last executing test programs:

45.395586989s ago: executing program 3 (id=6379):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x4, 0x5, &(0x7f0000000240)=@framed={{0x18, 0x2, 0x0, 0x0, 0x1}, [@call={0x85, 0x0, 0x0, 0x87}, @call={0x85, 0x0, 0x0, 0x5}]}, &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x0, 0x28, 0x0, &(0x7f0000000900)="e02742e8680d85ff9782762f86dd", 0x0, 0x1a, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)

45.233020221s ago: executing program 3 (id=6382):
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r0, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)={0x114, 0x1e, 0x1, 0x0, 0x0, "", [@nested={0x101, 0x0, 0x0, 0x1, [@typed={0xc, 0x1, 0x0, 0x0, @u64=0x8}, @typed={0xc, 0x0, 0x0, 0x0, @str='!\\$].\x14^\x00'}, @generic="50bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750471dc076eb47d96219c08c029d1608a487f26fbe816b89f7cb81bff81a8b7a82565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875cf0d972df9e99f07976773f4d98fe3fa370d47eb640dc5061dc35817c8a66c29be82fdc2f4393c05a007d12b505a84dfdb98d568175b62421d726d1e5331e1ddfd4d770b57"]}]}, 0x114}], 0x1}, 0x0)

45.045457884s ago: executing program 3 (id=6383):
r0 = userfaultfd(0x80001)
vmsplice(r0, &(0x7f00000202c0)=[{&(0x7f000001fd00)="b8", 0x1}], 0x1, 0xc)

44.962330585s ago: executing program 3 (id=6384):
syz_mount_image$udf(&(0x7f0000000080), &(0x7f0000000300)='./file0\x00', 0x2000004, &(0x7f0000000900)=ANY=[@ANYBLOB="00e3078fbb81fca067351e718b1742354077ee6bdefb8addaf7c0c235850b66dac0ba564a370a77264f1a57d44c84efc49fa6c64b9351ea8fd59a458a7791fedcc466b0eab6ca6dd32fcc642517fa3219450b91e3118bf2b9d3cfa562ea44c058252d29181c81c637c6ba7d179122eee61e5c9f68165b6abd469da8d90c0632f7265bb040411d5748c475bb33a7ce77afb2ea533f1653d8cb67dad989bb0a1c16881f0d91d6cbd3751c289aecf4a00"/185, @ANYBLOB="b12398658f5ec6488081d04c33b5a507b1cac8c4376c1895046a1e6e068e53d002eb4279796b4c014f4febee026f87bd0eea7d27598f7ff2687552fdd651", @ANYRESOCT=0x0, @ANYRES64], 0x1, 0x497, &(0x7f0000002480)="$eJzs281vG8Ufx/HPbGJnk/b3w31yC6qEJSSKiiix05I+gRRa0iL1gbYJAqEWhcYJVhMnitOqraCtxKFHoEggJA7l0AtCVZHgAgcOcOM/4MKtBy6YEycQms2sd+26JK0fEjfvl5R4vPv17uzM7OysdywAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACC9/MpQf9Ysdy4AAEA7HTt1sj/H9R8AgFVlhPt/AACA1cTI0ycy+uHTsjkavF/gHykUz18cPThc/2O9JvhkVxBv//xsbmDnrhcGd4ev//35Zntcx0+NDGUOzEzPzuVLpfx4ZrRYODsznl/yFhr9fK3tQQFkps+dH5+YKGVyOwaqVl9M3e1Zk07tG0zvfzqMHT04PHwqFtOdeOi93+N+I/ykPF2XUfnj2+aYJE+Nl8UibafVeoOD2B4cxOjB4eBApgpjxXm70oQF4VWXSTIsozbURUM2SjZfJtmce7aEPJVktCldNscldYXl8GzwxfDiG/Cako0HZvN5WlJGHVBnK1iPPO2S0Y09Kb1myyys/27p/eXOHFquW55uy2jbS2VzIugP7Plku80jr2deLU7MxGKNcWdUp18f2mmF902+PB0LzviyObncmUHb2cHSaRntHLkQjCsUjEsf2zd46PBIfISxeZHt2NgdLr2Ua3IiNnQwyzSGAAAAAAAAAB51vvGC7+I+/8YP3mfcMyCsEsbT8zL683A5eDQen5fQFZvfUdHpz35am/9e/8DM7KW5wuS783XX9/lD75Tm58bO1l+tXnvyVX0dvtg8hgYljKfdMrr6z51ovylj064biHZ0a3+UN9/UrA3azf8X5rOEzxD2Dm+Op+tm+QGej6XcfumfgOYwxtOQjCa+3+LmfvTpnj7IxX0roz9ubnVxXtIGhadpKvjvTxSm8v029icZffl3GBtMM9MaF7shis3aWE9GHx2tjl3rYjdGsTkbe0hGP5+pH7spih2wsR/IaPb3TBjbZ2OfdLHpKHbH2Zmp8ZYV8Apn+/8rMlr/YsaEdenKy3WzXZXYW+9F/f212g3dp89vtP9PxZZdc+3wrm2vZ7YEbS9or1799npdRl9/t9XFLbSVpFu/Lvgftdc3ZDT5S3Vsn4tdH8Vml1ywHcLW/9syyhXvVMrG1b+rgdj1P1b/T9S2jhbV/7rYspTbb09zDh2SSpcunxubmsrPkSBBYgmJHq2IbCySCPvlh9/OMndMaAt7/f9MRm+e+LUy3nHXfzesjsZ/f12Jrv97azfUouv/+tiyvW40kuiW/Pnp2URa8kuXLj9XmB6bzE/miwO57J7+PTsHs4lkOLaLUg0X1SMp4e7VLnz4VeX+rHr8V3/831e7oRbV/waXzXCfUSfVlMNf9Wz9/yajt368U7mPtvV/sxJRPf4P77OeeWrhtXJ+tqj+N8aWpdx+/9eE4wYAAAAAAAAAAAAAAACATpcwnm7IyD/dbcLfRi1l/t89P5hq0fyvdGzZeJt+r9BwoQJAB/Dk6QsZbVPZXLUL1kpH4694pP0bAAD//3VdHM0=")
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x1204001, &(0x7f00000011c0)={[{@lowerdir={'lowerdir', 0x3d, '.'}, 0x3a}], [], 0x2f})

44.711332668s ago: executing program 3 (id=6387):
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000c40)='./file0\x00', 0x1800011, &(0x7f0000000100)={[{@nombcache}, {@journal_async_commit}, {@norecovery}, {@abort}, {@nombcache}]}, 0x28, 0x5fb, &(0x7f00000004c0)="$eJzs3c9vFFUcAPDvTH/Sqi3EqHiQJsZAorS0gCHGRLgTgj9uniotBFkooTVaJLEkeDExXjyYePIg/hdK4tWDVw9ePBkSYgwHMUTWzO5s2W53+3u7y+7nkwz73sx23pvSb9+b1/dmA+haY9k/acT+iLiaRIxUHeuN/OBY+X33/75xLtuSKBbf/SuJG58lS9XnSvLX4fyL/xuJ5Nc0Yl/P6nLnF69fmi4UZq/l+YmFy1cn5hevH754efrC7IXZK1OvT504fuz4ickj27q+6qJP3/rw45Evzrz//bcPk8kffj+TxMl4lL8hu67arx3YVsnZ92wsimUPqvdn39cT2zx3u/hnpPJz8lhSu4O2dT7/eXwmIp6Pkeip+t8cic/fbmnlgKYqJlFpo4Cuk2wp/gd3viLALqv0Ayr39vXug1dLm9wrAXbDvVPlAYBy7PdFRCX+e8tjgzEY2d6h+8mKcZ4kIrY3MleWlfHLz2duZVs0GIcDmmPpZmWUu7b9T0qxORqDpdzQ/XRF/KdVW7b/nS2WP1aTF/+we5ZuRsQLefvfH5uK/7Gq+P9gi+WLfwAAAAAAANg5d05FxGv15v+ly/N/+uvM/xmOiJM7UP76f/9L7+aJZAeKA6rcOxXxZt35v8tzfEd78tzTpfkAfcn5i4XZI/mawUPRN5Dla5f4plWvh7/c902j8qvn/2VbVn5lLmB+hru9NQtxZ6YXpnfi2qHb3bsZ8WJp/u+BfM/K+T9Z+5/Uaf+zuL66wTL2vXL7bKNj68c/0CzF7yIO1m3/H3e3k7WfzzFR6g9MVHoFq7306Vc/Nipf/EPrZO3/0NrxP5BUP69nfnPn74+Io4u9xUbHt9r/70/e66mcP/PJ9MLCtcmI/uT06v1Tm6szdKpKPFTiJYv/Qy+vPf633P+visM9EbG0wTKfezT8R6Nj2n9onSz+Z9Zu/0dXtv+bT0zdHv2pUflnN9T+Hyu16YfyPcb/oNrq53FsNEBbUl0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeMKlEfFUJOn4cjpNx8cjhiPi2RhKC3PzC6+en/voykx2rPT5/2nlk35Hyvkky0+W0o/zUzX5oxGxNyK+7tlTyo+fmyvMtPriAQAAAAAAAAAAAAAAAAAAoE0Ml9b8Fwdq1/9n/uxpde2ApuvNX8U7dJ/edd/xsFhWu7840Kw6Abtj/fgHOtXG47+vqfUAdl/j+H/wsH6/H+gU+v/QvbYY//5cAB1A+w/daoNjeoPNrgfQCtp/AAAAAADoKHsP3PktiYilN/aUtkx/fsxkf+hsaasrALSMObzQvXrnWl0DoFXc4wPJcurfuov9G8/+T5pTIQAAAAAAAAAAAABglYP7rf+HbrX2+n9z+6GTrbH+v17we1wAdJDGH/2h7YdO5x4fWK+1t/4fAAAAAAAAAAAAANrA4PVL04XC7LX5xScv8VZ7VGNziaXptqjGjiYeNefMfRHRHhe424nKIzhaWI0W/14CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACW/R8AAP//nqEvTw==")
mount(0x0, &(0x7f0000000340)='./file0\x00', &(0x7f0000000300)='pstore\x00', 0x0, &(0x7f0000000100))

44.099042346s ago: executing program 3 (id=6393):
r0 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x21c42)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r0, 0x0)

43.702921952s ago: executing program 32 (id=6393):
r0 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x21c42)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r0, 0x0)

4.686575796s ago: executing program 2 (id=6853):
r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x18, 0x4, &(0x7f0000002880)=ANY=[@ANYBLOB="b4000000000b00007910000000000000db100003e10000009500740000000000079c69dc7ded5dbe11b62ac5ea9fca11027d19e93adb605feb92de3145e8ed7ac5b8902070213cdfdc646c4890cdeb50347c32060581172b94c6dd22a2b589b6cbad46ed6ef79f7468f5e603950c4f67581c92ef8a7e000017d5f1110ed29d3b2aaf153bcf69bebf18262352ba68d39942c3b567e06411d8879622f74cc431dabd332c4c4702e4c3d41bfb54b574e8947309c7503c3e8ea23e12e064f442e8cbeab77cdf1ebd8465593c0000000000000000000000000000006f429b14459ffd88bee4b9d894ddad0980af53a1feb155f1010400bfb5b81b73035fd5a76985d4710fb6fbfb2a933a09dd6317e77ca962327022fb34017197ff712a35c63cdd0dec053fdbc310f29c6b8be788b559a80135bb7369351b952ade2339eddde60eb16301b0f4640be5852e1cef861b861b7b19ea03dfc83f729d02e9e73db24dd5dfb09d4b1bbbd5dd5daa4615b0845f264f229f9806862e116612ade616b1769e97549d095b0a4d02801406491d77a65fe74f8aa67391e8cb3c000020000000000083b92cdfc143ceba1c18cab05100ecc4"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='kmem_cache_free\x00', r0}, 0x18)

4.483263199s ago: executing program 2 (id=6856):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r0}, &(0x7f0000000300), &(0x7f0000000340)}, 0x20)

4.211607132s ago: executing program 2 (id=6859):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x8, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007baaf8ff00000000b5080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa40000000000000704000000feffffb70200000800052018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b705000008000000850000006900000095"], &(0x7f0000000300)='GPL\x00', 0x8, 0x1005, &(0x7f00000004c0)=""/4101}, 0x94)

4.038355085s ago: executing program 2 (id=6861):
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='oom_adj\x00')
writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000140)='15', 0x2}], 0x8)

3.848957788s ago: executing program 4 (id=6864):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="54010000100001002bbd7000fddbdf2500000000", @ANYRES32=0x0, @ANYBLOB="0000000008200200140003006e657464657673696d300000000000000c011680980001800c0007"], 0x154}}, 0x0)

3.727444219s ago: executing program 2 (id=6865):
syz_mount_image$squashfs(&(0x7f0000000240), &(0x7f0000000280)='./file0\x00', 0x0, &(0x7f00000002c0)={[{}]}, 0x1, 0x232, &(0x7f0000000000)="$eJzKKC4sZmdgYPj7sSaZgUGAAQRYGEQYLjAwMrAwMDDIM4KFGD4yQeipUPomlGaDyl+B0r5Q8XYo/de8KiKKgYExU+meGdMB8RRFRgEGHpGvpx4wJDPwxzJYzvNecykoc8pVobdL94PUe4VWbmJgVE/hXzRnwwSnmbxgYxkjo5DNYT4gM4sDZBADA8PkPxH3HrBIMoggmSXK8U/sVMvyVWad9xlmdExLY2A0mMXBwMCgd0R3pp0BbzcT1MziyqrsxJyc1KLiAwyo5k9m3M+kyAhSd+bv1eAHjHYM3bEMjAxyG/zVFn/7I1W5cVN95PSqiJqp3U03l66PY9im//eKidT7iRlh/x8cEtSyyMv/ME9G6fvmhjkfauqemDh2NirP5W+9/Pfd+5ja4gQ1psfiXYVs/AluWjWfnJ3cLB/PTa9u31KsuCArzWXisakX/yYcX8vAMPnCE1t9BgaGDSDnulXOjbnrFi/ItUz9fN2bFwwHoz5PZGBkZGBgYmCYGbZzD7K/yhugkcHAzMDAoMIAUsTCkJaZk2rgwcDIwMzAws6ADGCqmRg4wKr0kvNzUtoZGMFJAKxtOQML3AzDxwys/CDlII7RYwZWuIyxRQPMyHYorQKlPaD0cij9GErLoyUbFrAJ/VCeRgMDAxtDReJ//iJDNgYGhorEkpIiQ4hYSUmREVzMSABuMxPU1rlMqJ47zsQwCkbBKBgFo2AUjIJRMApGwSgYBSMZAAIAAP//kpC1eQ==")
syz_usb_connect(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="120100006325a640402000207265970000010902240001000000000904000002214c6a0009050702000000da000905"], 0x0)

3.554875472s ago: executing program 4 (id=6867):
r0 = socket(0x10, 0x8000000803, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @erspan={{0xb}, {0x20, 0x2, 0x0, 0x1, [@IFLA_GRE_PMTUDISC={0x5}, @IFLA_GRE_IGNORE_DF={0x5, 0x13, 0x1}, @IFLA_GRE_FWMARK={0x8}, @IFLA_GRE_COLLECT_METADATA={0x4}]}}}]}, 0x50}}, 0x0)

3.500100082s ago: executing program 4 (id=6868):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000180)=@newtaction={0x68, 0x30, 0x871a15abc695fa3d, 0x0, 0x0, {}, [{0x54, 0x1, [@m_ctinfo={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_CTINFO_ACT={0x18}, @TCA_CTINFO_PARMS_DSCP_MASK={0x8, 0x5, 0x43}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x0)

3.340019745s ago: executing program 4 (id=6870):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDSIGACCEPT(r0, 0x5607, 0x43)

3.136946747s ago: executing program 0 (id=6873):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x24, &(0x7f0000000080)=0x1, 0x4)

3.062787638s ago: executing program 4 (id=6875):
syz_mount_image$jfs(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x2, &(0x7f0000000180)={[{@quota}, {@iocharset={'iocharset', 0x3d, 'iso8859-6'}}, {@noquota}, {@nodiscard}, {@discard_size={'discard', 0x3d, 0x4}}, {@discard_size={'discard', 0x3d, 0x6}}, {@quota}, {@iocharset={'iocharset', 0x3d, 'cp874'}}, {@discard}]}, 0x1, 0x6108, &(0x7f000000fa40)="$eJzs3UuPHFfZB/Cn+jaXvEmsLKK8FkKTxFxCiK/BGALEWcCCDQvkLbI1mUQWDiDbICey8ESzYcGHACGxRIglKz5AFmzZ8QGwZCOBskqhmjlnXNPpdo8zma6eOb+fNK56+lRNn/K/qy9TVX0CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIgf/uDH56qIuPqrdMOJiP+LfkQvYqWp1yJiZe1EXn4QES/EdnM8HxHDpYhm/e1/no14PSI+eibiwcO7683N5/fZj+//+R9/+MlTP/r7n4Zn/vuX2/03pi13585v//PXewfbZgAAAChNXdd1lT7mn0yf73tddwoAmIv8+l8n+Xb1wtWbC9YftVqtVh/Buq2e7F67iIjN9jrNewaH4wHgiNmMj7vuAh2Sf9EGEfFU150AFlrVdQc4FA8e3l2vUr5V+/Vgbac9nwuyJ//Navf6jmnTWcbPMZnX42sr+vHclP6szKkPiyTn3xvP/+pO+ygtd9j5z8u0/Ec7lz4VJ+ffH89/zPHJvzcx/1Ll/AdPlH9f/gAAAAAAsMDy3/9PdHz8d+ngm7Ivjzv+uzanPgAAAAAAAADA5+2g4//tMv4fAAAALKzms3rjd888um3ad7E1t1+pIp4eWx4oTLpYZrXrfgAAAAAAAAAAAABASQY75/BeqSKGEfH06mpd181P23j9pA66/lFX+vZDybp+kgcAgB0fPTN2LX8VsRwRV9J3/Q1XV1frenlltV6tV5by+9nR0nK90vpcm6fNbUujfbwhHozq5pctt9Zrm/V5eVb7+O9r7mtU9/fRsfnoMHAAiIidV6MHXpGOmbp+Nrp+l8PRYP8/fuz/7EfXj1MAAADg8NV1XVfp67xPpmP+va47BQDMRX79Hz8uoFar1Wq1+vjVbfVk99pFRGy212neMxiOHwCOmM34uOsu0CH5F20QES903QlgoVVdd4BD8eDh3fUq5Vu1Xw/S+O75XJA9+W9W2+vl9SdNZxk/x2Rej6+t6MdzU/rz/Jz6sEhy/r3x/K/utI/Scoed/7xMy7/ZzhMd9KdrOf/+eP5jjk/+vYn5lyrnP3ii/PvyBwAAAACABZb//n9ioY7/jj7r5sz0uOO/a4d2rwAAAAAAAABwuB48vLuer3vNx/+/MGE5138eTzn/Sv5Fyvn3xvL/6thy/db8/bce5f/vh3fX/3j7X/+fp/vNfynPVOmRVaVHRJXuqRqk6UG27tO2hv1Rc0/DqtcfpHN+6uE7cT1uxEac3bNsL/1/PGo/t6e96elwu73u77Sf39M+2G3P61/Y0z5MZzrVK7n9dKzHz+NGvL3d3rQtzdj+5Rnt9Yz2nH/f/l+knP+g9dPkv5raq7Fp4/6HvU/t9+3ppPu5fP2Lvzl7+Jsz01b0d7etrdm+lzroz/b/yVOj+OWtjZun71y7ffvmuUiTPbeejzT5nOX8h+ln9/n/5Z32/Lzf3l/vfzh64vwXxVYMpub/cmu+2d5X5ty3LuT8R+kn5/92ap+8/x/l/Kfv/6920B8AAAAAAAAAAAAAAAB4nLquty8RvRwRF9P1P11dmwkAzNfl9JUbdZJvn1fdn/P9qdVHvK4WrD9zrT+pF6s/avVRrNvqyd5sFxHxt/Y6FyPi15N+GQCwyD6JiH923Qk6I/+C5e/7a6anuu4MMFe33v/gp9du3Ni4eavrngAAAAAAAAAAn1Ue/3OtNf7zqbqu740tt2f817di7aDjfw7yzO4Ao1MGqu4/+TY9zlZv1O+1hht/MaaN/z3cnXvc+N+DGfc3nNE+mtG+NKN9eUb7xAs9WnL+L7bGOz8VESfHhl8vYfzX8THvS5Dzf6n1eG7y/8rYcu38698f5fx7e/I/c/u9X5y59f4Hr11/79q7G+9u/OzCuXNnL1y8eOnSpTPvXL+xcXbn3w57fLhy/nnsa+eBliXnnzOXf1ly/l9KtfzLkvP/cqrlX5acf36/J/+y5PzzZx/5lyXn/0qq5V+WnP/XUi3/suT8X021/MuS8/96quVflpz/a6mWf1ly/qdTLf+y5PzPpHqf+a8cdr+Yj5x/PsJl/y9Lzj+f2SD/suT8z6da/mXJ+V9ItfzLkvN/PdXyL0vO/xupln9Zcv4XUy3/suT8v5lq+Zcl538p1fIvS87/W6mWf1ly/t9OtfzLkvN/I9XyL0vO/zupln9Zcv7fTbX8y5Lz/16q5V+WnP+bqZZ/WR59/78ZM2bM5Jmun5kAAAAAAAAAAAAAgHHzOJ24620EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4HztwIAAAAAAA5P/aCFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVXYgQMBAAAAACD/10aoqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwt69xsh11vcDP7M3r52bgZC/k7+BtWOMcTbZ9SW+0LqYcG24lUBS0kts17t2FnyL1y5JGsmOAiUSRkUVbcOLtoCiNm8qrCovaBVQXqBWlSqR9gV9g6hQeRFVAQWkSm0VstWceZ5nZ2ZnZ3a94/XMOZ+PlPzimTNzzpx5Zna/63x3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6m167/QXK1mWVf/J/7U+y66v/vfasfX5Ze+61kcIAAAArNQv83+/elO64OASblS3zT++9fvPz83NzWWfHvyT4a/OzaUrxrJseE2W5ddFl3/8YKV+m+CpbLQyUPfngQ67H+xw/VCH64c7XD/S4fo1Ha4f7XD9ghOwwNraz2PyO9uS/+f62inNbs6G8+u2tLjVU5U1AwPxZzm5Sn6bueFj2Ux2IpvOJhu2r21bybd/YVN1Xx/K4r4G6va1sbpCfv7E0XgMlXCOtzTsa/4+o5++Jxv7xc+fOPpX5165tdXseBoa7q92nNs2V4/z8+GS2rFWsjXpnMTjHKg7zo0tnpPBhuOs5Ler/nfzcb66xOMcnD/MVdX8nI9mA/l/v5Sfp6H6H+ul87QxXPbft2dZdnH+sJu3WbCvbCBb13DJwPzzM1pbkdX7qC6lN2ZDy1qnm5awTqtzakvjOm1+TcTnf1O43dAix1D/NP30yZG65/21uStZp1H1US/2Wmleg91+rfTKGozr4qX8QT/dcg1uCY//ia2Lr8GWa6fFGkyPu24Nbu60BgdGBvNjTk9CJb/N/Brc0bD9YL6nSj5f3tp+DU6cO3lmYvaxx++cOXnk+PTx6VO7duyY3LVnz759+yaOzZyYnqz9+wrPdu9blw2k18DmcO7ia+AdTdvWL9W5b4wseP+90tfhaJvX4fqmbbv9OhxqfnCV1XlBLlzTtdfGp6onffTSQLbIayx/frav/HWYHnfd63Co7nXY8mtKi9fh0BJeh9Vtzmxf2vcsQ3X/tDqGxb8WrGwNrq9bg83fjzSvwW5/P9Ira3A0rIsfbl/8a8HGcLxPjy/3+5HBBWswPdzw3lO9JH2/P7ovH63W5W3VK64byc7PTp+969Ej586d3ZGFsSreVLdWmtfrurrHlC1YrwPLXq8HZ9769G0tLl8fztXondV/jS76XFW32X1X++cq/+rW+nw2XLozC6PLVvt8tvpqXj2fI1n2te89ed93nvjaexc9n9W8+fmJlX8vnnJp3fvv8CLvvzH3v17bX7qrpwaHh2qv38F0doYb3o8bn6qh/L2rku/71YmlvR8Ph39W+/345jbvxxuatu32+/Fw84OL78eVTj/tWJnm53M0rJMTk+3fj6vbbNi53DU51Pb9+PYwK+H8vzMkhZSL6tbOYus27WtoaDg8rqG4h8Z1uqth++GQzar7em7nla3TbbfX7mswPbp5q7VOx5q27fY6TT/7WmydVjr99O3KND+fo2Fd3Lyr/TqtbvPi7pW/d66N/1n33jnSaQ0OD45Uj3k4LcL8/T6bWxvX4F3Z0ex0diKbyq8dyddTJd/X+N1LW4Mj4Z/Vfq/c0GYNbmvatttrMH0dW2ztVYYWPvguaH4+R8O6eObu9muwus379nb3e9dt4ZK0Td33rs0/X1vsZ163NZ2mq7VWhsJxfm9v+5/NVrc5sW+5ObP9ebojXHJdi/PU/Ppd7DU1la3OedoQjvOVfYufp+rxVLf56v4lrqeDWZZdeOSe/Oe94e9X/vb8D55v+HuXVn+nc+GRe352w7F/WM7xA9D/Xq+NdbWvdXV/M7WUv/8HAAAA+kLM/QNhJvI/AAAAFEbM/fH/Ck/kfwAAACiMmPuHwkxKkv83vO+VmdcvZKmZPxfE69NpuLe2Xey4ToY/j83Nq15+z7PT//X3F5a274Esy1679w9abr/h3nhcNWPhOC+/v/HyBZ6/c0n7Pnz/hbTf+v7618P9x8ez1GXQqoI7mWXZCzd9Od/P2IOX8vnivYfzed/Fp5+qbvPq/tqf4+1fflNt+z8P5d+Dx4403P7lcB5+Eubkh1ufj3i7b11658a9D8zvL96usvnG/GE/81DtfuPvyfnKU7Xt43le7Pi/86XnvlXd/tG3tz7+CwOtj/+5cL/Phvk/b6ltX/8cVP8cb/eFcPxxf/F2d33zuy2P//IXa9uf+UBtu8Nhxv1vC3/e8oFXZurP16OVIw2PK/tgbbu4/8kf/FF+fby/eP/Nxz966FLD+WheHy/+a+1+Jpq2j5fH/UR/17T/6v3Ur8+4/+f+8HDDee60/8v3vfyW6v027/+Opu3OPLI93//8/TX+xqa/+MKXW+4vHs/BvznT8HgOfiK8jsP+n3korMdw/f9ert1f829XOPyJxvefuP3X119oeDzRh35R2//ldx/P55rRteuuu/6GGy++rXrusuylNbX767T/4395uuH4v3FL7XzE62NHv3n/i4n7P/u58VOnZ8/PTKWz+sRN+e/O+UjteOLx3hTeW5v/fOj0uYenz45Njk1m2Vhxf4XeFftmmD+rjYvtt55b8A66/f7wfN72Zy+s2/ovX4qX/9unapdf+nDt69Y7wnZfCZevD8/f8va/0DObbslf35UXwxHOLfx9wSuxcct/7lvShuHxN39fENf7mTc/nJ+H6nX51434ul7h8f9oqnY/3w7ndS78ZubNt8zvr377+LsRLn2y9npf8fkLb3Pxef3r8Hx/9Ce1+4/HFR/vj8L3Md/d0Ph+F9fHty8MNN9//ls8Lob3k+xi7fq4VTzfl169peXhxd9Dkl28Nf/zH6f7uXVZD3Mxs4/NTpyYOXX+0Ylz07PnJmYfe/zQydPnT507lP8uz0Of6XT7+fendfn709T0nt1Z/m51ujausmt9/GfuPzq1d3Lr1PSxI+ePnbv/zPTZ40dnZ49OT81uPXLs2PTnOt1+ZurAjp37d+3dOX58ZurAvv37d+0fnzl1unoYtYPqYM/kZ8dPnT2U32T2wO79O+6+e/fk+MnTU9MH9k5Ojp/vdPv8a9N49da/P352+sSRczMnp8dnZx6fPrBj/549Ozv+NsCTZ47Njk2cPX9q4vzs9NmJ2mMZO5dfXP3a1+n2FNPsv9e+n21Wqf0ivuzjd+xJv5+16tknF72r2iZNv0D0lfC7aP7pDWf2LeXPMfcPh5mUJP8DAABAGcTcPxJmIv8DAABAYcTcvybMRP4HAACAwoi5fzTMpCT5v3D9/w0XlrR//X/9//rzpf9fsv7/J3ut/197v9D/746V9u/1/wP9f/1//X/9f/1/uqDX+v8x96/NslLmfwAAACiDmPvXhZnI/wAAAFAYMfdfF2Yi/wMAAEBhxNx/fZhJSfK//v/V7v8P6v/r/+v/x3Wp/6//vwr0/9vT/+9A/38iK1f//2I3j1//X/+fhXqt/x9z/w1hJiXJ/wAAAFAGMfffGGYi/wMAAEBhxNx/U5iJ/A8AAACFEXP/+jCTkuR//X+f/6//r/+v/996//r//Un/vz39/w70/33+v/6//j9d1Wv9/5j73xBmUpL8DwAAAGUQc/8bw0zkfwAAAOg9Q1d2s5j73xRmsiD/X+EOAAAAgGsu5v6bs6YieEn+/l//X/9f/1//X/+/9f6X3v8fzPT/e4f+f3v6/x3o/+v/6//r/9NVvdb/z3N/Npq9OcykJPkfAAAAyiDm/lvCTOR/AAAAKIyY+/9fmIn8DwAAAIURc/+GMJOS5H/9f/1//X/9f/3/1vv3+f/9Sf+/Pf3/DvT/9f/1//X/6ape6//H3H9rmElJ8j8AAACUQcz9t4WZyP8AAABQGDH3//8wE/kfAAAACiPm/o1hJiXJ//r/Pd7/j81R/X/9f/1//X/9/yXR/29P/78D/X/9f/1//X+6qtf6/zH3vyXMpCT5HwAAAMog5v63hpnI/wAAAFAYMfe/LcxE/gcAAIDCiLl/LMykJPlf/79L/f8tNyy4zOf/6/+n9RGm/r/+v/7/1af/357+fwf6//r/+v/6/3RVr/X/Y+7fFGZSkvwPAAAAZRBz/+YwE/kfAAAACiPm/tvDTOR/AAAAKIyY+7eEmZQk/+v/9/jn/+v/6//r/+v/6/8vi/5/e/r/Hej/6//r/+v/01W91v+Puf/tYSYlyf8AAABQBjH3bw0zkf8BAACgMGLuf0eYifwPAAAAhRFz/7Ywk5Lkf/1//X/9f/1//f/W+9f/70/6/+3p/3eg/6//r/+v/09X9Vr/P+b+d4aZlCT/AwAAQBnE3L89zET+BwAAgMKIuf+OMBP5HwAAAAoj5v7xMJOS5H/9f/1//X/9f/3/1vvX/+9P+v/t6f93oP+v/6//r/9PV/Va/z/m/jvDTEqS/wEAAKAMYu6/K8xE/gcAAIDCiLl/IsxE/gcAAIDCiLl/MsykJPlf/1//X/9f/39Z/f+3zd+v/n+N/n9v0f9vT/+/A/1//f9r3v8f1v+nUHqt/x9z/44wk5LkfwAAACiDmPt3hpnI/wAAAFAYMffvCjOR/wEAAKAwYu7fHWZSkvyv/6//r/+v/+/z/1vvX/+/P+n/t9f9/n98iPr/+v/6/z7/X/+fhXqt/x9z/91hJiXJ/wAAAFAGMffvCTOR/wEAAKAwYu7fG2Yi/wMAAEBhxNy/L8ykJPlf/1//X/9f/1//v/X+9f/7k/5/ez7/vwP9f/1//X/9f7qq1/r/MffvDzMpSf4HAACAMoi5/11hJvI/AAAAFEbM/b8SZiL/AwAAQGHE3P+rYSYlyf/6//r/+v/6//r/rfev/9+f+rb/X/syrP+v/6//38fHr/+v/89Cvdb/j7n/QJhJSfI/AAAAlEHM/b8WZiL/AwAAQGHE3P/uMBP5HwAAAAoj5v6DYSYlyf/6//r/+v/6//r/rfev/9+f+rb/H5Ss/z/SfIH+v/5/Px+//r/+Pwv1Wv8/5v73hJmUJP8DAABAGcTcf0+YifwPAAAAhRFz/3vDTOR/AAAAKIyY+98XZlKS/K//r/+v/6//r//fev/6//1J/7+9Huv/L6D/r//fz8ev/6//z0K91v+Puf/9YSYlyf8AAABQBjH3fyDMRP4HAACAwoi5/4NhJvI/AAAAFEbM/R8KMylJ/tf/1//X/9f/1/9vvX/9//6k/9+e/n8H+v8F6/+P3aD/r//P1dIqAS10Zf3/619bdIcr7P/H3P/rYSYlyf8AAABQBjH33xtmIv8DAABAYcTc/+EwE/kfAAAACiPm/o+EmZQk/6+o/z+i/x/p/zcev/5/6/Wh/6//r/9/9en/t9dn/f9f3hgu1/+v0f/v7ePvyf7/jxfr/8+tab69/j9Xw5X1/1vqSv8/5v6PhpmUJP8DAABAGcTc/7EwE/kfAAAACiPm/o+Hmcj/AAAAUBgx9/9GmElJ8r/P/68ex3x7Wf9f/z+/QP9f/1//v2/p/7fXZ/1/n//fRP+/t4+/J/v/Pv+fa6zX+v8x938izKQk+R8AAADKIOb++8JM5H8AAAAojJj7PxlmIv8DAABAYcTc/6kwk5Lkf/1/n/+v/6//r//fev/6//1J/789/f8O9P/1/3ut//8f+v/0t17r/8fcf3+YSUnyPwAAAJRBzP0PhJnI/wAAAFAYMff/ZpiJ/A8AAACFEXP/p8NMSpL/9f/7pf8/pv+v/6//3/R49P/1/1vR/29P/78D/X/9/17r//v8f/pcr/X/Y+5/MMxk6fl/dMlbAgAAANdEzP2/FWZSkr//BwAAgDKIuf+3w0zkfwAAACiMmPt/J8ykJPlf/79f+v8+/z/T/9f/b3o8+v/6/62sXv8/vvPo/+v/6/9H+v/6//r/NOu1/n/M/b8bZlKS/A8AAABlEHP/Q2Em8j8AAAD0hVb/T3azmPsPhZnI/wAAAFAYMfcfDjMpSf7X/9f/1//v0f7/n27+5x9+/2OHd+j/6//r/y/Lqn7+f/XF7/P/9f/1/xP9f/1//X+a9Vr/P+b+I2EmJcn/AAAAUAYx9/9emIn8DwAAAIURc//RMBP5HwAAAAoj5v6pMJOS5H/9f/1//f8e6f9XKllWkM//j+dD/79R1/r/8U1X/7+lVe3/PzDfE9f/X27/f6Tlpfr/+v/9fPz6//r/LNRr/f+Y+6fDTEqS/wEAAKAMQu4fOFab81fI/wAAAFAYMfcfDzOR/wEAAKAwYu5/OMykJPlf/1//X/+/R/r/zZ//38f9f5//35rP/18d+v/t9U7/vzX9f/3/fj5+/X/9fxbqtf5/zP0zYSYlyf8AAABQBjH3fybMRP4HAACAwoi5/7NhJvI/AAAAFEbM/SfCTEqS//X/9f/1//X/9f9b71//vz/p/7en/9+B/r/+v/6//j9d1Wv9/5j7T4aZlCT/AwAAQBnE3H8qzET+BwAAgMKIuf90mIn8/3/s3UevnXe1x/Htex1dW3kBd3Anmd9XgDIAiRm8AAZMGICEGNBCb3EgtACh90DoPZQEQmiht4QWCJ3QO4QSegAZobPWss/xPs+2zT728/zX5zNZ4HDYB2Ql+cX+6g8AAADDyN3/4Lilyf7X/+v/h+3/76r/3+/z9f/6/5Hp/6fp/zfQ/+v/9f/6f7Zqbv1/7v6HxC1N9j8AAAB0kLv/oXGL/Q8AAADDyN1/Sdxi/wMAAMAwcvc/LG5psv/39P+HVj37/8x49f8j9f/e/9/38/X/+v+Rndv+/7J//5lP/6//1/8H/b/+X//PXnPr/3P3PzxuabL/AQAAoIPc/Y+IW+x/AAAAGEbu/kfGLfY/AAAADCN3/6Pilib73/v/3v/X/+v/9f/rP1//v0ze/5/Wqf+/5NYLH3jH9f93w5l8vv5f/6//1/+zXXPr/3P3Pzpu2T387r7370cBAACA5cjd/5i4pcmv/wMAAEAHufsfG7fY/wAAADCM3P2Pi1ua7H/9v/5f/6//1/+v/3z9/zLp/6d16v/P5vP1//p//b/+n+2aW/+fu//xcUuT/Q8AAAAd5O5/Qtxi/wMAAMAwcvdfGrfY/wAAADCM3P3H4pYm+1//f/D9/z/1//r/uPp//b/+/+Dp/6fp/zfQ/+v/9f/6f7Zqbv1/7v7L4pYm+x8AAAA6yN3/xLjF/gcAAIBh5O5/Utxi/wMAAMAwcvdfHrc02f/6f+//6//1//r/9Z+v/18m/f+0c9//r/sr5P70/4vv/y/Q/+v/9f+c7Az7/zsn/rS9lf4/d/+T45Ym+x8AAAA6yN3/lLjF/gcAAIBh5O5/atxi/wMAAMAwcvc/LW5psv/1//p//b/+X/+//vP1/8uk/582m/f/Dx1e+8P6/8X3/97/1//r/9llbu//5+5/etzSZP8DAABAB7n7r4hb7H8AAAAYRu7+Z8Qt9j8AAAAMI3f/M+OWJvtf/6//1//r//X/6z9/qv+/4aTvT/8/L/r/abPp//eh/9f/L/n71//r/znV3Pr/3P3Pilua7H8AAADoIHf/lXGL/Q8AAADDyN3/7LjF/gcAAIBh5O5/TtzSZP+v7/9P/HH9/+nR/+/+/vX/639+bKv/z/9G/f9k/3837//3pP+fpv/fQP+v/9f/79f/H9309fp/1plb/5+7/7lxS5P9DwAAAB3k7n9e3GL/AwAAwDBy9z8/brH/AQAAYBi5+18QtzTZ/97/1//r/5fX/3v/f8f5fP9/dc77/8P6/9Ok/5+m/99A/6//1/97/5+tmlv/n7v/hXFLk/0PAAAAHeTuf1HcYv8DAADAMpz8ewf2/obSkLv/xXGL/Q8AAADDyN3/krilyf7X/+v/9f/6/979/5GF9P/e/z9d+v9p+v8Nzm//f2jQ/v/wYP3/1ft9/Rz6/0v1/8zMrv7/xhM/fr76/9z9L41bmux/AAAA6CB3/8viFvsfAAAAhpG7/+Vxi/0PAAAAw8jdf1Xc0mT/H3j/f3T/z9b/6//1//r/89//L+X9f/3/6dL/T9P/b+D9f+//e/9f/89W7er/T3K++v/c/a+IW5rsfwAAAOggd/8r4xb7HwAAAIaRu//quMX+BwAAgGHk7n9V3NJk/2+p/7/qisvv4v3/PfT/+v+9Pz/0//p//f/B0/9P0/9voP/X/+v/9f9s1dz6/9z9r45bmux/AAAA6CB3/2viFvsfAAAAhpG7/7Vxi/0PAAAAw8jd/7q4pcn+P/D3/yd06P/zx/X/+v+V/l//r/8/J9r2/4fW/ZXoVPv0/zff/9g9d/+I/l//r//X/+v/2YJZ9P/HT/zdZe7+18ctTfY/AAAAdJC7/w1xi/0PAAAAw8jd/8a4xf4HAACAYeTuf1PcMsj+P7Lhj+v/vf+v/9f/6//Xf77+f5na9v+nyfv/G+j/9f/6f/0/WzWL/v+kf5+7/81xyyD7HwAAAFjV7n9L3GL/AwAAwDBy9781brH/AQAAYBi5+98WtzTZ//p//b/+X/+v/1//+fr/ZdL/T9P/b6D/1//r//X/bNXc+v/c/dfELU32PwAAAHSQu//tcYv9DwAAAMPI3f+OuMX+BwAAgGHk7n9n3NJk/+v/9f/6f/2//n/95+v/l0n/P03/v1qtrp34Btb1/8f/R/+v/9f/6/85S3Pr/3P3vytuabL/AQAAoIPc/dfGLfY/AAAADCN3/3Vxi/0PAAAAw8jd/+64pcn+1//r//X/+n/9//rP1/8vk/5/mv5/A+//6//1//p/tmpu/X/u/vfELU32PwAAAHSQu//6uMX+BwAAgGHk7n9v3GL/AwAAwDBy998QtzTZ//p//b/+X/+v/1//+fr/ZTq4/n+l/9f/6/830P/r//X/7DW3/j93//vilib7HwAAADrI3f/+uMX+BwAAgGHk7v9A3GL/AwAAwDBy938wbmmy//X/+n/9v/5f/7/+8/X/y+T9/2n6/w30//p//b/+n62aW/+fu/9DcUuT/Q8AAAAd5O6/MW6x/wEAAGAYufs/HLfY/wAAADCM3P0fiVua7H/9v/5/d/+/Wun/9f/6/x3noP8/stL/b53+f5r+fwP9/5j9/3+tBur/j+779fp/5mhu/X/u/o/GLU32PwAAAHSQu/9jcYv9DwAAAMPI3f/xuMX+BwAAgGHk7v9E3NJk/+v/9f/e/9f/6//Xf773/5dJ/z9N/7+B/n/M/t/7//p/zpu59f+5+z8ZtzTZ/wAAANBB7v5PxS32PwAAAAwjd/+n4xb7HwAAAIaRu/8zO/fEPwBosv/1//p//b/+X/+//vP1/8uk/5+m/99A/6//1//r/9mqufX/sftXn41bmux/AAAA6CB3/01xi/0PAAAAw8jdf3PcYv8DAADAMHL3fy5uabL/9f/6f/3/Mvv/I/p//b/+f6259P8XX3yPW/T/+n/9v/5f/6//725u/X/u/s/HLU32PwAAAHSQu/8LcYv9DwAAAMPI3f/FuMX+BwAAgGHk7v9S3NJk/5/a/1+w2ilUd6zr/6NR0/+fRP+/+/vX/6//+eH9f/2//v/gzaX/9/7/2X3/+n/9/5K//zPq/y869ev1/4xobv1/7v5b4pYm+x8AAAA6yN3/5bjF/gcAAIBh5O7/Stxi/wMAAMAwcvffGrc02f/e/9f/6//1//r/9Z+v/18m/f80/f8G+n/9v/f/H3Tf/9b/sz1z6/9z9381bmmy/wEAAKCD3P1fi1vsfwAAABhG7v6vxy32PwAAAAwjd/834pYm+1//r//X/+v/9f/rP1//v0z6/2n6/w30//p//b/3/9mqufX/ufu/Gbc02f8AAADQQe7+b8Ut9j8AAAAMI3f/t+MW+x8AAACGkbv/O3FLk/2//f7/Iv1/0P/Ppf+/j/5/z+fr//X/I9P/51/R19P/b6D/1//r//X/bNXc+v/c/bfFLU32PwAAAHSQu/+7cYv9DwAAAMPI3f+9uMX+BwAAgGHk7v9+3NJk/3v/v1f/f2jVsf/3/r/+X//fif5/mv5/A/2//l//r/9nq+bW/+fu/0Hc0mT/AwAAwFLd6/8fcNvp/mdz9/8wbrH/AQAAYBi5+38Ut9j/AAAAMIzc/T+OW5rsf/1/r/6/5/v/+n/9v/6/E/3/NP3/Bvp//b/+X//PVs2t/8/d/5O45aThd/iM/1cCAAAAc5K7/6dxS5Nf/wcAAIAOcvf/LG45Zf8fP83f1Q4AAADMTe7+n8ctTX79X/8/8/5/NX7/f/tK/6//36H/1/9vg/5/2n/Y/x8/pP/X/0/Q/+v/9f/sNbf+P3f/L+KWJvsfAAAABrXrnyjk7v9l3GL/AwAAwDBy9/8qbrH/AQAAYBi5+38dtzTZ//r/mff/Z/X+/9H6V0vo/73/f4D9/5VH1n6+/l//PzL9/zTv/2+g/9f/6//1/2zV3Pr/3P23xy1N9j8AAAB0kLv/N3GL/Q8AAADDyN3/27jF/gcAAIBh5O7/XdzSZP/r/0fs/5f1/r/+3/v/Z9///++Fx2669/2uu0b/zwnnsv/Pnwv6f/2//n+H/l//r/9nr7n1/7n7fx+3NNn/AAAA0EHu/jviFvsfAAAAhpG7/w9xi/0PAAAAw8jd/8e4pcn+1//r/+fS/+f/1+eh/z+2vP4/m+Lu/b/3//X/p/L+/zT9/wb6f/2//l//z1bNrf/P3f+nuKXJ/gcAAIAOcvf/OW6x/wEAAGAYufv/ErfY/wAAADCM3P1/jVua7H/9v/5/Lv1/8v7/ia/z/v8O/b/+/0zo/6fp/zfQ/+v/9f/6f7Zqbv1/7v6/xS1N9j8AAAB0kLv/zrjF/gcAAIBh5O7/e9xi/wMAAMAwcvf/I25psv/1//p//b/+X/+//vP1/8uk/5+m/99A/6//1//r/9mqufX/ufv/FQAA///1FHDi")
listxattr(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)

2.89775612s ago: executing program 0 (id=6876):
syz_mount_image$erofs(&(0x7f00000012c0), &(0x7f0000000240)='./file0\x00', 0x200000, &(0x7f0000000000)=ANY=[], 0x0, 0x234, &(0x7f0000000500)="$eJzsmLtvE0EQxr+9O59tAgiaFDQURCIIfI7PTZqIh4REhZASXhVY5IiCnRg5h0QsIRTR0EBHwaOhoKOiiEQqCjr+gUhQABISSKSgoHGzaHbX57MXsHOkY37F5tud2Z2dyd4UBsMw/y2fP/38+ODU9NwxALsxgbxZ/+oCQmjtoPf3w+NbRx/NnH726v2Lt8t772wMnkdbpOxfKPwlvgfgzUkXd5MIye4OiQkzmYND+hvp83BwxKxfRAeB0Vfh4ILREQQuG30jpZsQCILg+mIjCq41G/Mkpmio0BDSUB2839aawLyZS+lCpOwrq+16rdGIWinhGdtvTJlEEqw+btUvh6el9FxKKamKl+7fW6N5tzZTun6KChxUTBJVCMya9Wnku7XRJUnlf8Drne9a+dvZdl4rXzIMS7KgxcyPHSkWCR9a7C9lO2eS0jlhm/Yhy33QvyuHnokquTMp//HpKOENf4vHzT90eyHG6AGcHTWLh0UA/5RXfqQbbjeLPjG+tfHONn0Ztl2K4SHE6O+nMOqdux9i9qoW0a47mSuGJ6bh2hfbXNf9Qz4XOJzqT16qf5TjpZvlldV2aXGpthAtRMthWM2PaZtqRGU1Wn0PL7v9uaj6067U+TnbW+E7Pm7X4rhV0aMvfBQRx61QzcPUZzO73vx+xWyLcQbAIT2htuknJ7pWDOFrH0f5kpq0nRiGYRiGYRiGYRiGYRiGYTJxEEL9Ckps7kGiBwjPKe9fAQAA//8Wr1iA")
mkdir(&(0x7f0000000000)='./file0/file0\x00', 0x11c)

2.669137584s ago: executing program 1 (id=6878):
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
setsockopt$WPAN_SECURITY(r0, 0x0, 0x1, &(0x7f0000000180)=0x1000000, 0x4)

2.638816764s ago: executing program 0 (id=6879):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x38, 0x39, 0x9, 0x0, 0x0, {0x1}, [@typed={0x4}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x0, 0x0, 0x0, @str='\x05G'}]}, @typed={0x8, 0x2, 0x0, 0x0, @pid=0xffffffffffffffff}, @nested={0xc, 0x5, 0x0, 0x1, [@typed={0x8, 0x0, 0x0, 0x0, @u32=0x200}]}]}, 0x38}}, 0x0)

2.472878827s ago: executing program 1 (id=6880):
r0 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
setsockopt(r0, 0x9, 0x6, 0x0, 0x0)

2.397452087s ago: executing program 1 (id=6881):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newlink={0x50, 0x10, 0x401, 0x170bd2b, 0x0, {0x0, 0x0, 0x0, 0x0, 0x14800}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @geneve={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GENEVE_LABEL={0x8, 0xb, 0x1, 0x0, 0x9}]}}}, @IFLA_IFNAME={0x14, 0x3, 'geneve1\x00'}]}, 0x50}}, 0x2000000)

2.191725791s ago: executing program 0 (id=6882):
syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000280)='./file0\x00', 0x8d0, &(0x7f0000000140)={[{@fat=@sys_immutable}]}, 0x1, 0x25f, &(0x7f0000000840)="$eJzs3cFqE0EYB/Av2zSJvdizeFjw4qmobxAkghgQInvQk4HqpRVhe1k95TF8Bh/Jx8ipt0i7wbSpllqSTpP9/SDsx/4Z8s1lJ4GZ5OPjL0eHX08+z379iF6WRztiEqcR+5HFTtRa82t2XnfiokkAAJtmNBr3U/fACrWu3irL/ng3IrpXkuLn3TQFAAAAAAAAAADAql3a/9+z/x8AmsD+/+1Xlv3x3vzz22X2/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADpnM5mD2fXvFL3BwCs3tn6n1n/AaBRfP8HgOa52fqfpW4TAFihd+8/vOlnMRjleS9iOqmKqqivdf7q9XDwLD/XWYyaVlWxO6+Hg+d1ni/ne/PxL/6ad+Lpkzo/y16+HS7l3Thc9+QBAAAAAAAAAAAAAAAAAADgnjjI/9hf3J1WVbFT5wf/yuvqwu8DLJ3fb8ej9p1NAwAAAAAAAAAAAAAAAAAAADbaybfvR+Pj40/lFhadiLgHbWxg8SBuMaoXa26sG7Hut2hW0Wpf8wRI/WQCAAAAAAAAAAAAAAAAAIDmWRz6Td0JAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKSz+P//mxb/Pyr1HAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBm+B0AAP//Ai+I5w==")
statx(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x2000, 0x6000, &(0x7f0000000bc0))

2.041630882s ago: executing program 1 (id=6883):
syz_mount_image$udf(&(0x7f00000004c0), &(0x7f0000000500)='./file0\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="00089aafc727346c3e0d8728525a2641b3b31621730c58dcf8e0ca2e6767a45a978776e9d2c689feab83a160d00a77ae5112cd4e7141cad333d7cbb69dc6b314609d3827059c11066ba0b4b95c12d2d9ff9c8896d9e247bd55f9ff578a14e0e9d0ca07693396b00d2ef44adb4858475a07d5e8fa3ef5b306fe8a5d1cd2d8e06e7f88226ece092c6aabf8870e140124d5a48670513e0c419c99b7c5105959e7a535f12694634c114600000000"], 0x81, 0x4ac, &(0x7f00000011c0)="$eJzs20tsG1UXwPFzPLbruPk+3Adpi6piCSRCS9skLmmrIKE8iEBqG0gaEBUPhdgJJk4cxSkkVUu7BHYsumTJlgUrxBZVYolYoCDUXemGjVeUHeiO52XXSewm8TT1/1e1dx7H7r33zMy914kFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACIDL022NOrYdcCAAC00qWJ8Z4M4z8AAG3lMut/AACAdqJiyR+icnKurBft/YrEhfzC1ZXJkdH6L+tQUYmIZcebv4nevsyZl/vPnnPLjV+/3Y7I2MTlwfRwcX5xKVcq5bLpyYX8dDGba/gdtvr6WsftDkjPz13NzsyU0n2nMlWnV1L39+ztSg30vz8cd2MnR0ZHJwIx0dgj/+8PWW+GHxdLXhSVT374Ti+JSES23hebXDs7rcNuxHG7EZMjo3ZDCvmphWVzUiNOVKS6T+JuH7UgF1sSETH10vj2rNliYsmPojJ0uqxjImK5/XDC/mC4ofqEIWqWriLSLbsgZ4+xPWLJh6Jy53RK3nT61c5/XOR62JXDjos6939Ry/qW/Tww95N5bF54O/3GwkwxEKsR545qZnyocw+GPj600mP+bEqIJWP2HV/W8bArg5brEEvmRSX+9af2vELseelTA2ePPXs+OMM4tMn7mNhTzs3VyJgcc6YOGjF/HqHa2BYJteRPUXnwe8Le73Zyw08E2oRaUhCVf26UVWvWpVZgfe/Z7WvDna1/R2K4uLi6lJ/9eLnu+WRi8KPS8tLUdP3TlbWrFTyy2Tq2VqS5JVlSKyu+Lz4re69z1gD/q+z5tfn2un8tdNeUruD108h2w8+ZJuZRpk6qltwTlZkPDlfGGUk23TftwOR/VFRK5V/UzbST/2hlL5D/V/z+S2h16bFz+//K51ruXOLIlYPrHd+J/Js6mfy/KypDfx92PtOo5N+qiTVxXaLy3u2jTlwkbuKibnMq7ziTL+R6TOy/orL/ZzdW7NikE3vAj+01sSVR+fJOdexeJ/agH9tnYtdE5e5v9WOf9mMzJnbV5Otu2o1NmthjTmyXH3tquljIbtatJv99ovLOzdfVbfO6+Q/c/7dqSs9DOd94e7vynwocu+Xk9YqT/+gm+f9KVFb/Ouq22+5797LaZ//r59/Mlb+/XR3rTkb3+7G9jTYrbCb/+0Tl/qtrXpudtjm7foaC+X8mWl16/RpS/vcFjqWcesWb7It2VFq9NjdVKOSW2GCDDTa8jbCfTGgFM/6Pm1G931J3HuOM/52VPX/G9OBzf/wfqCk9IY3/+wPHBpxZSywqklieX4wdEkmUVq+dzM9PzeZmcwuZM/09fefP9GTOxeLu5M7farjvngQm/ydE5cZPv3rrmOr5X/35f7Km9ISU/wPBNlXNaxruirZk8t8pKv331rz15kbzf3f93/1cdendfyHl/2DgWMqpV2eTfQEAAAAAAAAAAAAAAAAAu0lSLXleVFbGX1L3O0SN/P5ftqb0hPT7X12BY9nt/16D+9WoqlONVh0AAAAAAAAAAKCVImLJN6LygpT1pjnQKXIxWOKJ9l8AAAD//16uQhc=")
renameat2(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000480)='./file7\x00', 0x0)

1.363748941s ago: executing program 4 (id=6884):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=@newlink={0x3c, 0x10, 0x401, 0x70bd2b, 0x0, {0x0, 0x0, 0x0, 0x0, 0x503}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_MAX_AGE={0x8, 0x14, 0x14}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4008000}, 0x0)

1.101603575s ago: executing program 0 (id=6885):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x13, &(0x7f0000000740)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002000000000000000012003007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000007000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f9001cffb702000008000000b703000000000000850000009b00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r0, 0x3, 0xe, 0x0, &(0x7f0000000500)="0000001afa3cb651ce2f2f009ec3", 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

838.018749ms ago: executing program 2 (id=6886):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000018c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000340)=ANY=[@ANYBLOB="240000001e000100000000000400000002000000", @ANYRES32=0x0, @ANYBLOB="00000f"], 0x24}}, 0x0)

671.089591ms ago: executing program 1 (id=6887):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)=@newlink={0x40, 0x10, 0x401, 0x70bd2d, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @sit={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8}, @IFLA_IPTUN_LOCAL={0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x1b}}]}}}]}, 0x40}}, 0x0)

338.622825ms ago: executing program 0 (id=6888):
r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000003480)='/proc/sys/net/ipv4/vs/sync_ports\x00', 0x2, 0x0)
write$cgroup_int(r0, &(0x7f0000000040)=0xf, 0x12)

0s ago: executing program 1 (id=6889):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=@newlink={0x48, 0x10, 0x703, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x88adfda5, 0x4000}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xfffffffffffffd3b, 0x2, 0x0, 0x1, [@IFLA_VLAN_PROTOCOL={0x6, 0x5, 0x8100}]}}}, @IFLA_ADDRESS={0xa, 0x1, @remote}]}, 0x48}}, 0x8000)

kernel console output (not intermixed with test programs):

8.795238][T19272] FAT-fs (loop0): Directory bread(block 69) failed
[  488.819562][T19272] FAT-fs (loop0): Directory bread(block 70) failed
[  488.834992][T19272] FAT-fs (loop0): Directory bread(block 71) failed
[  488.847973][T19272] FAT-fs (loop0): Directory bread(block 72) failed
[  488.881357][T19272] FAT-fs (loop0): Directory bread(block 73) failed
[  488.932001][T19287] [U] 
[  488.935340][T19287] [U] K{�
[  488.938388][T19287] [U] �t �1���F���fˊ�`G�J��g���������o��/�mC�
[  488.949078][T19287] [U] t�ؖ/,�~�Ĝ��j���}8���'o1��"�7-�JQ�K��W��q�5c%"�H12��Y������X�`����`+��(��!(���z'�tXln�I�g�j����ݭ�p�~�7�!���"�����(�5�Ob���̓J�
[  488.969758][T19287] [U] �k\&�}6�6�X�HX�������.`�a�$�40|϶��9��ި����U��4���Vbz��}�w�M�T���Q��Φr�4��
[  489.038488][T19287] [U] ".h6��"�k�[����J�4��I�n��[Z(��C|T�]z{��3�c=��x�����4�w�)\T�XJ��SH{q;칢��t��+���g����d�.˂�>y����wUh�fN����hl]S�2���\g%�O�&z)��'�pul�_<�	�ذ����`ұT�������;_�"(�u{7j��2X �/�'��c���I����H�c�ճ�V�=��Ai�%w�Es� R��j���g��r����hI���a��6-�D��V�� i"��n� ��Asc~4���8c�*�OO5/��J�~���w�vK+����3��Y)��M���v��yq潀DTr�Otpem%f��ej�A5��T_-X~�^aaۂ�q��
[  489.074369][    C1] vkms_vblank_simulate: vblank timer overrun
[  489.130445][T19287] [U] 	+�w�G?]��'a:	��)�����' B>t���f/��<'�U�'��h�i�.+]e�.�-ɿ���%��>2`�^U�8F.�6��3��+�A�«���g3�p��6:�^0��t��v�'E�t����YC�n��rϩ�n�Pj�;�Z������8!��\���A�ʖ2��$�­wi.��#��/Bai���`��4j��d�y@�z��gW�5˿B��ٜ�N�y"vI2��
[  489.197190][T19287] [U] �T�_K5�t�YJ���9��c�$br�L�Nul��9w���|�G�"ʃ�%����C�؝���q�� ��3��q��N^HP*��$	�.�7yӱ�2�
[  489.216957][T19287] [U] �?���h��*����3�7�鍾^#Q�"0~���(�o�XL�b�,'v��=���C�S���G�S��0�ւ��`���ه��=1(��p#�2DO*Ƀ
[  489.235579][T19287] [U] �s��g������Gu��d-{���|&������2��L�c_��!`��oz֥�B��%>�r��w���Ss�H"�yA4�O.�Y��䏄RTԶ�B�[+/<<R�B����|Фe���۠�V96#���ͤ�j�U�%s851���ҩs�P��\��?q�|L��QX�0�K�1orɴ2��|��d�F�������2ޔ���0��H�}C[/����px^��o
[  489.327454][T19287] [U] �؛���(J�Л��m��xz�;�����؝_����*3�3��5�\�xm��U��AK!aQ`��;F�I+��VUH���m�j��Ʒ��Z�c��z���)_矡	���&�����a�xto���_� ���:���%�P���C���y�+_�����}U�m��ƫC�!KJ�7��g��=b�
[  489.383050][T19287] [U] ٽ�F�%�XA��l�2r*g��VW��$��j	�A��F�ߝ�+��9̈́Vi�֗�kپ�1}_���%�r6��(]��/����řYܺ��h����r g��rn/ܫ�#!�d����%���D��-{�$�vU��T���$:mtr�E�C1V�D~��];[�����sq����(��e,X�8�"���G�d���2@T8��������t8.Rc+�@�ꦇp�u�p����C���'�yL�-Ss1E?�7�O���^]����c��H]�Jkr]Rkq܆��ݣ��OTc��x���4�N�	��&���ڋ��@�:m7�~�+�W*���xM��>>��{q���_�՝LX8�U����{�Z����)��7?�rR;�c�r�hײڣ����1�>)�Mă��t���(��aϝ�}9�ڥ�J*Mќ�ġ�'L��q	�DW����=��|q�	�Æ�W;5��Ž�!�dB�x`��/��E�`ƦM��X��"�\
[  489.430262][    C1] vkms_vblank_simulate: vblank timer overrun
[  489.436720][T19287] [U] {;����٘_�o2��)�o��.2�W2���y���x_  HPϱ�S�D����:]�{������
[  489.445740][T19287] [U] I,�>��	��5�1��^1�N4�oǶ�'0�?֒i�9w.�_.�W�a���V��`)�Z���c6Giӹ�a��XL[����F�*��O�W)+��'\n�[K@����2�Ǭ���p"^`���	��
[  489.459712][T19287] [U] 22��Ʃ���x?0;3u�
[  489.471758][T19287] [U] ޜ���sObx�8�W�4�(�~/���K�U��ԖoQ�e+�G�-y�gY_�>v�����3.h�ә]̈́�2��)�D�,	��	�D~�d���+�w;A\�FP��Ș|$��)�KؐI���ɿk�YT^R���癵��A=�#�ܜ	����ae��t�1��ݯ4K�.e"R�S|��s���:��>p��r�"z������#P!�KY"�}��F�N84����hޱ�o��sߙ̫%Dlw�m��
[  489.528280][T19287] [U] [�['xn�'�����,mr��/����1D=!D�x91B�w�R�lf���K�Z��#�`�l؛�˜��b~�m���
[  489.542854][T19287] [U] �L�>��d+�d�����"5���h3<���iR=F^�f�n��������v���D�OIO�:U�>�Y�
[  489.573347][T19287] [U] 'B�6v�20��瞥�׌�"t8�{9�FW��]���쩍
[  489.588791][T19287] [U] �72�����u�C6����τI]8c��tۨQSk�Y��I��� �|V'�TV/��g�$[� 9kh`�"����}��[^=��0�]��%�̂T�����F�_v�4C���
[  489.630971][T19287] [U] �ec�
[  489.634152][T19287] [U] ���|���<��:^�3$7nK~�-�@��?��/mtl��۾�I�w�@g~t�{��P�+�$�jp|���I�Ri�pm� ��Y� ��8�t���V�����,�l�,�
[  489.754595][T19286] [U] �K�����)0���~��ʪ�iP'�f��z��r���@B�]�5��{��ʼ�'�8�ƥF��UTqUdǩ�K;7��0c[��y���YC���ذm��L�8�T�͚�5���rx����W� x���oQhVi'8����L�
[  489.828664][T19319] loop1: detected capacity change from 0 to 4096
[  489.865802][T19319] ntfs3: loop1: Different NTFS sector size (2048) and media sector size (512).
[  489.878754][T19306] loop2: detected capacity change from 0 to 32768
[  489.974786][T19306] JBD2: Ignoring recovery information on journal
[  490.104334][T19306] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[  490.252979][T19340] netdevsim netdevsim3: Direct firmware load for ./file0 failed with error -2
[  490.286946][T19306] OCFS2: ERROR (device loop2): int ocfs2_claim_suballoc_bits(struct ocfs2_alloc_context *, handle_t *, u32, u32, struct ocfs2_suballoc_result *): Chain allocator dinode 73 has 4294901761 used bits but only 0 total
[  490.291111][T19337] loop0: detected capacity change from 0 to 2048
[  490.313246][T19340] netdevsim netdevsim3: Falling back to sysfs fallback for: ./file0
[  490.381674][T19306] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted.
[  490.410579][T19306] OCFS2: File system is now read-only.
[  490.422585][T19306] (syz.2.5893,19306,0):ocfs2_claim_suballoc_bits:1983 ERROR: status = -30
[  490.448724][T19306] (syz.2.5893,19306,1):ocfs2_claim_metadata:2008 ERROR: status = -30
[  490.459543][T19306] (syz.2.5893,19306,1):ocfs2_claim_metadata:2021 ERROR: status = -30
[  490.485018][T19306] (syz.2.5893,19306,1):ocfs2_dx_dir_attach_index:2330 ERROR: status = -30
[  490.515207][T19306] (syz.2.5893,19306,1):ocfs2_expand_inline_dir:3023 ERROR: status = -30
[  490.529629][T19306] (syz.2.5893,19306,1):ocfs2_extend_dir:3205 ERROR: status = -30
[  490.538410][T19306] (syz.2.5893,19306,1):ocfs2_prepare_dir_for_insert:4326 ERROR: status = -30
[  490.565044][T19306] (syz.2.5893,19306,1):ocfs2_mknod:298 ERROR: status = -30
[  490.575414][T19306] (syz.2.5893,19306,1):ocfs2_mknod:502 ERROR: status = -30
[  490.586905][T19306] (syz.2.5893,19306,1):ocfs2_mkdir:659 ERROR: status = -30
[  490.694860][ T5788] ocfs2: Unmounting device (7,2) on (node local)
[  490.723848][T19354] loop1: detected capacity change from 0 to 4096
[  490.740789][T19354] ntfs3: loop1: Different NTFS sector size (1024) and media sector size (512).
[  490.773279][T19356] loop0: detected capacity change from 0 to 2048
[  490.830745][T19354] ntfs3: loop1: Mark volume as dirty due to NTFS errors
[  490.867944][T19363] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  490.963658][T19356] CPU: 1 PID: 19356 Comm: syz.0.5905 Not tainted 6.6.98-syzkaller #0
[  490.972451][T19356] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  490.982576][T19356] Call Trace:
[  490.985879][T19356]  <TASK>
[  490.988835][T19356]  dump_stack_lvl+0x16c/0x230
[  490.993566][T19356]  ? show_regs_print_info+0x20/0x20
[  490.998807][T19356]  ? kmem_cache_alloc+0x14d/0x2e0
[  491.003872][T19356]  ? __asan_memset+0x22/0x40
[  491.008518][T19356]  ? nilfs_btree_alloc_path+0x5e5/0x600
[  491.014122][T19356]  nilfs_btree_last_key+0x489/0x610
[  491.019372][T19356]  nilfs_bmap_last_key+0x74/0x120
[  491.024459][T19356]  nilfs_truncate_bmap+0xff/0x340
[  491.029547][T19356]  ? nilfs_update_inode+0x1d0/0x1d0
[  491.034787][T19356]  ? block_truncate_page+0x168/0x9f0
[  491.040214][T19356]  ? nilfs_inode_sub_blocks+0xe0/0xe0
[  491.045633][T19356]  nilfs_truncate+0x267/0x4a0
[  491.050380][T19356]  ? nilfs_write_failed+0xa0/0xa0
[  491.055464][T19356]  nilfs_setattr+0x211/0x2b0
[  491.060102][T19356]  ? nilfs_clear_inode+0x280/0x280
[  491.065255][T19356]  ? is_bad_inode+0xd/0x40
[  491.069706][T19356]  ? evm_inode_setattr+0x94/0x6a0
[  491.074764][T19356]  ? bpf_lsm_inode_setattr+0x9/0x10
[  491.080082][T19356]  ? try_break_deleg+0x79/0x120
[  491.084965][T19356]  ? nilfs_clear_inode+0x280/0x280
[  491.090127][T19356]  notify_change+0xb0d/0xe10
[  491.094776][T19356]  do_truncate+0x19b/0x220
[  491.099231][T19356]  ? put_page_bootmem+0x2c0/0x2c0
[  491.104301][T19356]  ? apparmor_file_truncate+0x23f/0x2d0
[  491.109902][T19356]  ? ima_bprm_check+0x1f0/0x1f0
[  491.114810][T19356]  path_openat+0x298c/0x3190
[  491.119471][T19356]  ? do_filp_open+0x3d0/0x3d0
[  491.124210][T19356]  do_filp_open+0x1c5/0x3d0
[  491.128759][T19356]  ? vfs_tmpfile+0x490/0x490
[  491.133402][T19356]  ? _raw_spin_unlock+0x28/0x40
[  491.138283][T19356]  ? alloc_fd+0x58f/0x630
[  491.142752][T19356]  do_sys_openat2+0x12c/0x1c0
[  491.147612][T19356]  ? do_sys_open+0xe0/0xe0
[  491.152089][T19356]  ? lockdep_hardirqs_on_prepare+0x400/0x760
[  491.158164][T19356]  ? lock_chain_count+0x20/0x20
[  491.163066][T19356]  __x64_sys_creat+0x90/0xb0
[  491.167702][T19356]  do_syscall_64+0x55/0xb0
[  491.172169][T19356]  ? clear_bhb_loop+0x40/0x90
[  491.176891][T19356]  ? clear_bhb_loop+0x40/0x90
[  491.181614][T19356]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  491.187537][T19356] RIP: 0033:0x7f8fbcd8e929
[  491.192062][T19356] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  491.211697][T19356] RSP: 002b:00007f8fbdb10038 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
[  491.220158][T19356] RAX: ffffffffffffffda RBX: 00007f8fbcfb5fa0 RCX: 00007f8fbcd8e929
[  491.228165][T19356] RDX: 0000000000000000 RSI: 0000000000000020 RDI: 0000200000000100
[  491.236166][T19356] RBP: 00007f8fbce10ca1 R08: 0000000000000000 R09: 0000000000000000
[  491.244165][T19356] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  491.252160][T19356] R13: 0000000000000000 R14: 00007f8fbcfb5fa0 R15: 00007ffe1dd94eb8
[  491.260178][T19356]  </TASK>
[  491.284345][T19356] NILFS (loop0): btree level mismatch (ino=16): 1 != 7
[  491.292309][T19356] NILFS error (device loop0): nilfs_bmap_last_key: broken bmap (inode number=16)
[  491.311913][T19356] Remounting filesystem read-only
[  491.317143][T19356] NILFS (loop0): error -5 truncating bmap (ino=16)
[  491.404065][T19378] loop2: detected capacity change from 0 to 8
[  491.418724][T19378] MTD: Attempt to mount non-MTD device "/dev/loop2"
[  491.437302][ T5779] udevd[5779]: incorrect cramfs checksum on /dev/loop2
[  491.512531][ T5779] udevd[5779]: incorrect cramfs checksum on /dev/loop2
[  491.523434][T19382] xt_CT: You must specify a L4 protocol and not use inversions on it
[  491.588910][ T5793] NILFS (loop0): discard dirty page: offset=4096, ino=6
[  491.608293][ T5793] NILFS (loop0): discard dirty block: blocknr=39, size=1024
[  491.629942][ T5793] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024
[  491.667982][ T5793] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024
[  491.697806][ T5793] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024
[  491.717228][ T5793] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer
[  492.144014][T19371] loop3: detected capacity change from 0 to 32768
[  492.777459][T19437] loop1: detected capacity change from 0 to 8192
[  492.868279][   T28] audit: type=1326 audit(2000002955.406:194): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19453 comm="syz.2.5929" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f052498e929 code=0x7ffc0000
[  492.927875][   T28] audit: type=1326 audit(2000002955.406:195): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19453 comm="syz.2.5929" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f052498e929 code=0x7ffc0000
[  493.046895][   T28] audit: type=1326 audit(2000002955.406:196): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19453 comm="syz.2.5929" exe="/root/syz-executor" sig=0 arch=c000003e syscall=318 compat=0 ip=0x7f052498e929 code=0x7ffc0000
[  493.140275][   T28] audit: type=1326 audit(2000002955.406:197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19453 comm="syz.2.5929" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f052498e929 code=0x7ffc0000
[  493.254875][   T28] audit: type=1326 audit(2000002955.406:198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19453 comm="syz.2.5929" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f052498e929 code=0x7ffc0000
[  493.654533][T19495] gre2: entered promiscuous mode
[  494.049262][T19526] tmpfs: Bad value for 'mpol'
[  494.273844][T19534] loop1: detected capacity change from 0 to 2048
[  494.342515][T19547] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  494.406722][T19534] CPU: 0 PID: 19534 Comm: syz.1.5948 Not tainted 6.6.98-syzkaller #0
[  494.406769][T19554] x_tables: ip6_tables: socket match: used from hooks OUTPUT, but only valid from PREROUTING/INPUT
[  494.415344][T19534] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  494.415415][T19534] Call Trace:
[  494.415425][T19534]  <TASK>
[  494.415450][T19534]  dump_stack_lvl+0x16c/0x230
[  494.415493][T19534]  ? show_regs_print_info+0x20/0x20
[  494.452421][T19534]  ? kmem_cache_alloc+0x14d/0x2e0
[  494.457480][T19534]  ? __asan_memset+0x22/0x40
[  494.462109][T19534]  ? nilfs_btree_alloc_path+0x5e5/0x600
[  494.467716][T19534]  nilfs_btree_last_key+0x489/0x610
[  494.472966][T19534]  nilfs_bmap_last_key+0x74/0x120
[  494.478035][T19534]  nilfs_truncate_bmap+0xff/0x340
[  494.483108][T19534]  ? nilfs_update_inode+0x1d0/0x1d0
[  494.488348][T19534]  ? block_truncate_page+0x168/0x9f0
[  494.493694][T19534]  ? nilfs_inode_sub_blocks+0xe0/0xe0
[  494.499112][T19534]  nilfs_truncate+0x267/0x4a0
[  494.503840][T19534]  ? nilfs_write_failed+0xa0/0xa0
[  494.508925][T19534]  nilfs_setattr+0x211/0x2b0
[  494.510525][T19552] loop3: detected capacity change from 0 to 2048
[  494.513533][T19534]  ? nilfs_clear_inode+0x280/0x280
[  494.513566][T19534]  ? is_bad_inode+0xd/0x40
[  494.513590][T19534]  ? evm_inode_setattr+0x94/0x6a0
[  494.513610][T19534]  ? bpf_lsm_inode_setattr+0x9/0x10
[  494.513631][T19534]  ? try_break_deleg+0x79/0x120
[  494.544618][T19534]  ? nilfs_clear_inode+0x280/0x280
[  494.549848][T19534]  notify_change+0xb0d/0xe10
[  494.554517][T19534]  do_truncate+0x19b/0x220
[  494.558943][T19534]  ? put_page_bootmem+0x2c0/0x2c0
[  494.563964][T19534]  ? apparmor_file_truncate+0x23f/0x2d0
[  494.569528][T19534]  ? ima_bprm_check+0x1f0/0x1f0
[  494.574388][T19534]  path_openat+0x298c/0x3190
[  494.579002][T19534]  ? do_filp_open+0x3d0/0x3d0
[  494.583700][T19534]  do_filp_open+0x1c5/0x3d0
[  494.588213][T19534]  ? vfs_tmpfile+0x490/0x490
[  494.592915][T19534]  ? _raw_spin_unlock+0x28/0x40
[  494.597767][T19534]  ? alloc_fd+0x58f/0x630
[  494.602104][T19534]  do_sys_openat2+0x12c/0x1c0
[  494.606788][T19534]  ? do_sys_open+0xe0/0xe0
[  494.611212][T19534]  ? lockdep_hardirqs_on_prepare+0x400/0x760
[  494.617369][T19534]  ? lock_chain_count+0x20/0x20
[  494.622230][T19534]  __x64_sys_creat+0x90/0xb0
[  494.626839][T19534]  do_syscall_64+0x55/0xb0
[  494.631349][T19534]  ? clear_bhb_loop+0x40/0x90
[  494.636028][T19534]  ? clear_bhb_loop+0x40/0x90
[  494.640707][T19534]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  494.646622][T19534] RIP: 0033:0x7f699f98e929
[  494.651050][T19534] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  494.670666][T19534] RSP: 002b:00007f69a0750038 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
[  494.679083][T19534] RAX: ffffffffffffffda RBX: 00007f699fbb5fa0 RCX: 00007f699f98e929
[  494.687061][T19534] RDX: 0000000000000000 RSI: 0000000000000020 RDI: 0000200000000100
[  494.695034][T19534] RBP: 00007f699fa10ca1 R08: 0000000000000000 R09: 0000000000000000
[  494.703009][T19534] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  494.710983][T19534] R13: 0000000000000000 R14: 00007f699fbb5fa0 R15: 00007fff140c3bf8
[  494.718967][T19534]  </TASK>
[  494.722106][    C0] vkms_vblank_simulate: vblank timer overrun
[  494.747586][T19534] NILFS (loop1): btree level mismatch (ino=16): 1 != 7
[  494.761068][T19534] NILFS error (device loop1): nilfs_bmap_last_key: broken bmap (inode number=16)
[  494.782252][T19534] Remounting filesystem read-only
[  494.792481][T19559] loop0: detected capacity change from 0 to 256
[  494.804807][T19559] exfat: Deprecated parameter 'namecase'
[  494.812103][T19559] exfat: Deprecated parameter 'utf8'
[  494.823612][T19534] NILFS (loop1): error -5 truncating bmap (ino=16)
[  494.851101][T19559] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d)
[  494.939623][T19552] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  495.027849][T19559] tmpfs: Bad value for 'grpquota_block_hardlimit'
[  495.035006][T19552] ext4 filesystem being mounted at /1492/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  495.076185][ T5784] NILFS (loop1): discard dirty page: offset=4096, ino=6
[  495.087860][ T5784] NILFS (loop1): discard dirty block: blocknr=39, size=1024
[  495.095441][ T5784] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024
[  495.108463][ T5784] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024
[  495.117649][ T5784] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024
[  495.126958][ T5784] NILFS (loop1): disposed unprocessed dirty file(s) when detaching log writer
[  495.239903][T19552] EXT4-fs error (device loop3): __ext4_new_inode:1075: comm syz.3.5953: reserved inode found cleared - inode=1
[  495.433716][ T5787] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  495.576251][T19599] netlink: 148 bytes leftover after parsing attributes in process `syz.0.5961'.
[  496.072197][T19634] IPv6: NLM_F_CREATE should be specified when creating new route
[  496.388994][T19641] loop1: detected capacity change from 0 to 4096
[  496.418858][T19641] ntfs3: loop1: Different NTFS sector size (1024) and media sector size (512).
[  496.626561][T19657] netlink: 32 bytes leftover after parsing attributes in process `syz.3.5977'.
[  496.854730][T19632] loop0: detected capacity change from 0 to 32768
[  496.931102][T19632] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[  496.945796][T19676] loop1: detected capacity change from 0 to 1764
[  497.026683][T19676] iso9660: Corrupted directory entry in block 2 of inode 1920
[  497.035507][T19632] (syz.0.5971,19632,0):ocfs2_symlink:2068 ERROR: status = -2
[  497.088128][T19684] netlink: 20 bytes leftover after parsing attributes in process `syz.3.5985'.
[  497.107671][T19684] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5985'.
[  497.160578][ T5793] (syz-executor,5793,0):ocfs2_inode_is_valid_to_delete:852 ERROR: Skipping delete of root inode.
[  497.190403][T19688] loop2: detected capacity change from 0 to 2048
[  497.200101][ T5793] ocfs2: Unmounting device (7,0) on (node local)
[  497.282036][T19688] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  497.388532][T19700] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5988'.
[  497.400238][   T28] audit: type=1800 audit(2000002959.644:199): pid=19688 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.5987" name="file2" dev="loop2" ino=1336 res=0 errno=0
[  497.423258][T19699] netlink: 'syz.3.5989': attribute type 1 has an invalid length.
[  497.457252][T19700] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5988'.
[  497.613891][T19708] netlink: 16 bytes leftover after parsing attributes in process `syz.3.5990'.
[  497.798947][T19718] loop2: detected capacity change from 0 to 2048
[  497.879749][T19729] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  497.950589][T19718] CPU: 0 PID: 19718 Comm: syz.2.5993 Not tainted 6.6.98-syzkaller #0
[  497.958724][T19718] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  497.968808][T19718] Call Trace:
[  497.972115][T19718]  <TASK>
[  497.975071][T19718]  dump_stack_lvl+0x16c/0x230
[  497.979806][T19718]  ? show_regs_print_info+0x20/0x20
[  497.985040][T19718]  ? kmem_cache_alloc+0x14d/0x2e0
[  497.990097][T19718]  ? __asan_memset+0x22/0x40
[  497.994722][T19718]  ? nilfs_btree_alloc_path+0x5e5/0x600
[  498.000316][T19718]  nilfs_btree_last_key+0x489/0x610
[  498.005576][T19718]  nilfs_bmap_last_key+0x74/0x120
[  498.010641][T19718]  nilfs_truncate_bmap+0xff/0x340
[  498.015710][T19718]  ? nilfs_update_inode+0x1d0/0x1d0
[  498.020944][T19718]  ? block_truncate_page+0x168/0x9f0
[  498.026263][T19718]  ? nilfs_inode_sub_blocks+0xe0/0xe0
[  498.031678][T19718]  nilfs_truncate+0x267/0x4a0
[  498.036409][T19718]  ? nilfs_write_failed+0xa0/0xa0
[  498.041502][T19718]  nilfs_setattr+0x211/0x2b0
[  498.046147][T19718]  ? nilfs_clear_inode+0x280/0x280
[  498.051303][T19718]  ? is_bad_inode+0xd/0x40
[  498.055757][T19718]  ? evm_inode_setattr+0x94/0x6a0
[  498.060816][T19718]  ? bpf_lsm_inode_setattr+0x9/0x10
[  498.066043][T19718]  ? try_break_deleg+0x79/0x120
[  498.070921][T19718]  ? nilfs_clear_inode+0x280/0x280
[  498.076069][T19718]  notify_change+0xb0d/0xe10
[  498.080786][T19718]  do_truncate+0x19b/0x220
[  498.085245][T19718]  ? put_page_bootmem+0x2c0/0x2c0
[  498.090306][T19718]  ? apparmor_file_truncate+0x23f/0x2d0
[  498.095897][T19718]  ? ima_bprm_check+0x1f0/0x1f0
[  498.100796][T19718]  path_openat+0x298c/0x3190
[  498.105456][T19718]  ? do_filp_open+0x3d0/0x3d0
[  498.110180][T19718]  do_filp_open+0x1c5/0x3d0
[  498.114716][T19718]  ? vfs_tmpfile+0x490/0x490
[  498.119375][T19718]  ? _raw_spin_unlock+0x28/0x40
[  498.124255][T19718]  ? alloc_fd+0x58f/0x630
[  498.128616][T19718]  do_sys_openat2+0x12c/0x1c0
[  498.133294][T19718]  ? do_sys_open+0xe0/0xe0
[  498.137716][T19718]  ? lockdep_hardirqs_on_prepare+0x400/0x760
[  498.143714][T19718]  ? lock_chain_count+0x20/0x20
[  498.148570][T19718]  ? lockdep_hardirqs_on_prepare+0x400/0x760
[  498.154585][T19718]  __x64_sys_creat+0x90/0xb0
[  498.159208][T19718]  do_syscall_64+0x55/0xb0
[  498.163650][T19718]  ? clear_bhb_loop+0x40/0x90
[  498.168358][T19718]  ? clear_bhb_loop+0x40/0x90
[  498.173061][T19718]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  498.178983][T19718] RIP: 0033:0x7f052498e929
[  498.183421][T19718] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  498.203058][T19718] RSP: 002b:00007f0525736038 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
[  498.211512][T19718] RAX: ffffffffffffffda RBX: 00007f0524bb5fa0 RCX: 00007f052498e929
[  498.219519][T19718] RDX: 0000000000000000 RSI: 0000000000000020 RDI: 0000200000000100
[  498.227520][T19718] RBP: 00007f0524a10ca1 R08: 0000000000000000 R09: 0000000000000000
[  498.235523][T19718] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  498.243522][T19718] R13: 0000000000000000 R14: 00007f0524bb5fa0 R15: 00007ffcb1e86668
[  498.251544][T19718]  </TASK>
[  498.254690][    C0] vkms_vblank_simulate: vblank timer overrun
[  498.279922][T19718] NILFS (loop2): btree level mismatch (ino=16): 1 != 7
[  498.287156][T19718] NILFS error (device loop2): nilfs_bmap_last_key: broken bmap (inode number=16)
[  498.297229][T19718] Remounting filesystem read-only
[  498.302298][T19718] NILFS (loop2): error -5 truncating bmap (ino=16)
[  498.488461][ T5788] NILFS (loop2): discard dirty page: offset=4096, ino=6
[  498.495455][ T5788] NILFS (loop2): discard dirty block: blocknr=39, size=1024
[  498.503265][ T5788] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024
[  498.519451][ T5788] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024
[  498.528356][ T5788] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024
[  498.551524][ T5788] NILFS (loop2): disposed unprocessed dirty file(s) when detaching log writer
[  498.611162][T19747] loop0: detected capacity change from 0 to 2048
[  498.654928][T19747] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024)
[  498.677916][T19720] loop1: detected capacity change from 0 to 32768
[  498.680288][T19754] netlink: 'syz.2.6003': attribute type 11 has an invalid length.
[  498.731084][T19757] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  499.031936][   T28] audit: type=1326 audit(2000002961.169:200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19768 comm="syz.2.6007" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f052498e929 code=0x0
[  499.233783][T19780] loop0: detected capacity change from 0 to 2048
[  499.277124][T19780] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  500.426606][T19842] loop3: detected capacity change from 0 to 764
[  500.496600][T19842] Symlink component flag not implemented
[  500.507368][T19842] Symlink component flag not implemented
[  500.513149][T19842] Symlink component flag not implemented (129)
[  500.532819][T19812] loop0: detected capacity change from 0 to 32768
[  500.539867][T19842] Symlink component flag not implemented (6)
[  500.548831][T19812] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz.0.6019 (19812)
[  500.560540][  T786] usb 2-1: new high-speed USB device number 32 using dummy_hcd
[  500.585650][T19812] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  500.600615][T19812] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[  500.609855][T19812] BTRFS info (device loop0): using free space tree
[  500.671870][T19857] netlink: 'syz.2.6037': attribute type 1 has an invalid length.
[  500.680414][T19857] netlink: 'syz.2.6037': attribute type 2 has an invalid length.
[  500.688211][T19857] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6037'.
[  500.751349][T19868] netlink: 28 bytes leftover after parsing attributes in process `syz.2.6030'.
[  500.761088][T19868] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6030'.
[  500.779881][  T786] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  500.795787][  T786] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  500.800664][T19812] BTRFS info (device loop0): enabling ssd optimizations
[  500.806111][  T786] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  500.821225][  T786] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=67
[  500.829925][  T786] usb 2-1: SerialNumber: syz
[  500.849093][T19812] BTRFS info (device loop0): auto enabling async discard
[  501.098799][  T786] usb 2-1: 0:2 : does not exist
[  501.102498][ T5793] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  501.224295][  T786] usb 2-1: USB disconnect, device number 32
[  501.459543][ T5779] udevd[5779]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  501.488880][T19899] loop2: detected capacity change from 0 to 4096
[  501.521933][T19899] ntfs3: loop2: Different NTFS sector size (4096) and media sector size (512).
[  501.525233][   T28] audit: type=1326 audit(2000002963.499:201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19915 comm="syz.3.6039" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd75598e929 code=0x7ffc0000
[  501.567471][   T28] audit: type=1326 audit(2000002963.517:202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19915 comm="syz.3.6039" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd75598e929 code=0x7ffc0000
[  501.632377][   T28] audit: type=1326 audit(2000002963.546:203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19915 comm="syz.3.6039" exe="/root/syz-executor" sig=0 arch=c000003e syscall=35 compat=0 ip=0x7fd75598e929 code=0x7ffc0000
[  501.721067][   T28] audit: type=1326 audit(2000002963.611:204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19915 comm="syz.3.6039" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd75598e929 code=0x7ffc0000
[  501.799044][   T28] audit: type=1326 audit(2000002963.611:205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19915 comm="syz.3.6039" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd75598e929 code=0x7ffc0000
[  501.922690][T19926] loop3: detected capacity change from 0 to 256
[  502.026992][T19933] netdevsim netdevsim1 netdevsim0: entered promiscuous mode
[  502.060434][T19933] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  502.326348][T19949] loop3: detected capacity change from 0 to 512
[  502.333579][T19949] ext4: Unknown parameter '.'
[  502.348941][T19952] loop1: detected capacity change from 0 to 64
[  502.443233][T19961] netlink: 'syz.2.6050': attribute type 8 has an invalid length.
[  502.800789][T19976] loop3: detected capacity change from 0 to 4096
[  502.837576][T19976] ntfs3: loop3: Different NTFS sector size (2048) and media sector size (512).
[  502.856540][T19988] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6056'.
[  502.870177][T19988] netlink: 20 bytes leftover after parsing attributes in process `syz.1.6056'.
[  503.033141][T19999] netlink: 28 bytes leftover after parsing attributes in process `syz.2.6059'.
[  503.757122][T20042] netlink: 1 bytes leftover after parsing attributes in process `syz.2.6072'.
[  503.803664][T20038] loop1: detected capacity change from 0 to 4096
[  503.827156][T20038] ntfs3: loop1: Different NTFS sector size (4096) and media sector size (512).
[  503.882586][T20038] ntfs3: loop1: Failed to initialize $Extend/$Reparse.
[  504.517956][T20075] netlink: 'syz.2.6082': attribute type 5 has an invalid length.
[  504.750562][T20065] loop1: detected capacity change from 0 to 32768
[  504.764619][T20051] loop3: detected capacity change from 0 to 32768
[  504.785809][T20065] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 scanned by syz.1.6078 (20065)
[  504.813331][T20082] loop2: detected capacity change from 0 to 256
[  504.862596][T20051] ea_get: invalid extended attribute
[  504.870643][T20065] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  504.891123][T20051] ffff88805c8abab0: 04 00 00 00                                      ....
[  504.899861][T20065] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm
[  504.914417][T20065] BTRFS info (device loop1): using free space tree
[  505.064773][T20065] BTRFS info (device loop1): enabling ssd optimizations
[  505.103254][T20065] BTRFS info (device loop1): auto enabling async discard
[  505.293492][ T5784] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  505.351947][T20072] loop0: detected capacity change from 0 to 32768
[  505.410398][T20072] (syz.0.6081,20072,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  505.455268][T20072] (syz.0.6081,20072,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  505.465871][T20120] loop2: detected capacity change from 0 to 128
[  505.513489][T20120] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1)
[  505.521061][T20072] JBD2: Ignoring recovery information on journal
[  505.621694][T20072] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[  505.689927][T20120] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 550)
[  505.723236][T20120] FAT-fs (loop2): Filesystem has been set read-only
[  505.740445][T20120] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 550)
[  505.776667][T20120] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 550)
[  505.796733][T20120] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 550)
[  505.806843][T20120] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 550)
[  505.816175][T20120] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 550)
[  505.825513][T20120] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 550)
[  505.834810][T20120] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 550)
[  505.874437][T20120] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 550)
[  505.877758][    T9] usb 4-1: new high-speed USB device number 28 using dummy_hcd
[  505.897135][T20120] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 550)
[  505.955983][   T28] audit: type=1800 audit(2000002967.643:206): pid=20120 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.6089" name="file2" dev="loop2" ino=1048692 res=0 errno=0
[  505.976352][T20120] FAT-fs (loop2): error, fat_free_clusters: deleting FAT entry beyond EOF
[  506.067980][ T5793] ocfs2: Unmounting device (7,0) on (node local)
[  506.130094][    T9] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  506.140957][    T9] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  506.174373][    T9] usb 4-1: config 1 interface 1 has no altsetting 0
[  506.222530][    T9] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  506.244604][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  506.253292][    T9] usb 4-1: Product: syz
[  506.262386][    T9] usb 4-1: Manufacturer: syz
[  506.267216][    T9] usb 4-1: SerialNumber: syz
[  506.290978][    T9] usb 4-1: selecting invalid altsetting 1
[  506.296758][    T9] usb 4-1: selecting invalid altsetting 0
[  506.305206][    T9] usb 4-1: selecting invalid altsetting 0
[  506.328589][    T9] cdc_ncm 4-1:1.0: bind() failure
[  506.390652][    T9] usb 4-1: selecting invalid altsetting 0
[  506.419585][    T9] usbtest: probe of 4-1:1.1 failed with error -22
[  506.559706][    T9] usb 4-1: USB disconnect, device number 28
[  506.686410][T20171] program syz.1.6096 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  506.915982][T20188] Cannot find del_set index 4 as target
[  507.049679][  T786] usb 1-1: new high-speed USB device number 34 using dummy_hcd
[  507.250695][T20209] autofs4:pid:20209:validate_dev_ioctl: invalid path supplied for cmd(0xc018937d)
[  507.269257][  T786] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  507.270433][T20213] loop1: detected capacity change from 0 to 256
[  507.287864][  T786] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  507.317681][  T786] usb 1-1: Product: syz
[  507.321897][  T786] usb 1-1: Manufacturer: syz
[  507.347891][  T786] usb 1-1: SerialNumber: syz
[  507.362395][T20213] FAT-fs (loop1): Directory bread(block 64) failed
[  507.377691][T20213] FAT-fs (loop1): Directory bread(block 65) failed
[  507.385902][  T786] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  507.407144][T20213] FAT-fs (loop1): Directory bread(block 66) failed
[  507.423906][ T5826] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  507.439036][T20213] FAT-fs (loop1): Directory bread(block 67) failed
[  507.439195][T20213] FAT-fs (loop1): Directory bread(block 68) failed
[  507.439224][T20213] FAT-fs (loop1): Directory bread(block 69) failed
[  507.439313][T20213] FAT-fs (loop1): Directory bread(block 70) failed
[  507.439339][T20213] FAT-fs (loop1): Directory bread(block 71) failed
[  507.439440][T20213] FAT-fs (loop1): Directory bread(block 72) failed
[  507.439466][T20213] FAT-fs (loop1): Directory bread(block 73) failed
[  508.011245][  T786] usb 1-1: USB disconnect, device number 34
[  508.217485][T20259] xt_CT: No such helper "snmp"
[  508.291744][T20267] bond3: entered promiscuous mode
[  508.343252][T20267] 8021q: adding VLAN 0 to HW filter on device bond3
[  508.565222][ T5826] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive
[  508.589631][ T5826] ath9k_htc: Failed to initialize the device
[  508.604907][  T786] usb 1-1: ath9k_htc: USB layer deinitialized
[  508.966870][T20344] xt_hashlimit: max too large, truncated to 1048576
[  509.007187][T20337] loop0: detected capacity change from 0 to 4096
[  509.063884][T20337] ntfs: (device loop0): check_mft_mirror(): $MFT and $MFTMirr (record 1) do not match.  Run ntfsfix or chkdsk.
[  509.088776][T20337] ntfs: (device loop0): load_system_files(): $MFTMirr does not match $MFT.  Mounting read-only.  Run ntfsfix and/or chkdsk.
[  509.113253][T20353] loop3: detected capacity change from 0 to 8
[  509.161515][T20337] ntfs: (device loop0): ntfs_read_locked_inode(): First extent of $DATA attribute has non zero lowest_vcn.
[  509.212505][T20337] ntfs: (device loop0): ntfs_read_locked_inode(): Failed with error code -5.  Marking corrupt inode 0xa as bad.  Run chkdsk.
[  509.293206][T20337] ntfs: (device loop0): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default.
[  509.338469][T20337] ntfs: volume version 3.1.
[  509.372572][T20337] ntfs: (device loop0): ntfs_lookup_inode_by_name(): Index entry out of bounds in directory inode 0x5.
[  509.419052][T20337] ntfs: (device loop0): check_windows_hibernation_status(): Failed to find inode number for hiberfil.sys.
[  509.452844][T20337] ntfs: (device loop0): load_system_files(): Failed to determine if Windows is hibernated.  Will not be able to remount read-write.  Run chkdsk.
[  509.505005][T20337] ntfs: (device loop0): ntfs_read_locked_index_inode(): $INDEX_ROOT attribute is corrupt.
[  509.881094][T20390] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  509.888527][T20390] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  510.348836][T20426] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  510.437107][ T5846] usb 3-1: new high-speed USB device number 26 using dummy_hcd
[  510.568063][T20431] loop3: detected capacity change from 0 to 4096
[  510.648170][T20446] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  510.670019][ T5846] usb 3-1: New USB device found, idVendor=2770, idProduct=9052, bcdDevice=15.f5
[  510.700688][ T5846] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  510.730356][ T5846] usb 3-1: Product: syz
[  510.745279][ T5846] usb 3-1: Manufacturer: syz
[  510.756044][T20431] NILFS error (device loop3): nilfs_bmap_lookup_at_level: broken bmap (inode number=6)
[  510.773635][ T5846] usb 3-1: SerialNumber: syz
[  510.783777][ T5846] usb 3-1: config 0 descriptor??
[  510.808837][ T5846] gspca_main: sq905c-2.14.0 probing 2770:9052
[  510.820151][T20431] Remounting filesystem read-only
[  511.121327][  T786] usb 2-1: new full-speed USB device number 33 using dummy_hcd
[  511.230289][ T5846] gspca_sq905c: sq905c_read: usb_control_msg failed (-71)
[  511.249654][ T5846] sq905c 3-1:0.0: Reading version command failed
[  511.258408][ T5846] sq905c: probe of 3-1:0.0 failed with error -71
[  511.270012][ T5846] usb 3-1: USB disconnect, device number 26
[  511.291629][T20485] loop0: detected capacity change from 0 to 256
[  511.316681][  T786] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  511.336053][  T786] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  511.374109][  T786] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.00
[  511.386683][  T786] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  511.396330][  T786] usb 2-1: SerialNumber: syz
[  511.430566][  T786] usb 2-1: 0:2 : does not exist
[  511.474216][   T27] usb 4-1: new high-speed USB device number 29 using dummy_hcd
[  511.616700][T20504] loop0: detected capacity change from 0 to 2048
[  511.636493][T20504] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024)
[  511.659272][T20504] NILFS (loop0): mounting unchecked fs
[  511.664821][T20504] NILFS (loop0): recovery required for readonly filesystem
[  511.668613][   T27] usb 4-1: Using ep0 maxpacket: 16
[  511.678309][T20504] NILFS (loop0): write access will be enabled during recovery
[  511.684760][   T27] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  511.694792][T20504] NILFS (loop0): norecovery option specified, skipping roll-forward recovery
[  511.736067][T20504] NILFS (loop0): couldn't remount because the filesystem is in an incomplete recovery state
[  511.737393][   T27] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  511.758151][ T5779] udevd[5779]: incorrect nilfs2 checksum on /dev/loop0
[  511.783852][   T27] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  511.813341][ T5779] udevd[5779]: incorrect nilfs2 checksum on /dev/loop0
[  511.821853][   T27] usb 4-1: New USB device found, idVendor=1781, idProduct=0898, bcdDevice= 0.00
[  511.842370][   T27] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  511.874907][   T27] usb 4-1: config 0 descriptor??
[  511.902092][   T27] input: PXRC Flight Controller Adapter as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input20
[  511.944820][ T5146] pxrc 4-1:0.0: pxrc_open - usb_submit_urb failed, error: -90
[  511.973404][  T786] usb 2-1: USB disconnect, device number 33
[  511.998144][ T5146] pxrc 4-1:0.0: pxrc_open - usb_submit_urb failed, error: -90
[  512.043334][ T5146] pxrc 4-1:0.0: pxrc_open - usb_submit_urb failed, error: -90
[  512.091245][ T5146] pxrc 4-1:0.0: pxrc_open - usb_submit_urb failed, error: -90
[  512.165347][ T6478] pxrc 4-1:0.0: pxrc_open - usb_submit_urb failed, error: -90
[  512.196469][ T5146] pxrc 4-1:0.0: pxrc_open - usb_submit_urb failed, error: -90
[  512.220223][ T5146] pxrc 4-1:0.0: pxrc_open - usb_submit_urb failed, error: -90
[  512.244817][ T5146] pxrc 4-1:0.0: pxrc_open - usb_submit_urb failed, error: -90
[  512.270874][T20476] pxrc 4-1:0.0: pxrc_open - usb_submit_urb failed, error: -90
[  512.285330][   T27] usb 4-1: USB disconnect, device number 29
[  512.727907][T20514] loop0: detected capacity change from 0 to 32768
[  512.795951][T20514] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  512.837254][T20514] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  512.861475][T20514] gfs2: fsid=syz:syz.0: journal 0 mapped with 16 extents in 0ms
[  512.930647][ T5833] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  512.945107][ T5833] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[  513.100530][ T5833] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 145ms
[  513.124067][ T5833] gfs2: fsid=syz:syz.0: jid=0: Done
[  513.131188][T20514] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  513.167364][T20514] gfs2: gfs2 mount does not exist
[  513.175099][T20564] loop2: detected capacity change from 0 to 32768
[  513.244180][T20564] jfs_lookup: iget failed on inum 32
[  513.262936][T20564] jfs_lookup: iget failed on inum 32
[  513.450229][   T28] kauditd_printk_skb: 5 callbacks suppressed
[  513.450244][   T28] audit: type=1326 audit(2000002974.660:207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20593 comm="syz.1.6188" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f699f98e929 code=0x7ffc0000
[  513.558215][   T28] audit: type=1326 audit(2000002974.660:208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20593 comm="syz.1.6188" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f699f98e929 code=0x7ffc0000
[  513.632964][   T28] audit: type=1326 audit(2000002974.679:209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20593 comm="syz.1.6188" exe="/root/syz-executor" sig=0 arch=c000003e syscall=116 compat=0 ip=0x7f699f98e929 code=0x7ffc0000
[  513.709367][   T28] audit: type=1326 audit(2000002974.679:210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20593 comm="syz.1.6188" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f699f98e929 code=0x7ffc0000
[  513.786979][   T28] audit: type=1326 audit(2000002974.679:211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20593 comm="syz.1.6188" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f699f98e929 code=0x7ffc0000
[  513.809332][    C0] vkms_vblank_simulate: vblank timer overrun
[  513.967293][T20621] netlink: 'syz.2.6196': attribute type 6 has an invalid length.
[  514.024309][T20626] loop0: detected capacity change from 0 to 512
[  514.059577][T20626] EXT4-fs: Ignoring removed oldalloc option
[  514.163729][T20626] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  514.177268][T20640] loop3: detected capacity change from 0 to 512
[  514.208492][T20626] ext4 filesystem being mounted at /1491/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  514.316179][T20640] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2244: inode #15: comm syz.3.6200: corrupted in-inode xattr: invalid ea_ino
[  514.332342][T20640] EXT4-fs error (device loop3): ext4_orphan_get:1404: comm syz.3.6200: couldn't read orphan inode 15 (err -117)
[  514.351306][T20640] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  514.441612][ T5793] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  514.453009][ T5787] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  514.710509][T20666] loop0: detected capacity change from 0 to 2048
[  514.767056][T20666]  loop0: p1 < > p3
[  514.780066][T20666] loop0: p3 size 134217728 extends beyond EOD, truncated
[  515.112663][ T5978] udevd[5978]: inotify_add_watch(7, /dev/loop0p3, 10) failed: No such file or directory
[  515.134821][ T5779] udevd[5779]: inotify_add_watch(7, /dev/loop0p1, 10) failed: No such file or directory
[  515.174093][T20700] netlink: 16 bytes leftover after parsing attributes in process `syz.1.6215'.
[  515.741566][T20679] loop2: detected capacity change from 0 to 32768
[  515.774163][T20679] (syz.2.6210,20679,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  515.806431][T20679] (syz.2.6210,20679,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  515.882491][T20679] JBD2: Ignoring recovery information on journal
[  515.994600][T20679] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[  516.066464][T20725] loop1: detected capacity change from 0 to 32768
[  516.101887][   T27] usb 4-1: new high-speed USB device number 30 using dummy_hcd
[  516.109956][T20725] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 scanned by syz.1.6223 (20725)
[  516.152589][T20725] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  516.178400][T20725] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm
[  516.190723][T20725] BTRFS info (device loop1): enabling auto defrag
[  516.197246][T20725] BTRFS info (device loop1): use no compression
[  516.230049][T20725] BTRFS info (device loop1): force clearing of disk cache
[  516.247935][ T5788] ocfs2: Unmounting device (7,2) on (node local)
[  516.295108][T20725] BTRFS info (device loop1): max_inline at 0
[  516.302810][T20725] BTRFS info (device loop1): using free space tree
[  516.316258][   T27] usb 4-1: Using ep0 maxpacket: 8
[  516.319533][T20718] loop0: detected capacity change from 0 to 32768
[  516.325913][   T27] usb 4-1: New USB device found, idVendor=0458, idProduct=7003, bcdDevice=7a.1a
[  516.341702][   T27] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  516.351427][   T27] usb 4-1: Product: syz
[  516.355626][   T27] usb 4-1: Manufacturer: syz
[  516.362402][   T27] usb 4-1: SerialNumber: syz
[  516.381015][   T27] usb 4-1: config 0 descriptor??
[  516.390022][   T27] gspca_main: sn9c2028-2.14.0 probing 0458:7003
[  516.423906][T20718] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  516.529969][T20725] BTRFS info (device loop1): enabling ssd optimizations
[  516.537008][T20725] BTRFS info (device loop1): auto enabling async discard
[  516.556327][T20725] BTRFS info (device loop1): rebuilding free space tree
[  516.614351][T20718] XFS (loop0): Ending clean mount
[  516.658448][T20718] XFS (loop0): Quotacheck needed: Please wait.
[  516.801809][T20718] XFS (loop0): Quotacheck: Done.
[  516.829608][ T5784] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  516.862881][   T27] gspca_sn9c2028: read1 error -71
[  516.884095][   T27] gspca_sn9c2028: read1 error -71
[  516.889251][   T27] sn9c2028: probe of 4-1:0.0 failed with error -71
[  516.951931][   T27] usb 4-1: USB disconnect, device number 30
[  517.060790][ T5793] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  517.597294][T20803] IPVS: set_ctl: invalid protocol: 59 0.0.0.0:20000
[  518.079688][T20827] loop0: detected capacity change from 0 to 128
[  518.104783][T20792] loop2: detected capacity change from 0 to 32768
[  518.123259][T20827] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  518.146360][T20792] (syz.2.6229,20792,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  518.219328][T20838] loop3: detected capacity change from 0 to 64
[  518.230952][T20827] ext4 filesystem being mounted at /1499/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  518.275866][T20792] (syz.2.6229,20792,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  518.473939][T20792] JBD2: Ignoring recovery information on journal
[  518.539431][ T5793] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  518.584039][T20792] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[  518.596595][T20856] netlink: 32 bytes leftover after parsing attributes in process `syz.3.6244'.
[  518.909344][ T5788] ocfs2: Unmounting device (7,2) on (node local)
[  519.050145][T20877] loop1: detected capacity change from 0 to 512
[  519.115210][T20877] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 219 vs 220 free clusters
[  519.206267][T20877] EXT4-fs (loop1): Remounting filesystem read-only
[  519.259895][T20877] EXT4-fs (loop1): 1 truncate cleaned up
[  519.285608][T20877] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  519.354733][   T28] audit: type=1107 audit(2000002980.189:212): pid=20887 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
[  519.481163][T20868] loop3: detected capacity change from 0 to 32768
[  519.596037][ T5784] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  519.703450][T20868] ERROR: (device loop3): dtSearch: DT_GETPAGE: dtree page corrupt
[  519.703450][T20868] 
[  519.721158][T20868] ERROR: (device loop3): remounting filesystem as read-only
[  519.748872][T20868] jfs_lookup: dtSearch returned -5
[  519.933590][ T1279] ieee802154 phy0 wpan0: encryption failed: -22
[  519.949009][ T1279] ieee802154 phy1 wpan1: encryption failed: -22
[  519.996527][T20916] loop1: detected capacity change from 0 to 64
[  520.817683][T20968] x_tables: unsorted underflow at hook 3
[  521.369395][T20946] loop3: detected capacity change from 0 to 40427
[  521.446066][T20946] F2FS-fs (loop3): invalid crc value
[  521.487640][T21005] netlink: 'syz.0.6287': attribute type 3 has an invalid length.
[  521.534829][T20946] F2FS-fs (loop3): Found nat_bits in checkpoint
[  521.681838][T20946] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4
[  521.819744][T21019] loop0: detected capacity change from 0 to 4096
[  522.754580][T21029] loop1: detected capacity change from 0 to 32768
[  522.796279][T21029] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  522.889125][ T5833] usb 3-1: new high-speed USB device number 27 using dummy_hcd
[  522.898863][T21080] loop0: detected capacity change from 0 to 16
[  522.966114][T21080] erofs: (device loop0): mounted with root inode @ nid 36.
[  522.992041][T21080] erofs: (device loop0): erofs_map_blocks_flatmode: inline data cross block boundary @ nid 46
[  522.997980][T21029] XFS (loop1): Ending clean mount
[  523.036564][T21029] XFS (loop1): Quotacheck needed: Please wait.
[  523.112463][T21029] XFS (loop1): Quotacheck: Done.
[  523.127335][ T5833] usb 3-1: Using ep0 maxpacket: 16
[  523.170352][ T5833] usb 3-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  523.202399][ T5833] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  523.230469][ T5833] usb 3-1: Product: syz
[  523.243894][ T5833] usb 3-1: Manufacturer: syz
[  523.251676][ T5833] usb 3-1: SerialNumber: syz
[  523.279316][ T5833] r8152-cfgselector 3-1: config 0 descriptor??
[  523.354537][ T5784] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  523.803529][ T5833] r8152-cfgselector 3-1: Unknown version 0x0000
[  523.821284][ T5833] r8152-cfgselector 3-1: USB disconnect, device number 27
[  523.948625][T21137] loop0: detected capacity change from 0 to 256
[  524.067080][T21137] FAT-fs (loop0): Directory bread(block 64) failed
[  524.093181][T21137] FAT-fs (loop0): Directory bread(block 65) failed
[  524.114008][T21137] FAT-fs (loop0): Directory bread(block 66) failed
[  524.129336][T21137] FAT-fs (loop0): Directory bread(block 67) failed
[  524.155022][T21137] FAT-fs (loop0): Directory bread(block 68) failed
[  524.169295][T21137] FAT-fs (loop0): Directory bread(block 69) failed
[  524.176409][T21137] FAT-fs (loop0): Directory bread(block 70) failed
[  524.185051][T21137] FAT-fs (loop0): Directory bread(block 71) failed
[  524.191813][T21137] FAT-fs (loop0): Directory bread(block 72) failed
[  524.199471][T21137] FAT-fs (loop0): Directory bread(block 73) failed
[  524.345413][T21149] loop1: detected capacity change from 0 to 64
[  524.424382][T21149] hfs: request for non-existent node 16777216 in B*Tree
[  524.455771][T21149] hfs: request for non-existent node 16777216 in B*Tree
[  524.472976][T21149] hfs: request for non-existent node 16777216 in B*Tree
[  524.501083][T21149] hfs: request for non-existent node 16777216 in B*Tree
[  524.516473][T21149] hfs: request for non-existent node 16777216 in B*Tree
[  524.543405][T21149] hfs: request for non-existent node 16777216 in B*Tree
[  524.602341][T21124] loop3: detected capacity change from 0 to 40427
[  524.631289][T21124] F2FS-fs (loop3): Corrupted extension count (64 + 1 > 64)
[  524.638900][T21124] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  524.699409][T21124] F2FS-fs (loop3): Found nat_bits in checkpoint
[  524.924326][T21124] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  524.955097][T21124] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  525.562730][T21210] (unnamed net_device) (uninitialized): peer notification delay (31) is not a multiple of miimon (100), value rounded to 0 ms
[  525.630707][T21210] 8021q: adding VLAN 0 to HW filter on device bond3
[  525.886829][   T28] audit: type=1326 audit(2000002986.299:213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21256 comm="syz.0.6344" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8fbcd8e929 code=0x7ffc0000
[  526.013305][   T28] audit: type=1326 audit(2000002986.299:214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21256 comm="syz.0.6344" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8fbcd8e929 code=0x7ffc0000
[  526.071037][   T28] audit: type=1326 audit(2000002986.308:215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21256 comm="syz.0.6344" exe="/root/syz-executor" sig=0 arch=c000003e syscall=51 compat=0 ip=0x7f8fbcd8e929 code=0x7ffc0000
[  526.079619][T21266] geneve2: entered promiscuous mode
[  526.128033][T21266] geneve2: entered allmulticast mode
[  526.206658][   T28] audit: type=1326 audit(2000002986.308:216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21256 comm="syz.0.6344" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8fbcd8e929 code=0x7ffc0000
[  526.687563][T21299] loop1: detected capacity change from 0 to 64
[  526.864192][T21310] netlink: 'syz.0.6358': attribute type 10 has an invalid length.
[  526.983314][T21310] veth0_vlan: entered promiscuous mode
[  526.993363][T21310] team0: Device veth0_vlan failed to register rx_handler
[  527.205172][T21330] IPv6: NLM_F_CREATE should be specified when creating new route
[  527.271439][ T5826] usb 2-1: new high-speed USB device number 34 using dummy_hcd
[  527.499184][ T5826] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  527.515343][ T5826] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  527.538842][ T5826] usb 2-1: Product: syz
[  527.543097][ T5826] usb 2-1: Manufacturer: syz
[  527.547715][ T5826] usb 2-1: SerialNumber: syz
[  527.572610][ T5826] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  527.620891][   T27] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  528.160724][ T5776] usb 2-1: USB disconnect, device number 34
[  528.199876][T21390] loop2: detected capacity change from 0 to 256
[  528.252331][T21390] FAT-fs (loop2): Directory bread(block 64) failed
[  528.270582][T21390] FAT-fs (loop2): Directory bread(block 65) failed
[  528.281575][T21390] FAT-fs (loop2): Directory bread(block 66) failed
[  528.291189][T21390] FAT-fs (loop2): Directory bread(block 67) failed
[  528.302150][T21390] FAT-fs (loop2): Directory bread(block 68) failed
[  528.319692][T21390] FAT-fs (loop2): Directory bread(block 69) failed
[  528.322870][T21399] netlink: 'syz.3.6382': attribute type 1 has an invalid length.
[  528.328729][T21390] FAT-fs (loop2): Directory bread(block 70) failed
[  528.338096][T21399] netlink: 232 bytes leftover after parsing attributes in process `syz.3.6382'.
[  528.343004][T21390] FAT-fs (loop2): Directory bread(block 71) failed
[  528.358574][T21390] FAT-fs (loop2): Directory bread(block 72) failed
[  528.365674][T21390] FAT-fs (loop2): Directory bread(block 73) failed
[  528.522245][ T5826] usb 1-1: new high-speed USB device number 35 using dummy_hcd
[  528.525637][T21406] loop3: detected capacity change from 0 to 128
[  528.568630][T21406] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256
[  528.585880][T21406] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  528.615061][T21411] netlink: 144 bytes leftover after parsing attributes in process `syz.2.6385'.
[  528.616622][T21406] UDF-fs: error (device loop3): udf_read_tagged: tag checksum failed, block 93: 0x5d != 0x05
[  528.638991][T21406] UDF-fs: error (device loop3): udf_count_free_bitmap: udf_count_free failed
[  528.716788][ T5826] usb 1-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  528.747183][ T5826] usb 1-1: config 0 interface 0 has no altsetting 0
[  528.753924][   T27] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive
[  528.754868][ T5787] UDF-fs: error (device loop3): udf_read_inode: (ino 104) failed !bh
[  528.768647][   T27] ath9k_htc: Failed to initialize the device
[  528.779475][ T5826] usb 1-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  528.783597][ T5787] UDF-fs: error (device loop3): udf_read_inode: (ino 104) failed !bh
[  528.791796][ T5776] usb 2-1: ath9k_htc: USB layer deinitialized
[  528.806952][ T5826] usb 1-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  528.819210][ T5826] usb 1-1: Product: syz
[  528.826418][ T5826] usb 1-1: Manufacturer: syz
[  528.831154][ T5826] usb 1-1: SerialNumber: syz
[  528.844896][ T5826] usb 1-1: config 0 descriptor??
[  528.867223][ T5826] usb 1-1: selecting invalid altsetting 0
[  529.196073][   T27] usb 1-1: USB disconnect, device number 35
[  529.603587][T18072] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  529.708110][T18072] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  529.778472][T21476] binder: 21475:21476 ioctl c018620b 0 returned -14
[  529.875325][T18072] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  530.041428][T18072] bond0: (slave netdevsim0): Releasing backup interface
[  530.055755][T18072] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  530.079813][T21486] netlink: 'syz.2.6400': attribute type 1 has an invalid length.
[  530.163372][T21490] loop1: detected capacity change from 0 to 16
[  530.193798][T21490] MTD: Attempt to mount non-MTD device "/dev/loop1"
[  530.311094][T21495] netlink: 'syz.2.6402': attribute type 10 has an invalid length.
[  530.342936][T21504] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  530.362286][T21504] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  530.375015][T21504] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  530.403858][T21504] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  530.413867][T21504] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  530.425161][T21504] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  530.472541][T21495] veth0_vlan: left promiscuous mode
[  530.500614][T21513] loop0: detected capacity change from 0 to 128
[  530.502508][T21495] veth0_vlan: entered promiscuous mode
[  530.547410][T21495] team0: Device veth0_vlan failed to register rx_handler
[  531.518523][T21572] loop2: detected capacity change from 0 to 512
[  531.536347][T21572] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  531.611090][T21572] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a843c018, mo2=0002]
[  531.652454][T21572] System zones: 0-2, 18-18, 34-34
[  531.699407][T21572] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  531.734455][T21572] ext4 filesystem being mounted at /1689/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  531.756344][T21587] netlink: 'syz.1.6417': attribute type 10 has an invalid length.
[  531.901618][T21587] veth0_vlan: left promiscuous mode
[  531.963219][T21587] veth0_vlan: entered promiscuous mode
[  531.974280][ T5788] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  531.979523][T21587] team0: Device veth0_vlan failed to register rx_handler
[  532.677527][   T50] Bluetooth: hci2: command tx timeout
[  533.417455][ T5846] usb 1-1: new high-speed USB device number 36 using dummy_hcd
[  533.621379][ T5846] usb 1-1: Using ep0 maxpacket: 16
[  533.639116][T21500] chnl_net:caif_netlink_parms(): no params data found
[  533.656969][ T5846] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 112, changing to 10
[  533.688612][ T5846] usb 1-1: New USB device found, idVendor=05ac, idProduct=0224, bcdDevice= 0.00
[  533.710218][ T5846] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  533.743274][ T5846] usb 1-1: config 0 descriptor??
[  534.012389][ T5846] usb 1-1: string descriptor 0 read error: -71
[  534.029325][ T5846] input: bcm5974 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input21
[  534.045009][ T5146] bcm5974 1-1:0.0: could not read from device
[  534.229957][ T5846] usb 1-1: USB disconnect, device number 36
[  534.251472][ T5146] bcm5974 1-1:0.0: could not read from device
[  534.580490][T21500] bridge0: port 1(bridge_slave_0) entered blocking state
[  534.591248][T21500] bridge0: port 1(bridge_slave_0) entered disabled state
[  534.599625][T21500] bridge_slave_0: entered allmulticast mode
[  534.618223][T21500] bridge_slave_0: entered promiscuous mode
[  534.682980][T21500] bridge0: port 2(bridge_slave_1) entered blocking state
[  534.703675][T21500] bridge0: port 2(bridge_slave_1) entered disabled state
[  534.741290][T21500] bridge_slave_1: entered allmulticast mode
[  534.784437][T21500] bridge_slave_1: entered promiscuous mode
[  534.891263][T21908] loop1: detected capacity change from 0 to 2048
[  534.903551][   T50] Bluetooth: hci2: command tx timeout
[  534.924228][T21908] UDF-fs: error (device loop1): udf_process_sequence: Primary Volume Descriptor not found!
[  535.016345][ T5779] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  535.109072][T21500] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  535.167112][T21500] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  535.282413][ T5776] usb 3-1: new high-speed USB device number 28 using dummy_hcd
[  535.315634][T18072] hsr_slave_0: left promiscuous mode
[  535.322844][T18072] hsr_slave_1: left promiscuous mode
[  535.356087][T18072] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  535.381923][T18072] batman_adv: batadv0: Removing interface: batadv_slave_0
[  535.393954][T18072] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  535.416241][T18072] batman_adv: batadv0: Removing interface: batadv_slave_1
[  535.449914][T18072] bridge_slave_1: left allmulticast mode
[  535.455617][T18072] bridge_slave_1: left promiscuous mode
[  535.466438][T18072] bridge0: port 2(bridge_slave_1) entered disabled state
[  535.485001][   T28] audit: type=1326 audit(2000002995.280:217): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21957 comm="syz.0.6462" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8fbcd8e929 code=0x7ffc0000
[  535.535184][ T5776] usb 3-1: New USB device found, idVendor=04fc, idProduct=504a, bcdDevice=43.02
[  535.539710][   T28] audit: type=1326 audit(2000002995.299:218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21957 comm="syz.0.6462" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8fbcd8e929 code=0x7ffc0000
[  535.544248][ T5776] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  535.544270][ T5776] usb 3-1: Product: syz
[  535.544283][ T5776] usb 3-1: Manufacturer: syz
[  535.544297][ T5776] usb 3-1: SerialNumber: syz
[  535.545741][T18072] bridge_slave_0: left allmulticast mode
[  535.576778][   T28] audit: type=1326 audit(2000002995.308:219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21957 comm="syz.0.6462" exe="/root/syz-executor" sig=0 arch=c000003e syscall=274 compat=0 ip=0x7f8fbcd8e929 code=0x7ffc0000
[  535.583346][ T5776] usb 3-1: config 0 descriptor??
[  535.586504][   T28] audit: type=1326 audit(2000002995.308:220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21957 comm="syz.0.6462" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8fbcd8e929 code=0x7ffc0000
[  535.649945][ T5776] gspca_main: sunplus-2.14.0 probing 04fc:504a
[  535.674716][T18072] bridge_slave_0: left promiscuous mode
[  535.680498][T18072] bridge0: port 1(bridge_slave_0) entered disabled state
[  535.736211][T18072] veth1_macvtap: left promiscuous mode
[  535.744969][T18072] veth0_macvtap: left promiscuous mode
[  535.758415][T18072] veth1_vlan: left promiscuous mode
[  535.764100][T18072] veth0_vlan: left promiscuous mode
[  535.947619][T21975] loop0: detected capacity change from 0 to 256
[  535.979211][T21975] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  536.000902][T21975] exFAT-fs (loop0): Medium has reported failures. Some data may be lost.
[  536.031267][T21975] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000ff98, chksum : 0xc64c1d22, utbl_chksum : 0xe619d30d)
[  536.094213][ T5776] gspca_sunplus: reg_w_riv err -71
[  536.103939][ T5776] sunplus: probe of 3-1:0.0 failed with error -71
[  536.124746][ T5776] usb 3-1: USB disconnect, device number 28
[  536.580415][T18072] bond7 (unregistering): Released all slaves
[  536.998912][T22003] loop0: detected capacity change from 0 to 32768
[  537.000481][T18072] bond6 (unregistering): Released all slaves
[  537.015962][T22003] XFS (loop0): Invalid device [./bus], error=-15
[  537.097986][T18072] bond5 (unregistering): Released all slaves
[  537.116658][   T50] Bluetooth: hci2: command tx timeout
[  537.142800][T18072] bond4 (unregistering): Released all slaves
[  537.326430][T22020] netlink: 176 bytes leftover after parsing attributes in process `syz.2.6478'.
[  537.385791][T22023] loop0: detected capacity change from 0 to 512
[  537.422608][T18072] bond3 (unregistering): Released all slaves
[  537.434549][T22023] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  537.505799][T22023] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  537.519142][T22023] ext4 filesystem being mounted at /1573/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  537.539215][T18072] bond2 (unregistering): Released all slaves
[  537.619782][T18072] bond1 (unregistering): Released all slaves
[  537.640944][ T5793] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  537.776710][T18072] team0 (unregistering): Port device geneve0 removed
[  537.928336][ T3449] smc: removing ib device syz0
[  538.284714][   T27] usb 3-1: new high-speed USB device number 29 using dummy_hcd
[  538.499207][   T27] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  538.508934][   T27] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  538.517597][   T27] usb 3-1: Product: syz
[  538.522106][   T27] usb 3-1: Manufacturer: syz
[  538.527856][   T27] usb 3-1: SerialNumber: syz
[  538.540260][   T27] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  538.614041][ T5776] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  538.642190][T18072] team0 (unregistering): Port device team_slave_1 removed
[  538.812029][T18072] team0 (unregistering): Port device team_slave_0 removed
[  538.959172][T18072] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  539.093146][T18072] bond0 (unregistering): (slave c1�): Releasing backup interface
[  539.362468][   T50] Bluetooth: hci2: command tx timeout
[  539.463517][   T27] usb 3-1: USB disconnect, device number 29
[  539.766510][ T5776] ath9k_htc 3-1:1.0: ath9k_htc: Target is unresponsive
[  539.773657][ T5776] ath9k_htc: Failed to initialize the device
[  539.781088][   T27] usb 3-1: ath9k_htc: USB layer deinitialized
[  540.188852][T18072] bond0 (unregistering): Released all slaves
[  540.295581][T22066] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6485'.
[  540.480326][T21500] team0: Port device team_slave_0 added
[  540.524486][T21500] team0: Port device team_slave_1 added
[  540.727617][T21500] batman_adv: batadv0: Adding interface: batadv_slave_0
[  540.780995][T21500] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  540.846001][T21500] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  540.911514][T21500] batman_adv: batadv0: Adding interface: batadv_slave_1
[  540.918610][T21500] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  540.993025][T21500] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  541.004502][T22144] netlink: 20 bytes leftover after parsing attributes in process `syz.0.6492'.
[  541.260681][T21500] hsr_slave_0: entered promiscuous mode
[  541.301947][T21500] hsr_slave_1: entered promiscuous mode
[  541.339242][T22163] loop2: detected capacity change from 0 to 4096
[  541.366733][T21500] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  541.380414][T21500] Cannot create hsr debugfs directory
[  541.489068][T22163] ntfs3: loop2: Mark volume as dirty due to NTFS errors
[  541.543381][T22163] ntfs3: loop2: Failed to load $Extend (-22).
[  541.549742][T22163] ntfs3: loop2: Failed to initialize $Extend.
[  541.816071][T22250] xt_cgroup: xt_cgroup: no path or classid specified
[  542.264480][T22292] loop2: detected capacity change from 0 to 256
[  542.291378][T21500] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  542.313989][T21500] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  542.329741][T22292] exfat: Deprecated parameter 'namecase'
[  542.347383][T21500] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  542.379931][T22292] exfat: Deprecated parameter 'namecase'
[  542.398606][T21500] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  542.400050][T22292] exfat: Deprecated parameter 'namecase'
[  542.506567][T22292] exFAT-fs (loop2): failed to load upcase table (idx : 0x00011f41, chksum : 0xf0064b2e, utbl_chksum : 0xe619d30d)
[  542.691446][T22318] loop0: detected capacity change from 0 to 1024
[  542.797608][T21500] 8021q: adding VLAN 0 to HW filter on device bond0
[  542.859492][T21500] 8021q: adding VLAN 0 to HW filter on device team0
[  542.904046][   T11] bridge0: port 1(bridge_slave_0) entered blocking state
[  542.911256][   T11] bridge0: port 1(bridge_slave_0) entered forwarding state
[  543.048009][ T3449] bridge0: port 2(bridge_slave_1) entered blocking state
[  543.055291][ T3449] bridge0: port 2(bridge_slave_1) entered forwarding state
[  543.242116][T22340] netlink: 16 bytes leftover after parsing attributes in process `syz.0.6513'.
[  543.283316][T22340] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6513'.
[  543.341922][T22340] bridge5: entered promiscuous mode
[  543.358296][T22340] bridge5: entered allmulticast mode
[  543.412840][T22287] loop1: detected capacity change from 0 to 32768
[  543.510925][T22287] add_index: next_index = 0.  Resetting!
[  543.516625][T22287] find_entry called with index >= next_index
[  543.582383][T22287] find_entry called with index >= next_index
[  543.588420][T22287] find_entry called with index >= next_index
[  543.635553][T22287] find_entry called with index >= next_index
[  543.650986][T22359] netlink: 16 bytes leftover after parsing attributes in process `syz.2.6515'.
[  543.815064][T21500] 8021q: adding VLAN 0 to HW filter on device batadv0
[  544.520008][T22403] loop2: detected capacity change from 0 to 2048
[  544.571167][T22403] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  544.711509][T21500] veth0_vlan: entered promiscuous mode
[  544.785057][T22419] delete_channel: no stack
[  544.824695][T21500] veth1_vlan: entered promiscuous mode
[  544.956481][T21500] veth0_macvtap: entered promiscuous mode
[  544.968268][T21500] veth1_macvtap: entered promiscuous mode
[  545.043906][T21500] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  545.075493][T21500] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  545.111628][T21500] batman_adv: batadv0: Interface activated: batadv_slave_0
[  545.129640][T22439] loop2: detected capacity change from 0 to 1024
[  545.139557][T21500] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  545.186214][T21500] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  545.196098][T21500] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  545.271213][T21500] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  545.281084][T21500] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  545.306054][T21500] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  545.318052][T21500] batman_adv: batadv0: Interface activated: batadv_slave_1
[  545.372547][T21500] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  545.410511][T21500] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  545.419255][T21500] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  545.456633][T21500] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  545.543792][T22455] batadv0: entered promiscuous mode
[  545.575160][T22455] A link change request failed with some changes committed already. Interface batadv0 may have been left with an inconsistent configuration, please check.
[  545.639180][T22461] netlink: 'syz.1.6538': attribute type 1 has an invalid length.
[  545.647485][T22464] loop0: detected capacity change from 0 to 64
[  545.840743][T22473] ufs: You didn't specify the type of your ufs filesystem
[  545.840743][T22473] 
[  545.840743][T22473] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ...
[  545.840743][T22473] 
[  545.840743][T22473] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old
[  545.872132][    C0] vkms_vblank_simulate: vblank timer overrun
[  545.891398][ T3449] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  545.899342][ T3449] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  545.927940][T22473] ufs: ufstype=old is supported read-only
[  545.950155][T22473] syz.2.6540: attempt to access beyond end of device
[  545.950155][T22473] nbd2: rw=0, sector=16, nr_sectors = 2 limit=0
[  545.995445][T18072] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  546.043888][T18072] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  546.163526][T22485] loop0: detected capacity change from 0 to 4096
[  546.575850][T22511] loop2: detected capacity change from 0 to 128
[  546.616475][T22511] EXT4-fs: Ignoring removed nomblk_io_submit option
[  546.645812][T22511] EXT4-fs: Ignoring removed bh option
[  546.668958][T22511] EXT4-fs (loop2): Test dummy encryption mode enabled
[  546.737379][T22511] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  546.782798][T22511] ext4 filesystem being mounted at /1735/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  546.888054][T22511] EXT4-fs: Ignoring removed nomblk_io_submit option
[  546.894713][T22511] EXT4-fs: Ignoring removed bh option
[  546.942394][T22511] EXT4-fs error (device loop2): __ext4_remount:6741: comm syz.2.6546: Abort forced by user
[  546.980079][T22511] EXT4-fs (loop2): re-mounted 76b65be2-f6da-4727-8c75-0525a5b65a09 ro.
[  547.107252][ T5788] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  547.231968][T22545] netlink: 28 bytes leftover after parsing attributes in process `syz.0.6553'.
[  547.268111][   T28] audit: type=1326 audit(2000003006.292:221): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22546 comm="syz.2.6554" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f052498e929 code=0x7ffc0000
[  547.291338][T22545] netlink: 28 bytes leftover after parsing attributes in process `syz.0.6553'.
[  547.300403][T22545] netlink: 'syz.0.6553': attribute type 6 has an invalid length.
[  547.345326][   T28] audit: type=1326 audit(2000003006.301:222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22546 comm="syz.2.6554" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f052498e929 code=0x7ffc0000
[  547.421858][   T28] audit: type=1326 audit(2000003006.395:223): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22546 comm="syz.2.6554" exe="/root/syz-executor" sig=0 arch=c000003e syscall=173 compat=0 ip=0x7f052498e929 code=0x7ffc0000
[  547.529835][   T28] audit: type=1326 audit(2000003006.395:224): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22546 comm="syz.2.6554" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f052498e929 code=0x7ffc0000
[  547.612089][   T28] audit: type=1326 audit(2000003006.395:225): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22546 comm="syz.2.6554" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f052498e929 code=0x7ffc0000
[  547.818107][T22518] loop4: detected capacity change from 0 to 32768
[  547.939741][T22518] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[  548.090502][T22518] OCFS2: ERROR (device loop4): int ocfs2_validate_gd_self(struct super_block *, struct buffer_head *, int): Group descriptor #17056 has bit count 2304 but max bitmap bits of 2048
[  548.178881][T22518] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted.
[  548.242701][T22518] OCFS2: File system is now read-only.
[  548.268003][T22518] (syz.4.6548,22518,1):ocfs2_search_chain:1761 ERROR: status = -30
[  548.317652][T22518] (syz.4.6548,22518,1):ocfs2_search_chain:1871 ERROR: status = -30
[  548.331202][T22599] bond0: option ad_select: unable to set because the bond device is up
[  548.349509][T22518] (syz.4.6548,22518,1):ocfs2_claim_suballoc_bits:1940 ERROR: status = -30
[  548.358103][T22518] (syz.4.6548,22518,1):ocfs2_claim_suballoc_bits:1983 ERROR: status = -30
[  548.412720][T22518] (syz.4.6548,22518,1):ocfs2_claim_new_inode:2216 ERROR: status = -30
[  548.448492][T22518] (syz.4.6548,22518,1):ocfs2_claim_new_inode:2231 ERROR: status = -30
[  548.497343][T22518] (syz.4.6548,22518,1):ocfs2_mknod_locked:639 ERROR: status = -30
[  548.533249][T22518] (syz.4.6548,22518,1):ocfs2_mknod:385 ERROR: status = -30
[  548.566726][T22518] (syz.4.6548,22518,1):ocfs2_mknod:502 ERROR: status = -30
[  548.602912][T22518] (syz.4.6548,22518,1):ocfs2_mkdir:659 ERROR: status = -30
[  548.759720][T21500] ocfs2: Unmounting device (7,4) on (node local)
[  548.828150][T22619] loop2: detected capacity change from 0 to 4096
[  548.957443][T22630] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  549.000273][T22633] netlink: 200 bytes leftover after parsing attributes in process `syz.1.6577'.
[  549.073864][T22619] NILFS error (device loop2): nilfs_dotdot: directory #12 missing '.'
[  549.164984][T22619] Remounting filesystem read-only
[  549.287854][T22644] netlink: 16 bytes leftover after parsing attributes in process `syz.1.6579'.
[  549.318869][T22644] netlink: 40 bytes leftover after parsing attributes in process `syz.1.6579'.
[  550.049060][T22688] netlink: 'syz.4.6591': attribute type 1 has an invalid length.
[  550.225142][T22692] loop2: detected capacity change from 0 to 4096
[  550.261621][T22692] ntfs3: loop2: Different NTFS sector size (4096) and media sector size (512).
[  550.341080][T22708] loop4: detected capacity change from 0 to 64
[  550.438195][T22692] ntfs3: loop2: Failed to initialize $Extend/$Reparse.
[  550.870072][T22733] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6602'.
[  550.934135][T22733] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6602'.
[  551.160782][T22751] ieee802154 phy0 wpan0: encryption failed: -22
[  551.507033][T22803] loop0: detected capacity change from 0 to 256
[  551.582152][T22803] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[  551.683598][T22813] netlink: 'syz.2.6615': attribute type 1 has an invalid length.
[  551.767267][T22820] loop1: detected capacity change from 0 to 256
[  551.846159][T22820] FAT-fs (loop1): Directory bread(block 64) failed
[  551.865281][T22820] FAT-fs (loop1): Directory bread(block 65) failed
[  551.900379][T22820] FAT-fs (loop1): Directory bread(block 66) failed
[  551.906964][T22820] FAT-fs (loop1): Directory bread(block 67) failed
[  551.957850][T22820] FAT-fs (loop1): Directory bread(block 68) failed
[  551.985011][T22820] FAT-fs (loop1): Directory bread(block 69) failed
[  551.991799][T22820] FAT-fs (loop1): Directory bread(block 70) failed
[  552.041700][T22820] FAT-fs (loop1): Directory bread(block 71) failed
[  552.056562][T22820] FAT-fs (loop1): Directory bread(block 72) failed
[  552.074556][T22820] FAT-fs (loop1): Directory bread(block 73) failed
[  552.561957][T22865] netlink: 48 bytes leftover after parsing attributes in process `syz.0.6628'.
[  553.266781][   T23] usb 3-1: new high-speed USB device number 30 using dummy_hcd
[  553.487138][   T23] usb 3-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=e2.3d
[  553.510143][   T23] usb 3-1: New USB device strings: Mfr=13, Product=2, SerialNumber=3
[  553.534091][   T23] usb 3-1: Product: syz
[  553.538457][   T23] usb 3-1: Manufacturer: syz
[  553.571875][   T23] usb 3-1: SerialNumber: syz
[  553.584980][   T23] r8152-cfgselector 3-1: config 0 descriptor??
[  554.054379][   T23] r8152-cfgselector 3-1: Unknown version 0x0000
[  554.076474][   T23] r8152-cfgselector 3-1: USB disconnect, device number 30
[  554.505316][T22982] netlink: 'syz.0.6662': attribute type 10 has an invalid length.
[  554.505544][T22947] loop4: detected capacity change from 0 to 32768
[  554.531302][T22947] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 scanned by syz.4.6652 (22947)
[  554.553904][T22982] team0: Port device wlan1 added
[  554.573496][T22947] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  554.585735][T22947] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm
[  554.601125][T22947] BTRFS info (device loop4): using free space tree
[  554.702839][T22959] loop1: detected capacity change from 0 to 32768
[  554.757104][T22947] BTRFS info (device loop4): enabling ssd optimizations
[  554.803990][T23008] netlink: 28 bytes leftover after parsing attributes in process `syz.2.6664'.
[  554.810570][T22947] BTRFS info (device loop4): auto enabling async discard
[  555.168003][T23020] netlink: 'syz.2.6668': attribute type 1 has an invalid length.
[  555.219716][T21500] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  555.352407][T23028] x_tables: ip6_tables: CLASSIFY target: used from hooks PREROUTING, but only usable from FORWARD/OUTPUT/POSTROUTING
[  555.711428][T23046] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6676'.
[  555.952869][T23058] netlink: 240 bytes leftover after parsing attributes in process `syz.2.6679'.
[  556.083105][T23066] loop0: detected capacity change from 0 to 64
[  556.417995][T23091] loop4: detected capacity change from 0 to 256
[  556.701133][T23109] loop2: detected capacity change from 0 to 512
[  556.716533][T23110] netlink: 'syz.4.6693': attribute type 10 has an invalid length.
[  556.757980][T23110] veth1_vlan: entered allmulticast mode
[  556.777593][T23109] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  556.807585][T23109] ext4 filesystem being mounted at /1769/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  556.852840][T23110] team0: Device veth1_vlan failed to register rx_handler
[  556.899743][T23109] Quota error (device loop2): find_block_dqentry: Quota for id 0 referenced but not present
[  556.913550][T23109] Quota error (device loop2): qtree_read_dquot: Can't read quota structure for id 0
[  556.923168][T23109] EXT4-fs error (device loop2): ext4_acquire_dquot:6938: comm syz.2.6694: Failed to acquire dquot type 0
[  556.939290][T23109] EXT4-fs (loop2): Remounting filesystem read-only
[  557.053897][ T5788] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  557.166627][T23139] netlink: 'syz.0.6702': attribute type 1 has an invalid length.
[  557.174694][T23139] netlink: 36 bytes leftover after parsing attributes in process `syz.0.6702'.
[  557.795196][T23167] loop2: detected capacity change from 0 to 4096
[  558.096460][T23193] netlink: 'syz.4.6718': attribute type 1 has an invalid length.
[  558.177126][T23167] ntfs3: loop2: ino=1e, "file1" attr_set_size
[  558.205954][T23167] ntfs3: loop2: Mark volume as dirty due to NTFS errors
[  558.523290][T23215] netlink: 'syz.0.6726': attribute type 2 has an invalid length.
[  558.835231][    T8] usb 3-1: new high-speed USB device number 31 using dummy_hcd
[  559.040013][    T8] usb 3-1: Using ep0 maxpacket: 32
[  559.054429][    T8] usb 3-1: config 0 has an invalid interface number: 85 but max is 0
[  559.071225][    T8] usb 3-1: config 0 has no interface number 0
[  559.087165][    T8] usb 3-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  559.100671][    T8] usb 3-1: config 0 interface 85 has no altsetting 0
[  559.118756][    T8] usb 3-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[  559.134400][    T8] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  559.143314][    T8] usb 3-1: Product: syz
[  559.151584][    T8] usb 3-1: Manufacturer: syz
[  559.157650][T23229] loop0: detected capacity change from 0 to 32768
[  559.157666][    T8] usb 3-1: SerialNumber: syz
[  559.183466][    T8] usb 3-1: config 0 descriptor??
[  559.231896][T23229] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[  559.331350][T23229] OCFS2: ERROR (device loop0): int ocfs2_validate_gd_self(struct super_block *, struct buffer_head *, int): Group descriptor #17056 has bit count 2304 but max bitmap bits of 2048
[  559.355009][T23229] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted.
[  559.365931][T23229] OCFS2: File system is now read-only.
[  559.373235][T23229] (syz.0.6728,23229,1):ocfs2_search_chain:1761 ERROR: status = -30
[  559.381423][T23229] (syz.0.6728,23229,1):ocfs2_search_chain:1871 ERROR: status = -30
[  559.389425][T23229] (syz.0.6728,23229,1):ocfs2_claim_suballoc_bits:1940 ERROR: status = -30
[  559.438558][T23229] (syz.0.6728,23229,1):ocfs2_claim_suballoc_bits:1983 ERROR: status = -30
[  559.454937][T23229] (syz.0.6728,23229,1):ocfs2_claim_new_inode:2216 ERROR: status = -30
[  559.463816][T23229] (syz.0.6728,23229,1):ocfs2_claim_new_inode:2231 ERROR: status = -30
[  559.472250][T23229] (syz.0.6728,23229,1):ocfs2_mknod_locked:639 ERROR: status = -30
[  559.481479][T23229] (syz.0.6728,23229,1):ocfs2_mknod:385 ERROR: status = -30
[  559.489403][T23229] (syz.0.6728,23229,1):ocfs2_mknod:502 ERROR: status = -30
[  559.496795][T23229] (syz.0.6728,23229,1):ocfs2_mkdir:659 ERROR: status = -30
[  559.560200][ T5793] ocfs2: Unmounting device (7,0) on (node local)
[  559.670492][    T8] appletouch 3-1:0.85: Failed to request geyser raw mode
[  559.686168][    T8] appletouch: probe of 3-1:0.85 failed with error -5
[  559.739467][    T8] usb 3-1: USB disconnect, device number 31
[  559.874879][T23288] loop0: detected capacity change from 0 to 128
[  559.890601][T23288] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x00000000 (sector = 1)
[  559.955951][T23289] team0: Port device team_slave_0 removed
[  559.963244][T23289] A link change request failed with some changes committed already. Interface team_slave_0 may have been left with an inconsistent configuration, please check.
[  559.985358][   T28] audit: type=1800 audit(2000003018.202:226): pid=23288 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.6741" name="file2" dev="loop0" ino=1048704 res=0 errno=0
[  560.011220][T23288] FAT-fs (loop0): error, fat_free_clusters: deleting FAT entry beyond EOF
[  560.020310][T23288] FAT-fs (loop0): Filesystem has been set read-only
[  560.136584][T23300] ubi31: attaching mtd0
[  560.164315][T23300] ubi31: scanning is finished
[  560.201744][T23306] loop4: detected capacity change from 0 to 1024
[  560.208518][T23300] ubi31: empty MTD device detected
[  560.348635][T23300] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB)
[  560.385075][T23300] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  560.413314][T23300] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1
[  560.439009][T23300] ubi31: VID header offset: 64 (aligned 64), data offset: 128
[  560.466579][T23318] loop2: detected capacity change from 0 to 512
[  560.488220][T23300] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  560.518083][T23318] EXT4-fs (loop2): mounted filesystem 00800000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  560.541301][T23300] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23
[  560.557473][T23300] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 1290607396
[  560.599203][T23300] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  560.660433][T23312] ubi31: background thread "ubi_bgt31d" started, PID 23312
[  560.786134][ T5788] EXT4-fs (loop2): unmounting filesystem 00800000-0000-0000-0000-000000000000.
[  561.532272][T23376] ip6gre1: entered allmulticast mode
[  561.645983][T23386] loop2: detected capacity change from 0 to 1024
[  561.667636][T23386] EXT4-fs: Ignoring removed orlov option
[  561.706620][T23396] loop4: detected capacity change from 0 to 64
[  561.727908][T23386] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  561.994665][ T5788] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  562.253513][T23430] netlink: 40 bytes leftover after parsing attributes in process `syz.0.6778'.
[  562.839386][T23471] loop4: detected capacity change from 0 to 128
[  562.888627][T23471] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x00000000 (sector = 1)
[  562.911699][T23472] loop1: detected capacity change from 0 to 1764
[  562.951647][   T28] audit: type=1800 audit(2000003020.971:227): pid=23471 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.6789" name="file2" dev="loop4" ino=1048705 res=0 errno=0
[  562.987443][T23472] ISOFS: root inode is unusable. Disabling Rock Ridge and switching to Joliet.
[  562.993487][T23471] FAT-fs (loop4): error, fat_free_clusters: deleting FAT entry beyond EOF
[  563.032435][T23471] FAT-fs (loop4): Filesystem has been set read-only
[  563.054159][T23472] iso9660: Corrupted directory entry in block 2 of inode 1920
[  563.180954][T23490] loop2: detected capacity change from 0 to 64
[  563.350778][T23501] loop4: detected capacity change from 0 to 256
[  563.400246][T23501] exfat: Deprecated parameter 'namecase'
[  563.406482][T23501] exfat: Deprecated parameter 'namecase'
[  563.534583][T23501] exFAT-fs (loop4): failed to load upcase table (idx : 0x00011f41, chksum : 0xf6e84b2e, utbl_chksum : 0xe619d30d)
[  564.206237][   T28] audit: type=1326 audit(2000003022.150:228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23553 comm="syz.2.6809" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f052498e929 code=0x7ffc0000
[  564.268165][   T28] audit: type=1326 audit(2000003022.150:229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23553 comm="syz.2.6809" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f052498e929 code=0x7ffc0000
[  564.359552][   T28] audit: type=1326 audit(2000003022.150:230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23553 comm="syz.2.6809" exe="/root/syz-executor" sig=0 arch=c000003e syscall=448 compat=0 ip=0x7f052498e929 code=0x7ffc0000
[  564.449915][   T28] audit: type=1326 audit(2000003022.150:231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23553 comm="syz.2.6809" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f052498e929 code=0x7ffc0000
[  564.514901][T23579] loop1: detected capacity change from 0 to 256
[  564.553530][   T28] audit: type=1326 audit(2000003022.150:232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23553 comm="syz.2.6809" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f052498e929 code=0x7ffc0000
[  564.669364][T23579] FAT-fs (loop1): Directory bread(block 64) failed
[  564.696733][T23579] FAT-fs (loop1): Directory bread(block 65) failed
[  564.720018][T23579] FAT-fs (loop1): Directory bread(block 66) failed
[  564.735581][T23579] FAT-fs (loop1): Directory bread(block 67) failed
[  564.758792][T23579] FAT-fs (loop1): Directory bread(block 68) failed
[  564.789371][T23579] FAT-fs (loop1): Directory bread(block 69) failed
[  564.796045][T23579] FAT-fs (loop1): Directory bread(block 70) failed
[  564.856573][T23579] FAT-fs (loop1): Directory bread(block 71) failed
[  564.863276][T23579] FAT-fs (loop1): Directory bread(block 72) failed
[  564.909453][T23579] FAT-fs (loop1): Directory bread(block 73) failed
[  565.165310][T23613] loop4: detected capacity change from 0 to 512
[  565.256613][T23613] EXT4-fs (loop4): mounted filesystem 00800000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  565.709840][T21500] EXT4-fs (loop4): unmounting filesystem 00800000-0000-0000-0000-000000000000.
[  565.963075][T23652] netlink: 76 bytes leftover after parsing attributes in process `syz.4.6830'.
[  566.108439][T23618] loop0: detected capacity change from 0 to 32768
[  566.140558][T23618] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 scanned by syz.0.6825 (23618)
[  566.192298][T23618] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  566.229640][T23618] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[  566.273157][T23618] BTRFS info (device loop0): enabling disk space caching
[  566.304479][T23662] xt_CT: No such helper "pptp"
[  566.305593][T23618] BTRFS info (device loop0): doing ref verification
[  566.324848][T23618] BTRFS info (device loop0): use zlib compression, level 3
[  566.334268][T23618] BTRFS info (device loop0): force clearing of disk cache
[  566.377002][T23618] BTRFS info (device loop0): doing ref verification
[  566.400674][T23618] BTRFS info (device loop0): disk space caching is enabled
[  566.616703][T23618] BTRFS info (device loop0): auto enabling async discard
[  566.633604][T23638] loop2: detected capacity change from 0 to 32768
[  566.669053][T23618] BTRFS info (device loop0): rebuilding free space tree
[  566.701440][T23695] loop4: detected capacity change from 0 to 65
[  566.728071][T23695] BFS-fs: bfs_fill_super(): NOTE: filesystem loop4 was created with 512 inodes, the real maximum is 511, mounting anyway
[  566.743591][T23618] BTRFS info (device loop0): disabling free space tree
[  566.758785][T23618] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  566.776080][T23638] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[  566.808818][T23618] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  566.854526][T23638] OCFS2: ERROR (device loop2): int ocfs2_validate_gd_self(struct super_block *, struct buffer_head *, int): Group descriptor #17056 has an invalid fs_generation of #419009
[  566.884588][T23638] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted.
[  566.895016][T23638] OCFS2: Returning error to the calling process.
[  566.915911][T23638] (syz.2.6828,23638,1):ocfs2_search_chain:1761 ERROR: status = -5
[  566.948222][T23638] (syz.2.6828,23638,1):ocfs2_search_chain:1871 ERROR: status = -5
[  566.968020][T23638] (syz.2.6828,23638,1):ocfs2_claim_suballoc_bits:1940 ERROR: status = -5
[  566.978817][T23638] (syz.2.6828,23638,1):ocfs2_claim_suballoc_bits:1983 ERROR: status = -5
[  567.044093][T23638] (syz.2.6828,23638,1):ocfs2_claim_new_inode:2216 ERROR: status = -5
[  567.052321][T23638] (syz.2.6828,23638,1):ocfs2_claim_new_inode:2231 ERROR: status = -5
[  567.118375][T23638] (syz.2.6828,23638,1):ocfs2_mknod_locked:639 ERROR: status = -5
[  567.162166][T23638] (syz.2.6828,23638,1):ocfs2_mknod:385 ERROR: status = -5
[  567.169517][T23638] (syz.2.6828,23638,1):ocfs2_mknod:502 ERROR: status = -5
[  567.196144][T23709] loop4: detected capacity change from 0 to 1024
[  567.204266][T23638] (syz.2.6828,23638,1):ocfs2_create:676 ERROR: status = -5
[  567.348051][ T5793] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  567.404829][ T5788] ocfs2: Unmounting device (7,2) on (node local)
[  567.949071][T23735] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  567.988081][T23736] netlink: 192 bytes leftover after parsing attributes in process `syz.2.6840'.
[  568.249781][T23747] netlink: 16 bytes leftover after parsing attributes in process `syz.2.6844'.
[  568.969526][   T28] audit: type=1326 audit(2000003026.612:233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23782 comm="syz.0.6855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8fbcd8e929 code=0x7ffc0000
[  569.053854][   T28] audit: type=1326 audit(2000003026.631:234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23782 comm="syz.0.6855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8fbcd8e929 code=0x7ffc0000
[  569.139110][   T28] audit: type=1326 audit(2000003026.650:235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23782 comm="syz.0.6855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=132 compat=0 ip=0x7f8fbcd8e929 code=0x7ffc0000
[  569.232273][   T28] audit: type=1326 audit(2000003026.650:236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23782 comm="syz.0.6855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8fbcd8e929 code=0x7ffc0000
[  569.300559][   T28] audit: type=1326 audit(2000003026.650:237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23782 comm="syz.0.6855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8fbcd8e929 code=0x7ffc0000
[  569.573090][T23813] loop0: detected capacity change from 0 to 64
[  569.734727][T23820] netlink: 20 bytes leftover after parsing attributes in process `syz.4.6864'.
[  569.769410][T23820] netlink: 136 bytes leftover after parsing attributes in process `syz.4.6864'.
[  569.780234][T23822] loop2: detected capacity change from 0 to 8
[  569.923027][T23822] SQUASHFS error: xz decompression failed, data probably corrupt
[  569.991519][T23822] SQUASHFS error: Failed to read block 0x108: -5
[  570.008459][T23822] SQUASHFS error: Unable to read metadata cache entry [106]
[  570.030203][T23822] SQUASHFS error: Unable to read inode 0x11f
[  570.550253][    T9] usb 3-1: new high-speed USB device number 32 using dummy_hcd
[  570.606123][T23874] loop0: detected capacity change from 0 to 16
[  570.646601][T23874] erofs: (device loop0): mounted with root inode @ nid 36.
[  570.707697][T23874] erofs: (device loop0): erofs_read_inode: bogus i_mode (0) @ nid 46
[  570.801133][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[  570.817024][    T9] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0
[  570.826735][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 33119, setting to 1024
[  570.885697][    T9] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024
[  570.919603][    T9] usb 3-1: New USB device found, idVendor=2040, idProduct=2000, bcdDevice=65.72
[  570.947436][    T9] usb 3-1: New USB device strings: Mfr=151, Product=0, SerialNumber=0
[  570.955669][    T9] usb 3-1: Manufacturer: syz
[  570.985392][    T9] usb 3-1: config 0 descriptor??
[  571.006349][T23822] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  571.023441][    T9] smsusb:smsusb_probe: board id=9, interface number 0
[  571.054706][T23894] netlink: 'syz.0.6879': attribute type 5 has an invalid length.
[  571.104799][    T9] smsusb:siano_media_device_register: media controller created
[  571.132045][T23894] : entered promiscuous mode
[  571.140900][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  571.148301][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  571.155794][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  571.163242][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  571.170605][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  571.194527][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  571.202220][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  571.209551][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  571.216872][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  571.224186][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  571.255760][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  571.263248][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  571.270613][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  571.277992][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  571.285430][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  571.292771][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  571.300048][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  571.308015][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  571.315379][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  571.322708][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  571.330024][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  571.337351][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  571.344875][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  571.352132][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  571.360165][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  571.367510][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  571.374817][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  571.382107][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  571.389408][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  571.396969][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  571.405966][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  571.413360][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  571.420790][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  571.428459][    T9] smsmdtv:smscore_sendrequest_and_wait: sendrequest returned error -22
[  571.437017][    T9] smsmdtv:smscore_set_device_mode: mode detect failed -22
[  571.445178][    T9] smsmdtv:smscore_start_device: set device mode failed , rc -22
[  571.455145][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  571.464471][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  571.471799][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  571.479103][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  571.479193][T23868] loop4: detected capacity change from 0 to 32768
[  571.486446][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  571.486500][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  571.486553][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  571.486612][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  571.487049][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  571.529988][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  571.538128][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  571.545456][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  571.552765][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  571.552779][T23911] loop0: detected capacity change from 0 to 512
[  571.566451][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  571.573783][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  571.581093][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  571.588357][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  571.595625][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  571.603718][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  571.611038][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  571.618328][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  571.625609][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  571.632881][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  571.640129][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  571.648161][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  571.655487][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  571.656769][T23914] loop1: detected capacity change from 0 to 128
[  571.662860][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  571.662923][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  571.664902][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  571.691421][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  571.698731][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  571.706050][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  571.713355][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  571.720780][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  571.728259][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  571.735668][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  571.743077][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  571.750414][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  571.759131][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  571.766471][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  571.773849][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  571.781162][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  571.788561][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  571.796544][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  571.803871][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  571.811176][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  571.818578][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  571.825889][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  571.834347][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  571.841665][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  571.848965][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  571.854211][T23914] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256
[  571.856233][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  571.873591][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  571.880886][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  571.888139][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  571.895474][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  571.903770][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  571.911173][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  571.918480][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  571.925798][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  571.933111][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  571.940447][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  571.947772][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  571.955089][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  571.962439][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  571.970570][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  571.977895][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  571.985632][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  571.993023][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  571.993589][T23914] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  572.000304][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.016850][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.024245][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.031567][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.038879][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.046189][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.054190][    T9] smsusb:smsusb_init_device: smscore_start_device(...) failed
[  572.062594][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.062700][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.062780][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.063385][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.063467][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.063544][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.063625][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.063712][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.063794][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.063871][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.139889][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.147197][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.154608][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.162022][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.169330][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.176813][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.184111][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.191422][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.198724][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.206019][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.214730][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.222057][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.229389][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.236903][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.244178][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.251910][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.260059][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.267401][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.274710][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.290221][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.297544][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.304835][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.312149][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.319454][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.326761][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.334071][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.341385][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.348687][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.357491][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.364810][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.372209][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.379511][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.386798][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.394096][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.401387][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.408686][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.416506][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.424434][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.432629][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.440736][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.448025][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.455278][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.462516][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.470453][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.477690][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.484926][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.492867][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.500677][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.508258][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.515582][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.522886][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.530190][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.537495][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.544793][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.552100][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.559492][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.566784][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.575113][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.582441][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.589839][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.597891][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.605203][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.612678][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.620062][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.627455][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.634747][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.643501][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.650839][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.658312][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.665613][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.672913][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.680272][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.687575][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.694869][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.702250][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.712954][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.720298][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.727596][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.734890][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.742348][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.750092][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.757398][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.766171][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.773468][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.780758][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.788043][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.795343][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.802633][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.809909][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.817162][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.824395][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.832910][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.840225][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.847509][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.854802][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.862095][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.869392][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.880194][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.887542][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.894935][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.902245][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.909554][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.916855][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.924179][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.931969][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.939308][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.946615][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.953923][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.961174][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.968431][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.976607][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.983903][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.991178][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  572.998466][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  573.005753][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  573.013058][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  573.020356][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  573.027651][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  573.035590][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  573.042892][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  573.050183][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  573.057480][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  573.064798][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  573.072269][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  573.079728][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  573.087016][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  573.098420][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  573.106957][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  573.114252][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  573.121543][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  573.128832][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  573.136124][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  573.143414][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  573.150690][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  573.159135][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  573.166443][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  573.174300][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  573.181647][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  573.188991][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  573.196326][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  573.203653][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  573.211095][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  573.218527][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  573.226033][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  573.243159][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  573.250514][    C0] smsusb:smsusb_onresponse: error, urb status -2, 0 bytes
[  573.257767][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  573.265091][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  573.272599][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  573.279911][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  573.287225][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  573.294525][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  573.301824][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  573.311103][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  573.318702][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  573.326022][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  573.333312][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  573.340555][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  573.348014][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  573.355318][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  573.362789][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  573.370381][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  573.377729][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  573.385282][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  573.392808][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  573.400144][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  573.407481][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  573.414812][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  573.422148][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  573.437641][    C0] ==================================================================
[  573.445738][    C0] BUG: KASAN: slab-use-after-free in dummy_timer+0x2916/0x31b0
[  573.453316][    C0] Read of size 4 at addr ffff88807e7dea54 by task kworker/0:1/9
[  573.460968][    C0] 
[  573.463312][    C0] CPU: 0 PID: 9 Comm: kworker/0:1 Not tainted 6.6.98-syzkaller #0
[  573.471148][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  573.481313][    C0] Workqueue: usb_hub_wq hub_event
[  573.486364][    C0] Call Trace:
[  573.489650][    C0]  <IRQ>
[  573.492509][    C0]  dump_stack_lvl+0x16c/0x230
[  573.497221][    C0]  ? __lock_acquire+0x7c80/0x7c80
[  573.502284][    C0]  ? show_regs_print_info+0x20/0x20
[  573.507525][    C0]  ? load_image+0x3b0/0x3b0
[  573.512082][    C0]  ? __virt_addr_valid+0x469/0x540
[  573.517230][    C0]  print_report+0xac/0x230
[  573.521682][    C0]  ? dummy_timer+0x2916/0x31b0
[  573.526466][    C0]  kasan_report+0x117/0x150
[  573.530995][    C0]  ? _raw_spin_lock_irqsave+0xb4/0xf0
[  573.536393][    C0]  ? dummy_timer+0x2916/0x31b0
[  573.541187][    C0]  dummy_timer+0x2916/0x31b0
[  573.545820][    C0]  ? mark_lock+0x94/0x320
[  573.550216][    C0]  ? lockdep_hardirqs_on_prepare+0x400/0x760
[  573.556403][    C0]  ? lock_chain_count+0x20/0x20
[  573.561255][    C0]  ? _raw_spin_unlock_irqrestore+0x86/0x110
[  573.567259][    C0]  ? dummy_free_streams+0x530/0x530
[  573.572457][    C0]  ? debug_object_deactivate+0x67/0x350
[  573.578031][    C0]  __hrtimer_run_queues+0x51e/0xc40
[  573.583239][    C0]  ? dummy_free_streams+0x530/0x530
[  573.588441][    C0]  ? hrtimer_interrupt+0x9c0/0x9c0
[  573.593541][    C0]  ? ktime_get_update_offsets_now+0x3d2/0x3f0
[  573.599605][    C0]  hrtimer_run_softirq+0x187/0x2b0
[  573.604708][    C0]  handle_softirqs+0x280/0x820
[  573.609466][    C0]  ? __irq_exit_rcu+0xc7/0x190
[  573.614224][    C0]  ? do_softirq+0x180/0x180
[  573.618720][    C0]  ? irqtime_account_irq+0xb6/0x1c0
[  573.623916][    C0]  __irq_exit_rcu+0xc7/0x190
[  573.628500][    C0]  ? irq_exit_rcu+0x20/0x20
[  573.633002][    C0]  irq_exit_rcu+0x9/0x20
[  573.637276][    C0]  sysvec_apic_timer_interrupt+0xa4/0xc0
[  573.642989][    C0]  </IRQ>
[  573.645907][    C0]  <TASK>
[  573.648824][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  573.654797][    C0] RIP: 0010:_raw_spin_unlock_irqrestore+0xa9/0x110
[  573.661292][    C0] Code: 74 05 e8 4a c8 13 f7 48 c7 44 24 20 00 00 00 00 9c 8f 44 24 20 f6 44 24 21 02 75 4b f7 c3 00 02 00 00 74 01 fb bf 01 00 00 00 <e8> 82 32 e3 f6 65 8b 05 93 78 8b 75 85 c0 74 3c 48 c7 04 24 0e 36
[  573.681152][    C0] RSP: 0018:ffffc900000e6860 EFLAGS: 00000206
[  573.687209][    C0] RAX: b7f5bea1df6dbe00 RBX: 0000000000000a06 RCX: b7f5bea1df6dbe00
[  573.695171][    C0] RDX: dffffc0000000000 RSI: ffffffff8aaab940 RDI: 0000000000000001
[  573.703132][    C0] RBP: ffffc900000e68f0 R08: ffffffff90da659f R09: 1ffffffff21b4cb3
[  573.711105][    C0] R10: dffffc0000000000 R11: fffffbfff21b4cb4 R12: dffffc0000000000
[  573.719068][    C0] R13: 0000000000000001 R14: ffffffff970bf1d0 R15: 1ffff9200001cd0c
[  573.727043][    C0]  ? _raw_spin_unlock+0x40/0x40
[  573.731891][    C0]  debug_object_activate+0x2f7/0x4b0
[  573.737177][    C0]  ? kernfs_put+0x360/0x360
[  573.741675][    C0]  call_rcu+0xab/0x930
[  573.745740][    C0]  ? kernfs_put+0x1bd/0x360
[  573.750257][    C0]  ? rcu_force_quiescent_state+0x230/0x230
[  573.756080][    C0]  ? do_raw_spin_unlock+0x121/0x230
[  573.761286][    C0]  kernfs_put+0x1d3/0x360
[  573.765625][    C0]  device_del+0x251/0x900
[  573.770014][    C0]  ? media_devnode_unregister+0x1d/0x70
[  573.775603][    C0]  ? kill_device+0x160/0x160
[  573.780221][    C0]  ? do_raw_spin_unlock+0x121/0x230
[  573.785426][    C0]  ? up_write+0x1c3/0x410
[  573.789759][    C0]  cdev_device_del+0x27/0xf0
[  573.794347][    C0]  media_devnode_unregister+0x30/0x70
[  573.799732][    C0]  media_device_unregister+0x37c/0x400
[  573.805189][    C0]  smsusb_probe+0x1710/0x1da0
[  573.809871][    C0]  ? s2255_print_cfg+0x1b0/0x1b0
[  573.814845][    C0]  ? smsusb1_detectmode+0x260/0x260
[  573.820132][    C0]  ? _raw_spin_unlock_irqrestore+0x86/0x110
[  573.826064][    C0]  ? pm_runtime_enable+0x192/0x2a0
[  573.831173][    C0]  ? __pm_runtime_set_status+0x8ab/0xb80
[  573.837193][    C0]  usb_probe_interface+0x5a4/0xb00
[  573.842408][    C0]  ? usb_register_driver+0x3d0/0x3d0
[  573.847811][    C0]  really_probe+0x25b/0xb40
[  573.852734][    C0]  ? pm_runtime_barrier+0x14b/0x1c0
[  573.858391][    C0]  __driver_probe_device+0x18c/0x330
[  573.863709][    C0]  driver_probe_device+0x4f/0x420
[  573.868860][    C0]  __device_attach_driver+0x2ca/0x520
[  573.874354][    C0]  bus_for_each_drv+0x24b/0x2d0
[  573.879327][    C0]  ? coredump_store+0x90/0x90
[  573.884026][    C0]  ? bus_find_device+0x320/0x320
[  573.889010][    C0]  __device_attach+0x2b5/0x400
[  573.893789][    C0]  ? device_attach+0x20/0x20
[  573.898392][    C0]  ? kobject_uevent_env+0x363/0x8c0
[  573.903605][    C0]  ? do_raw_spin_unlock+0x121/0x230
[  573.908852][    C0]  bus_probe_device+0x180/0x260
[  573.913709][    C0]  device_add+0x85b/0xc20
[  573.918032][    C0]  usb_set_configuration+0x1a79/0x20c0
[  573.923507][    C0]  usb_generic_driver_probe+0x8d/0x150
[  573.928982][    C0]  usb_probe_device+0x13d/0x280
[  573.933842][    C0]  ? usb_register_device_driver+0x230/0x230
[  573.939747][    C0]  really_probe+0x25b/0xb40
[  573.944262][    C0]  ? pm_runtime_barrier+0x14b/0x1c0
[  573.949460][    C0]  __driver_probe_device+0x18c/0x330
[  573.954751][    C0]  driver_probe_device+0x4f/0x420
[  573.959773][    C0]  __device_attach_driver+0x2ca/0x520
[  573.965230][    C0]  bus_for_each_drv+0x24b/0x2d0
[  573.970076][    C0]  ? coredump_store+0x90/0x90
[  573.974759][    C0]  ? bus_find_device+0x320/0x320
[  573.979708][    C0]  __device_attach+0x2b5/0x400
[  573.984485][    C0]  ? device_attach+0x20/0x20
[  573.989067][    C0]  ? kobject_uevent_env+0x363/0x8c0
[  573.994261][    C0]  ? do_raw_spin_unlock+0x121/0x230
[  573.999462][    C0]  bus_probe_device+0x180/0x260
[  574.004309][    C0]  device_add+0x85b/0xc20
[  574.008629][    C0]  usb_new_device+0xa31/0x1630
[  574.013392][    C0]  ? usb_disconnect+0x8a0/0x8a0
[  574.018320][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[  574.023524][    C0]  ? lockdep_hardirqs_on+0x98/0x150
[  574.028753][    C0]  hub_event+0x2957/0x49c0
[  574.033226][    C0]  ? led_work+0x720/0x720
[  574.037564][    C0]  ? read_lock_is_recursive+0x20/0x20
[  574.042954][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[  574.048160][    C0]  ? process_scheduled_works+0x957/0x15b0
[  574.053882][    C0]  ? process_scheduled_works+0x957/0x15b0
[  574.059617][    C0]  process_scheduled_works+0xa45/0x15b0
[  574.065177][    C0]  ? assign_work+0x400/0x400
[  574.070074][    C0]  ? assign_work+0x39e/0x400
[  574.074661][    C0]  worker_thread+0xa55/0xfc0
[  574.079261][    C0]  kthread+0x2fa/0x390
[  574.083323][    C0]  ? pr_cont_work+0x560/0x560
[  574.087996][    C0]  ? kthread_blkcg+0xd0/0xd0
[  574.092603][    C0]  ret_from_fork+0x48/0x80
[  574.097029][    C0]  ? kthread_blkcg+0xd0/0xd0
[  574.101614][    C0]  ret_from_fork_asm+0x11/0x20
[  574.106379][    C0]  </TASK>
[  574.109387][    C0] 
[  574.111695][    C0] Allocated by task 9:
[  574.115750][    C0]  kasan_set_track+0x4e/0x70
[  574.120338][    C0]  __kasan_kmalloc+0x8f/0xa0
[  574.124917][    C0]  smsusb_probe+0x833/0x1da0
[  574.129503][    C0]  usb_probe_interface+0x5a4/0xb00
[  574.134603][    C0]  really_probe+0x25b/0xb40
[  574.139112][    C0]  __driver_probe_device+0x18c/0x330
[  574.144392][    C0]  driver_probe_device+0x4f/0x420
[  574.149408][    C0]  __device_attach_driver+0x2ca/0x520
[  574.154773][    C0]  bus_for_each_drv+0x24b/0x2d0
[  574.159614][    C0]  __device_attach+0x2b5/0x400
[  574.164371][    C0]  bus_probe_device+0x180/0x260
[  574.169213][    C0]  device_add+0x85b/0xc20
[  574.173542][    C0]  usb_set_configuration+0x1a79/0x20c0
[  574.178997][    C0]  usb_generic_driver_probe+0x8d/0x150
[  574.184465][    C0]  usb_probe_device+0x13d/0x280
[  574.189317][    C0]  really_probe+0x25b/0xb40
[  574.193822][    C0]  __driver_probe_device+0x18c/0x330
[  574.199103][    C0]  driver_probe_device+0x4f/0x420
[  574.204182][    C0]  __device_attach_driver+0x2ca/0x520
[  574.209574][    C0]  bus_for_each_drv+0x24b/0x2d0
[  574.214414][    C0]  __device_attach+0x2b5/0x400
[  574.219199][    C0]  bus_probe_device+0x180/0x260
[  574.224145][    C0]  device_add+0x85b/0xc20
[  574.228469][    C0]  usb_new_device+0xa31/0x1630
[  574.233237][    C0]  hub_event+0x2957/0x49c0
[  574.237956][    C0]  process_scheduled_works+0xa45/0x15b0
[  574.243497][    C0]  worker_thread+0xa55/0xfc0
[  574.248081][    C0]  kthread+0x2fa/0x390
[  574.252143][    C0]  ret_from_fork+0x48/0x80
[  574.256547][    C0]  ret_from_fork_asm+0x11/0x20
[  574.261306][    C0] 
[  574.263617][    C0] Freed by task 9:
[  574.267318][    C0]  kasan_set_track+0x4e/0x70
[  574.271900][    C0]  kasan_save_free_info+0x2e/0x50
[  574.276929][    C0]  ____kasan_slab_free+0x126/0x1e0
[  574.282037][    C0]  slab_free_freelist_hook+0x130/0x1b0
[  574.287486][    C0]  __kmem_cache_free+0xba/0x1f0
[  574.292319][    C0]  smsusb_term_device+0x1ac/0x220
[  574.297337][    C0]  smsusb_probe+0x1708/0x1da0
[  574.302005][    C0]  usb_probe_interface+0x5a4/0xb00
[  574.307103][    C0]  really_probe+0x25b/0xb40
[  574.311593][    C0]  __driver_probe_device+0x18c/0x330
[  574.316866][    C0]  driver_probe_device+0x4f/0x420
[  574.321876][    C0]  __device_attach_driver+0x2ca/0x520
[  574.327236][    C0]  bus_for_each_drv+0x24b/0x2d0
[  574.332097][    C0]  __device_attach+0x2b5/0x400
[  574.336956][    C0]  bus_probe_device+0x180/0x260
[  574.341807][    C0]  device_add+0x85b/0xc20
[  574.346129][    C0]  usb_set_configuration+0x1a79/0x20c0
[  574.351586][    C0]  usb_generic_driver_probe+0x8d/0x150
[  574.357036][    C0]  usb_probe_device+0x13d/0x280
[  574.361872][    C0]  really_probe+0x25b/0xb40
[  574.366363][    C0]  __driver_probe_device+0x18c/0x330
[  574.371635][    C0]  driver_probe_device+0x4f/0x420
[  574.376656][    C0]  __device_attach_driver+0x2ca/0x520
[  574.382020][    C0]  bus_for_each_drv+0x24b/0x2d0
[  574.386857][    C0]  __device_attach+0x2b5/0x400
[  574.391619][    C0]  bus_probe_device+0x180/0x260
[  574.396454][    C0]  device_add+0x85b/0xc20
[  574.400770][    C0]  usb_new_device+0xa31/0x1630
[  574.405518][    C0]  hub_event+0x2957/0x49c0
[  574.409924][    C0]  process_scheduled_works+0xa45/0x15b0
[  574.415467][    C0]  worker_thread+0xa55/0xfc0
[  574.420062][    C0]  kthread+0x2fa/0x390
[  574.424132][    C0]  ret_from_fork+0x48/0x80
[  574.428554][    C0]  ret_from_fork_asm+0x11/0x20
[  574.433324][    C0] 
[  574.435725][    C0] Last potentially related work creation:
[  574.441425][    C0]  kasan_save_stack+0x3e/0x60
[  574.446159][    C0]  __kasan_record_aux_stack+0xaf/0xc0
[  574.451538][    C0]  insert_work+0x3d/0x310
[  574.455861][    C0]  __queue_work+0xc39/0x1020
[  574.460440][    C0]  queue_work_on+0x121/0x1e0
[  574.465022][    C0]  __usb_hcd_giveback_urb+0x35f/0x520
[  574.470384][    C0]  dummy_timer+0x8a3/0x31b0
[  574.474874][    C0]  __hrtimer_run_queues+0x51e/0xc40
[  574.480063][    C0]  hrtimer_run_softirq+0x187/0x2b0
[  574.485161][    C0]  handle_softirqs+0x280/0x820
[  574.489912][    C0]  __irq_exit_rcu+0xc7/0x190
[  574.494493][    C0]  irq_exit_rcu+0x9/0x20
[  574.498741][    C0]  sysvec_apic_timer_interrupt+0xa4/0xc0
[  574.504369][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  574.510432][    C0] 
[  574.512739][    C0] Second to last potentially related work creation:
[  574.519307][    C0]  kasan_save_stack+0x3e/0x60
[  574.523983][    C0]  __kasan_record_aux_stack+0xaf/0xc0
[  574.529351][    C0]  insert_work+0x3d/0x310
[  574.533667][    C0]  __queue_work+0xc39/0x1020
[  574.538252][    C0]  queue_work_on+0x121/0x1e0
[  574.542829][    C0]  __usb_hcd_giveback_urb+0x35f/0x520
[  574.548197][    C0]  dummy_timer+0x8a3/0x31b0
[  574.552704][    C0]  __hrtimer_run_queues+0x51e/0xc40
[  574.557895][    C0]  hrtimer_run_softirq+0x187/0x2b0
[  574.562998][    C0]  handle_softirqs+0x280/0x820
[  574.567771][    C0]  __irq_exit_rcu+0xc7/0x190
[  574.572348][    C0]  irq_exit_rcu+0x9/0x20
[  574.576575][    C0]  sysvec_apic_timer_interrupt+0xa4/0xc0
[  574.582195][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  574.588174][    C0] 
[  574.590483][    C0] The buggy address belongs to the object at ffff88807e7de000
[  574.590483][    C0]  which belongs to the cache kmalloc-4k of size 4096
[  574.605273][    C0] The buggy address is located 2644 bytes inside of
[  574.605273][    C0]  freed 4096-byte region [ffff88807e7de000, ffff88807e7df000)
[  574.620309][    C0] 
[  574.622630][    C0] The buggy address belongs to the physical page:
[  574.629738][    C0] page:ffffea0001f9f600 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7e7d8
[  574.640772][    C0] head:ffffea0001f9f600 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  574.650222][    C0] anon flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[  574.658629][    C0] page_type: 0xffffffff()
[  574.662947][    C0] raw: 00fff00000000840 ffff888017842140 0000000000000000 dead000000000001
[  574.671525][    C0] raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000
[  574.680091][    C0] page dumped because: kasan: bad access detected
[  574.686493][    C0] page_owner tracks the page as allocated
[  574.692190][    C0] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 5161, tgid 5161 (udevd), ts 390243734076, free_ts 390138623629
[  574.714497][    C0]  post_alloc_hook+0x1cd/0x210
[  574.719254][    C0]  get_page_from_freelist+0x195c/0x19f0
[  574.724792][    C0]  __alloc_pages+0x1e3/0x460
[  574.729374][    C0]  alloc_slab_page+0x5d/0x170
[  574.734203][    C0]  new_slab+0x87/0x2e0
[  574.738345][    C0]  ___slab_alloc+0xc6d/0x12f0
[  574.743044][    C0]  __kmem_cache_alloc_node+0x1a2/0x260
[  574.748516][    C0]  kmalloc_trace+0x2a/0xe0
[  574.752920][    C0]  uevent_show+0x156/0x300
[  574.757326][    C0]  dev_attr_show+0x54/0xc0
[  574.761740][    C0]  sysfs_kf_seq_show+0x34d/0x4c0
[  574.766666][    C0]  seq_read_iter+0x49f/0xd50
[  574.771420][    C0]  vfs_read+0x431/0x920
[  574.775563][    C0]  ksys_read+0x147/0x250
[  574.779796][    C0]  do_syscall_64+0x55/0xb0
[  574.784203][    C0]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  574.790170][    C0] page last free stack trace:
[  574.795186][    C0]  free_unref_page_prepare+0x7ce/0x8e0
[  574.800649][    C0]  free_unref_page+0x32/0x2e0
[  574.805329][    C0]  __unfreeze_partials+0x1cf/0x210
[  574.810429][    C0]  put_cpu_partial+0x17c/0x250
[  574.815180][    C0]  __slab_free+0x31d/0x410
[  574.819580][    C0]  qlist_free_all+0x75/0xe0
[  574.824096][    C0]  kasan_quarantine_reduce+0x143/0x160
[  574.829540][    C0]  __kasan_slab_alloc+0x22/0x80
[  574.834384][    C0]  slab_post_alloc_hook+0x6e/0x4d0
[  574.839494][    C0]  kmem_cache_alloc+0x11e/0x2e0
[  574.844334][    C0]  getname_flags+0xbb/0x500
[  574.848836][    C0]  user_path_at_empty+0x2c/0x60
[  574.853784][    C0]  do_readlinkat+0xd8/0x480
[  574.858297][    C0]  __x64_sys_readlink+0x7f/0x90
[  574.863162][    C0]  do_syscall_64+0x55/0xb0
[  574.867601][    C0]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  574.873491][    C0] 
[  574.875801][    C0] Memory state around the buggy address:
[  574.881413][    C0]  ffff88807e7de900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  574.889548][    C0]  ffff88807e7de980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  574.897618][    C0] >ffff88807e7dea00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  574.905761][    C0]                                                  ^
[  574.912515][    C0]  ffff88807e7dea80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  574.920603][    C0]  ffff88807e7deb00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  574.928738][    C0] ==================================================================
[  574.936796][    C0] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  574.943987][    C0] CPU: 0 PID: 9 Comm: kworker/0:1 Not tainted 6.6.98-syzkaller #0
[  574.951786][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  574.961832][    C0] Workqueue: usb_hub_wq hub_event
[  574.966853][    C0] Call Trace:
[  574.970122][    C0]  <IRQ>
[  574.972962][    C0]  dump_stack_lvl+0x16c/0x230
[  574.977633][    C0]  ? show_regs_print_info+0x20/0x20
[  574.982822][    C0]  ? load_image+0x3b0/0x3b0
[  574.987319][    C0]  panic+0x2c0/0x710
[  574.991205][    C0]  ? bpf_jit_dump+0xd0/0xd0
[  574.995697][    C0]  ? _raw_spin_unlock_irqrestore+0xae/0x110
[  575.001595][    C0]  ? _raw_spin_unlock+0x40/0x40
[  575.006433][    C0]  ? print_memory_metadata+0x314/0x400
[  575.011883][    C0]  ? dummy_timer+0x2916/0x31b0
[  575.016634][    C0]  check_panic_on_warn+0x84/0xa0
[  575.021569][    C0]  ? dummy_timer+0x2916/0x31b0
[  575.026320][    C0]  end_report+0x6f/0x140
[  575.030557][    C0]  kasan_report+0x128/0x150
[  575.035051][    C0]  ? _raw_spin_lock_irqsave+0xb4/0xf0
[  575.040414][    C0]  ? dummy_timer+0x2916/0x31b0
[  575.045183][    C0]  dummy_timer+0x2916/0x31b0
[  575.049787][    C0]  ? mark_lock+0x94/0x320
[  575.054132][    C0]  ? lockdep_hardirqs_on_prepare+0x400/0x760
[  575.060115][    C0]  ? lock_chain_count+0x20/0x20
[  575.064961][    C0]  ? _raw_spin_unlock_irqrestore+0x86/0x110
[  575.070851][    C0]  ? dummy_free_streams+0x530/0x530
[  575.076038][    C0]  ? debug_object_deactivate+0x67/0x350
[  575.081609][    C0]  __hrtimer_run_queues+0x51e/0xc40
[  575.086890][    C0]  ? dummy_free_streams+0x530/0x530
[  575.092082][    C0]  ? hrtimer_interrupt+0x9c0/0x9c0
[  575.097183][    C0]  ? ktime_get_update_offsets_now+0x3d2/0x3f0
[  575.103424][    C0]  hrtimer_run_softirq+0x187/0x2b0
[  575.108538][    C0]  handle_softirqs+0x280/0x820
[  575.113310][    C0]  ? __irq_exit_rcu+0xc7/0x190
[  575.118085][    C0]  ? do_softirq+0x180/0x180
[  575.122606][    C0]  ? irqtime_account_irq+0xb6/0x1c0
[  575.127809][    C0]  __irq_exit_rcu+0xc7/0x190
[  575.132412][    C0]  ? irq_exit_rcu+0x20/0x20
[  575.136926][    C0]  irq_exit_rcu+0x9/0x20
[  575.141165][    C0]  sysvec_apic_timer_interrupt+0xa4/0xc0
[  575.146908][    C0]  </IRQ>
[  575.149831][    C0]  <TASK>
[  575.152854][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  575.158827][    C0] RIP: 0010:_raw_spin_unlock_irqrestore+0xa9/0x110
[  575.165346][    C0] Code: 74 05 e8 4a c8 13 f7 48 c7 44 24 20 00 00 00 00 9c 8f 44 24 20 f6 44 24 21 02 75 4b f7 c3 00 02 00 00 74 01 fb bf 01 00 00 00 <e8> 82 32 e3 f6 65 8b 05 93 78 8b 75 85 c0 74 3c 48 c7 04 24 0e 36
[  575.184969][    C0] RSP: 0018:ffffc900000e6860 EFLAGS: 00000206
[  575.191073][    C0] RAX: b7f5bea1df6dbe00 RBX: 0000000000000a06 RCX: b7f5bea1df6dbe00
[  575.199046][    C0] RDX: dffffc0000000000 RSI: ffffffff8aaab940 RDI: 0000000000000001
[  575.207033][    C0] RBP: ffffc900000e68f0 R08: ffffffff90da659f R09: 1ffffffff21b4cb3
[  575.215025][    C0] R10: dffffc0000000000 R11: fffffbfff21b4cb4 R12: dffffc0000000000
[  575.223179][    C0] R13: 0000000000000001 R14: ffffffff970bf1d0 R15: 1ffff9200001cd0c
[  575.231169][    C0]  ? _raw_spin_unlock+0x40/0x40
[  575.236045][    C0]  debug_object_activate+0x2f7/0x4b0
[  575.241430][    C0]  ? kernfs_put+0x360/0x360
[  575.245947][    C0]  call_rcu+0xab/0x930
[  575.250020][    C0]  ? kernfs_put+0x1bd/0x360
[  575.254630][    C0]  ? rcu_force_quiescent_state+0x230/0x230
[  575.260436][    C0]  ? do_raw_spin_unlock+0x121/0x230
[  575.265624][    C0]  kernfs_put+0x1d3/0x360
[  575.269955][    C0]  device_del+0x251/0x900
[  575.274278][    C0]  ? media_devnode_unregister+0x1d/0x70
[  575.279814][    C0]  ? kill_device+0x160/0x160
[  575.284390][    C0]  ? do_raw_spin_unlock+0x121/0x230
[  575.289580][    C0]  ? up_write+0x1c3/0x410
[  575.293896][    C0]  cdev_device_del+0x27/0xf0
[  575.298480][    C0]  media_devnode_unregister+0x30/0x70
[  575.303842][    C0]  media_device_unregister+0x37c/0x400
[  575.309295][    C0]  smsusb_probe+0x1710/0x1da0
[  575.313972][    C0]  ? s2255_print_cfg+0x1b0/0x1b0
[  575.318914][    C0]  ? smsusb1_detectmode+0x260/0x260
[  575.324110][    C0]  ? _raw_spin_unlock_irqrestore+0x86/0x110
[  575.329998][    C0]  ? pm_runtime_enable+0x192/0x2a0
[  575.335102][    C0]  ? __pm_runtime_set_status+0x8ab/0xb80
[  575.340735][    C0]  usb_probe_interface+0x5a4/0xb00
[  575.345845][    C0]  ? usb_register_driver+0x3d0/0x3d0
[  575.351115][    C0]  really_probe+0x25b/0xb40
[  575.355650][    C0]  ? pm_runtime_barrier+0x14b/0x1c0
[  575.360837][    C0]  __driver_probe_device+0x18c/0x330
[  575.366116][    C0]  driver_probe_device+0x4f/0x420
[  575.371139][    C0]  __device_attach_driver+0x2ca/0x520
[  575.376510][    C0]  bus_for_each_drv+0x24b/0x2d0
[  575.381352][    C0]  ? coredump_store+0x90/0x90
[  575.386018][    C0]  ? bus_find_device+0x320/0x320
[  575.390945][    C0]  __device_attach+0x2b5/0x400
[  575.395700][    C0]  ? device_attach+0x20/0x20
[  575.400281][    C0]  ? kobject_uevent_env+0x363/0x8c0
[  575.405470][    C0]  ? do_raw_spin_unlock+0x121/0x230
[  575.410668][    C0]  bus_probe_device+0x180/0x260
[  575.415510][    C0]  device_add+0x85b/0xc20
[  575.419827][    C0]  usb_set_configuration+0x1a79/0x20c0
[  575.425291][    C0]  usb_generic_driver_probe+0x8d/0x150
[  575.430749][    C0]  usb_probe_device+0x13d/0x280
[  575.435591][    C0]  ? usb_register_device_driver+0x230/0x230
[  575.441472][    C0]  really_probe+0x25b/0xb40
[  575.445969][    C0]  ? pm_runtime_barrier+0x14b/0x1c0
[  575.451161][    C0]  __driver_probe_device+0x18c/0x330
[  575.456454][    C0]  driver_probe_device+0x4f/0x420
[  575.461473][    C0]  __device_attach_driver+0x2ca/0x520
[  575.466844][    C0]  bus_for_each_drv+0x24b/0x2d0
[  575.471782][    C0]  ? coredump_store+0x90/0x90
[  575.476449][    C0]  ? bus_find_device+0x320/0x320
[  575.481379][    C0]  __device_attach+0x2b5/0x400
[  575.486141][    C0]  ? device_attach+0x20/0x20
[  575.490728][    C0]  ? kobject_uevent_env+0x363/0x8c0
[  575.495950][    C0]  ? do_raw_spin_unlock+0x121/0x230
[  575.501163][    C0]  bus_probe_device+0x180/0x260
[  575.506029][    C0]  device_add+0x85b/0xc20
[  575.510354][    C0]  usb_new_device+0xa31/0x1630
[  575.515150][    C0]  ? usb_disconnect+0x8a0/0x8a0
[  575.520003][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[  575.525192][    C0]  ? lockdep_hardirqs_on+0x98/0x150
[  575.530381][    C0]  hub_event+0x2957/0x49c0
[  575.534807][    C0]  ? led_work+0x720/0x720
[  575.539131][    C0]  ? read_lock_is_recursive+0x20/0x20
[  575.544497][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[  575.549805][    C0]  ? process_scheduled_works+0x957/0x15b0
[  575.555538][    C0]  ? process_scheduled_works+0x957/0x15b0
[  575.561261][    C0]  process_scheduled_works+0xa45/0x15b0
[  575.566813][    C0]  ? assign_work+0x400/0x400
[  575.571396][    C0]  ? assign_work+0x39e/0x400
[  575.575977][    C0]  worker_thread+0xa55/0xfc0
[  575.580576][    C0]  kthread+0x2fa/0x390
[  575.584631][    C0]  ? pr_cont_work+0x560/0x560
[  575.589297][    C0]  ? kthread_blkcg+0xd0/0xd0
[  575.593961][    C0]  ret_from_fork+0x48/0x80
[  575.598377][    C0]  ? kthread_blkcg+0xd0/0xd0
[  575.602994][    C0]  ret_from_fork_asm+0x11/0x20
[  575.607785][    C0]  </TASK>
[  575.611105][    C0] Kernel Offset: disabled
[  575.615524][    C0] Rebooting in 86400 seconds..