcKfLXA1wp8vcA3CnyzwFEFvlXg2wW+U+C7Bb5X4PsFflDghwV+VODHBX5S4KcFflbg5wV+UeCXBX5V4NcFflPgtwV+V+D3Bf5Q4I8F/lTgzwX+UuCvBY4u8LcCfy/wjwL/LPCvAv8ucEyBYwscUOLAEgeVOE6Jg0scUuLQEoeVOG6J45U4fokTlDhhiROVOHGJk5Q4aYmTlTh5iVOUOGWJU5U4dYnTlDhtidOVOH2JM5Q4Y4kzlThzibOUOGuJs5U4e4lzlDhniXOVOHeJ85Q4b4nzlTh/iQuUuGCJC5W4cImLlLhoiZS4WImLl7hEiUuWuFSJS5e4TInLlrhcicuXuEKJK5a4Uokrl7hKiauWuFqJq5e4RolrlrhWiWuXuE6J65a4Xonrl7hBiRuWuFGJG5e4SYmblrhZiZuXuEWJW5a4VYlbl7hNiduWuF2J25e4Q4k7lrhTiTuXuEuJu5a4W4m7l7hHiXuWuFeJe5e4T4n7lrhfifuXeECJB5Z4UIkHl3hIiYeWeFiJh5c4vMQjSjyyxKNKPLrEY0o8tkRLPK7E40s8ocQTSxxR4kklnlziKSWeWuJpJZ5e4hklnlniWSWeXeI5JZ5b4nklnl/iBSVeWOJFJY4s8eISLynx0hIvK/HyEq8o8coSryrx6hKvKfHaEq8r8foSbyjxxhJvKvHmEm8p8dYSbyvx9hLvKPHOEu8q8e4S7ynx3hLvK/H+Eh8o8cESHyrx4RIfKTEoMSwxKjEuMSkxLTErMS+xKLEssSqxLrEpsS2xK7Ev8dESHyvx8RKfKPHJEp8qBwz+b3x4tsTnSny+xBdKfLHEl0p8ucRXSny1xNdKfL3EN0p8s8RRJb5V4tslvlPiuyW+V+L7JX5Q4oclflTixyV+UuKnJX5W4uclflHilyV+VeLXJX5T4rclflfi9yX+UOKPJf5U4s8l/lLiryWOLvG3En8v8Y8S/yzxrxL/LnFMiWNLHFDhwAoHVThOhYMrHFLh0AqHVThuheNVOH6FE1Q4YYUTVThxhZNUOGmFk1U4eYVTVDhlhVNVOHWF01Q4bYXTVTh9hTNUOGOFM1U4c4WzVDhrhbNVOHuFc1Q4Z4VzVTh3hfNUOG+F81U4f4ULVLhghQtVuHCFi1S4aIVUuFiFi1e4RIVLVrhUhUtXuEyFy1a4XIXLV7hChStWuFKFK1e4SoWrVrhahatXuEaFa1a4VoVrV7hOhetWuF6F61e4QYUbVrhRhRtXuEmFm1a4WYWbV7hFhVtWuFWFW1e4TYXbVrhdhdtXuEOFO1a4U4U7V7hLhbtWuFuFu1e4R4V7VrhXhXtXuE+F+1a4X4X7V3hAhQdWeFCFB1d4SIWHVnhYhYdXOLzCIyo8ssKjKjy6wmMqPLZCKzyuwuMrPKHCEyscUeFJFZ5c4SkVnlrhaRWeXuEZFZ5Z4VkVnl3hORWeW+F5FZ5f4QUVXljhRRWOrPDiCi+p8NIKL6vw8gqvqPDKCq+q8OqK/7ZFva7C6yu8ocIbK7ypwpsrvKXCWyu8rcLbK7yjwjsrvKvCuyu8p8J7K7yvwvsrfKDCByt8qMKHK3ykwqDCsMKowrjCpMK0wqzCvMKiwrLCqsK6wqbCtsKuwr7CRyt8rMLHK3yiwicrfKrCpyt8psJnK3yuwucrfKHCFyt8qcKXK3ylwlcrfK3C1yt8o8I3KxxV4VsVvv2P3kYMGPBuhe9V+H6FH1T4YYUfVfhxhZ9U+GmFn1X4eYVfVPhlhV9V+HWF31T4bYXfVfh9hT9U+GOFP1X4c4W/VPhrhaMr/K3C3yv8o8I/K/yrwr8rHFPh2AoH1DiwxkE1jlPj4BqH1Di0xmE1jlvjeDWOX+MENU5Y40Q1TlzjJDVOWuNkNU5e4xQ1TlnjVDVOXeM0NU5b43Q1Tl/jDDXOWONMNc5c4yw1zlrjbDXOXuMcNc5Z41w1zl3jPDXOW+N8Nc5f4wI1LljjQjUuXOMiNS5aIzUuVuPiNS5R45I1LlXj0jUuU+OyNS5X4/I1rlDjijWuVOPKNa5S46o1rlbj6jWuUeOaNa5V49o1rlPjujWuV+P6NW7wDx8DcKMaN65xkxo3rXGzGjevcYsat6xxqxq3rnGbGretcbsat69xhxp3rHGnGneucZcad61xtxp3r3GPGvesca8a965xnxr3rXG/Gvev8YAaD6yHDTioxoNrPKTGQ2s8rMbDaxxe4xE1HlnjUTUeXeMxNR5bozUeV+PxNZ5Q44k1jqjxpBpPrvGUGk+t8bQaT6/xjBrPrPGsGs+u8Zwaz63xvBrPr/GCGi+s8aIaR9Z4cY2X1HhpjZfVeHmNV9R4ZY1X1Xh1jdfUeG2N19V4fY031HhjjTfVeHONt9R4a4231Xh7jXfUeGeNd9V4d4331HhvjffVeH+ND9T4YI0P1fhwjY/UGNQY1hjVGNeY1JjWmNWY11jUWNZY1VjX2NTY1tjV2Nf4aI2P1fh4jU/U+GSNT9X4dI3P1Phsjc/V+HyNL9T4Yo0v1fhyja/U+GqNr9X4eo1v1PhmjaNqfKvGt2t8p8Z3a3yvxvdr/KDGD2v8qMaPa/ykxk9r/KzGz2v8osYva/yqxq9r/KbGb2v8rsbva/yhxh9r/KnGn2v8pcZfaxxd4281/l7jHzX+WeNfNf5d45gax9Y4oMGBDQ5qcJwGBzc4pMGhDQ5rcNwGx2tw/AYnaHDCBidqcOIGJ2lw0gYna3DyBqdocMoGp2pw6ganaXDaBqdrcPoGZ2hwxgZnanDmBmdpcNYGZ2tw9gbnaHDOBudqcO4G52lw3gbna3D+BhdocMEGF2pw4QYXaXDRBmlwsQYXb3CJBpdscKkGl25wmQaXbXC5BpdvcIUGV2xwpQZXbnCVBldtcLUGV29wjQbXbHCtBtducJ0G121wvQbXb3CDBjdscKMGN25wkwY3bXCzBjdvcIsGt2xwqwa3bnCbBrdtcLsGt29whwZ3bHCnBnducJcGd21wtwZ3b3CPBvdscK8G925wnwb3bXC/Bvdv8IAGD2zwoAYPbvCQBg9t8LAGD29weINHNHhkg0c1eHSDxzR4bIP+i/f4Bk9o8MQGRzR4UoMnN3hKg6c2eFqDpzd4RoNnNnhWg2c3eE6D5zZ4XoPnN3hBgxc2eFGDIxu8uMFLGry0wcsavLzBKxq8ssGrGry6wWsavLbB6xq8vsEbGryxwZsavLnBWxq8tcHbGry9wTsavLPBuxq8u8F7Gry3wfsavL/BBxp8sMGHGny4wUcaDBoMG4wajBtMGkwbzBrMGywaLBusGqwbbBpsG+wa7Bt8tMHHGny8wScafLLBpxp8usFnGny2wecafL7BFxp8scGXGny5wVcafLXB1xp8vcE3GnyzwVENvtXg2w2+0+C7Db7X4PsNftDghw1+1ODHDX7S4KcNftbg580ov2jwywa/avDrBr9p8NsGv2vw+wZ/aPDHBn9q8OcGf2nw1wZHN/hbg783+EeDfzb4V4N/NzimwbENDmhxYIuDWhynxcEtDmlxaIvDWhy3xfFaHL/FCVqcsMWJWpy4xUlanLTFydpx/99/0RQtTtniVC1O3eI0LU7b4nQtTt/iDC3O2OJMLc7c4iwtztribC3O3uIcLc7Z4lwtzt3iPC3O2+J8Lc7f4gItLtjiQi0u3OIiLS7aIi0u1uLiLS7R4pItLtXi0i0u0+KyLS7X4vItrtDiii2u1OLKLa7S4qotrtbi6i2u0eKaLa7V4totrtPiui2u1+L6LW7Q4oYtbtTixi1u0uKmLW7W4uYtbtHili1u1eLWLW7T4rYtbtfi9i3u0OKOLe7U4s4t7tLiri3u1uLuLe7R4p4t7tXi3i3u0+K+Le7X4v4tHtDigS0e1OLBLR7S4qEtHtbi4S0Ob/GIFo9s8agWj27xmBaPbdEWj2vx+BZPaPHEFke0eFKLJ7d4Sountnhai6e3eEaLZ7Z4Votnt3hOi+e2eF6L57d4QcscaYsXtTiyxYtbvKTFS1u8rMXLW7yixStbvKrFq1u8psVrW7yuxetbvKHFG1u8qcWbW7ylxVtbvK3F21u8o8U7W7yrxbtbvKfFe1u8r8X7W3ygxQdbfKjFh1t8pMWgxXAoRi3GLSYt/tPPrMW8xaLFssWqxbrFpsW2xa7FvsVHW3ysxcdbfKLFJ1t8qsWnW3ymxWdbfK7F51t8ocUXW3ypxZdbfKXFV1t8rcXXW3yjxTdbHNXiWy2+3eI7Lb7b4nstvt/iBy1+2OJHLX7c4ictftriZy1+3uIXLX7Z4lctft3iNy1+2+J3LX7f4g8t/tjiTy3+3OIv/+TXgAEDRrf4W4u/t/hHi3+2+FeLf7c4psWxLQ7ocGCHgzocp8PBHQ7pcGiHwzocd+zY/1231eEEHU7Y4UQdTtzhJB1O2uFkHU7e4RQdTtnhVB1O3eE0HU7b4XQdTt/hDB3O2OFMHc7c4SwdztrhbB3O3uEcHc7Z4Vwdzt3hPB3O2+F8Hc7f4QIdLtjhQh0u3OEiHS7aIR0u1uHiHS7R4ZIdLtXh0h0u0+GyHS7X4fIdrtDhih2u1OHKHa7S4aodrtbh6h2u0eGaHa7V4dodrtPhuh2u1+H6HW7Q4YYdbtThxh1u0uGmHW7W4eYdbtHhlh1u1eHWHW7T4bYdbtfh9h1jduhwxw536nDnDnfpcNcOd+tw9w736HDPDvfqcO8O9+lw3w7363D/Dg/o8MDu/3zZh3R4aIeHdXh4h8M7PKLDIzs8qsOjOzymw2M7tMPjOjy+wxM6PLHDER2e1OHJHZ7S4akdntbh6R2e0eGZHZ7V4dkdntPhuR2e1+H5HV7Q4YUdXtThyA4v7pjlnzy5tMPLOry8wys6vLLDqzq8usNrOry2w+s6vL7DGzq8scOb/s23Wzq8tcPbOry9wzs6vLPDuzq8u8N7Ory3w/s6vL/DBzp8sMOHOny4w0c6DDoMO4w6jDtMOkw7zDrMOyw6LDusOqw7bDpsO+w67Dt8tMPHOny8wyc6fLLDpzp8+h+d/Mv7cx0+3+ELHb7Y4UsdvtzhKx2+2uFrHb7e4RsdvtnhqA7f6vDtDt/p8N0O3+vw/Q4/6PDDDj/q8OMOP+nw0w4/6/DzDr/o8MsOv+rw6w6/6fDbDr/r8PsOf+jwxw5/6vDnDn/p8NcOR3f4W4e/d/hHh392+FeHf3c4psOxHQ7ocWCPg3ocp8fBPQ7pcWiPw3oct8fxehy/xwl6nLDHiXqcuMdJepy0x8l6nLzHKXqcssep+v+tk07T47Q9Ttfj9D3O0OOMPc7U48w9ztLjrD3O1uPsPc7R45w9ztXj3D3O0+O8Pc7X4/w9LtDjgj0u1OPCPS7S46I90uNiPS7e4xI9LtnjUj0u3eMyPS7b43I9Lv8Ptn/jt1KPK/e4So+r9rhaj6v3uEaPa/a4Vo9r97hOj+v2uF6P6/e4Qc9/r3DjHjfpcdMeN+tx8x636HHLHrfqceset+lx2x6363H7Hnfoccced+px5x536XHXHnfrcfce9+hxzx736nHvHvfpcd8e9+tx/x4P6PHAHg/q8eAeD+nx0B4P6/HwHof3eESPR/Z4VI9H93hMj8f2aI/H9Xh8jyf0eGKPI3o8qceTezylx1N7PK3H03s8o8czezyrx7N7PKfHc3s8r8fze7ygxwt7vKjHkT1e3OMlPV7a42U9Xt7jFT1e2eNVPV7d4zU9XtvjdT1e3+MNPd7Y40093tzjLT3e2uNtPd7e4x093tnjXT3e3eM9Pd7b43093t/jAz0+2ONDPT7c4yM9/n8BAAD//+tInsA=")
r0 = syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00')
openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)

176.355217ms ago: executing program 4 (id=1148):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r1 = syz_io_uring_setup(0xa0, &(0x7f00000002c0)={0x0, 0x305cc6, 0x1, 0x0, 0x20a}, &(0x7f0000000240)=<r2=>0x0, &(0x7f00000000c0)=<r3=>0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r0, 0xc000000, &(0x7f0000000000)=[{&(0x7f0000001600)=""/4096, 0x1000}], 0x1, 0x12})
io_uring_enter(r1, 0x847ba, 0x0, 0xe, 0x0, 0x0)

0s ago: executing program 0 (id=1149):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="12000000060000000400000002"], 0x48)
r1 = socket$kcm(0xa, 0x2, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r0}, &(0x7f0000000080), &(0x7f0000000180)=r1}, 0x20)
recvmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x40002000)

kernel console output (not intermixed with test programs):

m without journal. Quota mode: writeback.
[  107.904315][ T4790] ext4 filesystem being mounted at /39/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  107.921546][ T4780] loop1: detected capacity change from 0 to 32768
[  107.970154][   T26] audit: type=1800 audit(1768681223.262:6): pid=4780 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.162" name="file1" dev="loop1" ino=4 res=0 errno=0
[  108.109401][ T4269] EXT4-fs (loop3): unmounting filesystem.
[  108.646852][   T27] usb 5-1: new low-speed USB device number 3 using dummy_hcd
[  108.802223][ T4812] capability: warning: `syz.1.174' uses 32-bit capabilities (legacy support in use)
[  108.848717][   T27] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  108.867293][   T27] usb 5-1: config 0 has no interface number 0
[  108.873474][   T27] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  108.915493][   T27] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8
[  108.949969][   T27] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  109.007339][   T27] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  109.079394][   T27] usb 5-1: config 0 descriptor??
[  109.105476][ T4803] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  109.123753][ T4814] netlink: 4 bytes leftover after parsing attributes in process `syz.3.176'.
[  109.158826][   T27] iowarrior 5-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  109.277853][ T4797] loop0: detected capacity change from 0 to 32768
[  109.350980][ T4797] XFS (loop0): Mounting V5 Filesystem
[  109.360852][   T27] usb 5-1: USB disconnect, device number 3
[  109.366823][    C1] iowarrior 5-1:0.1: iowarrior_callback - usb_submit_urb failed with result -19
[  109.534740][ T4797] XFS (loop0): Ending clean mount
[  109.601967][ T4797] XFS (loop0): Quotacheck needed: Please wait.
[  109.767928][ T4797] XFS (loop0): Quotacheck: Done.
[  110.035927][ T4268] XFS (loop0): Unmounting Filesystem
[  110.705913][ T4848] A link change request failed with some changes committed already. Interface batadv_slave_1 may have been left with an inconsistent configuration, please check.
[  110.944352][ T4838] loop1: detected capacity change from 0 to 32768
[  111.137501][ T4838] XFS (loop1): Mounting V5 Filesystem
[  111.271419][ T4838] XFS (loop1): Ending clean mount
[  111.312167][ T4844] loop0: detected capacity change from 0 to 32768
[  111.375036][ T4838] XFS (loop1): Quotacheck needed: Please wait.
[  111.394657][   T26] audit: type=1800 audit(1768681226.692:7): pid=4844 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.183" name="file1" dev="loop0" ino=4 res=0 errno=0
[  111.482709][ T4838] XFS (loop1): Quotacheck: Done.
[  111.770183][ T4277] XFS (loop1): Unmounting Filesystem
[  111.785753][ T4873] netlink: 64 bytes leftover after parsing attributes in process `syz.4.194'.
[  113.011817][ T4905] device erspan0 entered promiscuous mode
[  113.534393][ T4921] loop3: detected capacity change from 0 to 512
[  113.580100][ T4921] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  113.660492][ T4921] EXT4-fs (loop3): orphan cleanup on readonly fs
[  113.690758][ T4341] kernel read not supported for file /dsp1 (pid: 4341 comm: kworker/1:6)
[  113.705721][ T4921] EXT4-fs warning (device loop3): ext4_expand_extra_isize_ea:2799: Unable to expand inode 15. Delete some EAs or run e2fsck.
[  113.851052][ T4921] EXT4-fs (loop3): 1 truncate cleaned up
[  113.868004][ T4921] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  114.068641][ T4269] EXT4-fs (loop3): unmounting filesystem.
[  114.077221][ T4935] overlayfs: "xino=on" is useless with all layers on same fs, ignore.
[  114.207029][ T4341] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  114.236119][   T46] Bluetooth: hci5: Frame reassembly failed (-84)
[  114.264571][   T46] Bluetooth: hci5: Frame reassembly failed (-84)
[  114.409022][ T4341] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  114.432978][ T4341] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  114.461784][ T4946] program syz.0.223 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  114.474066][ T4341] usb 5-1: New USB device found, idVendor=28bd, idProduct=0071, bcdDevice= 0.00
[  114.494260][ T4341] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  114.525471][ T4341] usb 5-1: config 0 descriptor??
[  114.556833][ T4948] program syz.3.222 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  114.966096][ T4341] uclogic 0003:28BD:0071.0001: interface is invalid, ignoring
[  115.065793][ T4962] loop3: detected capacity change from 0 to 512
[  115.083012][ T4962] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem
[  115.151979][ T4962] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a003c11c, mo2=0002]
[  115.171373][  T952] usb 5-1: USB disconnect, device number 4
[  115.208101][ T4962] System zones: 1-12
[  115.245042][ T4962] EXT4-fs error (device loop3): ext4_iget_extra_inode:4756: inode #15: comm syz.3.232: corrupted in-inode xattr
[  115.305054][ T4962] EXT4-fs error (device loop3): ext4_orphan_get:1404: comm syz.3.232: couldn't read orphan inode 15 (err -117)
[  115.331347][ T4962] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  115.494789][ T4269] EXT4-fs (loop3): unmounting filesystem.
[  115.868638][ T4983] loop0: detected capacity change from 0 to 128
[  115.918188][ T4983] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256
[  116.008178][ T4983] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  116.036925][ T4283] Bluetooth: hci0: command 0x0401 tx timeout
[  116.037324][ T4279] Bluetooth: hci0: Opcode 0x0401 failed: -110
[  116.173733][ T4983] overlayfs: failed to create directory ./bus/work (errno: 28); mounting read-only
[  116.277921][ T4285] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  116.281668][ T4279] Bluetooth: hci5: command 0x1003 tx timeout
[  116.602364][ T5004] netlink: 8 bytes leftover after parsing attributes in process `syz.3.248'.
[  116.772137][ T5006] loop0: detected capacity change from 0 to 4096
[  117.177302][   T14] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  117.376706][   T14] usb 4-1: Using ep0 maxpacket: 32
[  117.383771][   T14] usb 4-1: config 0 has an invalid interface number: 247 but max is 0
[  117.417795][   T14] usb 4-1: config 0 has no interface number 0
[  117.437334][   T14] usb 4-1: New USB device found, idVendor=1d50, idProduct=60c6, bcdDevice=62.9b
[  117.471440][   T14] usb 4-1: New USB device strings: Mfr=1, Product=3, SerialNumber=0
[  117.491821][   T14] usb 4-1: Product: syz
[  117.496158][   T14] usb 4-1: Manufacturer: syz
[  117.539164][   T14] usb 4-1: config 0 descriptor??
[  117.710306][ T5039] syz.0.259[5039] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  117.710450][ T5039] syz.0.259[5039] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  117.740282][ T5041] loop1: detected capacity change from 0 to 128
[  117.774487][   T14] usb 4-1: USB disconnect, device number 2
[  118.460414][ T5055] loop0: detected capacity change from 0 to 256
[  118.479849][ T5055] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  118.499979][ T5056] syzkaller0: tun_chr_ioctl cmd 2147767519
[  118.510619][ T5055] exFAT-fs (loop0): Medium has reported failures. Some data may be lost.
[  118.553236][ T5055] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe5674ec2, utbl_chksum : 0xe619d30d)
[  118.613723][ T4361] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  118.845445][ T4361] usb 2-1: Using ep0 maxpacket: 8
[  118.856480][ T4361] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  118.886692][ T4361] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  118.916991][ T4361] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  118.946835][ T4361] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  118.996806][ T4361] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  119.025456][ T4361] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  119.259848][ T5071] loop0: detected capacity change from 0 to 1024
[  119.303322][ T4361] usb 2-1: GET_CAPABILITIES returned 0
[  119.310845][ T4361] usbtmc 2-1:16.0: can't read capabilities
[  119.346947][ T5071] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  119.387493][ T5078] netlink: 822 bytes leftover after parsing attributes in process `syz.4.275'.
[  119.406841][ T5076] program syz.2.274 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  119.410008][  T952] usb 4-1: new full-speed USB device number 3 using dummy_hcd
[  119.476539][ T5080] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2799: Unable to expand inode 12. Delete some EAs or run e2fsck.
[  119.492256][ T5078] bridge: RTM_NEWNEIGH with unconfigured vlan 265 on bridge0
[  119.533147][ T4361] usb 2-1: USB disconnect, device number 3
[  119.609444][  T952] usb 4-1: config 0 has no interfaces?
[  119.615251][  T952] usb 4-1: New USB device found, idVendor=12d1, idProduct=42f7, bcdDevice=aa.47
[  119.655780][  T952] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  119.694105][  T952] usb 4-1: config 0 descriptor??
[  119.716071][ T4268] EXT4-fs (loop0): unmounting filesystem.
[  119.980124][  T952] usb 4-1: USB disconnect, device number 3
[  120.248306][ T5089] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_to_batadv, syncid = 4, id = 0
[  120.403547][ T5084] loop4: detected capacity change from 0 to 32768
[  120.656502][ T5086] loop0: detected capacity change from 0 to 32768
[  121.463107][ T5082] loop2: detected capacity change from 0 to 32768
[  121.637919][ T5082] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop2 scanned by syz.2.277 (5082)
[  122.138673][ T5082] BTRFS info (device loop2): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  122.289364][ T5082] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm
[  122.337104][ T5082] BTRFS info (device loop2): using free space tree
[  123.057212][ T5161] loop4: detected capacity change from 0 to 1024
[  123.189115][ T5082] BTRFS error (device loop2): open_ctree failed: -12
[  123.209536][ T5161] gfs2: path_lookup on c::;ø�N€�…L‰´¶;o$: returned error -2
[  123.326061][ T5148] loop0: detected capacity change from 0 to 32768
[  123.365788][ T5148] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz.0.303 (5148)
[  123.459204][ T4373] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop2 scanned by udevd (4373)
[  123.484575][ T5148] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  123.562078][ T5148] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[  123.632182][ T5148] BTRFS info (device loop0): using free space tree
[  124.045092][ T5148] BTRFS info (device loop0): enabling ssd optimizations
[  124.071899][ T5148] BTRFS info (device loop0): checking UUID tree
[  124.515699][ T4268] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  124.560287][ T5210] syz.2.314[5210] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  124.560405][ T5210] syz.2.314[5210] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  124.641926][ T5212] loop4: detected capacity change from 0 to 512
[  124.871422][ T5212] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  124.970363][ T5212] EXT4-fs (loop4): 1 truncate cleaned up
[  125.065974][ T5212] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  125.081121][ T5212] EXT4-fs (loop4): shut down requested (1)
[  125.129656][ T5182] loop3: detected capacity change from 0 to 32768
[  125.330800][ T5182] XFS (loop3): Mounting V5 Filesystem
[  125.361438][ T5225] syz.0.315[5225] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  125.361549][ T5225] syz.0.315[5225] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  125.388554][ T4267] EXT4-fs (loop4): unmounting filesystem.
[  125.415348][ T5191] loop1: detected capacity change from 0 to 40427
[  125.518595][ T5191] F2FS-fs (loop1): invalid crc value
[  125.558743][ T5191] F2FS-fs (loop1): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109)
[  125.694703][ T5182] XFS (loop3): Ending clean mount
[  125.821710][ T4373] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 10 /dev/loop0 scanned by udevd (4373)
[  125.862382][   T26] audit: type=1326 audit(1768681241.152:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5236 comm="syz.0.320" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f468bf9acb9 code=0x7ffc0000
[  125.893840][ T5191] F2FS-fs (loop1): Cannot turn on quotas: -2 on 1
[  125.940515][ T5191] F2FS-fs (loop1): Cannot turn on quotas: -2 on 2
[  125.981296][ T5191] F2FS-fs (loop1): Start checkpoint disabled!
[  125.996847][   T26] audit: type=1326 audit(1768681241.152:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5236 comm="syz.0.320" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f468bf9acb9 code=0x7ffc0000
[  126.127065][ T5191] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[  126.136706][   T26] audit: type=1326 audit(1768681241.212:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5236 comm="syz.0.320" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f468bf9acb9 code=0x7ffc0000
[  126.252377][   T26] audit: type=1326 audit(1768681241.212:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5236 comm="syz.0.320" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f468bf9acb9 code=0x7ffc0000
[  126.302702][ T4269] XFS (loop3): Unmounting Filesystem
[  126.407887][ T5242] netlink: 'syz.0.322': attribute type 2 has an invalid length.
[  126.411124][   T26] audit: type=1326 audit(1768681241.212:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5236 comm="syz.0.320" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f468bf9acb9 code=0x7ffc0000
[  126.416281][ T5244] tipc: Started in network mode
[  126.565303][   T26] audit: type=1326 audit(1768681241.212:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5236 comm="syz.0.320" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f468bf9acb9 code=0x7ffc0000
[  126.596161][ T5247] loop2: detected capacity change from 0 to 64
[  126.638307][ T5244] tipc: Node identity ac14140f, cluster identity 4711
[  126.646081][ T5244] tipc: New replicast peer: 255.255.255.255
[  126.666699][   T26] audit: type=1326 audit(1768681241.222:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5236 comm="syz.0.320" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f468bf9acb9 code=0x7ffc0000
[  126.792434][   T26] audit: type=1326 audit(1768681241.222:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5236 comm="syz.0.320" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f468bf9acb9 code=0x7ffc0000
[  126.822416][ T5244] tipc: Enabled bearer <udp:syz2>, priority 10
[  126.876520][ T5246] netlink: 12 bytes leftover after parsing attributes in process `syz.4.321'.
[  126.960106][   T26] audit: type=1326 audit(1768681241.222:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5236 comm="syz.0.320" exe="/root/syz-executor" sig=0 arch=c000003e syscall=150 compat=0 ip=0x7f468bf9acb9 code=0x7ffc0000
[  127.083783][ T5251] loop1: detected capacity change from 0 to 128
[  127.092530][   T26] audit: type=1326 audit(1768681241.222:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5236 comm="syz.0.320" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f468bf9acb9 code=0x7ffc0000
[  127.114725][    C0] vkms_vblank_simulate: vblank timer overrun
[  127.161268][ T5251] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only
[  127.243380][ T5251] hpfs: filesystem error: improperly stopped
[  127.283946][ T5251] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[  127.346871][ T5251] hpfs: You really don't want any checks? You are crazy...
[  127.370012][ T5251] hpfs: hpfs_map_sector(): read error
[  127.375468][ T5251] hpfs: code page support is disabled
[  127.417182][ T5251] hpfs: hpfs_map_4sectors(): unaligned read
[  127.445687][ T5251] hpfs: hpfs_map_4sectors(): unaligned read
[  127.485175][ T5251] hpfs: filesystem error: unable to find root dir
[  127.857337][ T5262] loop4: detected capacity change from 0 to 128
[  127.916803][ T5262] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only
[  127.949641][   T14] tipc: Node number set to 2886997007
[  127.958040][ T5262] hpfs: filesystem error: improperly stopped
[  127.981914][ T5262] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[  128.030151][ T5262] hpfs: You really don't want any checks? You are crazy...
[  128.048887][ T5262] hpfs: hpfs_map_sector(): read error
[  128.054355][ T5262] hpfs: code page support is disabled
[  128.076941][ T5262] hpfs: hpfs_map_4sectors(): unaligned read
[  128.083189][ T5262] hpfs: hpfs_map_4sectors(): unaligned read
[  128.130235][ T5262] hpfs: filesystem error: unable to find root dir
[  128.150425][ T5262] hpfs: hpfs_map_4sectors(): unaligned read
[  128.286908][   T14] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  128.510036][   T14] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  128.527341][   T14] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  128.576743][   T14] usb 2-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00
[  128.606984][   T14] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  128.639097][   T14] usb 2-1: config 0 descriptor??
[  128.763436][ T4334] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  128.980439][ T4334] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  128.996778][ T4334] usb 5-1: config 0 has no interface number 0
[  129.025737][ T4334] usb 5-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  129.042087][ T5216] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  129.046057][ T4334] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  129.068682][ T4334] usb 5-1: Product: syz
[  129.078849][ T4334] usb 5-1: Manufacturer: syz
[  129.091276][   T14] cp2112 0003:10C4:EA90.0002: unknown global tag 0xc
[  129.098910][ T4334] usb 5-1: SerialNumber: syz
[  129.106769][   T14] cp2112 0003:10C4:EA90.0002: item 0 1 1 12 parsing failed
[  129.128231][ T4334] usb 5-1: config 0 descriptor??
[  129.136044][   T14] cp2112 0003:10C4:EA90.0002: parse failed
[  129.154714][   T14] cp2112: probe of 0003:10C4:EA90.0002 failed with error -22
[  129.248704][ T5216] usb 4-1: config 0 has an invalid interface number: 204 but max is 0
[  129.267548][ T5216] usb 4-1: config 0 has no interface number 0
[  129.303916][ T5216] usb 4-1: New USB device found, idVendor=12d6, idProduct=0444, bcdDevice=29.3d
[  129.336929][ T5216] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  129.345011][ T5216] usb 4-1: Product: syz
[  129.367244][ T4334] usb 5-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state
[  129.376701][ T5216] usb 4-1: Manufacturer: syz
[  129.376726][ T5216] usb 4-1: SerialNumber: syz
[  129.381616][ T5216] usb 4-1: config 0 descriptor??
[  129.407163][ T4334] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  129.414903][ T5166] usb 2-1: USB disconnect, device number 4
[  129.428251][ T5216] ems_usb 4-1:0.204 (unnamed net_device) (uninitialized): couldn't initialize controller: -22
[  129.449174][ T4334] dvbdev: DVB: registering new adapter (E3C EC168 reference design)
[  129.459745][ T5216] ems_usb: probe of 4-1:0.204 failed with error -22
[  129.486412][ T4334] usb 5-1: media controller created
[  129.543030][ T4334] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  129.688227][   T14] usb 4-1: USB disconnect, device number 4
[  130.039770][ T5294] loop1: detected capacity change from 0 to 512
[  130.106274][ T5294] EXT4-fs (loop1): 1 truncate cleaned up
[  130.122791][ T5294] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  130.211061][ T5294] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz.1.346: bg 0: block 465: padding at end of block bitmap is not set
[  130.401613][ T4277] EXT4-fs (loop1): unmounting filesystem.
[  130.555375][ T5301] loop1: detected capacity change from 0 to 2048
[  130.605103][ T5292] loop2: detected capacity change from 0 to 32768
[  130.707544][ T4334] i2c i2c-1: ec100: i2c rd failed=-71 reg=33
[  130.742719][ T5301] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  130.765009][ T4334] usb 5-1: USB disconnect, device number 5
[  130.794117][ T5292] XFS (loop2): Mounting V5 Filesystem
[  130.906924][   T26] kauditd_printk_skb: 1 callbacks suppressed
[  130.906939][   T26] audit: type=1800 audit(1768681246.192:19): pid=5301 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.348" name="file1" dev="loop1" ino=15 res=0 errno=0
[  131.005666][ T5292] XFS (loop2): Ending clean mount
[  131.020003][ T5292] XFS (loop2): Quotacheck needed: Please wait.
[  131.127171][ T4277] EXT4-fs (loop1): unmounting filesystem.
[  131.165315][ T5292] XFS (loop2): Quotacheck: Done.
[  131.412759][ T4282] XFS (loop2): Unmounting Filesystem
[  131.478277][ T5296] loop0: detected capacity change from 0 to 40427
[  131.520741][ T5296] F2FS-fs (loop0): build fault injection attr: rate: 690, type: 0x3ffff
[  131.587276][ T5296] F2FS-fs (loop0): build fault injection attr: rate: 0, type: 0x2
[  131.631738][ T5296] F2FS-fs (loop0): invalid crc value
[  131.666245][ T5296] F2FS-fs (loop0): Found nat_bits in checkpoint
[  131.849706][ T5296] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  132.314166][ T4268] syz-executor: attempt to access beyond end of device
[  132.314166][ T4268] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  132.384453][ T5341] [U] 
[  132.396860][ T5341] [U] )½0
[  132.400006][ T5341] [U] 
[  132.402751][ T5341] [U] 
[  132.405576][ T5341] [U] 
[  132.417481][ T5345] syz.4.361[5345] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  132.417589][ T5345] syz.4.361[5345] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  132.437721][ T5341] [U] 
[  132.451973][ T5341] [U] 
[  132.454892][ T5341] [U] 
[  132.457805][ T5341] [U] 
[  132.460564][    C0] vkms_vblank_simulate: vblank timer overrun
[  132.547646][ T5341] [U] 
[  132.550445][ T5341] [U] 
[  132.553204][ T5341] [U] 
[  132.611649][ T5340] [U] 
[  132.867519][ T5354] loop2: detected capacity change from 0 to 1024
[  132.888854][ T5356] tipc: Started in network mode
[  132.906809][ T5356] tipc: Node identity ac14140f, cluster identity 4711
[  132.917650][ T5356] tipc: New replicast peer: 255.255.255.255
[  132.925746][ T1268] ieee802154 phy0 wpan0: encryption failed: -22
[  132.934714][ T1268] ieee802154 phy1 wpan1: encryption failed: -22
[  132.951433][ T5356] tipc: Enabled bearer <udp:syz2>, priority 10
[  132.960383][ T5354] EXT4-fs: Ignoring removed orlov option
[  132.961789][ T5358] netlink: 12 bytes leftover after parsing attributes in process `syz.1.368'.
[  133.024032][ T5354] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  133.261850][ T5354] EXT4-fs error (device loop2): ext4_lookup:1858: inode #15: comm syz.2.367: unexpected EA_INODE flag
[  133.424335][ T5363] loop4: detected capacity change from 0 to 4096
[  133.565441][ T4282] EXT4-fs (loop2): unmounting filesystem.
[  133.809936][ T5381] loop2: detected capacity change from 0 to 8
[  133.958958][ T5383] netlink: 104 bytes leftover after parsing attributes in process `syz.3.377'.
[  134.184141][ T5168] tipc: Node number set to 2886997007
[  134.574512][ T5401] netlink: 64859 bytes leftover after parsing attributes in process `syz.3.385'.
[  134.721039][ T5403] netlink: 'syz.0.387': attribute type 3 has an invalid length.
[  134.810046][ T5407] vcan0: tx address claim with dlc 0
[  134.830303][ T5409] loop2: detected capacity change from 0 to 512
[  134.898196][ T4393] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  135.018099][ T5414] netlink: 'syz.0.391': attribute type 9 has an invalid length.
[  135.270421][ T5416] loop3: detected capacity change from 0 to 4096
[  135.300250][ T5416] ntfs: (device loop3): parse_options(): Invalid mft_zone_multiplier. Using default value, i.e. 1.
[  135.388670][ T5416] ntfs: (device loop3): map_mft_record_page(): Mft record 0x1 is corrupt.  Run chkdsk.
[  135.436976][ T5416] ntfs: (device loop3): map_mft_record(): Failed with error code 5.
[  135.448792][ T5416] ntfs: (device loop3): ntfs_read_locked_inode(): Failed with error code -5.  Marking corrupt inode 0x1 as bad.  Run chkdsk.
[  135.464814][ T5416] ntfs: (device loop3): load_system_files(): Failed to load $MFTMirr.  Mounting read-only.  Run ntfsfix and/or chkdsk.
[  135.609732][ T5416] ntfs: volume version 3.1.
[  135.614395][ T5416] ntfs: (device loop3): ntfs_read_locked_inode(): Found unknown compression method or corrupt file.
[  135.673124][ T5416] ntfs: (device loop3): ntfs_read_locked_inode(): Failed with error code -5.  Marking corrupt inode 0x2 as bad.  Run chkdsk.
[  135.717931][ T5416] ntfs: (device loop3): load_system_files(): Failed to load $LogFile.  Will not be able to remount read-write.  Mount in Windows.
[  136.222741][ T5446] loop4: detected capacity change from 0 to 2048
[  136.327966][ T5446] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  136.399456][ T5431] loop2: detected capacity change from 0 to 32768
[  136.435842][ T5431] XFS (loop2): Mounting V5 Filesystem
[  136.443209][ T4311] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  136.532990][ T5431] XFS (loop2): Ending clean mount
[  136.541786][ T5431] XFS (loop2): Quotacheck needed: Please wait.
[  136.570871][ T4267] EXT4-fs (loop4): unmounting filesystem.
[  136.653218][ T4311] usb 4-1: Using ep0 maxpacket: 16
[  136.662196][ T4311] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  136.722678][ T4311] usb 4-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  136.765839][ T4311] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  136.783049][ T5431] XFS (loop2): Quotacheck: Done.
[  136.785700][ T4311] usb 4-1: config 0 descriptor??
[  137.096560][ T5470] loop4: detected capacity change from 0 to 512
[  137.100071][ T4282] XFS (loop2): Unmounting Filesystem
[  137.173127][ T5470] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  137.223370][ T4311] mcp2221 0003:04D8:00DD.0003: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.3-1/input0
[  137.278071][ T5470] EXT4-fs (loop4): 1 truncate cleaned up
[  137.318143][ T5470] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  137.416551][ T5470] EXT4-fs error (device loop4): ext4_empty_dir:3177: inode #2: block 13: comm syz.4.412: bad entry in directory: rec_len is smaller than minimal - offset=24, inode=11, rec_len=8, size=1024 fake=0
[  137.557034][ T5470] EXT4-fs (loop4): Remounting filesystem read-only
[  137.686036][ T4311] usb 4-1: USB disconnect, device number 5
[  137.695496][ T4267] EXT4-fs (loop4): unmounting filesystem.
[  137.714971][ T5475] loop1: detected capacity change from 0 to 64
[  137.816916][ T5462] loop0: detected capacity change from 0 to 32768
[  137.984298][ T5480] sch_fq: defrate 9 ignored.
[  138.005802][ T5462] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[  138.033944][ T5481] serio: Serial port ptm0
[  138.119503][ T5462] (syz.0.409,5462,0):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #65: rec_len is smaller than minimal - offset=16, inode=65, rec_len=12, name_len=0
[  138.290973][ T5486] device vlan2 entered promiscuous mode
[  138.300312][ T4268] ocfs2: Unmounting device (7,0) on (node local)
[  138.373590][ T5486] device bond0 entered promiscuous mode
[  138.436886][ T5486] device bond_slave_0 entered promiscuous mode
[  138.454406][ T5486] device bond_slave_1 entered promiscuous mode
[  138.469356][ T5491] syz.0.420[5491] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  138.469468][ T5491] syz.0.420[5491] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  138.523516][   T26] audit: type=1326 audit(1768681253.812:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5490 comm="syz.3.421" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f157eb9acb9 code=0x0
[  139.239466][ T5516] program syz.2.432 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  139.277052][ T5216] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  139.466782][ T5216] usb 1-1: Using ep0 maxpacket: 16
[  139.474047][ T5216] usb 1-1: config 0 has an invalid interface number: 8 but max is 0
[  139.509202][ T5216] usb 1-1: config 0 has no interface number 0
[  139.539412][ T5216] usb 1-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  139.576213][ T5216] usb 1-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  139.603398][ T5521] loop4: detected capacity change from 0 to 4096
[  139.629087][ T5216] usb 1-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[  139.641616][ T5521] ntfs3: loop4: Different NTFS' sector size (1024) and media sector size (512)
[  139.650883][ T5216] usb 1-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[  139.679101][ T5216] usb 1-1: Product: syz
[  139.688183][ T5216] usb 1-1: SerialNumber: syz
[  139.702479][ T5216] usb 1-1: config 0 descriptor??
[  139.710763][ T5528] loop2: detected capacity change from 0 to 256
[  139.725342][ T5216] cm109 1-1:0.8: invalid payload size 0, expected 4
[  139.727090][  T952] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  139.754239][ T5216] input: CM109 USB driver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.8/input/input6
[  139.802858][ T5528] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  139.939770][  T952] usb 2-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config
[  140.001453][  T952] usb 2-1: New USB device found, idVendor=041e, idProduct=4007, bcdDevice=5d.18
[  140.043630][  T952] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  140.092870][    C1] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71
[  140.102930][    C1] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71
[  140.110553][    C1] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71
[  140.118303][ T4334] usb 1-1: USB disconnect, device number 6
[  140.132769][    C1] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71
[  140.139827][    C1] cm109 1-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19
[  140.152474][  T952] gspca_main: stv0680-2.14.0 probing 041e:4007
[  140.171960][ T4334] cm109 1-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19
[  140.393445][ T5535] tap0: tun_chr_ioctl cmd 35108
[  140.965546][ T5556] program syz.4.447 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  141.033036][ T5560] overlayfs: failed to create directory ./bus/work (errno: 13); mounting read-only
[  141.053099][ T5560] overlayfs: fs on '.' does not support file handles, falling back to index=off,nfs_export=off.
[  141.252576][  T952] stv0680 2-1:4.0: Could not get descriptor 0200
[  141.454243][  T952] gspca_stv0680: usb_control_msg error 0, request = 0x80, error = -71
[  141.486060][  T952] stv0680 2-1:4.0: last error: 2,  command = 0x6
[  141.524264][  T952] usb 2-1: USB disconnect, device number 5
[  141.941099][ T5566] loop2: detected capacity change from 0 to 32768
[  141.955448][ T5583] loop4: detected capacity change from 0 to 512
[  142.025553][ T5583] EXT4-fs error (device loop4): ext4_orphan_get:1399: inode #15: comm syz.4.458: inode has both inline data and extents flags
[  142.090806][ T5566] XFS (loop2): Mounting V5 Filesystem
[  142.107751][ T5583] EXT4-fs error (device loop4): ext4_orphan_get:1404: comm syz.4.458: couldn't read orphan inode 15 (err -117)
[  142.165939][ T5583] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  142.299730][ T5566] XFS (loop2): Ending clean mount
[  142.334447][ T5566] XFS (loop2): Quotacheck needed: Please wait.
[  142.344510][ T5583] EXT4-fs (loop4): shut down requested (0)
[  142.436554][ T5566] XFS (loop2): Quotacheck: Done.
[  142.581569][ T5583] EXT4-fs (loop4): unmounting filesystem.
[  142.668621][ T4282] XFS (loop2): Unmounting Filesystem
[  143.552790][ T5598] loop0: detected capacity change from 0 to 40427
[  143.622480][ T5598] F2FS-fs (loop0): invalid crc value
[  143.695308][ T5598] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109)
[  144.006459][ T5598] F2FS-fs (loop0): Cannot turn on quotas: -2 on 1
[  144.042253][ T5598] F2FS-fs (loop0): Cannot turn on quotas: -2 on 2
[  144.070792][ T5598] F2FS-fs (loop0): Start checkpoint disabled!
[  144.113362][ T5598] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6
[  144.311205][ T5629] loop4: detected capacity change from 0 to 4096
[  145.098491][ T5622] loop2: detected capacity change from 0 to 40427
[  145.142597][ T5622] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[  145.184354][ T5622] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  145.235701][ T5622] F2FS-fs (loop2): invalid crc value
[  145.312280][ T5622] F2FS-fs (loop2): Found nat_bits in checkpoint
[  145.484084][ T5622] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  145.499083][ T5622] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  145.643183][ T4311] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  145.761142][ T5636] loop4: detected capacity change from 0 to 32768
[  145.857163][ T4311] usb 1-1: Using ep0 maxpacket: 32
[  145.873175][ T4311] usb 1-1: config 0 has an invalid interface number: 85 but max is 0
[  145.889479][ T4282] syz-executor: attempt to access beyond end of device
[  145.889479][ T4282] loop2: rw=2049, sector=40960, nr_sectors = 8 limit=40427
[  145.915574][ T4311] usb 1-1: config 0 has no interface number 0
[  145.932661][ T4311] usb 1-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  145.951922][ T5636] read_mapping_page failed!
[  145.979487][ T5636] ERROR: (device loop4): txCommit: 
[  145.979487][ T5636] 
[  145.988335][ T4311] usb 1-1: config 0 interface 85 has no altsetting 0
[  146.011282][ T4311] usb 1-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[  146.031015][ T5636] ERROR: (device loop4): remounting filesystem as read-only
[  146.046734][ T4311] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  146.075186][ T4311] usb 1-1: Product: syz
[  146.085319][ T4311] usb 1-1: Manufacturer: syz
[  146.095458][ T4311] usb 1-1: SerialNumber: syz
[  146.128438][ T4311] usb 1-1: config 0 descriptor??
[  146.202536][  T108] ERROR: (device loop4): diUpdatePMap: the inode is not allocated in the working map
[  146.202536][  T108] 
[  146.592794][ T5659] loop1: detected capacity change from 0 to 512
[  146.627623][ T5659] EXT4-fs: Ignoring removed bh option
[  146.638616][ T5659] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem
[  146.684731][ T5659] EXT4-fs (loop1): 1 truncate cleaned up
[  146.736744][ T5659] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  146.746126][ T4311] appletouch 1-1:0.85: Geyser mode initialized.
[  146.816920][ T4311] input: appletouch as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.85/input/input7
[  146.882787][ T4277] EXT4-fs (loop1): unmounting filesystem.
[  146.956449][ T4311] usb 1-1: USB disconnect, device number 7
[  147.025243][ T4311] appletouch 1-1:0.85: input: appletouch disconnected
[  147.071266][ T5653] loop3: detected capacity change from 0 to 40427
[  147.110309][ T5653] F2FS-fs (loop3): build fault injection attr: rate: 684, type: 0x3ffff
[  147.149495][ T5653] F2FS-fs (loop3): build fault injection attr: rate: 0, type: 0x35f7
[  147.196802][ T5653] F2FS-fs (loop3): invalid crc value
[  147.217040][ T5653] F2FS-fs (loop3): Found nat_bits in checkpoint
[  147.382919][ T5653] F2FS-fs (loop3): Start checkpoint disabled!
[  147.427292][ T5653] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[  147.569962][ T5216] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  147.681881][ T5674] loop2: detected capacity change from 0 to 4096
[  147.728662][ T5674] ntfs3: loop2: ino=3, Correct links count -> 2.
[  147.748899][ T1112] kworker/u4:5: attempt to access beyond end of device
[  147.748899][ T1112] loop3: rw=2049, sector=40960, nr_sectors = 16 limit=40427
[  147.774479][ T5216] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  147.815227][ T5216] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  147.866276][ T5216] usb 5-1: config 0 descriptor??
[  147.912252][ T5216] cp210x 5-1:0.0: cp210x converter detected
[  147.985269][ T5674] ntfs3: loop2: ino=21, "file1" The size of extended attributes must not exceed 64KiB
[  148.054576][ T5679] loop0: detected capacity change from 0 to 128
[  148.104325][ T5679] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  148.304663][ T5682] loop1: detected capacity change from 0 to 4096
[  148.335689][ T5216] cp210x 5-1:0.0: failed to get vendor val 0x000e size 3: -32
[  148.367201][ T5679] ext4 filesystem being mounted at /87/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  148.395308][ T5216] usb 5-1: cp210x converter now attached to ttyUSB0
[  148.479753][ T5684] loop2: detected capacity change from 0 to 8
[  148.503351][ T5679] fscrypt (loop0, inode 12): Unsupported encryption flags (0x10)
[  148.561369][ T5216] usb 5-1: USB disconnect, device number 6
[  148.584008][ T5216] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  148.616734][ T5684] SQUASHFS error: Failed to read block 0x636: -5
[  148.651772][ T5216] cp210x 5-1:0.0: device disconnected
[  148.666828][ T5684] SQUASHFS error: Unable to read metadata cache entry [634]
[  148.695360][ T5684] SQUASHFS error: Unable to read metadata cache entry [634]
[  148.727405][ T4268] EXT4-fs (loop0): unmounting filesystem.
[  148.729300][ T5684] SQUASHFS error: Unable to read directory block [634:0]
[  149.056822][ T5168] usb 4-1: new full-speed USB device number 6 using dummy_hcd
[  149.106835][ T5166] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  149.175417][ T5697] netlink: 20 bytes leftover after parsing attributes in process `syz.0.497'.
[  149.203148][ T5700] netlink: 36 bytes leftover after parsing attributes in process `syz.4.499'.
[  149.217206][ T5700] netlink: 12 bytes leftover after parsing attributes in process `syz.4.499'.
[  149.233964][ T5700] netlink: 8 bytes leftover after parsing attributes in process `syz.4.499'.
[  149.253163][ T5700] netlink: 8 bytes leftover after parsing attributes in process `syz.4.499'.
[  149.270305][ T5168] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  149.316713][ T5166] usb 2-1: Using ep0 maxpacket: 32
[  149.322036][ T5168] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 2
[  149.336161][ T5166] usb 2-1: New USB device found, idVendor=0fd9, idProduct=0021, bcdDevice=29.40
[  149.345941][ T5166] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  149.354333][ T5168] usb 4-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  149.393597][ T5166] usb 2-1: config 0 descriptor??
[  149.398791][ T5168] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  149.433984][ T5168] usb 4-1: config 0 descriptor??
[  149.461502][ T5168] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  149.503202][ T5168] dvb-usb: bulk message failed: -22 (3/0)
[  149.551800][ T5168] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  149.607303][ T5168] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  149.614833][ T5168] usb 4-1: media controller created
[  149.628124][ T5166] dvb-usb: found a 'Elgato EyeTV DTT' in warm state.
[  149.641980][ T5166] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  149.674503][ T5168] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  149.739431][ T5166] dvbdev: DVB: registering new adapter (Elgato EyeTV DTT)
[  149.749334][ T5166] usb 2-1: media controller created
[  149.760773][ T5168] dvb-usb: bulk message failed: -22 (6/0)
[  149.792649][ T5168] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  149.836935][ T5168] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input8
[  149.850398][ T5689] dvb-usb: bulk message failed: -22 (8/0)
[  149.860984][ T5166] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  149.898224][ T5168] dvb-usb: schedule remote query interval to 150 msecs.
[  149.946796][ T5168] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  150.109602][ T5216] dvb-usb: bulk message failed: -22 (1/0)
[  150.115975][ T5216] dvb-usb: error while querying for an remote control event.
[  150.205383][ T5166] DVB: Unable to find symbol dib7000p_attach()
[  150.212722][ T5166] dvb-usb: no frontend was attached by 'Elgato EyeTV DTT'
[  150.306998][ T5216] dvb-usb: bulk message failed: -22 (1/0)
[  150.312825][ T5216] dvb-usb: error while querying for an remote control event.
[  150.362943][ T5719] loop4: detected capacity change from 0 to 1024
[  150.390490][ T4311] usb 4-1: USB disconnect, device number 6
[  150.473917][ T4311] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  150.529059][ T5166] rc_core: IR keymap rc-dib0700-rc5 not found
[  150.544566][ T5166] Registered IR keymap rc-empty
[  150.577463][ T5166] dvb-usb: could not initialize remote control.
[  150.583835][ T5166] dvb-usb: Elgato EyeTV DTT successfully initialized and connected.
[  150.663840][    T9] hfsplus: bad catalog file entry
[  150.671231][ T5166] usb 2-1: USB disconnect, device number 6
[  150.692442][    T9] hfsplus: b-tree write err: -5, ino 3
[  150.800508][ T5166] dvb-usb: Elgato EyeTV DTT successfully deinitialized and disconnected.
[  150.879044][ T5727] loop4: detected capacity change from 0 to 256
[  151.004895][ T5731] netlink: 12 bytes leftover after parsing attributes in process `syz.2.512'.
[  151.339244][ T5739] loop3: detected capacity change from 0 to 512
[  151.465418][ T5739] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  151.491330][ T5739] ext4 filesystem being mounted at /108/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  151.830113][ T4269] EXT4-fs (loop3): unmounting filesystem.
[  152.694173][ T5766] loop3: detected capacity change from 0 to 8
[  153.297121][ T5778] block nbd0: server does not support multiple connections per device.
[  153.322539][ T5778] block nbd0: shutting down sockets
[  153.564341][ T5787] syzkaller1: tun_chr_ioctl cmd 1074025673
[  153.747878][ T5793] netlink: 12 bytes leftover after parsing attributes in process `syz.4.537'.
[  153.850098][ T5770] loop2: detected capacity change from 0 to 32768
[  154.011743][ T5770] MetaData crosses page boundary!!
[  154.050884][ T5770] lblock = 6300000010, size  = -820051968
[  154.067935][ T5770] CPU: 0 PID: 5770 Comm: syz.2.526 Not tainted syzkaller #0
[  154.075357][ T5770] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  154.085486][ T5770] Call Trace:
[  154.088834][ T5770]  <TASK>
[  154.091855][ T5770]  dump_stack_lvl+0x188/0x24e
[  154.096621][ T5770]  ? __wake_up_bit+0x210/0x210
[  154.101459][ T5770]  ? show_regs_print_info+0x12/0x12
[  154.106727][ T5770]  ? load_image+0x400/0x400
[  154.111294][ T5770]  __get_metapage+0xaa8/0xfa0
[  154.116280][ T5770]  dtSearch+0x5d5/0x2050
[  154.120618][ T5770]  jfs_mkdir+0x30b/0xad0
[  154.125001][ T5770]  ? jfs_symlink+0xfb0/0xfb0
[  154.129658][ T5770]  ? make_kgid+0x660/0x660
[  154.134119][ T5770]  ? apparmor_path_mkdir+0x1ac/0x230
[  154.139448][ T5770]  ? generic_permission+0x230/0x510
[  154.144790][ T5770]  ? inode_permission+0xef/0x480
[  154.149850][ T5770]  ? bpf_lsm_inode_mkdir+0x5/0x10
[  154.154918][ T5770]  ? security_inode_mkdir+0xb3/0x100
[  154.160246][ T5770]  vfs_mkdir+0x387/0x570
[  154.164533][ T5770]  do_mkdirat+0x1d8/0x440
[  154.168916][ T5770]  ? vfs_mkdir+0x570/0x570
[  154.173375][ T5770]  __x64_sys_mkdirat+0x85/0x90
[  154.178178][ T5770]  do_syscall_64+0x4c/0xa0
[  154.182647][ T5770]  ? clear_bhb_loop+0x60/0xb0
[  154.187362][ T5770]  ? clear_bhb_loop+0x60/0xb0
[  154.192216][ T5770]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  154.198153][ T5770] RIP: 0033:0x7f9f70d99b97
[  154.202630][ T5770] Code: 00 66 90 48 89 f2 b9 00 01 00 00 48 89 fe bf 9c ff ff ff e9 db f7 ff ff 66 2e 0f 1f 84 00 00 00 00 00 90 b8 02 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  154.222271][ T5770] RSP: 002b:00007f9f71d01e58 EFLAGS: 00000246 ORIG_RAX: 0000000000000102
[  154.230762][ T5770] RAX: ffffffffffffffda RBX: 00007f9f71d01ee0 RCX: 00007f9f70d99b97
[  154.238776][ T5770] RDX: 00000000000001ff RSI: 0000200000000440 RDI: 00000000ffffff9c
[  154.246876][ T5770] RBP: 0000000000000000 R08: 0000200000000240 R09: 0000000000000000
[  154.254875][ T5770] R10: 0000000000000000 R11: 0000000000000246 R12: 0000200000000440
[  154.262878][ T5770] R13: 00007f9f71d01ea0 R14: 0000000000000000 R15: 0000000000000000
[  154.271064][ T5770]  </TASK>
[  154.326724][ T5770] bread failed!
[  154.330381][ T5770] jfs_mkdir: dtSearch returned -5
[  154.555664][ T5801] netlink: 8 bytes leftover after parsing attributes in process `syz.4.541'.
[  154.707245][ T5783] loop3: detected capacity change from 0 to 40427
[  154.744909][ T5783] F2FS-fs (loop3): build fault injection attr: rate: 771, type: 0x3ffff
[  154.791423][ T5783] F2FS-fs (loop3): invalid crc value
[  154.833695][ T5783] F2FS-fs (loop3): Found nat_bits in checkpoint
[  154.909315][ T5807] loop4: detected capacity change from 0 to 1024
[  154.970117][ T5795] loop0: detected capacity change from 0 to 32768
[  154.996221][ T5795] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz.0.538 (5795)
[  155.009050][ T5783] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  155.093767][ T5795] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  155.124677][ T4269] syz-executor: attempt to access beyond end of device
[  155.124677][ T4269] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  155.139260][ T5795] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[  155.161314][ T5795] BTRFS info (device loop0): using free space tree
[  155.246702][ T5168] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  155.402729][ T5795] BTRFS info (device loop0): enabling ssd optimizations
[  155.447025][ T5168] usb 3-1: Using ep0 maxpacket: 32
[  155.454712][ T4353] hfsplus: b-tree write err: -5, ino 4
[  155.459234][ T5168] usb 3-1: New USB device found, idVendor=0fd9, idProduct=0021, bcdDevice=29.40
[  155.477099][ T5168] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  155.497795][ T5168] usb 3-1: config 0 descriptor??
[  155.671311][ T5831] device erspan0 entered promiscuous mode
[  155.713250][ T5168] dvb-usb: found a 'Elgato EyeTV DTT' in warm state.
[  155.731896][ T5168] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  155.763319][ T5803] loop1: detected capacity change from 0 to 40427
[  155.770679][ T5168] dvbdev: DVB: registering new adapter (Elgato EyeTV DTT)
[  155.802469][ T5168] usb 3-1: media controller created
[  155.813208][ T5803] F2FS-fs (loop1): Insane cp_payload (553648128 >= 504)
[  155.843121][ T5803] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  155.897007][ T5803] F2FS-fs (loop1): invalid crc value
[  155.913799][ T5168] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  155.923609][ T5809] dib0700: tx buffer length is larger than 4. Not supported.
[  155.999617][ T5803] F2FS-fs (loop1): Found nat_bits in checkpoint
[  156.071150][ T4268] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  156.089035][ T5841] netlink: 12 bytes leftover after parsing attributes in process `syz.4.548'.
[  156.281951][ T5803] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  156.326690][ T5803] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  156.361108][ T5168] DVB: Unable to find symbol dib7000p_attach()
[  156.377762][ T5168] dvb-usb: no frontend was attached by 'Elgato EyeTV DTT'
[  156.782333][ T5863] loop0: detected capacity change from 0 to 2048
[  156.808008][ T5168] rc_core: IR keymap rc-dib0700-rc5 not found
[  156.814528][ T5168] Registered IR keymap rc-empty
[  156.845090][ T5168] dvb-usb: could not initialize remote control.
[  156.885976][ T5863] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024)
[  156.908157][ T5168] dvb-usb: Elgato EyeTV DTT successfully initialized and connected.
[  156.954801][ T5168] usb 3-1: USB disconnect, device number 4
[  156.992761][ T5869] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  157.075718][ T5168] dvb-usb: Elgato EyeTV DTT successfully deinitialized and disconnected.
[  157.307480][ T5877] netlink: 4 bytes leftover after parsing attributes in process `syz.2.559'.
[  157.316407][ T5877] netlink: 152 bytes leftover after parsing attributes in process `syz.2.559'.
[  157.378222][ T5877] netlink: 152 bytes leftover after parsing attributes in process `syz.2.559'.
[  157.389301][ T5880] loop0: detected capacity change from 0 to 128
[  157.456114][ T5880] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  157.478118][ T5877] netlink: 152 bytes leftover after parsing attributes in process `syz.2.559'.
[  157.490990][ T5880] ext4 filesystem being mounted at /96/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  157.601397][ T5880] EXT4-fs warning (device loop0): verify_group_input:151: Cannot add at group 3999182285 (only 1 groups)
[  157.656752][ T5168] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  157.758625][ T4268] EXT4-fs (loop0): unmounting filesystem.
[  157.773335][ T5889] loop1: detected capacity change from 0 to 512
[  157.846861][ T5168] usb 4-1: Using ep0 maxpacket: 16
[  157.854275][ T5168] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  157.886255][ T5168] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  157.937237][ T5168] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  157.996066][ T5168] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  158.006549][ T5168] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  158.075205][ T5895] loop2: detected capacity change from 0 to 128
[  158.082841][ T5168] usb 4-1: config 0 descriptor??
[  158.214699][ T5899] loop4: detected capacity change from 0 to 256
[  158.274072][ T5899] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x905a013b, utbl_chksum : 0xe619d30d)
[  158.433116][ T5902] netlink: 8 bytes leftover after parsing attributes in process `syz.4.568'.
[  158.446840][ T5167] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  158.487444][ T5902] device macvlan2 entered promiscuous mode
[  158.544276][ T5168] input: HID 045e:07da as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:045E:07DA.0004/input/input11
[  158.586303][ T5905] loop2: detected capacity change from 0 to 128
[  158.595410][ T5905] FAT-fs (loop2): Invalid FSINFO signature: 0x41615200, 0x61417272 (sector = 1)
[  158.635050][ T5905] syz.2.569: attempt to access beyond end of device
[  158.635050][ T5905] loop2: rw=2051, sector=104, nr_sectors = 937 limit=128
[  158.667323][ T5167] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  158.676566][ T5167] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  158.690379][ T5168] microsoft 0003:045E:07DA.0004: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.3-1/input0
[  158.713149][ T5167] usb 2-1: config 0 descriptor??
[  158.738722][ T5167] cp210x 2-1:0.0: cp210x converter detected
[  158.787580][ T5168] usb 4-1: USB disconnect, device number 7
[  159.150547][ T5167] cp210x 2-1:0.0: failed to get vendor val 0x000e size 3: -32
[  159.183141][ T5167] usb 2-1: cp210x converter now attached to ttyUSB0
[  159.224872][ T5914] fido_id[5914]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory
[  159.381559][ T5920] netlink: 'syz.2.576': attribute type 15 has an invalid length.
[  159.401621][ T5167] usb 2-1: USB disconnect, device number 7
[  159.419584][ T5167] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  159.477176][ T5167] cp210x 2-1:0.0: device disconnected
[  159.602109][ T5924] process 'syz.2.578' launched '/dev/fd/3' with NULL argv: empty string added
[  159.650336][ T5926] loop0: detected capacity change from 0 to 2048
[  159.696106][ T5926] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found!
[  159.737680][ T5926] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  159.998378][ T5929] loop0: detected capacity change from 0 to 512
[  160.022457][ T5929] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  160.086467][ T5929] EXT4-fs error (device loop0): ext4_orphan_get:1399: inode #15: comm syz.0.580: iget: bad i_size value: 38620345925642
[  160.127652][ T5929] EXT4-fs error (device loop0): ext4_orphan_get:1404: comm syz.0.580: couldn't read orphan inode 15 (err -117)
[  160.140267][ T5929] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  160.244351][ T5929] EXT4-fs error (device loop0): ext4_validate_block_bitmap:429: comm syz.0.580: bg 0: block 5: invalid block bitmap
[  160.277321][ T5929] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2 with error 28
[  160.290676][ T5929] EXT4-fs (loop0): This should not happen!! Data will be lost
[  160.290676][ T5929] 
[  160.303175][ T5929] EXT4-fs (loop0): Total free blocks count 0
[  160.309584][ T5929] EXT4-fs (loop0): Free/Dirty block details
[  160.315800][ T5929] EXT4-fs (loop0): free_blocks=0
[  160.321330][ T5929] EXT4-fs (loop0): dirty_blocks=2
[  160.326854][ T5929] EXT4-fs (loop0): Block reservation details
[  160.333244][ T5929] EXT4-fs (loop0): i_reserved_data_blocks=2
[  160.491168][ T4268] EXT4-fs (loop0): unmounting filesystem.
[  160.733885][ T5949] loop3: detected capacity change from 0 to 1024
[  160.855629][ T5949] hfsplus: bad catalog entry type
[  160.994473][    T9] hfsplus: b-tree write err: -5, ino 4
[  161.131147][ T5168] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  161.139544][ T5959] netlink: 'syz.3.594': attribute type 298 has an invalid length.
[  161.330090][ T5168] usb 5-1: Using ep0 maxpacket: 16
[  161.339774][ T5168] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  161.386765][ T5168] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  161.427438][ T5168] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  161.455881][ T5168] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  161.502682][ T5168] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  161.548767][ T5168] usb 5-1: config 0 descriptor??
[  161.592126][ T5967] netlink: 8 bytes leftover after parsing attributes in process `syz.1.598'.
[  161.612989][ T5969] loop3: detected capacity change from 0 to 512
[  161.621296][ T5967] netlink: 4 bytes leftover after parsing attributes in process `syz.1.598'.
[  161.646305][ T5969] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  161.679902][ T5969] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  161.712987][ T5969] ext4 filesystem being mounted at /125/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  161.827233][ T5969] EXT4-fs warning (device loop3): verify_group_input:169: Last group not full
[  161.967698][ T5168] microsoft 0003:045E:07DA.0005: No inputs registered, leaving
[  161.985468][ T5168] microsoft 0003:045E:07DA.0005: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.4-1/input0
[  162.001185][ T5168] microsoft 0003:045E:07DA.0005: no inputs found
[  162.008432][ T4269] EXT4-fs (loop3): unmounting filesystem.
[  162.011724][ T5168] microsoft 0003:045E:07DA.0005: could not initialize ff, continuing anyway
[  162.192735][ T5168] usb 5-1: USB disconnect, device number 7
[  162.393639][ T5975] fido_id[5975]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory
[  162.754946][ T5974] loop2: detected capacity change from 0 to 32768
[  162.817886][ T5974] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 scanned by syz.2.599 (5974)
[  162.879058][ T5974] BTRFS info (device loop2): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  162.889259][ T5991] loop3: detected capacity change from 0 to 128
[  162.891992][ T5991] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  162.950214][ T5974] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm
[  162.973618][ T5991] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  162.984652][ T5974] BTRFS info (device loop2): setting nodatacow, compression disabled
[  163.030082][ T5974] BTRFS info (device loop2): force zlib compression, level 3
[  163.050749][ T5974] BTRFS info (device loop2): turning off barriers
[  163.065028][ T5974] BTRFS info (device loop2): max_inline at 6
[  163.088903][ T5974] BTRFS info (device loop2): turning on sync discard
[  163.122985][ T5974] BTRFS info (device loop2): setting nodatacow
[  163.173854][ T5974] BTRFS info (device loop2): using free space tree
[  163.279316][ T6001] loop0: detected capacity change from 0 to 256
[  163.356039][ T6001] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  163.379101][ T6001] exFAT-fs (loop0): Medium has reported failures. Some data may be lost.
[  163.454333][ T6011] netlink: 8 bytes leftover after parsing attributes in process `syz.3.612'.
[  163.463661][ T6011] netlink: 4 bytes leftover after parsing attributes in process `syz.3.612'.
[  163.552368][ T6001] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  163.686688][ T5974] BTRFS info (device loop2): enabling ssd optimizations
[  164.027026][ T4282] BTRFS info (device loop2): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  164.224010][ T4373] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 9 /dev/loop2 scanned by udevd (4373)
[  164.859215][ T6045] loop1: detected capacity change from 0 to 47
[  164.953138][ T6026] loop3: detected capacity change from 0 to 32768
[  165.036773][ T5216] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  165.076795][ T5168] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  165.140045][ T6026] XFS (loop3): DAX unsupported by block device. Turning off DAX.
[  165.157727][ T6026] XFS (loop3): Mounting V5 Filesystem
[  165.278655][ T5216] usb 3-1: config 0 has an invalid interface number: 204 but max is 0
[  165.291189][ T5168] usb 1-1: New USB device found, idVendor=0572, idProduct=cb01, bcdDevice=26.65
[  165.311628][ T5216] usb 3-1: config 0 has no interface number 0
[  165.320920][ T5168] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  165.352194][ T5216] usb 3-1: New USB device found, idVendor=12d6, idProduct=0444, bcdDevice=29.3d
[  165.371826][ T5168] usb 1-1: Product: syz
[  165.381969][ T5168] usb 1-1: Manufacturer: syz
[  165.387053][ T5216] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  165.395445][ T5168] usb 1-1: SerialNumber: syz
[  165.411441][ T5216] usb 3-1: Product: syz
[  165.419449][ T5168] usb 1-1: config 0 descriptor??
[  165.424621][ T5216] usb 3-1: Manufacturer: syz
[  165.434990][ T5216] usb 3-1: SerialNumber: syz
[  165.453300][ T5216] usb 3-1: config 0 descriptor??
[  165.469919][ T5216] ems_usb 3-1:0.204 (unnamed net_device) (uninitialized): couldn't initialize controller: -22
[  165.479553][ T6026] XFS (loop3): Ending clean mount
[  165.502589][ T5216] ems_usb: probe of 3-1:0.204 failed with error -22
[  165.524327][ T6026] XFS (loop3): Quotacheck needed: Please wait.
[  165.620763][ T6026] XFS (loop3): Quotacheck: Done.
[  165.649272][ T5168] usb 1-1: ignoring: probably an ADSL modem
[  165.705431][ T5216] usb 3-1: USB disconnect, device number 5
[  165.711828][ T6059] netlink: 8 bytes leftover after parsing attributes in process `syz.1.624'.
[  165.792738][ T6059] netlink: 4 bytes leftover after parsing attributes in process `syz.1.624'.
[  165.822644][ T4269] XFS (loop3): Unmounting Filesystem
[  165.864754][ T6054] loop4: detected capacity change from 0 to 32768
[  165.898193][ T6054] BTRFS error: device /dev/loop4 already registered with a higher generation, found 8 expect 9
[  166.066943][ T5168] cxacru 1-1:0.0: usbatm_usb_probe: bind failed: -19!
[  166.182707][ T4373] BTRFS error: device /dev/loop4 already registered with a higher generation, found 8 expect 9
[  166.344345][ T5166] usb 1-1: USB disconnect, device number 8
[  166.642089][ T6071] netlink: 'syz.3.625': attribute type 25 has an invalid length.
[  166.681813][ T6071] netlink: 'syz.3.625': attribute type 8 has an invalid length.
[  167.435934][ T6094] netlink: 4 bytes leftover after parsing attributes in process `syz.0.640'.
[  167.520660][ T6096] loop3: detected capacity change from 0 to 64
[  168.000574][ T6086] loop4: detected capacity change from 0 to 32768
[  168.034635][ T6108] loop1: detected capacity change from 0 to 1024
[  168.079959][ T6108] EXT4-fs: inline encryption not supported
[  168.140816][ T6086] XFS (loop4): Mounting V5 Filesystem
[  168.186260][ T6108] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  168.262209][ T6086] XFS (loop4): Ending clean mount
[  168.321385][ T6108] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  168.391498][   T26] audit: type=1800 audit(1768681283.682:21): pid=6108 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.646" name="file1" dev="loop1" ino=15 res=0 errno=0
[  168.420721][ T6108] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1113: group 0, block bitmap and bg descriptor inconsistent: 25 vs 1305 free clusters
[  168.455538][   T26] audit: type=1800 audit(1768681283.712:22): pid=6108 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.646" name="file1" dev="loop1" ino=15 res=0 errno=0
[  168.503642][ T6108] EXT4-fs (loop1): Remounting filesystem read-only
[  168.552968][ T4267] XFS (loop4): Unmounting Filesystem
[  168.708592][ T4277] EXT4-fs (loop1): unmounting filesystem.
[  168.988646][ T6131] device macvtap0 entered promiscuous mode
[  168.995824][ T6131] device macvtap0 left promiscuous mode
[  169.030545][ T6114] loop0: detected capacity change from 0 to 40427
[  169.070293][ T6114] F2FS-fs (loop0): invalid crc value
[  169.169555][ T6114] F2FS-fs (loop0): Found nat_bits in checkpoint
[  169.389234][ T6114] F2FS-fs (loop0): Cannot turn on quotas: -2 on 1
[  169.446782][ T6114] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  169.582398][ T6114] syz.0.647: attempt to access beyond end of device
[  169.582398][ T6114] loop0: rw=2049, sector=40960, nr_sectors = 16 limit=40427
[  170.001096][ T6161] loop4: detected capacity change from 0 to 1024
[  170.117889][ T6161] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  170.186995][ T5852] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  170.259734][ T4267] EXT4-fs (loop4): unmounting filesystem.
[  170.376882][ T5852] usb 2-1: Using ep0 maxpacket: 16
[  170.384283][ T5852] usb 2-1: config 0 has an invalid interface number: 8 but max is 0
[  170.423540][ T5852] usb 2-1: config 0 has no interface number 0
[  170.461644][ T5852] usb 2-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  170.503883][ T5852] usb 2-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  170.557265][ T5852] usb 2-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[  170.590464][ T5852] usb 2-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[  170.629556][ T5852] usb 2-1: Product: syz
[  170.633828][ T5852] usb 2-1: SerialNumber: syz
[  170.670806][ T5852] usb 2-1: config 0 descriptor??
[  170.701605][ T5852] cm109 2-1:0.8: invalid payload size 0, expected 4
[  170.728121][ T5852] input: CM109 USB driver as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.8/input/input13
[  170.932183][    C0] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[  170.933016][ T5216] usb 2-1: USB disconnect, device number 8
[  170.939287][    C0] cm109 2-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19
[  170.992368][ T6190] capability: warning: `syz.2.676' uses deprecated v2 capabilities in a way that may be insecure
[  171.048260][ T5216] cm109 2-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19
[  171.195485][ T6195] loop4: detected capacity change from 0 to 1024
[  171.253012][ T6195] hfsplus: catalog name length corrupted
[  171.335215][ T6199] netlink: 16 bytes leftover after parsing attributes in process `syz.2.680'.
[  171.430911][ T6199] device bond0 entered promiscuous mode
[  171.437291][ T6199] device bond_slave_0 entered promiscuous mode
[  171.443873][ T6199] device bond_slave_1 entered promiscuous mode
[  171.487244][ T6199] device bond0 left promiscuous mode
[  171.492828][ T6199] device bond_slave_0 left promiscuous mode
[  171.527901][ T6199] device bond_slave_1 left promiscuous mode
[  171.889521][ T6214] loop1: detected capacity change from 0 to 47
[  171.925954][ T6193] loop0: detected capacity change from 0 to 32768
[  172.022755][ T6193] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 scanned by syz.0.677 (6193)
[  172.149642][ T6193] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  172.180635][ T6193] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm
[  172.216817][ T6193] BTRFS info (device loop0): setting incompat feature flag for COMPRESS_ZSTD (0x10)
[  172.266321][ T6193] BTRFS info (device loop0): use zstd compression, level 3
[  172.292304][ T6193] BTRFS info (device loop0): using free space tree
[  172.647661][ T6193] BTRFS info (device loop0): enabling ssd optimizations
[  173.220688][ T4268] BTRFS info (device loop0): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  173.379342][ T6222] loop1: detected capacity change from 0 to 40427
[  173.438539][ T6222] F2FS-fs (loop1): build fault injection attr: rate: 14, type: 0x3ffff
[  173.479491][ T6222] F2FS-fs (loop1): build fault injection attr: rate: 0, type: 0x724
[  173.548943][ T6222] F2FS-fs (loop1): invalid crc value
[  173.610297][ T6222] F2FS-fs (loop1): Found nat_bits in checkpoint
[  173.737657][ T6264] loop4: detected capacity change from 0 to 512
[  173.823574][ T6264] EXT4-fs (loop4): orphan cleanup on readonly fs
[  173.844319][ T6222] F2FS-fs (loop1) : inject page alloc in f2fs_grab_cache_page of f2fs_ra_meta_pages+0x432/0xa20
[  173.888994][ T6264] EXT4-fs error (device loop4): ext4_ext_check_inode:520: inode #4: comm syz.4.700: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 2048(2048)
[  173.908825][ T6264] EXT4-fs error (device loop4): ext4_quota_enable:7046: comm syz.4.700: Bad quota inode: 4, type: 1
[  173.920856][ T6264] EXT4-fs warning (device loop4): ext4_enable_quotas:7087: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  173.937118][ T6264] EXT4-fs (loop4): Cannot turn on quotas: error -117
[  173.944240][ T6264] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  174.036909][ T6222] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  174.112885][ T6222] F2FS-fs (loop1) : inject page alloc in f2fs_grab_cache_page of f2fs_new_node_page+0x12a/0x910
[  174.184000][ T6264] EXT4-fs: test_dummy_encryption requires encrypt feature
[  174.194787][ T6222] syz.1.691: attempt to access beyond end of device
[  174.194787][ T6222] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  174.328516][ T4267] EXT4-fs (loop4): unmounting filesystem.
[  174.511009][ T4277] F2FS-fs (loop1) : inject page alloc in f2fs_grab_cache_page of f2fs_grab_meta_page+0x63/0x210
[  174.708872][ T6281] loop4: detected capacity change from 0 to 8192
[  174.753318][ T4277] syz-executor: attempt to access beyond end of device
[  174.753318][ T4277] loop1: rw=2051, sector=45096, nr_sectors = 8 limit=40427
[  174.816166][ T4277] F2FS-fs (loop1): Issue discard(5637, 5637, 1) failed, ret: -5
[  175.192846][ T6294] loop3: detected capacity change from 0 to 512
[  175.235846][ T6294] EXT4-fs (loop3): Test dummy encryption mode enabled
[  175.290327][ T6294] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  175.371152][ T6294] EXT4-fs (loop3): 1 truncate cleaned up
[  175.377438][ T6294] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  175.555994][ T6303] loop4: detected capacity change from 0 to 512
[  175.588448][ T6287] loop2: detected capacity change from 0 to 32768
[  175.633437][ T6287] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 scanned by syz.2.710 (6287)
[  175.684107][ T6287] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  175.701150][ T6303] EXT4-fs error (device loop4): ext4_orphan_get:1399: inode #15: comm syz.4.715: iget: bad i_size value: 38620345925642
[  175.743763][ T6287] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm
[  175.753644][ T6287] BTRFS info (device loop2): setting incompat feature flag for COMPRESS_ZSTD (0x10)
[  175.765311][ T6287] BTRFS info (device loop2): use zstd compression, level 3
[  175.772764][ T6287] BTRFS info (device loop2): using free space tree
[  175.786840][ T6303] EXT4-fs error (device loop4): ext4_orphan_get:1404: comm syz.4.715: couldn't read orphan inode 15 (err -117)
[  175.801496][ T6303] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  175.990248][ T4267] EXT4-fs (loop4): unmounting filesystem.
[  176.126777][ T6327] loop0: detected capacity change from 0 to 4096
[  176.135250][ T6287] BTRFS info (device loop2): enabling ssd optimizations
[  176.430663][   T26] audit: type=1800 audit(1768681291.722:23): pid=6327 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.718" name="file1" dev="loop0" ino=0 res=0 errno=0
[  176.749099][ T6294] fscrypt: AES-256-CTS-CBC using implementation "cts-cbc-aes-aesni"
[  176.792701][ T4282] BTRFS info (device loop2): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  176.861533][ T4269] EXT4-fs (loop3): unmounting filesystem.
[  177.473280][ T6368] loop2: detected capacity change from 0 to 64
[  177.483372][ T6366] loop4: detected capacity change from 0 to 2048
[  177.504037][ T6366] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  177.518570][ T6366] ext4 filesystem being mounted at /158/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  177.542521][   T26] audit: type=1800 audit(1768681292.832:24): pid=6366 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.730" name="bus" dev="loop4" ino=18 res=0 errno=0
[  177.879501][ T4267] EXT4-fs (loop4): unmounting filesystem.
[  177.990294][ T6374] Context (ID=0x0) not attached to queue pair (handle=0x4d3:0x4)
[  178.196330][ T6378] dvmrp1: tun_chr_ioctl cmd 1074025681
[  178.208406][ T4334] kernel read not supported for file /input/event1 (pid: 4334 comm: kworker/0:6)
[  178.332913][ T6365] loop3: detected capacity change from 0 to 40427
[  178.371053][ T6365] F2FS-fs (loop3): Wrong MAIN_AREA boundary, start(4096) end(12800) block(12288)
[  178.397353][ T6365] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  178.405813][ T6365] F2FS-fs (loop3): build fault injection attr: rate: 0, type: 0x35f7
[  178.456759][ T5852] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  178.476343][ T6365] F2FS-fs (loop3): build fault injection attr: rate: 690, type: 0x3ffff
[  178.523085][ T6365] F2FS-fs (loop3): invalid crc value
[  178.590149][ T6365] F2FS-fs (loop3): Found nat_bits in checkpoint
[  178.656797][ T5852] usb 2-1: Using ep0 maxpacket: 8
[  178.668721][ T5852] usb 2-1: unable to get BOS descriptor or descriptor too short
[  178.744985][ T5852] usb 2-1: config index 0 descriptor too short (expected 255, got 18)
[  178.787003][ T5852] usb 2-1: config 4 interface 0 has no altsetting 0
[  178.835073][ T5852] usb 2-1: string descriptor 0 read error: -22
[  178.845208][ T5852] usb 2-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05
[  178.866056][ T5852] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  178.881977][ T6365] F2FS-fs (loop3): Start checkpoint disabled!
[  178.893718][ T5852] usb 2-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state
[  178.923077][ T6365] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  178.956795][ T6365] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[  178.991653][ T5852] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  179.016954][ T5852] dvbdev: DVB: registering new adapter (Sigmatek DVB-110)
[  179.056475][ T5852] usb 2-1: media controller created
[  179.124828][ T5852] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  179.158242][ T6365] syz.3.732: attempt to access beyond end of device
[  179.158242][ T6365] loop3: rw=10241, sector=45096, nr_sectors = 8 limit=40427
[  179.368379][ T5852] zl10353_read_register: readreg error (reg=127, ret==0)
[  179.475689][ T5852] usb 2-1: USB disconnect, device number 9
[  179.530905][   T41] kworker/u4:2: attempt to access beyond end of device
[  179.530905][   T41] loop3: rw=2049, sector=40960, nr_sectors = 16 limit=40427
[  179.663576][ T6389] loop2: detected capacity change from 0 to 40427
[  179.695751][ T6389] F2FS-fs (loop2): invalid crc value
[  179.733884][ T6389] F2FS-fs (loop2): Found nat_bits in checkpoint
[  179.844841][ T6389] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  180.027040][ T5852] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  180.047841][ T4282] syz-executor: attempt to access beyond end of device
[  180.047841][ T4282] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  180.127500][ T4282] syz-executor: attempt to access beyond end of device
[  180.127500][ T4282] loop2: rw=2049, sector=45128, nr_sectors = 8 limit=40427
[  180.185356][ T6399] loop0: detected capacity change from 0 to 32768
[  180.257036][ T5852] usb 5-1: Using ep0 maxpacket: 32
[  180.272722][ T5852] usb 5-1: config 0 has an invalid interface number: 35 but max is 0
[  180.302931][ T6399] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  180.317566][ T5852] usb 5-1: config 0 has no interface number 0
[  180.323751][ T5852] usb 5-1: config 0 interface 35 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7
[  180.345378][ T5852] usb 5-1: config 0 interface 35 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0
[  180.369405][ T5852] usb 5-1: New USB device found, idVendor=10c4, idProduct=818a, bcdDevice=7d.ad
[  180.388944][ T5852] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  180.397291][ T6399] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  180.419459][ T5852] usb 5-1: Product: syz
[  180.423772][ T5852] usb 5-1: Manufacturer: syz
[  180.429053][ T5852] usb 5-1: SerialNumber: syz
[  180.444943][ T5852] usb 5-1: config 0 descriptor??
[  180.575382][ T6399] gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents in 0ms
[  180.606929][ T5850] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  180.614539][ T5850] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[  180.674530][ T5852] radio-si470x 5-1:0.35: this is not a si470x device.
[  180.732861][ T5852] radio-raremono 5-1:0.35: Thanko's Raremono connected: (10C4:818A)
[  180.791906][ T5850] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 177ms
[  180.833411][ T5850] gfs2: fsid=syz:syz.0: jid=0: Done
[  180.861874][ T6399] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  180.964306][ T5852] radio-raremono 5-1:0.35: V4L2 device registered as radio48
[  181.039501][ T6428] loop2: detected capacity change from 0 to 256
[  181.086394][ T6428] exfat: Deprecated parameter 'utf8'
[  181.095011][ T6428] exfat: Deprecated parameter 'utf8'
[  181.131777][ T6428] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xabf88b1f, utbl_chksum : 0xe619d30d)
[  181.165923][ T5166] usb 5-1: USB disconnect, device number 8
[  181.178341][ T5166] radio-raremono 5-1:0.35: Thanko's Raremono disconnected
[  181.307875][ T6431] loop3: detected capacity change from 0 to 256
[  181.560430][ T6414] loop1: detected capacity change from 0 to 32768
[  181.624953][ T6414] XFS: attr2 mount option is deprecated.
[  181.750923][ T6414] XFS (loop1): DAX unsupported by block device. Turning off DAX.
[  181.774880][ T6414] XFS (loop1): Mounting V5 Filesystem
[  181.901405][ T6414] XFS (loop1): Ending clean mount
[  181.959096][ T6414] XFS (loop1): Quotacheck needed: Please wait.
[  182.056656][ T6414] XFS (loop1): Quotacheck: Done.
[  182.244582][ T4277] XFS (loop1): Unmounting Filesystem
[  182.391038][ T6453] loop2: detected capacity change from 0 to 512
[  182.691653][ T6455] netlink: 68 bytes leftover after parsing attributes in process `syz.2.763'.
[  183.315675][ T6469] loop3: detected capacity change from 0 to 2048
[  183.353721][ T6475] loop0: detected capacity change from 0 to 16
[  183.393006][ T6476] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  183.412448][ T6475] erofs: (device loop0): mounted with root inode @ nid 36.
[  183.522662][ T6475] erofs: (device loop0): z_erofs_read_folio: failed to read, err [-117]
[  183.605420][ T6474] loop2: detected capacity change from 0 to 4096
[  183.660771][ T6474] ntfs3: loop2: Different NTFS' sector size (4096) and media sector size (512)
[  183.756266][ T6469] NILFS error (device loop3): nilfs_dotdot: directory #12 missing '..'
[  183.796374][ T6474] ntfs3: loop2: Mark volume as dirty due to NTFS errors
[  183.811589][ T6469] Remounting filesystem read-only
[  183.928448][ T4269] NILFS (loop3): disposed unprocessed dirty file(s) when detaching log writer
[  184.126775][ T6493] netlink: 4 bytes leftover after parsing attributes in process `syz.3.777'.
[  184.136726][ T5850] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  184.326704][ T5850] usb 2-1: Using ep0 maxpacket: 32
[  184.334969][ T5850] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  184.381622][ T5850] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  184.392252][ T5850] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  184.402727][ T5850] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  184.432504][ T5850] usb 2-1: config 0 descriptor??
[  184.673479][  T952] usb 2-1: USB disconnect, device number 10
[  184.901250][ T6512] loop3: detected capacity change from 0 to 128
[  184.933124][ T6512] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  184.963140][ T6516] loop0: detected capacity change from 0 to 512
[  184.986141][ T6512] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  185.006896][ T6515] loop4: detected capacity change from 0 to 164
[  185.113573][ T6516] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  185.163874][ T6516] ext4 filesystem being mounted at /138/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  185.188362][ T6516] EXT4-fs (loop0): shut down requested (1)
[  185.309210][ T4268] EXT4-fs (loop0): unmounting filesystem.
[  185.450553][ T6524] netlink: 8 bytes leftover after parsing attributes in process `syz.1.789'.
[  185.483331][ T4417] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  185.945733][ T6536] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap1: link becomes ready
[  185.982533][ T6532] loop0: detected capacity change from 0 to 4096
[  186.001364][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap1: link becomes ready
[  186.156235][ T6538] loop2: detected capacity change from 0 to 2048
[  186.206911][ T6538] UDF-fs: error (device loop2): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d
[  186.237144][ T6538] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  186.374502][ T6522] loop4: detected capacity change from 0 to 32768
[  186.439291][ T6522] XFS (loop4): DAX unsupported by block device. Turning off DAX.
[  186.453173][ T6522] XFS (loop4): Mounting V5 Filesystem
[  186.526054][ T6522] XFS (loop4): Ending clean mount
[  186.556491][ T6540] loop1: detected capacity change from 0 to 8192
[  186.566572][ T6522] XFS (loop4): Quotacheck needed: Please wait.
[  186.640835][ T6540] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  186.720518][ T6522] XFS (loop4): Quotacheck: Done.
[  186.753552][ T6540] REISERFS (device loop1): found reiserfs format "3.6" with non-standard journal
[  186.780370][ T6540] REISERFS (device loop1): using ordered data mode
[  186.836700][ T6540] reiserfs: using flush barriers
[  186.863028][ T6540] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  186.921754][ T4267] XFS (loop4): Unmounting Filesystem
[  186.957794][ T6540] REISERFS (device loop1): checking transaction log (loop1)
[  187.332020][ T6540] REISERFS (device loop1): Using tea hash to sort names
[  187.377838][ T6540] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage.
[  187.834701][ T6571] netlink: 'syz.2.806': attribute type 2 has an invalid length.
[  187.857121][ T6563] loop0: detected capacity change from 0 to 8192
[  187.874282][ T6563] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  187.908847][ T6563] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[  187.934032][ T6563] REISERFS (device loop0): using ordered data mode
[  187.961475][ T6574] netlink: 4 bytes leftover after parsing attributes in process `syz.4.800'.
[  187.976781][ T6563] reiserfs: using flush barriers
[  188.058065][ T6563] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  188.158400][ T6563] REISERFS (device loop0): checking transaction log (loop0)
[  188.188242][ T6580] loop4: detected capacity change from 0 to 128
[  188.219463][ T6563] REISERFS (device loop0): Using r5 hash to sort names
[  188.259568][ T6563] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[  188.305747][ T6582] netlink: 12 bytes leftover after parsing attributes in process `syz.1.807'.
[  188.316157][ T4393] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  188.345031][ T6580] loop4: detected capacity change from 0 to 256
[  188.357810][ T4393] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  188.391716][ T4393] Buffer I/O error on dev loop4, logical block 0, async page read
[  189.300160][ T6612] netlink: 12 bytes leftover after parsing attributes in process `syz.0.823'.
[  189.524705][ T6614] syz.2.825: attempt to access beyond end of device
[  189.524705][ T6614] loop2: rw=2049, sector=256, nr_sectors = 40 limit=256
[  189.553018][ T6616] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  189.562263][  T952] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  189.641568][ T6618] hfsplus: bad catalog entry type
[  189.786691][  T952] usb 5-1: Using ep0 maxpacket: 16
[  189.799676][  T952] usb 5-1: config 0 has an invalid interface number: 8 but max is 0
[  189.861818][  T952] usb 5-1: config 0 has no interface number 0
[  189.905481][  T952] usb 5-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  189.958544][  T952] usb 5-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  189.980424][  T952] usb 5-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[  189.999057][ T5231] hfsplus: b-tree write err: -5, ino 4
[  190.005881][ T4268] EXT4-fs (loop0): unmounting filesystem.
[  190.019024][  T952] usb 5-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[  190.043626][  T952] usb 5-1: Product: syz
[  190.066666][  T952] usb 5-1: SerialNumber: syz
[  190.110482][  T952] usb 5-1: config 0 descriptor??
[  190.130368][  T952] cm109 5-1:0.8: invalid payload size 0, expected 4
[  190.168077][  T952] input: CM109 USB driver as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.8/input/input14
[  190.267779][ T6630] netlink: 12 bytes leftover after parsing attributes in process `syz.2.832'.
[  190.451518][    C0] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71
[  190.453224][ T5168] usb 5-1: USB disconnect, device number 9
[  190.458540][    C0] cm109 5-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19
[  190.488992][ T6635] set_capacity_and_notify: 4 callbacks suppressed
[  190.489011][ T6635] loop0: detected capacity change from 0 to 1024
[  190.542166][ T6635] EXT4-fs: Ignoring removed orlov option
[  190.548749][ T5168] cm109 5-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19
[  190.633799][ T6639] netlink: 12 bytes leftover after parsing attributes in process `syz.2.837'.
[  190.662173][ T6635] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  190.749660][ T6635] EXT4-fs error (device loop0): __ext4_new_inode:1285: comm syz.0.835: failed to insert inode 15: doubly allocated?
[  190.849669][ T6635] EXT4-fs error (device loop0) in ext4_free_inode:362: Corrupt filesystem
[  191.024082][ T4268] EXT4-fs (loop0): unmounting filesystem.
[  191.611406][ T6664] netlink: 8 bytes leftover after parsing attributes in process `syz.1.848'.
[  191.665135][ T6666] netlink: 12 bytes leftover after parsing attributes in process `syz.3.849'.
[  191.676065][ T6664] netlink: 'syz.1.848': attribute type 14 has an invalid length.
[  191.691131][ T6664] netlink: 24 bytes leftover after parsing attributes in process `syz.1.848'.
[  191.963110][ T6655] loop0: detected capacity change from 0 to 32768
[  191.997665][ T6655] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 scanned by syz.0.843 (6655)
[  192.057534][ T6655] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  192.082170][ T6650] loop2: detected capacity change from 0 to 40427
[  192.092407][ T6655] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm
[  192.116876][ T6650] F2FS-fs (loop2): invalid crc value
[  192.126351][ T6655] BTRFS info (device loop0): using free space tree
[  192.147581][ T6650] F2FS-fs (loop2): Found nat_bits in checkpoint
[  192.398674][ T6650] F2FS-fs (loop2): Start checkpoint disabled!
[  192.426366][ T6655] BTRFS info (device loop0): enabling ssd optimizations
[  192.486813][ T6650] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[  192.495874][   T26] audit: type=1800 audit(1768681307.782:25): pid=6655 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.843" name="file2" dev="loop0" ino=261 res=0 errno=0
[  192.865688][ T4417] kworker/u4:7: attempt to access beyond end of device
[  192.865688][ T4417] loop2: rw=2049, sector=40960, nr_sectors = 16 limit=40427
[  192.937415][ T4268] BTRFS info (device loop0): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  193.214546][ T6708] netlink: 12 bytes leftover after parsing attributes in process `syz.3.862'.
[  193.657870][ T6712] loop4: detected capacity change from 0 to 8192
[  193.726044][ T6712] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  193.756840][ T4311] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  193.836668][ T6712] REISERFS (device loop4): found reiserfs format "3.5" with non-standard journal
[  193.845982][ T6712] REISERFS (device loop4): using ordered data mode
[  193.907905][ T6712] reiserfs: using flush barriers
[  193.927375][ T6712] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  193.960754][ T4311] usb 2-1: Using ep0 maxpacket: 32
[  193.972285][ T4311] usb 2-1: config index 0 descriptor too short (expected 156, got 27)
[  193.985215][ T6712] REISERFS (device loop4): checking transaction log (loop4)
[  194.007775][ T4311] usb 2-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  194.036059][ T4311] usb 2-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  194.065447][ T6712] REISERFS (device loop4): Using rupasov hash to sort names
[  194.087943][ T6712] REISERFS (device loop4): using 3.5.x disk format
[  194.095005][ T4311] usb 2-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  194.125535][ T6712] REISERFS warning: green-16003 errcatch_is_left_mergeable: Invalid item type observed, run fsck ASAP
[  194.146987][ T4311] usb 2-1: config 0 interface 0 has no altsetting 0
[  194.180091][ T6712] REISERFS warning: green-16003 errcatch_is_left_mergeable: Invalid item type observed, run fsck ASAP
[  194.184191][ T4311] usb 2-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  194.222338][ T6712] REISERFS warning: green-16003 errcatch_is_left_mergeable: Invalid item type observed, run fsck ASAP
[  194.227642][ T4311] usb 2-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  194.253553][ T6712] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage.
[  194.266431][ T4311] usb 2-1: Product: syz
[  194.283585][ T4311] usb 2-1: Manufacturer: syz
[  194.297422][ T4311] usb 2-1: SerialNumber: syz
[  194.318090][ T4311] usb 2-1: config 0 descriptor??
[  194.343700][ T4311] ldusb 2-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  194.359759][ T1268] ieee802154 phy0 wpan0: encryption failed: -22
[  194.366221][ T1268] ieee802154 phy1 wpan1: encryption failed: -22
[  194.453185][ T4311] ldusb 2-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  194.508379][ T6715] loop2: detected capacity change from 0 to 32768
[  194.685167][ T6715] XFS (loop2): Mounting V5 Filesystem
[  194.712814][ T6720] loop0: detected capacity change from 0 to 32768
[  194.792914][ T6720] (syz.0.859,6720,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  194.809224][ T6720] (syz.0.859,6720,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  194.823495][ T4361] usb 2-1: USB disconnect, device number 11
[  194.833648][ T6715] XFS (loop2): Ending clean mount
[  194.864094][ T6720] JBD2: Ignoring recovery information on journal
[  194.883589][ T4361] ldusb 2-1:0.0: LD USB Device #0 now disconnected
[  194.898534][ T6715] XFS (loop2): Quotacheck needed: Please wait.
[  195.030325][ T6715] XFS (loop2): Quotacheck: Done.
[  195.161561][ T6720] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[  195.202711][ T6745] loop3: detected capacity change from 0 to 1024
[  195.335277][ T4282] XFS (loop2): Unmounting Filesystem
[  195.686188][ T6751] IPv6: addrconf: prefix option has invalid lifetime
[  195.828197][ T6745] EXT4-fs (loop3): Test dummy encryption mode enabled
[  195.932082][ T6745] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  195.953372][ T4268] ocfs2: Unmounting device (7,0) on (node local)
[  196.304555][ T6763] netlink: 32 bytes leftover after parsing attributes in process `syz.2.874'.
[  196.359887][ T6765] program syz.1.880 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  196.458276][ T4269] EXT4-fs (loop3): unmounting filesystem.
[  196.521985][ T6767] netlink: 12 bytes leftover after parsing attributes in process `syz.0.876'.
[  196.843322][ T6770] loop4: detected capacity change from 0 to 8192
[  196.856967][ T6777] netlink: 68 bytes leftover after parsing attributes in process `syz.0.884'.
[  196.945360][ T6783] netlink: 8 bytes leftover after parsing attributes in process `syz.1.887'.
[  197.434406][ T6797] loop1: detected capacity change from 0 to 256
[  197.451669][ T6798] netlink: 32 bytes leftover after parsing attributes in process `syz.3.893'.
[  197.494573][ T6799] netlink: 12 bytes leftover after parsing attributes in process `syz.0.895'.
[  198.483556][ T6801] loop2: detected capacity change from 0 to 32768
[  198.604671][ T6801] XFS (loop2): Mounting V5 Filesystem
[  198.745472][ T6801] XFS (loop2): Ending clean mount
[  198.769809][ T6801] XFS (loop2): Quotacheck needed: Please wait.
[  198.820607][ T6840] netlink: 32 bytes leftover after parsing attributes in process `syz.3.910'.
[  198.944726][ T6842] input: syz0 as /devices/virtual/input/input15
[  198.955560][ T6801] XFS (loop2): Quotacheck: Done.
[  199.098406][ T4282] XFS (loop2): Unmounting Filesystem
[  199.287328][ T6852] loop4: detected capacity change from 0 to 512
[  199.297207][ T6852] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  199.340632][ T6852] EXT4-fs (loop4): 1 truncate cleaned up
[  199.390230][ T6852] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  199.639745][ T6856] EXT4-fs error (device loop4): ext4_xattr_block_find:1825: inode #15: comm syz.4.917: corrupted xattr block 33
[  199.725687][ T6862] loop2: detected capacity change from 0 to 8
[  199.733575][ T6856] EXT4-fs (loop4): Remounting filesystem read-only
[  199.796823][ T6862] SQUASHFS error: zlib decompression failed, data probably corrupt
[  199.822281][ T6862] SQUASHFS error: Failed to read block 0x9b: -5
[  199.868294][ T6862] SQUASHFS error: Unable to read metadata cache entry [99]
[  199.902106][ T6862] SQUASHFS error: Unable to read inode 0x127
[  199.910235][ T4267] EXT4-fs (loop4): unmounting filesystem.
[  200.134695][ T6872] device macsec0 entered promiscuous mode
[  200.170061][ T6868] loop1: detected capacity change from 0 to 4096
[  200.192848][ T6871] netlink: 32 bytes leftover after parsing attributes in process `syz.4.923'.
[  200.206498][ T6868] ntfs3: loop1: Different NTFS' sector size (4096) and media sector size (512)
[  200.277114][ T5216] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  200.400282][ T6868] ntfs3: loop1: failed to convert "c46c" to cp866
[  200.488592][ T5216] usb 3-1: config 220 has an invalid interface number: 76 but max is 2
[  200.506767][ T5216] usb 3-1: config 220 contains an unexpected descriptor of type 0x2, skipping
[  200.536260][ T5216] usb 3-1: config 220 has an invalid descriptor of length 25, skipping remainder of the config
[  200.556774][ T5216] usb 3-1: config 220 has no interface number 2
[  200.563299][ T5216] usb 3-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[  200.597461][ T5216] usb 3-1: config 220 interface 0 has no altsetting 0
[  200.607470][ T5216] usb 3-1: config 220 interface 76 has no altsetting 0
[  200.614420][ T5216] usb 3-1: config 220 interface 1 has no altsetting 0
[  200.668457][ T5216] usb 3-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  200.686230][ T5216] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  200.700191][ T5216] usb 3-1: Product: syz
[  200.704471][ T5216] usb 3-1: Manufacturer: syz
[  200.713354][ T5216] usb 3-1: SerialNumber: syz
[  200.726862][ T5857] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  200.916965][ T5857] usb 5-1: Using ep0 maxpacket: 8
[  200.924156][ T5857] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  200.949675][ T5216] usb 3-1: Found UVC 7.01 device syz (8086:0b07)
[  200.956307][ T5216] usb 3-1: No valid video chain found.
[  200.956734][ T5857] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  201.001018][ T5857] usb 5-1: New USB device found, idVendor=03f0, idProduct=0004, bcdDevice= 0.40
[  201.010999][ T5216] usb 3-1: selecting invalid altsetting 0
[  201.051324][ T5216] usb 3-1: selecting invalid altsetting 0
[  201.064337][ T5857] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  201.078351][ T5857] usb 5-1: Product: syz
[  201.082606][ T5857] usb 5-1: Manufacturer: syz
[  201.087615][ T5216] usbtest: probe of 3-1:220.1 failed with error -22
[  201.095036][ T5857] usb 5-1: SerialNumber: syz
[  201.103099][ T6891] netlink: 76 bytes leftover after parsing attributes in process `syz.0.933'.
[  201.115668][ T6893] loop1: detected capacity change from 0 to 128
[  201.123552][ T5216] usb 3-1: USB disconnect, device number 6
[  201.152449][ T5857] usblp0: Disabling reads from problematic bidirectional printer
[  201.170225][ T6893] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256
[  201.236223][ T6893] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  201.349296][ T5857] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 10 if 0 alt 0 proto 1 vid 0x03F0 pid 0x0004
[  201.395981][ T6896] program syz.3.935 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  201.556944][ T4285] Bluetooth: hci0: command 0x0406 tx timeout
[  201.564327][ T4285] Bluetooth: hci3: command 0x0406 tx timeout
[  201.573513][ T4279] Bluetooth: hci1: command 0x0406 tx timeout
[  201.573533][ T4283] Bluetooth: hci2: command 0x0406 tx timeout
[  201.573567][ T4283] Bluetooth: hci4: command 0x0406 tx timeout
[  201.622476][ T5857] usb 5-1: USB disconnect, device number 10
[  201.635126][ T5857] usblp0: removed
[  201.689565][ T6901] netlink: 32 bytes leftover after parsing attributes in process `syz.0.938'.
[  202.381515][ T6927] ptrace attach of "./syz-executor exec"[4267] was attempted by "\x09   
                   Àÿ      Àÿ      Ðÿ      àÿ              ðÿ      °ÿ      Àÿ                 ÿÿÿÿ                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        €\x0d                                                                                                                                                                                                                                                                   
[  202.533356][ T6933] netlink: 32 bytes leftover after parsing attributes in process `syz.4.953'.
[  203.053344][ T6919] loop2: detected capacity change from 0 to 32768
[  203.218679][ T6919] XFS (loop2): Mounting V5 Filesystem
[  203.433567][ T6919] XFS (loop2): Ending clean mount
[  203.455056][ T6919] XFS (loop2): Quotacheck needed: Please wait.
[  203.523712][ T6919] XFS (loop2): Quotacheck: Done.
[  203.677710][ T4282] XFS (loop2): Unmounting Filesystem
[  203.870593][ T6972] loop0: detected capacity change from 0 to 128
[  203.917134][ T4311] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  203.941366][ T6972] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  203.969685][ T6962] loop3: detected capacity change from 0 to 40427
[  203.991716][ T6962] F2FS-fs (loop3): invalid crc value
[  203.999256][ T6962] F2FS-fs (loop3): SIT is corrupted node# 0 vs 7
[  204.011605][ T6972] ext4 filesystem being mounted at /174/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  204.028706][ T6962] F2FS-fs (loop3): Failed to initialize F2FS segment manager (-117)
[  204.096739][ T4311] usb 5-1: Using ep0 maxpacket: 8
[  204.116447][ T4311] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  204.146906][ T4311] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  204.176840][ T4311] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 255
[  204.195888][ T4311] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  204.232266][ T4311] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  204.243565][ T6966] loop1: detected capacity change from 0 to 32768
[  204.266829][ T4311] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  204.284600][ T6966] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop1 scanned by syz.1.962 (6966)
[  204.303135][ T4268] EXT4-fs (loop0): unmounting filesystem.
[  204.388256][ T6966] BTRFS info (device loop1): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  204.435342][ T6966] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm
[  204.476776][ T6966] BTRFS info (device loop1): using free space tree
[  204.487386][ T6978] netlink: 32 bytes leftover after parsing attributes in process `syz.0.968'.
[  204.505939][ T4311] usb 5-1: GET_CAPABILITIES returned 0
[  204.516834][ T4311] usbtmc 5-1:16.0: can't read capabilities
[  204.641861][ T6985] tipc: Started in network mode
[  204.658798][ T6985] tipc: Node identity 00000000800000008, cluster identity 4711
[  204.712273][ T6968] usb 5-1: usbtmc_ioctl_clear_out_halt returned -32
[  204.812844][ T6998] loop0: detected capacity change from 0 to 128
[  204.827105][ T6966] BTRFS info (device loop1): enabling ssd optimizations
[  204.845294][ T4311] usb 5-1: USB disconnect, device number 11
[  204.861479][ T6998] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  204.878430][ T6998] ext4 filesystem being mounted at /176/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  205.074922][ T4277] BTRFS info (device loop1): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  205.139076][ T4268] EXT4-fs (loop0): unmounting filesystem.
[  205.351291][ T7005] loop0: detected capacity change from 0 to 256
[  205.430240][ T7005] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fe7f, chksum : 0x19066d23, utbl_chksum : 0xe619d30d)
[  205.553229][ T4416] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 10 /dev/loop1 scanned by udevd (4416)
[  206.202668][ T7021] kernel read not supported for file / (pid: 7021 comm: syz.0.979)
[  206.215233][ T7022] loop2: detected capacity change from 0 to 128
[  206.228386][   T26] audit: type=1800 audit(1768681321.522:26): pid=7021 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.979" name=0D dev="mqueue" ino=42417 res=0 errno=0
[  206.308198][ T7022] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  206.368013][ T7026] netlink: 32 bytes leftover after parsing attributes in process `syz.3.981'.
[  206.430339][ T7022] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  206.633536][ T7030] raw_sendmsg: syz.3.983 forgot to set AF_INET. Fix it!
[  206.746895][ T7032] ax25_connect(): syz.2.984 uses autobind, please contact jreuter@yaina.de
[  206.802093][ T5848] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  206.822639][ T7014] loop4: detected capacity change from 0 to 32768
[  206.890726][ T7014] JBD2: Ignoring recovery information on journal
[  206.959562][ T7014] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[  207.027530][ T5848] usb 2-1: Using ep0 maxpacket: 32
[  207.038463][ T5848] usb 2-1: unable to get BOS descriptor or descriptor too short
[  207.048258][ T5848] usb 2-1: config 3 has an invalid interface number: 38 but max is 0
[  207.056989][ T5848] usb 2-1: config 3 has no interface number 0
[  207.063653][ T5848] usb 2-1: config 3 interface 38 has no altsetting 0
[  207.099014][ T5848] usb 2-1: New USB device found, idVendor=0dba, idProduct=3000, bcdDevice=ed.35
[  207.136752][ T5848] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  207.166007][ T5848] usb 2-1: Product: syz
[  207.175183][ T5848] usb 2-1: Manufacturer: syz
[  207.187429][ T5848] usb 2-1: SerialNumber: syz
[  207.344269][ T4267] ocfs2: Unmounting device (7,4) on (node local)
[  207.454373][ T5848] usb 2-1: Invalid firmware size=18.
[  207.530121][ T5848] usb 2-1: USB disconnect, device number 12
[  207.833401][ T7058] netlink: 32 bytes leftover after parsing attributes in process `syz.3.993'.
[  208.269576][ T7072] loop0: detected capacity change from 0 to 512
[  208.326238][ T7072] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  208.408675][ T7072] EXT4-fs (loop0): 1 truncate cleaned up
[  208.429688][ T7052] loop4: detected capacity change from 0 to 32768
[  208.484631][ T7072] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  208.609373][ T7072] EXT4-fs (loop0): re-mounted. Quota mode: none.
[  208.620154][ T7052] XFS (loop4): Mounting V5 Filesystem
[  208.686268][ T7072] EXT4-fs (loop0): re-mounted. Quota mode: none.
[  208.825519][ T7052] XFS (loop4): Ending clean mount
[  208.840345][ T4268] EXT4-fs (loop0): unmounting filesystem.
[  208.857189][ T7052] XFS (loop4): Quotacheck needed: Please wait.
[  209.030408][ T7052] XFS (loop4): Quotacheck: Done.
[  209.117525][ T7099] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1006'.
[  209.214964][ T4267] XFS (loop4): Unmounting Filesystem
[  209.508026][ T7103] loop0: detected capacity change from 0 to 1024
[  209.508926][ T7103] EXT4-fs: Ignoring removed mblk_io_submit option
[  209.523030][ T7103] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  209.581606][ T7107] loop2: detected capacity change from 0 to 1024
[  209.587044][ T7103] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  209.660850][ T7107] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  209.722293][ T4268] EXT4-fs (loop0): unmounting filesystem.
[  209.904642][ T7111] hub 1-0:1.0: USB hub found
[  209.967060][ T7111] hub 1-0:1.0: 1 port detected
[  209.974831][ T4282] EXT4-fs (loop2): unmounting filesystem.
[  210.243708][ T7097] loop3: detected capacity change from 0 to 32768
[  210.279364][ T7117] loop1: detected capacity change from 0 to 2048
[  210.287263][ T7097] (syz.3.1008,7097,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  210.313840][ T7119] binder: 7115:7119 ioctl c018620c 200000000700 returned -1
[  210.331574][ T7117] UDF-fs: error (device loop1): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0
[  210.359798][ T7097] (syz.3.1008,7097,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  210.380078][ T7117] UDF-fs: error (device loop1): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0
[  210.424504][ T7117] UDF-fs: error (device loop1): udf_read_tagged: tag checksum failed, block 160: 0x0b != 0xd4
[  210.478954][ T7097] JBD2: Ignoring recovery information on journal
[  210.503615][ T7117] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  210.666700][ T6716] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  210.749796][ T7097] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  210.868472][ T6716] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  210.890679][ T6716] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  210.926669][ T6716] usb 5-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice=d6.af
[  210.959236][ T6716] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  210.995307][ T7132] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1020'.
[  211.036070][ T6716] usb 5-1: config 0 descriptor??
[  211.123242][ T7136] Bluetooth: MGMT ver 1.22
[  211.176882][ T4269] ocfs2: Unmounting device (7,3) on (node local)
[  211.470454][ T6716] playstation 0003:054C:0DF2.0006: unknown main item tag 0x0
[  211.492263][ T6716] playstation 0003:054C:0DF2.0006: unknown main item tag 0x0
[  211.519954][ T6716] playstation 0003:054C:0DF2.0006: unknown main item tag 0x0
[  211.536406][ T6716] playstation 0003:054C:0DF2.0006: unknown main item tag 0x0
[  211.576775][ T6716] playstation 0003:054C:0DF2.0006: unknown main item tag 0x0
[  211.611204][ T6716] playstation 0003:054C:0DF2.0006: hidraw0: USB HID v1.01 Device [HID 054c:0df2] on usb-dummy_hcd.4-1/input0
[  211.746126][ T6716] playstation 0003:054C:0DF2.0006: Invalid reportID received, expected 9 got 0
[  211.765787][ T6716] playstation 0003:054C:0DF2.0006: Failed to retrieve DualSense pairing info: -22
[  211.802834][ T6716] playstation 0003:054C:0DF2.0006: Failed to get MAC address from DualSense
[  211.843129][ T6716] playstation 0003:054C:0DF2.0006: Failed to create dualsense.
[  211.865293][ T6716] playstation: probe of 0003:054C:0DF2.0006 failed with error -22
[  211.884321][ T7153] loop1: detected capacity change from 0 to 1024
[  211.917765][ T4283] Bluetooth: hci4: ISO packet too small
[  211.923397][ T7153] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors
[  211.923430][ T7153] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (14919!=20869)
[  211.975203][ T5848] usb 5-1: USB disconnect, device number 12
[  212.055301][ T7157] fido_id[7157]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory
[  212.077782][ T7153] EXT4-fs error (device loop1): ext4_get_journal_inode:5756: inode #32: comm syz.1.1030: iget: special inode unallocated
[  212.102265][ T7153] EXT4-fs (loop1): no journal found
[  212.125517][ T7153] EXT4-fs (loop1): can't get journal size
[  212.166338][ T7153] EXT4-fs (loop1): revision level too high, forcing read-only mode
[  212.185195][ T7153] EXT4-fs error (device loop1): ext4_protect_reserved_inode:160: inode #32: comm syz.1.1030: iget: special inode unallocated
[  212.204353][ T7153] EXT4-fs (loop1): failed to initialize system zone (-117)
[  212.213973][ T7153] EXT4-fs (loop1): mount failed
[  212.359346][ T7166] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1034'.
[  213.377480][ T7180] loop3: detected capacity change from 0 to 40427
[  213.416466][ T7180] F2FS-fs (loop3): build fault injection attr: rate: 771, type: 0x3ffff
[  213.453929][ T7180] F2FS-fs (loop3): invalid crc value
[  213.516154][ T7180] F2FS-fs (loop3): Found nat_bits in checkpoint
[  213.555009][ T7190] loop4: detected capacity change from 0 to 32768
[  213.574383][ T7199] loop0: detected capacity change from 0 to 1024
[  213.590620][ T7190] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 scanned by syz.4.1045 (7190)
[  213.606038][ T7190] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  213.623840][ T7190] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm
[  213.634345][ T7190] BTRFS info (device loop4): using free space tree
[  213.756337][ T7180] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  213.911197][ T5231] hfsplus: b-tree write err: -5, ino 8
[  213.995016][ T4269] syz-executor: attempt to access beyond end of device
[  213.995016][ T4269] loop3: rw=2049, sector=45096, nr_sectors = 16 limit=40427
[  214.006294][ T7190] BTRFS info (device loop4): enabling ssd optimizations
[  214.153891][ T4267] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  214.276875][ T4280] Bluetooth: hci5: command 0xfc11 tx timeout
[  214.286158][ T4283] Bluetooth: hci5: Entering manufacturer mode failed (-110)
[  214.288595][ T7223] loop0: detected capacity change from 0 to 4096
[  214.434067][ T7223] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512)
[  214.451261][ T7228] loop1: detected capacity change from 0 to 256
[  214.519056][ T7228] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  214.917083][ T7223] ntfs3: loop0: ntfs_set_state r=3 failed, -22.
[  214.981433][ T7223] ntfs3: loop0: ino=1e, "file1" encrypted i/o not supported
[  215.015269][   T26] audit: type=1800 audit(1768681330.302:27): pid=7223 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1051" name="file1" dev="loop0" ino=30 res=0 errno=0
[  215.233120][ T7240] trusted_key: encrypted_key: keyword 'load' not allowed when called from .update method
[  215.313114][ T4417] ntfs3: loop0: ntfs3_write_inode r=3 failed, -22.
[  215.323210][ T4268] ntfs3: loop0: ntfs_set_state r=3 failed, -22.
[  215.336657][ T4268] ntfs3: loop0: Mark volume as dirty due to NTFS errors
[  215.376528][ T4268] ntfs3: loop0: ntfs_set_state r=3 failed, -22.
[  215.383968][ T4417] ntfs3: loop0: ntfs3_write_inode r=3 failed, -22.
[  215.463782][ T4268] ntfs3: loop0: ntfs_evict_inode r=3 failed, -22.
[  215.634203][ T7253] Bluetooth: MGMT ver 1.22
[  215.664574][ T7251] netlink: 'syz.0.1059': attribute type 7 has an invalid length.
[  215.704383][ T7251] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1059'.
[  216.229499][ T7269] loop3: detected capacity change from 0 to 2048
[  216.267556][ T7273] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  216.274814][ T7273] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  216.329468][ T7273] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  216.335949][ T7273] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  216.343634][ T7271] syz.4.1069 (7271) used greatest stack depth: 19888 bytes left
[  216.355053][ T7269] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  216.409162][ T7273] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  216.415794][ T7273] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  216.463407][ T7273] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  216.470458][ T7273] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  216.508229][ T7273] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  216.514769][ T7273] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  216.949445][ T7265] loop2: detected capacity change from 0 to 32768
[  216.985052][ T7265] 
[  216.985052][ T7265]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  216.985052][ T7265] 
[  217.043763][ T7265] ERROR: (device loop2): ea_get: invalid ea.flag
[  217.043763][ T7265] 
[  217.153397][ T7292] ERROR: (device loop2): ea_get: invalid ea.flag
[  217.153397][ T7292] 
[  217.182152][ T7265] ERROR: (device loop2): remounting filesystem as read-only
[  217.207105][ T7292] ERROR: (device loop2): remounting filesystem as read-only
[  217.600309][   T46] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  217.786838][ T5168] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  217.798038][   T46] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  217.976017][   T46] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  218.011423][ T5168] usb 3-1: too many configurations: 229, using maximum allowed: 8
[  218.048874][ T5168] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  218.076889][ T5168] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  218.095457][ T5168] usb 3-1: Product: syz
[  218.099901][ T5168] usb 3-1: Manufacturer: syz
[  218.104733][ T5168] usb 3-1: SerialNumber: syz
[  218.144066][ T5168] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  218.164186][   T46] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  218.244401][ T5168] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  218.307000][ T5850] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  218.546646][ T5850] usb 5-1: Using ep0 maxpacket: 32
[  218.553760][ T5850] usb 5-1: config 0 has an invalid interface number: 51 but max is 0
[  218.596833][ T5850] usb 5-1: config 0 has no interface number 0
[  218.610908][ T5850] usb 5-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  218.647463][ T5850] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  218.655573][ T5850] usb 5-1: Product: syz
[  218.696921][ T5850] usb 5-1: Manufacturer: syz
[  218.701707][ T5850] usb 5-1: SerialNumber: syz
[  218.720603][ T5850] usb 5-1: config 0 descriptor??
[  218.765227][ T5850] quatech2 5-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  218.822278][ T4285] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  218.835255][ T4285] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  218.843574][ T7317] loop0: detected capacity change from 0 to 64
[  218.850354][   T46] tipc: Disabling bearer <udp:syz2>
[  218.858185][ T4285] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  218.871837][ T4285] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  218.888160][ T4285] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  218.897848][ T4285] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  218.916614][   T46] tipc: Left network mode
[  218.943205][ T5850] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  219.026289][ T5850] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  219.082965][ T5166] usb 3-1: USB disconnect, device number 7
[  219.160146][ T5848] kernel read not supported for file /dsp (pid: 5848 comm: kworker/0:10)
[  219.359762][    C0] usb 5-1: qt2_read_bulk_callback - non-zero urb status: -71
[  219.367811][ T5850] usb 5-1: USB disconnect, device number 13
[  219.377181][ T5850] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  219.420662][ T5850] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  219.457874][ T5850] quatech2 5-1:0.51: device disconnected
[  219.755628][ T7336] loop3: detected capacity change from 0 to 128
[  219.799892][ T7315] chnl_net:caif_netlink_parms(): no params data found
[  219.877313][ T5168] usb 3-1: Service connection timeout for: 258
[  219.890634][ T5168] ath9k_htc 3-1:1.0: ath9k_htc: Unable to initialize HTC services
[  219.961911][ T5168] ath9k_htc: Failed to initialize the device
[  219.981699][ T5166] usb 3-1: ath9k_htc: USB layer deinitialized
[  220.186173][ T7346] loop2: detected capacity change from 0 to 256
[  220.274598][   T11] kworker/u4:1: attempt to access beyond end of device
[  220.274598][   T11] loop3: rw=1, sector=145, nr_sectors = 896 limit=128
[  220.746048][ T7315] bridge0: port 1(bridge_slave_0) entered blocking state
[  220.793116][ T7315] bridge0: port 1(bridge_slave_0) entered disabled state
[  220.849053][ T7315] device bridge_slave_0 entered promiscuous mode
[  220.997000][ T4283] Bluetooth: hci3: command 0x0409 tx timeout
[  221.056442][ T7315] bridge0: port 2(bridge_slave_1) entered blocking state
[  221.077761][ T7315] bridge0: port 2(bridge_slave_1) entered disabled state
[  221.086164][ T7315] device bridge_slave_1 entered promiscuous mode
[  221.234757][ T7315] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  221.343540][ T7315] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  221.460572][ T5215] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  221.538559][ T7315] team0: Port device team_slave_0 added
[  221.557762][   T46] IPVS: stopping master sync thread 5089 ...
[  221.675632][ T5215] usb 3-1: unable to get BOS descriptor or descriptor too short
[  221.690832][ T5215] usb 3-1: unable to read config index 0 descriptor/start: -71
[  221.699825][ T5215] usb 3-1: can't read configurations, error -71
[  221.714333][ T7383] loop0: detected capacity change from 0 to 1024
[  221.775097][ T7383] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a002c018, mo2=0002]
[  221.823889][ T7383] System zones: 0-1, 3-12
[  221.868254][ T7383] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  222.011369][ T4268] EXT4-fs (loop0): unmounting filesystem.
[  222.011750][ T7315] team0: Port device team_slave_1 added
[  222.120210][ T7315] batman_adv: batadv0: Adding interface: batadv_slave_0
[  222.165117][ T7315] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  222.191893][    C1] vkms_vblank_simulate: vblank timer overrun
[  222.296645][ T7315] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  222.378983][ T7315] batman_adv: batadv0: Adding interface: batadv_slave_1
[  222.406689][ T7315] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  222.432773][    C1] vkms_vblank_simulate: vblank timer overrun
[  222.553121][ T7315] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  223.074854][ T7315] device hsr_slave_0 entered promiscuous mode
[  223.081712][ T4283] Bluetooth: hci3: command 0x041b tx timeout
[  223.084659][ T7411] loop0: detected capacity change from 0 to 2048
[  223.102284][ T7315] device hsr_slave_1 entered promiscuous mode
[  223.138781][ T7411] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  223.166111][ T7315] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  223.200119][ T7411] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  223.204268][ T7315] Cannot create hsr debugfs directory
[  223.247613][ T7411] EXT4-fs error (device loop0): ext4_read_inline_dir:1611: inode #12: block 9: comm syz.0.1117: path /209/file1/file0: bad entry in directory: rec_len % 4 != 0 - offset=24, inode=13, rec_len=21, size=80 fake=0
[  223.310081][   T46] device hsr_slave_0 left promiscuous mode
[  223.325871][   T46] device hsr_slave_1 left promiscuous mode
[  223.347987][   T46] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  223.396913][   T46] batman_adv: batadv0: Removing interface: batadv_slave_0
[  223.406797][ T7411] EXT4-fs (loop0): Remounting filesystem read-only
[  223.425677][   T46] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  223.454184][   T46] batman_adv: batadv0: Removing interface: batadv_slave_1
[  223.489767][   T46] device bridge_slave_1 left promiscuous mode
[  223.516777][   T46] bridge0: port 2(bridge_slave_1) entered disabled state
[  223.566022][   T46] device bridge_slave_0 left promiscuous mode
[  223.577089][   T46] bridge0: port 1(bridge_slave_0) entered disabled state
[  223.630529][ T4268] EXT4-fs (loop0): unmounting filesystem.
[  223.795657][   T46] device veth1_macvtap left promiscuous mode
[  223.813416][   T46] device veth0_macvtap left promiscuous mode
[  223.876719][   T46] device veth1_vlan left promiscuous mode
[  223.883140][   T46] device veth0_vlan left promiscuous mode
[  224.519179][ T7417] loop4: detected capacity change from 0 to 32768
[  224.690214][ T7444] delete_channel: no stack
[  224.690422][ T7417] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[  224.795473][ T4267] ocfs2: Unmounting device (7,4) on (node local)
[  225.168780][ T4285] Bluetooth: hci3: command 0x040f tx timeout
[  225.453747][ T7461] loop4: detected capacity change from 0 to 1024
[  225.499399][ T7461] EXT4-fs (loop4): revision level too high, forcing read-only mode
[  225.510798][ T7461] EXT4-fs (loop4): orphan cleanup on readonly fs
[  225.521491][ T7461] EXT4-fs error (device loop4): ext4_free_blocks:6221: comm syz.4.1136: Freeing blocks not in datazone - block = 0, count = 4096
[  225.543987][ T7461] EXT4-fs (loop4): 1 orphan inode deleted
[  225.550148][ T7461] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  225.591475][ T4267] EXT4-fs (loop4): unmounting filesystem.
[  225.676545][ T7464] loop4: detected capacity change from 0 to 256
[  225.699529][ T7464] exFAT-fs (loop4): failed to load upcase table (idx : 0x00011f41, chksum : 0x2f9e4978, utbl_chksum : 0xe619d30d)
[  226.312499][   T46] team0 (unregistering): Port device team_slave_1 removed
[  226.377749][   T46] team0 (unregistering): Port device team_slave_0 removed
[  226.444821][   T46] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  226.454222][   T46] device bond_slave_1 left promiscuous mode
[  226.518019][   T46] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  226.528183][   T46] device bond_slave_0 left promiscuous mode
[  227.043802][   T46] bond0 (unregistering): Released all slaves
[  227.236790][ T4285] Bluetooth: hci3: command 0x0419 tx timeout
[  227.327972][ T7459] device ipvlan2 entered promiscuous mode
[  227.343199][ T7459] 8021q: adding VLAN 0 to HW filter on device ipvlan2
[  227.356271][ T7470] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1140'.
[  227.741856][ T7483] loop2: detected capacity change from 0 to 128
[  227.958187][ T7487] loop3: detected capacity change from 0 to 128
[  228.041965][ T7487] VFS: Found a Xenix FS (block size = 1024) on device loop3
[  228.181094][ T7487] ==================================================================
[  228.189634][ T7487] BUG: KASAN: use-after-free in sysv_new_inode+0x1105/0x1290
[  228.197067][ T7487] Read of size 2 at addr ffff88804c5881ce by task syz.3.1147/7487
[  228.204919][ T7487] 
[  228.207296][ T7487] CPU: 0 PID: 7487 Comm: syz.3.1147 Not tainted syzkaller #0
[  228.214744][ T7487] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  228.224853][ T7487] Call Trace:
[  228.228181][ T7487]  <TASK>
[  228.231235][ T7487]  dump_stack_lvl+0x188/0x24e
[  228.235980][ T7487]  ? __lock_acquire+0x7d10/0x7d10
[  228.241081][ T7487]  ? show_regs_print_info+0x12/0x12
[  228.246348][ T7487]  ? load_image+0x400/0x400
[  228.250905][ T7487]  ? _raw_spin_lock_irqsave+0xbc/0x100
[  228.256459][ T7487]  ? __virt_addr_valid+0x188/0x540
[  228.261627][ T7487]  ? __virt_addr_valid+0x465/0x540
[  228.266800][ T7487]  ? sysv_new_inode+0x1105/0x1290
[  228.271881][ T7487]  print_report+0xa8/0x210
[  228.276529][ T7487]  kasan_report+0x10b/0x140
[  228.281099][ T7487]  ? do_raw_spin_unlock+0x11d/0x230
[  228.286378][ T7487]  ? sysv_new_inode+0x1105/0x1290
[  228.291458][ T7487]  sysv_new_inode+0x1105/0x1290
[  228.296368][ T7487]  ? __d_add+0x4c0/0x810
[  228.300663][ T7487]  ? __lock_acquire+0x7d10/0x7d10
[  228.305803][ T7487]  ? sysv_free_inode+0x7e0/0x7e0
[  228.310820][ T7487]  ? _raw_spin_unlock+0x24/0x40
[  228.315733][ T7487]  ? __d_add+0x4ec/0x810
[  228.320046][ T7487]  ? sysv_inode_by_name+0xdd/0x140
[  228.325251][ T7487]  sysv_mknod+0x4a/0xd0
[  228.329464][ T7487]  ? sysv_lookup+0xe0/0xe0
[  228.334043][ T7487]  path_openat+0x1181/0x2ee0
[  228.338871][ T7487]  ? do_filp_open+0x430/0x430
[  228.343607][ T7487]  do_filp_open+0x1f1/0x430
[  228.348254][ T7487]  ? vfs_tmpfile+0x480/0x480
[  228.352916][ T7487]  ? _raw_spin_unlock+0x24/0x40
[  228.357912][ T7487]  ? alloc_fd+0x58f/0x630
[  228.362397][ T7487]  do_sys_openat2+0x150/0x4b0
[  228.367136][ T7487]  ? do_sys_open+0xe0/0xe0
[  228.371701][ T7487]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  228.378066][ T7487]  ? lock_chain_count+0x20/0x20
[  228.383054][ T7487]  __x64_sys_openat+0x135/0x160
[  228.388076][ T7487]  do_syscall_64+0x4c/0xa0
[  228.392645][ T7487]  ? clear_bhb_loop+0x60/0xb0
[  228.397473][ T7487]  ? clear_bhb_loop+0x60/0xb0
[  228.402409][ T7487]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  228.408552][ T7487] RIP: 0033:0x7f157eb9acb9
[  228.413124][ T7487] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  228.433061][ T7487] RSP: 002b:00007f157fb21028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  228.441631][ T7487] RAX: ffffffffffffffda RBX: 00007f157ee15fa0 RCX: 00007f157eb9acb9
[  228.449958][ T7487] RDX: 0000000000000042 RSI: 0000200000000040 RDI: ffffffffffffff9c
[  228.458364][ T7487] RBP: 00007f157ec08bf7 R08: 0000000000000000 R09: 0000000000000000
[  228.467030][ T7487] R10: 00000000000001ff R11: 0000000000000246 R12: 0000000000000000
[  228.475073][ T7487] R13: 00007f157ee16038 R14: 00007f157ee15fa0 R15: 00007fffeef888a8
[  228.483555][ T7487]  </TASK>
[  228.486779][ T7487] 
[  228.489234][ T7487] The buggy address belongs to the physical page:
[  228.495695][ T7487] page:ffffea0001316200 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x4c588
[  228.505992][ T7487] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  228.513203][ T7487] raw: 00fff00000000000 dead000000000100 dead000000000122 0000000000000000
[  228.521930][ T7487] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[  228.530683][ T7487] page dumped because: kasan: bad access detected
[  228.537315][ T7487] page_owner tracks the page as freed
[  228.543171][ T7487] page last allocated via order 0, migratetype Movable, gfp_mask 0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), pid 6399, tgid 6397 (syz.0.744), ts 179706070505, free_ts 182506428311
[  228.560854][ T7487]  post_alloc_hook+0x173/0x1a0
[  228.565690][ T7487]  get_page_from_freelist+0x1a1e/0x1ab0
[  228.571308][ T7487]  __alloc_pages+0x1ec/0x4f0
[  228.576269][ T7487]  __folio_alloc+0xe/0x30
[  228.580750][ T7487]  vma_alloc_folio+0x4a3/0x900
[  228.585586][ T7487]  shmem_alloc_and_acct_folio+0x463/0xbc0
[  228.591370][ T7487]  shmem_get_folio_gfp+0x1361/0x3400
[  228.596811][ T7487]  shmem_write_begin+0xee/0x3f0
[  228.601718][ T7487]  generic_perform_write+0x2fa/0x5c0
[  228.607074][ T7487]  __generic_file_write_iter+0x148/0x2a0
[  228.612776][ T7487]  generic_file_write_iter+0xab/0x2e0
[  228.618307][ T7487]  vfs_write+0x4b1/0xa30
[  228.622881][ T7487]  ksys_write+0x14c/0x250
[  228.627367][ T7487]  do_syscall_64+0x4c/0xa0
[  228.632031][ T7487]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  228.637984][ T7487] page last free stack trace:
[  228.642709][ T7487]  free_unref_page_prepare+0x8b4/0x9a0
[  228.648228][ T7487]  free_unref_page_list+0xbb/0x8e0
[  228.653405][ T7487]  release_pages+0x1fa6/0x2220
[  228.658267][ T7487]  __pagevec_release+0x6d/0xe0
[  228.663086][ T7487]  shmem_undo_range+0x7c2/0x20c0
[  228.668082][ T7487]  shmem_evict_inode+0x25b/0xa80
[  228.673281][ T7487]  evict+0x4c9/0x8d0
[  228.677583][ T7487]  __dentry_kill+0x431/0x650
[  228.682416][ T7487]  dentry_kill+0xb8/0x290
[  228.687027][ T7487]  dput+0xfa/0x1d0
[  228.691082][ T7487]  __fput+0x5e0/0x920
[  228.695457][ T7487]  task_work_run+0x1d0/0x260
[  228.700324][ T7487]  exit_to_user_mode_loop+0xe6/0x110
[  228.705673][ T7487]  exit_to_user_mode_prepare+0xee/0x180
[  228.711373][ T7487]  syscall_exit_to_user_mode+0x16/0x40
[  228.716976][ T7487]  do_syscall_64+0x58/0xa0
[  228.721555][ T7487] 
[  228.724019][ T7487] Memory state around the buggy address:
[  228.729686][ T7487]  ffff88804c588080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  228.737797][ T7487]  ffff88804c588100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  228.745916][ T7487] >ffff88804c588180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  228.754120][ T7487]                                               ^
[  228.760675][ T7487]  ffff88804c588200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  228.768835][ T7487]  ffff88804c588280: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  228.776944][ T7487] ==================================================================
[  228.792726][   T41] kworker/u4:2: attempt to access beyond end of device
[  228.792726][   T41] loop2: rw=1, sector=145, nr_sectors = 536 limit=128
[  228.858423][   T41] kworker/u4:2: attempt to access beyond end of device
[  228.858423][   T41] loop2: rw=1, sector=689, nr_sectors = 352 limit=128
[  228.902947][   T41] kworker/u4:2: attempt to access beyond end of device
[  228.902947][   T41] loop2: rw=1, sector=681, nr_sectors = 8 limit=128
[  228.922302][ T7487] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  228.929748][ T7487] CPU: 1 PID: 7487 Comm: syz.3.1147 Not tainted syzkaller #0
[  228.937265][ T7487] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  228.947629][ T7487] Call Trace:
[  228.951124][ T7487]  <TASK>
[  228.954185][ T7487]  dump_stack_lvl+0x188/0x24e
[  228.959036][ T7487]  ? memcpy+0x3c/0x60
[  228.963071][ T7487]  ? show_regs_print_info+0x12/0x12
[  228.968371][ T7487]  ? load_image+0x400/0x400
[  228.972982][ T7487]  panic+0x2e5/0x730
[  228.977106][ T7487]  ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[  228.983415][ T7487]  ? bpf_jit_dump+0xd0/0xd0
[  228.988071][ T7487]  ? _raw_spin_unlock_irqrestore+0x10d/0x120
[  228.994126][ T7487]  ? _raw_spin_unlock+0x40/0x40
[  228.999076][ T7487]  check_panic_on_warn+0x80/0xa0
[  229.004089][ T7487]  ? sysv_new_inode+0x1105/0x1290
[  229.009168][ T7487]  end_report+0x66/0x110
[  229.013487][ T7487]  kasan_report+0x118/0x140
[  229.018148][ T7487]  ? do_raw_spin_unlock+0x11d/0x230
[  229.023414][ T7487]  ? sysv_new_inode+0x1105/0x1290
[  229.028501][ T7487]  sysv_new_inode+0x1105/0x1290
[  229.033398][ T7487]  ? __d_add+0x4c0/0x810
[  229.037671][ T7487]  ? __lock_acquire+0x7d10/0x7d10
[  229.042736][ T7487]  ? sysv_free_inode+0x7e0/0x7e0
[  229.047706][ T7487]  ? _raw_spin_unlock+0x24/0x40
[  229.052584][ T7487]  ? __d_add+0x4ec/0x810
[  229.056866][ T7487]  ? sysv_inode_by_name+0xdd/0x140
[  229.062021][ T7487]  sysv_mknod+0x4a/0xd0
[  229.066211][ T7487]  ? sysv_lookup+0xe0/0xe0
[  229.070660][ T7487]  path_openat+0x1181/0x2ee0
[  229.075296][ T7487]  ? do_filp_open+0x430/0x430
[  229.080108][ T7487]  do_filp_open+0x1f1/0x430
[  229.084737][ T7487]  ? vfs_tmpfile+0x480/0x480
[  229.089450][ T7487]  ? _raw_spin_unlock+0x24/0x40
[  229.094413][ T7487]  ? alloc_fd+0x58f/0x630
[  229.098870][ T7487]  do_sys_openat2+0x150/0x4b0
[  229.103578][ T7487]  ? do_sys_open+0xe0/0xe0
[  229.108114][ T7487]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  229.114134][ T7487]  ? lock_chain_count+0x20/0x20
[  229.119079][ T7487]  __x64_sys_openat+0x135/0x160
[  229.124064][ T7487]  do_syscall_64+0x4c/0xa0
[  229.128707][ T7487]  ? clear_bhb_loop+0x60/0xb0
[  229.133511][ T7487]  ? clear_bhb_loop+0x60/0xb0
[  229.138306][ T7487]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  229.144574][ T7487] RIP: 0033:0x7f157eb9acb9
[  229.149018][ T7487] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  229.168658][ T7487] RSP: 002b:00007f157fb21028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  229.177278][ T7487] RAX: ffffffffffffffda RBX: 00007f157ee15fa0 RCX: 00007f157eb9acb9
[  229.185883][ T7487] RDX: 0000000000000042 RSI: 0000200000000040 RDI: ffffffffffffff9c
[  229.193964][ T7487] RBP: 00007f157ec08bf7 R08: 0000000000000000 R09: 0000000000000000
[  229.202153][ T7487] R10: 00000000000001ff R11: 0000000000000246 R12: 0000000000000000
[  229.210301][ T7487] R13: 00007f157ee16038 R14: 00007f157ee15fa0 R15: 00007fffeef888a8
[  229.218499][ T7487]  </TASK>
[  229.221708][ T7487] Kernel Offset: disabled
[  229.226056][ T7487] Rebooting in 86400 seconds..