last executing test programs:

5.044078044s ago: executing program 4 (id=1457):
unshare(0x2c020400)
r0 = open(&(0x7f00000001c0)='./file1\x00', 0x14927e, 0x20)
fallocate(r0, 0x806ac776150c59ae, 0x1, 0x7d)

4.94396952s ago: executing program 4 (id=1460):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
ioctl$FS_IOC_GETFSLABEL(r0, 0x800452d2, &(0x7f0000000100))

3.784044888s ago: executing program 4 (id=1470):
request_key(0x0, &(0x7f00000008c0)={'syz', 0x1}, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="06000000040000004000000005"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000007c0), &(0x7f0000000380), 0xfff, r0, 0x0, 0xa0028000}, 0x38)

3.57397347s ago: executing program 4 (id=1474):
r0 = openat$dsp1(0xffffffffffffff9c, &(0x7f00000000c0), 0x109801, 0x0)
write$dsp(r0, &(0x7f0000002000)='`', 0x88020)
ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000000)=0x1000)

3.282324908s ago: executing program 0 (id=1478):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000480), r0)
sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)={0x4c, r1, 0x207, 0x0, 0x0, {}, [@NLBL_CIPSOV4_A_MLSLVLLST={0x4}, @NLBL_CIPSOV4_A_TAGLST={0x24, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x1}, {0x5}, {0x5}, {0x5, 0x3, 0x7}]}, @NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x3}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x1}]}, 0x4c}}, 0x800)

3.187401153s ago: executing program 0 (id=1479):
syz_mount_image$jfs(&(0x7f0000000140), &(0x7f0000000080)='./file0\x00', 0x14810, &(0x7f00000000c0)=ANY=[], 0x1, 0x5f33, &(0x7f0000000480)="$eJzs3cuOHFcZB/CvL9NzSeJYEYqMxWLiQEgI8d2GcIvDggUsQEJZY2syiQwOINsgEll4Ii8QG+ARYJMNi7wCD5BnQDwAluyssiAUqplz7Jpyj3sGz3R1z/n9pHHVV6dr+pT/U1PdU1V9AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACIH/7gp2d6EXH5t2nB0YinYxDRj1iu69WoZy7lxw8j4lhsNsfzETFYjKjX3/zn2YjzEfHJkYh792+t1YvP7rIfF07fvP75j77/zz/8+c6xn7/9s4/a7T/5wrmP/3g74uiPX//489v7s+0AAABQiqqqql56m388vb/vd90pAGAq8vG/SvJytVqtVu9r/af+Xh7/9FNd91d9SOumarzbzSIiNprr1K8ZnI4HgDmzEZ913QU6JP+iDSPiqa47Acy0Xtcd4EDcu39rrZfy7TWPB6tb7fnvlNvy3+g9uL9jp+kk7WtMpvXzdScG8dwO/VmeUh9mSc6/387/8lb7KD3uoPOflp3yH23d+lScnP+gnX/Ltvz/EhFzm39/bP6lyvkP95L/xmCO93/5AwAAAABw+OW//x/t+Pzv4pNvyq487vzv6pT6AAAAAAAAAAD77UnH/3vA+H8AAAAws+r36rW/Hnm4bKfPYquXv9WLeKb1eKAwq40PBwQAAAAAAAAAAAAApmMYsZKu61+IiGdWVqqqqr+a2vVePen686707YeSdf1LHgAAtnxypHUvfy9iKSLeSp/1t7CyslJVS8sr1Uq1vJhfz44Wl6rlxvvaPK2XLY528YJ4OKrqb7bUWK9p0vvlSe3t71c/16ga7KJj09Fh4AAQEVtHo3uOSIdMVT0bXb/KYT7Y/w8f+z+70fXPKQAAAHDwqqqqeunjvI+nc/79rjsFAExFPv63zwuo1Wp1MfWnWwtnpj9q9QHWTdV4t5tFRGw016lfMxiOHwDmzEZ81nUX6JD8izaMiGNddwKYab2uO8CBuHf/1lov5dtrHg9Wt9rztSDb8t/oba6X1x83naR9jcm0fr7uxCCe26E/z0+pD7Mk599v5395qz0P8X/Q+U/LTvnX23m0g/50Lec/aOffcnjy74/Nv1Q5/+Ge8h/IHwAAAAAAZlj++/9R53/zJgMAAAAAAADA3Ll3/9Zavu81n///0pjH9Zpz7v88NHL+vV3n7/7fwyTn32/n37ogZ9CYv/vmw/w/vX9r7aOb//5ins58/guDUf3cC73+YJiu+akW3omrcS3W4/Qjjx9uaz/zSPvCtvazE9rPPdI+qtuXc/vJWItfxbV4+0H74oQLo5YmtFcT2nP+A/t/kXL+w8ZXnf9Kau+1prW7H/Yf2e+b03HPc+nv/3np0b1r+u7E4MG2NdXbd6KD/mz+nzw1it/cWL9+8ndXbt68fibSZNvSs5Em+yznv5C+cv4vv7jVnn/vN/fXux+O9pz/rLgTwx3zf7ExX2/vK1PuWxdy/qP0lfPPR6Dx+/8857/z/v9qB/0BAAAAAAAAAAAAAACAx6mqavMW0UsRcTHd/9PVvZkAwHTl43+V5OVqtVqtVqsPX91UjfdGs4iIfzTXqV8z/H7cNwMAZtl/I+JfXXeCzsi/YPnz/urpl7vuDDBVN97/4BdXrl1bv36j654AAAAAAAAAAP+vPP7namP8583rgFrjRm8b//XNWJ3b8T/7o8HmWOdpg16Ix4//fSIeP/73cMLzLUxoH01oX5zQvjShfeyNHg05/xdSxjn/42nDShr/9eUO+tO1nP+JNNZzzv+rrcc186/+Ns/597flf+rme78+deP9D167+t6Vd9ffXf/lmdMXz5+7cP7chQun3rl6bf301r8d9vhg5fzz2NeuAy1Lzj9nLv+y5Py/kmr5lyXn/1Kq5V+WnH9+vSf/suT883sf+Zcl5/9KquVflpz/11It/7Lk/F9NtfzLkvP/eqrlX5ac/2upln9Zcv4nUy3/suT8T6Va/mXJ+eczXPIvS84/X9kg/7Lk/M+mWv5lyfmfS7X8y5LzP59q+Zcl538h1fIvS87/YqrlX5ac/zdSLf+y5Py/mWr5lyXn/3qq5V+WnP+3Ui3/suT8v51q+Zcl5/+dVMu/LDn/76Za/mXJ+X8v1fIvS87/jVTLvywPP//fzJ5nVmajG2bM7P9M17+ZAAAAAAAAAAAAAIC2aVxO3PU2AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8D924EAAAAAAAMj/tRGqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsAMHAgAAAABA/q+NUFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYW9u4uRq7zvB372zV4bgv0PhLc4YJs3Awu76zdwiMEkIX9K+kJJSJuW1Dj22jjxW73rBBAqm0JboiAVqb2gF02TKI0itRWoitRUohFSI7V3zVUjbqJWyoUrQeWgpBJVYKsz53menZmdnVmvvfaZcz4fZP+8M2dmnjlzZna/i74zAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAs00fm/qTgSzL8j+Nv9Zn2aX5v9dke/IvZ3de7BUCAAAA5+rdxt9/uy6dsGcJF2ra5l+u+7fvzc3NzWWff/v0e382N5fO2JhlQ6uzrHFe9K/v/GKueZvguWx0YLDp68EeNz/U4/zhHueP9Dh/VY/zV/c4f7TH+Qt2wAJrit/HNK7sxsY/1xe7NLsiG2mcd2OHSz03sHpwMP4up2GgcZm5kYPZ4exINpVNLLjMQOO/LHttU35bD2bxtgabbmtDlmVnfvbM/riGgbCPb8xabqyh+bF76/5s49s/e2b/d2bevKbT7LkbFqw0y7Zsztf5fJbN/7oqG8hWp30S1znYtM4NHdY51LLOgcbl8n+3r/PMEtcZ7/doWOePuqxzQzjtyRuyLJvNFt2m3XPZYLa27VbT/h4tjoj8OvKH8v3Z8FkdJ5uWcJzkl/npDa3HSfsxGff/prBPhhdZQ/PD8dZXVi3Y78s9TvJ7XYZjNb/uh/MbHR1t/tVqy7Gab/PMTYsfAx0fuw7HQDqWm46Bzb2OgcFVQ41jYHB+zZtbjoHJBZcZzAYat3X6pu7HwPjM0RPj0089fcfho/sOTR2aOjY5sXP7th3bt+3YMX7w8JGpieLvs9ulfWRtNpiOwc3htSYeg7e0bdt8SM598/w9D0ZL8jzI7/unb84XdOlgtsgxnm/z/JZzfx6k7/tNz4PhpudBx9fUDs+D4SU8D/JtzmxZ2vfM4aY/ndawUq+F65uOgYv5/TC/zcduXfy1cENY1wu3ne33w6EFx0C8WwPhuZefkn7eG7077JeFx8W1+RmXrMpOTU+dvPPJfTMzJyezMC6Iy5seq/bjZW3TfcoWHC+DZ3287PmbX958bYfT14d9NXp798cq32b7WPfHqvHq3nl/tpy6NQvjPLvQ+7PTd7N8f6Ys0WV/5ts8f8e5/yyYcknT699Ir9e/oZHh4vVvKO2NkZbXv4UPzVBjZVl25o6lvf6NhD8X+vXvipK8/uX76rE7ux8D+TYvjJ/tMTDc9fXvhjAHwnpuDYlhtCn3v9c4f7Y4TJsey57HzfDwSDhuhuMtth432xZcJr+2/La3TCzvuNlyQ+tj1fJzSwWPm3xf/flE9+Mm3+b1yXN/7VgT/9n02rGq1zEwMrQqX+9IOgiK17u5NfEYuDPbnx3PjmQH0mXyRzm/rbGtSzsGVoU/F/q14+qSHAP5vnp5a/djIN/mh9vO789OW8IpaZumn53af7+wWOa/dnj++tp32/nO/Pk6P769+++G8m3e3H62OaP7fro9nHJJh/3U/vxZ7Jg+kF2Y/XR1WOeRHd1/N5Vvc8XOJR5Pe7Ise2Pyjcbvu8Lvd//+1L9/r+X3vp1+p/zG5BsPjT/y47NZPwAAy/de4+/ZVcXPmk3/x3op//8fAAAA6Asx9w+Gmcj/AAAAUBkx9w+Fmcj/AAAAUBkx9w+HmdQk/z9x965X3n02S+8GOBfE8+NuePjeYrvY8Z4NX2+cm5ef/tFvj7zy1WeXdtuDWZb98qEPdtz+iXvjugon4jo/3Hr6Aldfv6Tbf/zR+e2a3z/hzK7i+uP9WephELvKr41vbVzvxqcmG/P1h7LGfGT2heeK6y++jtuf3lZs/5fhTUv2HBxoufyWsJ4bw9wY3lPm4T3z+yGf8XKvbLjuny//zPztxcsNbL6scTdf/oPieuN7RL10ebF9vN+Lrf+fvvbdV/Ltn7yp8/qfHey8/tPhen8a5ju7i+2b9/lXm9b/R2H98fbi5e781g86rv/Vq4rtXw3HxTfCbF///X/6oXc7PV7xdvbcU1wu3v7E/2xvXC5eX7z+d3ZvHWg+ZkafnWzZH+3X//rbxfXs/tLPh5q3j6fH24kev6f1+B4Ij29LjzzLsu/+cdayn7OPFJf7x7b1x+s7cU/n/X972zpPDFzfuPz8/Vnfcr++/tdbO97fuJ49f7e+5f689EDYf2+P/zC/3tOPhOMxnP+/Pyqur/29TF99oPX1Jm7/jfXF8zZe33jb+l9qW//s9fm+673+B98u1v/qfatb1r/nE+F4erCYvdZ/6K/WtVz+m98pHo+TXx47dnz61OEDTXu1+Xm8enTN2ksufd9l68JrafvXe4/PPDF1cuPExoks29iHbxm40uv/Vpj/XYzZ838LhR//vDjuXvxk8X3rll8UX78UTn88PJ7x++PX/2Kk5Xhtf9xn7yvmua7/trCOpbrqa/95/ZI2PP251079wx++2f5zQbw/Jz4w2rh/L2+6snHewOvF+e2vV738xwdan9c/GZ5ozO+H/ToX3pl585XF7bVff3xvkhc/VTx/409y8fJZ2/uJrB9qvR/nuv6fhJ9jfnB16+tfPD6+/2zbuzmvzwbyJcyG14dstjg/bhX394tnrux4e/F9eLLZa85mmYuafmp6/MjhY6eeHJ+Zmp4Zn37q6b1Hj586NrO38d6le7/Q6/Lzz++1jef3gamd27PGs/14MVbYxV7/iUf3H7hr4uYDUwf3nTo48+iJqZOH9k9P7586MH3zvoMHp77c6/KHD+ye3Lpr211bxw4dPrD77l27tu0aO3zseL6MYlE97Jz44tixk3sbF5nevX3X5I4d2yfGjh4/MLX7romJsVO9Lt/43jSWX/pLYyenjuybOXx0amz68NNTuyd37dy5tee7Px49cXB64/jJU8fGT01PnRwv7svGmcbJ+fe+XpenHqaPh9e7NgPhp/PP3r4zvT9u7ttfWfSqik1afzzN3grvBRW/v/X6Oub+kTCTmuR/AAAAqIOY+8Mb/8+fIf8DAABAZcTcvzrMRP4HAACAyoi5fzTMpCb5X/9f/1///6z6/y3r1/9vXY/+v/5/J/r/+v/d6P/r//fz+vX/9f/prWz9/5j712RZLfM/AAAA1EHM/WvDTOR/AAAAqIyY+y8JM5H/AQAAoDJi7r80zKQe+X+k/Z/6//r/+v/N/f+4rf5/pv+v/79M+v/6/93o/+v/9/P6S9j/X6P/T9mUrf8fc//7wkzqkf8BAACgFmLuvyzMRP4HAACAyoi5f12YifwPAAAAlRFz//owk5rkf5//r/+v/+/z//X/9f9Xkv6//n83+v/6//28/hL2/33+P6VTtv5/zP3/L8ykJvkfAAAA6iDm/veHmcj/AAAAUBkx918eZiL/AwAAQL8aaT8h5v4rwkxqkv/1//X/9f/1//X/9f9Xkv5/H/T/O3Ut9f+XRP9f/1//X/+f7srW/4+5/wNhJjXJ/wAAAFAHMfdfGWYi/wMAAEBlxNx/VZiJ/A8AAACVEXP/YJhJTfK//r/+v/6//r/+v/7/StL/74P+fyf6/0ui/6//r/+v/093Zev/X9241Gh2TZhJTfI/AAAA1EHM/deGmcj/AAAAUBkx938wzET+BwAAgMqIuX9DmElN8n/X/v9l89vp/3en/995/fr/F77/P6j/r/9fMv3V/x9c9Bz9/4L+fyv9f/1//X/9f7orW/8/5v4PhZnUJP8DAABAHcTcf12YifwPAAAAlRFz//VhJvI/AAAAVEbM/RvDTGqS/33+v/6//n+1+v8+/1//v2z6q/+/OP3/gv5/K/1//X/9f/1/uitb/z/m/k1hJjXJ/wAAAFAHMfdvDjOR/wEAAKAyYu6/IcxE/gcAAIDKiLn/xjCTmuR//X/9f/1//X/9f/3/laT/r//fjf6//n8/r1//f2n9/1W9rohKK1v/P+b+m8JMapL/AQAAoA5i7r85zET+BwAAgMqIuf+WMBP5HwAAACoj5v4tYSY1yf/6//r/+v/6//r/+v8rSf9/yf3/NctZl/5/Qf9/eS52f77f16//7/P/6a1s/f+Y+28NM6lJ/gcAAIA6iLn/tjAT+R8AAAAqI+b+28NM5H8AAACojJj7x8JMapL/9f/1//X/9f/1//X/V1JV+//pddTn/+v/6//r/+v/6/+zqLL1/2PuvyPMpCb5HwAAAOog5v47w0zkfwAAAKiMmPvHw0zkfwAAAKiMmPsnwkxqkv9T//+/9P8z/X/9f/3/xfv/6/T/9f+Xp6r9/xX4/P9lrV//v6D/vzwXuz/f7+vX/9f/p7ey9f9j7p8MM6lJ/gcAAIA6iLl/a5iJ/A8AAACVEXP/tjAT+R8AAAAqI+b+7WEmNcn/Pv9f/1//X//f5//r/68k/X/9/270//X/+3n9+v/6/7Qa7HBa2fr/MffvCDOpSf4HAACAOoi5f2eYifwPAAAAlRFz/11hJvI/AAAAVEbM/XeHmdQk/+v/6//r/+v/l7f/33r7+v/6/53o/+v/Z/r/y3ax+/P9vn79f/1/eju//f9159z/j7l/V5hJTfI/AAAA1EHM/R8OM5H/AQAAoDJi7r8nzET+BwAAgL7S6XMIo5j7PxJmUpP8r/9f9f7/3Gr9f/3//u3/t+5P/X/9/070//X/M/3/ZbvY/fl+X7/+v/4/vZ3f/v+CH0/Puv8fc//uMJOa5H8AAACog5j77w0zkf8BAACgMmLuvy/MRP4HAACAyoi5f0+YSU3yv/5/1fv/5fv8/4FM/1//v6D/r/9/Puj/6/9n+v/Lttz+fPixRf+/RP3//BjS/6eMytb/j7n//jCTmuR/AAAAqIOY+z8aZiL/AwAAQGXE3P+xMBP5HwAAACoj5v6Ph5nUJP/r/+v/+/x//X/9f/3/laT/r//fjf5/f/b/I/3/8vT/ff4/ZVW2/n/M/Q+EmdQk/wMAAEAdxNz/iTAT+R8AAAAqI+b+/x9mIv8DAABAZcTc/2CYSU3yv/6//r/+v/6//r/+/0rS/9f/70b/X/+/n9ev/6//T29l6//H3P8rYSY1yf8AAABQBzH3PxRmIv8DAABAZcTc/8kwE/kfAAAAKiPm/l8NM6lJ/tf/vzD9/8F0/fr/+v/6//r/+v/nk/6//n+m/79sF7s/3+/r1//X/6e3svX/Y+7/tTCTmuR/AAAAqIOY+389zET+BwAAgMqIuf83wkzkfwAAAKiMmPsfDjOpSf7X//f5//r/+v+l7f8Pt+5P/X/9/070//X/M/3/ZbvY/fl+X7/+v/4/vZWt/x9z/2+GmdQk/wMAAEAdxNz/SJiJ/A8AAACVEXP/p8JM5H8AAACojJj7Px1mUpP8r/+v/6//r/9f2v5/2/7U/9f/70T/X/8/0/9ftovdn+/39ev/6//TW9n6/zH3PxpmUpP8DwAAAHUQc/9nwkzkfwAAAKiMmPt/K8xE/gcAAIDKiLn/t8NMapL/9f/1//X/9f/1//X/V5L+/8L+f/4adjH7/6uWsqH+/5Lo/+v/6//r/9Nd2fr/Mfd/NsykJvkfAAAA6iDm/t8JM5H/AQAAoDJi7v/dMBP5HwAAACoj5v7Hwkxqkv/1//X/9f/1//X/9f9Xkv6/z//vRv9f/7+f16//r/9Pb2Xr/8fc/7kwk5rkfwAAAKiDmPt/L8xE/gcAAIDKiLl/b5iJ/A8AAACVEXP/42EmNcn/+v/6//r/+v/6//r/K0n/X/+/G/1//f9+Xr/+v/4/vZWt/x9z/74wk5rkfwAAAKiDmPs/H2Yi/wMAAEBlxNy/P8xE/gcAAIDKiLn/QJhJTfK//r/+v/6//r/+v/7/StL/1//vRv9f/7+f16//r/9Pb2Xr/8fcPxVmUpP8DwAAAHUQc//BMBP5HwAAACoj5v5DYSbyPwAAAFRGzP1PhJnUJP/r/+v/6//r/+v/6/+vJP1//f9u9P/1//t5/fr/+v/0Vrb+f8z9h8NMapL/AQAAoA5i7v9CmIn8DwAAAJURc/8Xw0zkfwAAAKiMmPuPhJnUJP/r/+v/6/9XsP8/rP+f6f+Xhv6//n83+v/6//28fv1//X96K0f/fzZ9HXP/0TCTmuR/AAAAqIOY+4+Fmcj/AAAAUBkx9x8PM5H/AQAAoDJi7j8RZlKT/K//r/+v/1/B/r/P/2/Q/y8H/X/9/270//X/+3n95er/Z/r/lFI5+v/zX8fc//thJjXJ/wAAAFAHMfefDDOR/wEAAKAyYu6fDjOR/wEAAKAyYu6fCTOpSf7X/9f/1//X/9f/1/9fSfr/+v/d6P/r//fz+svV//f5/5RT2fr/MfefCjOpSf4HAAD+j737zLHsqvo4fLstv/0ihBgLI2AIjIEvDIGcs8k555xMzjnnnHPOYDAZDJIRrrVWg6v6nOryva599nqeL0s2Nt7qkhr9hX4+QAe5++8Zt9j/AAAAMI3c/feKW+x/AAAAmEbu/nvHLU32v/5f/6//H6b/P+r89P/6f/3/VdH/6/93+v8zO+9+fuvv1//r/1k3Wv+fu/8+cUuT/Q8AAAAd5O6/b9xi/wMAAMA0cvffL26x/wEAAGAaufvvH7c02f/6f/2//n+Y/t/3//PnOmP/f+HyP1b/v1/6f/3/Tv9/Zufdz2/9/fp//T/rRuv/c/c/IG5psv8BAACgg9z9D4xb7H8AAACYRu7+B8Ut9j8AAABMI3f/g+OWJvtf/6//1//r//X/vv9/SPp//f8S/b/+f8vv1//r/1k3Wv+fu/8hcUuT/Q8AAAAd5O5/aNxi/wMAAMA0cvc/LG6x/wEAAGAaufsfHrc02f/6f/2//l//r//X/x+S/l//v0T/r//f8vv1//p/1o3W/+fuf0Tc0mT/AwAAQAe5+x8Zt9j/AAAAMI3c/Y+KW+x/AAAAmEbu/kfHLU32v/5f/6//1//r//X/h6T/1/8v0f/r/7f8/nn7/+v1/+zNwfv/u113yz1t/5+7/7q4pcn+BwAAgA5y9z8mbrH/AQAAYBq5+x8bt9j/AAAAMI3c/Y+LW5rs/xP6/2t2+v+m/f/NF/T/+v8x+/+b4ncZ/b/+/7jJ+/+La+/S/x/R/5/Nlfv50/1K6P9n7f99/5/9OXj/v9L73/qPc/c/Pm5psv8BAACgg9z9T4hb7H8AAACYRu7+J8Yt9j8AAABMI3f/k+KWJvvf9//1//v8/n/+9+r/j+j/ff9f/6//9/3/ZQfs/++Rv5in6P//b6f/9/3/Pff/dz3F+/X/dDBa/5+7/8lxS5P9DwAAAB3k7n9K3GL/AwAAwDRy9z81brH/AQAAYBq5+58WtzTZ//p//f8++/823/+/w9Hfr///3/fo//X/J9H/6/+X+P6//n/L7/f9f/0/60br/3P3Pz1uabL/AQAAoIPc/c+IW+x/AAAAmEbu/mfGLfY/AAAATCN3/7Pilib7X/+v/9f/+/7/ber/r9H/6/+X6f/1/0v0//r/Lb9f/6//Z91o/X/u/mfHLU32PwAAAHSQu/85cYv9DwAAANPI3f/cuMX+BwAAgGnk7n9e3NJk/+v/9f/6f/2/7//r/w9J/z9d/39B/3+Z/l//r//X/7NstP4/d//z45Ym+x8AAAA6yN3/grjF/gcAAIBp5O5/Ydxi/wMAAMA0cve/KG5psv/1//p//b/+X/+v/z8k/f90/b/v//8X/b/+X/+v/2fZaP1/7v4Xxy1N9j8AAAB0kLv/JXGL/Q8AAADTyN3/0rjF/gcAAIBp5O5/WdzSZP/r//X/+n/9v/5f/39I+n/9/5Kp+/9b/+a2O33///9X+Ofp/8d6/376//zpr/T/F4///fp/tmC0/j93/8vjlib7HwAAADrI3f+KuMX+BwAAgGnk7n9l3GL/AwAAwDRy978qbmmy/6/U/994x6P/XP9/Ovr/k9+v/9f/6//1//p//f+Sqft/3//fyxtHfr/v/+v/WTda/5+7/9VxS5P9DwAAAB3k7n9N3GL/AwAAwDRy9782brH/AQAAYBq5+18XtzTZ/77/r//X/+v/9f/6/0PS/+v/l2yo/7900p/U/+v/9f/6f5aN1v/n7r8+bmmy/wEAAKCD3P2vj1vsfwAAAJhG7v43xC32PwAAAEwjd/8b45Ym+1//r/8/9/7/ov4/6f/j56r/1/9fBf2//n/n+/9ndt79/Nbfr//X/7NutP4/d/+b4pYm+x8AAAA6yN3/5rjF/gcAAIBp5O5/S9xi/wMAAMA0cve/NW5psv/1//r/c+//ff+/6P/j56r/1/9fBf2//n+n/z+z8+7nt/5+/b/+n3Wj9f+5+98WtzTZ/wAAANBB7v63xy32PwAAAEwjd/874hb7HwAAAKaRu/+dcUuT/a//1//r//X/+n/9/yHp//X/S/T/+v8tv1//r/9n3Wj9f+7+d8UtTfY/AAAAdJC7/91xi/0PAAAA08jd/564xf4HAACAaeTuf2/c0mT/6/+33v/f/YZ4gf5f/6//1/8PSf+v/1+i/9f/b/n9+n/9P+tG6/9z978vbmmy/wEAAKCD3P3vj1vsfwAAAJhG7v4PxC32PwAAAEwjd/8H45Ym+79H/3/tsb9snv7f9//1//p//f/Y9P/6/yX6f/3/lt+v/9f/s260/j93/4filib7HwAAADrI3f/huMX+BwAAgGnk7v9I3GL/AwAAwDRy9380bmmy/3v0/8fp/4/svf+/+c76f/1/0f/r/3f6f/3/Cv2//n/L75+6/7+w0/+zF6P1/7n7Pxa3NNn/AAAA0EHu/o/HLfY/AAAAzOCWsZ+7/xOX/9QR+x8AAACmkbv/k3HDXe50fk+6Xen/9f++/6//1//r/w9J/6//X6L/1/9v+f1T9/++/8+ejNb/5+7/VNzi//8HAACAaeTu/3TcYv8DAADANHL3fyZusf8BAABgGrn7Pxu3NNn/+n/9v/5f/6//1/8fkv5f/79E/6//3/L79f/6f9aN1v/n7v9c3NJk/wMAAEAHufs/H7fY/wAAADCN3P1fiFvsfwAAAJhG7v4vxi1N9r/+X/+v/9f/6//1/4ek/9f/L9H/6/+3/H79v/6fdaP1/7n7vxS3NNn/AAAA0EHu/i/HLfY/AAAATCN3/1fiFvsfAAAAppG7/6txS5P9r//X/+v/9f/6f/3/Ien/9f9L9P/6/y2/X/+v/2fdaP1/7v6vxS1N9j8AAAB0kLv/63GL/Q8AAADTyN3/jbjF/gcAAIBp5O7/ZtzSZP/P3P8v/WX6/yP6f/3/Tv8/WP9/7bF/H4D+f5n+X/+/0/+f2Xn381t/v/5f/8+60fr/3P3filua7H8AAADoIHf/t+MW+x8AAACmkbv/O3GL/Q8AAADTyN3/3bilyf6fuf9fov8/ov/X/+/0/4P1/77/f7X0//r/nf7/zM67n9/6+/X/+n/Wjdb/5+7/XtzSZP8DAABAB7n7vx+32P8AAAAwjdz9P4hb7H8AAACYRu7+H8YtTfa//l//r//X/+v/D9j/5x/o//X/+v8T6f/1/1t+v/5f/8+60fr/3P0/ilua7H8AAADoIHf/j+MW+x8AAACmkbv/J3GL/Q8AAADTyN3/07ilyf7X/+v/9f/6f/2/7/8fkv5f/79E/6//3/L79f/6f9aN1v/n7v9Z3NJk/wMAAEAHuft/HrfY/wAAADCN3P2/iFvsfwAAAJhG7v5fxi1N9v9t6v8v6f+T/v/k9+v/9f/6f/1/2/7/P/+zqv9fpf/X/2/5/fp//T/rRuv/c/f/Km5psv8BAACgg9z9v45b7H8AAACYRu7+38Qt9j8AAABMI3f/b+OWJvvf9//1//p//b/+X/9/SG37f9//PxX9v/5/y+/X/+v/WTda/5+7/4a4pcn+BwAAgA5y9/8ubrH/AQAAYBq5+38ft9j/AAAAMI3c/TfGLU32v/5f/z9l/39J/6//1/+PQv+v/1+i/9f/b/n9+n/9P+tG6/9z9/8hbmmy/wEAAKCD3P1/jFvsfwAAAJhG7v4/xS32PwAAAEwjd/+f45Ym+1//r/+fsv/3/X/9v/5/GPp//f8S/b/+f8vv1//r/1k3Wv+fu/8vcUuT/Q8AAAAd5O7/a9xi/wMAAMA0cvf/LW6x/wEAAGAaufv/Hrc02f/6f/2//l//r//X/x+S/l//v0T/r//f8vv1//p/1l2p/0+3d/+fu/8fcUuT/Q8AAAAd5O6/KW6x/wEAAGAaufv/GbfY/wAAADCN3P3/ilua7H/9v/5f/6//1//r/w9J/6//X6L/1/9v+f36f/0/60b7/n/u/n8HAAD//5DgH4Q=")
mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000140)='ramfs\x00', 0x10, 0x0)
quotactl$Q_QUOTAON(0xffffffff80000200, &(0x7f0000006980)=@loop={'/dev/loop', 0x0}, 0x0, &(0x7f0000000000)='./file0\x00')

1.921247718s ago: executing program 0 (id=1494):
r0 = socket$inet6(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000180)={@loopback, 0x800, 0x0, 0x3, 0x1, 0x80}, 0x20)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@loopback={0xffffffffffffffa4}, 0x800, 0x0, 0x3, 0x0, 0x40, 0x8}, 0x20)

1.843227452s ago: executing program 0 (id=1486):
syz_mount_image$hfsplus(&(0x7f0000001cc0), &(0x7f0000000100)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x44, &(0x7f0000000200)=ANY=[@ANYBLOB='umask=00000000000000000000000,decompose,nls=cp932,uid=', @ANYRESHEX=0xee01, @ANYBLOB="2c6e6f626172726965722c0000000000000b9c00000030303030303030c8f71132e94930303030342c00"], 0x20, 0x6e3, &(0x7f00000003c0)="$eJzs3U9sW3cdAPDvsx0n7qTMG+1WEFKjVVSwQpvEjBYJiYIQymGCSlx2DW26RnWyKslQWiHqAYMjnFAPOwyhcNgJcUAa4oAYZyQk7r1X4sCt4oDRe34vsZ3EibM47rrPR3p+v+f3+/N9X//es/3SygF8ai28EROtSGLh4uub6fajrUbz0VZjpShHxGRElCIqnVUkqxHJRxHXorPEZ9Mn8+6S/cZ57fGH7114+EGjs1XJl6x+aVC7He0BI7TyJWYiopyvh1TZr78be/T3YKiuk+2404SdLxIH49bepTVM80Oct8DT7kFEeWKP5+sRpyJiKv8cEPnVoXTC4R27oa5yAAAA8HQqH1Th+SfxJDZj+mTCAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgGdD0vnNwCRfSkV5JpL89/+/n1fLVKvjDfcAXz5g/7u3TigQAAAAAAAAADh+EzvFc0/iSWzGdLHdTrK/+b+SbZzOHp+Lt2M9lmItLsVmLMZGbMRazEVMTHf1Wd1c3NhYm9vd8jeRtmy32w/ylvMRUd/Vcn7ExwwAAAAAAAAAz7afxkJMjzsIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADolkSUO6tsOV2U61GqRMRURFTTeq2IvxTlT7K/jjsAAAAAGL1avp5O/tcptJPsO/9L2ff+qXg7VmMjlmMjmrEUN7N7AZ1v/aV/thrNR1uNlXTZ3fG3/j1UHFmPEVGOd/YZeTarcWa7xUJ8N34QF2MmrsdaLMePYjE2YilmopYeRCxGEvVa5+5FvYizN95y3tW1nlCu98d2rm/7bBZJLW7FchbbpbhRLXorZTWSONs12p+qEX0ZeifNTvLN3CFzdLPr9fp1fl8m137+kH2MRj078ontjMymuc+z8cLeuS8MOU/6R5qL0vY9qNM7o6Sb/SMVOf/hMDk/la/TXP+iN+fHbchbaf2ZmI9SPvsiXurN+d0vPHyxt/GX/vW367dLq3du31q/OMJDGqmJotCfiUZXJl4ePPvyTDTTTLQOn4mJ/iemPsZxHKNqno3Ohe1wV8vvZKXFeKVrCr4VN2MprsRszMXVmI2vx3w0embYmZ68VhorvTnJzrXS7utbbUDw57/YVemXB1Q+WWleXujKayG90tWzffnsu/armO3K0ouDZ99R3gUqn8sL6Rg/64lm3HoykV+bi+iKN6h9MvHbdvq43ly9s3Z78e7204Pf1S7k6/S0fbf32vy7YzmgI0vnS3rFrWRbWU5qxTtjuu8z29H25qua/8Wl0660a9+Z7X31mI7l+N6+Z2o1/wy3u6fOvpf33NfI9p3t2tfzKSfeimb2KaTPzMlkFYBDO/XqqWrtce0ftfdrP6/drr0+9e3Jq5Ofr8bE3yt/Lv+h9PvSN5JX4/34SUyPO1IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgWrN+7f2ex2VxaG2GhesSxonRgna3nDtdh1CMGj5Xkheqos/EUFP4zNTAbtRjR6H+MiAF1qh97iGT08zmdyMfSYfHDadkz7fIQzStFq73rVGJ9ar9XcHLndY/6ncXmf9s9dWrRdcoAz7jLGyt3L6/fu/+V5ZXFN5feXFqdv3rl6pXG1+a+evnWcnNptvM47iiBUVi/d7887hgAAAAAAAAAAACA4eT/+n/jyP+ZoXJAnera+t4jnzvpQwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+oRbeiIlWJDE3e2k23X601WimS1HeqVmJiFJEJD+OSD6KuBadJepd3SX7jfPa4w/fu/Dwg8ZOX5WifmlQu8Np5UvMREQ5Xx9sco9uYq2/vxtd/bWOFF6yfYRpws4XiYNx+38AAAD//6IW9NQ=")
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x101000, 0x108)
getdents64(r0, &(0x7f0000000f80)=""/4096, 0x1000)

1.687325092s ago: executing program 0 (id=1489):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={<r0=>0xffffffffffffffff})
r1 = getpid()
sendmmsg$unix(r0, &(0x7f0000000440)=[{{0x0, 0x0, 0x0}}, {{&(0x7f0000000000)=@abs={0x1, 0x0, 0x5000000}, 0x6e, 0x0, 0x0, &(0x7f0000000880)=ANY=[@ANYBLOB="1c000000000000000100000002000000", @ANYRES32=r1, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000010"], 0x30}}], 0x2, 0x0)

1.686988321s ago: executing program 2 (id=1490):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$fou(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$FOU_CMD_ADD(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x1c, r1, 0x509, 0x70bd25, 0x25dfdbfd, {}, [@FOU_ATTR_PEER_V4={0x8, 0x8, @private=0xa010101}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4008004}, 0x0)

1.678485092s ago: executing program 2 (id=1491):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x2}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xd, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000001000002b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50)

1.52637023s ago: executing program 0 (id=1492):
r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x141, 0x48, 0x13, 0x44, 0x20, 0x424, 0x7500, 0x69ee, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0xb8, 0x7, 0x2, 0x96, 0xd1, 0xca, 0x0, [], [{{0x9, 0x5, 0x6, 0x2, 0x200, 0xd, 0x0, 0x6}}, {{0x9, 0x5, 0x82, 0x2, 0x200, 0x0, 0x1, 0x10}}]}}]}}]}}, 0x0)
syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)

1.449782765s ago: executing program 3 (id=1493):
r0 = syz_open_procfs(0x0, &(0x7f0000002040)='net/tcp\x00')
read$FUSE(r0, &(0x7f0000004340)={0x2020}, 0x2020)
pread64(r0, &(0x7f0000000080)=""/100, 0x64, 0x57)

1.290812115s ago: executing program 1 (id=1495):
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff}, 0x13f, 0xf886267d8fac22c5}}, 0x20)
write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f00000000c0)={0xe, 0x18, 0xfa00, @id_tos={0x0, r1, 0x0, 0x3}}, 0x20)

1.285526265s ago: executing program 3 (id=1496):
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
set_mempolicy(0x4003, &(0x7f00000001c0)=0x8000000100000003, 0xe1)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)

1.179522571s ago: executing program 3 (id=1497):
r0 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r0, &(0x7f00000010c0)={0x2, 0x0, @loopback}, 0x10)
sendmsg$rds(r0, &(0x7f0000000380)={&(0x7f0000000000)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@rdma_dest={0x10}], 0x18}, 0x0)

1.167194441s ago: executing program 3 (id=1498):
iopl(0x3)
ioperm(0x0, 0x1, 0x1)
ioperm(0x0, 0x40, 0x0)

1.118688755s ago: executing program 3 (id=1499):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x8, &(0x7f0000000000)=0xfffffffd, 0x4)
getsockopt$inet6_tcp_buf(r0, 0x6, 0x8, 0x0, &(0x7f0000001040))

975.623523ms ago: executing program 3 (id=1500):
write(0xffffffffffffffff, &(0x7f0000000000)="fc0000001a000700ab092500090007000aab0700a90100001d60369321000100ff0500000005d0000000000000039815fa2c1ec28656aaa79bb94b46fe00", 0x3e)
syz_usb_connect(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="120100006325a640402000207265970000010902240001000000000904000002214c6a0009050702000000da00090589"], 0x0)
read$hiddev(0xffffffffffffffff, 0x0, 0x0)

975.312153ms ago: executing program 1 (id=1501):
r0 = socket$kcm(0x11, 0x200000000000002, 0x300)
setsockopt$sock_attach_bpf(r0, 0x107, 0x8, &(0x7f00000000c0), 0x8)
recvmsg$kcm(r0, &(0x7f0000001280)={0x0, 0x0, 0x0, 0x0, &(0x7f00000005c0)=""/41, 0x29}, 0x20)

810.152382ms ago: executing program 2 (id=1502):
mount$tmpfs(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000004fc0), 0x4481, &(0x7f0000005000)=ANY=[@ANYBLOB='nr_blocks=T'])
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='mountinfo\x00')
read$FUSE(r0, &(0x7f0000004fc0)={0x2020}, 0x2020)

773.831005ms ago: executing program 2 (id=1503):
r0 = socket$inet(0x2, 0x2, 0x1)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0)
sendmsg$inet(r0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0xffff, @multicast1}, 0x10, &(0x7f00000000c0)=[{&(0x7f0000000400)='\b\x00', 0x2}, {&(0x7f0000000180)="2d0000008058", 0x6}], 0x2, &(0x7f0000000100)=ANY=[@ANYBLOB="1c000000000000000000000007000000890b040a0101027f00000100000000001c000000000000000000000008"], 0x40}, 0x0)

695.425659ms ago: executing program 2 (id=1504):
syz_mount_image$f2fs(&(0x7f0000000040), &(0x7f0000000200)='./bus\x00', 0x3000410, &(0x7f0000000140)=ANY=[], 0xfe, 0x54f8, &(0x7f0000005980)="$eJzs3LtvW1UcB/DjpGn6okSIga1XqpASqbbiPCrYArTiIVJFPAYmcGzHcmv7RrHjhEwMjIiB/wSBxMTI38DAzIYYQGxIIN9zQpvyWOLECfl8pOvvvcfXv3uOVVX6XUc3ABfWXPbbL6VwM1wNIUyHEG6EUOyX0lZYi/FCCOFWCGHqia2Uxv8auBxCuBZCuJkKJqO3vrgzvL3681u/fvv97KXrX37zwwSWC5wRL4YQuttxf68bM2/FfJjGa8N2kd2VYcr4RvdROs5j7jU3iwp7tcPzakUut+L5+fZuf5RbnVp9lK32VjG+3YsX7A9bh3WKDzys7RTHjeZmke1+XmTrIM5r/yD+93bQH8Q6jVTv46J8GAwOM44395txPduPiqz3Bmk81s0bzf1RDlOmy4V63mkU89g8zjd9tr3d7u3uZ8PmTr+d97LVSvWlSvVuubqTN5qD5kq51m3cXcnmW53RaeVBs9Zda+V5q9Os1PPuQjbfqtfL1Wo2f6+52a71smq1slxZLK8upL072esP3s86jWx+lK+2e7uDdqefbeU7WfzEQrZUWX55Ibtdzd5d38g23rl/f33jvQ/vffDglfU3X0sn/W1a2fzS4tJSubpYXqouXKD1f5omPcb1w7GUJj0BgPPnRPv/uVizpP8HnnLe+/+g/x+Lc9X/XvT+/wTWD8ei/wcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuLB+nPnqjWJnLh5fT+PPpKHn0nEphDAVQvjjH0yHy0dqTqc6M/9y/sxTc1gLoagwusZs2q6l8dH2+7Mn/S0AAADA/9fXn9z6PHbr8WVu0hPiNMWbNlM3PhpTvVIIYWbupzFVmxq9PD+mYsW/70thf0zVihtYV8ZULN5yuzSuav/h8X236SNx5YkoxZg6hekAAACn7GgncBpdCAAAAJPx2aQnwGSUwuPfBNMf8M/GSD8IXj1yBAAAAJxDpUlPAAAAADhxRf9/Fp7/913J8/8AAADgpMTn/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMCf7NxPTsJAFAfg10IF/0Vi3HsVd3AMj+DSpeEAXoIj4BW8AGfAnUcwYGhLtAYTkw7FkO9L2jIT8uOVsHkzpAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwD69FfPJy9Ptc9uc1bqdNHcDAAAA7LIs5pPyxagan9fzl/XUdT3OIiKPiF29ey9OGpm9Oqf45f3FjxpeI8qEzWcM6uMsIu7q4+Nq398CAAAAHK/FdDauuvXqNDp0QXSpWrTJL+4T5WURUYzeE6Xlm9NNorDy992Px0Rp5QLWMFFYteTWT5X2J73GZfjtklWXvNNyAACATjQ7gW67EAAAALr0cOgCOIwstluZ273g8p/3XxuCp40RAAAA8L8Ndk1m3dcBAAAAdKzs/z3/DwAAAI5b9fw/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9mlZzCeL6WzcNme1bifN3QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfLI/7ygQAmEQBnvXdyZz/8NKg6amJlUgfPyNwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC8+d1f/k9MjTPJ3Gtj6XkkWTs1tk6NvXPj6A/j69cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAxf68pEAIBEEUzBn/O+n7H1YS9AwiREDDo4paNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF/0u1/+T0yNM8ncaWPpeCRZu2psXTX2HjSOHoy3fwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAxc79+8ZNxQEAf7bPF1pAHAFlCEIgMcBCr9fS0pUBFDHwJyBF6bUErvxoM9CqQsrChjJ3QTAihAQKW/6HzImUJWwZbggSc5B9duL8kDgIsa/J5yM9v+9Z1nvf50RRvn5OAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDS8L2DOMkOnVEcF+c2dh8vZP3mkT6ztrI1m7UsjupM+unwavVDNNNcIgAAAFwcSVnfhxC209W5rI87ef2fltdkNf8Pz4/isp4/WveXfVn7Z+3333Ze3p+oM5onG/TO4qB/9XgqrbNb5WR74R+vaOV3Pn/2kuRfkPjD5ZeGaX4/o+/W199v5+FUHdkCAP/FlbIvgvL3oazvNZkYABdGq1J4l/V/0mk2JwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA6DJfDs2UchRBmWwdxZnP38cJJ/drK1mzZbj55slIdMxsiDSHcWRz0r9a4lkn34OGjz+YHg/79+oPXQgjNzV4EH49xTQhNZig4bRAX3+v/48h70QSs62yDhn8wAQBw7qRFy+r67XR1LjsXTYew9+Ph+v/NShzGrP93Prm5UZ2rWv/3alvh5Osu3fuy++Dho7cX783f7d/tf/7Otd67veu3bty41c2flXQ9MQEAAOB02kWr1v/x9PH9/8uVOIxZ/3/1fe+b6lyJ+v9EB5t+TWcCAABwsb34+l9/Riecj9rt8PX80tL93ui4//na6NhAqv/aVNGq9X8y3XRWAAAAQB2Gy9Gh/f/blTiMuf//3E+v/FIdMwkhXCr2/68sfDG4Xd9yJlodf07c9BoBAABo1qWiVff/0/z9/3j/lYc4hPDWG6O4+DeAY9X/yQff/lydq/r+//X6ljiR4pnR/cj7qRBaM01nBAAAwHn2TNGyYv+PdHXu018vf9T2/j8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA3f4OAAD//xwcQP8=")
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0)
link(&(0x7f0000000940)='./file1\x00', &(0x7f0000000240)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')

461.867923ms ago: executing program 4 (id=1505):
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000040)='./file1\x00', 0x0, &(0x7f0000000000)={[{@quota}, {@grpquota}, {@init_itable}]}, 0x1, 0x4d1, &(0x7f0000000500)="$eJzs3c9vI1cdAPDvTH5umjYpVOKHgC6lsKBV7cTbRlVP5QJCVSVExYnDNiTeKIodR7FTmrCH9H9AohIn+BM4IHFA6ok7N7ghpHJAKrACbZA4GM14nM0PO0TdrGcVfz7SyPPmxfP9vjjz3uQ58QtgbN2MiMOImI6IdyNioTieFFu82duyr3v44P7a0YP7a0l0u+/8I8nrs2Nx4jmZZ4pzzkbED74b8ePkfNz2/sHWaqNR3y3K1U5zp9reP/jLZnN1o75R367VVpZXll6/81rtytr6YvPXn3xn860f/u63X/74D4ff+mmW1nxRd7IdV6nX9KnjOJnJiHjrSQQrwUTRnumyE+FTSSPiMxHxUnb9d8vOBgAYhW53IboLJ8sAwHWX5nNgSVop5gLmI00rld4c3gsxlzZa7c7te6297fXeXNliTKX3Nhv1pWKucDGmkqy8nO8/KtfOlO9ExPMR8bOZG3m5stZqrJd54wMAY+yZM+P/v2d64z8AcM3Nlp0AADByxn8AGD/GfwAYP8Z/ABg/xn8AGD/GfwAYP8Z/ABgr33/77WzrHhWff73+3v7eVuu9V9br7a1Kc2+tstba3alstFob+Wf2NP/f+Rqt1s7yq7H3frVTb3eq7f2Du83W3nbnbv653nfrUyNpFQBwkedf/OhPSUQcvnEj3+LEWg7Garje0rITAEozUXYCQGkmy04AKI3f8YEBS/Se0v8TofmzFR8OfYquBZ5yt75g/h/Glfl/GF/m/2F8mf+H8dXtJtb8B4AxY44fuOz7/6dMX/j+PwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFx78/mWpJViLfD5SNNKJeLZiFiMqeTeZqO+FBHPRcQfZ6ZmsvJy2UkDAI8p/VtSrP91a+Hl+bO108l/ZqJY6usnv3jn5++vdjq7y9nxfx4f73xYHK9dGMhSgwBQkv443R/H+x4+uL/W30aZzyff7i0umsU9KrZezWRM5o+z+Y3D3L+SotyT3a9MXEH8ww8i4vOD2p/kcyOLxcqnZ+NnsZ8dafz0VPw0r+s9Zt+Lz15BLjBuPsr6nzcHXX9p3MwfB1//s3kP9fj6/d/Ruf4vPe7/Job0fzcvG+PV339vaN0HEV+cHBQ/OY6fDIn/8iXj//lLX3lpWF33lxG3ooifxKn4J2NVO82danv/4JXN5upGfaO+XautLK8svX7ntVo1n6Ou9meqz/v7G7efu6j9czG4/bPD2z+bHfv6Jdv/q/+++6OvXhD/m18b/Pq/MDx+PiZ+45LxV+d+M3D57n789cHtL54z/PW/fe5sNwbG+PivB+uXTBUAGIH2/sHWaqNR37Uzsp3s3u0pSMNOaTvZT8BVnOdzTzDVsnsm4El7dNGXnQkAAAAAAAAAAAAAADDMKP7hqew2AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcH39LwAA//94utYi")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', 0x143142, 0x40)
write$binfmt_register(r0, &(0x7f0000000200)={0x3a, 'syz0', 0x3a, 'M', 0x3a, 0x462, 0x3a, 'q', 0x3a, ':$[%&2[@[}-', 0x3a, './file1'}, 0x33)

460.670993ms ago: executing program 1 (id=1515):
r0 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'lo\x00', <r1=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000200)=@newqdisc={0x80, 0x24, 0xd0f, 0x10003, 0x0, {0x60, 0x0, 0x0, r1, {0x0, 0x2}, {0xffff, 0xffff}, {0x4}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x4c, 0x2, [@TCA_FQ_CODEL_QUANTUM={0xff87, 0x6, 0xe}, @TCA_FQ_CODEL_CE_THRESHOLD_SELECTOR={0x5, 0xa, 0x4}, @TCA_FQ_CODEL_INTERVAL={0x8, 0x3, 0x7fff}, @TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0xffffffa7}, @TCA_FQ_CODEL_CE_THRESHOLD_MASK={0x5, 0xb, 0xd}, @TCA_FQ_CODEL_LIMIT={0x8, 0x2, 0x6}, @TCA_FQ_CODEL_INTERVAL={0x8, 0x3, 0x9}, @TCA_FQ_CODEL_CE_THRESHOLD_SELECTOR={0x5, 0xa, 0xac}, @TCA_FQ_CODEL_CE_THRESHOLD_SELECTOR={0x5, 0xa, 0x6}]}}]}, 0x80}, 0x1, 0x0, 0x0, 0x40001d4}, 0x8840)

350.63719ms ago: executing program 1 (id=1506):
r0 = socket$inet6(0xa, 0x805, 0x0)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x8805, &(0x7f0000000080)={0x2, 0x4e22, @rand_addr=0x64010100}, 0x10)
getsockopt$bt_hci(r0, 0x84, 0x81, &(0x7f0000000080)=""/4076, &(0x7f0000001080)=0xfec)

299.933723ms ago: executing program 1 (id=1507):
r0 = socket$inet(0x2, 0x1, 0x6)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000001040)={'gre0\x00', &(0x7f0000000040)={'syztnl2\x00', <r1=>0x0, 0x2100, 0x700, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x60, 0x0, 0x0, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}, @initdev={0xac, 0x1e, 0xfe, 0x0}}}}})
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f0000000300)={'syztnl2\x00', &(0x7f0000000000)={'tunl0\x00', r1, 0x20, 0x10, 0x1001000, 0x6, {{0x5, 0x4, 0x2, 0x6, 0x14, 0x67, 0x0, 0xf9, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}, @loopback}}}})

179.44826ms ago: executing program 1 (id=1508):
r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000240), 0x140, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000100)={0x400, 0xa, 0x0, 0x0, 0x0, 0x180, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x4, 0x80, 0x0, 0x0, 0x2, 0x0, 0x1})
ioctl$BTRFS_IOC_SUBVOL_GETFLAGS(r0, 0x80089419, 0x0)

64.325247ms ago: executing program 4 (id=1509):
r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r0, 0x0, 0x0)
ioctl$SIOCRSGCAUSE(r0, 0x8917, 0x0)

0s ago: executing program 2 (id=1510):
r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00'}, 0x80)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r0, 0x8, 0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000180)=0xffffffffffffffff, 0x4)

kernel console output (not intermixed with test programs):

 free space tree
[   92.166607][ T5277] BTRFS info (device loop4): has skinny extents
[   92.190349][ T5324] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[   92.608860][ T5366] netlink: 8 bytes leftover after parsing attributes in process `syz.2.398'.
[   92.744985][ T5370] loop2: detected capacity change from 0 to 256
[   92.764501][ T5369] loop0: detected capacity change from 0 to 2048
[   92.814751][ T5372] loop3: detected capacity change from 0 to 8
[   92.936191][ T5369] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found!
[   92.970417][ T5374] loop2: detected capacity change from 0 to 16
[   92.986336][ T5372] SQUASHFS error: zlib decompression failed, data probably corrupt
[   93.002444][ T5372] SQUASHFS error: Failed to read block 0x9b: -5
[   93.008936][ T5372] SQUASHFS error: Unable to read metadata cache entry [99]
[   93.017120][ T5372] SQUASHFS error: Unable to read inode 0x127
[   93.037619][ T5374] erofs: (device loop2): mounted with root inode @ nid 36.
[   93.145726][ T4872] BTRFS: device fsid e0cb6322-611b-4325-acdf-015f79de3787 devid 1 transid 11 /dev/loop4 scanned by udevd (4872)
[   93.250978][ T5381] loop1: detected capacity change from 0 to 1024
[   93.336990][ T5384] loop3: detected capacity change from 0 to 1024
[   93.543980][ T5384] hfsplus: bad catalog entry type
[   93.545246][ T4193] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 46
[   93.639936][ T4193] erofs: (device loop2): erofs_readdir: invalid de[0].nameoff 0 @ nid 89
[   93.690013][ T4193] erofs: (device loop2): erofs_readdir: invalid de[0].nameoff 0 @ nid 89
[   93.705841][ T5395] netlink: 'syz.0.406': attribute type 2 has an invalid length.
[   93.727291][    T9] hfsplus: b-tree write err: -5, ino 4
[   93.976252][ T5404] netlink: 'syz.0.412': attribute type 32 has an invalid length.
[   94.146675][ T5411] loop2: detected capacity change from 0 to 256
[   94.282004][ T5414] netlink: 'syz.1.417': attribute type 3 has an invalid length.
[   94.300105][ T5411] FAT-fs (loop2): Directory bread(block 64) failed
[   94.317774][ T5411] FAT-fs (loop2): Directory bread(block 65) failed
[   94.338153][ T5411] FAT-fs (loop2): Directory bread(block 66) failed
[   94.378730][ T5411] FAT-fs (loop2): Directory bread(block 67) failed
[   94.407799][ T5411] FAT-fs (loop2): Directory bread(block 68) failed
[   94.441167][ T5411] FAT-fs (loop2): Directory bread(block 69) failed
[   94.462739][ T5411] FAT-fs (loop2): Directory bread(block 70) failed
[   94.500209][ T5411] FAT-fs (loop2): Directory bread(block 71) failed
[   94.530511][ T5411] FAT-fs (loop2): Directory bread(block 72) failed
[   94.550706][ T5411] FAT-fs (loop2): Directory bread(block 73) failed
[   94.586211][ T5423] netlink: 356 bytes leftover after parsing attributes in process `syz.0.420'.
[   95.170896][ T5436] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found
[   95.210386][ T5436] UDF-fs: Scanning with blocksize 512 failed
[   95.336790][ T5436] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[   95.471189][ T5452] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[   95.484981][ T5452] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[   95.494610][ T5452] EXT4-fs (loop3): Couldn't mount because of unsupported optional features (4000000)
[   95.504450][ T5452] EXT4-fs (loop3): couldn't mount as ext2 due to feature incompatibilities
[   95.891798][ T5389] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[   95.938404][ T5472] set_capacity_and_notify: 5 callbacks suppressed
[   95.938420][ T5472] loop1: detected capacity change from 0 to 128
[   95.970436][ T5469] loop0: detected capacity change from 0 to 2048
[   95.989194][ T5472] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[   96.060651][ T5472] FAT-fs (loop1): FAT read failed (blocknr 234)
[   96.081289][ T5469] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024)
[   96.110547][ T5472] FAT-fs (loop1): FAT read failed (blocknr 234)
[   96.162247][ T4872] udevd[4872]: incorrect nilfs2 checksum on /dev/loop0
[   96.177502][ T5481] loop4: detected capacity change from 0 to 2048
[   96.185328][ T5482] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[   96.295862][ T5478] loop3: detected capacity change from 0 to 8192
[   96.313852][ T5389] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   96.325502][ T5389] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[   96.346099][ T5481] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[   96.394001][ T5487] loop1: detected capacity change from 0 to 512
[   96.412130][ T5389] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[   96.421690][ T5389] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[   96.430054][ T5389] usb 3-1: SerialNumber: syz
[   96.468279][ T5478] REISERFS (device loop3): found reiserfs format "3.6" with non-standard journal
[   96.472283][ T5487] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349)
[   96.528050][ T5487] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=c800e018, mo2=0002]
[   96.533404][ T5478] REISERFS (device loop3): using ordered data mode
[   96.545680][ T5487] EXT4-fs (loop1): orphan cleanup on readonly fs
[   96.571223][ T5487] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz.1.449: bg 0: block 361: padding at end of block bitmap is not set
[   96.591094][ T5487] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6194: Corrupt filesystem
[   96.651386][ T5478] reiserfs: using flush barriers
[   96.728077][ T5487] EXT4-fs error (device loop1): ext4_clear_blocks:883: inode #11: comm syz.1.449: attempt to clear invalid blocks 33619980 len 1
[   96.734284][ T5478] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   96.734688][ T5478] REISERFS (device loop3): checking transaction log (loop3)
[   96.734817][ T5389] usb 3-1: 0:2 : does not exist
[   96.736020][ T5487] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #11: comm syz.1.449: invalid indirect mapped block 1811939328 (level 0)
[   96.736954][ T5487] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #11: comm syz.1.449: invalid indirect mapped block 2185560079 (level 1)
[   96.737626][ T5487] EXT4-fs (loop1): 1 truncate cleaned up
[   96.737649][ T5487] EXT4-fs (loop1): mounted filesystem without journal. Opts: nobarrier,noblock_validity,discard,errors=continue,nogrpid,errors=continue. Quota mode: none.
[   96.802324][ T5389] usb 3-1: USB disconnect, device number 2
[   96.806759][ T5487] overlayfs: upper fs is r/o, try multi-lower layers mount
[   97.093429][ T5478] REISERFS (device loop3): Using tea hash to sort names
[   97.094957][ T5478] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage.
[   97.109223][ T5491] loop0: detected capacity change from 0 to 32768
[   97.143326][ T4294] udevd[4294]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[   97.154417][ T5491] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz.0.450 (5491)
[   97.165191][ T5491] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[   97.165257][ T5491] BTRFS info (device loop0): turning off barriers
[   97.165311][ T5491] BTRFS info (device loop0): setting nodatasum
[   97.165678][ T5491] BTRFS info (device loop0): setting incompat feature flag for COMPRESS_ZSTD (0x10)
[   97.165777][ T5491] BTRFS info (device loop0): use zstd compression, level 3
[   97.165807][ T5491] BTRFS info (device loop0): using free space tree
[   97.165821][ T5491] BTRFS info (device loop0): has skinny extents
[   97.402323][ T5513] netlink: 20 bytes leftover after parsing attributes in process `syz.2.454'.
[   97.603384][ T5522] xt_hashlimit: max too large, truncated to 1048576
[   97.612513][ T5522] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[   97.813537][ T5533] loop1: detected capacity change from 0 to 64
[   97.887237][ T5533] virtiofs: Unexpected value for 'dax'
[   98.014472][ T5537] netlink: 4 bytes leftover after parsing attributes in process `syz.3.455'.
[   98.515004][ T5562] netlink: 8 bytes leftover after parsing attributes in process `syz.1.471'.
[   98.543056][ T5563] loop2: detected capacity change from 0 to 1024
[   98.642330][ T5565] loop3: detected capacity change from 0 to 64
[   98.694403][ T1228] hfsplus: b-tree write err: -5, ino 4
[   98.996620][ T5579] IPVS: set_ctl: invalid protocol: 35143 10.1.1.2:20004
[   99.221198][ T5583] netlink: 'syz.2.482': attribute type 3 has an invalid length.
[   99.283123][ T5583] netlink: 8 bytes leftover after parsing attributes in process `syz.2.482'.
[   99.592739][ T5555] loop0: detected capacity change from 0 to 32768
[   99.595640][ T5597] tipc: Invalid UDP bearer configuration
[   99.599332][ T5597] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[   99.727398][ T5555] XFS (loop0): Mounting V5 Filesystem
[   99.823370][ T5617] netlink: 156 bytes leftover after parsing attributes in process `syz.3.494'.
[   99.908399][ T5621] netlink: 'syz.3.497': attribute type 1 has an invalid length.
[   99.916667][ T5621] netlink: 224 bytes leftover after parsing attributes in process `syz.3.497'.
[   99.928425][ T5555] XFS (loop0): Ending clean mount
[  100.063636][ T4185] XFS (loop0): Unmounting Filesystem
[  100.153501][ T5612] __ntfs_error: 5 callbacks suppressed
[  100.153521][ T5612] ntfs: (device loop1): check_mft_mirror(): $MFT and $MFTMirr (record 2) do not match.  Run ntfsfix or chkdsk.
[  100.221850][ T5569] XFS (loop4): Mounting V5 Filesystem
[  100.242128][ T5612] ntfs: (device loop1): load_system_files(): $MFTMirr does not match $MFT.  Mounting read-only.  Run ntfsfix and/or chkdsk.
[  100.311805][ T5612] ntfs: (device loop1): map_mft_record_page(): Mft record 0xa is corrupt.  Run chkdsk.
[  100.321492][ T5612] ntfs: (device loop1): map_mft_record(): Failed with error code 5.
[  100.340122][ T5612] ntfs: (device loop1): ntfs_read_locked_inode(): Failed with error code -5.  Marking corrupt inode 0xa as bad.  Run chkdsk.
[  100.354044][ T5612] ntfs: (device loop1): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default.
[  100.401058][ T5569] XFS (loop4): Ending clean mount
[  100.427460][ T5612] ntfs: volume version 3.1.
[  100.519000][ T5569] XFS (loop4): Quotacheck needed: Please wait.
[  100.525761][ T5612] ntfs: (device loop1): ntfs_read_locked_inode(): Found compressed data but compression is disabled due to cluster size (65536) > 4kiB.
[  100.562119][ T5612] ntfs: (device loop1): ntfs_read_locked_inode(): Failed with error code -5.  Marking corrupt inode 0x2 as bad.  Run chkdsk.
[  100.631713][ T5612] ntfs: (device loop1): load_system_files(): Failed to load $LogFile.  Will not be able to remount read-write.  Mount in Windows.
[  100.659614][ T5569] XFS (loop4): Quotacheck: Done.
[  100.954261][ T4187] XFS (loop4): Unmounting Filesystem
[  101.075082][ T5654] set_capacity_and_notify: 2 callbacks suppressed
[  101.075099][ T5654] loop3: detected capacity change from 0 to 8
[  101.159263][ T5656] tipc: Started in network mode
[  101.190115][ T5656] tipc: Node identity ac14140f, cluster identity 4711
[  101.198894][ T5654] SQUASHFS error: zlib decompression failed, data probably corrupt
[  101.230842][ T5654] SQUASHFS error: Failed to read block 0x9b: -5
[  101.239241][ T5656] tipc: Enabled bearer <udp:syz2>, priority 10
[  101.257715][ T5654] SQUASHFS error: Unable to read metadata cache entry [99]
[  101.291982][ T5654] SQUASHFS error: Unable to read inode 0x127
[  101.456332][ T5636] loop2: detected capacity change from 0 to 40427
[  101.569510][ T5636] F2FS-fs (loop2): Wrong SSA boundary, start(3584) end(4096) blocks(0)
[  101.601644][ T5636] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  101.655860][ T5636] F2FS-fs (loop2): build fault injection attr: rate: 0, type: 0x6
[  101.715222][ T5636] F2FS-fs (loop2): invalid crc value
[  101.745269][ T5636] F2FS-fs (loop2): Found nat_bits in checkpoint
[  101.766957][ T5666] loop1: detected capacity change from 0 to 4096
[  101.829953][ T5675] loop0: detected capacity change from 0 to 2048
[  101.867584][ T5666] ntfs3: loop1: Mark volume as dirty due to NTFS errors
[  101.892248][ T5669] loop3: detected capacity change from 0 to 8192
[  101.935408][ T5677] loop4: detected capacity change from 0 to 1024
[  101.947418][ T5666] ntfs3: loop1: Failed to load $Extend.
[  101.953844][ T5675] EXT4-fs (loop0): Ignoring removed mblk_io_submit option
[  101.978519][ T5669] REISERFS (device loop3): found reiserfs format "3.6" with non-standard journal
[  101.994324][ T5669] REISERFS (device loop3): using ordered data mode
[  102.001618][ T5669] reiserfs: using flush barriers
[  102.039806][ T5669] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  102.058923][ T5636] F2FS-fs (loop2): Start checkpoint disabled!
[  102.108311][ T5675] EXT4-fs (loop0): mounted filesystem without journal. Opts: lazytime,usrjquota=,errors=remount-ro,norecovery,auto_da_alloc,mblk_io_submit,nouid32,barrier=0x0000000000000000,grpjquota=,bsddf,. Quota mode: none.
[  102.138358][ T5636] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  102.174292][ T5636] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[  102.226117][ T5669] REISERFS (device loop3): checking transaction log (loop3)
[  102.303557][ T5669] REISERFS (device loop3): Using r5 hash to sort names
[  102.335049][ T5669] REISERFS warning (device loop3): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2)
[  102.351663][ T4685] tipc: Node number set to 2886997007
[  102.439011][ T5669] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage.
[  102.545652][  T154] attempt to access beyond end of device
[  102.545652][  T154] loop2: rw=2049, want=40984, limit=40427
[  102.606615][ T5669] REISERFS warning (device loop3): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2)
[  102.686033][ T5669] REISERFS warning (device loop3): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2)
[  102.700608][ T5692] usb usb8: usbfs: process 5692 (syz.4.525) did not claim interface 0 before use
[  102.960429][ T5695] loop0: detected capacity change from 0 to 4096
[  103.015694][ T5695] ntfs: (device loop0): check_mft_mirror(): $MFT and $MFTMirr (record 1) do not match.  Run ntfsfix or chkdsk.
[  103.092750][ T5695] ntfs: volume version 3.1.
[  103.290781][ T5708] loop3: detected capacity change from 0 to 8
[  103.385227][ T5708] SQUASHFS error: lzo decompression failed, data probably corrupt
[  103.417022][ T5708] SQUASHFS error: Failed to read block 0x91: -5
[  103.451086][ T5708] SQUASHFS error: Unable to read metadata cache entry [8f]
[  103.486579][ T5708] SQUASHFS error: Unable to read inode 0x11f
[  103.753022][ T5725] loop0: detected capacity change from 0 to 256
[  103.827460][ T5729] netlink: 256 bytes leftover after parsing attributes in process `syz.3.543'.
[  103.853792][ T5725] FAT-fs (loop0): Directory bread(block 64) failed
[  103.860389][ T5725] FAT-fs (loop0): Directory bread(block 65) failed
[  103.874833][ T5729] netlink: 'syz.3.543': attribute type 9 has an invalid length.
[  103.932281][ T5725] FAT-fs (loop0): Directory bread(block 66) failed
[  103.959439][ T5725] FAT-fs (loop0): Directory bread(block 67) failed
[  104.009479][ T5725] FAT-fs (loop0): Directory bread(block 68) failed
[  104.031693][ T5725] FAT-fs (loop0): Directory bread(block 69) failed
[  104.038970][ T5725] FAT-fs (loop0): Directory bread(block 70) failed
[  104.046931][ T5733] loop3: detected capacity change from 0 to 65
[  104.101670][ T5725] FAT-fs (loop0): Directory bread(block 71) failed
[  104.118425][ T5725] FAT-fs (loop0): Directory bread(block 72) failed
[  104.130345][ T5725] FAT-fs (loop0): Directory bread(block 73) failed
[  104.135998][ T5733] BFS-fs: bfs_fill_super(): NOTE: filesystem loop3 was created with 512 inodes, the real maximum is 511, mounting anyway
[  104.201637][ T5702] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 scanned by syz.4.532 (5702)
[  104.302011][ T5702] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm
[  104.343431][ T5702] BTRFS info (device loop4): setting nodatacow, compression disabled
[  104.404756][ T5702] BTRFS info (device loop4): force clearing of disk cache
[  104.421604][ T5702] BTRFS info (device loop4): enabling ssd optimizations
[  104.481786][ T5702] BTRFS info (device loop4): using spread ssd allocation scheme
[  104.489493][ T5702] BTRFS info (device loop4): turning off barriers
[  104.567410][ T5702] BTRFS info (device loop4): disabling free space tree
[  104.612388][ T5702] BTRFS info (device loop4): not using ssd optimizations
[  104.625363][ T5702] BTRFS info (device loop4): not using spread ssd allocation scheme
[  104.664543][ T5702] BTRFS info (device loop4): has skinny extents
[  104.826250][ T5719] JBD2: Ignoring recovery information on journal
[  104.938514][ T5772] sg_write: data in/out 262114/14 bytes for SCSI command 0x2-- guessing data in;
[  104.938514][ T5772]    program syz.0.557 not setting count and/or reply_len properly
[  104.963691][ T5719] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[  105.149188][ T5702] BTRFS info (device loop4): clearing free space tree
[  105.166521][ T5702] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  105.219170][ T5702] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  105.288285][ T5788] exFAT-fs (loop1): failed to load upcase table (idx : 0x00011f3f, chksum : 0x96b62a4c, utbl_chksum : 0xe619d30d)
[  105.651070][ T4193] ocfs2: Unmounting device (7,2) on (node local)
[  106.256598][ T5781] set_capacity_and_notify: 3 callbacks suppressed
[  106.256615][ T5781] loop0: detected capacity change from 0 to 32768
[  106.259297][ T5797] loop2: detected capacity change from 0 to 4096
[  106.289985][ T5805] loop1: detected capacity change from 0 to 1024
[  106.341889][ T5805] EXT4-fs (loop1): inline encryption not supported
[  106.341963][ T5805] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  106.342145][ T5797] EXT4-fs (loop2): Ignoring removed nobh option
[  106.342777][ T5797] EXT4-fs (loop2): Test dummy encryption mode enabled
[  106.399937][ T5797] EXT4-fs (loop2): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000008000000,nobh,dioread_nolock,test_dummy_encryption,nodelalloc,nodelalloc,minixdf,debug_want_extra_isize=0x0000000000000040,,errors=continue. Quota mode: writeback.
[  106.422559][ T5805] EXT4-fs (loop1): mounted filesystem without journal. Opts: dioread_nolock,data_err=abort,inlinecrypt,noauto_da_alloc,data_err=ignore,nojournal_checksum,errors=remount-ro,grpquota,noblock_validity,user_xattr,nombcache,errors=remount-ro,. Quota mode: writeback.
[  106.460920][ T5805] EXT4-fs (loop1): re-mounted. Opts: (null). Quota mode: writeback.
[  106.463461][ T5805] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  106.508253][ T5805] EXT4-fs (loop1): re-mounted. Opts: . Quota mode: writeback.
[  106.606328][ T5815] loop0: detected capacity change from 0 to 64
[  106.689569][    C0] vkms_vblank_simulate: vblank timer overrun
[  106.787792][    C0] vkms_vblank_simulate: vblank timer overrun
[  107.090980][ T5822] device wlan0 entered promiscuous mode
[  107.188161][ T5821] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  107.420023][ T5837] loop1: detected capacity change from 0 to 1024
[  107.589456][ T5837] hfsplus: invalid extended attribute record
[  107.795924][  T144] hfsplus: b-tree write err: -5, ino 4
[  107.863192][ T5856] loop0: detected capacity change from 0 to 512
[  107.983349][ T5866] syz.3.590 (5866): drop_caches: 4
[  108.048073][ T5869] loop2: detected capacity change from 0 to 512
[  108.076778][ T5856] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e842c11c, mo2=0002]
[  108.127972][ T5856] System zones: 0-2, 18-18, 34-34
[  108.178279][ T5876] program syz.4.592 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  108.198261][ T5876] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  108.207427][ T5869] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended
[  108.244460][ T5869] EXT4-fs (loop2): warning: checktime reached, running e2fsck is recommended
[  108.256701][ T5856] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz.0.586: bg 0: block 248: padding at end of block bitmap is not set
[  108.268760][ T5869] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c01c, mo2=0002]
[  108.297593][ T5856] __quota_error: 15 callbacks suppressed
[  108.297614][ T5856] Quota error (device loop0): write_blk: dquota write failed
[  108.330478][ T5856] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota
[  108.342038][ T5856] EXT4-fs error (device loop0): ext4_acquire_dquot:6234: comm syz.0.586: Failed to acquire dquot type 1
[  108.379895][ T5886] netlink: 16 bytes leftover after parsing attributes in process `syz.3.596'.
[  108.391187][ T5869] System zones: 0-2, 18-18, 34-34
[  108.416113][ T5869] EXT4-fs error (device loop2): ext4_orphan_get:1426: comm syz.2.591: bad orphan inode 15
[  108.464695][ T5869] ext4_test_bit(bit=14, block=18) = 1
[  108.465079][ T5856] EXT4-fs (loop0): 1 truncate cleaned up
[  108.480596][ T5869] is_bad_inode(inode)=0
[  108.496185][ T5888] loop4: detected capacity change from 0 to 64
[  108.504386][ T5869] NEXT_ORPHAN(inode)=2264924160
[  108.509368][ T5869] max_ino=32
[  108.531602][ T5856] EXT4-fs (loop0): mounted filesystem without journal. Opts: discard,noload,,errors=continue. Quota mode: writeback.
[  108.555769][ T5869] i_nlink=0
[  108.561277][ T5856] ext4 filesystem being mounted at /105/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  108.595874][ T5869] EXT4-fs error (device loop2): ext4_do_update_inode:5222: inode #15: comm syz.2.591: corrupted inode contents
[  108.619596][ T5891] loop3: detected capacity change from 0 to 1024
[  108.678361][ T5869] EXT4-fs error (device loop2): ext4_dirty_inode:6058: inode #15: comm syz.2.591: mark_inode_dirty error
[  108.754818][ T5869] EXT4-fs error (device loop2): ext4_do_update_inode:5222: inode #15: comm syz.2.591: corrupted inode contents
[  108.830265][ T5869] EXT4-fs error (device loop2): ext4_xattr_delete_inode:2951: inode #15: comm syz.2.591: mark_inode_dirty error
[  108.855284][ T4282] hfsplus: b-tree write err: -5, ino 4
[  108.906214][ T5869] EXT4-fs error (device loop2): ext4_xattr_delete_inode:2954: inode #15: comm syz.2.591: mark inode dirty (error -117)
[  108.928814][ T5901] loop1: detected capacity change from 0 to 256
[  108.974802][ T5869] EXT4-fs warning (device loop2): ext4_evict_inode:302: xattr delete (err -117)
[  108.993066][ T5903] netlink: 12 bytes leftover after parsing attributes in process `syz.3.602'.
[  109.010415][ T5901] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  109.042435][ T5869] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  109.247531][   T26] audit: type=1326 audit(1770333737.850:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5915 comm="syz.4.607" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f51589fdeb9 code=0x7ffc0000
[  109.316920][ T5921] netlink: 16255 bytes leftover after parsing attributes in process `syz.3.609'.
[  109.331788][   T26] audit: type=1326 audit(1770333737.850:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5915 comm="syz.4.607" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f51589fdeb9 code=0x7ffc0000
[  109.406792][ T5917] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  109.451932][ T5917] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  109.467997][   T26] audit: type=1326 audit(1770333737.850:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5915 comm="syz.4.607" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f51589fdeb9 code=0x7ffc0000
[  109.518698][ T5917] JBD2: no valid journal superblock found
[  109.528772][ T5917] EXT4-fs (loop4): error loading journal
[  109.561963][   T26] audit: type=1326 audit(1770333737.880:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5915 comm="syz.4.607" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f51589fdeb9 code=0x7ffc0000
[  109.672546][   T26] audit: type=1326 audit(1770333737.880:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5915 comm=06 exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f51589fdeb9 code=0x7ffc0000
[  109.767241][   T26] audit: type=1326 audit(1770333737.880:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5915 comm="syz.4.607" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f51589fdeb9 code=0x7ffc0000
[  109.898773][   T26] audit: type=1326 audit(1770333737.880:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5915 comm="syz.4.607" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f51589fdeb9 code=0x7ffc0000
[  109.959977][   T26] audit: type=1326 audit(1770333737.880:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5915 comm=06 exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f51589fdeb9 code=0x7ffc0000
[  110.063958][ T4738] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  110.171470][ T5960] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  110.254033][ T5960] UDF-fs: error (device loop1): udf_verify_fi: directory (ino 1376) has entry where CRC length (32) does not match entry length (24)
[  110.492205][ T4738] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  110.514461][ T4738] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  110.546730][ T4738] usb 1-1: New USB device found, idVendor=0458, idProduct=5019, bcdDevice= 0.00
[  110.598259][ T4738] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  110.652808][ T4738] usb 1-1: config 0 descriptor??
[  110.880534][ T5965] ocfs2: Mounting device (7,2) on (node local, slot 0) with writeback data mode.
[  111.144499][ T4738] kye 0003:0458:5019.0004: unknown main item tag 0x1
[  111.192787][ T4738] kye 0003:0458:5019.0004: unknown main item tag 0x4
[  111.232430][ T4738] kye 0003:0458:5019.0004: hidraw0: USB HID v2.07 Device [HID 0458:5019] on usb-dummy_hcd.0-1/input0
[  111.273283][ T5997] netlink: 16 bytes leftover after parsing attributes in process `syz.1.641'.
[  111.291924][ T4738] kye 0003:0458:5019.0004: tablet-enabling feature report not found
[  111.315800][ T4738] kye 0003:0458:5019.0004: tablet enabling failed
[  111.403371][ T4193] ocfs2: Unmounting device (7,2) on (node local)
[  111.407831][ T4738] usb 1-1: USB disconnect, device number 4
[  111.537583][ T5986] set_capacity_and_notify: 7 callbacks suppressed
[  111.537599][ T5986] loop3: detected capacity change from 0 to 40427
[  111.577739][ T6000] bridge0: adding interface bridge0 with same address as a received packet (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  111.591066][ T5999] fido_id[5999]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory
[  111.604801][ T6000] A link change request failed with some changes committed already. Interface bridge0 may have been left with an inconsistent configuration, please check.
[  111.691408][ T5986] F2FS-fs (loop3): build fault injection attr: rate: 0, type: 0x35f7
[  111.731022][ T5986] F2FS-fs (loop3): build fault injection attr: rate: 690, type: 0x1ffff
[  111.821185][ T5986] F2FS-fs (loop3): invalid crc value
[  111.873337][ T5986] F2FS-fs (loop3): Found nat_bits in checkpoint
[  111.888124][ T6002] loop1: detected capacity change from 0 to 4096
[  112.008458][ T5986] F2FS-fs (loop3): Start checkpoint disabled!
[  112.026325][ T6002] ntfs3: loop1: Different NTFS' sector size (4096) and media sector size (512)
[  112.066156][ T5986] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[  112.501975][ T4186] ntfs3: loop1: ntfs_sync_fs r=1a failed, -22.
[  112.522556][ T4186] ntfs3: loop1: ntfs_evict_inode r=1a failed, -22.
[  112.529612][ T4186] ntfs3: loop1: Mark volume as dirty due to NTFS errors
[  112.622286][  T154] attempt to access beyond end of device
[  112.622286][  T154] loop3: rw=2049, want=40976, limit=40427
[  112.835197][ T5988] loop4: detected capacity change from 0 to 40427
[  112.885847][ T5988] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  112.916056][ T5988] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  112.995337][ T5988] F2FS-fs (loop4): invalid crc value
[  113.051377][ T5988] F2FS-fs (loop4): Found nat_bits in checkpoint
[  113.209559][ T5988] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  113.217023][ T5988] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  113.437450][ T6043] mmap: syz.3.649 (6043) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst.
[  113.466557][ T6045] overlayfs: conflicting options: nfs_export=on,metacopy=on
[  113.984762][ T6022] loop2: detected capacity change from 0 to 32768
[  114.088707][ T6022] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[  114.211913][ T4681] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  114.286427][ T6079] loop3: detected capacity change from 0 to 4096
[  114.311952][ T6079] EXT4-fs (loop3): Test dummy encryption mode enabled
[  114.330850][ T4193] ocfs2: Unmounting device (7,2) on (node local)
[  114.395484][ T6079] EXT4-fs (loop3): mounted filesystem without journal. Opts: test_dummy_encryption=v1,init_itable,,errors=continue. Quota mode: writeback.
[  114.465319][ T6079] EXT4-fs (loop3): re-mounted. Opts: (null). Quota mode: writeback.
[  114.515875][ T6085] IPv6: ADDRCONF(NETDEV_CHANGE): vcan1: link becomes ready
[  114.590616][ T4681] usb 2-1: New USB device found, idVendor=056a, idProduct=0010, bcdDevice= 0.00
[  114.626540][ T4681] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  114.674031][ T4681] usb 2-1: config 0 descriptor??
[  115.029785][ T6095] loop0: detected capacity change from 0 to 8192
[  115.096685][ T6095] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal
[  115.147155][ T6095] REISERFS (device loop0): using writeback data mode
[  115.171713][ T6095] reiserfs: using flush barriers
[  115.198248][ T6095] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  115.232373][ T6095] REISERFS (device loop0): checking transaction log (loop0)
[  115.245067][ T4681] wacom 0003:056A:0010.0005: unknown main item tag 0x0
[  115.255775][ T4681] wacom 0003:056A:0010.0005: unknown main item tag 0x0
[  115.264374][ T6095] REISERFS (device loop0): Using r5 hash to sort names
[  115.272234][ T4681] wacom 0003:056A:0010.0005: unknown main item tag 0x0
[  115.272266][ T4681] wacom 0003:056A:0010.0005: unknown main item tag 0x0
[  115.272287][ T4681] wacom 0003:056A:0010.0005: unknown main item tag 0x0
[  115.274256][ T4681] wacom 0003:056A:0010.0005: Unknown device_type for 'HID 056a:0010'. Assuming pen.
[  115.362801][ T4681] wacom 0003:056A:0010.0005: hidraw0: USB HID v1.01 Device [HID 056a:0010] on usb-dummy_hcd.1-1/input0
[  115.397155][ T4681] input: Wacom Graphire Pen as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:056A:0010.0005/input/input7
[  115.462439][ T6095] reiserfs: enabling write barrier flush mode
[  115.494369][ T6095] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2)
[  115.534661][ T6095] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[  115.555612][ T4681] usb 2-1: USB disconnect, device number 3
[  115.677533][ T6128] fido_id[6128]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/2-1/report_descriptor': No such file or directory
[  115.808185][ T6132] loop2: detected capacity change from 0 to 8
[  115.873956][ T6132] MTD: Attempt to mount non-MTD device "/dev/loop2"
[  115.901341][ T4872] udevd[4872]: incorrect cramfs checksum on /dev/loop2
[  116.035516][ T4872] udevd[4872]: incorrect cramfs checksum on /dev/loop2
[  116.240127][ T6136] loop4: detected capacity change from 0 to 8192
[  116.310550][ T6150] loop0: detected capacity change from 0 to 1764
[  116.353737][ T6136] REISERFS (device loop4): found reiserfs format "3.5" with non-standard journal
[  116.385626][ T6136] REISERFS (device loop4): using ordered data mode
[  116.425732][ T6136] reiserfs: using flush barriers
[  116.490355][ T6136] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  116.532138][ T6136] REISERFS (device loop4): checking transaction log (loop4)
[  116.607869][ T6136] REISERFS (device loop4): Using r5 hash to sort names
[  116.672090][ T6136] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage.
[  116.693228][ T6167] hugetlbfs: Bad value 'x' for mount option 'nr_inodes'
[  116.693228][ T6167] 
[  116.823382][ T6169] tipc: Enabling <ib:lo> not permitted
[  116.829170][ T6169] tipc: Enabling of bearer <ib:lo> rejected, failed to enable media
[  117.171945][ T6184] loop4: detected capacity change from 0 to 512
[  117.314539][ T6184] EXT4-fs error (device loop4): ext4_orphan_get:1400: inode #15: comm syz.4.723: iget: bad i_size value: 38620345925642
[  117.356841][ T6184] EXT4-fs error (device loop4): ext4_orphan_get:1405: comm syz.4.723: couldn't read orphan inode 15 (err -117)
[  117.462974][ T6184] EXT4-fs (loop4): mounted filesystem without journal. Opts: quota,delalloc,data_err=ignore,nodioread_nolock,usrjquota=,dioread_lock,,errors=continue. Quota mode: writeback.
[  117.477023][ T6161] loop2: detected capacity change from 0 to 32768
[  117.602671][ T6161] XFS (loop2): Mounting V5 Filesystem
[  117.737426][ T6161] XFS (loop2): Ending clean mount
[  117.781818][ T4681] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  117.808606][ T4193] XFS (loop2): Unmounting Filesystem
[  118.035966][ T6217] loop4: detected capacity change from 0 to 64
[  118.043021][ T4681] usb 4-1: Using ep0 maxpacket: 32
[  118.230533][ T6217] hfs: request for non-existent node 1280 in B*Tree
[  118.276502][ T6217] hfs: request for non-existent node 1280 in B*Tree
[  118.322171][ T4681] usb 4-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f
[  118.354818][ T4681] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  118.366078][  T154] hfs: request for non-existent node 1280 in B*Tree
[  118.382073][  T154] hfs: request for non-existent node 1280 in B*Tree
[  118.390476][ T4681] usb 4-1: Product: syz
[  118.410250][ T4681] usb 4-1: Manufacturer: syz
[  118.428746][ T4681] usb 4-1: SerialNumber: syz
[  118.441269][ T4681] usb 4-1: config 0 descriptor??
[  118.755137][ T6236] netlink: 220 bytes leftover after parsing attributes in process `syz.0.745'.
[  118.765935][ T6236] netlink: 24 bytes leftover after parsing attributes in process `syz.0.745'.
[  118.917025][ T6242] loop0: detected capacity change from 0 to 512
[  118.941898][ T4681] airspy 4-1:0.0: Board ID: 00
[  118.947366][ T4681] airspy 4-1:0.0: Firmware version: 
[  118.988486][ T6242] EXT4-fs (loop0): mounted filesystem without journal. Opts: nojournal_checksum,,errors=continue. Quota mode: writeback.
[  119.161861][ T4681] airspy 4-1:0.0: usb_control_msg() failed -71 request 11
[  119.210982][ T4681] airspy 4-1:0.0: Registered as swradio24
[  119.238158][ T4681] airspy 4-1:0.0: SDR API is still slightly experimental and functionality changes may follow
[  119.271250][ T4681] usb 4-1: USB disconnect, device number 4
[  119.294975][ T6249] loop4: detected capacity change from 0 to 2048
[  119.330041][ T6251] loop1: detected capacity change from 0 to 1024
[  119.410037][ T6249] UDF-fs: error (device loop4): udf_process_sequence: Primary Volume Descriptor not found!
[  119.511025][ T4302] hfsplus: b-tree write err: -5, ino 4
[  119.680393][ T6262] netlink: 'syz.2.756': attribute type 2 has an invalid length.
[  119.718257][ T6260] loop1: detected capacity change from 0 to 16
[  119.798798][ T6260] erofs: (device loop1): mounted with root inode @ nid 36.
[  119.824868][ T6266] loop3: detected capacity change from 0 to 64
[  119.887210][ T6266] BFS-fs: bfs_fill_super(): loop3 is unclean, continuing
[  119.931041][ T4186] erofs: (device loop1): erofs_fill_dentries: bogus dirent @ nid 46
[  119.970066][ T4186] erofs: (device loop1): erofs_readdir: invalid de[0].nameoff 0 @ nid 89
[  119.980469][ T6272] netlink: 'syz.2.762': attribute type 32 has an invalid length.
[  120.006937][ T4186] erofs: (device loop1): erofs_readdir: invalid de[0].nameoff 0 @ nid 89
[  120.195037][ T6282] loop4: detected capacity change from 0 to 64
[  120.472205][ T6290] loop2: detected capacity change from 0 to 1024
[  120.558805][ T6290] EXT4-fs (loop2): Ignoring removed mblk_io_submit option
[  120.603598][ T6290] EXT4-fs error (device loop2): ext4_ext_check_inode:501: inode #11: comm syz.2.769: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512)
[  120.641952][ T6290] EXT4-fs error (device loop2): ext4_orphan_get:1405: comm syz.2.769: couldn't read orphan inode 11 (err -117)
[  120.691232][ T6304] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount.
[  120.719168][ T6304] CIFS mount error: No usable UNC path provided in device string!
[  120.719168][ T6304] 
[  120.730064][ T6304] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  120.739419][ T6290] EXT4-fs (loop2): mounted filesystem without journal. Opts: sysvgroups,noload,mblk_io_submit,noload,discard,usrjquota=,grpquota,quota,,errors=continue. Quota mode: writeback.
[  120.807436][ T6290] EXT4-fs (loop2): re-mounted. Opts: (null). Quota mode: writeback.
[  121.028152][ T6314] EXT4-fs (loop1): Test dummy encryption mode enabled
[  121.053758][ T6314] EXT4-fs (loop1): mounted filesystem without journal. Opts: test_dummy_encryption=v1,bsdgroups,,errors=continue. Quota mode: none.
[  121.108131][ T6314] ext4 filesystem being mounted at /177/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  121.231203][ T6325] __ntfs_error: 16 callbacks suppressed
[  121.231223][ T6325] ntfs: (device loop3): ntfs_is_extended_system_file(): Non-resident file name. You should run chkdsk.
[  121.300376][ T4302] hfsplus: b-tree write err: -5, ino 4
[  121.308507][ T6325] ntfs: (device loop3): ntfs_read_locked_inode(): $DATA attribute is missing.
[  121.366379][ T6325] ntfs: (device loop3): ntfs_read_locked_inode(): Failed with error code -2.  Marking corrupt inode 0x1 as bad.  Run chkdsk.
[  121.398290][ T6325] ntfs: (device loop3): load_system_files(): Failed to load $MFTMirr.  Mounting read-only.  Run ntfsfix and/or chkdsk.
[  121.516299][ T6333] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3959214b, utbl_chksum : 0xe619d30d)
[  121.520838][ T6325] ntfs: volume version 3.1.
[  121.685083][ T6325] ntfs: (device loop3): ntfs_ucstonls(): Unicode name contains characters that cannot be converted to character set default.  You might want to try to use the mount option nls=utf8.
[  121.708078][ T6325] ntfs: (device loop3): ntfs_filldir(): Skipping unrepresentable inode 0x45.
[  121.749303][ T6345] fscrypt (loop4, inode 2): Error -61 getting encryption context
[  121.770062][ T6345] EXT4-fs (loop4): Cannot turn on journaled quota: type 1: error -61
[  121.824168][ T6345] EXT4-fs error (device loop4): ext4_orphan_get:1400: inode #13: comm syz.4.795: iget: bad i_size value: 12154757448730
[  121.891048][ T6345] EXT4-fs error (device loop4): ext4_orphan_get:1405: comm syz.4.795: couldn't read orphan inode 13 (err -117)
[  121.920096][ T6345] EXT4-fs (loop4): mounted filesystem without journal. Opts: jqfmt=vfsold,nojournal_checksum,noload,noinit_itable,usrjquota=,grpjquota=.subj_type=á[]*:[,,errors=continue. Quota mode: writeback.
[  121.924062][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  122.101655][ T4386] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  122.131689][ T5383] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  122.341687][ T4386] usb 4-1: Using ep0 maxpacket: 8
[  122.401836][ T5383] usb 1-1: Using ep0 maxpacket: 8
[  122.461957][ T4386] usb 4-1: too many endpoints for config 0 interface 0 altsetting 250: 255, using maximum allowed: 30
[  122.492626][ T4386] usb 4-1: config 0 interface 0 altsetting 250 has 1 endpoint descriptor, different from the interface descriptor's value: 255
[  122.526605][ T4386] usb 4-1: config 0 interface 0 has no altsetting 0
[  122.536753][ T4386] usb 4-1: New USB device found, idVendor=1b96, idProduct=000f, bcdDevice= 0.00
[  122.551919][ T5383] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  122.557053][ T4386] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  122.603544][ T4386] usb 4-1: config 0 descriptor??
[  122.606548][ T5383] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  122.652629][ T5383] usb 1-1: New USB device found, idVendor=056a, idProduct=0000, bcdDevice= 0.00
[  122.693003][ T5383] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  122.744964][ T5383] usb 1-1: config 0 descriptor??
[  122.927970][ T6359] set_capacity_and_notify: 7 callbacks suppressed
[  122.927985][ T6359] loop1: detected capacity change from 0 to 32768
[  122.989209][ T6359] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 scanned by syz.1.801 (6359)
[  123.019317][ T6359] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm
[  123.035571][ T6359] BTRFS info (device loop1): using free space tree
[  123.040063][ T6361] loop2: detected capacity change from 0 to 40427
[  123.045042][ T6359] BTRFS info (device loop1): has skinny extents
[  123.098529][ T4386] ntrig 0003:1B96:000F.0006: hidraw0: USB HID vf4.f6 Device [HID 1b96:000f] on usb-dummy_hcd.3-1/input0
[  123.152156][ T6361] F2FS-fs (loop2): Insane cp_payload (553648128 >= 504)
[  123.160335][ T6359] BTRFS info (device loop1): enabling ssd optimizations
[  123.178457][ T6361] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  123.246429][ T5383] wacom 0003:056A:0000.0007: ignoring exceeding usage max
[  123.250850][ T6361] F2FS-fs (loop2): build fault injection attr: rate: 2, type: 0x1ffff
[  123.270058][ T5383] wacom 0003:056A:0000.0007: Unknown device_type for 'HID 056a:0000'. Assuming pen.
[  123.306878][ T4386] usb 4-1: USB disconnect, device number 5
[  123.311166][ T5383] wacom 0003:056A:0000.0007: hidraw1: USB HID v0.00 Device [HID 056a:0000] on usb-dummy_hcd.0-1/input0
[  123.342293][ T5383] input: Wacom Penpartner Pen as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:056A:0000.0007/input/input10
[  123.356101][ T6361] F2FS-fs (loop2): build fault injection attr: rate: 0, type: 0x1f8
[  123.413606][ T6361] F2FS-fs (loop2): invalid crc value
[  123.442922][ T6361] F2FS-fs (loop2): Found nat_bits in checkpoint
[  123.455250][ T5383] usb 1-1: USB disconnect, device number 5
[  123.516615][ T4302] BTRFS info (device loop1): qgroup scan completed (inconsistency flag cleared)
[  123.640528][ T6385] fido_id[6385]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory
[  123.668196][ T6361] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  123.685117][ T6361] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  123.721995][ T6365] loop4: detected capacity change from 0 to 40427
[  123.803417][ T6390] fido_id[6390]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory
[  123.853974][ T6365] F2FS-fs (loop4): invalid crc value
[  123.861231][ T6361] F2FS-fs (loop2) : inject orphan in f2fs_acquire_orphan_inode of __f2fs_tmpfile+0x19e/0x300
[  123.971110][ T6365] F2FS-fs (loop4): Found nat_bits in checkpoint
[  124.106835][ T4872] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 12 /dev/loop1 scanned by udevd (4872)
[  124.156631][ T6365] F2FS-fs (loop4): Start checkpoint disabled!
[  124.281962][ T6365] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6
[  124.571870][ T6405] loop3: detected capacity change from 0 to 4096
[  124.639371][ T6405] ntfs3: loop3: Different NTFS' sector size (2048) and media sector size (512)
[  124.824638][ T6405] ntfs3: loop3: Mark volume as dirty due to NTFS errors
[  124.852273][ T6405] ntfs3: loop3: ntfs_set_state r=3 failed, -22.
[  124.858677][ T6405] ntfs3: loop3: Failed to load $Bitmap.
[  124.905993][ T6405] ntfs3: loop3: ntfs3_write_inode r=3 failed, -22.
[  124.907074][ T6415] loop1: detected capacity change from 0 to 512
[  124.936130][ T6405] ntfs3: loop3: ntfs_evict_inode r=3 failed, -22.
[  125.023591][ T6415] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #11: comm syz.1.815: invalid indirect mapped block 4294967295 (level 1)
[  125.041634][ T4685] usb 1-1: new full-speed USB device number 6 using dummy_hcd
[  125.172154][ T6415] EXT4-fs (loop1): Remounting filesystem read-only
[  125.178955][ T6415] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #11: comm syz.1.815: invalid indirect mapped block 4294967295 (level 1)
[  125.225728][ T6415] EXT4-fs (loop1): Remounting filesystem read-only
[  125.246853][ T6415] EXT4-fs (loop1): 2 truncates cleaned up
[  125.261602][ T6415] EXT4-fs (loop1): mounted filesystem without journal. Opts: noauto_da_alloc,errors=remount-ro,barrier=0x0000000000000004,. Quota mode: writeback.
[  125.349241][ T6421] loop2: detected capacity change from 0 to 4096
[  125.388616][ T6421] ntfs3: loop2: Different NTFS' sector size (4096) and media sector size (512)
[  125.421935][ T4685] usb 1-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43
[  125.469173][ T4685] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  125.496383][ T6419] loop4: detected capacity change from 0 to 32768
[  125.514631][ T4685] usb 1-1: config 0 descriptor??
[  125.555509][ T6421] ntfs3: loop2: Mark volume as dirty due to NTFS errors
[  125.573782][ T4685] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state.
[  125.610025][ T6421] ntfs3: loop2: Failed to load $Extend.
[  125.802287][ T4685] gp8psk: usb in 128 operation failed.
[  125.874342][ T6438] loop3: detected capacity change from 0 to 256
[  126.061722][ T4685] gp8psk: usb in 137 operation failed.
[  126.068378][ T6438] FAT-fs (loop3): IO charset cpush not found
[  126.082480][ T4685] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[  126.114040][ T4685] dvb-usb: Genpix SkyWalker-1 DVB-S receiver error while loading driver (-19)
[  126.126825][ T6436] loop1: detected capacity change from 0 to 8192
[  126.137769][ T4685] usb 1-1: USB disconnect, device number 6
[  126.189979][ T6438] smb3: Unexpected value for 'acl'
[  126.216016][ T6436] REISERFS (device loop1): found reiserfs format "3.5" with non-standard journal
[  126.239595][ T6444] netlink: 209848 bytes leftover after parsing attributes in process `syz.3.825'.
[  126.288970][ T6436] REISERFS (device loop1): using ordered data mode
[  126.301326][ T6446] loop3: detected capacity change from 0 to 2048
[  126.318980][ T6436] reiserfs: using flush barriers
[  126.334744][ T6446] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  126.376624][ T6436] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  126.396699][ T6446] UDF-fs: error (device loop3): udf_verify_fi: directory (ino 1376) has entry where CRC length (32) does not match entry length (24)
[  126.503681][ T6436] REISERFS (device loop1): checking transaction log (loop1)
[  126.555568][ T6436] REISERFS (device loop1): Using r5 hash to sort names
[  126.678831][ T6452] comedi comedi3: board detection failed
[  126.746493][ T6436] reiserfs: enabling write barrier flush mode
[  126.773659][ T6436] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 1 0(1) DIR], item_len 35, item_location 3937, free_space(entry_count) 2
[  126.831798][ T6436] REISERFS error (device loop1): vs-5150 search_by_key: invalid format found in block 531. Fsck?
[  126.853005][ T6436] REISERFS (device loop1): Remounting filesystem read-only
[  126.873389][ T6436] REISERFS error (device loop1): vs-13050 reiserfs_update_sd_size: i/o failure occurred trying to update [2 1 0x0 SD] stat data
[  126.969340][ T6436] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 1 0(1) DIR], item_len 35, item_location 3937, free_space(entry_count) 2
[  126.994066][ T6431] XFS (loop4): Mounting V5 Filesystem
[  127.000737][ T6436] REISERFS error (device loop1): vs-5150 search_by_key: invalid format found in block 531. Fsck?
[  127.012546][ T6436] REISERFS error (device loop1): zam-7001 reiserfs_find_entry: io error
[  127.021021][ T6436] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 1 0(1) DIR], item_len 35, item_location 3937, free_space(entry_count) 2
[  127.038907][ T6436] REISERFS error (device loop1): vs-5150 search_by_key: invalid format found in block 531. Fsck?
[  127.071787][ T6436] REISERFS error (device loop1): vs-13050 reiserfs_update_sd_size: i/o failure occurred trying to update [2 1 0x0 SD] stat data
[  127.086921][ T6473] IPVS: sync thread started: state = BACKUP, mcast_ifn = vcan0, syncid = 0, id = 0
[  127.106364][ T6436] REISERFS warning (device loop1): jdm-20006 create_privroot: xattrs/ACLs enabled and couldn't find/create .reiserfs_priv. Failing mount.
[  127.168364][ T6431] XFS (loop4): Ending clean mount
[  127.196080][ T6436] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 1 0(1) DIR], item_len 35, item_location 3937, free_space(entry_count) 2
[  127.214180][ T6436] REISERFS error (device loop1): vs-5150 search_by_key: invalid format found in block 531. Fsck?
[  127.225178][ T6436] REISERFS (device loop1): Remounting filesystem read-only
[  127.235410][ T6436] REISERFS error (device loop1): zam-7001 reiserfs_find_entry: io error
[  127.270855][ T6431] XFS (loop4): WARNING: Reset corrupted AGFL on AG 0. 1 blocks leaked. Please unmount and run xfs_repair.
[  127.465528][ T4187] XFS (loop4): Unmounting Filesystem
[  127.546576][ T6481] EXT4-fs (loop0): mounting ext2 file system using the ext4 subsystem
[  127.702286][ T6481] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  127.716483][ T6481] ext2 filesystem being mounted at /151/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  127.863529][   T26] audit: type=1800 audit(1770333756.470:29): pid=6454 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.830" name="file1" dev="loop2" ino=4 res=0 errno=0
[  127.965496][ T4184] ntfs3: loop3: ntfs_evict_inode r=5 failed, -22.
[  127.991357][ T4184] ntfs3: loop3: Mark volume as dirty due to NTFS errors
[  128.596566][ T4386] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  128.676416][ T6504] set_capacity_and_notify: 4 callbacks suppressed
[  128.676434][ T6504] loop1: detected capacity change from 0 to 4096
[  128.722335][ T6504] ntfs3: loop1: Different NTFS' sector size (4096) and media sector size (512)
[  128.779050][ T6504] ntfs3: loop1: Mark volume as dirty due to NTFS errors
[  128.808455][ T6504] ntfs3: loop1: Failed to load $Extend.
[  128.885298][ T6493] loop0: detected capacity change from 0 to 32768
[  128.962371][ T4386] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  128.991691][ T4386] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  129.044350][ T4386] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  129.089551][ T4386] usb 4-1: New USB device found, idVendor=056e, idProduct=00fb, bcdDevice= 0.00
[  129.115207][ T4386] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  129.136115][ T4386] usb 4-1: config 0 descriptor??
[  129.339124][ T6506] loop4: detected capacity change from 0 to 32768
[  129.653529][ T4386] elecom 0003:056E:00FB.0008: report_id 22043 is invalid
[  129.695403][ T4386] elecom 0003:056E:00FB.0008: item 0 2 1 8 parsing failed
[  129.722043][ T4386] elecom: probe of 0003:056E:00FB.0008 failed with error -22
[  129.877717][ T4681] usb 4-1: USB disconnect, device number 6
[  130.404476][ T6529] loop2: detected capacity change from 0 to 32768
[  130.519292][ T6533] loop4: detected capacity change from 0 to 32768
[  130.535107][ T6529] XFS (loop2): Mounting V5 Filesystem
[  130.743924][ T6533] JBD2: Ignoring recovery information on journal
[  130.804164][ T6529] XFS (loop2): Ending clean mount
[  130.897299][ T6541] loop0: detected capacity change from 0 to 32768
[  130.905645][ T6533] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[  130.998257][ T4193] XFS (loop2): Unmounting Filesystem
[  131.226159][ T4187] ocfs2: Unmounting device (7,4) on (node local)
[  131.322540][   T26] audit: type=1326 audit(1770333759.930:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6582 comm="syz.1.883" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f62af5abeb9 code=0x7ffc0000
[  131.406223][   T26] audit: type=1326 audit(1770333759.930:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6582 comm="syz.1.883" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f62af5abeb9 code=0x7ffc0000
[  131.537438][ T6596] loop1: detected capacity change from 0 to 512
[  131.618042][ T6596] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349)
[  131.721319][ T6596] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=c802e12c, mo2=0102]
[  131.798166][ T6596] EXT4-fs (loop1): orphan cleanup on readonly fs
[  131.890479][ T6596] EXT4-fs error (device loop1): ext4_clear_blocks:883: inode #11: comm syz.1.886: attempt to clear invalid blocks 1024 len 1
[  131.940741][ T6615] comedi comedi3: 8255: I/O port conflict (0x40404f26,4)
[  131.959300][ T6596] EXT4-fs (loop1): Remounting filesystem read-only
[  131.977135][ T6615] comedi comedi3: 8255: I/O port conflict (0x5,4)
[  131.997003][ T6596] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz.1.886: bg 0: block 361: padding at end of block bitmap is not set
[  132.048536][ T6615] comedi comedi3: 8255: I/O port conflict (0x1,4)
[  132.088178][ T6615] comedi comedi3: 8255: I/O port conflict (0x3,4)
[  132.109002][ T6596] EXT4-fs (loop1): Remounting filesystem read-only
[  132.118342][ T6615] comedi comedi3: 8255: I/O port conflict (0x9,4)
[  132.147404][ T6596] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6194: Corrupt filesystem
[  132.171835][ T6615] comedi comedi3: 8255: I/O port conflict (0x5,4)
[  132.192013][ T6615] comedi comedi3: 8255: I/O port conflict (0x5,4)
[  132.232182][ T6596] EXT4-fs (loop1): Remounting filesystem read-only
[  132.237114][ T6622] loop4: detected capacity change from 0 to 2048
[  132.239456][ T6615] comedi comedi3: 8255: I/O port conflict (0x20000001,4)
[  132.258933][ T6596] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #11: comm syz.1.886: invalid indirect mapped block 1811939328 (level 0)
[  132.276583][ T6615] comedi comedi3: 8255: I/O port conflict (0x2,4)
[  132.290127][ T6615] comedi comedi3: 8255: I/O port conflict (0x13352f60,4)
[  132.298995][ T6596] EXT4-fs (loop1): Remounting filesystem read-only
[  132.355856][ T6596] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #11: comm syz.1.886: invalid indirect mapped block 2185560079 (level 1)
[  132.373743][ T6596] EXT4-fs (loop1): Remounting filesystem read-only
[  132.382729][ T6596] EXT4-fs (loop1): 1 truncate cleaned up
[  132.390471][ T6596] EXT4-fs (loop1): mounted filesystem without journal. Opts: noload,noblock_validity,discard,errors=remount-ro,abort. Quota mode: none.
[  132.466033][ T6596] kernel profiling enabled (shift: 63)
[  132.500946][ T6596] profiling shift: 63 too large
[  132.501790][   T21] usb 3-1: new full-speed USB device number 3 using dummy_hcd
[  132.714945][ T6630] loop4: detected capacity change from 0 to 256
[  132.799450][ T6606] loop0: detected capacity change from 0 to 32768
[  132.805276][ T1422] ieee802154 phy0 wpan0: encryption failed: -22
[  132.816600][ T1422] ieee802154 phy1 wpan1: encryption failed: -22
[  132.881919][ T4685] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  132.981866][   T21] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[  132.997534][   T21] usb 3-1: config 0 has no interface number 0
[  133.005928][   T21] usb 3-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[  133.016706][   T21] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  133.030109][   T21] usb 3-1: config 0 descriptor??
[  133.114166][   T21] usb 3-1: selecting invalid altsetting 1
[  133.142171][   T21] dvb_ttusb_budget: ttusb_init_controller: error
[  133.159286][   T21] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[  133.273363][ T4685] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  133.288307][ T4681] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  133.301249][ T4685] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  133.324887][ T6645] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  133.345182][   T21] DVB: Unable to find symbol cx22700_attach()
[  133.345766][ T4685] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  133.408426][ T4685] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  133.412930][   T21] DVB: Unable to find symbol tda10046_attach()
[  133.438942][   T21] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[  133.480568][ T4685] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  133.507408][   T21] usb 3-1: USB disconnect, device number 3
[  133.539240][ T4685] usb 4-1: config 0 descriptor??
[  133.545731][ T4681] usb 2-1: Using ep0 maxpacket: 8
[  133.671881][ T4681] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  133.704302][ T4681] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  133.728239][ T4681] usb 2-1: New USB device found, idVendor=056a, idProduct=0000, bcdDevice= 0.00
[  133.738729][ T4681] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  133.764747][ T4681] usb 2-1: config 0 descriptor??
[  133.893969][ T6658] netlink: 296 bytes leftover after parsing attributes in process `syz.4.915'.
[  134.064098][ T4685] plantronics 0003:047F:FFFF.0009: unbalanced collection at end of report description
[  134.102166][ T4685] plantronics 0003:047F:FFFF.0009: parse failed
[  134.108887][ T4685] plantronics: probe of 0003:047F:FFFF.0009 failed with error -22
[  134.247892][ T4681] wacom 0003:056A:0000.000A: ignoring exceeding usage max
[  134.291681][ T4681] wacom 0003:056A:0000.000A: Unknown device_type for 'HID 056a:0000'. Assuming pen.
[  134.304462][ T6653] set_capacity_and_notify: 1 callbacks suppressed
[  134.304480][ T6653] loop0: detected capacity change from 0 to 32768
[  134.343637][ T4681] wacom 0003:056A:0000.000A: hidraw0: USB HID v0.00 Device [HID 056a:0000] on usb-dummy_hcd.1-1/input0
[  134.357161][ T4681] input: Wacom Penpartner Pen as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:056A:0000.000A/input/input13
[  134.381916][ T4685] usb 4-1: USB disconnect, device number 7
[  134.445256][ T6653] ERROR: (device loop0): dbAllocAG: unable to allocate blocks
[  134.445256][ T6653] 
[  134.457089][ T4681] usb 2-1: USB disconnect, device number 4
[  134.641946][   T21] usb 5-1: new full-speed USB device number 3 using dummy_hcd
[  134.652666][ T6679] fido_id[6679]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory
[  135.061913][   T21] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  135.077346][   T21] usb 5-1: config 0 has no interface number 0
[  135.094806][   T21] usb 5-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[  135.119053][   T21] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  135.131922][ T4737] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  135.189515][   T21] usb 5-1: config 0 descriptor??
[  135.219713][ T6704] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.937'.
[  135.232585][ T6704] openvswitch: netlink: ufid size 3064 bytes exceeds the range (1, 16)
[  135.237172][   T21] usb 5-1: selecting invalid altsetting 1
[  135.242895][ T6704] openvswitch: netlink: Message has 1 unknown bytes.
[  135.256142][   T21] dvb_ttusb_budget: ttusb_init_controller: error
[  135.257399][ T6705] netlink: 20 bytes leftover after parsing attributes in process `syz.1.938'.
[  135.267436][   T21] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[  135.405120][ T6711] loop3: detected capacity change from 0 to 1024
[  135.418777][   T21] DVB: Unable to find symbol cx22700_attach()
[  135.482960][ T6715] loop0: detected capacity change from 0 to 1024
[  135.495363][   T21] DVB: Unable to find symbol tda10046_attach()
[  135.512444][   T21] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[  135.522321][ T4737] usb 3-1: config 0 interface 0 altsetting 254 endpoint 0x81 has an invalid bInterval 255, changing to 11
[  135.549898][ T6717] netlink: 'syz.1.943': attribute type 3 has an invalid length.
[  135.561887][ T4737] usb 3-1: config 0 interface 0 has no altsetting 0
[  135.580238][   T21] usb 5-1: USB disconnect, device number 3
[  135.606219][ T4737] usb 3-1: New USB device found, idVendor=056a, idProduct=00ba, bcdDevice= 0.00
[  135.621022][ T4737] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  135.640224][ T6715] hfsplus: invalid length 1792 has been corrected to 255
[  135.686286][ T6715] hfsplus: bad catalog entry type
[  135.710762][ T4737] usb 3-1: config 0 descriptor??
[  135.753406][ T1228] hfsplus: b-tree write err: -5, ino 4
[  135.899136][ T6725] loop3: detected capacity change from 0 to 512
[  135.946652][ T6725] EXT4-fs (loop3): Ignoring removed bh option
[  135.975488][ T6725] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem
[  136.056300][ T6725] EXT4-fs (loop3): 1 truncate cleaned up
[  136.070660][ T6725] EXT4-fs (loop3): mounted filesystem without journal. Opts: nouid32,max_dir_size_kb=0x0000000000000001,bh,noload,data_err=ignore,usrjquota=,,errors=continue. Quota mode: none.
[  136.215209][ T4737] wacom 0003:056A:00BA.000B: Unknown device_type for 'HID 056a:00ba'. Assuming pen.
[  136.260270][ T4737] wacom 0003:056A:00BA.000B: hidraw0: USB HID v0.00 Device [HID 056a:00ba] on usb-dummy_hcd.2-1/input0
[  136.307845][ T4737] input: Wacom Intuos4 8x13 Pen as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:056A:00BA.000B/input/input16
[  136.425200][ T4737] usb 3-1: USB disconnect, device number 4
[  136.640942][ T6748] fido_id[6748]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory
[  136.660633][ T6747] loop1: detected capacity change from 0 to 8192
[  136.766232][ T6747] REISERFS (device loop1): found reiserfs format "3.5" with non-standard journal
[  136.781969][ T6747] REISERFS (device loop1): using ordered data mode
[  136.804103][ T6747] reiserfs: using flush barriers
[  136.850693][ T6747] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  136.933591][ T6747] REISERFS (device loop1): checking transaction log (loop1)
[  136.957652][ T6747] REISERFS (device loop1): Using r5 hash to sort names
[  136.982065][ T6747] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage.
[  137.298315][ T6767] loop3: detected capacity change from 0 to 256
[  137.311861][ T4737] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  137.573204][ T4737] usb 3-1: Using ep0 maxpacket: 16
[  137.722059][ T4737] usb 3-1: config 0 interface 0 has no altsetting 0
[  137.729184][ T4737] usb 3-1: New USB device found, idVendor=1345, idProduct=3008, bcdDevice= 0.00
[  137.767624][ T4737] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  137.803213][ T4737] usb 3-1: config 0 descriptor??
[  137.880503][ T6757] loop0: detected capacity change from 0 to 32768
[  137.986848][ T6786] loop4: detected capacity change from 0 to 1024
[  138.257387][ T6799] loop3: detected capacity change from 0 to 1024
[  138.269467][  T144] hfsplus: b-tree write err: -5, ino 4
[  138.285260][ T6797] loop1: detected capacity change from 0 to 2048
[  138.326882][ T6797] EXT4-fs (loop1): Ignoring removed nomblk_io_submit option
[  138.354205][ T4737] sony 0003:1345:3008.000C: item fetching failed at offset 2/5
[  138.382095][ T4737] sony 0003:1345:3008.000C: parse failed
[  138.404971][ T4737] sony: probe of 0003:1345:3008.000C failed with error -22
[  138.438530][ T6807] hfsplus: xattr exists yet
[  138.527001][ T6797] EXT4-fs (loop1): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000080000,grpquota,nomblk_io_submit,stripe=0x000000000004ffff,norecovery,errors=remount-ro,max_batch_time=0x0000000000000814,. Quota mode: writeback.
[  138.688291][ T6797] EXT4-fs error (device loop1): empty_inline_dir:1873: inode #12: block 5: comm syz.1.980: bad entry in directory: directory entry overrun - offset=4, inode=13, rec_len=7952, size=60 fake=0
[  138.691398][ T5383] usb 3-1: USB disconnect, device number 5
[  138.739148][ T6797] EXT4-fs (loop1): Remounting filesystem read-only
[  138.750707][ T6797] EXT4-fs warning (device loop1): empty_inline_dir:1880: bad inline directory (dir #12) - inode 13, rec_len 7952, name_len 0inline size 60
[  138.985721][ T6820] EXT4-fs error (device loop3): ext4_xattr_inode_iget:401: comm syz.3.987: inode #1: comm syz.3.987: iget: illegal inode #
[  139.020544][ T6820] EXT4-fs error (device loop3): ext4_xattr_inode_iget:406: comm syz.3.987: error while reading EA inode 1 err=-117
[  139.037140][ T6820] EXT4-fs error (device loop3): ext4_xattr_inode_iget:401: comm syz.3.987: inode #1: comm syz.3.987: iget: illegal inode #
[  139.077088][ T6820] EXT4-fs error (device loop3): ext4_xattr_inode_iget:406: comm syz.3.987: error while reading EA inode 1 err=-117
[  139.099999][ T6820] EXT4-fs (loop3): 1 orphan inode deleted
[  139.116797][ T6820] EXT4-fs (loop3): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,nogrpid,debug_want_extra_isize=0x000000000000005c,minixdf,resgid=0x0000000000000000,sysvgroups,usrjquota=,,errors=continue. Quota mode: none.
[  139.145264][ T6813] ntfs3: loop4: failed to convert name for inode 1e.
[  139.781878][ T4737] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  139.816293][ T6858] netlink: 224 bytes leftover after parsing attributes in process `syz.0.1003'.
[  139.850438][ T6854] set_capacity_and_notify: 2 callbacks suppressed
[  139.850467][ T6854] loop3: detected capacity change from 0 to 4096
[  139.878028][ T6858] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  140.061840][ T4737] usb 2-1: Using ep0 maxpacket: 16
[  140.191906][ T4737] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  140.214082][ T4737] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  140.248382][ T4737] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  140.295187][ T4737] usb 2-1: New USB device found, idVendor=0457, idProduct=07da, bcdDevice= 0.00
[  140.347451][ T4737] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  140.369534][ T4737] usb 2-1: config 0 descriptor??
[  140.886411][ T4737] hid-generic 0003:0457:07DA.000D: hidraw0: USB HID v0.00 Device [HID 0457:07da] on usb-dummy_hcd.1-1/input0
[  141.034761][ T6901] loop4: detected capacity change from 0 to 64
[  141.120764][ T4737] usb 2-1: USB disconnect, device number 5
[  141.199244][ T6908] loop0: detected capacity change from 0 to 256
[  141.218949][ T6903] fido_id[6903]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory
[  141.254100][ T6872] loop3: detected capacity change from 0 to 40427
[  141.282614][ T6908] exfat: Deprecated parameter 'namecase'
[  141.289346][ T6908] exfat: Deprecated parameter 'utf8'
[  141.299367][ T6908] exfat: Deprecated parameter 'namecase'
[  141.306559][ T6872] F2FS-fs (loop3): build fault injection attr: rate: 690, type: 0x1ffff
[  141.338380][ T6908] exfat: Deprecated parameter 'utf8'
[  141.351730][ T6872] F2FS-fs (loop3): build fault injection attr: rate: 0, type: 0x2
[  141.358811][ T6908] exFAT-fs (loop0): failed to load upcase table (idx : 0x00012153, chksum : 0x555ffa9e, utbl_chksum : 0xe619d30d)
[  141.412121][ T6872] F2FS-fs (loop3): invalid crc value
[  141.457655][ T6872] F2FS-fs (loop3): Found nat_bits in checkpoint
[  141.608128][ T6872] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  141.694857][ T4184] attempt to access beyond end of device
[  141.694857][ T4184] loop3: rw=2049, want=45104, limit=40427
[  141.708892][ T6927] loop2: detected capacity change from 0 to 64
[  141.795428][ T4685] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  142.051635][ T4685] usb 5-1: Using ep0 maxpacket: 16
[  142.171811][ T4685] usb 5-1: config 7 has an invalid interface number: 181 but max is 0
[  142.201709][ T4685] usb 5-1: config 7 has no interface number 0
[  142.228437][ T4685] usb 5-1: config 7 interface 181 altsetting 4 endpoint 0x1 has invalid maxpacket 17594, setting to 64
[  142.264941][ T6948] device ipvlan2 entered promiscuous mode
[  142.300659][ T4685] usb 5-1: config 7 interface 181 has no altsetting 0
[  142.501904][ T4685] usb 5-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=db.4d
[  142.522833][ T4685] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  142.561734][ T4685] usb 5-1: Product: syz
[  142.566631][ T4685] usb 5-1: Manufacturer: syz
[  142.583270][ T4685] usb 5-1: SerialNumber: syz
[  142.648206][ T6959] loop3: detected capacity change from 0 to 512
[  142.819717][ T6959] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  142.844478][ T6959] ext4 filesystem being mounted at /238/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  142.915898][ T6943] loop2: detected capacity change from 0 to 32768
[  142.969205][ T4685] usb 5-1: USB disconnect, device number 4
[  142.985579][ T6943] XFS (loop2): Mounting V5 Filesystem
[  143.195837][ T6943] XFS (loop2): Ending clean mount
[  143.274790][ T6943] XFS (loop2): Quotacheck needed: Please wait.
[  143.433269][ T6943] XFS (loop2): Quotacheck: Done.
[  143.662244][ T4193] XFS (loop2): Unmounting Filesystem
[  143.837280][ T6957] loop0: detected capacity change from 0 to 32768
[  143.972444][ T6978] loop3: detected capacity change from 0 to 32768
[  143.977136][ T6957] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  144.041610][ T6957] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  144.051781][ T4386] usb 2-1: new full-speed USB device number 6 using dummy_hcd
[  144.188361][ T6957] gfs2: fsid=syz:syz.s: journal 0 mapped with 5 extents in 0ms
[  144.222404][ T6994] loop4: detected capacity change from 0 to 64
[  144.349967][ T6957] gfs2: fsid=syz:syz.s: first mount done, others may mount
[  144.411952][ T4386] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  144.451653][ T4386] usb 2-1: New USB device found, idVendor=28bd, idProduct=0055, bcdDevice= 0.00
[  144.474859][ T4386] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  144.510198][ T4386] usb 2-1: config 0 descriptor??
[  144.673095][ T7002] hfsplus: xattr exists yet
[  145.035027][ T4386] uclogic 0003:28BD:0055.000E: unknown main item tag 0x3
[  145.080746][ T4386] uclogic 0003:28BD:0055.000E: No inputs registered, leaving
[  145.147964][ T4386] uclogic 0003:28BD:0055.000E: hidraw0: USB HID v0.07 Device [HID 28bd:0055] on usb-dummy_hcd.1-1/input0
[  145.150592][ T7008] set_capacity_and_notify: 1 callbacks suppressed
[  145.150608][ T7008] loop2: detected capacity change from 0 to 8192
[  145.223948][ T7024] sp0: Synchronizing with TNC
[  145.240983][ T4386] usb 2-1: USB disconnect, device number 6
[  145.284544][ T7022] [U] è`
[  145.354817][ T7008] REISERFS (device loop2): found reiserfs format "3.6" with non-standard journal
[  145.373919][ T7008] REISERFS (device loop2): using ordered data mode
[  145.408938][ T7008] reiserfs: using flush barriers
[  145.462619][ T7008] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  145.491932][ T7008] REISERFS (device loop2): checking transaction log (loop2)
[  145.498865][ T7039] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1084'.
[  145.512351][ T7037] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1082'.
[  145.529528][ T7030] fido_id[7030]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory
[  145.544506][ T7008] REISERFS (device loop2): Using r5 hash to sort names
[  145.582598][ T7008] REISERFS warning (device loop2): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2)
[  145.589839][ T7037] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1082'.
[  145.613868][ T7041] loop3: detected capacity change from 0 to 1024
[  145.631999][ T7008] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage.
[  145.644070][ T7037] netlink: 'syz.4.1082': attribute type 11 has an invalid length.
[  145.756081][ T7041] hfsplus: bad catalog entry type
[  145.840169][    T9] hfsplus: b-tree write err: -5, ino 4
[  145.889925][ T7049] sp0: Synchronizing with TNC
[  146.056668][ T7060] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1094'.
[  146.205738][ T7058] loop2: detected capacity change from 0 to 4096
[  146.301849][ T4685] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  146.324394][ T7058] ntfs: (device loop2): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel.
[  146.377934][ T7058] ntfs: (device loop2): read_ntfs_boot_sector(): Hot-fix: Recovering invalid primary boot sector from backup copy.
[  146.407845][ T7058] ntfs: (device loop2): ntfs_mapping_pairs_decompress(): Corrupt attribute.
[  146.440020][ T7058] ntfs: (device loop2): ntfs_read_block(): Failed to read from inode 0xa, attribute type 0x80, vcn 0x0, offset 0x0 because its location on disk could not be determined even after retrying (error code -5).
[  146.473321][ T7069] loop4: detected capacity change from 0 to 8192
[  146.480996][ T7058] ntfs: (device loop2): ntfs_mapping_pairs_decompress(): Corrupt attribute.
[  146.490947][ T7058] ntfs: (device loop2): ntfs_read_block(): Failed to read from inode 0xa, attribute type 0x80, vcn 0x0, offset 0x200 because its location on disk could not be determined even after retrying (error code -5).
[  146.519081][ T7058] ntfs: (device loop2): ntfs_mapping_pairs_decompress(): Corrupt attribute.
[  146.529179][ T7058] ntfs: (device loop2): ntfs_read_block(): Failed to read from inode 0xa, attribute type 0x80, vcn 0x1, offset 0x0 because its location on disk could not be determined even after retrying (error code -5).
[  146.558590][ T7058] ntfs: (device loop2): ntfs_mapping_pairs_decompress(): Corrupt attribute.
[  146.568478][ T7058] ntfs: (device loop2): ntfs_read_block(): Failed to read from inode 0xa, attribute type 0x80, vcn 0x1, offset 0x200 because its location on disk could not be determined even after retrying (error code -5).
[  146.592673][ T4685] usb 4-1: Using ep0 maxpacket: 16
[  146.595855][ T5383] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  146.601071][ T7058] ntfs: volume version 3.1.
[  146.615224][ T7069] REISERFS (device loop4): found reiserfs format "3.5" with non-standard journal
[  146.626703][ T7069] REISERFS (device loop4): using ordered data mode
[  146.634754][ T7069] reiserfs: using flush barriers
[  146.654332][ T7069] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  146.711851][ T4685] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 14129, setting to 64
[  146.800878][ T7069] REISERFS (device loop4): checking transaction log (loop4)
[  146.835522][ T7069] REISERFS (device loop4): Using r5 hash to sort names
[  146.866480][ T7069] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage.
[  146.903030][ T4685] usb 4-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=7b.55
[  146.938405][ T4685] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  146.951804][ T5383] usb 2-1: Using ep0 maxpacket: 16
[  146.978161][ T4685] usb 4-1: Product: syz
[  146.998432][ T4685] usb 4-1: Manufacturer: syz
[  147.008711][ T4685] usb 4-1: SerialNumber: syz
[  147.051337][ T4685] usb 4-1: config 0 descriptor??
[  147.081954][ T5383] usb 2-1: config 0 has an invalid interface number: 41 but max is 0
[  147.098969][ T5383] usb 2-1: config 0 has no interface number 0
[  147.112284][ T5383] usb 2-1: config 0 interface 41 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16
[  147.123611][ T5383] usb 2-1: config 0 interface 41 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64
[  147.145298][ T5383] usb 2-1: config 0 interface 41 has no altsetting 0
[  147.202758][ T4685] usb 4-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[  147.317941][ T4685] usb 4-1: USB disconnect, device number 8
[  147.324109][ T4302] usb 4-1: Failed to submit usb control message: -71
[  147.331286][ T4302] usb 4-1: unable to send the bmi data to the device: -71
[  147.341899][ T5383] usb 2-1: New USB device found, idVendor=0fe6, idProduct=9700, bcdDevice=d1.9a
[  147.354769][ T5383] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  147.364405][ T5383] usb 2-1: Product: syz
[  147.368848][ T5383] usb 2-1: Manufacturer: syz
[  147.373614][ T5383] usb 2-1: SerialNumber: syz
[  147.381966][ T5383] usb 2-1: config 0 descriptor??
[  147.390055][ T4302] usb 4-1: unable to get target info from device
[  147.402076][ T7071] raw-gadget.1 gadget: fail, usb_ep_enable returned -22
[  147.420514][ T7071] raw-gadget.1 gadget: fail, usb_ep_enable returned -22
[  147.449724][ T7099] tipc: Enabled bearer <eth:wg0>, priority 10
[  147.451326][ T4302] usb 4-1: could not get target info (-71)
[  147.472614][ T4302] usb 4-1: could not probe fw (-71)
[  147.476057][ T4737] usb 1-1: new full-speed USB device number 7 using dummy_hcd
[  147.629618][ T7105] loop4: detected capacity change from 0 to 16
[  147.683758][ T5383] dm9601: probe of 2-1:0.41 failed with error -71
[  147.701850][ T5383] sr9700: probe of 2-1:0.41 failed with error -71
[  147.717738][ T7105] erofs: (device loop4): mounted with root inode @ nid 36.
[  147.737409][ T5383] usb 2-1: USB disconnect, device number 7
[  147.759558][ T7105] erofs: (device loop4): z_erofs_extent_lookback: bogus lookback distance @ nid 36
[  147.778251][ T7111] loop2: detected capacity change from 0 to 16
[  147.796681][ T7105] erofs: (device loop4): z_erofs_readpage: failed to read, err [-117]
[  147.875222][ T7111] erofs: (device loop2): mounted with root inode @ nid 36.
[  147.933812][ T7114] delete_channel: no stack
[  147.947634][ T4737] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  147.964206][ T4737] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  147.987788][ T4737] usb 1-1: config 0 descriptor??
[  148.047409][ T4737] cp210x 1-1:0.0: cp210x converter detected
[  148.068605][ T7122] binder: 7121:7122 ioctl 4018620d 0 returned -22
[  148.097178][ T7122] binder: 7121:7122 ioctl c0306201 200000000180 returned -11
[  148.109352][ T7126] loop4: detected capacity change from 0 to 1024
[  148.179531][ T7126] attempt to access beyond end of device
[  148.179531][ T7126] loop4: rw=0, want=5780, limit=1024
[  148.213830][ T7132] netlink: 96 bytes leftover after parsing attributes in process `syz.2.1126'.
[  148.494896][ T4737] usb 1-1: cp210x converter now attached to ttyUSB0
[  148.516887][ T7150] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1138'.
[  148.691826][ T4684] usb 4-1: new full-speed USB device number 9 using dummy_hcd
[  148.700360][ T4737] usb 1-1: USB disconnect, device number 7
[  148.752745][ T4737] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  148.816979][ T4737] cp210x 1-1:0.0: device disconnected
[  148.989945][ T7165] netlink: 'syz.4.1142': attribute type 7 has an invalid length.
[  149.019076][ T7165] netlink: 'syz.4.1142': attribute type 1 has an invalid length.
[  149.051376][ T7165] netlink: 191376 bytes leftover after parsing attributes in process `syz.4.1142'.
[  149.062435][ T4684] usb 4-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43
[  149.081667][ T4684] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  149.128547][ T4684] usb 4-1: config 0 descriptor??
[  149.173813][ T4684] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state.
[  149.381895][ T4684] gp8psk: usb in 128 operation failed.
[  149.458773][ T7173] loop0: detected capacity change from 0 to 1024
[  149.467847][ T7158] loop1: detected capacity change from 0 to 32768
[  149.602442][ T7173] hfsplus: bad catalog entry type
[  149.645151][ T7158] XFS (loop1): Mounting V5 Filesystem
[  149.663044][ T4684] gp8psk: usb in 146 operation failed.
[  149.671195][ T4684] gp8psk: failed to get FW version
[  149.678389][ T1228] hfsplus: b-tree write err: -5, ino 4
[  149.731737][ T4684] gp8psk: usb in 149 operation failed.
[  149.739028][ T4684] gp8psk: failed to get FPGA version
[  149.781761][ T4684] gp8psk: usb in 138 operation failed.
[  149.787637][ T4684] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[  149.795358][ T7193] loop0: detected capacity change from 0 to 512
[  149.801458][ T4684] dvb-usb: Genpix SkyWalker-1 DVB-S receiver error while loading driver (-19)
[  149.816441][ T4684] usb 4-1: USB disconnect, device number 9
[  149.879049][ T7193] EXT4-fs (loop0): Ignoring removed orlov option
[  149.934652][ T7158] XFS (loop1): Ending clean mount
[  149.940402][ T7193] EXT4-fs (loop0): orphan cleanup on readonly fs
[  149.945390][ T7158] XFS (loop1): Quotacheck needed: Please wait.
[  150.056424][ T7158] XFS (loop1): Quotacheck: Done.
[  150.081943][ T7193] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz.0.1152: bg 0: block 248: padding at end of block bitmap is not set
[  150.153625][ T7193] EXT4-fs error (device loop0): ext4_acquire_dquot:6234: comm syz.0.1152: Failed to acquire dquot type 1
[  150.182767][ T4186] XFS (loop1): Unmounting Filesystem
[  150.235047][ T7193] EXT4-fs (loop0): 1 truncate cleaned up
[  150.294333][ T7193] EXT4-fs (loop0): mounted filesystem without journal. Opts: bsdgroups,nodiscard,noblock_validity,grpjquota=,grpjquota=,orlov,abort,nombcache,stripe=0x0000000000000010,,errors=continue. Quota mode: writeback.
[  150.315285][    C1] vkms_vblank_simulate: vblank timer overrun
[  150.427653][ T7206] loop2: detected capacity change from 0 to 1024
[  150.524422][ T7193] EXT4-fs (loop0): Ignoring removed orlov option
[  150.542811][ T7193] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended
[  150.558643][ T7189] loop4: detected capacity change from 0 to 32768
[  150.614996][ T7193] EXT4-fs error (device loop0): ext4_remount:6060: comm syz.0.1152: Abort forced by user
[  150.620942][ T7189] 
[  150.620942][ T7189]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  150.620942][ T7189] 
[  150.638986][ T7206] hfsplus: keylen 65060 too large
[  150.646658][ T7206] hfsplus: xattr searching failed
[  150.661185][ T7193] EXT4-fs (loop0): Remounting filesystem read-only
[  150.687163][ T7193] EXT4-fs (loop0): re-mounted. Opts: bsdgroups,nodiscard,noblock_validity,grpjquota=,grpjquota=,orlov,abort,nombcache,stripe=0x0000000000000010,. Quota mode: writeback.
[  150.764253][ T7193] ext4 filesystem being remounted at /214/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  150.853443][ T4187] 
[  150.853443][ T4187]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  150.853443][ T4187] 
[  150.865065][ T7215] binder: 7214:7215 ioctl 4018620d 0 returned -22
[  150.909513][ T7215] binder: 7214:7215 ioctl c0306201 200000000180 returned -11
[  150.914926][ T4187] 
[  150.914926][ T4187]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  150.914926][ T4187] 
[  151.192371][ T7229] netlink: 80 bytes leftover after parsing attributes in process `syz.1.1167'.
[  151.240005][ T7229] vcan0: MTU too low for tipc bearer
[  151.261914][ T7229] tipc: Enabling of bearer <ib:vcan0> rejected, failed to enable media
[  151.381737][ T4738] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  151.664612][ T4738] usb 5-1: Using ep0 maxpacket: 8
[  151.747126][ T7260] netlink: 'syz.0.1182': attribute type 7 has an invalid length.
[  151.778979][ T7260] netlink: 'syz.0.1182': attribute type 1 has an invalid length.
[  151.802058][ T4738] usb 5-1: config 0 interface 0 altsetting 5 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  151.827540][ T7260] netlink: 191376 bytes leftover after parsing attributes in process `syz.0.1182'.
[  151.838507][ T4738] usb 5-1: config 0 interface 0 altsetting 5 endpoint 0x81 has invalid wMaxPacketSize 0
[  151.876584][ T4738] usb 5-1: config 0 interface 0 has no altsetting 0
[  151.902691][ T4738] usb 5-1: New USB device found, idVendor=1038, idProduct=1410, bcdDevice= 0.00
[  151.921717][ T4738] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  151.950430][ T4738] usb 5-1: config 0 descriptor??
[  151.950655][ T7267] usb usb1: usbfs: process 7267 (syz.3.1184) did not claim interface 0 before use
[  152.448234][ T4738] steelseries_srws1 0003:1038:1410.000F: item fetching failed at offset 3/5
[  152.462550][ T4738] steelseries_srws1 0003:1038:1410.000F: parse failed
[  152.470993][ T4738] steelseries_srws1: probe of 0003:1038:1410.000F failed with error -22
[  152.650399][ T4738] usb 5-1: USB disconnect, device number 5
[  152.780489][ T7290] loop3: detected capacity change from 0 to 32768
[  152.811010][ T7305] loop2: detected capacity change from 0 to 2048
[  152.869522][   T26] kauditd_printk_skb: 11 callbacks suppressed
[  152.869534][   T26] audit: type=1800 audit(1770333781.470:32): pid=7290 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1195" name="file1" dev="loop3" ino=4 res=0 errno=0
[  152.924846][ T7305] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  153.059491][ T7307] loop0: detected capacity change from 0 to 512
[  153.117040][ T7307] EXT4-fs (loop0): Ignoring removed bh option
[  153.230703][ T7307] EXT4-fs (loop0): mounted filesystem without journal. Opts: i_version,nogrpid,bh,,errors=continue. Quota mode: writeback.
[  153.233952][ T7311] loop2: detected capacity change from 0 to 1024
[  153.362819][ T7307] ext4 filesystem being mounted at /223/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  153.466247][ T7307] EXT4-fs error (device loop0): ext4_resize_begin:61: comm syz.0.1203: resize_inode disabled but reserved GDT blocks non-zero
[  153.979067][ T7319] loop1: detected capacity change from 0 to 32768
[  154.148284][ T7336] mkiss: ax0: crc mode is auto.
[  154.156011][ T7319] JBD2: Ignoring recovery information on journal
[  154.241245][ T7334] loop3: detected capacity change from 0 to 32768
[  154.294534][ T7334] gfs2: fsid=__Š°"_½z#²˱1Ä	¢ “I¡3ØÆÆåwÕÊ‚X9: Trying to join cluster "lock_nolock", "__Š°"_½z#²˱1Ä	¢ “I¡3ØÆÆåwÕÊ‚X9"
[  154.309341][ T7334] gfs2: fsid=__Š°"_½z#²˱1Ä	¢ “I¡3ØÆÆåwÕÊ‚X9: Now mounting FS (format 0)...
[  154.355043][ T7319] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  154.406809][ T7334] gfs2: fsid=__Š°"_½z#²˱1Ä	¢ “I¡3ØÆÆåwÕÊ‚X9.0: journal 0 mapped with 16 extents in 0ms
[  154.445139][ T4684] gfs2: fsid=__Š°"_½z#²˱1Ä	¢ “I¡3ØÆÆåwÕÊ‚X9.0: jid=0, already locked for use
[  154.470538][ T4684] gfs2: fsid=__Š°"_½z#²˱1Ä	¢ “I¡3ØÆÆåwÕÊ‚X9.0: jid=0: Looking at journal...
[  154.499437][ T7319] (syz.1.1208,7319,0):ocfs2_reflink_ioctl:4454 ERROR: status = -14
[  154.682524][ T4684] gfs2: fsid=__Š°"_½z#²˱1Ä	¢ “I¡3ØÆÆåwÕÊ‚X9.0: jid=0: Journal head lookup took 211ms
[  154.682714][ T7340] loop0: detected capacity change from 0 to 8192
[  154.704868][ T7347] loop4: detected capacity change from 0 to 1024
[  154.726102][ T4684] gfs2: fsid=__Š°"_½z#²˱1Ä	¢ “I¡3ØÆÆåwÕÊ‚X9.0: jid=0: Done
[  154.754132][ T7334] gfs2: fsid=__Š°"_½z#²˱1Ä	¢ “I¡3ØÆÆåwÕÊ‚X9.0: first mount done, others may mount
[  154.766056][ T7334] gfs2: fsid=__Š°"_½z#²˱1Ä	¢ “I¡3ØÆÆåwÕÊ‚X9.0: no resource groups found in the file system.
[  154.824203][ T7340] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal
[  154.860919][ T4186] ocfs2: Unmounting device (7,1) on (node local)
[  154.883944][ T7340] REISERFS (device loop0): using journaled data mode
[  154.890815][ T7340] reiserfs: using flush barriers
[  154.932609][ T7340] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  154.972226][ T7347] EXT4-fs (loop4): mounted filesystem without journal. Opts: nodioread_nolock,resuid=0x0000000000000000,barrier=0x0000000000000003,delalloc,journal_dev=0x0000000000000009,nodioread_nolock,,errors=continue. Quota mode: none.
[  155.066015][ T7347] ext4 filesystem being mounted at /231/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  155.077234][ T7340] REISERFS (device loop0): checking transaction log (loop0)
[  155.160191][ T7347] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz.4.1220: bg 0: block 112: padding at end of block bitmap is not set
[  155.181716][ T7340] REISERFS (device loop0): Using r5 hash to sort names
[  155.189712][ T7340] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2)
[  155.218658][ T7340] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[  155.627875][ T4197] usb 4-1: new full-speed USB device number 10 using dummy_hcd
[  155.631851][ T7364] set_capacity_and_notify: 1 callbacks suppressed
[  155.631866][ T7364] loop4: detected capacity change from 0 to 1024
[  155.817966][ T7368] loop0: detected capacity change from 0 to 64
[  155.918070][ T7370] loop1: detected capacity change from 0 to 4096
[  155.956576][ T7368] hfs: bad catalog entry type 65535
[  156.003812][ T7373] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  156.012606][ T4197] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  156.049538][ T4197] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  156.086195][ T4197] usb 4-1: New USB device found, idVendor=056e, idProduct=011c, bcdDevice= 0.00
[  156.121587][ T4197] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  156.160838][ T4197] usb 4-1: config 0 descriptor??
[  156.653866][ T4197] elecom 0003:056E:011C.0010: item fetching failed at offset 1/5
[  156.672019][ T4197] elecom: probe of 0003:056E:011C.0010 failed with error -22
[  156.796574][ T7403] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1246'.
[  156.848366][ T7406] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1248'.
[  156.916487][ T4197] usb 4-1: USB disconnect, device number 10
[  156.970820][ T7372] loop4: detected capacity change from 0 to 32768
[  157.585784][ T7430] loop0: detected capacity change from 0 to 512
[  157.634631][ T7432] blktrace: Concurrent blktraces are not allowed on sg0
[  157.702886][ T7434] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1260'.
[  157.736526][ T7430] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  157.821309][ T7430] ext4 filesystem being mounted at /239/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  157.825347][ T7410] loop1: detected capacity change from 0 to 40427
[  157.895837][ T7410] F2FS-fs (loop1): Mismatch start address, segment0(512) cp_blkaddr(918016)
[  157.923878][ T7410] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  157.989877][ T7410] F2FS-fs (loop1): invalid crc value
[  158.082498][ T7410] F2FS-fs (loop1): Found nat_bits in checkpoint
[  158.270908][ T7410] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  158.301693][ T7410] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  158.437486][ T4186] attempt to access beyond end of device
[  158.437486][ T4186] loop1: rw=2049, want=45104, limit=40427
[  158.521661][ T4738] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  158.801777][ T4738] usb 5-1: Using ep0 maxpacket: 16
[  158.881595][ T7475] blktrace: Concurrent blktraces are not allowed on sg0
[  158.977409][ T4197] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  158.987099][ T7467] loop2: detected capacity change from 0 to 32768
[  159.051498][ T7467] MetaData crosses page boundary!!
[  159.059773][ T7467] lblock = 6161616161, size  = 370544640
[  159.070201][ T7467] CPU: 0 PID: 7467 Comm: syz.2.1274 Not tainted syzkaller #0
[  159.077995][ T7467] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  159.088636][ T7467] Call Trace:
[  159.092223][ T7467]  <TASK>
[  159.095343][ T7467]  dump_stack_lvl+0x188/0x250
[  159.100068][ T7467]  ? show_regs_print_info+0x20/0x20
[  159.105735][ T7467]  ? load_image+0x400/0x400
[  159.110612][ T7467]  ? unlock_page+0x17c/0x1f0
[  159.115594][ T7467]  ? release_metapage+0x2f7/0xe10
[  159.120857][ T7467]  ? unlock_page+0x17c/0x1f0
[  159.125585][ T7467]  __get_metapage+0xbfa/0x1060
[  159.130615][ T7467]  dtSearch+0x5d5/0x2050
[  159.135202][ T7467]  jfs_symlink+0x851/0xfb0
[  159.139646][ T7467]  ? jfs_unlink+0xa00/0xa00
[  159.144260][ T7467]  ? make_kgid+0x660/0x660
[  159.148674][ T7467]  ? apparmor_path_symlink+0x1ac/0x230
[  159.154236][ T7467]  ? lookup_one_qstr_excl+0x11c/0x240
[  159.159884][ T7467]  ? generic_permission+0x230/0x510
[  159.165745][ T7467]  ? inode_permission+0xef/0x480
[  159.170755][ T7467]  ? bpf_lsm_inode_symlink+0x5/0x10
[  159.177124][ T7467]  ? security_inode_symlink+0xb2/0x100
[  159.183066][ T7467]  vfs_symlink+0x247/0x3d0
[  159.187868][ T7467]  do_symlinkat+0x1ab/0x6b0
[  159.192568][ T7467]  ? vfs_symlink+0x3d0/0x3d0
[  159.197180][ T7467]  ? getname_flags+0x1fe/0x500
[  159.202049][ T7467]  __x64_sys_symlink+0x7a/0x90
[  159.207093][ T7467]  do_syscall_64+0x4c/0xa0
[  159.211537][ T7467]  ? clear_bhb_loop+0x30/0x80
[  159.216287][ T7467]  ? clear_bhb_loop+0x30/0x80
[  159.220970][ T7467]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  159.221859][ T4738] usb 5-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  159.226959][ T7467] RIP: 0033:0x7f31c91e7eb9
[  159.227030][ T7467] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  159.237322][ T4738] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  159.240600][ T7467] RSP: 002b:00007f31c7443028 EFLAGS: 00000246 ORIG_RAX: 0000000000000058
[  159.240631][ T7467] RAX: ffffffffffffffda RBX: 00007f31c9462fa0 RCX: 00007f31c91e7eb9
[  159.240646][ T7467] RDX: 0000000000000000 RSI: 0000200000000cc0 RDI: 000020000000a900
[  159.264458][ T4738] usb 5-1: Product: syz
[  159.268903][ T7467] RBP: 00007f31c9255c1f R08: 0000000000000000 R09: 0000000000000000
[  159.268934][ T7467] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  159.268947][ T7467] R13: 00007f31c9463038 R14: 00007f31c9462fa0 R15: 00007ffdb09b27e8
[  159.278359][ T4738] usb 5-1: Manufacturer: syz
[  159.285732][ T7467]  </TASK>
[  159.294667][ T7467] bread failed!
[  159.327801][ T4738] usb 5-1: SerialNumber: syz
[  159.363792][ T4738] r8152-cfgselector 5-1: config 0 descriptor??
[  159.452508][ T4197] usb 4-1: too many configurations: 17, using maximum allowed: 8
[  159.698990][ T7501] loop1: detected capacity change from 0 to 256
[  159.741379][ T7501] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x36e00b20, utbl_chksum : 0xe619d30d)
[  159.852024][ T4738] r8152-cfgselector 5-1: Unknown version 0x0000
[  159.860518][ T4738] r8152-cfgselector 5-1: bad CDC descriptors
[  159.886785][ T7507] loop1: detected capacity change from 0 to 64
[  159.893369][ T4738] r8152-cfgselector 5-1: Unknown version 0x0000
[  159.904555][ T4738] r8152-cfgselector 5-1: USB disconnect, device number 6
[  160.011452][ T7507] hfs: bad catalog entry type 65535
[  160.238759][ T7516] loop1: detected capacity change from 0 to 512
[  160.291867][ T4197] usb 4-1: New USB device found, idVendor=0547, idProduct=0201, bcdDevice=11.64
[  160.297181][ T7516] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  160.311595][ T4197] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  160.319897][ T4197] usb 4-1: Product: syz
[  160.325296][ T4197] usb 4-1: Manufacturer: syz
[  160.337912][ T4197] usb 4-1: SerialNumber: syz
[  160.358790][ T4197] usb 4-1: config 0 descriptor??
[  160.362446][ T7516] EXT4-fs error (device loop1): ext4_xattr_inode_iget:401: inode #2: comm syz.1.1297: missing EA_INODE flag
[  160.402081][ T7516] EXT4-fs error (device loop1): ext4_xattr_inode_iget:406: comm syz.1.1297: error while reading EA inode 2 err=-117
[  160.416864][ T4197] dvb-usb: found a 'Nebula Electronics uDigiTV DVB-T USB2.0)' in warm state.
[  160.437436][ T7516] EXT4-fs (loop1): 1 truncate cleaned up
[  160.466692][ T4197] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  160.472009][ T7516] EXT4-fs (loop1): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,resuid=0x0000000000000000,debug_want_extra_isize=0x0000000000000068,lazytime,nombcache,nogrpid,,errors=continue. Quota mode: none.
[  160.491933][ T4197] dvbdev: DVB: registering new adapter (Nebula Electronics uDigiTV DVB-T USB2.0))
[  160.510553][ T4197] usb 4-1: media controller created
[  160.528732][ T4197] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  160.592877][ T4197] DVB: Unable to find symbol mt352_attach()
[  160.631457][ T7473] dvb-usb: bulk message failed: -22 (7/0)
[  160.700194][ T4197] DVB: Unable to find symbol nxt6000_attach()
[  160.712483][ T4197] dvb-usb: no frontend was attached by 'Nebula Electronics uDigiTV DVB-T USB2.0)'
[  160.763372][ T4197] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input19
[  160.810287][ T4197] dvb-usb: schedule remote query interval to 1000 msecs.
[  160.854871][ T4197] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0) successfully initialized and connected.
[  160.873173][ T7514] loop2: detected capacity change from 0 to 40427
[  160.890798][ T4197] dvb-usb: bulk message failed: -22 (7/0)
[  160.897282][ T4197] dvb-usb: bulk message failed: -22 (7/0)
[  160.952375][ T4197] usb 4-1: USB disconnect, device number 11
[  161.008850][ T7514] F2FS-fs (loop2): invalid crc value
[  161.051269][ T7514] F2FS-fs (loop2): Found nat_bits in checkpoint
[  161.089353][ T4197] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0 successfully deinitialized and disconnected.
[  161.241423][ T7514] F2FS-fs (loop2): Start checkpoint disabled!
[  161.266853][ T7514] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[  161.631821][ T7525] loop4: detected capacity change from 0 to 32768
[  162.157728][ T7576] loop4: detected capacity change from 0 to 512
[  162.296048][ T7576] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  162.424077][ T7576] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #16: comm syz.4.1320: invalid indirect mapped block 4294967295 (level 0)
[  162.467527][ T7592] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1328'.
[  162.517754][ T7576] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #16: comm syz.4.1320: invalid indirect mapped block 4294967295 (level 1)
[  162.560653][ T7576] EXT4-fs (loop4): 1 orphan inode deleted
[  162.624773][ T7576] EXT4-fs (loop4): 1 truncate cleaned up
[  162.630832][ T7576] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  162.993538][ T7609] loop0: detected capacity change from 0 to 8
[  163.124038][ T7609] SQUASHFS error: Unable to read directory block [629:46]
[  163.362245][ T7621] loop2: detected capacity change from 0 to 256
[  163.455705][ T7621] exFAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  163.490233][ T7621] exFAT-fs (loop2): Medium has reported failures. Some data may be lost.
[  163.524466][ T7621] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  163.602293][ T7638] loop1: detected capacity change from 0 to 1024
[  163.759202][ T7638] EXT4-fs error (device loop1): ext4_orphan_get:1426: comm syz.1.1349: bad orphan inode 32767
[  163.806091][ T7638] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  163.833719][ T7644] loop4: detected capacity change from 0 to 1024
[  163.875643][ T7644] EXT4-fs (loop4): Ignoring removed bh option
[  163.971180][ T7644] EXT4-fs (loop4): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00000000004007b1,data_err=ignore,grpquota,abort,user_xattr,bh,errors=remount-ro,. Quota mode: writeback.
[  164.032412][ T7634] loop0: detected capacity change from 0 to 32768
[  164.095385][ T7634] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz.0.1347 (7634)
[  164.117611][ T7652] loop2: detected capacity change from 0 to 8
[  164.162825][ T7634] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[  164.182785][ T7634] BTRFS info (device loop0): setting nodatasum
[  164.221383][ T7634] BTRFS info (device loop0): force zlib compression, level 3
[  164.265036][ T7634] BTRFS info (device loop0): setting incompat feature flag for COMPRESS_LZO (0x8)
[  164.291712][ T7634] BTRFS info (device loop0): use lzo compression, level 0
[  164.309392][ T7634] BTRFS info (device loop0): turning on flush-on-commit
[  164.340973][ T7634] BTRFS info (device loop0): enabling auto defrag
[  164.369763][ T7659] loop1: detected capacity change from 0 to 16
[  164.389940][ T7652] SQUASHFS error: Unable to read inode 0xa7
[  164.407886][ T7634] BTRFS info (device loop0): max_inline at 4096
[  164.441684][ T7659] erofs: (device loop1): mounted with root inode @ nid 36.
[  164.483851][ T7634] BTRFS info (device loop0): using free space tree
[  164.490417][ T7634] BTRFS info (device loop0): has skinny extents
[  164.889275][ T7688] raw_sendmsg: syz.4.1362 forgot to set AF_INET. Fix it!
[  164.984446][ T7634] BTRFS info (device loop0): enabling ssd optimizations
[  165.281910][ T4197] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  165.349139][ T7709] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  165.428184][ T7709] EXT4-fs error (device loop4): ext4_xattr_inode_iget:401: inode #2: comm syz.4.1372: missing EA_INODE flag
[  165.477812][    C0] vkms_vblank_simulate: vblank timer overrun
[  165.565369][ T7709] EXT4-fs error (device loop4): ext4_xattr_inode_iget:406: comm syz.4.1372: error while reading EA inode 2 err=-117
[  165.607140][ T7709] EXT4-fs (loop4): 1 truncate cleaned up
[  165.615689][ T7711] fuse: Unexpected value for 'default_permissions'
[  165.625097][ T7709] EXT4-fs (loop4): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,resuid=0x0000000000000000,debug_want_extra_isize=0x0000000000000068,lazytime,nombcache,nogrpid,,errors=continue. Quota mode: none.
[  165.757524][ T7721] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1376'.
[  165.827468][ T4197] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  165.868095][ T4197] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  165.889686][ T4197] usb 2-1: Product: syz
[  165.900642][ T4197] usb 2-1: Manufacturer: syz
[  165.900677][ T4197] usb 2-1: SerialNumber: syz
[  165.977129][ T4197] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  166.184185][ T7733] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1381'.
[  166.591850][ T4197] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  166.623457][ T7754] set_capacity_and_notify: 2 callbacks suppressed
[  166.623475][ T7754] loop4: detected capacity change from 0 to 512
[  166.686281][ T7754] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  166.687116][ T7746] loop3: detected capacity change from 0 to 8192
[  166.778938][ T7754] EXT4-fs (loop4): 1 truncate cleaned up
[  166.825460][ T7746] REISERFS (device loop3): found reiserfs format "3.6" with non-standard journal
[  166.837906][ T7746] REISERFS (device loop3): using ordered data mode
[  166.845457][ T7746] reiserfs: using flush barriers
[  166.881277][ T7746] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  166.886566][ T7754] EXT4-fs (loop4): mounted filesystem without journal. Opts: max_batch_time=0x0000000000000004,jqfmt=vfsold,debug_want_extra_isize=0x000000000000006a,user_xattr,errors=remount-ro,nombcache,. Quota mode: none.
[  166.898795][ T7746] REISERFS (device loop3): checking transaction log (loop3)
[  166.942890][ T7746] REISERFS (device loop3): Using r5 hash to sort names
[  166.957949][ T7746] REISERFS warning (device loop3): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2)
[  166.979702][ T7746] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage.
[  167.024393][ T7746] REISERFS warning (device loop3): sh-2029: %s: bitmap block (#%u) reading failed reiserfs_read_bitmap_block: reiserfs_read_bitmap_block
[  167.061155][ T7771] loop2: detected capacity change from 0 to 64
[  167.075373][ T7746] REISERFS warning (device loop3): sh-2029: %s: bitmap block (#%u) reading failed reiserfs_read_bitmap_block: reiserfs_read_bitmap_block
[  167.104163][ T7746] REISERFS warning (device loop3): sh-2029: %s: bitmap block (#%u) reading failed reiserfs_read_bitmap_block: reiserfs_read_bitmap_block
[  167.137900][ T7774] loop0: detected capacity change from 0 to 1764
[  167.214279][ T4386] usb 2-1: USB disconnect, device number 8
[  167.455393][ T6404] kernel write not supported for file /stat (pid: 6404 comm: kworker/1:20)
[  167.583343][ T7786] loop4: detected capacity change from 0 to 256
[  167.615040][ T7788] loop0: detected capacity change from 0 to 512
[  167.669940][ T7790] hugetlbfs: Bad value for 'size'
[  167.682666][ T4197] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive
[  167.706356][ T7786] FAT-fs (loop4): Directory bread(block 64) failed
[  167.712749][ T4197] ath9k_htc: Failed to initialize the device
[  167.730730][ T4386] usb 2-1: ath9k_htc: USB layer deinitialized
[  167.744858][ T7786] FAT-fs (loop4): Directory bread(block 65) failed
[  167.771143][ T7788] EXT4-fs (loop0): mounted filesystem without journal. Opts: quota,grpquota,init_itable,,errors=continue. Quota mode: writeback.
[  167.776649][ T7786] FAT-fs (loop4): Directory bread(block 66) failed
[  167.812501][ T7788] ext4 filesystem being mounted at /264/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  167.837067][ T7786] FAT-fs (loop4): Directory bread(block 67) failed
[  167.850443][ T7786] FAT-fs (loop4): Directory bread(block 68) failed
[  167.857837][ T7786] FAT-fs (loop4): Directory bread(block 69) failed
[  167.865468][ T7786] FAT-fs (loop4): Directory bread(block 70) failed
[  167.875981][ T7786] FAT-fs (loop4): Directory bread(block 71) failed
[  167.883725][ T7786] FAT-fs (loop4): Directory bread(block 72) failed
[  167.890777][ T7786] FAT-fs (loop4): Directory bread(block 73) failed
[  167.895628][ T7796] loop3: detected capacity change from 0 to 1024
[  168.002282][ T7788] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1163: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  168.082229][ T7788] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[  168.168367][ T7802] loop1: detected capacity change from 0 to 1024
[  168.175554][ T7788] EXT4-fs (loop0): This should not happen!! Data will be lost
[  168.175554][ T7788] 
[  168.213329][    T9] hfsplus: b-tree write err: -5, ino 4
[  168.224778][ T7788] EXT4-fs (loop0): Total free blocks count 0
[  168.232074][ T7788] EXT4-fs (loop0): Free/Dirty block details
[  168.238939][ T7788] EXT4-fs (loop0): free_blocks=65280
[  168.254682][ T7788] EXT4-fs (loop0): dirty_blocks=1
[  168.259811][ T7788] EXT4-fs (loop0): Block reservation details
[  168.347496][ T7788] EXT4-fs (loop0): i_reserved_data_blocks=1
[  168.634751][ T7812] loop0: detected capacity change from 0 to 512
[  168.661676][ T4197] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  168.699907][ T7784] loop2: detected capacity change from 0 to 40427
[  168.720420][ T7812] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  168.769071][ T7812] EXT4-fs error (device loop0): ext4_xattr_inode_iget:401: inode #2: comm syz.0.1415: missing EA_INODE flag
[  168.794563][ T7812] EXT4-fs error (device loop0): ext4_xattr_inode_iget:406: comm syz.0.1415: error while reading EA inode 2 err=-117
[  168.830368][ T7812] EXT4-fs (loop0): 1 truncate cleaned up
[  168.855161][ T7784] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[  168.861698][ T7812] EXT4-fs (loop0): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,resuid=0x0000000000000000,debug_want_extra_isize=0x0000000000000068,lazytime,nombcache,nogrpid,,errors=continue. Quota mode: none.
[  168.868869][ T7784] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  168.953054][ T4197] usb 4-1: Using ep0 maxpacket: 16
[  169.058558][ T7784] F2FS-fs (loop2): Found nat_bits in checkpoint
[  169.079838][ T4197] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  169.110579][ T4197] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  169.121899][ T4737] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  169.145965][ T4197] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  169.192208][ T4197] usb 4-1: New USB device found, idVendor=054c, idProduct=0374, bcdDevice= 0.00
[  169.227655][ T4197] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  169.272608][ T7784] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  169.291353][ T4197] usb 4-1: config 0 descriptor??
[  169.297425][ T7784] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  169.532211][ T4737] usb 5-1: config 220 has an invalid interface number: 76 but max is 2
[  169.540600][ T4737] usb 5-1: config 220 contains an unexpected descriptor of type 0x2, skipping
[  169.593238][ T4737] usb 5-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[  169.604395][ T4737] usb 5-1: config 220 has no interface number 2
[  169.610819][ T4737] usb 5-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[  169.634067][ T7836] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  169.651575][ T4737] usb 5-1: config 220 interface 0 has no altsetting 0
[  169.675424][ T7836] ext4 filesystem being mounted at /270/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  169.720521][ T4737] usb 5-1: config 220 interface 76 has no altsetting 0
[  169.729312][ T4737] usb 5-1: config 220 interface 1 has no altsetting 0
[  169.731660][   T26] audit: type=1326 audit(1770333798.330:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7845 comm="syz.2.1425" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f31c91e7eb9 code=0x0
[  169.758585][    C0] vkms_vblank_simulate: vblank timer overrun
[  169.766577][   T26] audit: type=1800 audit(1770333798.340:34): pid=7836 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1427" name="bus" dev="loop0" ino=18 res=0 errno=0
[  169.774286][ T7802] XFS (loop1): Mounting V5 Filesystem
[  169.803959][ T4197] sony 0003:054C:0374.0011: unbalanced delimiter at end of report description
[  169.817978][ T4197] sony 0003:054C:0374.0011: parse failed
[  169.824446][ T4197] sony: probe of 0003:054C:0374.0011 failed with error -22
[  169.933813][ T4737] usb 5-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  169.945412][ T4737] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  169.950552][ T7852] erofs: (device loop0): mounted with root inode @ nid 36.
[  169.954871][ T4737] usb 5-1: Product: syz
[  169.981854][ T7852] erofs: Unknown parameter '0xffffffffffffffff18446744073709551615ÿÿÿÿÿÿÿÿÿ'
[  169.998326][ T4737] usb 5-1: Manufacturer: syz
[  170.005559][ T4737] usb 5-1: SerialNumber: syz
[  170.018496][ T4685] usb 4-1: USB disconnect, device number 12
[  170.043919][ T7802] XFS (loop1): Ending clean mount
[  170.170201][ T4186] XFS (loop1): Unmounting Filesystem
[  170.309538][ T7856] ISOFS: Unable to identify CD-ROM format.
[  170.412250][ T4737] usb 5-1: selecting invalid altsetting 0
[  170.453909][ T4737] usb 5-1: Found UVC 7.01 device syz (8086:0b07)
[  170.468095][ T4737] usb 5-1: No valid video chain found.
[  170.602782][ T4737] usb 5-1: selecting invalid altsetting 0
[  170.608669][ T4737] usbtest: probe of 5-1:220.1 failed with error -22
[  170.671073][ T4737] usb 5-1: USB disconnect, device number 7
[  170.700760][ T7871] bond0: option arp_interval: invalid value (18446744073709551615)
[  170.724261][ T7871] bond0: option arp_interval: allowed values 0 - 2147483647
[  170.760695][ T7873] blktrace: Concurrent blktraces are not allowed on sg0
[  171.061612][ T4685] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  171.335887][ T7890] REISERFS (device loop1): found reiserfs format "3.5" with non-standard journal
[  171.404404][ T7890] REISERFS (device loop1): using ordered data mode
[  171.431947][ T4685] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  171.451112][ T4685] usb 3-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  171.461648][ T7890] reiserfs: using flush barriers
[  171.471592][ T4685] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66
[  171.490956][ T4685] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  171.492655][ T7890] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  171.511633][ T4685] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  171.581071][ T7890] REISERFS (device loop1): checking transaction log (loop1)
[  171.594126][ T7890] REISERFS (device loop1): Using r5 hash to sort names
[  171.601456][ T7890] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage.
[  171.619216][ T7897] overlayfs: bad mount option "redirect_dir=off:/"
[  171.681886][ T4685] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  171.707283][ T4685] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  171.751612][ T4685] usb 3-1: Product: syz
[  171.755886][ T4685] usb 3-1: Manufacturer: syz
[  171.832831][ T4685] cdc_wdm 3-1:1.0: skipping garbage
[  171.838129][ T4685] cdc_wdm 3-1:1.0: skipping garbage
[  171.885866][ T7892] set_capacity_and_notify: 7 callbacks suppressed
[  171.885883][ T7892] loop3: detected capacity change from 0 to 40427
[  171.924394][ T7892] F2FS-fs (loop3): Corrupted extension count (64 + 1 > 64)
[  171.945553][ T4685] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device
[  171.956351][ T7892] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  171.987820][ T4685] cdc_wdm 3-1:1.0: Unknown control protocol
[  172.091428][ T7889] loop0: detected capacity change from 0 to 32768
[  172.114994][ T7892] F2FS-fs (loop3): Found nat_bits in checkpoint
[  172.176620][ T7889] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz.0.1446 (7889)
[  172.200891][ T4685] usb 3-1: USB disconnect, device number 6
[  172.241569][ T7889] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[  172.278180][ T7892] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  172.281973][ T7889] BTRFS info (device loop0): using free space tree
[  172.295726][ T7892] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  172.337833][ T7889] BTRFS info (device loop0): has skinny extents
[  172.668894][ T7889] BTRFS info (device loop0): enabling ssd optimizations
[  172.722387][ T7940] loop1: detected capacity change from 0 to 512
[  172.811734][ T7940] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  172.841070][ T7889] BTRFS error (device loop0): unable to set label with more than 255 bytes
[  172.877746][ T7940] EXT4-fs (loop1): 1 truncate cleaned up
[  172.892643][ T7940] EXT4-fs (loop1): mounted filesystem without journal. Opts: max_batch_time=0x0000000000000004,jqfmt=vfsold,debug_want_extra_isize=0x000000000000006a,user_xattr,errors=remount-ro,nombcache,. Quota mode: none.
[  173.150430][ T7948] loop2: detected capacity change from 0 to 512
[  173.377465][ T7948] EXT4-fs (loop2): mounted filesystem without journal. Opts: quota,grpquota,init_itable,,errors=continue. Quota mode: writeback.
[  173.431957][ T7948] ext4 filesystem being mounted at /281/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  173.552609][ T7948] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1163: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  173.578095][ T7948] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[  173.619295][ T7948] EXT4-fs (loop2): This should not happen!! Data will be lost
[  173.619295][ T7948] 
[  173.651860][ T7948] EXT4-fs (loop2): Total free blocks count 0
[  173.674455][ T7948] EXT4-fs (loop2): Free/Dirty block details
[  173.711684][ T7948] EXT4-fs (loop2): free_blocks=65280
[  173.721992][ T7948] EXT4-fs (loop2): dirty_blocks=1
[  173.751666][ T7948] EXT4-fs (loop2): Block reservation details
[  173.802389][ T7948] EXT4-fs (loop2): i_reserved_data_blocks=1
[  174.251781][ T6404] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  174.381659][ T7977] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  174.670253][ T7993] loop0: detected capacity change from 0 to 32768
[  174.682209][ T6404] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  174.693339][ T6404] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  174.751952][ T7977] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  174.770165][ T7977] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  174.780298][ T7977] usb 4-1: New USB device found, idVendor=5543, idProduct=0042, bcdDevice= 0.00
[  174.790715][ T7977] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  174.795525][ T6404] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  174.810641][ T6404] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  174.818922][ T6404] usb 2-1: SerialNumber: syz
[  174.819723][ T7977] usb 4-1: config 0 descriptor??
[  175.107946][ T6404] usb 2-1: 0:2 : does not exist
[  175.165674][ T6404] usb 2-1: USB disconnect, device number 9
[  175.313959][ T7977] uclogic 0003:5543:0042.0012: unbalanced delimiter at end of report description
[  175.324682][ T7977] uclogic 0003:5543:0042.0012: parse failed
[  175.330715][ T7977] uclogic: probe of 0003:5543:0042.0012 failed with error -22
[  175.413812][ T4872] udevd[4872]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  175.541015][ T7977] usb 4-1: USB disconnect, device number 13
[  175.660550][ T8007] loop1: detected capacity change from 0 to 512
[  175.697308][ T8011] loop0: detected capacity change from 0 to 1024
[  175.780830][ T8011] hfsplus: bad catalog entry type
[  175.818465][ T8007] EXT4-fs (loop1): mounted filesystem without journal. Opts: quota,grpquota,init_itable,,errors=continue. Quota mode: writeback.
[  175.836188][  T154] hfsplus: b-tree write err: -5, ino 4
[  175.939420][ T8007] ext4 filesystem being mounted at /322/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  176.047871][ T8007] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1163: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  176.118909][ T8007] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[  176.166152][ T8007] EXT4-fs (loop1): This should not happen!! Data will be lost
[  176.166152][ T8007] 
[  176.191812][ T8007] EXT4-fs (loop1): Total free blocks count 0
[  176.198328][ T8007] EXT4-fs (loop1): Free/Dirty block details
[  176.205286][ T8007] EXT4-fs (loop1): free_blocks=65280
[  176.211194][ T8007] EXT4-fs (loop1): dirty_blocks=1
[  176.217795][ T8007] EXT4-fs (loop1): Block reservation details
[  176.224661][ T8007] EXT4-fs (loop1): i_reserved_data_blocks=1
[  176.881731][ T4293] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  177.058732][ T8048] loop2: detected capacity change from 0 to 40427
[  177.106939][ T8050] netlink: 72 bytes leftover after parsing attributes in process `syz.1.1515'.
[  177.119896][ T8052] loop4: detected capacity change from 0 to 512
[  177.145855][ T8048] F2FS-fs (loop2): Invalid Fs Meta Ino: node(0) meta(2) root(0)
[  177.157443][ T8048] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  177.170775][ T8048] F2FS-fs (loop2): invalid crc value
[  177.182668][ T8048] F2FS-fs (loop2): Found nat_bits in checkpoint
[  177.251912][ T4293] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[  177.278771][ T8052] EXT4-fs (loop4): mounted filesystem without journal. Opts: quota,grpquota,init_itable,,errors=continue. Quota mode: writeback.
[  177.287838][ T4293] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0
[  177.312002][ T8052] ext4 filesystem being mounted at /287/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  177.332412][ T4293] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 7724, setting to 1024
[  177.388861][ T8052] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1163: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  177.391923][ T8052] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[  177.391992][ T8052] EXT4-fs (loop4): This should not happen!! Data will be lost
[  177.391992][ T8052] 
[  177.392010][ T8052] EXT4-fs (loop4): Total free blocks count 0
[  177.392124][ T8052] EXT4-fs (loop4): Free/Dirty block details
[  177.392197][ T8052] EXT4-fs (loop4): free_blocks=65280
[  177.392216][ T8052] EXT4-fs (loop4): dirty_blocks=1
[  177.392231][ T8052] EXT4-fs (loop4): Block reservation details
[  177.392244][ T8052] EXT4-fs (loop4): i_reserved_data_blocks=1
[  177.398375][ T8048] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  177.398407][ T8048] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4
[  177.408890][ T4293] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x89 has invalid maxpacket 1024
[  177.437036][ T8053] attempt to access beyond end of device
[  177.437036][ T8053] loop2: rw=2049, want=45104, limit=40427
[  177.481843][ T4293] usb 4-1: New USB device found, idVendor=2040, idProduct=2000, bcdDevice=65.72
[  177.481875][ T4293] usb 4-1: New USB device strings: Mfr=151, Product=0, SerialNumber=0
[  177.481896][ T4293] usb 4-1: Manufacturer: syz
[  177.484621][ T4293] usb 4-1: config 0 descriptor??
[  177.516365][ T8041] raw-gadget.1 gadget: fail, usb_ep_enable returned -22
[  177.533919][ T4293] smsusb:smsusb_probe: board id=9, interface number 0
[  177.573615][ T4293] smsusb:siano_media_device_register: media controller created
[  177.576100][ T4293] smsmdtv:smscore_sendrequest_and_wait: sendrequest returned error -22
[  177.576226][ T4293] smsmdtv:smscore_set_device_mode: mode detect failed -22
[  177.576250][ T4293] smsmdtv:smscore_start_device: set device mode failed , rc -22
[  177.576264][ T4293] smsusb:smsusb_init_device: smscore_start_device(...) failed
[  177.591567][    C0] smsusb:smsusb_onresponse: error, urb status -2, 0 bytes
[  177.594697][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  177.594748][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  177.594785][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  177.594821][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  177.594859][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  177.594896][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  177.594931][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  177.594967][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  177.595003][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  177.641302][    C0] ==================================================================
[  177.641393][    C0] BUG: KASAN: use-after-free in dummy_timer+0x29cb/0x31e0
[  177.641422][    C0] Read of size 4 at addr ffff88801f404034 by task syz.1.1508/8063
[  177.641440][    C0] 
[  177.641447][    C0] CPU: 0 PID: 8063 Comm: syz.1.1508 Not tainted syzkaller #0
[  177.641467][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  177.641478][    C0] Call Trace:
[  177.641486][    C0]  <IRQ>
[  177.641500][    C0]  dump_stack_lvl+0x188/0x250
[  177.641529][    C0]  ? show_regs_print_info+0x20/0x20
[  177.641553][    C0]  ? load_image+0x400/0x400
[  177.641572][    C0]  ? _raw_spin_lock_irqsave+0xbc/0x100
[  177.641605][    C0]  ? _raw_spin_lock_irqsave+0x8b/0x100
[  177.641626][    C0]  ? lockdep_hardirqs_off+0x70/0x100
[  177.641650][    C0]  print_address_description+0x60/0x2d0
[  177.641672][    C0]  ? dummy_timer+0x29cb/0x31e0
[  177.641690][    C0]  kasan_report+0xdf/0x130
[  177.641713][    C0]  ? dummy_timer+0x29cb/0x31e0
[  177.641736][    C0]  dummy_timer+0x29cb/0x31e0
[  177.641757][    C0]  ? verify_lock_unused+0x140/0x140
[  177.641830][    C0]  ? dummy_free_streams+0x530/0x530
[  177.641859][    C0]  ? dummy_free_streams+0x530/0x530
[  177.641879][    C0]  call_timer_fn+0x17b/0x540
[  177.641901][    C0]  ? dummy_free_streams+0x530/0x530
[  177.641920][    C0]  ? __run_timers+0x7f0/0x7f0
[  177.641950][    C0]  ? _raw_spin_unlock_irq+0x1f/0x40
[  177.641972][    C0]  ? lockdep_hardirqs_on+0x94/0x140
[  177.641998][    C0]  ? dummy_free_streams+0x530/0x530
[  177.642019][    C0]  __run_timers+0x53a/0x7f0
[  177.642053][    C0]  ? detach_timer+0x2b0/0x2b0
[  177.642069][    C0]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  177.642096][    C0]  ? sched_clock_cpu+0x15/0x3c0
[  177.642114][    C0]  ? ktime_get_real_ts64+0x440/0x440
[  177.642136][    C0]  run_timer_softirq+0x63/0xf0
[  177.642156][    C0]  handle_softirqs+0x339/0x830
[  177.642181][    C0]  ? __irq_exit_rcu+0x13b/0x230
[  177.642205][    C0]  ? do_softirq+0x210/0x210
[  177.642227][    C0]  ? irqtime_account_irq+0xb2/0x1b0
[  177.642251][    C0]  __irq_exit_rcu+0x13b/0x230
[  177.642270][    C0]  ? irq_exit_rcu+0x20/0x20
[  177.642301][    C0]  irq_exit_rcu+0x5/0x20
[  177.642318][    C0]  sysvec_apic_timer_interrupt+0xa0/0xc0
[  177.642338][    C0]  </IRQ>
[  177.642345][    C0]  <TASK>
[  177.642352][    C0]  asm_sysvec_apic_timer_interrupt+0x16/0x20
[  177.642442][    C0] RIP: 0010:preempt_schedule_irq+0xb6/0x160
[  177.642466][    C0] Code: 00 00 43 c6 44 37 04 f8 74 0b 0f 0b 48 f7 03 08 00 00 00 74 7f bf 01 00 00 00 e8 e5 2f 8e f7 e8 70 19 bb f7 fb bf 01 00 00 00 <e8> 65 b5 ff ff 43 c6 44 37 08 00 48 c7 44 24 40 00 00 00 00 9c 8f
[  177.642482][    C0] RSP: 0018:ffffc9000334f840 EFLAGS: 00000286
[  177.642504][    C0] RAX: 28bd9ef10a42fd00 RBX: 0000000000000000 RCX: 28bd9ef10a42fd00
[  177.642520][    C0] RDX: dffffc0000000000 RSI: ffffffff8a2b2780 RDI: 0000000000000001
[  177.642535][    C0] RBP: ffffc9000334f8e0 R08: ffffffff901d10c7 R09: 1ffffffff203a218
[  177.642574][    C0] R10: dffffc0000000000 R11: fffffbfff203a219 R12: 0000000000000000
[  177.642587][    C0] R13: 0000000000000000 R14: dffffc0000000000 R15: 1ffff92000669f08
[  177.642622][    C0]  ? __cond_resched+0xd0/0xd0
[  177.642654][    C0]  ? rcu_irq_exit_check_preempt+0xdb/0x200
[  177.642675][    C0]  irqentry_exit+0x63/0x70
[  177.642694][    C0]  asm_sysvec_reschedule_ipi+0x16/0x20
[  177.642713][    C0] RIP: 0010:console_unlock+0xcad/0x1120
[  177.642733][    C0] Code: 75 11 e8 76 d6 18 00 4d 85 ff 75 16 e8 6c d6 18 00 eb 15 e8 65 d6 18 00 e8 90 9f 5b 08 4d 85 ff 74 ea e8 56 d6 18 00 fb 31 ff <89> de e8 ac d9 18 00 85 db 0f 94 c0 22 44 24 17 3c 01 75 1f e8 3a
[  177.642750][    C0] RSP: 0018:ffffc9000334f9a0 EFLAGS: 00000246
[  177.642769][    C0] RAX: ffffffff8160494a RBX: 0000000000000000 RCX: 0000000000080000
[  177.642784][    C0] RDX: ffffc900056a9000 RSI: 000000000007ffff RDI: 0000000000000000
[  177.642797][    C0] RBP: ffffc9000334fc10 R08: ffffffff901d10c7 R09: 1ffffffff203a218
[  177.642813][    C0] R10: dffffc0000000000 R11: fffffbfff203a219 R12: 1ffffffff198d6ad
[  177.642826][    C0] R13: 00000000000000a2 R14: 0000000000000000 R15: 0000000000000200
[  177.642847][    C0]  ? console_unlock+0xcaa/0x1120
[  177.642887][    C0]  ? console_trylock_spinning+0x370/0x370
[  177.642915][    C0]  ? try_to_wake_up+0x701/0x1050
[  177.642949][    C0]  ? wake_up_q+0x8c/0xc0
[  177.642977][    C0]  ? mutex_unlock+0x10/0x10
[  177.643002][    C0]  ? clear_buffer_attributes+0x1c0/0x1c0
[  177.643038][    C0]  do_fb_ioctl+0x813/0x850
[  177.643062][    C0]  ? fb_release+0x1e0/0x1e0
[  177.643139][    C0]  ? bpf_lsm_file_ioctl+0x5/0x10
[  177.643160][    C0]  ? security_file_ioctl+0x7c/0xa0
[  177.643181][    C0]  ? fb_write+0x580/0x580
[  177.643200][    C0]  __se_sys_ioctl+0xfa/0x170
[  177.643225][    C0]  do_syscall_64+0x4c/0xa0
[  177.643242][    C0]  ? clear_bhb_loop+0x30/0x80
[  177.643261][    C0]  ? clear_bhb_loop+0x30/0x80
[  177.643282][    C0]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  177.643299][    C0] RIP: 0033:0x7f62af5abeb9
[  177.643316][    C0] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  177.643330][    C0] RSP: 002b:00007f62ad807028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  177.643348][    C0] RAX: ffffffffffffffda RBX: 00007f62af826fa0 RCX: 00007f62af5abeb9
[  177.643363][    C0] RDX: 0000200000000100 RSI: 0000000000004601 RDI: 0000000000000003
[  177.643377][    C0] RBP: 00007f62af619c1f R08: 0000000000000000 R09: 0000000000000000
[  177.643390][    C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  177.643402][    C0] R13: 00007f62af827038 R14: 00007f62af826fa0 R15: 00007ffd1e044bc8
[  177.643435][    C0]  </TASK>
[  177.643442][    C0] 
[  177.643447][    C0] Allocated by task 4293:
[  177.643457][    C0]  __kasan_kmalloc+0xb5/0xf0
[  177.643478][    C0]  smsusb_probe+0x8a1/0x1de0
[  177.643497][    C0]  usb_probe_interface+0x5c5/0xb20
[  177.643515][    C0]  really_probe+0x284/0xc80
[  177.643531][    C0]  __driver_probe_device+0x18c/0x330
[  177.643559][    C0]  driver_probe_device+0x4f/0x420
[  177.643575][    C0]  __device_attach_driver+0x2b0/0x500
[  177.643591][    C0]  bus_for_each_drv+0x184/0x210
[  177.643609][    C0]  __device_attach+0x2a8/0x480
[  177.643624][    C0]  bus_probe_device+0xbc/0x1e0
[  177.643642][    C0]  device_add+0xa00/0xfb0
[  177.643659][    C0]  usb_set_configuration+0x1991/0x1fd0
[  177.643674][    C0]  usb_generic_driver_probe+0x89/0x150
[  177.643690][    C0]  usb_probe_device+0x139/0x270
[  177.643704][    C0]  really_probe+0x284/0xc80
[  177.643718][    C0]  __driver_probe_device+0x18c/0x330
[  177.643732][    C0]  driver_probe_device+0x4f/0x420
[  177.643747][    C0]  __device_attach_driver+0x2b0/0x500
[  177.643763][    C0]  bus_for_each_drv+0x184/0x210
[  177.643781][    C0]  __device_attach+0x2a8/0x480
[  177.643794][    C0]  bus_probe_device+0xbc/0x1e0
[  177.643811][    C0]  device_add+0xa00/0xfb0
[  177.643826][    C0]  usb_new_device+0xd65/0x1660
[  177.643844][    C0]  hub_event+0x2e4a/0x55e0
[  177.643861][    C0]  process_one_work+0x85f/0x1010
[  177.643878][    C0]  worker_thread+0xaa6/0x1290
[  177.643895][    C0]  kthread+0x436/0x520
[  177.643910][    C0]  ret_from_fork+0x1f/0x30
[  177.643928][    C0] 
[  177.643933][    C0] Freed by task 4293:
[  177.643942][    C0]  kasan_set_track+0x4b/0x70
[  177.643960][    C0]  kasan_set_free_info+0x1f/0x40
[  177.643978][    C0]  ____kasan_slab_free+0xd5/0x110
[  177.643996][    C0]  slab_free_freelist_hook+0xea/0x170
[  177.644012][    C0]  kfree+0xef/0x2a0
[  177.644027][    C0]  smsusb_term_device+0x1ac/0x220
[  177.644045][    C0]  smsusb_probe+0x1746/0x1de0
[  177.644061][    C0]  usb_probe_interface+0x5c5/0xb20
[  177.644076][    C0]  really_probe+0x284/0xc80
[  177.644090][    C0]  __driver_probe_device+0x18c/0x330
[  177.644104][    C0]  driver_probe_device+0x4f/0x420
[  177.644118][    C0]  __device_attach_driver+0x2b0/0x500
[  177.644135][    C0]  bus_for_each_drv+0x184/0x210
[  177.644153][    C0]  __device_attach+0x2a8/0x480
[  177.644169][    C0]  bus_probe_device+0xbc/0x1e0
[  177.644187][    C0]  device_add+0xa00/0xfb0
[  177.644204][    C0]  usb_set_configuration+0x1991/0x1fd0
[  177.644221][    C0]  usb_generic_driver_probe+0x89/0x150
[  177.644238][    C0]  usb_probe_device+0x139/0x270
[  177.644254][    C0]  really_probe+0x284/0xc80
[  177.644269][    C0]  __driver_probe_device+0x18c/0x330
[  177.644286][    C0]  driver_probe_device+0x4f/0x420
[  177.644299][    C0]  __device_attach_driver+0x2b0/0x500
[  177.644315][    C0]  bus_for_each_drv+0x184/0x210
[  177.644334][    C0]  __device_attach+0x2a8/0x480
[  177.644349][    C0]  bus_probe_device+0xbc/0x1e0
[  177.644369][    C0]  device_add+0xa00/0xfb0
[  177.644385][    C0]  usb_new_device+0xd65/0x1660
[  177.644403][    C0]  hub_event+0x2e4a/0x55e0
[  177.644421][    C0]  process_one_work+0x85f/0x1010
[  177.644439][    C0]  worker_thread+0xaa6/0x1290
[  177.644456][    C0]  kthread+0x436/0x520
[  177.644472][    C0]  ret_from_fork+0x1f/0x30
[  177.644490][    C0] 
[  177.644495][    C0] Last potentially related work creation:
[  177.644502][    C0]  kasan_save_stack+0x35/0x60
[  177.644521][    C0]  kasan_record_aux_stack+0xb8/0x100
[  177.644550][    C0]  insert_work+0x54/0x3d0
[  177.644567][    C0]  __queue_work+0x9c5/0xd50
[  177.644584][    C0]  queue_work_on+0x124/0x1f0
[  177.644600][    C0]  __usb_hcd_giveback_urb+0x35f/0x520
[  177.644620][    C0]  dummy_timer+0x8a8/0x31e0
[  177.644638][    C0]  call_timer_fn+0x17b/0x540
[  177.644657][    C0]  __run_timers+0x53a/0x7f0
[  177.644675][    C0]  run_timer_softirq+0x63/0xf0
[  177.644692][    C0]  handle_softirqs+0x339/0x830
[  177.644709][    C0]  __irq_exit_rcu+0x13b/0x230
[  177.644726][    C0]  irq_exit_rcu+0x5/0x20
[  177.644741][    C0]  sysvec_apic_timer_interrupt+0xa0/0xc0
[  177.644761][    C0]  asm_sysvec_apic_timer_interrupt+0x16/0x20
[  177.644779][    C0] 
[  177.644784][    C0] Second to last potentially related work creation:
[  177.644792][    C0]  kasan_save_stack+0x35/0x60
[  177.644809][    C0]  kasan_record_aux_stack+0xb8/0x100
[  177.644829][    C0]  insert_work+0x54/0x3d0
[  177.644845][    C0]  __queue_work+0x9c5/0xd50
[  177.644860][    C0]  queue_work_on+0x124/0x1f0
[  177.644875][    C0]  __usb_hcd_giveback_urb+0x35f/0x520
[  177.644894][    C0]  dummy_timer+0x8a8/0x31e0
[  177.644909][    C0]  call_timer_fn+0x17b/0x540
[  177.644927][    C0]  __run_timers+0x53a/0x7f0
[  177.644944][    C0]  run_timer_softirq+0x63/0xf0
[  177.644962][    C0]  handle_softirqs+0x339/0x830
[  177.644978][    C0]  __irq_exit_rcu+0x13b/0x230
[  177.644994][    C0]  irq_exit_rcu+0x5/0x20
[  177.645009][    C0]  sysvec_apic_timer_interrupt+0xa0/0xc0
[  177.645027][    C0]  asm_sysvec_apic_timer_interrupt+0x16/0x20
[  177.645044][    C0] 
[  177.645049][    C0] The buggy address belongs to the object at ffff88801f404000
[  177.645049][    C0]  which belongs to the cache kmalloc-4k of size 4096
[  177.645068][    C0] The buggy address is located 52 bytes inside of
[  177.645068][    C0]  4096-byte region [ffff88801f404000, ffff88801f405000)
[  177.645087][    C0] The buggy address belongs to the page:
[  177.645097][    C0] page:ffffea00007d0000 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1f400
[  177.645118][    C0] head:ffffea00007d0000 order:3 compound_mapcount:0 compound_pincount:0
[  177.645135][    C0] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[  177.645164][    C0] raw: 00fff00000010200 0000000000000000 0000000300000001 ffff888016c42140
[  177.645181][    C0] raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000
[  177.645192][    C0] page dumped because: kasan: bad access detected
[  177.645201][    C0] page_owner tracks the page as allocated
[  177.645217][    C0] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4193, ts 56489510909, free_ts 56420529317
[  177.645247][    C0]  get_page_from_freelist+0x1bbd/0x1ca0
[  177.645268][    C0]  __alloc_pages+0x1ee/0x480
[  177.645286][    C0]  new_slab+0xc0/0x4b0
[  177.645301][    C0]  ___slab_alloc+0x80a/0xdd0
[  177.645316][    C0]  kmem_cache_alloc_trace+0x1a5/0x2a0
[  177.645333][    C0]  kobject_uevent_env+0x27a/0x890
[  177.645351][    C0]  net_rx_queue_update_kobjects+0x221/0x490
[  177.645371][    C0]  netdev_register_kobject+0x231/0x320
[  177.645388][    C0]  register_netdevice+0x1039/0x16f0
[  177.645406][    C0]  hsr_dev_finalize+0x5f6/0x870
[  177.645423][    C0]  hsr_newlink+0x637/0x6f0
[  177.645439][    C0]  rtnl_newlink+0x1359/0x1a50
[  177.645458][    C0]  rtnetlink_rcv_msg+0x844/0xf30
[  177.645475][    C0]  netlink_rcv_skb+0x1f5/0x440
[  177.645491][    C0]  netlink_unicast+0x774/0x920
[  177.645510][    C0]  netlink_sendmsg+0x8ba/0xbe0
[  177.645524][    C0] page last free stack trace:
[  177.645531][    C0]  free_unref_page_prepare+0x637/0x6c0
[  177.645557][    C0]  free_unref_page+0x8f/0x2a0
[  177.645575][    C0]  qlist_free_all+0x35/0x90
[  177.645591][    C0]  kasan_quarantine_reduce+0x150/0x160
[  177.645606][    C0]  __kasan_slab_alloc+0x2f/0xd0
[  177.645623][    C0]  slab_post_alloc_hook+0x4c/0x380
[  177.645640][    C0]  kmem_cache_alloc_trace+0x103/0x2a0
[  177.645656][    C0]  kset_create_and_add+0x56/0x160
[  177.645673][    C0]  netdev_register_kobject+0x1ae/0x320
[  177.645690][    C0]  register_netdevice+0x1039/0x16f0
[  177.645709][    C0]  veth_newlink+0x8d7/0xe30
[  177.645724][    C0]  rtnl_newlink+0x1359/0x1a50
[  177.645742][    C0]  rtnetlink_rcv_msg+0x844/0xf30
[  177.645761][    C0]  netlink_rcv_skb+0x1f5/0x440
[  177.645777][    C0]  netlink_unicast+0x774/0x920
[  177.645795][    C0]  netlink_sendmsg+0x8ba/0xbe0
[  177.645812][    C0] 
[  177.645817][    C0] Memory state around the buggy address:
[  177.645828][    C0]  ffff88801f403f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  177.645842][    C0]  ffff88801f403f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  177.645855][    C0] >ffff88801f404000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  177.645864][    C0]                                      ^
[  177.645876][    C0]  ffff88801f404080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  177.645888][    C0]  ffff88801f404100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  177.645898][    C0] ==================================================================
[  177.645907][    C0] Disabling lock debugging due to kernel taint
[  177.645916][    C0] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  177.645926][    C0] CPU: 0 PID: 8063 Comm: syz.1.1508 Tainted: G    B             syzkaller #0
[  177.645945][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  177.645955][    C0] Call Trace:
[  177.645962][    C0]  <IRQ>
[  177.645969][    C0]  dump_stack_lvl+0x188/0x250
[  177.645991][    C0]  ? show_regs_print_info+0x20/0x20
[  177.646011][    C0]  ? load_image+0x400/0x400
[  177.646036][    C0]  panic+0x2e5/0x810
[  177.646057][    C0]  ? bpf_jit_dump+0xd0/0xd0
[  177.646076][    C0]  ? _raw_spin_unlock_irqrestore+0xc1/0x120
[  177.646096][    C0]  ? _raw_spin_unlock+0x40/0x40
[  177.646116][    C0]  ? dummy_timer+0x29cb/0x31e0
[  177.646132][    C0]  check_panic_on_warn+0x80/0xa0
[  177.646151][    C0]  ? dummy_timer+0x29cb/0x31e0
[  177.646166][    C0]  end_report+0x6d/0xf0
[  177.646182][    C0]  kasan_report+0x102/0x130
[  177.646200][    C0]  ? dummy_timer+0x29cb/0x31e0
[  177.646217][    C0]  dummy_timer+0x29cb/0x31e0
[  177.646234][    C0]  ? verify_lock_unused+0x140/0x140
[  177.646270][    C0]  ? dummy_free_streams+0x530/0x530
[  177.646289][    C0]  ? dummy_free_streams+0x530/0x530
[  177.646305][    C0]  call_timer_fn+0x17b/0x540
[  177.646323][    C0]  ? dummy_free_streams+0x530/0x530
[  177.646339][    C0]  ? __run_timers+0x7f0/0x7f0
[  177.646360][    C0]  ? _raw_spin_unlock_irq+0x1f/0x40
[  177.646379][    C0]  ? lockdep_hardirqs_on+0x94/0x140
[  177.646396][    C0]  ? dummy_free_streams+0x530/0x530
[  177.646413][    C0]  __run_timers+0x53a/0x7f0
[  177.646436][    C0]  ? detach_timer+0x2b0/0x2b0
[  177.646452][    C0]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  177.646475][    C0]  ? sched_clock_cpu+0x15/0x3c0
[  177.646492][    C0]  ? ktime_get_real_ts64+0x440/0x440
[  177.646512][    C0]  run_timer_softirq+0x63/0xf0
[  177.646530][    C0]  handle_softirqs+0x339/0x830
[  177.646557][    C0]  ? __irq_exit_rcu+0x13b/0x230
[  177.646575][    C0]  ? do_softirq+0x210/0x210
[  177.646592][    C0]  ? irqtime_account_irq+0xb2/0x1b0
[  177.646612][    C0]  __irq_exit_rcu+0x13b/0x230
[  177.646626][    C0]  ? irq_exit_rcu+0x20/0x20
[  177.646645][    C0]  irq_exit_rcu+0x5/0x20
[  177.646659][    C0]  sysvec_apic_timer_interrupt+0xa0/0xc0
[  177.646676][    C0]  </IRQ>
[  177.646682][    C0]  <TASK>
[  177.646687][    C0]  asm_sysvec_apic_timer_interrupt+0x16/0x20
[  177.646704][    C0] RIP: 0010:preempt_schedule_irq+0xb6/0x160
[  177.646722][    C0] Code: 00 00 43 c6 44 37 04 f8 74 0b 0f 0b 48 f7 03 08 00 00 00 74 7f bf 01 00 00 00 e8 e5 2f 8e f7 e8 70 19 bb f7 fb bf 01 00 00 00 <e8> 65 b5 ff ff 43 c6 44 37 08 00 48 c7 44 24 40 00 00 00 00 9c 8f
[  177.646736][    C0] RSP: 0018:ffffc9000334f840 EFLAGS: 00000286
[  177.646752][    C0] RAX: 28bd9ef10a42fd00 RBX: 0000000000000000 RCX: 28bd9ef10a42fd00
[  177.646764][    C0] RDX: dffffc0000000000 RSI: ffffffff8a2b2780 RDI: 0000000000000001
[  177.646777][    C0] RBP: ffffc9000334f8e0 R08: ffffffff901d10c7 R09: 1ffffffff203a218
[  177.646789][    C0] R10: dffffc0000000000 R11: fffffbfff203a219 R12: 0000000000000000
[  177.646800][    C0] R13: 0000000000000000 R14: dffffc0000000000 R15: 1ffff92000669f08
[  177.646818][    C0]  ? __cond_resched+0xd0/0xd0
[  177.646836][    C0]  ? rcu_irq_exit_check_preempt+0xdb/0x200
[  177.646854][    C0]  irqentry_exit+0x63/0x70
[  177.646869][    C0]  asm_sysvec_reschedule_ipi+0x16/0x20
[  177.646885][    C0] RIP: 0010:console_unlock+0xcad/0x1120
[  177.646902][    C0] Code: 75 11 e8 76 d6 18 00 4d 85 ff 75 16 e8 6c d6 18 00 eb 15 e8 65 d6 18 00 e8 90 9f 5b 08 4d 85 ff 74 ea e8 56 d6 18 00 fb 31 ff <89> de e8 ac d9 18 00 85 db 0f 94 c0 22 44 24 17 3c 01 75 1f e8 3a
[  177.646916][    C0] RSP: 0018:ffffc9000334f9a0 EFLAGS: 00000246
[  177.646930][    C0] RAX: ffffffff8160494a RBX: 0000000000000000 RCX: 0000000000080000
[  177.646942][    C0] RDX: ffffc900056a9000 RSI: 000000000007ffff RDI: 0000000000000000
[  177.646954][    C0] RBP: ffffc9000334fc10 R08: ffffffff901d10c7 R09: 1ffffffff203a218
[  177.646966][    C0] R10: dffffc0000000000 R11: fffffbfff203a219 R12: 1ffffffff198d6ad
[  177.646979][    C0] R13: 00000000000000a2 R14: 0000000000000000 R15: 0000000000000200
[  177.646993][    C0]  ? console_unlock+0xcaa/0x1120
[  177.647015][    C0]  ? console_trylock_spinning+0x370/0x370
[  177.647034][    C0]  ? try_to_wake_up+0x701/0x1050
[  177.647056][    C0]  ? wake_up_q+0x8c/0xc0
[  177.647075][    C0]  ? mutex_unlock+0x10/0x10
[  177.647093][    C0]  ? clear_buffer_attributes+0x1c0/0x1c0
[  177.647116][    C0]  do_fb_ioctl+0x813/0x850
[  177.647133][    C0]  ? fb_release+0x1e0/0x1e0
[  177.647167][    C0]  ? bpf_lsm_file_ioctl+0x5/0x10
[  177.647183][    C0]  ? security_file_ioctl+0x7c/0xa0
[  177.647201][    C0]  ? fb_write+0x580/0x580
[  177.647217][    C0]  __se_sys_ioctl+0xfa/0x170
[  177.647234][    C0]  do_syscall_64+0x4c/0xa0
[  177.647248][    C0]  ? clear_bhb_loop+0x30/0x80
[  177.647263][    C0]  ? clear_bhb_loop+0x30/0x80
[  177.647279][    C0]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  177.647295][    C0] RIP: 0033:0x7f62af5abeb9
[  177.647310][    C0] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  177.647324][    C0] RSP: 002b:00007f62ad807028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  177.647342][    C0] RAX: ffffffffffffffda RBX: 00007f62af826fa0 RCX: 00007f62af5abeb9
[  177.647354][    C0] RDX: 0000200000000100 RSI: 0000000000004601 RDI: 0000000000000003
[  177.647365][    C0] RBP: 00007f62af619c1f R08: 0000000000000000 R09: 0000000000000000
[  177.647376][    C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  177.647387][    C0] R13: 00007f62af827038 R14: 00007f62af826fa0 R15: 00007ffd1e044bc8
[  177.647405][    C0]  </TASK>
[  177.647495][    C0] Kernel Offset: disabled
[  179.873489][    C0] Rebooting in 86400 seconds..