last executing test programs:

1m4.580062733s ago: executing program 3 (id=935):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000003c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x34, r0, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x7}], @NL80211_ATTR_CH_SWITCH_COUNT={0x8}]}, 0x34}}, 0x0)

1m4.500346107s ago: executing program 3 (id=936):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000280)={<r1=>0x0, 0x1c, &(0x7f0000000100)=[@in6={0xa, 0x4e23, 0x4, @dev={0xfe, 0x80, '\x00', 0x38}, 0x9}]}, &(0x7f0000000040)=0x10)
shutdown(r0, 0x2)
getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000200)={r1, 0x5}, &(0x7f0000000240)=0x8)

1m4.289506716s ago: executing program 3 (id=939):
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
capset(&(0x7f0000000340)={0x20080522}, &(0x7f0000000300)={0x0, 0x0, 0x5f22})
r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000740), 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r0, 0xc0189374, 0x0)

1m4.071331046s ago: executing program 3 (id=944):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f00000000c0)={[{@noinit_itable}, {@dax_inode}, {@nolazytime}, {@abort}, {@dax_inode}, {@lazytime}, {@noload}, {}, {@noauto_da_alloc}]}, 0xfe, 0x558, &(0x7f0000000c00)="$eJzs3U1rG0cfAPD/ynbenOeJAyG0PRRDDk1JI8d2X1LoIT2WNjTQ3lNhb0ywHAVLDrEbaHJoLr2UUCilgdIP0HuPoV+gnyLQBkIJpj30orLyylFsyZZtpVaq3w82mdldaXY0+x/PaCQUwMAaz/4pRLwcEV8nEcdajg1HfnB87bzVJ7dmsi2Jev2TP5JI8n3N85P8/9E881JE/PJlxJnC5nKryyvzpXI5XczzE7WF6xPV5ZWzVxdKc+lcem1qevr8W9NT777zds/q+vqlv777+MEH5786tfrtT4+O30viQhzNj7XWYw9ut2bGYzx/TUbiwoYTJ3tQWD9J9vsC2JWhPM5HIusDjsVQHvXAf98XEVEHBlQi/mFANccBzbl9j+bBL4zH769NgDbXf3jtvZE41JgbHVlNnpkZZfPdsR6Un5Xx8+/372Vb9O59CIBt3b4TEeeGhzf3f0ne/+3euS7O2VjGDvu/+g4vCWjxIBv/vNFu/FNYH/9Em/HPaJvY3Y3t47/wqAfFdJSN/95rO/5dX7QaG8pz/2uM+UaSK1fLada3/T8iTsfIwSy/1XrO+dWHHfup1vFftmXlN8eC+XU8Gj747GNmS7XSXurc6vGdiFfajn+T9fZP2rR/9npc6rKMk+n9Vzsd277+z1f9x4jX2rb/0xWtZOv1yYnG/TDRvCs2+/PuyV87lb/f9c/a/8jW9R9LWtdrqzsv44dDf6edju32/j+QfNpIH8j33SzVaouTEQeSjzbvn3r62Ga+eX5W/9Ontu7/2t3/hyPisy7rf/fE3Y6n9kP7z+6o/XeeePjh5993Kr+79n+zkTqd7+mm/+v2Avfy2gEAAAAAAEC/KUTE0UgKxfV0oVAsrn2+40QcKZQr1dqZK5Wla7PR+K7sWIwUmivdoy2fh5jMPw/bzE9tyE9HxPGI+GbocCNfnKmUZ/e78gAAAAAAAAAAAAAAAAAAANAnRjt8/z/z29B+Xx3w3PnJbxhc28Z/L37pCehL/v7D4BL/MLjEPwwu8Q+DS/zD4BL/MLjEPwwu8Q8AAAAAAAAAAAAAAAAAAAAAAAAAAAA9denixWyrrz65NZPlZ28sL81XbpydTavzxYWlmeJMZfF6ca5SmSunxZnKwnbPV65Urk9OxdLNiVparU1Ul1cuL1SWrtUuX10ozaWX05F/pVYAAAAAAAAAAAAAAAAAAADwYqkur8yXyuV0UUJiV4nh/rgMibVEM7D3/IT72y8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQKt/AgAA//+jgjYy")
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x1000000, &(0x7f0000000900)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
mount$overlay(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={[{@workdir={'workdir', 0x3d, './file1'}}, {@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}], [], 0x2c})

1m3.351079187s ago: executing program 3 (id=953):
r0 = socket(0x1e, 0x1, 0x0)
connect$tipc(r0, &(0x7f0000000000)=@name={0x1e, 0x2, 0x0, {{0x1, 0x1}}}, 0x10)
write$binfmt_misc(r0, &(0x7f0000000400), 0x2000011a)
recvmmsg(r0, &(0x7f0000004000)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f00000000c0)=""/73, 0x49}], 0x1, &(0x7f0000000040)=""/24, 0x18}, 0xa}], 0x1, 0x20, 0x0)

1m1.486902509s ago: executing program 3 (id=976):
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0xd3283d0368e269b3, 0x8031, 0xffffffffffffffff, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x81, 0x0)
madvise(&(0x7f0000000000/0x400000)=nil, 0x40001e, 0x15)
mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff002, 0x0, 0x2000000000032, 0xffffffffffffffff, 0x0)

1m1.237756589s ago: executing program 32 (id=976):
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0xd3283d0368e269b3, 0x8031, 0xffffffffffffffff, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x81, 0x0)
madvise(&(0x7f0000000000/0x400000)=nil, 0x40001e, 0x15)
mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff002, 0x0, 0x2000000000032, 0xffffffffffffffff, 0x0)

3.757459547s ago: executing program 2 (id=1454):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=@newtaction={0x48, 0x30, 0xffff, 0x0, 0x0, {}, [{0x34, 0x1, [@m_police={0x30, 0x1, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}, 0x48}}, 0x0)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r1, 0x34}, 0x10)

3.443071571s ago: executing program 2 (id=1456):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x147c40, 0x0)
readahead(r0, 0x2a91, 0x7ff)
munmap(&(0x7f0000002000/0x1000)=nil, 0x1000)
preadv2(r0, &(0x7f0000000080)=[{&(0x7f0000001200)=""/4096, 0x1000}], 0x1, 0x0, 0x20000000, 0x1f)

3.398259103s ago: executing program 0 (id=1458):
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/resume', 0x149a82, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x40801, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
write$cgroup_int(r0, &(0x7f0000000040), 0x12)

3.163128703s ago: executing program 0 (id=1460):
syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000040)='./bus\x00', 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="66617374626f6f742c71756f7461000018bbdecde39739fcd1df176dde746ec834120600000000003b814e50a959736d6572462abc30ef5b65c70f73ecea54b5e5bea9836c319f653557e79a002208ce996dda659bd5ba0f4ce5c2080002223dc60000000000000044cd0a1e3686873600000000005493b4b81d5b9fa9b40fe4d76afc3a989c6d60044e89eb96e44d01a1034e3797ffa86870b82939f41ffa0f3d726f085663c29cbdc4c766a7eb77cc36160191acf5ae7469c82ab4145b595b987d75912a0fcd1c061835294cc0c618aba204f8adaa20c80108d356cd88cc86177056b06e7068c40f807d9e539f8f5b64a8ee0725aa8d00000000007cb6020d90ea79b8027cf75964dd86c2ed2b5e75779677aa8c76b848dd03dab190b5f02ec52830a17b01eaae1c3df076000000000000000000000000000083a48a6b926c668b9b90195018ea3619f9d80a0b894e212178e1a19909d764666264fa29e2c055fd7f8e67c2acfb75f0a8d41692f4542a575ee42ed94a0014fba44985cca9df12fe93bfaccf0122a6e7e593613ac0111701b125cc6799c43aa4ff708dc4a00a6decad26f0378072a571da000000b1a6bdf03fd56697e348b5b494f6fddb9f56142a47a40ef81690a7eca421bd0ad198afa58ce69d61c29deaa93c0efea0df04f20020ee84075b4e1a2ad43d1be1138de4668e7b6137545708790c501f1ed7f6a571d500000000000000"], 0x25, 0x5586, &(0x7f00000079c0)="$eJzs3EtvG2UXAOAzTtP71y9CLNh1pAopkWqrTi+CFQVacRGtKi4LVuDYruXW9kSx44SsumCJWPBPEEisWPIbWMASdogFiB0SyDMTaNoGSuM4avs80vjMHL8+874jK9KZiRzAU2sh/e2XJE7FsYiYi4iTSeT7SblF3Im4XIx9LiJOR0Tlri0p838lDkfE8Yg4NSle1EzKtz47Oz5z8ec3f/362yOHTnz+1XcHunDgQD0fEf3VYn+jX8SsU8RbZb4x7uaxf2FcxtUdNfpZkd9or+QVNhrb4xp5PN8pxmer68NJvNlrNCex072Z51cHxQmH4852nckH0luNtfy41V7JY3eY5bGzVZx3c6v427Y1HBV1WmW9j/LyMRptxyLf3mwX61m9ncfmYFTmi7pZq705ieMylqeLZtZr5fNYecSL/Bh4qztY30zH7bVhNxukF2v1F2r1S9X6WtZqj9oXqo1+69KFdLHTmwyrjtqN/uVOlnV67Voz6y+li51ms1qvp4tX2ivdxiCt12vna+eqF5fKvbPpa9ffS3utdHESX+kO1kfd3jC9ma2lxSeW0uXa+ReX0jP19J1rN9Ibb1+9eu3Gux9cef/6y9feeLUcdN+00sXlc8vL1fq56nJ96Sla/8flpP/D+pMHp3/4fm+XDQq7fMEA2N19/X/c2/+H/h+Yur30//3b5fH+9P/xMP1/TLP/n7RU+v9/738rB9D/zof+fx/XD3vyaP3/4anPAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAmftx/ovX852F4vhEmf9fmXqmPE4iohIRfzzAXBzeUXOurDO/y/j5e+bwTRJ5hck5jpTb8Yi4XG6//3+/rwIAAAA8ub68c/rTolsvXhYOekLMUnHTpnLywynVSyJifuGnKVWrTF6enVKx/Pt9KDanVC2/gXV0SsWKW26HplXtocztCEfvCkkRKjOdDgAAMBM7O4HZdiEAAADM0if/+O5LM5sHM5bE9qPM7WfB+X/e//1A8NiO9wAAAIDHUHLQEwAAAAD2Xd7/+/0/AAAAeLIVv/8HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAf7JzP7lpA1EcgJ8Nhv5VUdV9r9IdHKNH6LLLwgF6CY5Ar9ALcAYiZZEjRBBhT5CcgBSJMU7Q90m2M+Po5xlg88bSAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXbqpVrN/f77/PTdnuztPntkAAAAAx2yq1az+Y9K0P6b+z6nra2oXEVFGxLHafRCjVuYg5VQn/r96Mob/EXXCvn+cjg8R8SMd91+6/hQAAADgeq0Xy2lTrTentARw2++ouJBm0ab89DNTXhER1eQuU1q5P33LFFb/vofxO1NavYD1LlNYs+Q2PH5vlOshbYPW5XEm8/pLrFtlN88FAAD61K4ETlQhAAAAXIFffQ+AS3he2heH0+E947i5pBeC71stAAAA4A0q+h4AAAAA0Lm6/n9N+/8V9v8DAACA7Jr9/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOjSplrN1ovl9NT9+Qtztrvz5JsRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPLA/7ygQAmEQBnvXdyZz/8NKg4bGJlUgfPyNwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJvf/eX/xNQ4k8y9NpaeR5K1U2Pr1Ng7N47+ML5+DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAxf68pEAIBEEUzBn/O+n7H1YS9AwiREDDo4paNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwRb/75f/E1DiTzJ02lo5HkrWrxtZVY+9B4+jBePs3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAxb799EZRhgEAf3anu1DUWKtpYtVgwkEvUhYEuRqjaTz4EUyassXqIgo9CGnEXryZnrkYPRpjoqm3fgfONOGCNw491MSTh5r5V2bbFRqUmUJ/v+Td99nZ4f23E9Jn3lkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABKm+/Gq+0iTtKXiTwuj93eWp5P641ddWp99c50WtK4VfO4nwCvVd8cn2puIAAAABweSZnfR8TdztpsWrcnsvy/U56T5vw/PJfHZT6/O+/f2Fo+Wnw0Xeb/v/9276WdjiaSrJ+00YXFQf/U3qGMPaYpHnjPP/SMsWzls3svSfaFtD9ceXGzk61n67tbt97vZuGROkYLADyKk2VdBOXfQ2nda3JgABwaY5XEu8z/k4lmxwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQh82VeKaMWxExPXY/Tm1sLc+Pqr9ZvTO9XpRzN2+uVttMm+hExMLioH+qxrkcXOVqXv9sbjDoX7l6re7geESM+OjG/v55Ugz/X8/pRsTQkRMvj2jn4330taudPUFxeUa9aziezu+hJ7eGjrT2LPh727kmLoC6gnbx/TyOLsZr/96Hg/La+/9brvm/IwAAnnqdoqSZ6N3O2mx6rDUZsf3jcP7/RiWOobx/+0Z+JH+/Xsn/731y7na1r2r+36tpfk+CmaVLX8xcvXb9rcVLcxf7F/ufv326907vzPmzZ8/PZPdKZhai7Y4JAAAA/0G3KNX8vz25d///WCWOB+z/51vCef7/5fe9r6t9JfL/ke5v+jU9EgAAgMOouxO98Ppff7ZGnNHqduOruaWlK738def96fy11uE+oiNFqeb/yWTTowIAAADqsLnSGtr/v1CJ4wH7/9Xn/5/96ZVfqm0mETEecTki+ifnLw8u1DedA62OHypnHXWbnikAAABNGS9Kdf+/kz3/39555KEdEW+eiPi7+A1/7DP/Tz749udqX9Xn/8/UOsuDpz2Vr0dWT0WMTTU9IgAAAJ5mR4uSJvt/dNZmP/312Eddz/8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1O2fAAAA//+FVSwP")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
ioctl$F2FS_IOC_START_ATOMIC_WRITE(r0, 0xf501, 0x0)
ioctl$F2FS_IOC_SEC_TRIM_FILE(r0, 0x4018f514, &(0x7f0000000080)={0xb, 0x3, 0x2})

3.162015193s ago: executing program 2 (id=1471):
syz_mount_image$fuse(0x0, &(0x7f0000000080)='./file0\x00', 0x32e104c, 0x0, 0x0, 0x0, 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f00000002c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}]}})
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})

2.053413371s ago: executing program 0 (id=1461):
r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x109842, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000080)=0x40)
write$dsp(r0, &(0x7f0000000240)=' ', 0x1)
close(r0)

2.053304592s ago: executing program 2 (id=1463):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)={0x28, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_TX_RATES={0xc, 0x5a, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x8, 0x3, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x4}]}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x8000}, 0x0)

2.053239761s ago: executing program 5 (id=1464):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$TIPC_CMD_SET_NODE_ADDR(r0, &(0x7f0000000180)={0x0, 0xffffffffffffffad, &(0x7f0000000140)={&(0x7f0000000100)={0x1f, r1, 0x201, 0x400400, 0x0, {{}, {}, {0x8, 0x11, 0x4}}}, 0x24}, 0x1, 0x0, 0x0, 0x8800}, 0x0)

1.921552107s ago: executing program 5 (id=1478):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000640)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000480)={0x30, r1, 0x105, 0xffffffff, 0xa, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @crypto_settings=[@NL80211_ATTR_CIPHER_SUITES_PAIRWISE={0x8, 0x49, [0xfac0b]}]]}, 0x30}, 0x1, 0x0, 0x0, 0x800}, 0x4004050)

1.906292598s ago: executing program 2 (id=1468):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1380, 0x3})
ioctl$BINDER_GET_NODE_DEBUG_INFO(r0, 0xc018620b, &(0x7f0000000080))

1.715637336s ago: executing program 5 (id=1469):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r1=>0x0})
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000005c0)=ANY=[@ANYBLOB="4c0000001000030400000000fedbdf2500007400", @ANYRES32=r1, @ANYBLOB="00080000075005002c0012800b00010062726964676500001c000280050019000200000005001700000000000500160021"], 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x0)

1.646942079s ago: executing program 2 (id=1472):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000200)=ANY=[@ANYBLOB="12010000000000100b060a5000000000000109022400010000500009040002010300000009210000000122f80409058103"], 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000280)={0x24, &(0x7f0000000080)={0x40, 0x33, 0x38, {0x38, 0x3, "edda442694fb02f6d8b1cdc9cbc943c4da2bfe752f6863eac79db9fa64b428adadb0ac30aa118cc9200d530a4cc259ef194fb5b2525f"}}, 0x0, 0x0, &(0x7f0000000240)={0x0, 0x21, 0x9, {0x9, 0x21, 0x611, 0x1d, 0x1, {0x22, 0x70f}}}}, 0x0)
syz_usb_control_io(0xffffffffffffffff, &(0x7f00000001c0)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB="000706000000ff030902"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000340)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00220508"], 0x0}, 0x0)

1.61685125s ago: executing program 5 (id=1474):
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
unshare(0x8040480)
r0 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r0, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x1, {0x40, 0x3}}, 0x10)

1.442964247s ago: executing program 5 (id=1476):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2500000000000000007b1af8ff00000000bfa100000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="1802000000000000000000000000020085000000a800000095"], 0x0}, 0x90)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x12, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_GET_PROG_INFO(0xa, &(0x7f0000000740)={r0, 0x0, 0x0}, 0x10)

1.289827905s ago: executing program 5 (id=1481):
unshare(0x62040200)
syz_usb_connect(0x2, 0x56, &(0x7f0000000100)=ANY=[@ANYBLOB="1201000084a48e08d112f74247aa000000010902"], 0x0)
r0 = socket$inet(0xa, 0x801, 0x84)
getsockopt$IPT_SO_GET_INFO(r0, 0x29, 0x40, &(0x7f00000000c0)={'mangle\x00', 0x0, [0x1, 0x80, 0x207, 0x80004, 0xe]}, &(0x7f0000000040)=0x54)

1.080321423s ago: executing program 4 (id=1483):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = syz_io_uring_setup(0x12ab, &(0x7f0000000140)={0x0, 0x7495, 0x0, 0x2, 0x1f7}, &(0x7f0000000380)=<r2=>0x0, &(0x7f0000000340)=<r3=>0x0)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x1})
io_uring_enter(r1, 0x3516, 0x0, 0x0, 0x0, 0x0)

909.661851ms ago: executing program 4 (id=1484):
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xe0c81)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000000c0)={0x0, 0x6, 0x0, 'queue0\x00'})
write$sndseq(r0, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32}], 0xffc8)
ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r0, 0x408c5333, &(0x7f0000000280)={0x0, 0x80000000, 0x0, 'queue0\x00', 0xffffff00})

833.304574ms ago: executing program 1 (id=1485):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000c80)={'lo\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}, {0xa}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0xd, 0x2, [@TCA_HHF_QUANTUM={0x8}, @TCA_HHF_NON_HH_WEIGHT={0x8}]}}]}, 0x40}}, 0x0)

627.028333ms ago: executing program 1 (id=1486):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000009c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x5, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000100)='kfree\x00', r0}, 0x18)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="3800000039000900000000000000000001000000040000000c0001800600000005470000080002"], 0x38}}, 0x0)

625.075353ms ago: executing program 4 (id=1497):
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = epoll_create1(0x0)
r1 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000040)={0x1})

534.242117ms ago: executing program 1 (id=1487):
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
unshare(0x8040480)
r0 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r0, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x1, {0x40, 0x3}}, 0x10)

533.351278ms ago: executing program 4 (id=1488):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
setuid(0xee01)
r1 = syz_genetlink_get_family_id$nbd(&(0x7f00000004c0), r0)
sendmsg$NBD_CMD_CONNECT(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0x1}, 0x14}}, 0x200480d0)

460.450041ms ago: executing program 4 (id=1489):
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000240)=0x3)
capset(&(0x7f0000000c00)={0x20080522}, &(0x7f0000000280)={0x0, 0x3, 0x7, 0x0, 0x10040, 0x8f})
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)=0x2)

448.813361ms ago: executing program 1 (id=1490):
capset(&(0x7f0000000100)={0x20080522}, &(0x7f0000000000))
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x3)
ioctl$TIOCSLCKTRMIOS(r0, 0x5457, 0x0)

306.076687ms ago: executing program 0 (id=1491):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r1 = syz_open_dev$media(&(0x7f00000006c0), 0x4007, 0x440)
ioctl$MEDIA_IOC_REQUEST_ALLOC(r1, 0x80047c05, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

243.06841ms ago: executing program 1 (id=1492):
r0 = fsopen(&(0x7f0000000300)='jfs\x00', 0x0)
r1 = syz_open_dev$rtc(&(0x7f0000000140), 0x0, 0x0)
ioctl$RTC_UIE_ON(r1, 0x7003)
close_range(r0, 0xffffffffffffffff, 0x0)

223.153111ms ago: executing program 4 (id=1493):
syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000380)='./file1\x00', 0x2804450, &(0x7f0000000280), 0x1, 0x51b, &(0x7f00000014c0)="$eJzs3c9vI1cdAPDvjO1tdjfFKXAolWgrWpQtsHayoW2ERFskBKdKQDkTQuJEUZw4ip2yiSpIxY0LEkKA1BMnLkj8AUioF+4IqRLcESAQgi0caQfZHtMmsWOz+eGu8/lIs35vfn3fG63f/HrxC+DKejIiXoqIQkQ8ExHlfH6aT0vtzGF3vbfvvbbSnpLIslf+kUSSz+vtq50vRsTN7iYxFRFf+3LEt5KTcZv7B5vL9XptN89XW1s71eb+we2NreX12npte2Fh/rnF5xefXZzLcmeq50xEvPDFv/z4Bz//0gu//sy3/7j0t1vfaRcrK3fLHRErZwowQHffpc6x6Gkfo92LCDYGhbw+pcK4SwIAwCja1/gfjohPdK7/y1HoXM0BAAAAkyR7cTr+k0RkAAAAwMRKI2I6krSS9wWYjjStVLp9eD8aN9J6o9n69Fpjb3u1vSze+Pz3v5GubdRrc3lf4ZkoJe38fN7Htpe/cyy/EBGPRMSPytc7+cpKo7467ocfAAAAcEXcfOLo/f+/y2knDQAAAEyYmYEZAAAAYFK45QcAAIDJ5/4fAAAAJtpXXn65PWW9cbxXX93f22y8enu11tysbO2tVFYauzuV9UZjvfObfVvD9ldvNHY+G9t7d6utWrNVbe4fLG019rZbSxtHhsAGAAAALtEjT7z5hyQiDj93vTNF/juAAEf8edwFAM5TYdwFAMamOOqKycWWA7h8paFrjNxCAA+oYaf3gZ13fnv+ZQEAAC7G7MdOvv+/li8b/mwAeJAd6evjL3QA4Erwdg+urtLQHoA6/sCk+1D346Fe/jfHlp/9/X+W3VfBAACAczPdmZK0kr8LnI40rVQiHu4MC1BK1jbqtbn8/uD35dJD722ZeDIAAAAAAAAAAAAAAAAAAAAAAAAAACPKsiQyAAAAYKJFpH9N8lH+ZstPT3efCryTj9V1bNSvN175yd3lVmt3PuJa8s9ye9a1iGj9tDt/705mSAAAAAD4AOjcv9/JP+fHXRoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJs3b915b6U2XGffvX4iImX7xizHV+ZyKUkTc+FcSxfdtl0RE4RziH74eEY/2i5/Eu1mWzeSl6Bf/+gXHn+kcmv7x04i4eQ7x4Sp7s93+vNTv+5fGk53P/t+/Yj6d1eD2L/1f+1cY0P48fPqu017isbd+WR0Y//WIx4r9259e/KQbP4lj8Z8asY7f/PrBwaBl2c8iZvuef5IjsaqtrZ1qc//g9sbW8nptvba9sDD/3OLzi88uzlXXNuq1/N++MX748V+9e1r9bwyIP3O0/ieO/9Mj1v+dt+7e+0g3WeoX/9ZT/c+/jw6In+bnvk/m6fby2V76sJt+v8d/8bvHT6v/6oD6Tw2p/60R6//MV7/3pxFXBQAuQXP/YHO5Xq/tnpKYGmGdgYnCfW01LPHiee9QYryJ7Lvd/49n288ZNz+RyM6yeTGGrhNH53yqGMfmNK/9H9/T802Ms1UCAAAuwnsX/eMuCQAAAAAAAAAAAAAAAAAAAFxd9/kLYVMRMfLKx2MejqeqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACn+m8AAAD//+CA1xA=")
mount$bind(0x0, 0x0, 0x0, 0x81105a, 0x0)
mount$bind(0x0, &(0x7f0000000100)='.\x00', 0x0, 0x21, 0x0)
quotactl$Q_SETINFO(0xffffffff80000600, &(0x7f0000000100)=@loop={'/dev/loop', 0x0}, 0x0, &(0x7f00000002c0)={0x0, 0x542e, 0x0, 0x4})

144.797724ms ago: executing program 0 (id=1495):
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000180), 0x2000, 0x0)
fcntl$notify(r0, 0x402, 0x1)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000600)='sessionid\x00')
readv(r1, &(0x7f0000000300)=[{&(0x7f0000000140)=""/59, 0x3b}], 0x1)

82.996807ms ago: executing program 1 (id=1496):
syz_mount_image$btrfs(&(0x7f0000000200), &(0x7f0000005600)='./file0\x00', 0x800, &(0x7f0000000240), 0x0, 0x559e, &(0x7f0000005680)="$eJzs3X9sVeX9B/BzWwoN+C39jhUYfxAgBoMkyJYtjqB4MQa24eKlgsKcCEQlBivYRDcYqUWSZcaghU4EF5GQaDJjscM/FMywy7CMZfzY5hZjs4JSaZZsAzVrHDG69N77XO49l9tembNOXy/SnvPcz3me+9yT88d9X/qcGwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAURUcSc9+d0f3i0ZE1X77/Hz+e+OjGn4zfvX/roVvu23T/gjMjbto5a1nf+mlN8zdsbDjS/PS+ObdGUSLdL5Htf9u136q/88bbvlsdBly+MLOtrS31lJmuJzON4QUP9vcr/FkRRVFVbIDK7PbV7E5FwQC53cbiAQf0Tuui6O7J8ya1dT01bklyYU/xS6df9VBPYKhkr6ue89dSMv27InZErp136SUKLtFM//gF96m8CADgY5mZSm9yb0ezb3Fz7eZ4PdZOxtotsXZ4h9CS37gYmXGHl5rnpHh9iOaZzESFESXnGatnz3+unYr3j7VjUeNjzLPw0GykqS41z7Wx+lDNEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOCzZOzxo2tWtD2y575fdtQceff9OVc+8KWOw22LT4y8eunKHWum/HTWsr7105rmb9jYcKT56X1zbo2i2nS/RKZ74kTL5b9NjZ3fvXfcG427n6vpq8yOG7bD8g6OXg87s0ZH0cq8Sk8Y9q81UZQqLKSb0Y7iwl3pnW+HAgAAAJ8nX0n/rsi1M3GwqqCdSKfJRPpfkAmL77Quiu6ePG9SW9dT45YkF/Zc/HipEuMlLzherl17/ieRF4xD/I2Pd74eDm0sGmdg8RHjef7SMWPefmty/eSvT5v7xA3PjOru+r8nZ2xJ/bGu5oUrru+tf/a6ovxfO3D+D2dO/gcAAOA/If/HxxnYYPn/jqVTt7z+i2Grft3a8MTB+h1/bv3OMzsXneq54Ud9L09N3v7o1UX5f1LBUxbl/zDjkP8roovL/wAAAPBZ9t/O/8micQY2WP5vONM3+wcHX6vr+PucxXt+9dAVi8+e/tv8U7t3DV9zR8v6uoeuLMr/M8vL/8Pypx0e/F2Y8OrRUTSz/JMKAAAAFAj/737+o4WQ1zOfHMTz+rX/vKp5380ffPMbD97zpzff/s2xA7MnrdteN/PgyzfVf1j5ve3dRfk/WV7+r/p0Xi4AAABQhuePrpw773jPucfPvtB18vDu3pMznjyzrqnvdOslLatXbTr2WlH+T5WX/0cMzcsBAAAALuDeO59bsfnVl/oe2H/X2Ck9FVc1XpK4ZduOqU0TPuq8tPfy7VuL8v/y8vL/yOw2u/Ih06kz/BVC6+goqu7fWZspHIparskVAAAAgE9IyOlbP1ixbOzOsb3jj59+rObQG4dn/2Vt55yN13RXdW/uXNZ4WdH9AkJiL3X//3Cng7D+v+D+f0Xr//MKmbv+zXZjAAAAAL6Iitfzh9vjZ765oNT375e7/n9J3cQTiba33lv11XMHzo1ZsP/7129aV9/be8+El37/wz9M/6i6KP83l5f/K/O3n+T3/wEAAMBF+F/7/r+lReMMbLD7/zdV9DWsWrd3+uota7csTCw7UH3qwdV731+w5l9Tb36+qea6A0X5v6W8/B+2o/JfXkc4P5tGR9H4/p3s3QR/Hqa7OlZor8orZE58rMeNoUe20D4ir5C2Ntbja6OjaHL/TnOs8P+h0BIrnK3JFnbFCsdCIXs95Ap7YoWOcKVtq8lON154MRSyCyzawwqKUbklEbEe75Xq0V+4YI+u3JMDAAB8oYTwnM2yVYXNKB5l2xODHTBysAMqBjugcrADhsUOiB9Y6vFoeWEhPH575yMbNjVMSb7y8NzHfvbms40T9j1+WV3v5g9f2XbvxJ3TW6YW5f9d5eX/cCqGZzal1v9HYf1/9nsNc+v/l4dCbazQHgqp+B0DUuE5MmH34fActalsj7PjcwUAAAD4XAufC1QO8TwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/s3evcdJVd0JAj/d9INumqaNE9GMk3TUgGakaWwNw+AoaoxGRZpZddxkNBBoEGmE8FgFURtQZxziZ3ztrJnoCAoiu+qHGFeDwUhcxIw6iWLiA/Cxjq7r+h6VGM2E/XTfOkXVrS67EFDa+X7/6DpVv/O89eg69946FwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/xjuPfjlk4YunP0PHzace8nqqqmL/kfH6Mv+cNW3vvjUPy5b9G9h/i9GnLll3kEXHjd/wbR/6Vi++ogzQmjtKleWFC977oqvPtS613HP3jFw48wbb63fUpWpNxMP/Tr/lGfuXBxbfbF/CHeXhVCRDgypSwKVmft1sb5960LYI2wLZEu01SYl0g2HB2pCWBK2BbJVra4JoS4ncMqG+++7vDNxTU0IXwkhVKfbeKY6aaMmHRhUlQRq04HpFUngt1sT2cBPypMA7LD4Zsi+6Fe15mdo6L5ckddf5U7r2KcrPbw+MdFQPN/rR+3iTuWoSj/QukNPW0F17BIFb4+13m294N1WsJ2v8LTlfpHKfEPZui1UHcontk0aP6d9dnykPDQ19SlW0y56np9+e/6E7Un3mtdh7EDDTnkdXvrYiun9lo2+9OrNvxqz4ayaA3a0m0/lbNLc9K5WHTKvuV7zPEajfJ70grdfwbekRl+6Qghbzz17xtfnTDz7iD63PLnu1QcfrNty9pwFvzhz4nmLLj55w7/Pf6lg/t/w0fP/+HKOt+V5uWOrH9Ync/P4SF1MvFmfzM0BAACg1+gNe01Xnv/6X73+/bWtMxed/u23Dj73w71afz3i/gFVB7yxrqn1/I2ff6Vg/t9Y2vH/eMi/Lne0a0MY1ZVYNCCEvbseTwIrY3e+OyCEL3elWvMDR6UCa0PYpytxULaqVIm+sURjKvByfSYwKhVYHwOtqcDyGLgiFbg4BlalAhNiYG0qcHQMhCn54/hqfWYcJQdqYmBcshFXxbMQ3qmPraW21aZsVQAAADtJZnZYmX8351yHHc0Qp5eranrKEM/ALpqhOlVDegabnVYVraGipxrKe6ohO+6Ojx5+Qc1lPdVccBpGWX6GG9f85X2LXjzsC2P3mvj5xUMvmPKz8eGst++uerx5yYtv7XvEzesK5v/NHz3/r+6mI2UFx/9DGNv1N+Yuz0Tas/FxrXkZAAAAgB1w0R//xR61Lw85oGHT+2X3zl/7xKMrfrl5j1NOf3/c8a//8PCaxnsL5v+jSjv/P+4T6ZOTOTwSd0NMHRBCc34gqXZkYSA56t0vEwAAAIDeIHs8PnssfErmNjlFOz2fLszfup3544H/Ud3m//09/7P2jq3/+mLZBd89d0TNgKX/9GrHhBNOPvqW47/1zj4VB/yyvGD+31ra+f+1+bdJJ9bHXlw9IIS+OYEHYy87A10aY+D5I/MDmfGvjxtgcawqc2JCtqrFscS4GGhOBZYUK/FotsTe+YHMk5VtfFF2HFMyJXICAAAA8ImLuwPicfl4/n/LGSNO++vvzfrbha88eN7qCy75q+Ed80eedP/THzbMvXJp2PTmEQXz/3Hbd/5/1zy44PT+9n4hDK0IoU/6hwGP1CYLA8ZAXVkmcW9tUlefdFULa0MY2TmwdFUvZNb/r0ivMfh4TVJVDOy93y1vD+pMLKsJYWhu4IlvLz2sMzEnFcg2flpNCF/qHG268bv6Jo1Xphu/tm8IX8wJZKua0DeEzsaq0lX9r+rMdQzSVa2qDmHPnEC2quHVIcwNAPRW8X/pxNwHZ82dN3V8e3vbzF2YiDvxa8KkKe1tTROmt0+sLtKniak+561jtKBwTKVe+mZTZo2ixSsnV5aSzv5QsDm3rcyO/IIzBzP345ehyq5xHlKZd7clPeQD9y9sIuR8lSo25PJdPOTa3Eq2PYkF9cf8VaFf6DtnVtvMpvPGz549c1jyt9TshyR/43GmZFsNS2+r2u76VsLLo+hyWSkfd1sNyq1k6OxpM4bOmjtvyJRp4ye3TW47p+XQP2sZMXz410YM7RxUc/K3h5EO6q7m1Ei3Li1xWDtxpF+oyKnkk/jQkJCQ6G2J/f7L5odH77n+nOt/9tqPz+/3zdPu3fvImT889KqpD1Xve/ji24ccWDD/n/HR8//4qRM/+DPrMxQ7/t8QD/Mnj287zD8uBpaUevy/odjR/OyJAY2pQEcMdDjMDwAAwGdD3B0Z92bGndKbb1m/buOSlrk/aHin5dY17Utvuum+U39y58ATvjQ47LXhuhM+VzD/7yjt9/87af3/7NL1JxRb5v+gWKK52Pr/6WX+s+v/dxRb/z+9zH92/f8ln8L6/3OygdQmecf6/wAAwGfBJ7f+f4/L+6cvEFCQocfl/dMXCCjI0OMy/qVeIGC71/9f8+Bff6Wq35g7/qTlN/WXvPZ39xzWeuS6zTP/5Etb10+877qxt6wpmP9fUdr838L9AAAAsPv4z5ddU3H02Xff0bJu6sZxbw5+98m3lgzq80HF0Q+3j3xh4Bu3nlcw/19S2vz/k1//LxQ7/7+xWKC12MKA1v8DAACglyq2/t89Q1sa/zCm/x+eHvab5Q/ePPqnj/z898v3+/mJPyvfZ8Gxz8+8bFLB/H9VafP/eNpFeV7u2JsP65M17UJ6Tbs367M/GQAAAIDeoTw0NVWWmDdvYdSjPn6bT2eWAv2odK7vvXLt2ZtfmH7c46ev+7uaEwbvOWHaBasa/2b4gXd+ftQley7ddGrB/H9tafP/vN9lXPrYiun9lo2+9MOrN/9qzIazag7YdvwfAAAA2HVK3S8BAAAAAAAAAAAAAAB8+s7tWHzhI8uOfe+bt//F/kcseXXwbXcd+Lsh/V664qoHJq1648zJXy/4/X8Y21Wu2O//43X/4u8L/igvd2y15/X/MvdPOfH2uV1LFj5SH8L+uYGpC6fuETLX5h+cG7jvjIMGdiYWpkusefbolzoT30kHjh/yuS2dicNTgXFxkcR90oF4VcUt/VOBuLzi4+lA3B6r0oGqTOCy/sk4ytLb6pW6ZFuVpbfVxroQBuQEstvq7rqkjbL0AK9JBbID/F46EAd4ciZQnu7V7f2SXsVAXSx6Q7+kVwAA7Lbit8DKMGlKe1tz/Aofb79QkX8b5S1ZtqCw2rISm9+UWZps8crJlaWk+6S/i2671nhlqO4cwrCCr6u5Wcq6Rrlzaulh0/1RkSH3tNpbeZFyadu76aqKj6gmGVHThOntEyt7HHhLz1kOqegxy7CCyU5ulvKuTVpCLSX0pYQRlbhtSuhyvF8empr6pHL9eQw2hDw9vSJK/b1+7jp/xV4FuXluO/TKt758zE+f++CfP/9E/2+cVnP7rO+/e+KvX7//wEOOuG5C05otBfP/htLm/9W549qSuRhAR7yy3sgBIYwrcUQAAADw2XfbRbfecfr09a9MWlvx5GOPTS0fc3rl1vl3zp93ycZ7Fx9/2cErdjR+2Fm//f5vBu//b89e9dJPR+7zwA03/58nD3v8z3//8I8eeqduZZ+x7xXM/xtLm//HPViZQ8HJ3o618fr/iwaE0HVp/YYksDIO97sDQvhyV6o1lkguqH9CLNGcBFbGHSYHxRLjWvOr6hsDq1KBl+szgbWpwPoYyOyluCVkduVcWR/CYV2psfklZsQSDanAmBhoTAWaYqA5FegfA6NSgdf6ZwKtqcDDMRCm5G+rH/fPbCsAAIDtkZlnVebfDel53qqKnjKU9ZShtqcM5T1lqO4pQ7FRxPt3xAyVqZNXynIyVaZrrUnVUpAhXgx/u/tVkCE8mp8zXbCg6Xj+QfZ8g7L8DFf+4NlT1w+e/tDqzcd8beBt/zhkz4Obp9e9t+CGp3475pzrnv/TQQXz/+bS5v+1+bdJ6+vj/H/b9f+SwIOxe1fHU8cbY+D5I/MDmR0D6+Nkd3G2qtZMicykfXEsMSoGGlOBGTEwKhUYNzYTWDIwP5CZaWcbX5RtfEqmRE4AAAAAPnFxB0HcTRPn/zce9YOr3x8wccuyeTPvH9vyxMmjv3H1XT+6d/9ld767YvCAce99p2D+P6q0+X9sr19uYxfH3rzYP4S7y7b1JhsYUpcE4n6Muvjz+H3rQtgjZwdHtkRbbVKiKtVweKAm+YV6Vbqq1TXJGgPx/ikb7r/v8s7ENTUhfCVn70u2jWeqkzZq0oFBVUmgNh2YXpEE4p6fbOAn5UkAdlh2r2B8QWVOdclq6L5ckdffZ+WaoOnhFewD7SZfd7+52lWq0w9k9qlmbd/TVlAdu0TB22Otd1tvfLc1eLflfpHKfEPZui1UHcontk0aP6d9dnwk95esBXbR85z7K9VS0jvhddjx8Xvbs+p0B5pTHx/N3Zfr/nVYFqu79LEV0/stG33p1Zt/NWbDWTUHlNyNIuIPhX+05X9XPpWzeXe16pB5zfW6z5NWnye98d9Ao6cthHDZ9cfsu+TdX+/33A3Pnbqu7Maxr/7lrHs2Lf+bysNHrXv/yaGjLy+Y/7eWNv+vSN12+V3cmLMGhHBgzsZ9JG7+YwYkn4M5geRTcs/CQHLI/V/ri35yAgAAwM6W3d2R3V8wJXObnBCenicX5m/dzvxxf8WobvOX2u9j121cedLQN6474G8vOPGNv7/28Kceuv6ysnXL//vYD1avuXzxe08UzP/HffT8v2+qm47/O/7PLuL4f7d2913RfdMPdOzQruiC6tglHP/v1u7+bnP8v1uO/zv+3x3H/3vg+H+3dvenreBb0gxfujonwdff+fPfTbzpg7mN+x180lPPHDrxun+6quXuu0555b+de9601761uWD+P6O0+b/1/7pftC+7/t+4Yuv/zSi2/l+H9f8AAIBdqshCc+l5XsHqfQUZ0qv3FWTocYHAHpcYtP7fdq//t3Dkv1904Q+fb7n2nTvHXb5m07Fnvvr0utXPzFpx3Lnnv9V6112tBfP/jtLm//Hl0C+39d6y/l/j2CJVXREDMywMCAAAwO6o2A4CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPl2HnvbO+5d8/R/aBv1ixc1/f+v/+7/P1q594JvfuGn4L6f86RllazZcM+LMLfMOuvC4+Qum/UvH8tVHnBHClK5yZUnxsueu+OpDrXsd9+wdAzfOvPHW+i3VmXorM7d/nJc7tvphfQhLch6pi4k36zvvbAuccuLtcys6E4/Uh7B/bmDqwql7dCaW14cwODdw3xkHDexMLEyXWPPs0S91Jr6TDhw/5HNbOhOHZwJl6e5e1z/pblm6u5f3D2FATiDb3bP751eVbeO4TKA83caKuqSNGKiLRa+tS9qIgfZYYkrfEIZWhNAnXdU/VydV9UlXdU91UlWfdFUXVYcwMoRQka7quaqkqor0yB+tSqqKgb33u+XtQZ2JpVUhDM0NPPHtpYd1JmamAtnG/1NVCF/qfMmkG/9xZdJ4Zbrx/1oZwhdDCFXpEu9VJCWq0iVeqAhhz5zAto1YEcLcwGdD/PSZmPvgrLnzpo5vb2+buQsTVZm2asKkKe1tTROmt0+sTvWpmLKc9NYFH3/sm96eP6HzdvHKyZWlpCsy5Sq7unxIZd7dlt2997FftbmVbHs+CuqP+atCv9B3zqy2mU3njZ89e+aw5G+p2Q9J/vbJRJNtNay3bKtBuZUMnT1txtBZc+cNmTJt/OS2yW3ntBz6Zy0jhg//2oihnYNqTv7ujJEu/eRH+oWKnEo+ife/hIREb0uU5326Ne/un+MFX/S3dbQyVHd9QBdMK3KzlHWNcmcM+qiPOeKP8zWlxxENK5g4FGQ5pOcsLQWTiW1ZapIsXV/rCiaHuTWVd23SeL88NDX1KbYdGvLv5m7e13dg8z6d2XSlpgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+P/swIEAAAAAAJD/ayNUVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYQcOBAAAAACA/F8boaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqgo7cCwAAAAAIMzfOoyeDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4FAAA//8fSxmR")
chdir(&(0x7f0000000140)='./file0\x00')
chdir(&(0x7f0000000040)='./file0\x00')
lremovexattr(&(0x7f0000000100)='./file1\x00', &(0x7f0000000000)=ANY=[@ANYBLOB='o'])

0s ago: executing program 0 (id=1498):
socketpair(0x1e, 0x1, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff})
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), r1)
sendmsg$NBD_CMD_CONNECT(r1, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000000440)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000ffdbdf25010000000c00020000000000000000001c0007800c0001800800", @ANYRES32=r0, @ANYBLOB="0c0001000800646c6b0e61", @ANYBLOB], 0x3c}}, 0x0)

kernel console output (not intermixed with test programs):

egistering new adapter (Medion MD95700 (MDUSBTV-HYBRID))
[   78.195465][   T21] [drm:udl_get_edid_block] *ERROR* Read EDID byte 0 failed err ffffffb9
[   78.204720][ T4237] usb 3-1: media controller created
[   78.224135][   T21] udl 5-1:0.0: [drm] Cannot find any crtc or sizes
[   78.235622][ T4237] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[   78.260336][   T21] usb 5-1: USB disconnect, device number 4
[   78.275804][ T5006] dvb-usb: bulk message failed: -22 (3/0)
[   78.303244][ T4242] [drm:udl_get_edid_block] *ERROR* Read EDID byte 0 failed err ffffffed
[   78.317013][ T4242] [drm:udl_get_edid_block] *ERROR* Read EDID byte 0 failed err ffffffed
[   78.324632][ T5006] cxusb: i2c wr: len=80 is too big!
[   78.324632][ T5006] 
[   78.331148][ T4242] udl 5-1:0.0: [drm] Cannot find any crtc or sizes
[   78.350736][ T4237] usb 3-1: selecting invalid altsetting 6
[   78.357928][ T4237] usb 3-1: digital interface selection failed (-22)
[   78.364542][ T4237] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)'
[   78.430300][ T4237] usb 3-1: setting power OFF
[   78.446028][ T4237] dvb-usb: bulk message failed: -22 (2/0)
[   78.453685][ T1108] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[   78.468754][ T1108] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[   78.478605][ T4237] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected.
[   78.493659][ T4237] (NULL device *): no alternate interface
[   78.504953][ T1108] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[   78.528847][ T1108] usb 4-1: media controller created
[   78.558744][ T1108] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[   78.566634][ T5058] binder: 5057:5058 ioctl 400c620e 2000000001c0 returned -22
[   78.674883][ T5064] program syz.0.343 is using a deprecated SCSI ioctl, please convert it to SG_IO
[   78.712543][ T1108] az6027: usb out operation failed. (-71)
[   78.739841][ T1108] az6027: usb out operation failed. (-71)
[   78.746675][ T1108] stb0899_attach: Driver disabled by Kconfig
[   78.764292][ T1108] az6027: no front-end attached
[   78.764292][ T1108] 
[   78.797364][ T1108] az6027: usb out operation failed. (-71)
[   78.803141][ T1108] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[   78.822376][ T1108] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input6
[   78.884128][ T1108] dvb-usb: schedule remote query interval to 400 msecs.
[   78.890984][ T5075] loop4: detected capacity change from 0 to 64
[   78.911736][ T1108] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[   78.919859][ T4237] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected.
[   78.961672][ T4237] usb 3-1: USB disconnect, device number 5
[   78.981374][ T1108] usb 4-1: USB disconnect, device number 5
[   79.124042][ T1108] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[   79.165782][ T5085] netlink: 8 bytes leftover after parsing attributes in process `syz.4.350'.
[   79.289408][ T5090] netlink: 8 bytes leftover after parsing attributes in process `syz.4.353'.
[   79.368756][ T5092] loop2: detected capacity change from 0 to 128
[   79.436205][ T5092] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only
[   79.462409][ T5092] hpfs: filesystem error: improperly stopped
[   79.471548][ T5092] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[   79.482940][ T5092] hpfs: You really don't want any checks? You are crazy...
[   79.494838][ T5092] hpfs: hpfs_map_sector(): read error
[   79.503469][ T5092] hpfs: code page support is disabled
[   79.522713][ T5070] loop0: detected capacity change from 0 to 32768
[   79.534157][ T5092] hpfs: hpfs_map_4sectors(): unaligned read
[   79.540354][ T5092] hpfs: hpfs_map_4sectors(): unaligned read
[   79.557317][ T5092] hpfs: filesystem error: unable to find root dir
[   79.577693][ T5098] loop3: detected capacity change from 0 to 1024
[   79.713711][ T5070] XFS (loop0): Mounting V5 Filesystem
[   79.817246][ T5070] XFS (loop0): Ending clean mount
[   79.854884][  T304] hfsplus: b-tree write err: -5, ino 4
[   79.957649][ T4181] XFS (loop0): Unmounting Filesystem
[   80.045642][ T5115] loop3: detected capacity change from 0 to 512
[   80.095874][ T5115] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (57259!=33349)
[   80.148524][ T5115] EXT4-fs (loop3): orphan cleanup on readonly fs
[   80.177305][ T5115] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:510: comm syz.3.360: Block bitmap for bg 0 marked uninitialized
[   80.204324][ T5115] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6178: Corrupt filesystem
[   80.229748][ T5115] EXT4-fs (loop3): 1 orphan inode deleted
[   80.235734][ T5115] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[   80.607374][ T5141] netlink: 28 bytes leftover after parsing attributes in process `syz.4.374'.
[   80.671844][ T5144] netlink: 16 bytes leftover after parsing attributes in process `syz.3.375'.
[   80.681086][ T1108] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[   80.708999][ T5148] loop4: detected capacity change from 0 to 1024
[   80.757901][ T5152] loop3: detected capacity change from 0 to 512
[   80.865544][ T5152] EXT4-fs error (device loop3): ext4_xattr_inode_iget:404: comm syz.3.379: inode #1: comm syz.3.379: iget: illegal inode #
[   80.887868][ T5148] EXT4-fs (loop4): mounted filesystem without journal. Opts: barrier,nodioread_nolock,noquota,barrier,auto_da_alloc,nodioread_nolock,,errors=continue. Quota mode: none.
[   80.920945][ T5148] ext4 filesystem being mounted at /86/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   80.939878][ T5152] EXT4-fs error (device loop3): ext4_xattr_inode_iget:409: comm syz.3.379: error while reading EA inode 1 err=-117
[   81.009229][ T5152] EXT4-fs error (device loop3): ext4_xattr_inode_iget:404: comm syz.3.379: inode #1: comm syz.3.379: iget: illegal inode #
[   81.025206][ T5152] EXT4-fs error (device loop3): ext4_xattr_inode_iget:409: comm syz.3.379: error while reading EA inode 1 err=-117
[   81.034236][ T5148] EXT4-fs error (device loop4): ext4_free_blocks:6218: comm syz.4.377: Freeing blocks not in datazone - block = 0, count = 16
[   81.061283][ T5152] EXT4-fs (loop3): 1 orphan inode deleted
[   81.069212][ T5152] EXT4-fs (loop3): mounted filesystem without journal. Opts: grpjquota=,stripe=0x0000000000000003,norecovery,noinit_itable,init_itable=0x0000000000000001,minixdf,usrjquota=,debug_want_extra_isize=0x000000000000005c,errors=continue,dioread_lock,noblock_validity,noquota,,errors=continue. Quota mode: none.
[   81.116382][ T1108] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0
[   81.137864][ T1108] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8E has invalid maxpacket 0
[   81.151357][ T1108] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0
[   81.169552][ T1108] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0xA has invalid maxpacket 0
[   81.203107][ T4260] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm kworker/u4:5: bg 0: block 112: padding at end of block bitmap is not set
[   81.251675][ T4260] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[   81.272348][ T4260] EXT4-fs (loop4): This should not happen!! Data will be lost
[   81.272348][ T4260] 
[   81.303992][ T4260] EXT4-fs (loop4): Total free blocks count 0
[   81.318870][ T4260] EXT4-fs (loop4): Free/Dirty block details
[   81.325091][ T4260] EXT4-fs (loop4): free_blocks=16
[   81.344298][ T4260] EXT4-fs (loop4): dirty_blocks=16
[   81.359059][ T4260] EXT4-fs (loop4): Block reservation details
[   81.365143][ T1108] usb 1-1: New USB device found, idVendor=05ab, idProduct=0301, bcdDevice= 1.00
[   81.365213][ T4260] EXT4-fs (loop4): i_reserved_data_blocks=1
[   81.380143][ T1108] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   81.380165][ T1108] usb 1-1: Product: syz
[   81.380179][ T1108] usb 1-1: Manufacturer: syz
[   81.380255][ T1108] usb 1-1: SerialNumber: syz
[   81.384081][ T1108] usb 1-1: config 0 descriptor??
[   81.499492][ T5174] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[   81.506784][ T5174] IPv6: NLM_F_CREATE should be set when creating new route
[   81.509635][ T1108] ums-isd200 1-1:0.0: USB Mass Storage device detected
[   81.514063][ T5174] IPv6: NLM_F_CREATE should be set when creating new route
[   81.528062][ T5174] IPv6: NLM_F_CREATE should be set when creating new route
[   81.721513][ T5186] overlayfs: "xino" feature enabled using 2 upper inode bits.
[   81.847750][ T1108] scsi host1: usb-storage 1-1:0.0
[   81.986122][ T5201] llcp: llcp_sock_recvmsg: Recv datagram failed state 5 -11 0
[   82.091495][ T1108] usb 1-1: USB disconnect, device number 4
[   82.858674][ T5215] loop2: detected capacity change from 0 to 32768
[   82.877048][ T5230] loop0: detected capacity change from 0 to 8192
[   82.883085][ T5212] loop3: detected capacity change from 0 to 40427
[   82.921950][ T5215] XFS (loop2): Invalid device [./file0], error=-15
[   82.949511][ T5212] F2FS-fs (loop3): Small segment_count (9 < 1 * 24)
[   82.959527][ T5212] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[   82.977186][ T5224] loop4: detected capacity change from 0 to 32768
[   82.994715][ T5230] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   83.003918][ T5230] REISERFS (device loop0): using ordered data mode
[   83.043973][ T5230] reiserfs: using flush barriers
[   83.055220][ T5212] F2FS-fs (loop3): Found nat_bits in checkpoint
[   83.069988][ T5230] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   83.085237][ T5228] loop1: detected capacity change from 0 to 32768
[   83.102332][ T5230] REISERFS (device loop0): checking transaction log (loop0)
[   83.110705][ T5230] REISERFS (device loop0): Using r5 hash to sort names
[   83.140440][ T5230] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[   83.226009][ T5224] XFS (loop4): Mounting V5 Filesystem
[   83.297522][ T5212] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[   83.304637][ T5212] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[   83.352576][ T5228] XFS (loop1): Mounting V5 Filesystem
[   83.442985][ T4195] attempt to access beyond end of device
[   83.442985][ T4195] loop3: rw=2049, want=45104, limit=40427
[   83.527729][ T5224] XFS (loop4): Ending clean mount
[   83.598005][ T5228] XFS (loop1): Ending clean mount
[   83.654356][ T5228] XFS (loop1): Quotacheck needed: Please wait.
[   83.698139][ T4189] XFS (loop4): Unmounting Filesystem
[   83.816882][ T5228] XFS (loop1): Quotacheck: Done.
[   84.054627][ T4182] XFS (loop1): Unmounting Filesystem
[   84.545324][ T4185] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[   84.567037][ T5286] loop1: detected capacity change from 0 to 256
[   84.614092][ T5286] exFAT-fs (loop1): failed to load upcase table (idx : 0x00011bf5, chksum : 0xcea91b8a, utbl_chksum : 0xe619d30d)
[   84.626693][ T5286] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186)
[   84.812038][   T23] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[   84.834531][ T4185] usb 3-1: Using ep0 maxpacket: 32
[   84.955096][ T5297] netlink: 16 bytes leftover after parsing attributes in process `syz.1.434'.
[   84.994029][ T4185] usb 3-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[   85.008875][ T4185] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   85.020016][ T4185] usb 3-1: config 0 descriptor??
[   85.068569][   T23] usb 4-1: Using ep0 maxpacket: 32
[   85.200712][   T23] usb 4-1: config 0 has an invalid interface number: 51 but max is 0
[   85.212262][   T23] usb 4-1: config 0 has no interface number 0
[   85.243199][ T5306] netlink: 'syz.4.438': attribute type 1 has an invalid length.
[   85.315418][ T4185] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[   85.349925][ T4185] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[   85.371116][ T5312] netlink: 'syz.0.441': attribute type 2 has an invalid length.
[   85.389508][   T23] usb 4-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[   85.394562][ T4185] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[   85.398570][   T23] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   85.406162][ T4185] usb 3-1: media controller created
[   85.435745][   T23] usb 4-1: Product: syz
[   85.445837][   T23] usb 4-1: Manufacturer: syz
[   85.461036][ T4185] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[   85.467443][   T23] usb 4-1: SerialNumber: syz
[   85.483708][   T23] usb 4-1: config 0 descriptor??
[   85.529803][   T23] quatech2 4-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[   85.549765][ T4185] az6027: usb out operation failed. (-71)
[   85.571411][ T4185] az6027: usb out operation failed. (-71)
[   85.589272][ T4185] stb0899_attach: Driver disabled by Kconfig
[   85.598570][ T4185] az6027: no front-end attached
[   85.598570][ T4185] 
[   85.635317][ T4185] az6027: usb out operation failed. (-71)
[   85.642316][ T4185] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[   85.662874][ T4185] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input7
[   85.688271][ T4185] dvb-usb: schedule remote query interval to 400 msecs.
[   85.702431][ T4185] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[   85.719736][ T4185] usb 3-1: USB disconnect, device number 6
[   85.765156][   T23] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[   85.790769][   T23] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[   85.802833][ T4185] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[   85.901460][ T5323] loop0: detected capacity change from 0 to 8192
[   86.040539][   T26] kauditd_printk_skb: 6 callbacks suppressed
[   86.040552][   T26] audit: type=1326 audit(1763640238.742:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5324 comm="syz.1.447" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fb0fda6e749 code=0x0
[   86.256367][ T5332] netlink: 'syz.0.450': attribute type 1 has an invalid length.
[   86.261097][ T5331] program syz.2.449 is using a deprecated SCSI ioctl, please convert it to SG_IO
[   86.303402][ T4185] usb 4-1: USB disconnect, device number 6
[   86.319359][    C1] usb 4-1: qt2_read_bulk_callback - non-zero urb status: -108
[   86.328079][ T5334] loop0: detected capacity change from 0 to 512
[   86.341452][ T4185] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[   86.371770][ T4185] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[   86.395151][ T4185] quatech2 4-1:0.51: device disconnected
[   86.467257][ T5334] EXT4-fs (loop0): Ignoring removed orlov option
[   86.483598][ T5334] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[   86.543984][ T5334] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2229: inode #15: comm syz.0.451: corrupted in-inode xattr
[   86.578294][ T5334] EXT4-fs error (device loop0): ext4_orphan_get:1406: comm syz.0.451: couldn't read orphan inode 15 (err -117)
[   86.592170][ T5334] EXT4-fs (loop0): mounted filesystem without journal. Opts: jqfmt=vfsold,orlov,sysvgroups,noload,nombcache,noblock_validity,init_itable=0x0000000000000051,nogrpid,,errors=continue. Quota mode: none.
[   86.993986][   T21] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[   87.044910][ T5355] loop1: detected capacity change from 0 to 512
[   87.068807][ T5355] EXT4-fs (loop1): Unrecognized mount option "obj_role=noauto_da_alloc" or missing value
[   87.201159][ T5353] loop0: detected capacity change from 0 to 32768
[   87.305593][   T23] kernel write not supported for file /snd/seq (pid: 23 comm: kworker/1:1)
[   87.323728][ T5353] XFS (loop0): Mounting V5 Filesystem
[   87.335093][ T1324] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[   87.377971][   T21] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   87.395177][   T21] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[   87.440291][ T5353] XFS (loop0): Ending clean mount
[   87.470576][ T5353] XFS (loop0): Quotacheck needed: Please wait.
[   87.484907][   T21] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[   87.498451][   T21] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[   87.515192][   T21] usb 5-1: SerialNumber: syz
[   87.552015][ T5384] misc userio: Can't change port type on an already running userio instance
[   87.562461][ T5353] XFS (loop0): Quotacheck: Done.
[   87.570380][ T5382] tap0: tun_chr_ioctl cmd 1074025677
[   87.577455][ T5382] tap0: linktype set to 805
[   87.628953][ T4181] XFS (loop0): Unmounting Filesystem
[   87.673012][ T5386] netlink: 8 bytes leftover after parsing attributes in process `syz.1.471'.
[   87.763641][ T1324] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   87.774866][ T1324] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[   87.788218][ T1324] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00
[   87.797621][ T1324] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   87.817503][ T1324] usb 4-1: config 0 descriptor??
[   87.820788][   T21] usb 5-1: 0:2 : does not exist
[   87.862049][   T21] usb 5-1: USB disconnect, device number 5
[   87.885213][ T5390] ax25_connect(): syz.0.470 uses autobind, please contact jreuter@yaina.de
[   88.112193][ T4349] udevd[4349]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[   88.265084][ T4230] usb 1-1: new full-speed USB device number 5 using dummy_hcd
[   88.328082][ T5408] loop2: detected capacity change from 0 to 2048
[   88.344288][ T1324] kovaplus 0003:1E7D:2D50.0004: unknown main item tag 0x0
[   88.351572][ T1324] kovaplus 0003:1E7D:2D50.0004: unknown main item tag 0x0
[   88.358681][ T1324] kovaplus 0003:1E7D:2D50.0004: unknown main item tag 0x0
[   88.366719][ T1324] kovaplus 0003:1E7D:2D50.0004: unknown main item tag 0x0
[   88.373903][ T1324] kovaplus 0003:1E7D:2D50.0004: unknown main item tag 0x0
[   88.385457][ T1324] kovaplus 0003:1E7D:2D50.0004: hidraw0: USB HID v0.00 Device [HID 1e7d:2d50] on usb-dummy_hcd.3-1/input0
[   88.422210][ T5408] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[   88.528738][ T5414] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[   88.665791][ T5418] netlink: 260 bytes leftover after parsing attributes in process `syz.2.485'.
[   88.687743][ T4230] usb 1-1: config 0 has no interfaces?
[   88.700641][ T4230] usb 1-1: New USB device found, idVendor=12d1, idProduct=42f7, bcdDevice=aa.47
[   88.719537][ T4230] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   88.755693][ T4230] usb 1-1: config 0 descriptor??
[   88.771947][ T5422] loop4: detected capacity change from 0 to 4096
[   88.799968][ T1324] kovaplus 0003:1E7D:2D50.0004: couldn't init struct kovaplus_device
[   88.808108][ T1324] kovaplus 0003:1E7D:2D50.0004: couldn't install mouse
[   88.816195][ T5422] ntfs: volume version 3.1.
[   88.818583][ T1324] kovaplus: probe of 0003:1E7D:2D50.0004 failed with error -71
[   88.844788][ T1324] usb 4-1: USB disconnect, device number 7
[   88.873983][ T5422] ntfs: (device loop4): ntfs_ucstonls(): Unicode name contains characters that cannot be converted to character set koi8-r.  You might want to try to use the mount option nls=utf8.
[   88.908653][ T5423] fido_id[5423]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory
[   88.918850][ T5422] ntfs: (device loop4): ntfs_filldir(): Skipping unrepresentable inode 0x4.
[   89.056772][   T21] usb 1-1: USB disconnect, device number 5
[   89.129932][ T5431] loop4: detected capacity change from 0 to 64
[   89.191819][ T5431] hfs: bad catalog entry type 0
[   89.246385][ T5433] loop4: detected capacity change from 0 to 512
[   89.293400][ T5433] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[   89.403804][ T5437] loop3: detected capacity change from 0 to 1024
[   89.468929][ T5439] loop4: detected capacity change from 0 to 1024
[   89.533909][ T5439] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[   89.552647][    T9] hfsplus: b-tree write err: -5, ino 4
[   89.607120][ T5444] 8021q: adding VLAN 0 to HW filter on device bond1
[   89.673027][ T5444] bond0: (slave bond1): Enslaving as an active interface with an up link
[   89.856616][ T5451] loop3: detected capacity change from 0 to 2048
[   89.897605][ T5460] input: syz1 as /devices/virtual/input/input9
[   89.927610][ T5451] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found
[   89.957909][ T5451] UDF-fs: Scanning with blocksize 512 failed
[   89.980266][ T5462] loop0: detected capacity change from 0 to 2048
[   89.995669][ T5451] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[   90.043982][ T5463] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[   90.191058][ T5468] loop2: detected capacity change from 0 to 1024
[   90.252886][ T5468] EXT4-fs (loop2): inline encryption not supported
[   90.301401][ T5468] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[   90.434014][ T5468] EXT4-fs (loop2): mounted filesystem without journal. Opts: dioread_nolock,noauto_da_alloc,inlinecrypt,i_version,data_err=ignore,barrier=0x0000000000000009,data_err=ignore,grpquota,noblock_validity,user_xattr,resuid=0x0000000000000000,quota,,errors=continue. Quota mode: writeback.
[   90.493476][ T5471] loop3: detected capacity change from 0 to 8192
[   90.518223][   T26] audit: type=1800 audit(1763640242.932:20): pid=5468 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.507" name="file1" dev="loop2" ino=15 res=0 errno=0
[   90.576068][ T5471] REISERFS (device loop3): found reiserfs format "3.5" with non-standard journal
[   90.605124][ T5471] REISERFS (device loop3): using ordered data mode
[   90.622786][ T5471] reiserfs: using flush barriers
[   90.634593][ T5471] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   90.658856][ T5471] REISERFS (device loop3): checking transaction log (loop3)
[   90.710755][ T5471] REISERFS (device loop3): Using r5 hash to sort names
[   90.775532][ T5471] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage.
[   91.309005][ T5508] loop1: detected capacity change from 0 to 4096
[   91.513511][ T5508] EXT4-fs (loop1): mounted filesystem without journal. Opts: grpquota,,errors=continue. Quota mode: writeback.
[   91.528906][ T5515] 8021q: adding VLAN 0 to HW filter on device bond1
[   91.589426][ T5515] bond0: (slave bond1): Enslaving as an active interface with an up link
[   91.892083][ T5531] netlink: 8 bytes leftover after parsing attributes in process `syz.2.533'.
[   91.946821][ T5533] A link change request failed with some changes committed already. Interface bridge_slave_1 may have been left with an inconsistent configuration, please check.
[   91.987371][ T5535] loop0: detected capacity change from 0 to 128
[   92.844009][ T5582] netlink: 44 bytes leftover after parsing attributes in process `syz.1.556'.
[   92.874796][ T5584] netlink: 'syz.2.557': attribute type 1 has an invalid length.
[   92.901617][ T5582] netlink: 'syz.1.556': attribute type 6 has an invalid length.
[   92.970338][ T5582] netlink: 'syz.1.556': attribute type 5 has an invalid length.
[   92.999748][ T5582] netlink: 'syz.1.556': attribute type 4 has an invalid length.
[   93.264035][ T5600] loop3: detected capacity change from 0 to 64
[   93.357165][ T5605] loop2: detected capacity change from 0 to 256
[   93.458113][ T5605] exFAT-fs (loop2): failed to load upcase table (idx : 0x00011a39, chksum : 0xd54015fb, utbl_chksum : 0xe619d30d)
[   93.780809][ T5614] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 0
[   93.858311][ T5623] program syz.2.576 is using a deprecated SCSI ioctl, please convert it to SG_IO
[   93.897231][ T5625] delete_channel: no stack
[   94.388973][ T5649] loop4: detected capacity change from 0 to 4096
[   94.545999][ T5649] EXT4-fs (loop4): mounted filesystem without journal. Opts: grpquota,,errors=continue. Quota mode: writeback.
[   94.726740][ T5668] loop0: detected capacity change from 0 to 512
[   94.821581][ T5668] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[   94.932849][ T5668] EXT4-fs error (device loop0): ext4_orphan_get:1427: comm syz.0.594: bad orphan inode 131083
[   95.038836][ T5668] EXT4-fs (loop0): mounted filesystem without journal. Opts: stripe=0x000000000000003d,init_itable,mb_optimize_scan=0x0000000000000001,,errors=continue. Quota mode: none.
[   95.149339][ T5686] loop1: detected capacity change from 0 to 128
[   95.234837][ T5686] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256
[   95.296572][ T5686] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[   95.321150][ T5690] netlink: 8 bytes leftover after parsing attributes in process `syz.0.604'.
[   95.705063][ T5705] netlink: 'syz.0.612': attribute type 3 has an invalid length.
[   95.747379][ T5705] netlink: 8 bytes leftover after parsing attributes in process `syz.0.612'.
[   95.783921][ T5709] capability: warning: `syz.1.614' uses 32-bit capabilities (legacy support in use)
[   95.872481][   T26] audit: type=1326 audit(1763640247.946:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5710 comm="syz.4.615" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7faf20882749 code=0x0
[   95.907527][ T5682] loop3: detected capacity change from 0 to 32768
[   96.064103][ T5682] XFS (loop3): Mounting V5 Filesystem
[   96.144687][ T5738] loop0: detected capacity change from 0 to 512
[   96.175184][ T5682] XFS (loop3): Ending clean mount
[   96.216083][ T5738] EXT4-fs (loop0): first meta block group too large: 16711680 (group descriptor block count 1)
[   96.241443][ T4195] XFS (loop3): Unmounting Filesystem
[   96.272863][ T1108] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[   96.493867][ T5748] netlink: 464 bytes leftover after parsing attributes in process `syz.3.626'.
[   96.528930][ T1108] usb 3-1: Using ep0 maxpacket: 8
[   96.657529][ T1108] usb 3-1: New USB device found, idVendor=05ac, idProduct=0247, bcdDevice=b0.23
[   96.677415][ T1108] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   96.700385][ T1108] usb 3-1: config 0 descriptor??
[   96.756037][ T1108] input: bcm5974 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input10
[   96.866854][ T5769] loop4: detected capacity change from 0 to 64
[   96.978236][ T3545] bcm5974 3-1:0.0: could not read from device
[   96.998151][ T1108] usb 3-1: USB disconnect, device number 7
[   97.012087][ T3545] bcm5974 3-1:0.0: could not read from device
[   97.066816][ T5774] loop3: detected capacity change from 0 to 512
[   97.100245][ T5774] EXT4-fs (loop3): Ignoring removed bh option
[   97.126963][ T5774] EXT4-fs (loop3): mounted filesystem without journal. Opts: i_version,nogrpid,bh,,errors=continue. Quota mode: writeback.
[   97.181970][ T5774] ext4 filesystem being mounted at /98/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   97.410452][ T5788] netlink: 'syz.1.647': attribute type 3 has an invalid length.
[   97.422743][ T5788] netlink: 8 bytes leftover after parsing attributes in process `syz.1.647'.
[   97.575609][ T5799] loop1: detected capacity change from 0 to 512
[   97.630199][ T1108] usb 5-1: new full-speed USB device number 6 using dummy_hcd
[   97.692533][ T5799] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[   97.704190][ T5799] ext4 filesystem being mounted at /134/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   97.773132][ T5799] EXT4-fs error (device loop1): ext4_do_update_inode:5218: inode #2: comm syz.1.652: corrupted inode contents
[   97.803238][ T5799] EXT4-fs error (device loop1): ext4_dirty_inode:6054: inode #2: comm syz.1.652: mark_inode_dirty error
[   97.821269][ T5799] EXT4-fs error (device loop1): ext4_do_update_inode:5218: inode #2: comm syz.1.652: corrupted inode contents
[   97.834538][    C1] hrtimer: interrupt took 1429013 ns
[   97.859715][ T5799] EXT4-fs error (device loop1): __ext4_ext_dirty:183: inode #2: comm syz.1.652: mark_inode_dirty error
[   97.879356][ T5811] EXT4-fs error (device loop1): ext4_get_first_dir_block:3608: inode #18: comm syz.1.652: directory missing '.'
[   98.229207][ T1108] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[   98.247523][   T26] audit: type=1326 audit(1763640250.163:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5824 comm="syz.1.662" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb0fda6e749 code=0x7ffc0000
[   98.289320][ T1108] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   98.314456][ T1108] usb 5-1: Product: syz
[   98.319712][ T1108] usb 5-1: Manufacturer: syz
[   98.346383][   T26] audit: type=1326 audit(1763640250.163:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5824 comm="syz.1.662" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb0fda6e749 code=0x7ffc0000
[   98.383403][ T1108] usb 5-1: SerialNumber: syz
[   98.405894][ T1108] usb 5-1: config 0 descriptor??
[   98.458179][ T5831] loop1: detected capacity change from 0 to 256
[   98.492232][ T5831] exFAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[   98.507405][   T26] audit: type=1326 audit(1763640250.201:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5824 comm="syz.1.662" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb0fda6e749 code=0x7ffc0000
[   98.549632][ T5831] exFAT-fs (loop1): Medium has reported failures. Some data may be lost.
[   98.586193][   T26] audit: type=1326 audit(1763640250.219:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5824 comm="syz.1.662" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb0fda6e749 code=0x7ffc0000
[   98.622446][   T26] audit: type=1326 audit(1763640250.219:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5824 comm="syz.1.662" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb0fda6e749 code=0x7ffc0000
[   98.666823][   T26] audit: type=1326 audit(1763640250.285:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5824 comm="syz.1.662" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb0fda6e749 code=0x7ffc0000
[   98.738062][ T5831] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xe5674ec2, utbl_chksum : 0xe619d30d)
[   98.754288][ T1108] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[   98.767371][   T26] audit: type=1326 audit(1763640250.294:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5824 comm="syz.1.662" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb0fda6e749 code=0x7ffc0000
[   98.798238][   T26] audit: type=1326 audit(1763640250.294:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5824 comm="syz.1.662" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb0fda6e749 code=0x7ffc0000
[   98.828867][   T26] audit: type=1326 audit(1763640250.303:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5824 comm="syz.1.662" exe="/root/syz-executor" sig=0 arch=c000003e syscall=123 compat=0 ip=0x7fb0fda6e749 code=0x7ffc0000
[   98.892233][ T5840] loop2: detected capacity change from 0 to 256
[   99.116210][ T4185] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[   99.277083][ T1108] dvb_usb_rtl28xxu: probe of 5-1:0.0 failed with error -71
[   99.296110][ T5845] loop1: detected capacity change from 0 to 4096
[   99.301006][ T1108] usb 5-1: USB disconnect, device number 6
[   99.405477][ T4185] usb 1-1: Using ep0 maxpacket: 32
[   99.437402][ T5845] ntfs3: loop1: Mark volume as dirty due to NTFS errors
[   99.561738][ T4185] usb 1-1: config 10 has an invalid interface number: 107 but max is 0
[   99.625036][ T4185] usb 1-1: config 10 has no interface number 0
[   99.653206][ T4185] usb 1-1: config 10 interface 107 altsetting 5 endpoint 0x5 has invalid wMaxPacketSize 0
[   99.717162][ T4185] usb 1-1: config 10 interface 107 has no altsetting 0
[   99.794981][ T5849] loop1: detected capacity change from 0 to 1024
[   99.943594][ T4185] usb 1-1: New USB device found, idVendor=0742, idProduct=200a, bcdDevice=8b.7d
[   99.961410][ T4185] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   99.997405][ T4185] usb 1-1: Product: syz
[  100.017691][ T4185] usb 1-1: Manufacturer: syz
[  100.035860][ T4185] usb 1-1: SerialNumber: syz
[  100.156461][ T5857] netlink: 8 bytes leftover after parsing attributes in process `syz.4.679'.
[  100.424122][ T4185] HFC-S_USB: probe of 1-1:10.107 failed with error -5
[  100.431415][ T4185] usb 1-1: USB disconnect, device number 6
[  100.827616][ T5882] netlink: 4 bytes leftover after parsing attributes in process `syz.3.688'.
[  100.868135][ T5882] netlink: 4 bytes leftover after parsing attributes in process `syz.3.688'.
[  100.901631][ T5882] netlink: 4 bytes leftover after parsing attributes in process `syz.3.688'.
[  100.964526][ T5882] netlink: 4 bytes leftover after parsing attributes in process `syz.3.688'.
[  101.060490][ T5882] netlink: 4 bytes leftover after parsing attributes in process `syz.3.688'.
[  101.126933][ T5884] loop2: detected capacity change from 0 to 1024
[  101.136404][ T5882] netlink: 4 bytes leftover after parsing attributes in process `syz.3.688'.
[  101.165953][ T5882] netlink: 4 bytes leftover after parsing attributes in process `syz.3.688'.
[  101.183018][ T5882] netlink: 4 bytes leftover after parsing attributes in process `syz.3.688'.
[  101.239205][ T5884] EXT4-fs (loop2): revision level too high, forcing read-only mode
[  101.297701][ T5884] EXT4-fs (loop2): orphan cleanup on readonly fs
[  101.391325][ T5884] EXT4-fs error (device loop2): __ext4_get_inode_loc:4327: comm syz.2.689: Invalid inode table block 0 in block_group 0
[  101.498173][ T5884] EXT4-fs (loop2): Remounting filesystem read-only
[  101.578938][ T5884] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5850: Corrupt filesystem
[  101.595435][ T5884] EXT4-fs (loop2): Remounting filesystem read-only
[  101.617784][ T5884] EXT4-fs error (device loop2): ext4_quota_write:6621: inode #3: comm syz.2.689: mark_inode_dirty error
[  101.639448][ T5884] EXT4-fs (loop2): Remounting filesystem read-only
[  101.646012][ T5884] __quota_error: 2 callbacks suppressed
[  101.646026][ T5884] Quota error (device loop2): write_blk: dquota write failed
[  101.806552][ T5884] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota
[  101.864163][ T5884] EXT4-fs error (device loop2): ext4_acquire_dquot:6209: comm syz.2.689: Failed to acquire dquot type 0
[  101.957831][ T5884] EXT4-fs (loop2): Remounting filesystem read-only
[  101.981587][ T5884] EXT4-fs error (device loop2): __ext4_get_inode_loc:4327: comm syz.2.689: Invalid inode table block 0 in block_group 0
[  102.056648][ T5884] EXT4-fs (loop2): Remounting filesystem read-only
[  102.103843][ T5910] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  102.115369][ T5884] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5850: Corrupt filesystem
[  102.185253][ T5884] EXT4-fs (loop2): Remounting filesystem read-only
[  102.200314][ T5884] EXT4-fs error (device loop2): ext4_ext_truncate:4456: inode #15: comm syz.2.689: mark_inode_dirty error
[  102.216479][ T5884] EXT4-fs (loop2): Remounting filesystem read-only
[  102.226424][ T5884] EXT4-fs error (device loop2): __ext4_get_inode_loc:4327: comm syz.2.689: Invalid inode table block 0 in block_group 0
[  102.411343][ T5884] EXT4-fs (loop2): Remounting filesystem read-only
[  102.429071][ T5884] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5850: Corrupt filesystem
[  102.441994][ T5884] EXT4-fs (loop2): Remounting filesystem read-only
[  102.450747][ T5884] EXT4-fs error (device loop2) in ext4_orphan_del:301: Corrupt filesystem
[  102.461996][ T5884] EXT4-fs (loop2): Remounting filesystem read-only
[  102.470600][ T5884] EXT4-fs error (device loop2): __ext4_get_inode_loc:4327: comm syz.2.689: Invalid inode table block 0 in block_group 0
[  102.495591][ T5884] EXT4-fs (loop2): Remounting filesystem read-only
[  102.504268][ T5928] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant.
[  102.504268][ T5928] The task syz.1.709 (5928) triggered the difference, watch for misbehavior.
[  102.532470][ T5884] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5850: Corrupt filesystem
[  102.551169][ T5884] EXT4-fs (loop2): Remounting filesystem read-only
[  102.569332][ T5884] EXT4-fs error (device loop2): ext4_truncate:4279: inode #15: comm syz.2.689: mark_inode_dirty error
[  102.588073][ T5884] EXT4-fs (loop2): Remounting filesystem read-only
[  102.625562][ T5884] EXT4-fs error (device loop2) in ext4_process_orphan:343: Corrupt filesystem
[  102.657930][ T5884] EXT4-fs (loop2): Remounting filesystem read-only
[  102.691730][ T5884] EXT4-fs (loop2): 1 truncate cleaned up
[  102.720768][ T5884] EXT4-fs (loop2): mounted filesystem without journal. Opts: max_dir_size_kb=0x0000000000000013,stripe=0x0000000000000000,nolazytime,errors=remount-ro,data_err=ignore,noblock_validity,minixdf,min_batch_time=0x0000000000000013,. Quota mode: writeback.
[  102.957794][ T5884] EXT4-fs (loop2): shut down requested (1)
[  102.965911][ T5934] loop4: detected capacity change from 0 to 8192
[  103.004557][ T5934] UDF-fs: warning (device loop4): udf_load_vrs: No VRS found
[  103.013398][ T5939] EXT4-fs error (device loop2): __ext4_get_inode_loc:4327: comm syz.2.689: Invalid inode table block 0 in block_group 0
[  103.033689][ T5934] UDF-fs: Scanning with blocksize 512 failed
[  103.064355][ T5934] UDF-fs: warning (device loop4): udf_load_vrs: No VRS found
[  103.086671][ T5934] UDF-fs: Scanning with blocksize 1024 failed
[  103.116967][ T5934] UDF-fs: warning (device loop4): udf_load_vrs: No VRS found
[  103.154283][ T5934] UDF-fs: Scanning with blocksize 2048 failed
[  103.226553][ T5934] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  103.433806][ T5945] loop1: detected capacity change from 0 to 1024
[  103.678005][ T5945] hfsplus: can't free extent
[  103.747392][ T5950] program syz.2.719 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  103.778804][ T5948] hfsplus: can't free extent
[  103.788402][ T5948] hfsplus: can't free extent
[  104.159420][ T5938] loop3: detected capacity change from 0 to 32768
[  104.266046][ T5962] loop2: detected capacity change from 0 to 256
[  104.394238][ T5962] FAT-fs (loop2): Directory bread(block 1285) failed
[  104.412316][ T5962] FAT-fs (loop2): Directory bread(block 1285) failed
[  104.438896][ T5962] FAT-fs (loop2): Directory bread(block 1285) failed
[  104.478941][ T5962] FAT-fs (loop2): Directory bread(block 1285) failed
[  104.547095][ T5965] FAT-fs (loop2): Directory bread(block 1285) failed
[  104.606908][ T5965] FAT-fs (loop2): FAT read failed (blocknr 1281)
[  104.910029][ T5977] loop3: detected capacity change from 0 to 1024
[  105.259185][ T5987] __nla_validate_parse: 49 callbacks suppressed
[  105.259200][ T5987] netlink: 20 bytes leftover after parsing attributes in process `syz.0.734'.
[  105.326928][ T5954] loop4: detected capacity change from 0 to 40427
[  105.412659][ T5954] F2FS-fs (loop4): build fault injection attr: rate: 7, type: 0x1ffff
[  105.456077][    C0] F2FS-fs (loop4) : inject read IO error in f2fs_read_end_io of blk_update_request+0x876/0x1200
[  105.525131][ T5954] F2FS-fs (loop4) : inject kmalloc in f2fs_kmalloc of f2fs_fill_super+0x455c/0x6f00
[  105.570144][ T5954] F2FS-fs (loop4): Failed to initialize F2FS segment manager (-12)
[  105.912971][ T6007] loop4: detected capacity change from 0 to 1024
[  105.964657][ T6009] loop0: detected capacity change from 0 to 512
[  106.091320][ T6009] EXT4-fs (loop0): Ignoring removed bh option
[  106.126998][ T6011] loop2: detected capacity change from 0 to 4096
[  106.164175][ T6009] EXT4-fs (loop0): mounted filesystem without journal. Opts: i_version,nogrpid,bh,,errors=continue. Quota mode: writeback.
[  106.196215][ T6018] loop4: detected capacity change from 0 to 1024
[  106.217632][ T6009] ext4 filesystem being mounted at /160/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  106.251229][ T6020] loop3: detected capacity change from 0 to 256
[  106.317153][ T6021] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  106.419108][ T6020] FAT-fs (loop3): Directory bread(block 64) failed
[  106.425711][ T6020] FAT-fs (loop3): Directory bread(block 65) failed
[  106.517503][ T6020] FAT-fs (loop3): Directory bread(block 66) failed
[  106.527497][ T6020] FAT-fs (loop3): Directory bread(block 67) failed
[  106.569832][ T6020] FAT-fs (loop3): Directory bread(block 68) failed
[  106.624839][ T6020] FAT-fs (loop3): Directory bread(block 69) failed
[  106.659831][ T6020] FAT-fs (loop3): Directory bread(block 70) failed
[  106.696889][ T6020] FAT-fs (loop3): Directory bread(block 71) failed
[  106.706537][ T6020] FAT-fs (loop3): Directory bread(block 72) failed
[  106.748457][ T6020] FAT-fs (loop3): Directory bread(block 73) failed
[  107.202292][ T6041] loop2: detected capacity change from 0 to 64
[  107.397841][ T6047] loop4: detected capacity change from 0 to 512
[  107.430580][ T6045] netlink: 32 bytes leftover after parsing attributes in process `syz.3.757'.
[  107.476509][ T6045] netlink: 12 bytes leftover after parsing attributes in process `syz.3.757'.
[  107.500848][ T6051] loop2: detected capacity change from 0 to 1024
[  107.513178][ T6047] EXT4-fs (loop4): Ignoring removed bh option
[  107.593410][ T6047] EXT4-fs (loop4): mounted filesystem without journal. Opts: i_version,nogrpid,bh,,errors=continue. Quota mode: writeback.
[  107.653869][ T6047] ext4 filesystem being mounted at /169/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  107.847566][ T6057] loop3: detected capacity change from 0 to 2048
[  108.007373][ T6057] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  108.128664][ T6057] UDF-fs: error (device loop3): udf_verify_fi: directory (ino 1376) has entry where CRC length (32) does not match entry length (24)
[  108.177863][ T6067] loop2: detected capacity change from 0 to 512
[  108.618003][ T6073] loop3: detected capacity change from 0 to 1024
[  108.771103][ T5454] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  109.069085][ T5454] usb 3-1: Using ep0 maxpacket: 32
[  109.197760][ T5454] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  109.272159][ T5454] usb 3-1: config 1 has no interface number 1
[  109.443559][ T5454] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  109.486240][ T5454] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  109.522002][ T5454] usb 3-1: Product: syz
[  109.527462][ T5454] usb 3-1: Manufacturer: syz
[  109.552581][ T6060] loop1: detected capacity change from 0 to 32768
[  109.566599][ T5454] usb 3-1: SerialNumber: syz
[  109.593391][ T6100] loop4: detected capacity change from 0 to 4096
[  109.721296][ T6111] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  109.767280][ T6060] XFS (loop1): Mounting V5 Filesystem
[  109.936101][ T5454] usb 3-1: 2:1 : no or invalid class specific endpoint descriptor
[  109.947982][ T5454] usb 3-1: 2:1: invalid format type 0x1002 is detected, processed as PCM
[  109.963637][ T5454] usb 3-1: 2:1 : unsupported sample bitwidth 71 in 38 bytes
[  110.002511][ T6060] XFS (loop1): Ending clean mount
[  110.046552][ T6060] XFS (loop1): Quotacheck needed: Please wait.
[  110.053916][ T5454] usb 3-1: USB disconnect, device number 8
[  110.264216][ T6060] XFS (loop1): Quotacheck: Done.
[  110.353753][ T4349] udevd[4349]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  110.630437][ T4182] XFS (loop1): Unmounting Filesystem
[  110.874573][ T6137] loop2: detected capacity change from 0 to 512
[  110.974775][ T6137] EXT4-fs (loop2): Ignoring removed bh option
[  111.044716][ T6110] loop3: detected capacity change from 0 to 32768
[  111.057832][ T6137] EXT4-fs (loop2): mounted filesystem without journal. Opts: i_version,nogrpid,bh,,errors=continue. Quota mode: writeback.
[  111.075766][ T6110] (syz.3.786,6110,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  111.091315][ T6110] (syz.3.786,6110,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  111.132476][ T6137] ext4 filesystem being mounted at /155/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  111.176982][ T1324] kernel write not supported for file /sequencer (pid: 1324 comm: kworker/0:2)
[  111.341132][ T6110] (syz.3.786,6110,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xcfdff595, computed 0xefed4a20. Applying ECC.
[  111.427087][ T6153] loop0: detected capacity change from 0 to 1024
[  111.488603][ T6110] JBD2: Ignoring recovery information on journal
[  111.639259][ T6158] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input11
[  111.695101][ T6110] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  111.934375][ T6110] (syz.3.786,6110,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb68296ec, computed 0xec517776. Applying ECC.
[  112.020428][ T6110] (syz.3.786,6110,0):ocfs2_block_check_validate:416 ERROR: Fixed CRC32 failed: stored: 0xb68296ec, computed 0xccb4c126
[  112.067146][ T6110] (syz.3.786,6110,0):ocfs2_group_extend:318 ERROR: status = -5
[  112.231588][ T6110] syz.3.786 (6110) used greatest stack depth: 20672 bytes left
[  112.275933][ T4195] ocfs2: Unmounting device (7,3) on (node local)
[  112.312523][ T6180] netlink: 44 bytes leftover after parsing attributes in process `syz.1.811'.
[  112.366048][ T6180] netlink: 43 bytes leftover after parsing attributes in process `syz.1.811'.
[  112.399943][ T6180] netlink: 'syz.1.811': attribute type 5 has an invalid length.
[  112.447323][ T6180] netlink: 43 bytes leftover after parsing attributes in process `syz.1.811'.
[  112.901903][ T6171] loop2: detected capacity change from 0 to 32768
[  112.942187][ T6191] loop1: detected capacity change from 0 to 1024
[  113.026187][ T6171] XFS (loop2): Mounting V5 Filesystem
[  113.191097][ T6171] XFS (loop2): Ending clean mount
[  113.241665][ T6206] loop4: detected capacity change from 0 to 4096
[  113.332418][ T4183] XFS (loop2): Unmounting Filesystem
[  113.402481][ T6208] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  113.447120][ T6209] loop1: detected capacity change from 0 to 256
[  113.503010][ T6209] FAT-fs (loop1): Directory bread(block 64) failed
[  113.537757][ T6209] FAT-fs (loop1): Directory bread(block 65) failed
[  113.634024][ T6209] FAT-fs (loop1): Directory bread(block 66) failed
[  113.682376][ T6209] FAT-fs (loop1): Directory bread(block 67) failed
[  113.724058][ T6209] FAT-fs (loop1): Directory bread(block 68) failed
[  113.755440][ T6209] FAT-fs (loop1): Directory bread(block 69) failed
[  113.762455][   T23] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  113.780457][ T6209] FAT-fs (loop1): Directory bread(block 70) failed
[  113.864666][ T6209] FAT-fs (loop1): Directory bread(block 71) failed
[  113.899122][ T6217] loop4: detected capacity change from 0 to 164
[  113.928718][ T6209] FAT-fs (loop1): Directory bread(block 72) failed
[  113.949628][ T6209] FAT-fs (loop1): Directory bread(block 73) failed
[  114.383032][   T23] usb 4-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.00
[  114.425740][   T23] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  114.504707][   T23] usb 4-1: Product: syz
[  114.510152][   T23] usb 4-1: Manufacturer: syz
[  114.542681][   T23] usb 4-1: SerialNumber: syz
[  114.888860][ T6227] loop1: detected capacity change from 0 to 32768
[  114.994574][ T6227] XFS (loop1): Mounting V5 Filesystem
[  115.029970][ T6227] XFS (loop1): Ending clean mount
[  115.148370][ T4182] XFS (loop1): Unmounting Filesystem
[  115.270442][ T6246] netlink: 8 bytes leftover after parsing attributes in process `syz.4.834'.
[  115.387555][   T23] rtl8150 4-1:1.0: eth1: rtl8150 is detected
[  115.464172][ T6250] loop2: detected capacity change from 0 to 1024
[  115.563473][ T1324] usb 4-1: USB disconnect, device number 8
[  115.875165][ T6260] netlink: 60 bytes leftover after parsing attributes in process `syz.2.840'.
[  115.927717][ T6260] netlink: 60 bytes leftover after parsing attributes in process `syz.2.840'.
[  116.131827][ T6269] loop1: detected capacity change from 0 to 512
[  116.268861][ T6269] EXT4-fs (loop1): Ignoring removed bh option
[  116.350822][ T6269] EXT4-fs (loop1): mounted filesystem without journal. Opts: i_version,nogrpid,bh,,errors=continue. Quota mode: writeback.
[  116.373809][ T6269] ext4 filesystem being mounted at /162/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  116.477804][ T4287] Bluetooth: hci4: command 0x0411 tx timeout
[  116.641879][ T6289] loop0: detected capacity change from 0 to 256
[  116.741801][ T6289] FAT-fs (loop0): Directory bread(block 1285) failed
[  116.820532][ T6289] FAT-fs (loop0): Directory bread(block 1285) failed
[  116.845797][ T6289] FAT-fs (loop0): Directory bread(block 1285) failed
[  116.885847][ T6289] FAT-fs (loop0): Directory bread(block 1285) failed
[  116.896135][ T6296] FAT-fs (loop0): Directory bread(block 1285) failed
[  116.905008][ T6296] FAT-fs (loop0): FAT read failed (blocknr 1281)
[  116.969389][ T4287] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  117.133495][ T6275] loop3: detected capacity change from 0 to 32768
[  117.166695][ T6275] XFS: ikeep mount option is deprecated.
[  117.279396][ T4287] usb 5-1: Using ep0 maxpacket: 8
[  117.280945][ T6300] loop1: detected capacity change from 0 to 8192
[  117.315415][ T6275] XFS (loop3): Mounting V5 Filesystem
[  117.357836][ T6310] loop0: detected capacity change from 0 to 512
[  117.397786][ T6310] EXT4-fs (loop0): Ignoring removed bh option
[  117.411279][ T6300] REISERFS (device loop1): found reiserfs format "3.5" with non-standard journal
[  117.420897][ T4287] usb 5-1: New USB device found, idVendor=05ac, idProduct=0247, bcdDevice=b0.23
[  117.429614][ T6300] REISERFS (device loop1): using ordered data mode
[  117.429965][ T4287] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  117.453057][ T4287] usb 5-1: config 0 descriptor??
[  117.479696][ T6300] reiserfs: using flush barriers
[  117.506378][ T6300] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  117.525447][ T4287] input: bcm5974 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input12
[  117.550476][ T6300] REISERFS (device loop1): checking transaction log (loop1)
[  117.600249][ T6310] EXT4-fs (loop0): mounted filesystem without journal. Opts: i_version,nogrpid,bh,,errors=continue. Quota mode: writeback.
[  117.618595][ T6300] REISERFS (device loop1): Using r5 hash to sort names
[  117.681205][ T6300] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage.
[  117.724507][ T6310] ext4 filesystem being mounted at /187/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  117.759432][ T6275] XFS (loop3): Ending clean mount
[  117.764722][ T3545] bcm5974 5-1:0.0: could not read from device
[  117.787431][ T4287] usb 5-1: USB disconnect, device number 7
[  117.813943][ T3545] bcm5974 5-1:0.0: could not read from device
[  117.828198][ T6275] XFS (loop3): Quotacheck needed: Please wait.
[  118.073741][ T6275] XFS (loop3): Quotacheck: Done.
[  118.437006][ T4195] XFS (loop3): Unmounting Filesystem
[  118.796766][ T6339] loop2: detected capacity change from 0 to 512
[  118.894413][ T6339] EXT4-fs (loop2): Ignoring removed bh option
[  118.922187][ T6343] loop4: detected capacity change from 0 to 256
[  119.045248][   T26] audit: type=1800 audit(1763640269.619:33): pid=6343 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.860" name="file1" dev="loop4" ino=1048645 res=0 errno=0
[  119.096989][ T6339] EXT4-fs (loop2): mounted filesystem without journal. Opts: i_version,nogrpid,bh,,errors=continue. Quota mode: writeback.
[  119.153907][ T4222] FAT-fs (loop4): error, corrupted file size (i_pos 196, 2097152)
[  119.189513][ T6339] ext4 filesystem being mounted at /166/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  119.229731][ T4222] FAT-fs (loop4): Filesystem has been set read-only
[  119.297665][ T4222] FAT-fs (loop4): error, corrupted file size (i_pos 196, 2097152)
[  119.718510][ T6362] loop4: detected capacity change from 0 to 4096
[  119.932489][ T6362] ntfs: (device loop4): parse_options(): NLS character set cpS not found. Using previous one iso8859-2.
[  120.002991][ T6362] ntfs: volume version 3.1.
[  120.081596][ T6362] ntfs: (device loop4): ntfs_nlstoucs(): Name is too long (maximum length for a name on NTFS is 255 Unicode characters.
[  120.151872][ T6367] loop2: detected capacity change from 0 to 8192
[  120.223935][ T6367] REISERFS (device loop2): found reiserfs format "3.5" with non-standard journal
[  120.244573][ T6367] REISERFS (device loop2): using ordered data mode
[  120.256323][ T6367] reiserfs: using flush barriers
[  120.273886][ T6367] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  120.296288][ T6367] REISERFS (device loop2): checking transaction log (loop2)
[  120.327801][ T6367] REISERFS (device loop2): Using r5 hash to sort names
[  120.358066][ T6367] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage.
[  120.370577][ T6370] loop1: detected capacity change from 0 to 2048
[  120.469395][ T6370] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  120.620509][ T6370] UDF-fs: error (device loop1): udf_verify_fi: directory (ino 1376) has entry where CRC length (32) does not match entry length (24)
[  121.099077][ T6385] netlink: 1 bytes leftover after parsing attributes in process `syz.3.877'.
[  121.361980][ T6391] loop3: detected capacity change from 0 to 512
[  121.502944][ T6391] EXT4-fs (loop3): Ignoring removed orlov option
[  121.511325][ T6391] EXT4-fs (loop3): bad block size 65536
[  121.554244][ T6397] loop2: detected capacity change from 0 to 512
[  121.621746][ T6397] EXT4-fs (loop2): Ignoring removed bh option
[  121.816195][ T6375] loop4: detected capacity change from 0 to 32768
[  121.818890][ T6403] loop1: detected capacity change from 0 to 256
[  121.863761][ T6397] EXT4-fs (loop2): mounted filesystem without journal. Opts: i_version,nogrpid,bh,,errors=continue. Quota mode: writeback.
[  121.910415][ T6403] exFAT-fs (loop1): failed to load upcase table (idx : 0x00011bf5, chksum : 0xcea91b8a, utbl_chksum : 0xe619d30d)
[  121.933847][ T6375] read_mapping_page failed!
[  121.938884][ T6375] ialloc: diAlloc returned -5!
[  122.026119][ T6397] ext4 filesystem being mounted at /168/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  122.069651][ T6403] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186)
[  122.188966][  T276] read_mapping_page failed!
[  122.483254][ T6412] loop2: detected capacity change from 0 to 512
[  122.664503][ T6412] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  122.693052][ T6412] ext4 filesystem being mounted at /169/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  122.766804][ T6412] EXT4-fs error (device loop2): ext4_do_update_inode:5218: inode #2: comm syz.2.886: corrupted inode contents
[  122.806402][ T6412] EXT4-fs error (device loop2): ext4_dirty_inode:6054: inode #2: comm syz.2.886: mark_inode_dirty error
[  122.837639][ T6412] EXT4-fs error (device loop2): ext4_do_update_inode:5218: inode #2: comm syz.2.886: corrupted inode contents
[  122.839347][ T6418] loop4: detected capacity change from 0 to 2048
[  122.867225][ T6412] EXT4-fs error (device loop2): __ext4_ext_dirty:183: inode #2: comm syz.2.886: mark_inode_dirty error
[  122.925731][ T6400] loop0: detected capacity change from 0 to 32768
[  122.963114][ T6420] EXT4-fs error (device loop2): ext4_get_first_dir_block:3608: inode #18: comm syz.2.886: directory missing '.'
[  123.026352][ T6422] loop3: detected capacity change from 0 to 256
[  123.043747][ T6418] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  123.114049][ T6422] FAT-fs (loop3): Directory bread(block 1285) failed
[  123.186325][ T6422] FAT-fs (loop3): Directory bread(block 1285) failed
[  123.215874][ T6418] UDF-fs: error (device loop4): udf_verify_fi: directory (ino 1376) has entry where CRC length (32) does not match entry length (24)
[  123.248574][ T6422] FAT-fs (loop3): Directory bread(block 1285) failed
[  123.343382][ T6422] FAT-fs (loop3): Directory bread(block 1285) failed
[  123.361572][ T6426] loop0: detected capacity change from 0 to 1024
[  123.394895][ T6427] FAT-fs (loop3): Directory bread(block 1285) failed
[  123.457117][ T6427] FAT-fs (loop3): FAT read failed (blocknr 1281)
[  123.489927][ T6426] hfsplus: can't free extent
[  123.497638][ T6426] hfsplus: can't free extent
[  123.550201][ T6426] hfsplus: can't free extent
[  123.752258][ T6439] loop4: detected capacity change from 0 to 512
[  123.818581][ T6443] netlink: 44 bytes leftover after parsing attributes in process `syz.0.897'.
[  123.861044][ T6443] netlink: 43 bytes leftover after parsing attributes in process `syz.0.897'.
[  123.886538][ T6439] EXT4-fs (loop4): Ignoring removed bh option
[  123.925111][ T6443] netlink: 'syz.0.897': attribute type 5 has an invalid length.
[  123.962769][ T6439] EXT4-fs (loop4): mounted filesystem without journal. Opts: i_version,nogrpid,bh,,errors=continue. Quota mode: writeback.
[  123.982132][ T6443] netlink: 43 bytes leftover after parsing attributes in process `syz.0.897'.
[  123.997721][ T6439] ext4 filesystem being mounted at /202/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  124.078810][ T6454] loop3: detected capacity change from 0 to 512
[  124.235479][ T6454] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  124.300600][ T6454] ext4 filesystem being mounted at /150/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  124.343492][ T6454] EXT4-fs error (device loop3): ext4_do_update_inode:5218: inode #2: comm syz.3.903: corrupted inode contents
[  124.370105][ T6454] EXT4-fs error (device loop3): ext4_dirty_inode:6054: inode #2: comm syz.3.903: mark_inode_dirty error
[  124.388944][ T6454] EXT4-fs error (device loop3): ext4_do_update_inode:5218: inode #2: comm syz.3.903: corrupted inode contents
[  124.434741][ T6454] EXT4-fs error (device loop3): __ext4_ext_dirty:183: inode #2: comm syz.3.903: mark_inode_dirty error
[  124.469245][ T6463] loop4: detected capacity change from 0 to 512
[  124.488145][ T6464] EXT4-fs error (device loop3): ext4_get_first_dir_block:3608: inode #18: comm syz.3.903: directory missing '.'
[  125.184976][ T6471] loop3: detected capacity change from 0 to 32768
[  125.265598][ T1346] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  125.317332][ T6471] XFS (loop3): Mounting V5 Filesystem
[  125.423975][ T6471] XFS (loop3): Ending clean mount
[  125.573919][ T6496] loop2: detected capacity change from 0 to 164
[  125.585924][ T1346] usb 5-1: Using ep0 maxpacket: 32
[  125.637492][ T4195] XFS (loop3): Unmounting Filesystem
[  125.736606][ T1346] usb 5-1: config 0 has an invalid interface number: 51 but max is 0
[  125.765225][ T1346] usb 5-1: config 0 has no interface number 0
[  125.994248][ T1346] usb 5-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  126.015428][ T1346] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  126.055890][ T1346] usb 5-1: Product: syz
[  126.065750][ T1346] usb 5-1: Manufacturer: syz
[  126.070918][ T1346] usb 5-1: SerialNumber: syz
[  126.099402][ T1346] usb 5-1: config 0 descriptor??
[  126.164645][ T1346] quatech2 5-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  126.216997][   T23] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  126.434608][ T1346] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  126.484426][   T23] usb 1-1: Using ep0 maxpacket: 8
[  126.489659][ T1346] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  126.536193][ T6520] loop3: detected capacity change from 0 to 512
[  126.644651][   T23] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  126.658793][   T23] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  126.675475][   T23] usb 1-1: New USB device found, idVendor=06cb, idProduct=81a7, bcdDevice= 0.00
[  126.696221][   T23] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  126.717206][   T23] usb 1-1: config 0 descriptor??
[  126.940239][ T5454] usb 5-1: USB disconnect, device number 8
[  126.954354][    C0] usb 5-1: qt2_read_bulk_callback - non-zero urb status: -71
[  126.973526][ T5454] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  127.035881][ T5454] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  127.063136][ T5454] quatech2 5-1:0.51: device disconnected
[  127.231710][   T23] hid-rmi 0003:06CB:81A7.0005: unknown main item tag 0x7
[  127.253919][   T23] hid-rmi 0003:06CB:81A7.0005: unbalanced collection at end of report description
[  127.268330][   T23] hid-rmi 0003:06CB:81A7.0005: parse failed
[  127.277388][   T23] hid-rmi: probe of 0003:06CB:81A7.0005 failed with error -22
[  127.468328][ T4230] usb 1-1: USB disconnect, device number 7
[  127.591155][ T6546] loop1: detected capacity change from 0 to 512
[  127.674032][ T6546] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem
[  127.752535][ T6546] EXT4-fs (loop1): invalid journal inode
[  127.759461][ T6553] syz.2.943[6553] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  127.759557][ T6553] syz.2.943[6553] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  127.810028][ T6546] EXT4-fs (loop1): can't get journal size
[  127.839264][ T6553] unsupported nla_type 52263
[  127.869837][ T6556] loop3: detected capacity change from 0 to 1024
[  127.972721][ T6546] EXT4-fs (loop1): 1 truncate cleaned up
[  128.033745][ T6556] EXT4-fs (loop3): mounted filesystem without journal. Opts: noinit_itable,dax=inode,nolazytime,abort,dax=inode,lazytime,noload,bsddf,noauto_da_alloc,,errors=continue. Quota mode: none.
[  128.062186][ T6546] EXT4-fs (loop1): mounted filesystem without journal. Opts: norecovery,max_batch_time=0x0000000000000003,,errors=continue. Quota mode: none.
[  128.184159][ T6572] overlayfs: workdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection.
[  128.351085][ T6576] x_tables: ip6_tables: icmp6 match: only valid for protocol 58
[  128.459267][ T4195] EXT4-fs error (device loop3): ext4_empty_dir:3136: inode #11: comm syz-executor: invalid size
[  128.550944][ T4195] EXT4-fs error (device loop3): ext4_empty_dir:3136: inode #11: comm syz-executor: invalid size
[  128.639169][ T4195] EXT4-fs error (device loop3): ext4_empty_dir:3136: inode #11: comm syz-executor: invalid size
[  128.707152][ T4195] EXT4-fs error (device loop3): ext4_empty_dir:3136: inode #11: comm syz-executor: invalid size
[  128.773837][ T4195] EXT4-fs error (device loop3): ext4_empty_dir:3136: inode #11: comm syz-executor: invalid size
[  128.859305][ T6593] loop4: detected capacity change from 0 to 2048
[  128.895543][ T4195] EXT4-fs error (device loop3): ext4_empty_dir:3136: inode #11: comm syz-executor: invalid size
[  128.934487][ T4195] EXT4-fs error (device loop3): ext4_empty_dir:3136: inode #11: comm syz-executor: invalid size
[  128.951095][ T6593] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  128.972237][ T4195] EXT4-fs error (device loop3): ext4_empty_dir:3136: inode #11: comm syz-executor: invalid size
[  129.016668][ T4195] EXT4-fs error (device loop3): ext4_empty_dir:3136: inode #11: comm syz-executor: invalid size
[  129.071579][ T4195] EXT4-fs error (device loop3): ext4_empty_dir:3136: inode #11: comm syz-executor: invalid size
[  129.368462][ T6613] loop0: detected capacity change from 0 to 512
[  129.483912][ T6617] loop1: detected capacity change from 0 to 512
[  129.536273][ T6617] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  129.570372][ T6613] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  129.591504][ T6613] ext4 filesystem being mounted at /216/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  129.626582][ T6617] EXT4-fs (loop1): 1 truncate cleaned up
[  129.644396][ T6617] EXT4-fs (loop1): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000001,auto_da_alloc=0x0000000000000eb0,debug_want_extra_isize=0x0000000000000068,lazytime,nombcache,noload,noquota,,errors=continue. Quota mode: none.
[  129.662462][ T6613] EXT4-fs error (device loop0): ext4_do_update_inode:5218: inode #2: comm syz.0.968: corrupted inode contents
[  129.741573][ T6613] EXT4-fs error (device loop0): ext4_dirty_inode:6054: inode #2: comm syz.0.968: mark_inode_dirty error
[  129.807226][ T6617] EXT4-fs (loop1): re-mounted. Opts: (null). Quota mode: none.
[  129.818748][ T6613] EXT4-fs error (device loop0): ext4_do_update_inode:5218: inode #2: comm syz.0.968: corrupted inode contents
[  129.887756][ T6613] EXT4-fs error (device loop0): __ext4_ext_dirty:183: inode #2: comm syz.0.968: mark_inode_dirty error
[  129.967277][ T6617] EXT4-fs (loop1): Ignoring removed orlov option
[  129.980453][ T6622] EXT4-fs error (device loop0): ext4_get_first_dir_block:3608: inode #18: comm syz.0.968: directory missing '.'
[  130.012055][ T6617] EXT4-fs (loop1): Remounting file system with no journal so ignoring journalled data option
[  130.049194][ T6617] EXT4-fs (loop1): re-mounted. Opts: bsdgroups,nodiscard,noblock_validity,nouid32,usrjquota=,orlov,norecovery,barrier,data=journal,. Quota mode: none.
[  130.172312][ T5454] usb 5-1: new full-speed USB device number 9 using dummy_hcd
[  130.508322][ T4222] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  130.619641][ T4222] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  130.643802][ T5454] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  130.685901][ T5454] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64
[  130.732736][ T5454] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  130.782347][ T5454] usb 5-1: New USB device found, idVendor=0755, idProduct=2626, bcdDevice= 0.00
[  130.824488][ T5454] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  130.860854][ T6640] loop1: detected capacity change from 0 to 64
[  130.897143][ T4222] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  130.910272][ T5454] usb 5-1: config 0 descriptor??
[  130.953683][ T6624] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  131.035469][ T6628] loop2: detected capacity change from 0 to 32768
[  131.208151][ T4222] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  131.447922][ T5454] aureal 0003:0755:2626.0006: unknown main item tag 0x6
[  131.486464][ T5454] aureal 0003:0755:2626.0006: unknown global tag 0xe
[  131.516035][ T5454] aureal 0003:0755:2626.0006: item 0 2 1 14 parsing failed
[  131.551027][ T5454] aureal: probe of 0003:0755:2626.0006 failed with error -22
[  131.661708][ T4287] usb 5-1: USB disconnect, device number 9
[  131.864247][ T6641] chnl_net:caif_netlink_parms(): no params data found
[  131.998473][ T6641] bridge0: port 1(bridge_slave_0) entered blocking state
[  132.005910][ T6641] bridge0: port 1(bridge_slave_0) entered disabled state
[  132.020835][ T6641] device bridge_slave_0 entered promiscuous mode
[  132.043915][ T6641] bridge0: port 2(bridge_slave_1) entered blocking state
[  132.051110][ T6641] bridge0: port 2(bridge_slave_1) entered disabled state
[  132.067774][ T6641] device bridge_slave_1 entered promiscuous mode
[  132.116873][ T6641] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  132.138082][ T6641] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  132.184964][ T6641] team0: Port device team_slave_0 added
[  132.198580][ T6641] team0: Port device team_slave_1 added
[  132.278381][ T6641] batman_adv: batadv0: Adding interface: batadv_slave_0
[  132.286817][ T6641] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  132.353116][ T6671] overlayfs: workdir and upperdir must reside under the same mount
[  132.369881][ T6641] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  132.391834][ T6672] loop4: detected capacity change from 0 to 512
[  132.429676][ T6641] batman_adv: batadv0: Adding interface: batadv_slave_1
[  132.458791][ T6641] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  132.552948][ T6672] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  132.562423][ T6641] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  132.585963][ T6672] ext4 filesystem being mounted at /217/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  132.654029][ T6672] EXT4-fs error (device loop4): ext4_do_update_inode:5218: inode #2: comm syz.4.985: corrupted inode contents
[  132.667401][ T6672] EXT4-fs error (device loop4): ext4_dirty_inode:6054: inode #2: comm syz.4.985: mark_inode_dirty error
[  132.731659][ T6641] device hsr_slave_0 entered promiscuous mode
[  132.746977][ T6641] device hsr_slave_1 entered promiscuous mode
[  132.755634][ T6672] EXT4-fs error (device loop4): ext4_do_update_inode:5218: inode #2: comm syz.4.985: corrupted inode contents
[  132.774256][ T6641] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  132.784501][ T6672] EXT4-fs error (device loop4): __ext4_ext_dirty:183: inode #2: comm syz.4.985: mark_inode_dirty error
[  132.800184][ T6641] Cannot create hsr debugfs directory
[  132.840104][ T6683] EXT4-fs error (device loop4): ext4_get_first_dir_block:3608: inode #18: comm syz.4.985: directory missing '.'
[  133.182502][ T6641] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  133.199757][ T6641] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  133.231908][ T4185] Bluetooth: hci4: command 0x0409 tx timeout
[  133.277801][ T6641] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  133.290979][ T6641] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  133.458976][ T6641] 8021q: adding VLAN 0 to HW filter on device bond0
[  133.483203][ T4260] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  133.493502][ T4260] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  133.505637][ T6641] 8021q: adding VLAN 0 to HW filter on device team0
[  133.545037][ T4222] device hsr_slave_0 left promiscuous mode
[  133.558848][ T4222] device hsr_slave_1 left promiscuous mode
[  133.567245][ T4222] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  133.581625][ T4222] batman_adv: batadv0: Removing interface: batadv_slave_0
[  133.591690][ T4222] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  133.606718][ T4222] batman_adv: batadv0: Removing interface: batadv_slave_1
[  133.621066][ T4222] device bridge_slave_1 left promiscuous mode
[  133.632055][ T4222] bridge0: port 2(bridge_slave_1) entered disabled state
[  133.663379][ T4222] device bridge_slave_0 left promiscuous mode
[  133.671750][ T4222] bridge0: port 1(bridge_slave_0) entered disabled state
[  133.717172][ T4222] device veth1_macvtap left promiscuous mode
[  133.728580][ T4222] device veth0_macvtap left promiscuous mode
[  133.737975][ T4222] device veth1_vlan left promiscuous mode
[  133.752476][ T4222] device veth0_vlan left promiscuous mode
[  134.023679][ T4222] team0 (unregistering): Port device team_slave_1 removed
[  134.041934][ T4222] team0 (unregistering): Port device team_slave_0 removed
[  134.065615][ T4222] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  134.084536][ T4222] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  134.169382][ T4222] bond0 (unregistering): Released all slaves
[  134.301203][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  134.311543][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  134.322623][  T154] bridge0: port 1(bridge_slave_0) entered blocking state
[  134.330387][  T154] bridge0: port 1(bridge_slave_0) entered forwarding state
[  134.341421][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  134.354980][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  134.369286][  T154] bridge0: port 2(bridge_slave_1) entered blocking state
[  134.376378][  T154] bridge0: port 2(bridge_slave_1) entered forwarding state
[  134.393206][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  134.461519][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  134.483978][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  134.493145][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  134.509778][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  134.518581][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  134.545855][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  134.564269][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  134.573741][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  134.591525][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  134.606307][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  134.617072][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  134.631795][ T6641] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  134.912429][ T5521] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  134.926052][ T5521] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  134.938647][ T6641] 8021q: adding VLAN 0 to HW filter on device batadv0
[  135.464753][ T4185] Bluetooth: hci4: command 0x041b tx timeout
[  135.479595][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  135.499134][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  135.578243][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  135.587123][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  135.622794][ T6641] device veth0_vlan entered promiscuous mode
[  135.632868][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  135.651881][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  135.665903][ T6641] device veth1_vlan entered promiscuous mode
[  135.727781][ T4260] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  135.738417][ T4260] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  135.757990][ T6641] device veth0_macvtap entered promiscuous mode
[  135.775006][ T4260] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  135.796033][ T4260] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  135.806880][ T6641] device veth1_macvtap entered promiscuous mode
[  135.829602][ T4260] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  135.838106][ T4260] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  135.858426][ T6641] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  135.874882][ T6641] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  135.890835][ T6641] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  135.916181][ T6641] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  135.942459][ T6641] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  135.960492][ T6641] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  135.977244][ T6641] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  135.987679][ T6641] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  136.036631][ T6641] batman_adv: batadv0: Interface activated: batadv_slave_0
[  136.045433][ T4260] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  136.066913][ T4260] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  136.087710][ T6641] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  136.112772][ T6641] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  136.148229][ T6641] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  136.158682][ T6641] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  136.180231][ T6641] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  136.191098][ T6641] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  136.200992][ T6641] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  136.250916][ T6641] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  136.263735][ T6641] batman_adv: batadv0: Interface activated: batadv_slave_1
[  136.279732][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  136.295130][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  136.316435][ T6641] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  136.338074][ T6641] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  136.349248][ T6641] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  136.364163][ T6641] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  136.492493][ T4260] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  136.500604][ T4260] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  136.542087][ T5521] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  136.574831][ T5521] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  136.607340][ T5521] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  136.629083][ T4260] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  136.666080][ T1422] ieee802154 phy0 wpan0: encryption failed: -22
[  136.672413][ T1422] ieee802154 phy1 wpan1: encryption failed: -22
[  137.132398][ T6761] loop0: detected capacity change from 0 to 512
[  137.287543][ T6761] EXT4-fs (loop0): mounted filesystem without journal. Opts: grpid,grpquota,,errors=continue. Quota mode: writeback.
[  137.314214][ T6761] ext4 filesystem being mounted at /223/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  137.517434][ T6775] netlink: 8 bytes leftover after parsing attributes in process `syz.4.990'.
[  137.806912][ T4287] Bluetooth: hci4: command 0x040f tx timeout
[  138.179489][ T4287] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  138.618055][ T4287] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  138.638460][ T4287] usb 1-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  138.741528][ T4287] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66
[  138.816274][ T4287] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  138.889604][ T4287] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  139.099152][ T4287] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  139.121542][ T4287] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  139.173078][ T4287] usb 1-1: Product: syz
[  139.202232][ T4287] usb 1-1: Manufacturer: syz
[  139.254037][ T6835] loop4: detected capacity change from 0 to 512
[  139.303405][ T4287] cdc_wdm 1-1:1.0: skipping garbage
[  139.308778][ T4287] cdc_wdm 1-1:1.0: skipping garbage
[  139.376568][ T4287] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device
[  139.413009][ T6835] EXT4-fs (loop4): Ignoring removed orlov option
[  139.446032][ T6835] EXT4-fs (loop4): bad block size 65536
[  139.468464][ T4287] cdc_wdm 1-1:1.0: Unknown control protocol
[  139.786701][ T4287] usb 1-1: USB disconnect, device number 8
[  140.011202][ T4185] Bluetooth: hci4: command 0x0419 tx timeout
[  140.188012][ T6808] loop2: detected capacity change from 0 to 32768
[  140.927023][ T4287] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  141.035669][ T6881] program syz.5.1031 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  141.272223][ T6890] loop4: detected capacity change from 0 to 512
[  141.322218][ T6890] EXT4-fs (loop4): Ignoring removed bh option
[  141.421994][ T6890] EXT4-fs (loop4): mounted filesystem without journal. Opts: i_version,nogrpid,bh,,errors=continue. Quota mode: writeback.
[  141.445156][ T6890] ext4 filesystem being mounted at /230/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  141.553184][ T6890] EXT4-fs (loop4): shut down requested (2)
[  141.600800][ T4287] usb 3-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.00
[  141.615775][ T4287] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  141.652891][ T6905] input: syz1 as /devices/virtual/input/input13
[  141.670072][ T4287] usb 3-1: Product: syz
[  141.674261][ T4287] usb 3-1: Manufacturer: syz
[  141.725703][ T4287] usb 3-1: SerialNumber: syz
[  142.182292][ T6924] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1044'.
[  142.335646][ T6929] loop0: detected capacity change from 0 to 512
[  142.392030][ T4185] Bluetooth: hci5: command 0x1003 tx timeout
[  142.398836][ T4193] Bluetooth: hci5: sending frame failed (-49)
[  142.426898][ T6929] EXT4-fs (loop0): Ignoring removed orlov option
[  142.455953][ T6929] EXT4-fs (loop0): bad block size 65536
[  142.491746][ T4287] rtl8150 3-1:1.0: eth5: rtl8150 is detected
[  142.721952][ T4287] usb 3-1: USB disconnect, device number 9
[  143.377459][ T6958] loop0: detected capacity change from 0 to 64
[  144.115192][ T6974] loop0: detected capacity change from 0 to 8
[  144.417194][ T6974] SQUASHFS error: zlib decompression failed, data probably corrupt
[  144.479734][ T6974] SQUASHFS error: Failed to read block 0x4de: -5
[  144.486457][ T6974] SQUASHFS error: Failed to read block 0x4e2: -5
[  144.604710][ T4287] Bluetooth: hci5: command 0x1001 tx timeout
[  144.610889][ T4193] Bluetooth: hci5: sending frame failed (-49)
[  144.661138][ T6974] SQUASHFS error: Failed to read block 0x9ca: -5
[  144.711853][ T6974] SQUASHFS error: Failed to read block 0x2cf2: -5
[  144.785529][ T6974] SQUASHFS error: Failed to read block 0x52cf2: -5
[  144.794778][ T6974] SQUASHFS error: Failed to read block 0x535f2: -5
[  144.826193][ T6993] bond0: option lacp_rate: mode dependency failed, not supported in mode balance-rr(0)
[  144.868065][   T26] audit: type=1800 audit(1763640293.771:34): pid=6974 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1056" name="file1" dev="loop0" ino=5 res=0 errno=0
[  145.312404][ T7002] loop2: detected capacity change from 0 to 8192
[  145.341604][ T7002] UDF-fs: warning (device loop2): udf_load_vrs: No VRS found
[  145.371957][ T7002] UDF-fs: Scanning with blocksize 512 failed
[  145.392270][ T7002] UDF-fs: warning (device loop2): udf_load_vrs: No VRS found
[  145.425115][ T7002] UDF-fs: Scanning with blocksize 1024 failed
[  145.445218][ T7002] UDF-fs: warning (device loop2): udf_load_vrs: No VRS found
[  145.463743][ T7002] UDF-fs: Scanning with blocksize 2048 failed
[  145.480093][ T7002] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  145.482888][ T6981] loop5: detected capacity change from 0 to 32768
[  145.652511][ T6981] read_mapping_page failed!
[  145.662917][ T6981] ialloc: diAlloc returned -5!
[  145.709444][  T277] read_mapping_page failed!
[  145.951217][ T7020] loop2: detected capacity change from 0 to 512
[  146.029851][ T7020] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  146.114233][ T7020] EXT4-fs (loop2): 1 truncate cleaned up
[  146.133428][ T7020] EXT4-fs (loop2): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000001,auto_da_alloc=0x0000000000000eb0,debug_want_extra_isize=0x0000000000000068,lazytime,nombcache,noload,noquota,,errors=continue. Quota mode: none.
[  146.199030][ T4252] hid-generic 0005:04F3:0400.0007: item fetching failed at offset 0/1
[  146.211348][ T4252] hid-generic: probe of 0005:04F3:0400.0007 failed with error -22
[  146.261719][ T7020] EXT4-fs (loop2): re-mounted. Opts: (null). Quota mode: none.
[  146.380327][ T7020] EXT4-fs (loop2): Ignoring removed orlov option
[  146.460898][ T7020] EXT4-fs (loop2): Remounting file system with no journal so ignoring journalled data option
[  146.547298][ T7020] EXT4-fs (loop2): re-mounted. Opts: bsdgroups,nodiscard,noblock_validity,nouid32,usrjquota=,orlov,norecovery,barrier,data=journal,. Quota mode: none.
[  146.828426][ T4287] Bluetooth: hci5: command 0x1009 tx timeout
[  147.239516][ T7044] loop5: detected capacity change from 0 to 8192
[  147.339103][ T7044] REISERFS (device loop5): found reiserfs format "3.5" with non-standard journal
[  147.373511][ T7044] REISERFS (device loop5): using ordered data mode
[  147.380083][ T7044] reiserfs: using flush barriers
[  147.399085][ T4185] kernel read not supported for file /dsp (pid: 4185 comm: kworker/0:4)
[  147.430647][ T7044] REISERFS (device loop5): journal params: device loop5, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  147.457404][ T7044] REISERFS (device loop5): checking transaction log (loop5)
[  147.470997][ T7044] REISERFS (device loop5): Using r5 hash to sort names
[  147.509348][ T7044] REISERFS (device loop5): Created .reiserfs_priv - reserved for xattr storage.
[  147.746444][ T7042] loop2: detected capacity change from 0 to 32768
[  147.856537][ T7042] read_mapping_page failed!
[  147.873680][ T7042] ialloc: diAlloc returned -5!
[  147.941236][ T4251] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  148.063675][  T276] read_mapping_page failed!
[  148.228705][ T4251] usb 1-1: Using ep0 maxpacket: 32
[  148.367928][ T4251] usb 1-1: config 0 has an invalid interface number: 51 but max is 0
[  148.378476][   T23] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  148.381071][ T4251] usb 1-1: config 0 has no interface number 0
[  148.556456][ T7076] loop5: detected capacity change from 0 to 512
[  148.581677][ T4251] usb 1-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  148.590762][ T4251] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  148.616803][ T4251] usb 1-1: Product: syz
[  148.624118][ T4251] usb 1-1: Manufacturer: syz
[  148.629074][ T4251] usb 1-1: SerialNumber: syz
[  148.640370][ T4251] usb 1-1: config 0 descriptor??
[  148.653005][ T7076] EXT4-fs (loop5): mounted filesystem without journal. Opts: grpid,grpquota,,errors=continue. Quota mode: writeback.
[  148.666339][ T7076] ext4 filesystem being mounted at /28/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  148.700539][ T4251] quatech2 1-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  148.925748][ T4251] usb 1-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  148.943530][ T4251] usb 1-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  149.396658][ T4251] usb 1-1: USB disconnect, device number 9
[  149.405112][    C0] usb 1-1: qt2_read_bulk_callback - non-zero urb status: -108
[  149.426937][ T4251] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  149.453433][ T4251] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  149.478938][ T4251] quatech2 1-1:0.51: device disconnected
[  149.739097][ T7093] loop5: detected capacity change from 0 to 256
[  149.838651][ T7093] exFAT-fs (loop5): failed to load upcase table (idx : 0x000104d0, chksum : 0xda218cab, utbl_chksum : 0xe619d30d)
[  150.040703][ T7093] exFAT-fs (loop5): error, invalid access to FAT free cluster (entry 0x00000008)
[  150.075582][ T7093] exFAT-fs (loop5): Filesystem has been set read-only
[  150.097018][ T7099] exFAT-fs (loop5): error, invalid access to FAT free cluster (entry 0x00000008)
[  150.141001][ T7099] exFAT-fs (loop5): error, failed to bmap (inode : ffff8880613987e0 iblock : 8, err : -5)
[  150.198087][ T7099] exFAT-fs (loop5): error, invalid access to FAT free cluster (entry 0x00000008)
[  150.301854][ T7084] loop2: detected capacity change from 0 to 131072
[  150.334890][   T23] usb 5-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.00
[  150.350301][   T23] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  150.361370][   T23] usb 5-1: Product: syz
[  150.367079][   T23] usb 5-1: Manufacturer: syz
[  150.379836][   T23] usb 5-1: SerialNumber: syz
[  150.433049][ T7084] F2FS-fs (loop2): invalid crc value
[  150.505901][ T7084] F2FS-fs (loop2): Found nat_bits in checkpoint
[  150.612093][ T7084] F2FS-fs (loop2): Cannot turn on quotas: -2 on 2
[  150.631745][ T7084] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4
[  151.245343][   T23] rtl8150 5-1:1.0: eth5: rtl8150 is detected
[  151.561956][ T5454] usb 5-1: USB disconnect, device number 10
[  151.587772][ T7122] loop5: detected capacity change from 0 to 131072
[  151.673885][ T7122] F2FS-fs (loop5): Wrong CP boundary, start(512) end(198144) blocks(1024)
[  151.682536][ T7122] F2FS-fs (loop5): Can't find valid F2FS filesystem in 2th superblock
[  151.693898][ T7122] F2FS-fs (loop5): invalid crc value
[  151.754257][ T7122] F2FS-fs (loop5): Found nat_bits in checkpoint
[  151.849889][ T7122] F2FS-fs (loop5): Try to recover 2th superblock, ret: 0
[  151.857514][ T7122] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e4
[  151.899605][ T7133] loop0: detected capacity change from 0 to 4096
[  152.097434][ T7133] ntfs: volume version 3.1.
[  152.127398][ T7122] fscrypt (loop5, inode 8): Error -61 getting encryption context
[  152.723773][ T7147] loop0: detected capacity change from 0 to 512
[  152.885379][ T7147] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  152.897134][ T7147] ext4 filesystem being mounted at /249/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  152.931565][ T7147] EXT4-fs error (device loop0): ext4_do_update_inode:5218: inode #2: comm syz.0.1116: corrupted inode contents
[  153.037023][ T7147] EXT4-fs error (device loop0): ext4_dirty_inode:6054: inode #2: comm syz.0.1116: mark_inode_dirty error
[  153.088236][ T7147] EXT4-fs error (device loop0): ext4_do_update_inode:5218: inode #2: comm syz.0.1116: corrupted inode contents
[  153.135760][ T4185] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  153.157436][ T7159] EXT4-fs error (device loop0): ext4_do_update_inode:5218: inode #2: comm syz.0.1116: corrupted inode contents
[  153.467192][ T4185] usb 6-1: Using ep0 maxpacket: 8
[  153.620547][ T4185] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  153.669339][ T4185] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  153.762305][ T4185] usb 6-1: New USB device found, idVendor=06cb, idProduct=81a7, bcdDevice= 0.00
[  153.826056][ T4185] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  153.889937][ T4185] usb 6-1: config 0 descriptor??
[  154.448570][ T4185] hid-rmi 0003:06CB:81A7.0008: unknown main item tag 0x7
[  154.460716][ T4185] hid-rmi 0003:06CB:81A7.0008: unbalanced collection at end of report description
[  154.487139][ T4185] hid-rmi 0003:06CB:81A7.0008: parse failed
[  154.527956][ T4185] hid-rmi: probe of 0003:06CB:81A7.0008 failed with error -22
[  154.581769][ T7209] loop4: detected capacity change from 0 to 256
[  154.644159][ T7209] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  154.761187][ T5454] usb 6-1: USB disconnect, device number 2
[  154.910003][ T7215] IPv6: ADDRCONF(NETDEV_CHANGE): rose0: link becomes ready
[  155.316071][ T7229] loop4: detected capacity change from 0 to 64
[  155.650529][ T7239] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1147'.
[  155.795242][ T7245] loop5: detected capacity change from 0 to 256
[  156.171784][ T7260] netlink: 'syz.0.1154': attribute type 1 has an invalid length.
[  156.232198][ T7263] loop5: detected capacity change from 0 to 1024
[  156.514182][ T4251] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  156.781687][ T4251] usb 3-1: Using ep0 maxpacket: 8
[  156.832816][ T7270] loop0: detected capacity change from 0 to 8192
[  156.915199][ T4251] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  156.937144][ T7270] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found
[  156.971784][ T4251] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  156.976835][ T7270] UDF-fs: Scanning with blocksize 512 failed
[  156.999669][ T7286] tipc: Started in network mode
[  157.004544][ T7286] tipc: Node identity _id00000, cluster identity 4711
[  157.039395][ T7270] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found
[  157.072502][ T7270] UDF-fs: Scanning with blocksize 1024 failed
[  157.079375][ T4251] usb 3-1: New USB device found, idVendor=06cb, idProduct=81a7, bcdDevice= 0.00
[  157.079413][ T4251] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  157.095654][ T4251] usb 3-1: config 0 descriptor??
[  157.102711][ T7286] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  157.187821][ T7270] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found
[  157.230144][ T7270] UDF-fs: Scanning with blocksize 2048 failed
[  157.300979][ T7270] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  157.660680][ T4251] hid-rmi 0003:06CB:81A7.0009: unknown main item tag 0x7
[  157.667818][ T4251] hid-rmi 0003:06CB:81A7.0009: unbalanced collection at end of report description
[  157.765621][ T4251] hid-rmi 0003:06CB:81A7.0009: parse failed
[  157.771572][ T4251] hid-rmi: probe of 0003:06CB:81A7.0009 failed with error -22
[  157.773510][ T7252] loop4: detected capacity change from 0 to 40427
[  157.806151][ T7304] loop5: detected capacity change from 0 to 1024
[  157.912020][ T7252] F2FS-fs (loop4): Fix alignment : internally, start(4096) end(16896) block(12288)
[  157.992870][ T7252] F2FS-fs (loop4): invalid crc value
[  157.994484][   T23] usb 3-1: USB disconnect, device number 10
[  158.045835][ T7252] F2FS-fs (loop4): Found nat_bits in checkpoint
[  158.228478][ T7315] netlink: 'syz.5.1171': attribute type 1 has an invalid length.
[  158.389577][ T7252] F2FS-fs (loop4): recover fsync data on readonly fs
[  158.442689][ T7252] F2FS-fs (loop4): Cannot turn on quotas: -2 on 1
[  158.492274][ T7252] F2FS-fs (loop4): Cannot turn on quotas: -2 on 2
[  158.502733][ T7320] loop5: detected capacity change from 0 to 1024
[  158.542144][ T7252] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  158.715488][ T4260] hfsplus: b-tree write err: -5, ino 4
[  158.729053][ T7252] F2FS-fs (loop4): Try to recover all the superblocks, ret: 0
[  158.836187][ T7329] loop2: detected capacity change from 0 to 256
[  158.943259][ T7329] exFAT-fs (loop2): failed to load upcase table (idx : 0x00011bf5, chksum : 0xcea91b8a, utbl_chksum : 0xe619d30d)
[  159.047842][ T7329] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186)
[  159.583906][ T7306] loop1: detected capacity change from 0 to 40427
[  159.640452][ T7306] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[  159.657760][ T7306] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  159.691450][ T7306] F2FS-fs (loop1): invalid crc value
[  159.736528][ T7306] F2FS-fs (loop1): Found nat_bits in checkpoint
[  159.809506][ T7322] loop0: detected capacity change from 0 to 32768
[  159.879949][ T7322] (syz.0.1174,7322,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  159.935167][ T7322] (syz.0.1174,7322,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  159.997381][ T7306] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  160.009210][ T7306] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  160.062052][ T7322] (syz.0.1174,7322,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xcfdff595, computed 0xefed4a20. Applying ECC.
[  160.129158][ T7322] JBD2: Ignoring recovery information on journal
[  160.282392][ T7331] loop5: detected capacity change from 0 to 32768
[  160.306862][ T7322] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[  160.451554][ T7331] XFS (loop5): Mounting V5 Filesystem
[  160.617442][ T7331] XFS (loop5): Ending clean mount
[  160.661880][ T7322] (syz.0.1174,7322,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb68296ec, computed 0xec517776. Applying ECC.
[  160.747675][ T7322] (syz.0.1174,7322,1):ocfs2_block_check_validate:416 ERROR: Fixed CRC32 failed: stored: 0xb68296ec, computed 0xccb4c126
[  160.775176][ T7322] (syz.0.1174,7322,1):ocfs2_group_extend:318 ERROR: status = -5
[  160.840249][ T6641] XFS (loop5): Unmounting Filesystem
[  160.871284][ T4181] ocfs2: Unmounting device (7,0) on (node local)
[  160.882745][ T7370] loop2: detected capacity change from 0 to 1024
[  161.952662][ T7361] loop4: detected capacity change from 0 to 32768
[  162.118390][ T7361] JBD2: Ignoring recovery information on journal
[  162.152074][ T7361] JBD2: corrupted journal superblock
[  162.157400][ T7361] JBD2: error -117 scanning journal
[  162.235841][ T7361] (syz.4.1179,7361,0):ocfs2_journal_wipe:1154 ERROR: status = -117
[  162.243810][ T7361] (syz.4.1179,7361,0):ocfs2_check_volume:2424 ERROR: status = -117
[  162.295866][ T7361] (syz.4.1179,7361,0):ocfs2_check_volume:2493 ERROR: status = -117
[  162.328652][ T7361] (syz.4.1179,7361,1):ocfs2_mount_volume:1824 ERROR: status = -117
[  162.368123][ T7361] (syz.4.1179,7361,1):ocfs2_fill_super:1177 ERROR: status = -117
[  162.379848][ T7391] loop5: detected capacity change from 0 to 8192
[  162.455158][ T7391] UDF-fs: warning (device loop5): udf_load_vrs: No VRS found
[  162.479504][ T7391] UDF-fs: Scanning with blocksize 512 failed
[  162.516954][ T7391] UDF-fs: warning (device loop5): udf_load_vrs: No VRS found
[  162.529823][ T7391] UDF-fs: Scanning with blocksize 1024 failed
[  162.565995][ T7391] UDF-fs: warning (device loop5): udf_load_vrs: No VRS found
[  162.575688][ T7391] UDF-fs: Scanning with blocksize 2048 failed
[  162.595590][ T7391] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  162.840765][ T7410] loop0: detected capacity change from 0 to 256
[  162.936077][   T26] audit: type=1800 audit(1763640310.674:35): pid=7410 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1187" name="file1" dev="loop0" ino=1048658 res=0 errno=0
[  162.960401][ T4287] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  162.989771][  T154] FAT-fs (loop0): error, corrupted file size (i_pos 196, 2097152)
[  163.011849][  T154] FAT-fs (loop0): Filesystem has been set read-only
[  163.036457][  T154] FAT-fs (loop0): error, corrupted file size (i_pos 196, 2097152)
[  163.227617][ T4287] usb 5-1: Using ep0 maxpacket: 8
[  163.356082][ T4287] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  163.410218][ T4287] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  163.448910][ T4287] usb 5-1: New USB device found, idVendor=06cb, idProduct=81a7, bcdDevice= 0.00
[  163.498650][ T4287] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  163.514717][ T7427] loop2: detected capacity change from 0 to 1024
[  163.550834][ T4287] usb 5-1: config 0 descriptor??
[  163.572308][ T7430] netlink: 104 bytes leftover after parsing attributes in process `syz.5.1194'.
[  163.732261][   T26] audit: type=1800 audit(1763640311.422:36): pid=7427 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1193" name="bus" dev="loop2" ino=26 res=0 errno=0
[  163.897244][ T7427] attempt to access beyond end of device
[  163.897244][ T7427] loop2: rw=34817, want=1036, limit=1024
[  164.075044][ T4287] hid-rmi 0003:06CB:81A7.000A: unknown main item tag 0x7
[  164.098628][ T4287] hid-rmi 0003:06CB:81A7.000A: unbalanced collection at end of report description
[  164.150625][ T4287] hid-rmi 0003:06CB:81A7.000A: parse failed
[  164.167540][ T4287] hid-rmi: probe of 0003:06CB:81A7.000A failed with error -22
[  164.249339][ T4222] hfsplus: b-tree write err: -5, ino 4
[  164.362665][ T1108] usb 5-1: USB disconnect, device number 11
[  164.568187][ T7456] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1203'.
[  164.638394][ T7461] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1203'.
[  164.782966][ T7467] program syz.2.1206 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  164.927677][   T23] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  165.216158][   T23] usb 6-1: Using ep0 maxpacket: 16
[  165.385844][   T23] usb 6-1: config 0 has an invalid interface number: 8 but max is 0
[  165.420107][   T23] usb 6-1: config 0 has no interface number 0
[  165.428055][   T23] usb 6-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  165.560934][   T23] usb 6-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  165.752710][ T7512] loop2: detected capacity change from 0 to 256
[  165.772801][   T23] usb 6-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[  165.857538][   T23] usb 6-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[  165.868077][   T23] usb 6-1: Product: syz
[  165.889728][   T23] usb 6-1: SerialNumber: syz
[  165.924412][   T23] usb 6-1: config 0 descriptor??
[  165.968228][   T23] cm109 6-1:0.8: invalid payload size 0, expected 4
[  165.980182][   T23] input: CM109 USB driver as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.8/input/input14
[  166.281854][ T4287] usb 6-1: USB disconnect, device number 3
[  166.296073][    C1] cm109 6-1:0.8: cm109_urb_ctl_callback: urb status -71
[  166.303493][    C1] cm109 6-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19
[  166.323831][ T4287] cm109 6-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19
[  166.349494][ T4185] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  166.671744][ T7535] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1232'.
[  166.746016][ T4185] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  166.754680][ T4185] usb 3-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  166.776475][ T4185] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66
[  166.790092][ T7538] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  166.813784][ T4185] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  166.827486][ T7539] loop4: detected capacity change from 0 to 1024
[  166.845876][ T4185] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  166.952799][ T7539] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  166.989605][ T7545] netlink: 'syz.1.1237': attribute type 21 has an invalid length.
[  167.001683][ T7545] netlink: 128 bytes leftover after parsing attributes in process `syz.1.1237'.
[  167.010868][ T7545] netlink: 'syz.1.1237': attribute type 5 has an invalid length.
[  167.023031][ T4185] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  167.032095][ T4185] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  167.045300][ T7545] netlink: 'syz.1.1237': attribute type 6 has an invalid length.
[  167.053135][ T4185] usb 3-1: Product: syz
[  167.057848][ T7545] netlink: 3 bytes leftover after parsing attributes in process `syz.1.1237'.
[  167.067258][ T4185] usb 3-1: Manufacturer: syz
[  167.112398][ T4185] cdc_wdm 3-1:1.0: skipping garbage
[  167.117741][ T4185] cdc_wdm 3-1:1.0: skipping garbage
[  167.149545][ T4185] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device
[  167.169800][ T4185] cdc_wdm 3-1:1.0: Unknown control protocol
[  167.251770][ T7553] loop5: detected capacity change from 0 to 512
[  167.431474][ T7553] EXT4-fs error (device loop5): ext4_xattr_inode_iget:404: comm syz.5.1242: inode #1: comm syz.5.1242: iget: illegal inode #
[  167.453175][ T7553] EXT4-fs error (device loop5): ext4_xattr_inode_iget:409: comm syz.5.1242: error while reading EA inode 1 err=-117
[  167.467874][ T7553] EXT4-fs error (device loop5): ext4_xattr_inode_iget:404: comm syz.5.1242: inode #1: comm syz.5.1242: iget: illegal inode #
[  167.568568][ T7553] EXT4-fs error (device loop5): ext4_xattr_inode_iget:409: comm syz.5.1242: error while reading EA inode 1 err=-117
[  167.592133][ T4185] usb 3-1: USB disconnect, device number 11
[  167.609525][ T7553] EXT4-fs (loop5): 1 orphan inode deleted
[  167.642887][ T7553] EXT4-fs (loop5): mounted filesystem without journal. Opts: grpjquota=,stripe=0x0000000000000003,norecovery,noinit_itable,init_itable=0x0000000000000001,minixdf,usrjquota=,debug_want_extra_isize=0x000000000000005c,errors=continue,dioread_lock,noblock_validity,noquota,,errors=continue. Quota mode: none.
[  167.728720][ T7578] comedi comedi0: das16m1: I/O port conflict (0x501,8)
[  167.867771][ T7582] loop1: detected capacity change from 0 to 1024
[  168.048679][ T4867] hfsplus: b-tree write err: -5, ino 4
[  168.174314][ T7592] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1260'.
[  168.601556][ T7599] loop1: detected capacity change from 0 to 2048
[  168.604405][ T7603] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1264'.
[  168.753375][ T7603] device  entered promiscuous mode
[  168.759581][ T7599] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  168.816676][ T7607] loop0: detected capacity change from 0 to 2048
[  168.892697][ T7607] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  169.345568][ T7621] loop2: detected capacity change from 0 to 256
[  169.459525][   T26] audit: type=1800 audit(1763640317.776:37): pid=7621 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1269" name="file1" dev="loop2" ino=1048659 res=0 errno=0
[  169.471196][ T5521] FAT-fs (loop2): error, corrupted file size (i_pos 196, 2097152)
[  169.542222][ T5521] FAT-fs (loop2): Filesystem has been set read-only
[  169.575994][ T5521] FAT-fs (loop2): error, corrupted file size (i_pos 196, 2097152)
[  169.615734][ T7626] input: syz0 as /devices/virtual/input/input15
[  170.006928][ T4251] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  170.114978][ T7646] loop0: detected capacity change from 0 to 1024
[  170.232029][ T7646] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  170.449235][ T4251] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  170.465585][ T4251] usb 5-1: config 0 has no interface number 0
[  170.518592][ T4251] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  170.566705][ T4251] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  170.617877][ T4251] usb 5-1: New USB device found, idVendor=04d9, idProduct=a055, bcdDevice= 0.18
[  170.632178][ T4251] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  170.653231][ T4251] usb 5-1: config 0 descriptor??
[  170.941515][ T7664] loop2: detected capacity change from 0 to 164
[  171.066221][ T7664] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  171.244040][ T7664] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  171.467120][ T7664] Symlink component flag not implemented
[  171.545627][ T7664] Symlink component flag not implemented
[  171.620345][ T7664] Symlink component flag not implemented (7)
[  171.626282][ T7668] loop0: detected capacity change from 0 to 131072
[  171.656905][ T7651] loop1: detected capacity change from 0 to 32768
[  171.663562][ T7664] Symlink component flag not implemented (116)
[  171.679366][ T7668] F2FS-fs (loop0): Wrong CP boundary, start(512) end(198144) blocks(1024)
[  171.688145][ T7668] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock
[  171.709660][ T7668] F2FS-fs (loop0): invalid crc value
[  171.722352][ T4251] input: HID 04d9:a055 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.1/0003:04D9:A055.000B/input/input16
[  171.770684][ T7668] F2FS-fs (loop0): Found nat_bits in checkpoint
[  171.886937][ T7668] F2FS-fs (loop0): Try to recover 2th superblock, ret: 0
[  171.894053][ T7668] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4
[  171.999217][ T4251] holtek_kbd 0003:04D9:A055.000B: input,hidraw0: USB HID v0.00 Keyboard [HID 04d9:a055] on usb-dummy_hcd.4-1/input1
[  172.047628][ T7668] fscrypt (loop0, inode 8): Error -61 getting encryption context
[  172.102392][ T4251] usb 5-1: USB disconnect, device number 12
[  172.503836][ T7682] fido_id[7682]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory
[  172.638431][ T7691] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1301'.
[  172.704256][ T7694] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1302'.
[  172.757764][ T7694] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1302'.
[  172.780678][ T7698] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1304'.
[  172.859574][ T7694] bridge0: port 3(vlan2) entered blocking state
[  172.908508][ T7694] bridge0: port 3(vlan2) entered disabled state
[  173.067942][ T7706] tap0: tun_chr_ioctl cmd 1074025677
[  173.123940][ T7706] tap0: linktype set to 0
[  173.162173][ T7671] loop5: detected capacity change from 0 to 32768
[  173.393999][ T7671] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode.
[  173.488011][ T4260] (kworker/u4:5,4260,0):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #72: rec_len % 4 != 0 - offset=16, inode=66, rec_len=491, name_len=2
[  173.509010][ T7671] (syz.5.1294,7671,1):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #65: rec_len % 4 != 0 - offset=312, inode=13845347915746889, rec_len=25793, name_len=214
[  173.760091][ T6641] ocfs2: Unmounting device (7,5) on (node local)
[  173.843766][ T7721] loop2: detected capacity change from 0 to 4096
[  174.058676][ T7734] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  174.276852][ T7740] loop1: detected capacity change from 0 to 512
[  174.381129][ T7745] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  174.393646][ T7740] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem
[  174.425324][ T7740] EXT4-fs error (device loop1): ext4_get_journal_inode:5160: comm syz.1.1321: inode #1792: comm syz.1.1321: iget: illegal inode #
[  174.436765][ T7746] loop0: detected capacity change from 0 to 16
[  174.514476][ T7749] mkiss: ax0: crc mode is auto.
[  174.528657][ T7740] EXT4-fs (loop1): Remounting filesystem read-only
[  174.577867][ T7746] erofs: (device loop0): mounted with root inode @ nid 36.
[  174.580974][ T7740] EXT4-fs (loop1): no journal found
[  174.664485][ T7740] EXT4-fs (loop1): can't get journal size
[  174.693875][ T7740] EXT4-fs (loop1): warning: mounting fs with errors, running e2fsck is recommended
[  174.735097][ T7759] loop4: detected capacity change from 0 to 8
[  174.747941][ T7740] EXT4-fs (loop1): Errors on filesystem, clearing orphan list.
[  174.757696][ T7740] EXT4-fs (loop1): mounted filesystem without journal. Opts: errors=remount-ro,usrjquota="errors=continue,noload,data_err=ignore,grpjquota="grpquota,jqfmt=vfsold,noblock_validity,. Quota mode: writeback.
[  174.789711][ T7749] Falling back ldisc for ptm0.
[  174.921652][ T7759] SQUASHFS error: Failed to read block 0x26067d: -5
[  174.980962][ T7759] SQUASHFS error: Unable to read metadata cache entry [26067d]
[  174.989541][ T7759] SQUASHFS error: Unable to read directory block [26067d:1fff]
[  175.002548][ T7762] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1329'.
[  175.294434][ T7769] loop2: detected capacity change from 0 to 2048
[  175.433649][ T7769] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  175.510011][ T7779] Attempt to restore checkpoint with obsolete wellknown handles
[  176.425962][ T7809] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1350'.
[  176.698541][ T7813] loop5: detected capacity change from 0 to 2048
[  176.788235][ T7821] program syz.2.1356 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  176.857264][ T7813] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  177.015733][ T7826] program syz.0.1359 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  177.096040][ T7768] loop4: detected capacity change from 0 to 40427
[  177.097986][ T7828] loop2: detected capacity change from 0 to 64
[  177.192975][ T7768] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  177.252983][ T7768] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  177.267997][ T7832] mmap: syz.1.1361 (7832) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst.
[  177.478894][ T7768] F2FS-fs (loop4): invalid crc value
[  177.537114][ T7768] F2FS-fs (loop4): Found nat_bits in checkpoint
[  177.610637][ T7843] binder: BINDER_SET_CONTEXT_MGR already set
[  177.671552][ T7843] binder: 7841:7843 ioctl 4018620d 200000000140 returned -16
[  177.736131][ T7768] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  177.777816][ T7768] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  178.396705][ T7856] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1370'.
[  178.646663][ T7861] loop1: detected capacity change from 0 to 2048
[  178.784758][ T7861] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  178.811152][ T7834] loop0: detected capacity change from 0 to 32768
[  179.402068][ T7877] loop2: detected capacity change from 0 to 1024
[  179.563031][ T7877] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  180.019442][ T7891] loop2: detected capacity change from 0 to 1024
[  180.226446][ T6645] hfsplus: b-tree write err: -5, ino 4
[  180.311644][ T5454] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  180.555920][ T7883] loop5: detected capacity change from 0 to 40427
[  180.589249][ T5454] usb 5-1: Using ep0 maxpacket: 32
[  180.626317][ T7883] F2FS-fs (loop5): Invalid log_blocksize (268), supports only 12
[  180.657600][ T7883] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
[  180.716869][ T7883] F2FS-fs (loop5): invalid crc value
[  180.739121][ T5454] usb 5-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  180.770661][ T7883] F2FS-fs (loop5): Found nat_bits in checkpoint
[  180.813768][ T5454] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  180.885206][ T5454] usb 5-1: config 0 descriptor??
[  180.911814][ T7883] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0
[  180.951833][ T7883] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  181.209308][ T7917] tap0: tun_chr_ioctl cmd 1074025677
[  181.220340][ T5454] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[  181.241448][ T7917] tap0: linktype set to 0
[  181.274429][ T7921] loop1: detected capacity change from 0 to 8
[  181.303612][ T5454] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  181.345399][ T5454] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[  181.356045][ T7921] SQUASHFS error: zlib decompression failed, data probably corrupt
[  181.380719][ T5454] usb 5-1: media controller created
[  181.412421][ T7921] SQUASHFS error: Failed to read block 0x9b: -5
[  181.420665][ T7921] SQUASHFS error: Unable to read metadata cache entry [99]
[  181.435099][ T7894] az6027: more than 2 i2c messages at a time is not handled yet. TODO.
[  181.470601][ T5454] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  181.497825][ T7921] SQUASHFS error: Unable to read inode 0x127
[  181.573065][ T5454] az6027: usb out operation failed. (-71)
[  181.594435][ T5454] az6027: usb out operation failed. (-71)
[  181.601125][ T5454] stb0899_attach: Driver disabled by Kconfig
[  181.626178][ T5454] az6027: no front-end attached
[  181.626178][ T5454] 
[  181.648035][ T5454] az6027: usb out operation failed. (-71)
[  181.655904][ T5454] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[  181.670774][ T5454] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.4/usb5/5-1/input/input17
[  181.745602][ T5454] dvb-usb: schedule remote query interval to 400 msecs.
[  181.770474][ T5454] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[  181.814225][ T5454] usb 5-1: USB disconnect, device number 13
[  181.994837][ T5454] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[  182.198469][ T7933] netlink: 'syz.2.1399': attribute type 21 has an invalid length.
[  182.230951][ T7933] netlink: 128 bytes leftover after parsing attributes in process `syz.2.1399'.
[  182.240393][ T7933] netlink: 'syz.2.1399': attribute type 5 has an invalid length.
[  182.305077][ T7933] netlink: 'syz.2.1399': attribute type 6 has an invalid length.
[  182.331916][ T7933] netlink: 3 bytes leftover after parsing attributes in process `syz.2.1399'.
[  182.663452][ T4230] Bluetooth: hci0: command 0x0406 tx timeout
[  182.680402][ T4230] Bluetooth: hci3: command 0x0406 tx timeout
[  182.709549][ T4230] Bluetooth: hci1: command 0x0406 tx timeout
[  182.716303][ T7946] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  182.723912][ T4251] Bluetooth: hci2: command 0x0406 tx timeout
[  182.882878][ T7935] loop4: detected capacity change from 0 to 32768
[  183.017186][ T7935] XFS (loop4): Mounting V5 Filesystem
[  183.133907][ T7935] XFS (loop4): Ending clean mount
[  183.286951][ T4189] XFS (loop4): Unmounting Filesystem
[  183.653843][ T7969] netlink: 'syz.0.1414': attribute type 21 has an invalid length.
[  183.684904][ T7969] netlink: 128 bytes leftover after parsing attributes in process `syz.0.1414'.
[  183.755343][ T7969] netlink: 'syz.0.1414': attribute type 5 has an invalid length.
[  183.774704][ T7951] loop2: detected capacity change from 0 to 40427
[  183.785115][ T7969] netlink: 'syz.0.1414': attribute type 6 has an invalid length.
[  183.812613][ T7951] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[  183.832212][ T7969] netlink: 3 bytes leftover after parsing attributes in process `syz.0.1414'.
[  183.852697][ T7951] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  183.919551][ T7951] F2FS-fs (loop2): invalid crc value
[  183.996200][ T7951] F2FS-fs (loop2): Found nat_bits in checkpoint
[  184.086368][ T7951] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  184.093519][ T7951] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  184.571684][ T7981] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1417'.
[  184.577641][ T7983] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1416'.
[  184.752638][ T7987] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  185.144088][ T8001] loop0: detected capacity change from 0 to 1024
[  185.311976][   T26] audit: type=1800 audit(1763640332.602:38): pid=8001 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1424" name="file2" dev="loop0" ino=3 res=0 errno=0
[  185.449274][ T6645] hfsplus: b-tree write err: -5, ino 3
[  185.510581][ T8005] serio: Serial port ptm0
[  185.831585][ T8017] loop0: detected capacity change from 0 to 512
[  185.981683][ T8017] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[  186.041818][ T8017] EXT4-fs (loop0): invalid journal inode
[  186.080105][ T8017] EXT4-fs (loop0): can't get journal size
[  186.134191][ T8017] EXT4-fs (loop0): 1 truncate cleaned up
[  186.148564][ T8017] EXT4-fs (loop0): mounted filesystem without journal. Opts: norecovery,max_batch_time=0x0000000000000003,,errors=continue. Quota mode: none.
[  186.387042][ T7999] loop2: detected capacity change from 0 to 32768
[  186.809662][ T8020] loop5: detected capacity change from 0 to 32768
[  186.829191][ T8034] program syz.0.1441 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  187.114660][ T8020] XFS (loop5): Mounting V5 Filesystem
[  187.332822][ T8020] XFS (loop5): Ending clean mount
[  187.372167][ T8020] XFS (loop5): Quotacheck needed: Please wait.
[  187.506638][ T8054] IPv6: ADDRCONF(NETDEV_CHANGE): rose0: link becomes ready
[  187.535669][ T8020] XFS (loop5): Quotacheck: Done.
[  187.551498][ T8018] loop1: detected capacity change from 0 to 40427
[  187.609108][ T8018] F2FS-fs (loop1): build fault injection attr: rate: 693, type: 0x1ffff
[  187.701637][ T8018] F2FS-fs (loop1): invalid crc value
[  187.756142][ T6641] XFS (loop5): Unmounting Filesystem
[  187.764498][ T8018] F2FS-fs (loop1): Found nat_bits in checkpoint
[  188.117167][ T8018] F2FS-fs (loop1): Start checkpoint disabled!
[  188.186848][ T8018] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[  188.290350][ T8018] attempt to access beyond end of device
[  188.290350][ T8018] loop1: rw=2049, want=77960, limit=40427
[  188.396365][ T8018] F2FS-fs (loop1) : inject write IO error in f2fs_write_end_io of submit_bio_checks+0x310/0x18f0
[  188.808052][ T4867] attempt to access beyond end of device
[  188.808052][ T4867] loop1: rw=2049, want=40984, limit=40427
[  189.386826][ T8084] loop0: detected capacity change from 0 to 40427
[  189.429534][ T8084] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12
[  189.455215][ T8084] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  189.487860][ T8084] F2FS-fs (loop0): invalid crc value
[  189.515538][ T8084] F2FS-fs (loop0): Found nat_bits in checkpoint
[  189.524344][ T8082] overlayfs: statfs failed on './file0'
[  189.632458][ T8084] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  189.647473][ T8084] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  189.910532][ T8107] binder: BINDER_SET_CONTEXT_MGR already set
[  189.936828][ T8109] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1467'.
[  189.964087][ T8107] binder: 8106:8107 ioctl 4018620d 200000000140 returned -16
[  190.024152][ T8109] device  entered promiscuous mode
[  190.146171][ T8114] loop1: detected capacity change from 0 to 128
[  190.379805][ T4287] kernel write not supported for file /snd/seq (pid: 4287 comm: kworker/0:8)
[  190.473093][ T4185] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  190.745393][ T4185] usb 3-1: Using ep0 maxpacket: 16
[  190.874101][ T4185] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  190.909700][ T4185] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[  190.942523][ T4185] usb 3-1: config 0 interface 0 has no altsetting 0
[  190.977300][ T4185] usb 3-1: New USB device found, idVendor=060b, idProduct=500a, bcdDevice= 0.00
[  190.997622][ T4185] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  191.012609][ T4251] usb 6-1: new full-speed USB device number 4 using dummy_hcd
[  191.025365][ T8144] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1485'.
[  191.045304][ T8144] netlink: 1 bytes leftover after parsing attributes in process `syz.1.1485'.
[  191.056773][ T4185] usb 3-1: config 0 descriptor??
[  191.160625][ T8146] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1486'.
[  191.181579][ T8146] device  entered promiscuous mode
[  191.418847][ T4251] usb 6-1: config 0 has no interfaces?
[  191.424580][ T4251] usb 6-1: New USB device found, idVendor=12d1, idProduct=42f7, bcdDevice=aa.47
[  191.467427][ T4251] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  191.488626][ T4251] usb 6-1: config 0 descriptor??
[  191.577832][ T4185] cougar 0003:060B:500A.000C: usage count exceeds max: fixing up report descriptor
[  191.618447][ T8162] loop4: detected capacity change from 0 to 512
[  191.633053][ T4185] cougar 0003:060B:500A.000C: unexpected long global item
[  191.640809][ T4185] cougar 0003:060B:500A.000C: parse failed
[  191.682246][ T4185] cougar: probe of 0003:060B:500A.000C failed with error -22
[  191.778827][ T8162] [EXT4 FS bs=4096, gc=1, bpg=95, ipg=32, mo=e040e01c, mo2=0000]
[  191.787069][ T4185] usb 3-1: USB disconnect, device number 12
[  191.939990][ T4251] usb 6-1: USB disconnect, device number 4
[  191.947273][ T8162] System zones: 0-2, 18-18, 34-34
[  191.973419][ T8162] 
[  191.975781][ T8162] ======================================================
[  191.982794][ T8162] WARNING: possible circular locking dependency detected
[  191.989820][ T8162] syzkaller #0 Not tainted
[  191.994229][ T8162] ------------------------------------------------------
[  192.001243][ T8162] syz.4.1493/8162 is trying to acquire lock:
[  192.007229][ T8162] ffff88805f22be48 (&ei->i_data_sem/2){++++}-{3:3}, at: ext4_map_blocks+0x32f/0x1b30
[  192.009000][ T8173] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1499'.
[  192.016729][ T8162] 
[  192.016729][ T8162] but task is already holding lock:
[  192.016737][ T8162] ffff888077a88208 (&s->s_dquot.dqio_sem){++++}-{3:3}, at: v2_write_dquot+0x12b/0x190
[  192.016789][ T8162] 
[  192.016789][ T8162] which lock already depends on the new lock.
[  192.016789][ T8162] 
[  192.016796][ T8162] 
[  192.016796][ T8162] the existing dependency chain (in reverse order) is:
[  192.016803][ T8162] 
[  192.016803][ T8162] -> #2 (&s->s_dquot.dqio_sem){++++}-{3:3}:
[  192.016829][ T8162]        down_read+0x44/0x2e0
[  192.016847][ T8162]        v2_read_dquot+0x4a/0x110
[  192.016866][ T8162]        dquot_acquire+0x152/0x520
[  192.016884][ T8162]        ext4_acquire_dquot+0x2d9/0x4a0
[  192.016904][ T8162]        dqget+0x778/0xeb0
[  192.016920][ T8162]        dquot_set_dqblk+0x27/0xf90
[  192.016939][ T8162]        quota_setquota+0x4ac/0x530
[  192.016958][ T8162]        __se_sys_quotactl+0x295/0x6c0
[  192.016984][ T8162]        do_syscall_64+0x4c/0xa0
[  192.017001][ T8162]        entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  192.017020][ T8162] 
[  192.017020][ T8162] -> #1 (&dquot->dq_lock){+.+.}-{3:3}:
[  192.017046][ T8162]        __mutex_lock_common+0x1eb/0x2390
[  192.017066][ T8162]        mutex_lock_nested+0x17/0x20
[  192.017085][ T8162]        dquot_commit+0x5a/0x410
[  192.017102][ T8162]        ext4_write_dquot+0x1f0/0x360
[  192.017120][ T8162]        mark_all_dquot_dirty+0xf9/0x400
[  192.017138][ T8162]        __dquot_free_space+0x7ca/0xb90
[  192.017155][ T8162]        ext4_free_blocks+0x1af5/0x2480
[  192.017175][ T8162]        ext4_ext_remove_space+0x1eaa/0x43a0
[  192.017193][ T8162]        ext4_ext_truncate+0x192/0x240
[  192.017211][ T8162]        ext4_truncate+0x9f1/0x10d0
[  192.017225][ T8162]        ext4_setattr+0xffe/0x19e0
[  192.017242][ T8162]        notify_change+0xbcd/0xee0
[  192.017261][ T8162]        do_truncate+0x197/0x220
[  192.017279][ T8162]        path_openat+0x28af/0x2f30
[  192.017296][ T8162]        do_filp_open+0x1b3/0x3e0
[  192.017312][ T8162]        do_sys_openat2+0x142/0x4a0
[  192.017331][ T8162]        __x64_sys_openat+0x135/0x160
[  192.017351][ T8162]        do_syscall_64+0x4c/0xa0
[  192.017366][ T8162]        entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  192.017385][ T8162] 
[  192.017385][ T8162] -> #0 (&ei->i_data_sem/2){++++}-{3:3}:
[  192.017414][ T8162]        __lock_acquire+0x2c33/0x7c60
[  192.017435][ T8162]        lock_acquire+0x197/0x3f0
[  192.017453][ T8162]        down_read+0x44/0x2e0
[  192.017471][ T8162]        ext4_map_blocks+0x32f/0x1b30
[  192.017487][ T8162]        ext4_getblk+0x16d/0x630
[  192.017502][ T8162]        ext4_bread+0x26/0x180
[  192.017517][ T8162]        ext4_quota_write+0x230/0x570
[  192.017535][ T8162]        get_free_dqblk+0x387/0x7d0
[  192.017555][ T8162]        do_insert_tree+0x214/0x1970
[  192.017574][ T8162]        do_insert_tree+0x5b1/0x1970
[  192.017592][ T8162]        do_insert_tree+0x5b1/0x1970
[  192.017611][ T8162]        do_insert_tree+0x5b1/0x1970
[  192.017630][ T8162]        qtree_write_dquot+0x361/0x4b0
[  192.017647][ T8162]        v2_write_dquot+0x108/0x190
[  192.017662][ T8162]        dquot_acquire+0x2d5/0x520
[  192.017679][ T8162]        ext4_acquire_dquot+0x2d9/0x4a0
[  192.017698][ T8162]        dqget+0x778/0xeb0
[  192.017713][ T8162]        __dquot_initialize+0x3b6/0xcb0
[  192.017729][ T8162]        ext4_process_orphan+0x54/0x300
[  192.017743][ T8162]        ext4_orphan_cleanup+0xaa9/0x12e0
[  192.017756][ T8162]        ext4_fill_super+0x92f0/0x9a60
[  192.017771][ T8162]        mount_bdev+0x287/0x3c0
[  192.017785][ T8162]        legacy_get_tree+0xe6/0x180
[  192.017803][ T8162]        vfs_get_tree+0x88/0x270
[  192.017819][ T8162]        do_new_mount+0x24a/0xa40
[  192.017835][ T8162]        __se_sys_mount+0x2d6/0x3c0
[  192.017851][ T8162]        do_syscall_64+0x4c/0xa0
[  192.017865][ T8162]        entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  192.017882][ T8162] 
[  192.017882][ T8162] other info that might help us debug this:
[  192.017882][ T8162] 
[  192.017888][ T8162] Chain exists of:
[  192.017888][ T8162]   &ei->i_data_sem/2 --> &dquot->dq_lock --> &s->s_dquot.dqio_sem
[  192.017888][ T8162] 
[  192.017921][ T8162]  Possible unsafe locking scenario:
[  192.017921][ T8162] 
[  192.017925][ T8162]        CPU0                    CPU1
[  192.017930][ T8162]        ----                    ----
[  192.017935][ T8162]   lock(&s->s_dquot.dqio_sem);
[  192.017947][ T8162]                                lock(&dquot->dq_lock);
[  192.017961][ T8162]                                lock(&s->s_dquot.dqio_sem);
[  192.017979][ T8162]   lock(&ei->i_data_sem/2);
[  192.017993][ T8162] 
[  192.017993][ T8162]  *** DEADLOCK ***
[  192.017993][ T8162] 
[  192.017997][ T8162] 3 locks held by syz.4.1493/8162:
[  192.018007][ T8162]  #0: ffff888077a880e0 (&type->s_umount_key#28/1){+.+.}-{3:3}, at: alloc_super+0x201/0x950
[  192.085585][ T8173] device  entered promiscuous mode
[  192.086130][ T8162]  #1: ffff888061307e68 (&dquot->dq_lock){+.+.}-{3:3}, at: dquot_acquire+0x63/0x520
[  192.086188][ T8162]  #2: ffff888077a88208 (&s->s_dquot.dqio_sem){++++}-{3:3}, at: v2_write_dquot+0x12b/0x190
[  192.086234][ T8162] 
[  192.086234][ T8162] stack backtrace:
[  192.086241][ T8162] CPU: 0 PID: 8162 Comm: syz.4.1493 Not tainted syzkaller #0
[  192.097852][ T8165] loop1: detected capacity change from 0 to 32768
[  192.101607][ T8162] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  192.101636][ T8162] Call Trace:
[  192.101643][ T8162]  <TASK>
[  192.101651][ T8162]  dump_stack_lvl+0x168/0x230
[  192.101679][ T8162]  ? load_image+0x3b0/0x3b0
[  192.101700][ T8162]  ? show_regs_print_info+0x20/0x20
[  192.101726][ T8162]  ? print_circular_bug+0x12b/0x1a0
[  192.101746][ T8162]  check_noncircular+0x274/0x310
[  192.101766][ T8162]  ? add_chain_block+0x940/0x940
[  192.101782][ T8162]  ? lockdep_lock+0xdc/0x1e0
[  192.101804][ T8162]  ? mark_lock+0x94/0x320
[  192.101826][ T8162]  ? mark_lock+0x94/0x320
[  192.101848][ T8162]  __lock_acquire+0x2c33/0x7c60
[  192.101876][ T8162]  ? __lock_acquire+0x13ad/0x7c60
[  192.101898][ T8162]  ? verify_lock_unused+0x140/0x140
[  192.101921][ T8162]  ? verify_lock_unused+0x140/0x140
[  192.101946][ T8162]  ? lockdep_unlock+0x134/0x2d0
[  192.101967][ T8162]  ? lockdep_lock+0x1e0/0x1e0
[  192.101997][ T8162]  lock_acquire+0x197/0x3f0
[  192.102018][ T8162]  ? ext4_map_blocks+0x32f/0x1b30
[  192.102041][ T8162]  ? __might_sleep+0xf0/0xf0
[  192.102057][ T8162]  ? read_lock_is_recursive+0x10/0x10
[  192.102079][ T8162]  ? percpu_counter_add_batch+0x13b/0x160
[  192.634257][ T8162]  ? rcu_is_watching+0x11/0xa0
[  192.639031][ T8162]  down_read+0x44/0x2e0
[  192.643340][ T8162]  ? ext4_map_blocks+0x32f/0x1b30
[  192.648387][ T8162]  ext4_map_blocks+0x32f/0x1b30
[  192.653402][ T8162]  ? _raw_spin_unlock+0x40/0x40
[  192.658261][ T8162]  ? ext4_issue_zeroout+0x250/0x250
[  192.663467][ T8162]  ? stack_trace_save+0x98/0xe0
[  192.668328][ T8162]  ? stack_depot_save+0x404/0x440
[  192.673361][ T8162]  ext4_getblk+0x16d/0x630
[  192.677779][ T8162]  ? do_insert_tree+0x214/0x1970
[  192.682720][ T8162]  ? do_insert_tree+0x5b1/0x1970
[  192.687658][ T8162]  ? do_insert_tree+0x5b1/0x1970
[  192.692600][ T8162]  ? ext4_get_block_unwritten+0x30/0x30
[  192.698150][ T8162]  ? ext4_orphan_cleanup+0xaa9/0x12e0
[  192.703532][ T8162]  ? vfs_get_tree+0x88/0x270
[  192.708122][ T8162]  ? do_new_mount+0x24a/0xa40
[  192.712827][ T8162]  ? __se_sys_mount+0x2d6/0x3c0
[  192.717686][ T8162]  ? do_syscall_64+0x4c/0xa0
[  192.722284][ T8162]  ? entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  192.728357][ T8162]  ext4_bread+0x26/0x180
[  192.732611][ T8162]  ext4_quota_write+0x230/0x570
[  192.737475][ T8162]  ? ext4_quota_read+0x3a0/0x3a0
[  192.742690][ T8162]  get_free_dqblk+0x387/0x7d0
[  192.747379][ T8162]  ? ext4_quota_read+0x3a0/0x3a0
[  192.752415][ T8162]  do_insert_tree+0x214/0x1970
[  192.757191][ T8162]  ? make_kuid+0x640/0x640
[  192.761792][ T8162]  ? get_free_dqblk+0x577/0x7d0
[  192.766653][ T8162]  do_insert_tree+0x5b1/0x1970
[  192.771566][ T8162]  do_insert_tree+0x5b1/0x1970
[  192.776349][ T8162]  do_insert_tree+0x5b1/0x1970
[  192.781133][ T8162]  qtree_write_dquot+0x361/0x4b0
[  192.786081][ T8162]  v2_write_dquot+0x108/0x190
[  192.790763][ T8162]  dquot_acquire+0x2d5/0x520
[  192.795497][ T8162]  ext4_acquire_dquot+0x2d9/0x4a0
[  192.800544][ T8162]  dqget+0x778/0xeb0
[  192.804458][ T8162]  __dquot_initialize+0x3b6/0xcb0
[  192.809489][ T8162]  ? dquot_initialize+0x20/0x20
[  192.814425][ T8162]  ? ext4_get_projid+0x140/0x140
[  192.819367][ T8162]  ext4_process_orphan+0x54/0x300
[  192.824397][ T8162]  ext4_orphan_cleanup+0xaa9/0x12e0
[  192.829693][ T8162]  ? ext4_orphan_del+0xb90/0xb90
[  192.834630][ T8162]  ? errseq_check_and_advance+0x62/0x120
[  192.840265][ T8162]  ext4_fill_super+0x92f0/0x9a60
[  192.845221][ T8162]  ? ext4_mount+0x40/0x40
[  192.849552][ T8162]  ? set_blocksize+0x1f1/0x370
[  192.854332][ T8162]  ? sb_set_blocksize+0xa5/0xe0
[  192.859194][ T8162]  mount_bdev+0x287/0x3c0
[  192.863544][ T8162]  ? ext4_mount+0x40/0x40
[  192.867880][ T8162]  legacy_get_tree+0xe6/0x180
[  192.872571][ T8162]  ? ext4_errno_to_code+0x160/0x160
[  192.877770][ T8162]  vfs_get_tree+0x88/0x270
[  192.882194][ T8162]  do_new_mount+0x24a/0xa40
[  192.886703][ T8162]  __se_sys_mount+0x2d6/0x3c0
[  192.891379][ T8162]  ? __x64_sys_mount+0xc0/0xc0
[  192.896150][ T8162]  ? lockdep_hardirqs_on+0x94/0x140
[  192.901348][ T8162]  ? __x64_sys_mount+0x1c/0xc0
[  192.906120][ T8162]  do_syscall_64+0x4c/0xa0
[  192.910533][ T8162]  ? clear_bhb_loop+0x30/0x80
[  192.915210][ T8162]  ? clear_bhb_loop+0x30/0x80
[  192.919891][ T8162]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  192.925798][ T8162] RIP: 0033:0x7faf20883eea
[  192.930210][ T8162] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  192.949816][ T8162] RSP: 002b:00007faf1eae8e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  192.958233][ T8162] RAX: ffffffffffffffda RBX: 00007faf1eae8ef0 RCX: 00007faf20883eea
[  192.966204][ T8162] RDX: 0000200000000240 RSI: 0000200000000380 RDI: 00007faf1eae8eb0
[  192.974173][ T8162] RBP: 0000200000000240 R08: 00007faf1eae8ef0 R09: 0000000002804450
[  192.982404][ T8162] R10: 0000000002804450 R11: 0000000000000246 R12: 0000200000000380
[  192.990389][ T8162] R13: 00007faf1eae8eb0 R14: 000000000000051b R15: 0000200000000280
[  192.998367][ T8162]  </TASK>
[  193.007127][ T8162] EXT4-fs error (device loop4): ext4_do_update_inode:5218: inode #3: comm syz.4.1493: corrupted inode contents
[  193.021538][ T8162] EXT4-fs error (device loop4): ext4_dirty_inode:6054: inode #3: comm syz.4.1493: mark_inode_dirty error
[  193.035847][ T8162] EXT4-fs error (device loop4): ext4_do_update_inode:5218: inode #3: comm syz.4.1493: corrupted inode contents
[  193.049624][ T8162] EXT4-fs error (device loop4): __ext4_ext_dirty:183: inode #3: comm syz.4.1493: mark_inode_dirty error
[  193.056680][ T8165] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 scanned by syz.1.1496 (8165)
[  193.093638][ T8162] Quota error (device loop4): write_blk: dquota write failed
[  193.101777][ T8165] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm
[  193.108005][ T8162] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota
[  193.111700][ T8165] BTRFS info (device loop1): using free space tree
[  193.132879][ T8162] EXT4-fs error (device loop4): ext4_acquire_dquot:6209: comm syz.4.1493: Failed to acquire dquot type 0
[  193.133191][ T8165] BTRFS info (device loop1): has skinny extents
[  193.149829][ T8162] EXT4-fs (loop4): ext4_process_orphan: deleting unreferenced inode 16
[  193.163419][ T8162] EXT4-fs (loop4): 1 orphan inode deleted
[  193.169926][ T8162] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  193.183523][ T8162] ext4 filesystem being mounted at /330/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  193.223461][ T8162] EXT4-fs (loop4): re-mounted. Opts: (null). Quota mode: writeback.
[  193.258634][ T8165] BTRFS info (device loop1): enabling ssd optimizations
[  193.368209][ T4349] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 9 /dev/loop1 scanned by udevd (4349)