last executing test programs:

3.760053629s ago: executing program 2 (id=1052):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
listen(r0, 0x4)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000000380)=[@in6={0xa, 0x4e22, 0x200, @loopback, 0x400}], 0x1c)

3.62802164s ago: executing program 2 (id=1055):
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x12, 0x24, 0x4, 0x2}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000002c0)={r0, &(0x7f00000006c0), &(0x7f0000000000), 0x2}, 0x20)

3.522903648s ago: executing program 2 (id=1060):
mbind(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x8000, 0x0, 0x6, 0x4)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x32, 0x0, 0x0)
syz_usb_connect$uac1(0x5, 0x9c, &(0x7f0000000000)=ANY=[@ANYBLOB="12011001000000406b1d010140000102030109028a000301ffa0060904000000010100000a240100000202010207240504062e7d0904010000000000000000010101010200000c2402ec79030420be11d1d109050109758b0620010725010006efff0904020000010200000904020101010200001124020306040803000c0000000000000007240116050210090506090002"], 0x0)

2.082657863s ago: executing program 3 (id=1091):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a7c000000060a0b04000000000000000002000000500004802800018007000100637400001c000280050003000100000008000140000000170800024000000013240001800a0001007265646972000000140002800800014000000017080003400000dd000900010073797a30000000000900020073797a3200"], 0xa4}}, 0x0)

1.921746226s ago: executing program 3 (id=1094):
r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000080)={0x0, 0x22, 0x2, {0x2, @raw_data="b0b2b9e01ad7d43039a48e029494b310391e65b114d090c2b2c79e83132c6a4fa6f852b88976161bc2e197c2dc3565a8a47f7219a3434d49f365bd574ad030513d8723a2945a0919acb9cccfe8630865ad72b164cc2ab90bdd935f60d0689d7348addb9705b9ea49410843fdd406acb7326cb0b989155c6aee1bab2ca5b4f551e94bb1466e622fce646388c6acf39fc0358c6e2b7979960d748c08f09c665f1751c2bd4d60dbf47dbeddc7a6184d888da77b7464914d1f8fd2e6c37e77110d0d1c00"}})
ioctl$vim2m_VIDIOC_QBUF(r0, 0xc058560f, &(0x7f0000000280)=@multiplanar_userptr={0x0, 0x2, 0x4, 0x8, 0x0, {0x77359400}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "9b72bf60"}, 0x0, 0x2, {0x0}, 0xee})

1.902459818s ago: executing program 3 (id=1095):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180))
r0 = syz_open_procfs(0x0, &(0x7f0000000300)='net/unix\x00')
preadv(r0, &(0x7f0000000380)=[{&(0x7f0000000100)=""/82, 0x52}], 0x1, 0x7, 0x0)

1.779165038s ago: executing program 3 (id=1098):
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20, 0x3000000, @mcast2, 0x2db}, 0x1c)
setsockopt$inet6_int(r0, 0x29, 0x11, &(0x7f0000000000)=0x1, 0x4)

1.667553117s ago: executing program 3 (id=1101):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f00000002c0), r0)
sendmsg$ETHTOOL_MSG_CHANNELS_GET(r0, &(0x7f0000000200)={0x0, 0x700, &(0x7f0000000240)={&(0x7f0000000000)={0x20, r1, 0x3e8c4ddb697c9f8f, 0x0, 0x0, {0x4}, [@HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}]}]}, 0x20}}, 0x0)

1.579948334s ago: executing program 1 (id=1103):
r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, 0x0)
ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f00000000c0)={'8255\x00', [0x4f27, 0x5, 0x2, 0x401, 0x1, 0xcc7, 0xfff, 0x5c95239c, 0x5, 0x3ff, 0x802, 0x1600, 0x1, 0x2, 0x9, 0xe1cb, 0x6, 0x4, 0x3, 0x395, 0x80000089, 0xfffffffe, 0xa, 0xfffffff5, 0xffffcadb, 0x3, 0x0, 0x0, 0x4, 0x8000000, 0xdffffffa]})

1.535717357s ago: executing program 2 (id=1105):
r0 = socket$kcm(0x11, 0x2, 0x300)
readv(r0, &(0x7f0000000540)=[{&(0x7f0000000000)=""/119, 0x77}], 0x1)
ioctl$sock_kcm_SIOCKCMUNATTACH(r0, 0x8907, 0x0)

1.532379797s ago: executing program 3 (id=1106):
syz_usb_connect(0x3, 0x62, &(0x7f00000003c0)=ANY=[@ANYBLOB="12010000fb5d7d086d04c308166b0102030109025000010000000009041f0000ff0100000a2405"], 0x0)
getpid()
connect$vsock_stream(0xffffffffffffffff, 0x0, 0x0)

1.308357545s ago: executing program 1 (id=1108):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)

1.24443386s ago: executing program 1 (id=1110):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={{0x14}, [@NFT_MSG_NEWRULE={0x70, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x44, 0x4, 0x0, 0x1, [{0x40, 0x1, 0x0, 0x1, @byteorder={{0xe}, @val={0x2c, 0x2, 0x0, 0x1, [@NFTA_BYTEORDER_DREG={0x8}, @NFTA_BYTEORDER_SREG={0x8}, @NFTA_BYTEORDER_OP={0x8}, @NFTA_BYTEORDER_LEN={0x8}, @NFTA_BYTEORDER_SIZE={0x8, 0x5, 0x1, 0x0, 0xfffffffc}]}}}]}]}], {0x14}}, 0x98}}, 0x0)

1.12400567s ago: executing program 1 (id=1112):
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x3, 0x4, &(0x7f00000003c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, [@call={0x85, 0x0, 0x0, 0x61}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @sched_cls=0x2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r0, 0x0, 0xe40, 0xe40, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x320e, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)

1.067564354s ago: executing program 1 (id=1113):
syz_mount_image$jfs(&(0x7f00000021c0), &(0x7f0000002140)='./bus\x00', 0x2008010, &(0x7f00000000c0)=ANY=[@ANYBLOB="696f636861727365743d6d616363726f617469616e2c646973636172643d3078303030303030303030303030303030332c6e6f646973636172642c6572726f72733d636f6e74696e75652c696f636861727365743d6d6163637972696c6c69632c0067add4ceec7cb8702b1b4a0ff322839e69b507d7478e0706b00408dc59283f5c0159b8e3c0289dcb182504844ef8e6972cdb3f50680fc9602ed27c1f6b47a91f941f154ae205d34a9b7a7c67efa0c0e2a70251d664fce12ae64a5a521aa83080b7672c4e1566a61a0ade4b6c9d78151053d9fb31fd2cfc77f269f873e14e5fe3c46c0acbb22d40391ae31d2025dcd947adf76739ae4ecbe3b630040b37e2b09d7816e0b93981de1147532cf2f46d4d4904f68fb43cd165b9"], 0x1, 0x6361, &(0x7f0000010f80)="$eJzs3U9vHGcdB/Df7D//KW2jHqoSIeS2AVpK87eEQIG2Bzj0wgHlihK5bhWRAkoCSquIuMqFAy8ChMQREEdOvIAeuHLjBRApQQJ66qCxn8cZL96s43R31n4+H8md+c0z432m3x3vbmZmnwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4u3v//BMFRGXfpEWHIv4XPQjehErTb0WEStrx/L6g4h4Lraa49mIGC5FVLnx6YjXIuLjpyLu3b+13iw6u89+fO9Pf//dj574wd/+MDz1nz/f6L8+ab2bN3/977/cPvj+AgAAQInquq6r9DH/ePp83+u6UwDAXOTX/zrJy9ULV29OXT9ikfqrVqvV6gWs2+q93W4XEbHZ3qZ5z+B0PAAcMpvxSdddoEPyL9ogIp7ouhPAQqu67gAzce/+rfUq5Vu1Xw/WttvztSC78t+sdu7vmDSdZvwak3k9v+5EP56Z0J+VOfVhkeT8e+P5X9puH6X1Zp3/vEzKf7R961Nxcv798fzHHJ38e3vmX6qc/+CR8u/LHwAAAAAAFlj+9/9jHZ//XXr8XdmXh53/XZtTHwAAAAAAAADgs/a44//tqIz/BwAAAIuq+aze+M1TD5ZN+i62ZvnFKuLJsfWBwqSbZVa77gcAAAAAAAAAAAAAlGSwfQ3vxSpiGBFPrq7Wdd38tI3Xj+pxtz/sSt9/KFnXf+QBAGDbx0+N3ctfRSxHxMX0XX/D1dXVul5eWa1X65Wl/H52tLRcr7Q+1+Zps2xptI83xINR3fyy5dZ2bdM+L09rH/99zWON6v4+OjYfHQYOABGx/Wp0zyvSEVPXT0fX73I4HBz/R4/jn/3o+nkKAAAAzF5d13WVvs77eDrn3+u6UwDAXOTX//HzAmq1Wl1WvbJg/VGrZ1O31Xu73S4iYrO9TfOewXD8AHDIbMYnXXeBDsm/aIOIeK7rTgALreq6A8zEvfu31quUb9V+PUjju+drQXblv1ltbZe332s6zfg1JvN6ft2JfjwzoT/PzqkPiyTn3xvP/9J2+yitN+v852VS/s1+HuugP13L+ffH8x9zdPLv7Zl/qXL+g0fKvy9/AAAAAABYYPnf/48t1Pnf0UF3Z6qHnf9dm9mjAgAAAAAAAMBs3bt/az3f95rP/39hj/Xc/3k05fwr+Rcp55/u/9+58OalsfX6rfm7bz3I/1/3b63//sY/P5+n+81/Kc9U6ZlVpWdElR6pGqTpAXdsgjvD/qh5pGHV6w/SNT/18N24EldjI07vWreXjocH7Wd2tTc9HW611/3t9rO72gc77Xn7c7vah+lKp3olt5+M9fhpXI13ttqbtqUp+788pb2e0p7z7zv+i5TzH7R+mvxXU3s1Nm3c/aj3f8d9e7rX47x55Yu/Oj373ZnqTvR39q2t2b8XOujP1v+TJ0bx8+sb107evHzjxrUzkSa7lp6NNPmM5fyH6Sfn/9KL2+357377eL370eiR818Ud2IwMf8XW/PN/r485751Iec/Sj85/3dS+97H/2HOf/Lx/0oH/QEAAAAAAAAAAAAAAICHqet66xbRNyPifLr/p6t7MwGA+cqv/3WSl8+r7h90+z/u3o+u+q9Wz7muFqw/c60/rWf9eG8v1P6qD1T/d8H6s3B1W723N9pFRPy1vU3znuGXe/0yAGCRfRoR/+i6E3RG/gXL3/fXTE903Rlgrq5/8OGPL1+9unHtetc9AQAAAAAAAAAOKo//udYa//lEXde3x9bbNf7rW7H2uON/DvLMzgCjEwaq7j/6Pj1ML6Lfaw03/nxMGv97uDP3sPG/B1MebzilfTSlfWlK+/KU9j1v9GjJ+T/fGu/8REQcHxt+vYTxX8fHvC9Bzv+F1vO5yf8rY+u1869/e5jz7+3K/9SN93926voHH7565f3L7228t/GTc2fOnD53/vyFCxdOvXvl6sbp7f922OPZyvnnsa9dB1qWnH/OXP5lyfl/KdXyL0vO/8upln9Zcv75/Z78y5Lzz5995F+WnP/LqZZ/WXL+X021/MuS838l1fIvS87/a6mWf1ly/q+mWv5lyfmfTLX8y5LzP5Xqfea/Mut+MR85/3yGy/Fflpx/vrJB/mXJ+Z9NtfzLkvM/l2r5lyXn/1qq5V+WnP/XUy3/suT8z6da/mXJ+X8j1fIvS87/QqrlX5ac/zdTLf+y5Py/lWr5lyXn/3qq5V+WnP+3U72//Kfd9cZhkfP/TqoHU+8o5CjJ+X831f7+lyXn/0aq5V+WB9//b8aMGTN5puu/TAAAAAAAAAAAAADAuHlcTtz1PgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwP/YgQMBAAAAACD/10aoqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwg4cCAAAAAAA+b82QlVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVRX27jVGrrO+H/iZvXnjhMRAyN/J3wlrxxjjbLLrS3yhdTHh2nArCaHQC7brXZsF3/DaJdCodhQokTAqrWgbXrQFhNq8qbAqXlAEKC9QL1IlaF/QN4gKlRdRG1BAQqIIstXMeZ5nZ87Ozux6x+vZcz4fyf55Zs6c85wzz5zd366/cwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKDZ5tdNf6KWZVmtVsvv2JBlN9XrDWMbGve8+vqODwAAAFi5Xzb+fv6WdMehJTypaZl/uutbX56bm5vL3jP4Z8OfmZtLD4xl2fC6LGs8Fl35/ntrzcsET2SjtYGm2wNdNj/Y5fGhLo8Pd3l8pMvj67o8Ptrl8QUHYIEbslpa2dbGPzfkhzS7NRtuPLa1zbOeqK0bqB+79Nys1njO3PDxbCY7mU1nky3L58vWGst/bXN9W2/O4rYGmra1qT5DfvzYsTiGWjjGW1u2Nb/O6IevzcZ+8uPHjv3N+edub1e7HoaW9eXj3L6lPs6PhXvysdaydemYxHEONI1zU5vXZLBlnLXG8+r/Lo7z+SWOc3B+mKuq+JqPZgONf3+7cZyGalmb47Qp3Pezu7MsuzQ/7OIyC7aVDWTrW+4ZmH99RvMZWV9HfSq9JBta1jzdvIR5Wq9TW1vnafE9EV//zeF5Q4uMofll+uHjI02v+y/mrmaeRvW9Xuy9UpyDvX6v9MscjPPi242dfrLtHNwa9v+xbYvPwbZzp80cTPvdNAe3dJuDAyODjTGnF6HWeM78HNzZsvxgY0u1Rn12W+c5OHH+1NmJ2Y989N6ZU0dPTJ+YPr17587J3Xv37t+/f+L4zMnpyfzvqzza/W99NpDeA1vCsYvvgVcWlm2eqnOfH1lw/r3a9+Foh/fhhsKyvX4fDhV3rrY6b8iFczp/b7yrftBHLw9ki7zHGq/PjpW/D9N+N70Ph5reh22/prR5Hw4t4X1YX+bsjqV9zzLU9KfdGBb/WrCyObihaQ4Wvx8pzsFefz/SL3NwNMyL7+5Y/GvBpjDeJ8eX+/3I4II5mHY3nHvq96Tv90f3N0q7eXlH/YEbR7ILs9Pn7nv06Pnz53ZmoayKlzbNleJ8Xd+0T9mC+Tqw7Pl6aOauJ+9oc/+GcKxG763/Nbroa1VfZs99nV+rxle39sez5d5dWSg9ttrHs91X8/rxHMmyz37z8Ye+/thnX7fo8az3mx+bWPn34qkvbTr/Di9y/o19/wv59tKqnhgcHsrfv4Pp6Ay3nI9bX6qhxrmr1tj28xNLOx8Phz+rfT6+tcP5eGNh2V6fj4eLOxfPx7VuP+1YmeLrORrmycnJzufj+jIbdy13Tg51PB/fHWotHP9XhU4h9UVNc2exeZu2NTQ0HPZrKG6hdZ7ubll+OPRm9W09vevq5un2u/N1Daa9m7da83SssGyv52n62ddi87TW7advV6f4eo6GeXHr7s7ztL7MM3tWfu68If6z6dw50m0ODg+O1Mc8nCZh43yfzd0Q5+B92bHsTHYym2o8OtKYT7XGtsbvX9ocHAl/VvtcubHDHNxeWLbXczB9HVts7tWGFu58DxRfz9EwL566v/McrC/z+n29/d51e7gnLdP0vWvx52uL/czrjsJhulZzZSiM85v7Ov9str7Myf3L7TM7H6d7wj03tjlOxffvYu+pqWx1jtPGMM7n9i9+nOrjqS/zmQNLnE+Hsiy7+KEHGj/vDb9f+fsL3/lyy+9d2v1O5+KHHvjRi47/43LGD8Da90Je1udf65p+M7WU3/8DAAAAa0Ls+wdCTfT/AAAAUBqx74//KzzR/wMAAEBpxL5/KNSkIv3/xtc/N/PCxSwl8+eC+Hg6DA/my8WM62S4PTY3r37/A1+c/ulXLy5t2wNZlv3iwT9ou/zGB+O4cmNhnFfe0Hr/Al++d0nbPvLIxbTd5vz658L64/4sdRq0i+BOZln2tVs+1djO2HsvN+ozDx5p1IcuPflEfZnnDxz56Vf/ef45z740X/4vQ/j30PGjLc9/NhyHH4Q6+Zb2xyM+70uXX7Vp37vntxefV9tyc2O3n3pfvt74OTmffiJfPh7nxcb/9U8+/aX68o++Ir9dK4z/4kD78T8d1vvFUP/3znz55tegfjs+7+Nh/HF78Xn3feEbbcd/5RP58mffmC93JNS4/e3h9tY3PjfTfLwerR1t2a/sTflycfuT3/njxuNxfXH9xfGPHr7ccjyK8+OZf8/XM1FYPt4ftxP9Q2H79fU0z8+4/af/6EjLce62/SsPPXtnfb3F7d9TWO7sh3Y0tj+/vtZPbPqrj3+q7fbieA793dmW/Tn0zvA+Dtt/6n1hPobHf34lX1/x0xWOvLP1/BOX/9yGiy37E735J/n2r7zmRKOuG71h/Y03vejmSy+vH7ss+/a6fH3dtn/ir8+0jP/zt+XHIz4eM/rF7S8mbv/ch8dPn5m9MDOVjupjtzQ+O+et+XjieG8J59bi7cNnzr9/+tzY5Nhklo2V9yP0rtoXQv1RXi51XnpuwRl0xyPh9bzjL762ftu/fTLe/x/vyu+//Jb869Yrw3KfDvdvCK/f8ra/0FObb2u8v2vPhBHOLfy84JXYtPW/9y9pwbD/xe8L4nw/+7L3N45D/bHG1434vl7h+L83la/nK+G4zoVPZt5y2/z2mpePn41w+eH8/b7i4xdOc/F1/dvwer/tB/n647ji/n4vfB/zjY2t57s4P75ycaC4/saneFwK55Ps0s9bjnA83pefv63t8OLnkGSXbm/c/tO0ntuXtZuLmf3I7MTJmdMXHp04Pz17fmL2Ix89fOrMhdPnDzc+y/PwB7o9f/78tL5xfpqa3rsna5ytzuTlGrve4z/7yLGpfZPbpqaPH71w/PwjZ6fPnTg2O3tsemp229Hjx6c/3O35M1MHd+46sHvfrvETM1MH9x84sPvA+MzpM/Vh5IPqYu/kB8dPnzvceMrswT0Hdt5//57J8VNnpqYP7pucHL/Q7fmNr03j9Wf//vi56ZNHz8+cmh6fnfno9MGdB/bu3dX10wBPnT0+OzZx7sLpiQuz0+cm8n0ZO9+4u/61r9vzKafZ/8y/ny2q5R/El73jnr3p81nrvvj4oqvKFyl8gOhz4bNo/uXFZ/cv5Xbs+4dDTSrS/wMAAEAVxL5/JNRE/w8AAAClEfv+daEm+n8AAAAojdj3j4aaVKT/L13+f+PFJW2/r/L/bfLz8v/y/5n8f9Lz/P/D/Zb/z88X8v+9sdL8vfx/IP+/Svn//PG4lPz/2h6//L/8Pwv1W/4/9v03ZFkl+38AAACogtj3rw810f8DAABAacS+/8ZQE/0/AAAAlEbs+28KNalI/y//L/8v/y//L//ffvvy/2uT/H9n8v9dyP9PZNXK/1/q5fjl/+X/Wajf8v+x739RqElF+n8AAACogtj33xxqov8HAACA0oh9/y2hJvp/AAAAKI3Y928INalI/y//L/+/6vn/P5H/l/+X/5f/v3bk/zuT/++i9/n/9YX1933+3/X/5f/l/+mlfsv/x77/xaEmFen/AQAAoApi3/+SUBP9PwAAAPSfoat7Wuz7XxpqsqD/v8oNAAAAANdd7PtvzQpB8Ir8/l/+X/6//6//vy49Jv8v/5/1Zf5/MJP/7x/y/53J/3fh+v/y//L/8v/0VL/l/xt9fzaavSzUpCL9PwAAAFRB7PtvCzXR/wMAAEBpxL7//4Wa6P8BAACgNGLfvzHUpCL9v/y//H//5/9d/1/+v9/z/67/30/k/zuT/+9C/l/+X/5f/p+e6rf8f+z7bw81qUj/DwAAAFUQ+/47Qk30/wAAAFAase///6Em+n8AAAAojdj3bwo1qUj/L//f5/n/mByV/5f/l/+X/5f/XxL5/87k/7uQ/5f/l/+X/6enVin//z9Zli0p/x/7/jtDTSrS/wMAAEAVxL7/rlAT/T8AAACURuz7Xx5qov8HAACA0oh9/1ioSUX6f/n/Ps//5zn4Edf/l/+X/8+ypwv7I/8v/9+O/H9n8v9dyP/L//ck/z93Uf5f/p9cv13/P/b9m0NNKtL/AwAAQBXEvn9LqIn+HwAAAEoj9v13h5ro/wEAAKA0Yt+/NdSkIv2//P+ayP9nPc7/r8vk/+X/12D+3/X/5f+XQv6/M/n/LuT/5f9d/1/+n57qt/x/7PtfEWpSkf4fAAAAqiD2/dtCTfT/AAAAUBqx739lqIn+HwAAAEoj9v3bQ00q0v/L/1cy/+/6//L/8v/y/6Ul/9+Z/H8X8v/y//L/8v/0VL/l/2Pf/6pQk4r0/wAAAFAFse/fEWqi/wcAAIDSiH3/PaEm+n8AAAAojdj3j4eaVKT/l/+X/5f/l/+X/2+/ffn/tUn+vzP5/y7k/+X/5f/l/+mpfsv/x77/3lCTivT/AAAAUAWx778v1ET/DwAAAKUR+/6JUBP9PwAAAJRG7PsnQ00q0v/L/8v/y//L/y8r///y+fXK/+fk//uL/H9n8v9dyP/L/1/3/P+w/D+l0m/5/9j37ww1qUj/DwAAAFUQ+/5doSb6fwAAACiN2PfvDjXR/wMAAEBpxL5/T6hJRfp/+X/5f/l/+X/X/2+/ffn/tUn+v7Pe5//jLsr/y//L/7v+v/w/C/Vb/j/2/feHmlSk/wcAAIAqiH3/3lAT/T8AAACURuz794Wa6P8BAACgNGLfvz/UpCL9v/y//L/8v/y//H/77cv/r03y/525/n8X8v/y//L/8v+s0MN/2HxrFfP/N2VLyP/Hvv9AqElF+n8AAACogtj3vzrURP8PAAAApRH7/l8JNdH/AwAAQGnEvv9XQ00q0v/L/7dkz+u7u7T8f22o9WabReT/5f+L80P+X/5f/v/auwb5/zhF5P/l/+X/u5D/l/+X/6do0fx/aL17mP9vm/cv3o59/8FQk4r0/wAAAFAFse//tVAT/T8AAACURuz7XxNqov8HAACA0oh9/6FQk4r0//L/rv8v/y//L//ffvurnf8fieuV/18R1//vTP6/C/l/+X/5f/l/emoVr/+/pPx/7PtfG2pSkf4fAAAAqiD2/Q+Emuj/AQAAoDRi3/+6UBP9PwAAAJRG7PtfH2pSkf5f/l/+f63k/2+U/5f/L+xP2fL/rv/fG9cz/z8o/y//H8j/y//L/8v/k+u3/H/s+98QalKR/h8AAACqIPb9bww10f8DAABAacS+/02hJvp/AAAAKI3Y97851KQi/b/8v/z/Wsn/Z/L/8v+F/ZH/l/9vx/X/O5P/70L+X/5f/l/+n94I58R+y//Hvv/XQ00q0v8DAABAFcS+/8FQE/0/AAAA9LHl/U+v2Pe/JdRE/w8AAAClEfv+t4aaVKT/l/+X/5f/l/+X/2+/ffn/tUn+v7M1lv//5c3hfvn/nPx/f49/ufn/ocLta5L///5i+f+5dcXny/9zLfRb/j/2/W8LNalI/w8AAABVEPv+t4ea6P8BAACgNGLf/45QE/0/AAAAlEbs+38j1KQi/b/8f30c8+ll+f+y5v8H5P/l/+X/K0L+v7M1lv93/f8C+f/+Hr/r/8v/s1C/5f9j3//OUJOK9P8AAABQBbHvfyjURP8PAAAApRH7/odDTfT/AAAAUBqx739XqElF+n/5f9f/r0b+3/X/M/l/+f+KkP/vTP6/C/l/+f9+y///l/w/a1u/5f9j3/9IqElF+n8AAACogtj3vzvURP8PAAAApRH7/t8MNdH/AwAAQGnEvv89oSYV6f/XXP5/pNsOlTX/P7ZG8/+Py/9fw/z/XTfny8n/y/8zr0L5/zuXu+5M/r87+X/5/37L/7v+P2tcv+X/Y9//3lCTpff/o0teEgAAALguYt//W6EmFfn9PwAAAFRB7Pt/O9RE/w8AAAClEfv+3wk1qUj/v+by/67/v8by/67/n7n+//y8rHT+f1j+f5WsXv4/nnlc/1/+X/4/kv+X/5f/p6jf8v+x7//dUJOK9P8AAABQBbHvf1+oif4fAAAA1oR2/ye7KPb9h0NN9P8AAABQGrHvPxJqUpH+X/5f/l/+v0/z/3++5V+/+623H9kp/1+S/L/r/6+WVb3+f/3Nf/2u/39V5P+7kP+X/5f/l/+np/ot/x/7/qOhJhXp/wEAAKAKYt//e6Em+n8AAAAojdj3Hws10f8DAABAacS+fyrUpCL9v/y//L/8f5/m/9fw9f/j8ZD/b9Wz/H886cr/t5Xn79Msurb5/3fP58Tl/5eb/x9pe6/8v/z/Wh6//L/8Pwv1W/4/9v3ToSYV6f8BAACgCkLfP3A8r/MP6P8BAACgNGLffyLURP8PAAAApRH7/veHmlSk/5f/l/+X/5f/d/3/9tvvlP+vDbn+f79K+fufNd4o8v8F/ZP/b0/+X/6/B+MfSDfl/+X/ue76Lf8f+/6ZUJOK9P8AAABQBbHv/0Coif4fAAAASiP2/R8MNdH/AwDA/7F3H0+WnWcdx0+b0UxPiSrYUCzYUEWx4k/wAtZQrFmwYUMVRYEJBkT2mBwNNjYZjE0ONmBjIwzY5GADxiCyBIgkogARJIRU45ru53k63HPP7XD73nPe9/NZ6GHa03OvVMOMfmp9dQCakbv/0+KWTva//l//r//X/+v/x19/ts//1/9Pum5/r/8P+v+++/9nF93/e/6//p8ZmVv/n7v/0+OWTvY/AAAA9CB3/8viFvsfAAAAmpG7/zPiFvsfAAAAmpG7/zPjlk72v/7/Ov3/SaWs/z/7/jf3//mKN9j/f7T+f93r6//1/y3T/0/T/28w3v/fHoahr/5/2c//1//r/5mRufX/ufs/K27pZP8DAABAD3L3f3bcYv8DAABAM3L3vzxusf8BAACgGbn7Pydu6WT/n+v/D4Y++//MeD3/3/P/9f/6f/3/wu22/3/lg1/59P8X7v/f/JpNLzvT/r/F5//fHvvgvvv569r3+79g/39n3efr/2nR3Pr/3P2fG7d0sv8BAACgB7n7Py9usf8BAACgGbn7H4lb7H8AAABoRu7+z49bOtn/23v+/92jjy+0/y/6f/3/0Qf0//p//f9ief7/tJ6e///yxx5+2TNv/7BHL/P6HfX/o/bdzy/9/Xv+v/6fVXPr/3P3f0Hc0sn+BwAAgB7k7v/CuMX+BwAAgGbk7v+iuMX+BwAAgGbk7v/iuKWT/b+9/n/Rz/8v+n/9/9EH9P/6f/3/Yun/p/XU/1/l9fX/+n/9v/6f7Zpb/5+7/0vilk72PwAAAPQgd/+Xxi32PwAAADQjd/8r4hb7HwAAAJqRu/9e3NLJ/tf/33z//+Lc+v/b+n/9v/5f/98u/f80/f8G+n/9v/5f/89Wza3/z93/yrilk/0PAAAAPcjd/2Vxi/0PAAAAzcjd/+Vxi/0PAAAAzcjd/xVxSyf7X//v+f876P9vD/r/I/p//b/+/+bp/6fp/zfQ/1+3n39I/6//1/9z2iX7/+cnftneSv+fu/8r45ZO9j8AAAD0IHf/V8Ut9j8AAAA0I3f/V8ct9j8AAAA0I3f/18Qtnex//b/+3/P/9f9X7v9Xf+od0f+P0//vhv5/2mz6/4Nbox/W/y++//f8f/2//p8z5vb8/9z9Xxu3dLL/AQAAoAe5+78ubpnY/5f+h/kAAADAXuXu//q4xdf/AQAAYPGyOsvd/w1xSyf7X/+v/9f/6/89/3/89af6/0dPvT/9/7zo/6fNpv9fQ/+v/1/y+9f/6/9ZNbf+P3f/N8Ytnex/AAAA6EHu/lfFLfY/AAAANCN3/zfFLfY/AAAANCN3/zfHLZ3s//H+/+R/1/9fjP7/7PvX/4///NhW/58/ov5/sv//GM//75P+f9ru+/87+v+zP77+/wbt+/033v/f3fT5+n/GzK3/z93/6rhl0/A7/zeoAAAAwGzl7n9N3NLJ1/8BAACgB7n7vyVusf8BAACgGbn7Xxu3dLL/Pf9///3/3UH/r//3/P9hYc//H3be/9/S/1+Q/n+a5/9voP/X/+v/Pf+frZpb/5+7/3VxSyf7HwAAAHrwuueGo93/rcNg/wMAAMASnf53B9b89/pz939b3GL/AwAAQDNy93973NLJ/tf/77//9/x//b/+/9jS+/9ND0b2/P/d0P9P0/9voP+/iX7+VmP9/+vXff4c+v9X6P+ZmTP9/ztPPr6v/j93/3fELZ3sfwAAAOhB7v7vjFvsfwAAAGhG7v7vilvsfwAAAGhG7v7vjls62f833v9PBLH6f/2//l//31L/v4n+fzf0/9P0/xvo/z3/3/P/9f9s1Un/f/bXw331/7n7vydu6WT/AwAAQA9y939v3GL/AwAAQDNy978+brH/AQAAoBm5+78vbulk//fy/P+Hz31b/6//P/3XS/+v/x97ff3/Mun/p+n/N9D/6//1//p/turM8/9P2Vf/n7v/DXFLJ/sfAAAAepC7/41xi/0PAAAAzcjd//1xi/0PAAAAzcjd/wNxSyf7v5f+/7xd9f/5cf2//n/Q/+v/9f870W3/fzD2O9GqNf3/ez7l3sed/Yj+v63+/9mL/envu5+/rn2/f/2//p9Vs+j/75/83WXu/h+MWzrZ/wAAANCD3P0/FLfY/wAAANCM3P0/HLfY/wAAANCM3P0/Erdccv9/8Fbf1e7o/z3/X/+v/9f/j7++/n+Zuu3/L8jz/zdotf+/oH3380t///p//T+rZtH/n/p27v4fjVt8/R8AAACakbv/x+IW+x8AAACakbv/x+MW+x8AAACakbv/J+KWTva//l//r//X/+v/x1//qv3/4TBO/78b+v9p+v8N9P/T/fwHTX++/l//r//nvJvp/5/6kPzgZfv/3P1vils62f8AAADQg9z9b45b7H8AAABoRu7+n4xb7H8AAABoRu7+n4pbOtn/+n/9v/5f/6//H399z/9fJv3/NP3/MAxvmXgDY/3//Tv6f8//1//r/7miuT3/P3f/T8ctnex/AAAA6EHu/rfELfY/AAAANCN3/1vjFvsfAAAAmpG7/2filk72v/5f/3/T/f8L9+/fn3H/f/RTWv+v/x97ff3/Mun/p+n/N/D8f/2//l//z1bNrf/P3f+2uKWT/Q8AAAA9yN3/9rjF/gcAAIBm5O7/2bjF/gcAAIBm5O5/NG7pZP9fq/8//Qn6/xX6f8//P//zo6v+/57+/zz9/27cXP8/6P/1//r/8w7PflP/r//X/3Pervr/5+PX+039f+7+n4tbOtn/AAAA0IPc/e+IW+x/AAAAaEbu/p+PW+x/AAAAaEbu/l+IWzrZ/57/r/+fc///4AfW/y+0//f8/xX6/93w/P9p+v8N9P+e/3/N/v8l+n/9P2fsqv9f1/uf/3bu/l+MWzrZ/wAAANCD3P3vjFvsfwAAAGhG7v53xS32PwAAADQjd/8vxS2d7H/9v/7/bP9/3NvPpf/v9/n/x/+fpv8/1nD/fzjo/7dubv3/3Uu+vv5f/6//v4H3/5Khoef/r/9VRf/PHM2t/8/d/8txSyf7HwAAAHqQu/9X4hb7HwAAAJqRu/9X4xb7HwAAAJqRu//X4paW9v+L69O35ff/d859ov5/GIbHH2nk+f/99v/H9P/HGu7/66+q/n975tb/X/b19f/6f/3/ct//bvr/9fT/zNHc+v/c/b8et7S0/wEAAKBzuft/I26x/wEAAKAZuft/M26x/wEAAKAZuft/K27pZP8vv/8//4n6/+Faz//X/x99YH79/yOD/l//r/+/kOv29284jN/T9P/6f/3/aD9/sObvewb9v/5f/8+IufX/uft/O27pZP8DAABAD3L3vztusf8BAACgGbn73xO32P8AAADQjNz9vxO3dLL/9f/6f/3/Ivr/lef/H+r/9f/6/1Fzef7/S1/6se/T/+v/W+z/p+j/9f/6f86bW/+fu/9345ZO9j8AAAD0IHf/78Ut9j8AAAA0I3f/e+MW+x8AAACa8d6jkPNw+P1h6HL/r/b/Dw3Hheqxsf4/GjX9/ynr+v+DYbin/9f/30T/P+j/9f/6/1Fz6f89//9q71//r/9f8vu/VP//4aufr/+nRXPr/3P3vy9u6WT/AwAAQA9y9/9B3GL/AwAAQDNy9/9h3GL/AwAAQDNy9z8Wt3Sy/z3/v8Hn/z+k/9f/T7++/l//3zL9/zT9/wb6/+v38/mrqv5/uc///wD9P9szt/4/d/8fxS1Hw+8jPvCKf5oAAADAjOTu/+O4pZOv/wMAAEAPcvf/Sdxi/wMAAEAzcvf/adzSyf7X/zfY/3v+v/5/w+vr//X/LdP/T9P/b9BP/3849sF99/PXte/330z/7/n/bNHc+v/c/X8Wt3Sy/wEAAKBtzx39MXf/n8ct9j8AAAA0I3f/X8Qt9j8AAAA0I3f/43FLJ/tf/6//b7///yT9/7nXb77/H4bh3oOfFPr/Lun/83f0cfr/Dfrp/0ftu59f+vvX/+v/WTW3/j93/xNxSyf7HwAAAHqQu/8v4xb7HwAAAJqRu/+v4hb7HwAAAJqRu/+v45Ym9v+tjd9D/99X/38w9Nj/e/5/d/2/5/93bTn9/xtHf5P2/H/9v/5/ue9f/6//Z9Xc+v/c/U8e3Gpw/wMAAEC7PuGjPvWJi37fJ4/+eDj8Tdxi/wMAAEAzcvf/bdxi/wMAAEAzcvf/XdzSyf7X//fV//f5/H/9v/5f/9+T5fT/4/T/l+n/T3730P/r/+fw/vX/+n9Wza3/z93/93HLqeG3+b+iBwAAAOzU7ct999z9/xC3dPL1fwAAAOhB7v6n4paV/X//gv9WOwAAADA3ufv/MW7p5Ov/+v+Z9//DDfX/8f30/8f0//r/sdfX/y+T/n/aNfv/+wez6v89/1//P6/3r/9f1/8/+F/1/72aW/+fu/8dbxu63P8AAADQqDP/ROGfjv54OPxz3GL/AwAAQDNy9/9L3GL/AwAAQDNy9/9r3NLJ/tf/z7z/v9Lz/+/W/+X5/533/686HH19/b/+v2X6/2ltPf9/ff+f9P+Xs+9+funvX//v+f+sukT/fzRIb7r/z93/b3FLJ/sfAAAAepC7/+m4xf4HAACAZuTu//e4xf4HAACAZuTu/4+4pZP9r//fQ///6jvDcKP9/wWe/6//76P/X/P67fT/H/rwvXd/4ie/9U36f07ssv/Pnwv6//n1/57/fzX77ueX/v71//p/Vs3t+f+5+/8zbulk/wMAAEAPcvc/E7fY/wAAANCM3P3/Fbc82P/v2te7AgAAALYpd/9/xy2dfP1f/9/i8/+X2f/nX+s99P/3ltf/Z1Pce//v+f/6/1We/z9N/7+B/l//P/H+n95Q0Ov/9f+sulz//9pbH/+Ra3+orfT/ufv/J27pZP8DAABAD3L3/2/ckvv/4NL/6B4AAACYmdz9z8Ytvv4PAAAAzcjd/1zc0sn+1//r/+fS/yfP/z/5PM//P6b/1/9fhv5/mv5/A/2//t/z/y/e/98++039P2Pm9vz/3P3/F7d0sv8BAACgB7n7n49b7H8AAABoRu7+/49b7H8AAABoRu7+F+KWTva//l//r//X/+v/x19f/79M+v9p+v8N9P/6f/2/5/+zVXPr/3P3vz8AAP//hh5niw==")
open(&(0x7f0000000380)='./bus\x00', 0x82040, 0x0)
symlink(&(0x7f0000000300)='./bus\x00', &(0x7f0000000340)='./bus\x00')

964.464933ms ago: executing program 2 (id=1114):
capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0xffffffff})
openat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x1817c1, 0x0)
setxattr$trusted_overlay_opaque(&(0x7f0000000180)='./bus\x00', &(0x7f00000001c0), 0x0, 0x0, 0x1)

948.937804ms ago: executing program 0 (id=1115):
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000000)='team_slave_0\x00', 0x10)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c)

869.7509ms ago: executing program 2 (id=1116):
syz_mount_image$ocfs2(&(0x7f0000004740), &(0x7f0000004780)='./file0\x00', 0x100000a, &(0x7f00000002c0)={[{@journal_async_commit}, {@heartbeat_none}, {@usrquota}, {@barrier={'barrier', 0x3d, 0x7}}, {@heartbeat_none}, {@inode64}]}, 0x1, 0x4703, &(0x7f0000004800)="$eJzs212IXFcBB/BzJ6vZpMl2P9ImafoxSQQXLcumT9X6ENeqjabNh7bVVFlnN9vN6uzMujujBYPUIIiCoARBxQ+qQulLLYiBvtQiFPxAWoVSUbS+iBSq4INBG+jKzNybnXtntneyk7S0/f2gnb3n3nPumf3vPXfOPZNCrHZqYaW4sFIsVYrV2ftXbil+rlquL86FwqvktT4/vbkSOcn+tXPkfR/4yD23hPCHY1/70Orq6mpoGA5dHWj7+fy/T8+2vyYKmTqNdru31vLH+iMv/fwtr3REnhMhhB0d/WrYFEL42C9C2BxCGInLRuPXLSGEbSGEKITw6G/+9ePBfrrQ5uy9Lzx37MzhfWemHn/smQvzR9c9MArhu+XdN88vvrh/023Pv+MynR4AAF7RB48fufvo5IHwZBSGzg10fl7fGb8mn4/vfNun7np4YG3/Kr3Z9CqGCgAAABlr8//h6OUu63XJylqyJPjEAyfufipa229i+/p26K4jt79/8kC8/ht17L81Lvrnezc111Cz677Z9d+RTP3u679r53n4q8/+svLWjfc/6V9y3uEQFSZS24XCxEQIx6Za27uirYVydaX2zvur9crJjZ/3jSKdf3b1fm1Bv9f8RzPV89b/d3/i8z/bMtDPOxgL2b/axnax80+ZLtL5rz+W/+RLUU/5j2Xq5eV/x9Pbz/9qcz/vIHtGLkU6/9aFuK/9gGJrAGjk/82B/Px3ZNrPy//7U+cePbGB7/80xpnhqNHXwdQI8HJcvs5XmMhI598KIjV0xr/I9a7//2XyvybTfl7+d1b/8bu/9XH/X2/8H5/qp803j3T+rSCKqSPWrv+RQv71f22m/bz8f3vqz89+sq97dWf+jf6Pu//3JJ1/fCNOD57N32Sv4//OTPt5+e8au++hhQ30+8Nb4n4ORWGs7Vun5xq3sKG19ermlKaxe2kDJ3kTSOff+q2lLp2h1kvz+h/OH/93ZdrPy/+hPV9/z+m+vv/bffyfNP73JJ3/lmbZpeT/Uib/3Zn28/L/4em//+W+yzz+N7YPyr8n6fy3duxfe/5T6Gn+d12mft7zn32jTz3y1z7m/0n/kvMmz3+S5xDjUev5D92l879q3eN6vf/vydTLu/6/9Z/nn97fz/gfDXoC0Id0/ttahV0mgL3mf32m/bz8v3DPlz/+pw3M/5qf+AaT/Nvm/5tb5UeN/z1J57+9VZj6x1APNv/fvP9Hnbn/N5P/DZn28/K/cGhi4CuX+f7f6P94l0fZdErnP7TucY38f9/D/f/GTL28/L+496cv3tzX5/8QJs31Nyyd/9XrHte8/gfz878pUy8v/+9849dPPNhH/9/eR12y+bfu9anLKf5s3uv8v5hpPy//H42fP7v/Csz/bnX/70k6/9aq+aXkn53/7820n5f/9478YHngCjz/uUP+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGzIavw6HqDCR2i4UJiZCGIu3d4Wt0Uzp5PRMuTr7mZUQdsTlxTAazZerM6Xy9EKlenJuulQuV2dDuCbevyMMRivlam16sbR07cW2tkSn5krLtZm5Ui2EsDMuvz5sT9qaWagtlpaaxyZ1ropKn61Xa6WJ+srccth9sXxbUj6/XK0vXXexrasL1eWlU6XK9MmF5XdPTk5Ohj0X+zwSzT1Qm6vUWr1t7W3USeoOR21vprn7hrbzfbpaX66Uys3yG9vqlKuzpXJbnZvazldbrldmS7W56XJ1Pjlfsa1u23tr7t4b7xsPI6n3l9TNOhi/3n7o+EePHz7Qsb8YpfOu1BfnJrd3/5sAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4I3rydve9e0QwkBrqxBCOJj8EMX/pZy994Xnjp05vO/M1OOPPXNh/mi3YwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4PztwIAAAAAAA5P/aCFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVXYuZ+XKro4DsBnxve+FkgpbYRcBoaI6E7Cgn4RSeU1smWb1kGtEjIoCgwjWhYEQVC7qCBoFVT+BVELl62qTS1aGERQMTqTlzvCDS90zHkeGM4Mc++ZLwzcO3M+hwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALB+nN2x2JW1l3ZtXtq6+0PozM/9H0IYTZb3P+/tCD0hhK9fZk6HVdpCT1P/bybnxstXTX7v7R9/eH00WXv9xXeL63aHJB1qON6ZpOnQ0Nr736juDD6bHkxCSGMXQhQLY0/O1EIIHbELIYqfH+cvZr/v/8UuhCj6P9ztyu5/LXYhRLF196e+Wv6MR/Wcr18YbPzvb/UI3sYjOuvQ25NX3qVuauW9zN//k3zzPlgNsyeOvH8euwiimZ2bOhq7BgAA4O861yL/D1uW9+9fTkJPdzn3/9aU//c29b96/r/i3vYbYzNthRDbSmOT2fHwvnb63PhODVy9/bpmvKeq5P/VJv+vNvl/tcn/q03+X23yfzKv5P+V9PjmnsUXsYsgGvk/AABUz6HjE1P14ZHs5X/Tj85yXt+Xt/U8T39wa3rgUcO4kfzw33b42MSBg8Mj+X0vDwiurP+QLp39ns/3aG4Lk03zLlqt/9D7dGH+Wmf5E/U/nL9R1Fdc1/oPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAvdueehkEwCsPod1sRtdGqaMLCT4IPNDAiACnMaEAHEwZgIAQUMJBzlnuTZ3kBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA5/tXeV18f2mM9Foj0lR22bV/jqfZz9y3w/I+e9y4FQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADZ24EAGAAAAQJi/dR7tBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4KkAAAD//8Oayzs=")
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
quotactl$Q_SETQUOTA(0xffffffff80000800, &(0x7f0000002540)=@loop={'/dev/loop', 0x0}, 0x0, &(0x7f0000000140)={0x0, 0x2, 0x7fffffff, 0x7ec, 0x2000010000, 0x2000000000002, 0x3, 0x0, 0x7ffd})

869.55679ms ago: executing program 4 (id=1117):
r0 = socket$inet6(0xa, 0x5, 0x0)
io_setup(0x3ff, &(0x7f0000000500)=<r1=>0x0)
io_submit(r1, 0x1, &(0x7f0000000040)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x5, 0x0, r0, 0x0}])

842.156903ms ago: executing program 0 (id=1119):
add_key(&(0x7f0000000000)='dns_resolver\x00', 0x0, 0x0, 0x0, 0xfffffffffffffff8)
r0 = add_key$keyring(&(0x7f0000000280), &(0x7f00000001c0)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff)
add_key(&(0x7f0000000440)='asymmetric\x00', 0x0, &(0x7f0000000000)="30800201", 0x1001, r0)

664.128186ms ago: executing program 0 (id=1120):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_mreqsrc(r0, 0x0, 0x27, &(0x7f0000000040)={@multicast2, @local, @multicast1}, 0xc)
syz_emit_ethernet(0x2a, &(0x7f0000001800)={@link_local, @dev, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x64, 0x0, 0x0, 0x2, 0x0, @empty, @multicast2}, @address_reply={0x12, 0x0, 0x0, 0xe0000002}}}}}, 0x0)

660.973947ms ago: executing program 4 (id=1121):
syz_mount_image$hfs(&(0x7f0000000080), &(0x7f0000000000)='./file0\x00', 0x40, &(0x7f0000000140)={[{@iocharset={'iocharset', 0x3d, 'ascii'}}, {@part={'part', 0x3d, 0x3}}, {@uid}, {@dir_umask={'dir_umask', 0x3d, 0xf5e0}}, {@creator={'creator', 0x3d, "ecfbac12"}}, {@type={'type', 0x3d, "411e3611"}}]}, 0x3, 0x331, &(0x7f0000000880)="$eJzs3U9PE08YB/DvTLdQfhB+K2BMvGhQEr0QUQ/Gi8b06t3Ei0pLQmxQARP1QiUejS/Au2/BF+HFxDegXjz5AoiXNfPs7HZ2d7Z/oLRQv5+EZjs7M/tMd9t5pklZENE/6179+6cbv8yfAiqoALgNaAA1IABwFudqL7d2N3dbzUa3jirSwvwpxC1Voc76VjNftP8wbictrNA8CzDnlpnuInG08VJWFEV3fxyiEU/DZJF3v4cGplX8PpT9tRHHNSx2cNPJ8zZwYYzhjIV7gtUBDvAK82MMh4iITgA7/2s7TcxJkYLWwIqd9k/1/J93MO4Ahutmq1DUPUN35n/J7iJlzu//squz3pMlnNmvk1ViP8FUc8+nEF9ZmQRT+VeVP6NklSex6JmNzQCr62/R0NjHHctpsCSPjfjSTfSIdtmzNi1jMsbS3qq4/188GpNRzuR3JyFtbLaaknl64l/0HXSQV3tQ6sufKIpUDR/RSPM/98ULc2dKV03813wL+tistDK1TEcqHqfOVDljHoLz9lqweoyy5l+RuH0mXxC00whMnDn7yYYcewHZrxXi0a35DqA6nS/mWlVNqzDto9hWjrWUaVWxV8Lq+rNWw1mKjEgyRPVBPVDL+I3PqDv5vzbxrcB5Z3b7qFdS014Z8Xim/DUDqRkWZo52unUxjcAa9SszIYKBar/HE9zC/M7rN08rrVZz22w89my8mNtWtqT6DvDWOf6NCsyGgrcO2p0SmTz2ouRa6tlzdJzBXz1Eq6nSXebzIy0xbx9fc/MuS0v0qE/T5G0E8O2qf+3j0irdqB4psGQWHrB5zbvLJFolrYb++UQn0I5KTrotKCSxNOHMXKni9Z9k8jark88Z8xDaPL1zZXTycs8is5155vS4lq7gsqnggi936bE2mC1fwTlHvF5cM0puKWuuS1eAy047ha5HDCXOiaHq+IZH/P6fiIiIiIiIiIiIiIiIiIiIiIiIiOi08fxUYC/zw5LnOPJPKcY9RiIiIiIiIiIiIiIiIiIiIiIiIiIiIiKi067/+//OdO7U5Psf8XL/37Dn/X8zNwC2N4rq7/6/RDRsfwMAAP//mlyBvQ==")
r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='mountinfo\x00')
read$FUSE(r0, &(0x7f0000003480)={0x2020}, 0x2020)

583.674853ms ago: executing program 0 (id=1122):
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
r0 = socket(0x40000000015, 0x5, 0x0)
setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000000000)=0x1, 0x4)

465.807823ms ago: executing program 0 (id=1124):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000007c0)={{0x14}, [@NFT_MSG_NEWRULE={0x26c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x23c, 0x4, 0x0, 0x1, [{0x238, 0x1, 0x0, 0x1, @match={{0xa}, @val={0x228, 0x2, 0x0, 0x1, [@NFTA_MATCH_REV={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_MATCH_INFO={0x214, 0x3, "d67a8527f76ec1d39e537c4c3060c6a405106c72848aa8bcb429b3a20d532452032d5f166334739d1719a5778bd4f724ee4ca57f2527aeeb0c75755d68fc6fa55f4825682ee95e581039823e5963beedcf65b8b005623d90772b8b6ebd2498b0aff725a3eabb6c99cb2edfe10b9c33be8a971e08401bc0807e75a2ff376b7934473bc1f02bb512b77414daf260c9c7d4e1f0758b56ec5823892af310e6252fcfb1d9dbaddefdaa26f43f12f831fd221926d6536eeff641db46920ae0e48f3ff5de599714ba6510ce479d4116a519792281736f39c9fc0e10ef557392c43389271cebcf36543fcf6f83bf74b93ee4eb5e8c82e35bb4784cc1ed0ad291b16e8368487589f7590bf5896f340a36555a1cf69736da230a809176dbdfba3d47efb9a6932e5503d277532b7d4e6f7c7373a298e5843a9f74d5fd07fbc6ad22bc644ba9b3c94ec3c8f0b9321b16e5826b1f058f781760a5d4b6a8880202b41689139c37cd51f65a92d883f8901add03b650c9ec182fb565a4d657ebba9d6a5eb426b22d5933b72362e6ec327fb679aa8034b8b3b6680ad138be47652a3e77981187d2921cebfc1639aa280e3d38dba9b1af49ceded79c78a2d656b3a3e946e17e6257def6679f70f11aa01a2d906aecf4dbc7d1a332a8932ed719ce7eecb5450f494f944b3f6b637502ddba609c6e45dcfad1db7c7dda3e2c755ddcf27132985442e9b8df16f96c82e72e3e2491856d07756b9f"}, @NFTA_MATCH_NAME={0x8, 0x1, 'bpf\x00'}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_COMPAT={0x4}]}], {0x14}}, 0x294}}, 0x4048010)

420.054916ms ago: executing program 4 (id=1125):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_DEBUG_SET(r0, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000002700)={0x38, r1, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_DEBUG_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_DEBUG_MSGMASK={0xc, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0x4}, @ETHTOOL_A_BITSET_VALUE={0x4}]}]}, 0x38}}, 0x0)

321.374834ms ago: executing program 0 (id=1126):
syz_mount_image$exfat(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x208008de, &(0x7f0000000240)=ANY=[], 0x82, 0x14fe, &(0x7f0000003980)="$eJzs3AuYjtX6MPB1r7UexiS9TXIY1r3uhzcNLZMkOSTkkCRJkuSUkJgkSUgMIUlDEnKcJIchJIdpTBrn8yHnpMmWJklCcgrru6bd/uz/bv//ff9v933+1577d13rmnXP+9z3u9Z7v9c8z/NeM/N9r1H1WtSv3YyIxL8E/volWQgRI4QYJoS4TggRCCEqxVWKy328gILkf+1J2J/rkbSrvQJ2NXH/8zbuf97G/c/buP95G/c/b+P+523c/7yN+89YXrZ9TvHreeTdwZ//52V8/v83klN+8tcby9/Y+7+Rwv3P27j/eRv3P2/j/udt3P+8jfv/7+yvt+S1/osjuP95G/efsbzsan/+zOPqjqv9/mOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxljec81doIcTf5ld7XYwxxhhjjDHGGPvz+PxXewWMMcYYY4wxxhj7fw+EFEpoEYh8Ir+IEQVErLhGFBTXikLiOhER14s4cYMoLG4URURRUUwUF/GihCgpjEBhBYlQlBKlRVTcJMqIm0WCKCvKiVuEE+VForhVVBC3iYridlFJ3CEqiztFFVFVVBPVxV2ihrhb1BS1RG1xj6gj6op6or64VzQQ94mG4n7RSDwgGosHRRPxkGgqHhbNxCOiuXhUtBCPiZbicdFKtBZtRFvR7v8q/yXRT7ws+osBIlkMFIPEK2KwGCKGilfFMPGaGC5eFyPEGyJFjBSjxJtitHhLjBFvi7FinBgv3hETxEQxSUwWU8RUkSreFdPEe2K6eF/MEDPFLDFbpIk5Yq74QMwT88UC8aFYKD4Si8RisUQsFeniY5EhlolM8YlYLj4VWWKFWClWidVijVgr1on1YoPYKDaJzWKL2Cq2ie3iM7FD7BS7xG6xR+wV+8TnYr/4QhwQX4ps8dV/M//sP+T3BgECJEjQoCEf5IMYiIFYiIWCUBAKQSGIQATiIA4KQ2EoAkWgGBSDeIiHklASEBAICEpBKYhCFMpAGUiABCgH5cCBg0RIhApwG1SEilAJKkFlqAxVoCpUhepQHWpADagJNaE21IY6UAfqQT24F+6F+6AhNIRG0AgaQ2NoAk2gKTSFZtAMmkNzaAEtoCW0hFbQCtpAG2gH7aA9tIcO0AE6QSfoDJ2hC3SBJEiCbtANukN36AE9oCf0hF7QC3pDH+gDL8FL8DK8DAOgjhwIg2AQDIbBMBRehVfhNRgOr8Pr8AakwEgYBW/Cm/AWjIEzMBbGwXgYDzXkRJgEk4HkVEiFVJgG02A6TIcZMBNmwmxIgzkwF+bCPJgP8+FDWAgfwUewGBbDUkiHdMiAZZAJmbAczkIWrICVsApWwxpYDetgPayDjbAJNsIW2ALbYBt8Bp/BTtgJu2E37IW98Dl8Dl/AF5AC2ZANB+EgHIJDcBgOQw7kwBE4AkfhKByDY3AcjsMJOAmn4CSchtNwBs7COTgHF+ACXIQX4r9tvrfshhQhc2mpZT6ZT8bIGBkrY2VBWVAWkoVkREZknIyThWVhWUQWkcVkMRkv42VJWVKiREkylKVkqRghhCwjy8gEmSDLyXLSSScTZaKsICvIirKirCTvkJXlnbKKrCo7uuqyuqwhO7maspasLWvLOrKurCfry/qygWwgG8qGspFsJBvLxrKJfEg2lQNhKDwiczvTQo6ElnIUtJKtZRvZVr4FT8j2cgx0kB1lJ/mUHAdjoYts75LkM7KbnATd5XNyMjwve8qp0Eu+KHvLPrKvfEn2kx1cfzlAzoCBcpCcDYPlEDlUvirnQV2Z27F68g2ZIkfKUfJNuRTekmPk23KsHCfHy3fkBDlRTpKT5RQ5VabKd+U0+Z6cLt+XM+RMOUvOlmlyjpwrP5Dz5Hy5QH4oF8qP5CK5WC6RS2W6/FhmyGUyU34il8tPZZZcIVfKVXK1XCPXynVyvdwgN8pNcrPcIrfKbXK7/EzukDvlLrlb7pF75T75udwvv5AH5JcyW34lD8q/yEPya3lYfiNz5LfyiPxO/u13uo7LH+UJeVKekj/J0/JneUaelefkeXlB/iIvykvysvRSKFBSKaVVoPKp/CpGFVCx6hpVUF2rCqnrVERdr+LUDaqwulEVUUVVMVVcxasSqqQyCpVVpEJVSpVWUXWTKqNuVgmqrCqnblFOlVeJ6lZVQd2mKqrbVSV1h6qs7lRVVFVVTVVXd6ka6m5VU9VStdU9qo6qq+qp+upe1UDdpxqq+1Uj9YBqrB5UTdRDqql6WDVTj6jm6lHVQj2mWqrHVSvVWrVRbVU79YRqr55UHVRH1Uk9pTqrp1UX1VUlqWdUN/Ws6q6eUz3U86qnekH1Ui+q3qqP6qsuqcvKq/5qgEpWA9Ug9YoarIaooepVNUy9poar19UI9YZKUSPVKPWmGq3eUmPU22qsGqfGq3fUBDVRTVKT1RQ1VaWqd9U09Z6art5XM9RMNUvNVmlqjhr6W6UF/5A/8Lez7t/nv/dP8kf8+uzb1Hb1mdqhdqpdarfao/aqfWqf2q/2qwPqgMpW2eqgOqgOqUPqsDqsclSOOqKOqKPqqDqmjqnj6rg6oU6q8+ondVr9rM6os+qsOq8uqAvq4m+vgdCgpVZa60Dn0/l1jC6gY/U1uqC+VhfS1+mIvl7H6Rt0YX2jLqKL6mK6uI7XJXRJbTRqq0mHupQuraP6Jl1G36wTdFldTt+inS6vE/Wt/3L+H62vnW6n2+v2uoPuoDvpTrqz7qy76C46SSfpbrqb7q676x66h+6pe+peupfurXvrvrqv7qf76f66v07WyXqQfkUP1kP00L9dEunheoQeoVN0ih6lR+nRerQeo8fosXqsHq/H6wl6gp6kJ+kpeopO1al6mp6mp+vpeoaeoWfpWTpNp+m5eq6ep+fpBXqBXqgX6kV6kV6il+h0na4zdIbO1Jl6uV6us/QKvUKv0qv0Gr1Gr9Pr9Aa9QW/Sm/QWvUVn6e16u96hd+hdepfeo/fofXqf3q/36wP6gM7W2fqgPqgP6UP6sD6sc3SOPqKP6KP6qD6mjw08ro/rE/qEPqVP6dP6tD6jz+hz+py+oC/oi/qivqwv5172BTKQgQ50kC/IF8QEMUFsEBsUDAoGhYJCQSSIBHFBXFA4uDEoEhQNigXFg/igRFAyMAEGNqAgDEoFpYNocFNQJrg5SAjkby9i+SAxuDWoENwWVAxuDyoFdwSVgzuDKkHVoFpQPbgrqBHcHdQMagW1g3uCOkHdoF5QP7g3aBDcFzQM7g8aBQ8EjYMHgybBQ0HT4OGgWfBI0Dx4NGgRPBa0DB4PWgWtgzZB26Ddn1rf+zNFn3T9zQCTbAaaQeYVM9gMMUPNq2aYec0MN6+bEeYNk2JGmlHmTTPavGXGmLfNWDPOjDfvmAlmoplkJpspZqpJNe+aaeY9M928b2aYmWaWmW3SzBwz13xg5pn5ZoH50Cw0H5lFZrFZYpaadPOxyTDLTKb5xCw3n5oss8KsNKvMarPm/PVCmPVmg9loNpnNZovZaraZ7eYzs8PsNLvMbrPH7DX7zOdmv/nCHDBfmmzzlTlo/mIOma/NYfONyTHfmiPmO3PUfG+OmR/McfOjOWFOmlPmJ3Pa/GzOmLPmnDlvLphfzEVzyVw2PvfiPvf0jho15sN8GIMxGIuxWBALYiEshBGMYBzGYWEsjEWwCBbDYhiP8VgSS2IuQsJSWAqjGMUyWAYTMPd9UQ4dOkzERKyAFbAiVsRKWAkrY2WsglWwGlbDu/AuvBvvxlpYC+/Be7Au1sX6WB8bYANsiA2xETbCxtgYm2ATbIpNsRk2w+bYHFtgC2yJLbEVtsI22AbbYTtsj+2xA3bATtgJO2Nn7IJdMAmTsBt2w+7YHXtgD+yJPbEX9sLe2Bv7Yl/sh/2wP/bHZEzGQTgIB+NgHIpDcRgOw+E4HEfgCEzBFByFo3A0jsYxOAbH4jgcj+/gBJyIk3AyTsGpmIqpOA2n4XScjjNwBs7CWZiGaTgX5+I8nIcLcAEuxIW4CBfhElyC6ZiOGZiBmZiJy3E5ZmEWrsSVuBpX41pci+txPW7EjbgZN+NW3IrbcTvuwB24C3fhHtyD+3Af7sf9eAAPYDZm40E8iIfwEB7Gw5iDOXgEj+BRPIrH8Bgex+N4Ak/gKTyFp/E0nsEzeA7P4QX8BS/iJbyMHmOsFLH2GlvQXmsL2etsjC1g/z4uZovbeFvClrTGFrFF/0OM1toEW9aWs7dYZ8vbRHvr7+IqtqqtZqvbu2wNe7et+bu4gb3PNrT320b2AVvf3vtbnP/XuLF90Daxj9mm9nHbzLa2zW1b28I+Zlvax20r29q2sW1tZ/u07WK72iT7jO1mn/1dnGGX2fV2g91oN9n99gt7zp63R+339oL9xfa3A+ww+5odbl+3I+wbNsWO/F083r5jJ9iJdpKdbKfYqb+LZ9nZNs3OsXPtB3aenf+7ON1+bBfaTLvILrZL7NJf49w1ZdpP7HL7qc2yK+xKu8qutmvsWrvuf691ld1it9ptdp/93O6wO+0uu9vusXt/jXP3ccB+abPtV/aI/c4esl/bw/aYzbHf/hrn7u+Y/cEetz/aE/akPWV/sqftz/aMPfvr/nP3/pO9ZC9bbwUBSVKkKaB8lJ9iqADF0jVUkK6lQnQdReh6iqMbqDDdSEWoKBWj4hRPJagkGUKyRBRSKSpNUbqJytDNlEBlqRzdQo7KUyLdShXoNqpIt1MluoMq051UhapSNapOd1ENuptqUi2qTfdQHapL9ag+3UsN6D5qSPdTI3qAGtOD1IQeoqb0MDWjR6g5PUot6DFqSY9TK2pNbagttaMnqD09SR2oI3Wip6gzPU1dqCsl0TPUjZ6l7vQc9aDnqSe9QL3oRepNfagvvUT96GXqTwMomQbSIHqFBtMQGkqv0jB6jYbT6zSC3qAUGkmj6E0aTW/RGHqbxtI4Gk/v0ASaSJNoMk2hqZRK79LZ9K7Fcs+EM2gmzaLZlEZzaC59QPNoPi2gD2khfUSLaDEtoaWUTh9TBi2jTPqEltOnlEUraCWtotW0htbSOlpPG2gjbaLNtIW20jbaTp/RDtpJu2g37aG9tI8+p/30BR2gLymbvqKD9Bc6RF/TYfqGcuhbOkLf0VH6no7RD3ScfqQTdJJO0U90mn6mM3SWztF5ukC/0EW6RJfJkwghlKEKdRiE+cL8YUxYIIwNrwkLhteGhcLrwkh4fRgX3hAWDm8Mi4RFw2Jh8TA+LBGWDE2IoQ0pDMNSYekwGt4UlglvDhPCsmG58JbQheXDxPDWsEJ4W1gxvD2sFN4RVg7vDKuEVcPHHqge3hXWCO8Oa4a1wtrhPWGdsG5YL6wf3hs2CO8LG4b3h43CB8KK4YNhk/ChsGn4cNgsfCRsHj4atggfC1uGj4etwtZhm7Bt2C58ImwfPhl2CDuGncKnws7h02GXsGuYFD4Tdguf/cPHk8OB4aDwlfCV0Pv71ZLo0mh69ONoRnRZNDP6SXR59NNoVnRFdGV0VXR1dE10bXRddH10Q3RjdFN0c3RLdGt0W9T7+vmFAyedctoFLp/L72JcARfrrnEF3bWukLvORdz1Ls7d4Aq7G10RV9QVc8VdvCvhSjrj0FlHLnSlXGkXdTe5Mu5ml+DKunLuFudceZfo2rp2rp1r7550HVxH18k95Z5yT7unXVfX1T3jurlnXXf3nOvhnnc93QvuBfei6+36uL7uJdfPvez6uwEu2SW7QW6QG+wGu6FuqBvmhrnhbrgb4Ua4FJfiRrlRbrQb7ca4MW6sG+vGu/FugpvgJrlJboqb4lJdqpvmprnpbrqb4Wa4WW6WS3Npbq6b6+a5eW6BW+AWJix0i9wit8Qtceku3WW4DJfpMt1yt9xluSy30q10q91qt9atdevderfRbXSb3Wa31W112912t8PtcLvcLrfH7XH73D633+13B9wBl+2y3UF30B1yh9xh943Lcd+6I+47d9R97465H9xx96M74U66U+4nd9r97M64s+6cO+8uuF/cRXfJXXbepUbejUyLvBeZHnk/MiMyMzIrMjuSFpkTmRv5IDIvMj+yIPJhZGHko8iiyOLIksjSSHrk40hGZFkkM/JJZHnk00hWZEVkZWRVZHVkTcT7EjtCX8qX9lF/ky/jb/YJvqwv52/xzpf3if5WX8Hf5iv6230lf4ev7O/0VXxVX80/7lv51r6Nb+vb+Sd8e/+k7+A7+k7+Kd/ZP+27+K4+yT/ju/lnfXf/nO/hn/c9/Qu+l3/R9/Z9fF//ku/nX/b9/QCf7Af6Qf4VP9gP8UP9q36Yf80P96/7Ef4Nn+JH+lH+TT/av+XH+Lf9WD/Oj/fv+Al+op/kJ/spfqpP9e/6af49P92/72f4mX6Wn+3T/Bw/13/g5/n5foH/0C/0H/lFfrFf4pf6dP+xz/DLfKb/xC/3n/osv8Kv9Kv8ar/Gr/Xr/Hq/wW/0m/xmv8Vv9dv8dv+Z3+F3+l1+t9/j9/p9/nO/33/hD/gvfbb/yh/0f/GH/Nf+sP/G5/hv/RH/nT/qv/fH/A/+uP/Rn/An/Sn/kz/tf/Zn/Fl/zp/3F/wv/qK/5C/z36wxxhhjjP0fUX/w+MB/8j3528g1SAhx7c7iOf9Yc3ORv86HyPjOESHEMwN6PfK3UadOcnLyb8dmKRGUXiyEiFzJzyeuxCtEJ/G0SBIdRYV/ur4hss8F+oP60TuEiL1S+Vex4h/r3/af1H/iqfEZlcNzcf9F/cVCJJS+klNAXImv1K/4n9Qv2v4P1l/g61QhOvxdTkFxJb5SP1E8KZ4VSf/hSMYYY4wxxhhj7K+GyGo9/uj+Off+PF5fyckvrsR/dH/OGGOMMcYYY4yxq+/5Pn27PpGU1LEHT/6FSc3/GcvgCU/+tMnV/snEGGOMMcYY+7Nduei/2ithjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcbyrv8f/07sau+RMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYu9r+VwAAAP//OPk5Iw==")
openat(0xffffffffffffff9c, 0x0, 0x42, 0x0)
truncate(&(0x7f0000000900)='./file1\x00', 0xbf39)

170.344466ms ago: executing program 4 (id=1127):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0xd, &(0x7f00000004c0)=ANY=[@ANYBLOB="18020000000000000000000000000000850000002000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000009800000095"], &(0x7f0000000680)='syzkaller\x00'}, 0x6b)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r1, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x2f00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

7.855649ms ago: executing program 4 (id=1128):
capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0xffffffff})
openat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x1817c1, 0x0)
setxattr$trusted_overlay_opaque(&(0x7f0000000180)='./bus\x00', &(0x7f00000001c0), 0x0, 0x0, 0x1)

6.199469ms ago: executing program 1 (id=1138):
openat$procfs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/bus/input/devices\x00', 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r0}})

0s ago: executing program 4 (id=1129):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2})
ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000040)={0x5, &(0x7f0000000000)=[{0x25, 0x0, 0x3, 0x1800000}, {}, {0x28}, {0xb1, 0x0, 0x0, 0x1ff}, {0x6}]})

kernel console output (not intermixed with test programs):

oop3: detected capacity change from 0 to 256
[   68.272389][ T4738] FAT-fs (loop2): Directory bread(block 64) failed
[   68.281088][ T4738] FAT-fs (loop2): Directory bread(block 65) failed
[   68.294473][ T4710] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[   68.313069][ T4738] FAT-fs (loop2): Directory bread(block 66) failed
[   68.319839][ T4738] FAT-fs (loop2): Directory bread(block 67) failed
[   68.327981][ T4738] FAT-fs (loop2): Directory bread(block 68) failed
[   68.334631][ T4738] FAT-fs (loop2): Directory bread(block 69) failed
[   68.341273][ T4738] FAT-fs (loop2): Directory bread(block 70) failed
[   68.348141][ T4738] FAT-fs (loop2): Directory bread(block 71) failed
[   68.354851][ T4738] FAT-fs (loop2): Directory bread(block 72) failed
[   68.361087][ T4741] exFAT-fs (loop3): failed to load upcase table (idx : 0x0001e4a3, chksum : 0x00949fb8, utbl_chksum : 0x7319d30d)
[   68.361467][ T4738] FAT-fs (loop2): Directory bread(block 73) failed
[   68.382043][ T4245] Bluetooth: hci2: command 0x0811 tx timeout
[   68.536467][ T4738] overlayfs: filesystem on './file0' not supported
[   68.537844][ T4744] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[   68.568540][ T4189] ocfs2: Unmounting device (7,0) on (node local)
[   68.702240][ T4294] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000030: -71
[   68.721780][ T4748] loop2: detected capacity change from 0 to 1024
[   68.723731][ T4294] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Error writing E2P_CMD
[   68.812179][ T4294] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71
[   68.838425][ T4294] smsc95xx: probe of 5-1:0.67 failed with error -71
[   68.870842][ T4294] usb 5-1: USB disconnect, device number 2
[   69.013480][ T4757] loop3: detected capacity change from 0 to 512
[   69.048645][ T4757] EXT4-fs (loop3): mounted filesystem without journal. Opts: dax=inode,noinit_itable,barrier=0x0000000000000040,quota,errors=remount-ro,init_itable,. Quota mode: writeback.
[   69.069077][ T4757] ext4 filesystem being mounted at /52/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   69.222237][ T4245] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[   69.316070][ T4767] loop3: detected capacity change from 0 to 1024
[   69.400373][ T4771] device veth0_to_hsr entered promiscuous mode
[   69.410976][ T4770] device veth0_to_hsr left promiscuous mode
[   69.495911][ T4245] usb 1-1: Using ep0 maxpacket: 8
[   69.550417][ T4778] loop1: detected capacity change from 0 to 1024
[   69.608497][ T4778] EXT4-fs (loop1): Ignoring removed nomblk_io_submit option
[   69.619676][ T4245] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4
[   69.652675][ T4245] usb 1-1: New USB device found, idVendor=1b1c, idProduct=1b09, bcdDevice= 0.00
[   69.681933][ T4245] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   69.701677][ T4778] EXT4-fs (loop1): mounted filesystem without journal. Opts: abort,bsddf,barrier=0x00000000000001ff,commit=0x0000000000000005,debug_want_extra_isize=0x0000000000000080,grpjquota=,nodelalloc,noblock_validity,nomblk_io_submit,,errors=continue. Quota mode: none.
[   69.728187][ T4245] usb 1-1: config 0 descriptor??
[   69.923224][ T4774] loop3: detected capacity change from 0 to 32768
[   69.955492][ T4791] netlink: 8 bytes leftover after parsing attributes in process `syz.4.201'.
[   70.023524][ T4774] XFS (loop3): Mounting V5 Filesystem
[   70.145557][ T4803] netlink: 12 bytes leftover after parsing attributes in process `syz.2.203'.
[   70.159821][ T4774] XFS (loop3): Ending clean mount
[   70.214702][ T4245] corsair 0003:1B1C:1B09.0002: unbalanced delimiter at end of report description
[   70.214965][ T4774] XFS (loop3): Quotacheck needed: Please wait.
[   70.263249][ T4245] corsair 0003:1B1C:1B09.0002: parse failed
[   70.300705][ T4245] corsair: probe of 0003:1B1C:1B09.0002 failed with error -22
[   70.336256][ T4774] XFS (loop3): Quotacheck: Done.
[   70.368636][ T4816] netlink: 8 bytes leftover after parsing attributes in process `syz.2.209'.
[   70.440495][ T1335] usb 1-1: USB disconnect, device number 3
[   70.551911][ T4230] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[   70.562797][ T4187] XFS (loop3): Unmounting Filesystem
[   70.583056][ T4822] netlink: 24 bytes leftover after parsing attributes in process `syz.4.213'.
[   70.666513][ T4826] syz.4.215 uses obsolete (PF_INET,SOCK_PACKET)
[   70.754838][ T4828] mkiss: ax0: crc mode is auto.
[   70.947303][ T4230] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   70.967576][ T4230] usb 2-1: New USB device found, idVendor=17ef, idProduct=6047, bcdDevice= 0.00
[   71.029959][ T4230] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   71.057997][ T4230] usb 2-1: config 0 descriptor??
[   71.189426][ T1422] ieee802154 phy0 wpan0: encryption failed: -22
[   71.196022][ T1422] ieee802154 phy1 wpan1: encryption failed: -22
[   71.556970][ T4230] lenovo 0003:17EF:6047.0003: hidraw0: USB HID v0.00 Device [HID 17ef:6047] on usb-dummy_hcd.1-1/input0
[   71.672139][ T4294] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[   71.762262][ T4230] lenovo 0003:17EF:6047.0003: Failed to switch F7/9/11 mode: -71
[   71.786912][ T4230] lenovo 0003:17EF:6047.0003: Failed to switch middle button: -71
[   71.818654][ T4893] loop3: detected capacity change from 0 to 2048
[   71.825346][ T4230] lenovo 0003:17EF:6047.0003: Fn-lock setting failed: -71
[   71.852124][ T4230] lenovo 0003:17EF:6047.0003: Sensitivity setting failed: -71
[   71.869871][ T4893] UDF-fs: error (device loop3): udf_process_sequence: Primary Volume Descriptor not found!
[   71.885892][ T4230] usb 2-1: USB disconnect, device number 3
[   71.923048][ T4893] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[   71.947373][ T4294] usb 3-1: Using ep0 maxpacket: 8
[   71.955658][ T4898] fido_id[4898]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory
[   72.132196][ T4294] usb 3-1: unable to get BOS descriptor or descriptor too short
[   72.144006][ T4902] loop3: detected capacity change from 0 to 8
[   72.196700][ T4897] loop0: detected capacity change from 0 to 32768
[   72.247374][ T4294] usb 3-1: config 9 has an invalid interface number: 5 but max is 1
[   72.267669][ T4294] usb 3-1: config 9 has an invalid descriptor of length 0, skipping remainder of the config
[   72.279536][ T4294] usb 3-1: config 9 has 1 interface, different from the descriptor's value: 2
[   72.290350][ T4294] usb 3-1: config 9 has no interface number 0
[   72.296906][ T4294] usb 3-1: config 9 interface 5 altsetting 9 has an ignored endpoint with address 0x81, skipping
[   72.308137][ T4294] usb 3-1: config 9 interface 5 has no altsetting 0
[   72.334953][ T4897] ocfs2: Mounting device (7,0) on (node local, slot 0) with writeback data mode.
[   72.416662][ T4897] OCFS2: ERROR (device loop0): int ocfs2_validate_gd_self(struct super_block *, struct buffer_head *, int): Group descriptor #17056 has bit count 57088 but max bitmap bits of 2048
[   72.438339][ T4897] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted.
[   72.465936][ T4897] OCFS2: File system is now read-only.
[   72.473160][ T4897] (syz.0.249,4897,0):ocfs2_search_chain:1761 ERROR: status = -30
[   72.483551][ T4897] (syz.0.249,4897,0):ocfs2_search_chain:1871 ERROR: status = -30
[   72.491394][ T4897] (syz.0.249,4897,0):ocfs2_claim_suballoc_bits:1940 ERROR: status = -30
[   72.500296][ T4897] (syz.0.249,4897,0):ocfs2_claim_suballoc_bits:1983 ERROR: status = -30
[   72.512170][ T4294] usb 3-1: New USB device found, idVendor=06f8, idProduct=b000, bcdDevice=5d.a8
[   72.521478][ T4294] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   72.550508][ T4897] (syz.0.249,4897,0):ocfs2_claim_new_inode:2216 ERROR: status = -30
[   72.558929][ T4294] usb 3-1: Product: syz
[   72.563758][ T4897] (syz.0.249,4897,0):ocfs2_claim_new_inode:2231 ERROR: status = -30
[   72.572813][ T4294] usb 3-1: Manufacturer: syz
[   72.594579][ T4294] usb 3-1: SerialNumber: syz
[   72.605597][ T4897] (syz.0.249,4897,0):ocfs2_mknod_locked:639 ERROR: status = -30
[   72.662222][ T4897] (syz.0.249,4897,0):ocfs2_mknod:385 ERROR: status = -30
[   72.686051][ T4897] (syz.0.249,4897,0):ocfs2_mknod:502 ERROR: status = -30
[   72.705134][ T4897] (syz.0.249,4897,0):ocfs2_mkdir:659 ERROR: status = -30
[   72.745794][ T4189] ocfs2: Unmounting device (7,0) on (node local)
[   72.995801][ T4294] usb 3-1: USB disconnect, device number 3
[   73.027074][ T4230] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[   73.190336][ T4946] loop1: detected capacity change from 0 to 8192
[   73.255728][ T4946] REISERFS (device loop1): found reiserfs format "3.6" with non-standard journal
[   73.265884][ T4946] REISERFS (device loop1): using ordered data mode
[   73.274330][ T4946] reiserfs: using flush barriers
[   73.280537][ T4946] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   73.297496][ T4946] REISERFS (device loop1): checking transaction log (loop1)
[   73.383749][ T4946] REISERFS (device loop1): Using tea hash to sort names
[   73.391391][ T4946] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage.
[   73.462059][ T4230] usb 4-1: config 0 has an invalid interface number: 74 but max is 0
[   73.480414][ T4230] usb 4-1: config 0 has no interface number 0
[   73.627402][ T4955] netlink: 72 bytes leftover after parsing attributes in process `syz.2.277'.
[   73.652385][ T4230] usb 4-1: New USB device found, idVendor=a257, idProduct=2013, bcdDevice=d0.db
[   73.661453][ T4230] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   73.695923][ T4230] usb 4-1: Product: syz
[   73.700168][ T4230] usb 4-1: Manufacturer: syz
[   73.714310][ T4230] usb 4-1: SerialNumber: syz
[   73.726110][ T4230] usb 4-1: config 0 descriptor??
[   73.731257][ T4957] comedi comedi3: pcl724: a I/O base address must be specified
[   73.831738][ T4961] loop0: detected capacity change from 0 to 4096
[   73.957322][ T4961] ntfs3: loop0: ntfs_set_state r=3 failed, -22.
[   74.018091][ T4230] usb 4-1: USB disconnect, device number 3
[   74.092038][ T4294] usb 2-1: new full-speed USB device number 4 using dummy_hcd
[   74.144451][ T4961] ntfs3: Cannot use different iocharset when remounting!
[   74.168322][ T3082] ntfs3: loop0: ntfs3_write_inode r=3 failed, -22.
[   74.176181][ T4189] ntfs3: loop0: ntfs_set_state r=3 failed, -22.
[   74.189555][ T4189] ntfs3: loop0: Mark volume as dirty due to NTFS errors
[   74.198687][ T4189] ntfs3: loop0: ntfs_set_state r=3 failed, -22.
[   74.211295][ T3082] ntfs3: loop0: ntfs3_write_inode r=3 failed, -22.
[   74.220861][ T4189] ntfs3: loop0: ntfs_evict_inode r=3 failed, -22.
[   74.269146][ T4976] loop2: detected capacity change from 0 to 32768
[   74.379075][ T4976] ERROR: (device loop2): xtSearch: XT_GETPAGE: xtree page corrupt
[   74.379075][ T4976] 
[   74.406541][ T4976] ERROR: (device loop2): remounting filesystem as read-only
[   74.532407][ T4294] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[   74.543714][ T4294] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   74.554215][ T4294] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4
[   74.573642][ T4294] usb 2-1: New USB device found, idVendor=046a, idProduct=0023, bcdDevice= 0.00
[   74.582868][ T4294] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   74.588403][ T4986] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[   74.594140][ T4294] usb 2-1: config 0 descriptor??
[   74.782022][ T4230] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[   75.053133][ T4996] loop3: detected capacity change from 0 to 40427
[   75.096069][ T4996] F2FS-fs (loop3): build fault injection attr: rate: 15, type: 0x1ffff
[   75.113610][ T4294] cherry 0003:046A:0023.0004: unbalanced collection at end of report description
[   75.115919][ T4996] F2FS-fs (loop3): build fault injection attr: rate: 0, type: 0x143
[   75.128834][ T4294] cherry: probe of 0003:046A:0023.0004 failed with error -22
[   75.150653][ T4996] F2FS-fs (loop3): invalid crc value
[   75.162163][ T4996] F2FS-fs (loop3) : inject kvmalloc in f2fs_kvmalloc of f2fs_fill_super+0x455c/0x6f00
[   75.176944][ T4996] F2FS-fs (loop3): Failed to initialize F2FS segment manager (-12)
[   75.187294][ T4230] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   75.198702][ T4230] usb 1-1: config 0 interface 0 has no altsetting 0
[   75.210600][ T4230] usb 1-1: New USB device found, idVendor=17ef, idProduct=6067, bcdDevice= 0.00
[   75.219990][ T4230] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   75.238426][ T4230] usb 1-1: config 0 descriptor??
[   75.319147][ T5004] capability: warning: `syz.4.299' uses 32-bit capabilities (legacy support in use)
[   75.380446][   T23] usb 2-1: USB disconnect, device number 4
[   75.566514][ T4996] loop3: detected capacity change from 0 to 32768
[   75.622597][ T4996] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz.3.297 (4996)
[   75.654122][ T4996] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm
[   75.664072][ T4996] BTRFS info (device loop3): force zlib compression, level 3
[   75.671541][ T4996] BTRFS info (device loop3): force clearing of disk cache
[   75.679268][ T4996] BTRFS info (device loop3): setting nodatasum
[   75.685810][ T4996] BTRFS info (device loop3): disabling tree log
[   75.692490][ T4996] BTRFS info (device loop3): enabling disk space caching
[   75.699607][ T4996] BTRFS info (device loop3): disk space caching is enabled
[   75.708408][ T4996] BTRFS info (device loop3): has skinny extents
[   75.727964][ T4230] lenovo 0003:17EF:6067.0005: item fetching failed at offset 0/2
[   75.739753][ T4230] lenovo 0003:17EF:6067.0005: hid_parse failed
[   75.750164][ T4230] lenovo: probe of 0003:17EF:6067.0005 failed with error -22
[   75.851593][ T4996] BTRFS info (device loop3): clearing free space tree
[   75.861133][ T4996] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[   75.872335][ T4996] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[   75.934004][ T1111] usb 1-1: USB disconnect, device number 4
[   76.044227][ T5034] loop1: detected capacity change from 0 to 256
[   76.113550][ T4996] BTRFS warning (device loop3): this kernel does not support the compat_ro:4,compat_ro:12,compat_ro:13,compat_ro:20,compat_ro:21,compat_ro:26,compat_ro:36,compat_ro:37,compat_ro:45,compat_ro:59,compat_ro:60,compat_ro:63 feature bits
[   76.377148][ T4294] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[   76.415237][   T13] cfg80211: failed to load regulatory.db
[   76.635705][ T5051] loop0: detected capacity change from 0 to 128
[   76.744132][ T4294] usb 3-1: config 0 has an invalid interface number: 117 but max is 0
[   76.765842][ T4294] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   76.803954][ T4294] usb 3-1: config 0 has no interface number 0
[   76.835123][ T4294] usb 3-1: config 0 interface 117 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0
[   76.881525][ T4294] usb 3-1: config 0 interface 117 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[   77.012025][ T1111] Bluetooth: hci4: command 0x0411 tx timeout
[   77.072221][ T4294] usb 3-1: New USB device found, idVendor=0afa, idProduct=03e8, bcdDevice=99.d0
[   77.091639][ T4294] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   77.121935][ T4294] usb 3-1: Product: syz
[   77.128006][ T4294] usb 3-1: Manufacturer: syz
[   77.142068][ T4294] usb 3-1: SerialNumber: syz
[   77.162300][ T4294] usb 3-1: config 0 descriptor??
[   77.225519][ T5049] loop1: detected capacity change from 0 to 32768
[   77.549337][ T5083] netlink: 72 bytes leftover after parsing attributes in process `syz.3.327'.
[   77.581466][ T5083] netlink: 16 bytes leftover after parsing attributes in process `syz.3.327'.
[   77.604154][ T5081] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[   77.627651][ T5083] netlink: 72 bytes leftover after parsing attributes in process `syz.3.327'.
[   77.681677][ T5081] syz.0.326 (5081) used greatest stack depth: 19968 bytes left
[   77.852257][ T4294] usbtouchscreen: probe of 3-1:0.117 failed with error -71
[   77.876577][ T4294] usb 3-1: USB disconnect, device number 4
[   77.956328][ T5103] netlink: 'syz.3.335': attribute type 9 has an invalid length.
[   78.055808][ T5109] loop3: detected capacity change from 0 to 2048
[   78.093819][ T5109] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024)
[   78.130587][ T4310] udevd[4310]: incorrect nilfs2 checksum on /dev/loop3
[   78.167772][ T5115] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[   78.358744][ T5121] loop3: detected capacity change from 0 to 64
[   78.446100][ T5121] hfs: bad catalog entry type 0
[   78.653204][ T4230] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[   78.770346][ T5143] tipc: Started in network mode
[   78.789554][ T5143] tipc: Node identity 2, cluster identity 4711
[   78.802526][ T5145] loop0: detected capacity change from 0 to 64
[   78.808988][ T5143] tipc: Node number set to 2
[   78.874432][ T5145] Trying to free block not in datazone
[   78.881275][ T5145] Trying to free block not in datazone
[   78.893585][ T5145] Trying to free block not in datazone
[   78.911974][ T4294] usb 4-1: new full-speed USB device number 4 using dummy_hcd
[   78.913652][ T4230] usb 3-1: Using ep0 maxpacket: 32
[   78.935997][ T5145] Trying to free block not in datazone
[   78.948163][ T5145] minix_free_block (loop0:6): bit already cleared
[   78.968282][ T5145] Trying to free block not in datazone
[   78.979918][ T5145] Trying to free block not in datazone
[   79.087194][ T4230] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 7
[   79.272300][ T4294] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[   79.286157][ T4294] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   79.306405][ T4294] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[   79.335077][ T4230] usb 3-1: New USB device found, idVendor=084e, idProduct=1001, bcdDevice=33.f9
[   79.345940][ T4294] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   79.354085][ T4230] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   79.374268][ T4294] usb 4-1: config 0 descriptor??
[   79.378921][ T4230] usb 3-1: Product: syz
[   79.392817][ T4230] usb 3-1: Manufacturer: syz
[   79.401276][ T4230] usb 3-1: SerialNumber: syz
[   79.413067][ T4294] hub 4-1:0.0: USB hub found
[   79.441704][ T4230] usb 3-1: config 0 descriptor??
[   79.453645][ T5149] loop4: detected capacity change from 0 to 32768
[   79.496437][ T4230] input: KB Gear Tablet as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input7
[   79.624400][ T5161] loop0: detected capacity change from 0 to 32768
[   79.626074][ T5167] loop1: detected capacity change from 0 to 4096
[   79.637872][ T4294] hub 4-1:0.0: 1 port detected
[   79.639228][ T5149] XFS (loop4): Mounting V5 Filesystem
[   79.721513][ T5167] ntfs3: loop1: Different NTFS' sector size (4096) and media sector size (512)
[   79.734781][ T5161] XFS (loop0): Mounting V5 Filesystem
[   79.827038][   T21] usb 3-1: USB disconnect, device number 5
[   79.854034][ T5149] XFS (loop4): Ending clean mount
[   79.868401][ T5149] XFS (loop4): Quotacheck needed: Please wait.
[   79.923765][ T5161] XFS (loop0): Ending clean mount
[   79.949347][ T5149] XFS (loop4): Quotacheck: Done.
[   79.994512][ T5161] XFS (loop0): Quotacheck needed: Please wait.
[   80.082180][ T4294] usb 4-1: USB disconnect, device number 4
[   80.098179][   T26] kauditd_printk_skb: 23 callbacks suppressed
[   80.098193][   T26] audit: type=1800 audit(1756462097.742:3): pid=5167 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.367" name="bus" dev="loop1" ino=24 res=0 errno=0
[   80.115050][ T5161] XFS (loop0): Quotacheck: Done.
[   80.140211][ T4192] XFS (loop4): Unmounting Filesystem
[   80.288567][ T4183] ntfs3: loop1: ntfs_sync_fs r=1a failed, -22.
[   80.307864][ T4183] ntfs3: loop1: ntfs_evict_inode r=1a failed, -22.
[   80.316911][ T4183] ntfs3: loop1: Mark volume as dirty due to NTFS errors
[   80.335091][ T4189] XFS (loop0): Unmounting Filesystem
[   80.504348][ T5188] tipc: Started in network mode
[   80.509243][ T5188] tipc: Node identity 2, cluster identity 4711
[   80.522081][ T5188] tipc: Node number set to 2
[   81.089420][ T5219] loop1: detected capacity change from 0 to 128
[   81.122443][ T5213] loop0: detected capacity change from 0 to 4096
[   81.146684][ T5213] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512)
[   81.203489][ T5216] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[   81.355468][   T26] audit: type=1800 audit(1756462099.002:4): pid=5213 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.380" name="bus" dev="loop0" ino=24 res=0 errno=0
[   81.396636][ T5225] tipc: Started in network mode
[   81.445946][ T4189] ntfs3: loop0: ntfs_sync_fs r=1a failed, -22.
[   81.462537][ T5225] tipc: Node identity 2, cluster identity 4711
[   81.462555][ T5225] tipc: Node number set to 2
[   81.532348][ T4189] ntfs3: loop0: ntfs_evict_inode r=1a failed, -22.
[   81.532402][ T4189] ntfs3: loop0: Mark volume as dirty due to NTFS errors
[   81.577698][ T5210] loop2: detected capacity change from 0 to 32768
[   81.586203][ T1111] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[   81.615109][ T5233] loop3: detected capacity change from 0 to 64
[   81.709743][ T5233] Trying to free block not in datazone
[   81.709792][ T5233] Trying to free block not in datazone
[   81.709800][ T5233] Trying to free block not in datazone
[   81.709807][ T5233] Trying to free block not in datazone
[   81.709814][ T5233] minix_free_block (loop3:6): bit already cleared
[   81.721440][ T5233] Trying to free block not in datazone
[   81.721464][ T5233] Trying to free block not in datazone
[   81.755139][ T5210] XFS (loop2): Mounting V5 Filesystem
[   81.824555][ T1111] usb 2-1: Using ep0 maxpacket: 32
[   81.876883][ T5210] XFS (loop2): Ending clean mount
[   81.880164][ T5210] XFS (loop2): Quotacheck needed: Please wait.
[   81.942176][ T1111] usb 2-1: config 0 interface 0 altsetting 15 has 1 endpoint descriptor, different from the interface descriptor's value: 4
[   81.942207][ T1111] usb 2-1: config 0 interface 0 has no altsetting 0
[   81.942235][ T1111] usb 2-1: New USB device found, idVendor=046d, idProduct=c626, bcdDevice= 0.00
[   81.942257][ T1111] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   81.943990][ T1111] usb 2-1: config 0 descriptor??
[   81.978096][ T5210] XFS (loop2): Quotacheck: Done.
[   82.097774][ T4191] XFS (loop2): Unmounting Filesystem
[   82.231971][ T4230] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[   82.414112][ T1111] logitech 0003:046D:C626.0006: unknown main item tag 0x2
[   82.464915][ T1111] logitech 0003:046D:C626.0006: hidraw0: USB HID vf.fe Device [HID 046d:c626] on usb-dummy_hcd.1-1/input0
[   82.475698][ T5253] loop3: detected capacity change from 0 to 4096
[   82.482996][ T4230] usb 1-1: Using ep0 maxpacket: 8
[   82.527388][ T5253] ntfs3: loop3: Different NTFS' sector size (2048) and media sector size (512)
[   82.622415][ T4230] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 201, changing to 11
[   82.650284][ T4230] usb 1-1: New USB device found, idVendor=28bd, idProduct=0055, bcdDevice= 0.00
[   82.670118][ T4230] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   82.679639][ T1111] usb 2-1: USB disconnect, device number 5
[   82.709203][ T4230] usb 1-1: config 0 descriptor??
[   82.735246][ T5040] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[   82.939193][ T5261] loop3: detected capacity change from 0 to 32768
[   82.982330][ T5040] usb 3-1: Using ep0 maxpacket: 8
[   83.085262][ T5264] loop3: detected capacity change from 0 to 4096
[   83.127414][ T5040] usb 3-1: config index 0 descriptor too short (expected 30, got 18)
[   83.169281][ T5264] ntfs3: loop3: Different NTFS' sector size (4096) and media sector size (512)
[   83.215641][ T4230] uclogic 0003:28BD:0055.0007: No inputs registered, leaving
[   83.249727][ T4230] uclogic 0003:28BD:0055.0007: hidraw0: USB HID vff.fa Device [HID 28bd:0055] on usb-dummy_hcd.0-1/input0
[   83.303855][   T26] audit: type=1800 audit(1756462100.952:5): pid=5264 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.399" name="bus" dev="loop3" ino=24 res=0 errno=0
[   83.344416][ T5040] usb 3-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[   83.386270][ T5040] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   83.438052][ T5040] usb 3-1: Product: syz
[   83.449239][ T5040] usb 3-1: Manufacturer: syz
[   83.464538][ T5040] usb 3-1: SerialNumber: syz
[   83.473755][ T4230] usb 1-1: USB disconnect, device number 5
[   83.500997][ T5040] usb 3-1: config 0 descriptor??
[   83.530484][ T5270] fido_id[5270]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory
[   83.593726][ T5040] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[   83.601802][ T5040] usb 3-1: setting power ON
[   83.608869][ T4187] ntfs3: loop3: ntfs_sync_fs r=1a failed, -22.
[   83.627570][ T4187] ntfs3: loop3: ntfs_evict_inode r=1a failed, -22.
[   83.645189][ T5040] dvb-usb: bulk message failed: -22 (2/0)
[   83.662973][ T4187] ntfs3: loop3: Mark volume as dirty due to NTFS errors
[   83.704019][ T5040] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[   83.772406][ T5040] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID))
[   83.790776][ T5257] dvb-usb: bulk message failed: -22 (3/0)
[   83.807798][ T5040] usb 3-1: media controller created
[   83.828082][ T5257] cxusb: i2c wr: len=112 is too big!
[   83.828082][ T5257] 
[   83.869294][ T5040] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[   83.940237][ T5040] usb 3-1: selecting invalid altsetting 6
[   83.950251][ T5040] usb 3-1: digital interface selection failed (-22)
[   83.992963][ T5040] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)'
[   84.062484][ T5040] usb 3-1: setting power OFF
[   84.068590][ T5040] dvb-usb: bulk message failed: -22 (2/0)
[   84.086543][ T5040] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected.
[   84.106219][ T5040] (NULL device *): no alternate interface
[   84.185819][ T5040] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected.
[   84.252279][ T5040] usb 3-1: USB disconnect, device number 6
[   84.359760][ T5284] loop0: detected capacity change from 0 to 4096
[   84.401401][ T5274] loop3: detected capacity change from 0 to 32768
[   84.420496][ T5284] ntfs: (device loop0): check_mft_mirror(): $MFT and $MFTMirr (record 0) do not match.  Run ntfsfix or chkdsk.
[   84.477716][ T5284] ntfs: (device loop0): load_system_files(): $MFTMirr does not match $MFT.  Mounting read-only.  Run ntfsfix and/or chkdsk.
[   84.541594][ T5284] ntfs: (device loop0): ntfs_read_locked_inode(): First extent of $DATA attribute has non zero lowest_vcn.
[   84.598546][ T5284] ntfs: (device loop0): ntfs_read_locked_inode(): Failed with error code -5.  Marking corrupt inode 0xa as bad.  Run chkdsk.
[   84.628123][ T5284] ntfs: (device loop0): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default.
[   84.671810][ T5284] ntfs: volume version 3.1.
[   84.696604][ T5284] ntfs: (device loop0): ntfs_check_logfile(): Did not find any restart pages in $LogFile and it was not empty.
[   84.755279][ T5284] ntfs: (device loop0): load_system_files(): Failed to load $LogFile.  Will not be able to remount read-write.  Mount in Windows.
[   84.919960][ T5286] loop1: detected capacity change from 0 to 32768
[   85.016274][ T5286] XFS (loop1): Mounting V5 Filesystem
[   85.098281][ T5286] XFS (loop1): Ending clean mount
[   85.110435][ T5286] XFS (loop1): Quotacheck needed: Please wait.
[   85.155684][ T5286] XFS (loop1): Quotacheck: Done.
[   85.272327][ T4183] XFS (loop1): Unmounting Filesystem
[   85.363531][ T5295] loop0: detected capacity change from 0 to 32768
[   85.535242][ T5295] XFS (loop0): Mounting V5 Filesystem
[   85.707858][ T5295] XFS (loop0): Ending clean mount
[   85.732514][ T5295] XFS (loop0): Quotacheck needed: Please wait.
[   85.777376][ T5314] loop2: detected capacity change from 0 to 4096
[   85.816407][ T5295] XFS (loop0): Quotacheck: Done.
[   85.910435][ T5314] ntfs3: loop2: Different NTFS' sector size (4096) and media sector size (512)
[   86.043717][ T4189] XFS (loop0): Unmounting Filesystem
[   86.105165][   T26] kauditd_printk_skb: 9 callbacks suppressed
[   86.105178][   T26] audit: type=1800 audit(1756462103.752:6): pid=5314 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.414" name="bus" dev="loop2" ino=24 res=0 errno=0
[   86.163905][ T4191] ntfs3: loop2: ntfs_sync_fs r=1a failed, -22.
[   86.192186][ T4191] ntfs3: loop2: ntfs_evict_inode r=1a failed, -22.
[   86.198824][ T4191] ntfs3: loop2: Mark volume as dirty due to NTFS errors
[   86.394091][ T5336] sp0: Synchronizing with TNC
[   86.562121][ T1111] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[   86.801982][ T1111] usb 4-1: Using ep0 maxpacket: 8
[   86.864806][ T5353] loop4: detected capacity change from 0 to 128
[   86.922125][ T1111] usb 4-1: config index 0 descriptor too short (expected 30, got 18)
[   86.982877][ T5353] EXT4-fs (loop4): mounted filesystem without journal. Opts: quota,,errors=continue. Quota mode: writeback.
[   86.999788][ T5353] ext4 filesystem being mounted at /84/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   87.073984][ T5346] loop0: detected capacity change from 0 to 32768
[   87.107244][ T1111] usb 4-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[   87.118064][ T1111] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   87.152972][ T1111] usb 4-1: Product: syz
[   87.157166][ T1111] usb 4-1: Manufacturer: syz
[   87.161770][ T1111] usb 4-1: SerialNumber: syz
[   87.222723][ T1111] usb 4-1: config 0 descriptor??
[   87.241337][ T5346] XFS (loop0): Mounting V5 Filesystem
[   87.264150][ T1111] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[   87.272649][ T1111] usb 4-1: setting power ON
[   87.277179][ T1111] dvb-usb: bulk message failed: -22 (2/0)
[   87.286979][ T1111] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[   87.314087][ T1111] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID))
[   87.324867][ T1111] usb 4-1: media controller created
[   87.337529][ T4237] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[   87.341585][ T1111] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[   87.360498][ T5346] XFS (loop0): Ending clean mount
[   87.364506][ T1111] usb 4-1: selecting invalid altsetting 6
[   87.371347][ T1111] usb 4-1: digital interface selection failed (-22)
[   87.373844][ T5346] XFS (loop0): Quotacheck needed: Please wait.
[   87.378058][ T1111] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)'
[   87.432015][ T1111] usb 4-1: setting power OFF
[   87.436721][ T1111] dvb-usb: bulk message failed: -22 (2/0)
[   87.442504][ T1111] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected.
[   87.461064][ T5346] XFS (loop0): Quotacheck: Done.
[   87.476390][ T5334] dvb-usb: bulk message failed: -22 (3/0)
[   87.483541][ T1111] (NULL device *): no alternate interface
[   87.501932][ T5334] cxusb: i2c wr: len=112 is too big!
[   87.501932][ T5334] 
[   87.560272][ T1111] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected.
[   87.571338][ T5354] loop2: detected capacity change from 0 to 32768
[   87.603759][ T1111] usb 4-1: USB disconnect, device number 5
[   87.611946][ T4237] usb 2-1: Using ep0 maxpacket: 32
[   87.633440][ T4189] XFS (loop0): Unmounting Filesystem
[   87.673973][ T5376] loop4: detected capacity change from 0 to 4096
[   87.688722][ T5354] XFS (loop2): Mounting V5 Filesystem
[   87.752056][ T4237] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 8
[   87.765353][ T4237] usb 2-1: New USB device found, idVendor=056e, idProduct=00fe, bcdDevice= 0.00
[   87.775696][ T4237] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   87.787643][ T4237] usb 2-1: config 0 descriptor??
[   87.896754][ T5354] XFS (loop2): Ending clean mount
[   87.904122][ T5354] XFS (loop2): Quotacheck needed: Please wait.
[   87.939305][ T5386] loop4: detected capacity change from 0 to 512
[   87.962657][ T5354] XFS (loop2): Quotacheck: Done.
[   88.001451][ T5386] EXT4-fs error (device loop4): ext4_orphan_get:1427: comm syz.4.441: bad orphan inode 13
[   88.018588][ T4191] XFS (loop2): Unmounting Filesystem
[   88.030508][ T5386] ext4_test_bit(bit=12, block=4) = 1
[   88.036409][ T5386] is_bad_inode(inode)=0
[   88.056900][ T5386] NEXT_ORPHAN(inode)=0
[   88.061182][ T5386] max_ino=32
[   88.064618][ T5386] i_nlink=1
[   88.067845][ T5386] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[   88.130361][ T5386] EXT4-fs warning (device loop4): dx_probe:833: inode #2: comm syz.4.441: Unrecognised inode hash code 20
[   88.142255][ T5386] EXT4-fs warning (device loop4): dx_probe:966: inode #2: comm syz.4.441: Corrupt directory, running e2fsck is recommended
[   88.157797][ T5386] EXT4-fs warning (device loop4): dx_probe:833: inode #2: comm syz.4.441: Unrecognised inode hash code 20
[   88.169474][ T5386] EXT4-fs warning (device loop4): dx_probe:966: inode #2: comm syz.4.441: Corrupt directory, running e2fsck is recommended
[   88.307736][ T4237] elecom 0003:056E:00FE.0008: item fetching failed at offset 2/5
[   88.316839][ T5390] loop3: detected capacity change from 0 to 2048
[   88.326387][ T4237] elecom: probe of 0003:056E:00FE.0008 failed with error -22
[   88.350797][ T5390] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024)
[   88.402197][ T4175] udevd[4175]: incorrect nilfs2 checksum on /dev/loop3
[   88.470730][ T5396] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[   88.508660][ T4237] usb 2-1: USB disconnect, device number 6
[   88.853539][ T5411] sp0: Synchronizing with TNC
[   88.924927][ T5413] nbd: must specify a size in bytes for the device
[   89.031360][ T5415] device veth0_to_hsr entered promiscuous mode
[   89.062616][ T5414] device veth0_to_hsr left promiscuous mode
[   89.264638][ T5432] netlink: 8 bytes leftover after parsing attributes in process `syz.4.459'.
[   89.308389][ T5432] netlink: 72 bytes leftover after parsing attributes in process `syz.4.459'.
[   89.715995][ T5453] tipc: Enabled bearer <udp:syz2>, priority 10
[   89.730769][ T5452] device veth0_to_hsr entered promiscuous mode
[   89.791529][ T5451] device veth0_to_hsr left promiscuous mode
[   90.042086][ T5476] sp0: Synchronizing with TNC
[   90.264341][ T5482] loop0: detected capacity change from 0 to 1024
[   90.323188][   T26] audit: type=1800 audit(1756462107.962:7): pid=5485 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.483" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0
[   90.534142][ T5493] device veth0_to_hsr entered promiscuous mode
[   90.553453][ T5489] loop2: detected capacity change from 0 to 1024
[   90.571803][ T5492] device veth0_to_hsr left promiscuous mode
[   90.653004][ T5489] hfsplus: gid requires an argument
[   90.682014][ T5489] hfsplus: unable to parse mount options
[   90.854920][ T5510] loop2: detected capacity change from 0 to 512
[   90.915761][ T5510] EXT4-fs error (device loop2): ext4_orphan_get:1427: comm syz.2.493: bad orphan inode 13
[   90.961574][ T5510] ext4_test_bit(bit=12, block=4) = 1
[   90.972114][ T5510] is_bad_inode(inode)=0
[   90.976543][ T5510] NEXT_ORPHAN(inode)=0
[   91.039825][ T5510] max_ino=32
[   91.073637][ T5510] i_nlink=1
[   91.095410][ T5510] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[   91.130331][ T5510] EXT4-fs warning (device loop2): dx_probe:833: inode #2: comm syz.2.493: Unrecognised inode hash code 20
[   91.211935][ T5510] EXT4-fs warning (device loop2): dx_probe:966: inode #2: comm syz.2.493: Corrupt directory, running e2fsck is recommended
[   91.284300][ T5510] EXT4-fs warning (device loop2): dx_probe:833: inode #2: comm syz.2.493: Unrecognised inode hash code 20
[   91.372420][ T5525] loop1: detected capacity change from 0 to 16
[   91.409357][ T5510] EXT4-fs warning (device loop2): dx_probe:966: inode #2: comm syz.2.493: Corrupt directory, running e2fsck is recommended
[   91.457164][ T5525] erofs: (device loop1): mounted with root inode @ nid 36.
[   91.534279][ T5523] loop0: detected capacity change from 0 to 8192
[   91.629735][ T5528] device veth0_to_hsr entered promiscuous mode
[   91.639085][ T5527] device veth0_to_hsr left promiscuous mode
[   92.009312][ T5549] option changes via remount are deprecated (pid=5546 comm=syz.4.512)
[   92.116685][ T5553] loop0: detected capacity change from 0 to 512
[   92.172044][ T5041] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[   92.179750][ T5553] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[   92.236480][ T5553] EXT4-fs (loop0): orphan cleanup on readonly fs
[   92.288502][ T5553] EXT4-fs error (device loop0): ext4_quota_enable:6413: comm syz.0.513: Bad quota inum: 11, type: 1
[   92.385852][ T5540] loop3: detected capacity change from 0 to 32768
[   92.388166][ T5553] EXT4-fs warning (device loop0): ext4_enable_quotas:6461: Failed to enable quota tracking (type=1, err=-117, ino=11). Please run e2fsck to fix.
[   92.442017][ T5041] usb 2-1: Using ep0 maxpacket: 8
[   92.494060][ T5540] XFS (loop3): Mounting V5 Filesystem
[   92.518841][ T5553] EXT4-fs (loop0): Cannot turn on quotas: error -117
[   92.537791][ T5553] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[   92.592089][ T5041] usb 2-1: config index 0 descriptor too short (expected 30, got 18)
[   92.608278][ T5565] comedi comedi3: 8255: I/O port conflict (0x5,4)
[   92.631479][ T5565] comedi comedi3: 8255: I/O port conflict (0x3,4)
[   92.658835][ T5565] comedi comedi3: 8255: I/O port conflict (0x4,4)
[   92.686507][ T5565] comedi comedi3: 8255: I/O port conflict (0x1,4)
[   92.700787][ T5540] XFS (loop3): Ending clean mount
[   92.713911][ T5569] loop0: detected capacity change from 0 to 512
[   92.714729][ T5540] XFS (loop3): Quotacheck needed: Please wait.
[   92.737752][ T5565] comedi comedi3: 8255: I/O port conflict (0xc,4)
[   92.759058][ T5569] EXT4-fs error (device loop0): ext4_orphan_get:1427: comm syz.0.514: bad orphan inode 13
[   92.791706][ T5565] comedi comedi3: 8255: I/O port conflict (0x12,4)
[   92.803777][ T5041] usb 2-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[   92.814938][ T5041] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   92.833472][ T5041] usb 2-1: Product: syz
[   92.837665][ T5041] usb 2-1: Manufacturer: syz
[   92.844519][ T5041] usb 2-1: SerialNumber: syz
[   92.847737][ T5565] comedi comedi3: 8255: I/O port conflict (0x4,4)
[   92.857021][ T5041] usb 2-1: config 0 descriptor??
[   92.901917][ T5569] ext4_test_bit(bit=12, block=4) = 1
[   92.907241][ T5569] is_bad_inode(inode)=0
[   92.913666][ T5041] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[   92.919113][ T5540] XFS (loop3): Quotacheck: Done.
[   92.932029][ T5041] usb 2-1: setting power ON
[   92.936561][ T5041] dvb-usb: bulk message failed: -22 (2/0)
[   92.952689][ T5565] comedi comedi3: 8255: I/O port conflict (0xd,4)
[   92.959157][ T5565] comedi comedi3: 8255: I/O port conflict (0xfffffffffffffffc,4)
[   92.966985][ T5569] NEXT_ORPHAN(inode)=0
[   92.971053][ T5569] max_ino=32
[   92.982658][ T5041] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[   92.992346][ T5569] i_nlink=1
[   92.995534][ T5569] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[   93.032240][ T5041] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID))
[   93.051305][ T5575] loop2: detected capacity change from 0 to 512
[   93.061079][ T5041] usb 2-1: media controller created
[   93.068041][ T5569] EXT4-fs warning (device loop0): dx_probe:833: inode #2: comm syz.0.514: Unrecognised inode hash code 20
[   93.128588][ T5545] dvb-usb: bulk message failed: -22 (3/0)
[   93.134572][ T5565] comedi comedi3: 8255: I/O port conflict (0x2,4)
[   93.141027][ T5565] comedi comedi3: 8255: I/O port conflict (0x1,4)
[   93.148548][ T5569] EXT4-fs warning (device loop0): dx_probe:966: inode #2: comm syz.0.514: Corrupt directory, running e2fsck is recommended
[   93.148875][ T5575] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2228: inode #12: comm syz.2.518: corrupted in-inode xattr
[   93.162879][ T5041] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[   93.179119][ T5575] EXT4-fs error (device loop2): ext4_orphan_get:1406: comm syz.2.518: couldn't read orphan inode 12 (err -117)
[   93.190085][ T5545] cxusb: i2c wr: len=112 is too big!
[   93.190085][ T5545] 
[   93.207702][ T5575] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[   93.218667][ T5569] EXT4-fs warning (device loop0): dx_probe:833: inode #2: comm syz.0.514: Unrecognised inode hash code 20
[   93.246159][ T4187] XFS (loop3): Unmounting Filesystem
[   93.262541][ T5565] comedi comedi3: 8255: I/O port conflict (0xfffffffffffffffe,4)
[   93.270574][ T5565] comedi comedi3: 8255: I/O port conflict (0x1,4)
[   93.277293][ T5565] comedi comedi3: 8255: I/O port conflict (0x2,4)
[   93.283883][ T5565] comedi comedi3: 8255: I/O port conflict (0x4,4)
[   93.290335][ T5565] comedi comedi3: 8255: I/O port conflict (0x9,4)
[   93.297021][ T5565] comedi comedi3: 8255: I/O port conflict (0x3,4)
[   93.303843][ T5565] comedi comedi3: 8255: I/O port conflict (0x80,4)
[   93.308781][ T5569] EXT4-fs warning (device loop0): dx_probe:966: inode #2: comm syz.0.514: Corrupt directory, running e2fsck is recommended
[   93.310548][ T5565] comedi comedi3: 8255: I/O port conflict (0x20001e58,4)
[   93.331269][ T5565] comedi comedi3: 8255: I/O port conflict (0x7,4)
[   93.338328][ T5565] comedi comedi3: 8255: I/O port conflict (0x2000e67,4)
[   93.342719][ T5041] usb 2-1: selecting invalid altsetting 6
[   93.351040][ T5565] comedi comedi3: 8255: I/O port conflict (0x8,4)
[   93.351077][ T5565] comedi comedi3: 8255: I/O port conflict (0xfffffffffffffffe,4)
[   93.380537][ T5041] usb 2-1: digital interface selection failed (-22)
[   93.395093][ T5041] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)'
[   93.496158][ T5041] usb 2-1: setting power OFF
[   93.500786][ T5041] dvb-usb: bulk message failed: -22 (2/0)
[   93.543349][ T5041] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected.
[   93.553787][ T5041] (NULL device *): no alternate interface
[   93.617007][ T5041] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected.
[   93.636609][ T5041] usb 2-1: USB disconnect, device number 7
[   93.889525][ T5589] loop2: detected capacity change from 0 to 4096
[   94.044257][ T5589] ntfs3: loop2: ntfs_set_state r=3 failed, -22.
[   94.348411][ T5589] ntfs3: Cannot use different iocharset when remounting!
[   94.429191][ T3098] ntfs3: loop2: ntfs3_write_inode r=3 failed, -22.
[   94.472882][ T4191] ntfs3: loop2: ntfs_set_state r=3 failed, -22.
[   94.479168][ T4191] ntfs3: loop2: Mark volume as dirty due to NTFS errors
[   94.511339][ T4191] ntfs3: loop2: ntfs_set_state r=3 failed, -22.
[   94.543197][ T5321] ntfs3: loop2: ntfs3_write_inode r=3 failed, -22.
[   94.552739][ T4191] ntfs3: loop2: ntfs_evict_inode r=3 failed, -22.
[   94.718701][ T5608] loop4: detected capacity change from 0 to 2048
[   94.783603][ T5587] loop0: detected capacity change from 0 to 40427
[   94.840400][ T5587] F2FS-fs (loop0): Invalid log blocks per segment (83886089)
[   94.853640][ T5587] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock
[   94.900656][ T5608] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[   94.912471][ T5595] loop3: detected capacity change from 0 to 32768
[   94.945807][ T5587] F2FS-fs (loop0): invalid crc value
[   95.066384][ T5602] loop1: detected capacity change from 0 to 32768
[   95.080271][ T5587] F2FS-fs (loop0): Found nat_bits in checkpoint
[   95.147894][ T5622] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[   95.225756][ T5602] XFS (loop1): Mounting V5 Filesystem
[   95.240023][ T5587] F2FS-fs (loop0): Start checkpoint disabled!
[   95.395355][ T5587] F2FS-fs (loop0): Try to recover 2th superblock, ret: 0
[   95.448833][ T5637] loop4: detected capacity change from 0 to 128
[   95.460420][ T5602] XFS (loop1): Ending clean mount
[   95.462168][ T5587] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6
[   95.538279][ T5602] XFS (loop1): Quotacheck needed: Please wait.
[   95.605600][ T5602] XFS (loop1): Quotacheck: Done.
[   95.755261][ T5587] ceph: Unexpected value for 'acl'
[   95.811202][ T4183] XFS (loop1): Unmounting Filesystem
[   95.853000][ T5643] nbd: must specify an index to disconnect
[   96.040638][  T412] attempt to access beyond end of device
[   96.040638][  T412] loop0: rw=2049, want=40976, limit=40427
[   96.556340][ T5653] loop1: detected capacity change from 0 to 4096
[   96.571001][ T5641] loop3: detected capacity change from 0 to 40427
[   96.611015][ T5653] ntfs3: loop1: ntfs_set_state r=3 failed, -22.
[   96.628005][ T5641] F2FS-fs (loop3): Insane cp_payload (553648128 >= 504)
[   96.643203][ T5641] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[   96.678528][ T5641] F2FS-fs (loop3): build fault injection attr: rate: 17008, type: 0x1ffff
[   96.697584][ T5641] F2FS-fs (loop3): build fault injection attr: rate: 0, type: 0x1f8
[   96.733736][ T5641] F2FS-fs (loop3): invalid crc value
[   96.772238][ T1111] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[   96.791686][ T5641] F2FS-fs (loop3): Found nat_bits in checkpoint
[   96.911911][ T5641] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[   96.916419][ T5653] ntfs3: Cannot use different iocharset when remounting!
[   96.918967][ T5641] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[   96.990487][   T26] audit: type=1800 audit(1756462114.632:8): pid=5641 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.543" name="file1" dev="loop3" ino=10 res=0 errno=0
[   97.018045][ T1111] usb 1-1: Using ep0 maxpacket: 8
[   97.036097][  T412] ntfs3: loop1: ntfs3_write_inode r=3 failed, -22.
[   97.051959][ T4183] ntfs3: loop1: ntfs_set_state r=3 failed, -22.
[   97.061651][ T5662] loop4: detected capacity change from 0 to 512
[   97.070090][ T4183] ntfs3: loop1: Mark volume as dirty due to NTFS errors
[   97.085005][ T5641] attempt to access beyond end of device
[   97.085005][ T5641] loop3: rw=2049, want=54048, limit=40427
[   97.097487][ T4183] ntfs3: loop1: ntfs_set_state r=3 failed, -22.
[   97.112761][ T5321] ntfs3: loop1: ntfs3_write_inode r=3 failed, -22.
[   97.119848][ T4183] ntfs3: loop1: ntfs_evict_inode r=3 failed, -22.
[   97.156064][ T1111] usb 1-1: config 0 interface 0 altsetting 142 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   97.201223][ T4187] attempt to access beyond end of device
[   97.201223][ T4187] loop3: rw=2049, want=45104, limit=40427
[   97.219067][ T1111] usb 1-1: config 0 interface 0 altsetting 142 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[   97.219099][ T1111] usb 1-1: config 0 interface 0 has no altsetting 0
[   97.219128][ T1111] usb 1-1: New USB device found, idVendor=17ef, idProduct=6009, bcdDevice= 0.00
[   97.219149][ T1111] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   97.222672][ T1111] usb 1-1: config 0 descriptor??
[   97.225396][ T5662] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2228: inode #12: comm syz.4.552: corrupted in-inode xattr
[   97.226269][ T5662] EXT4-fs error (device loop4): ext4_orphan_get:1406: comm syz.4.552: couldn't read orphan inode 12 (err -117)
[   97.230304][ T5662] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[   97.454697][ T5668] loop1: detected capacity change from 0 to 2048
[   97.548966][ T5668] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[   97.704124][ T1111] lenovo 0003:17EF:6009.0009: unknown main item tag 0x0
[   97.711120][ T1111] lenovo 0003:17EF:6009.0009: unknown main item tag 0x0
[   97.745284][ T1111] lenovo 0003:17EF:6009.0009: unknown main item tag 0x0
[   97.796229][ T1111] lenovo 0003:17EF:6009.0009: unknown main item tag 0x0
[   97.824189][ T5676] IPVS: wlc: UDP 0.0.0.0:0 - no destination available
[   97.836173][ T1111] lenovo 0003:17EF:6009.0009: unknown main item tag 0x0
[   97.847335][ T5680] loop2: detected capacity change from 0 to 16
[   97.855964][ T1111] lenovo 0003:17EF:6009.0009: hidraw0: USB HID v0.05 Device [HID 17ef:6009] on usb-dummy_hcd.0-1/input0
[   97.916963][ T5680] erofs: (device loop2): mounted with root inode @ nid 36.
[   97.947367][ T5041] usb 1-1: USB disconnect, device number 6
[   97.980236][ T5680] erofs: (device loop2): z_erofs_extent_lookback: unknown type 3 @ lcn 42 of nid 36
[   98.020726][ T5680] attempt to access beyond end of device
[   98.020726][ T5680] loop2: rw=0, want=64, limit=16
[   98.081273][ T5680] erofs: (device loop2): z_erofs_readpage: failed to read, err [-95]
[   98.125676][ T5687] fido_id[5687]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory
[   98.333444][ T5690] loop4: detected capacity change from 0 to 8192
[   98.392124][ T5690] REISERFS (device loop4): found reiserfs format "3.6" with non-standard journal
[   98.412425][ T5690] REISERFS (device loop4): using ordered data mode
[   98.418958][ T5690] reiserfs: using flush barriers
[   98.472990][ T5693] loop1: detected capacity change from 0 to 8192
[   98.531740][ T5690] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   98.610272][ T5693] REISERFS (device loop1): found reiserfs format "3.6" with non-standard journal
[   98.631129][ T5693] REISERFS (device loop1): using ordered data mode
[   98.664611][ T5690] REISERFS (device loop4): checking transaction log (loop4)
[   98.683064][ T5693] reiserfs: using flush barriers
[   98.707932][ T5693] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   98.720170][ T5695] loop2: detected capacity change from 0 to 40427
[   98.730601][ T5690] REISERFS (device loop4): Using r5 hash to sort names
[   98.749709][ T5695] F2FS-fs (loop2): Insane cp_payload (553648128 >= 504)
[   98.752100][ T5693] REISERFS (device loop1): checking transaction log (loop1)
[   98.787248][ T5695] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[   98.834608][ T5695] F2FS-fs (loop2): build fault injection attr: rate: 17008, type: 0x1ffff
[   98.893207][ T5695] F2FS-fs (loop2): build fault injection attr: rate: 0, type: 0x1f8
[   98.896469][ T5703] loop0: detected capacity change from 0 to 2048
[   98.938734][ T5695] F2FS-fs (loop2): invalid crc value
[   98.985751][ T5695] F2FS-fs (loop2): Found nat_bits in checkpoint
[   99.014931][ T5693] REISERFS (device loop1): Using tea hash to sort names
[   99.030383][ T5693] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage.
[   99.071509][ T5703] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[   99.182643][ T5695] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[   99.182680][ T5695] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[   99.229249][ T5717] sg_write: data in/out 327680/1 bytes for SCSI command 0xf0-- guessing data in;
[   99.229249][ T5717]    program syz.4.573 not setting count and/or reply_len properly
[   99.307373][   T26] audit: type=1800 audit(1756462116.952:9): pid=5695 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.566" name="file1" dev="loop2" ino=10 res=0 errno=0
[   99.432322][ T5695] attempt to access beyond end of device
[   99.432322][ T5695] loop2: rw=2049, want=54048, limit=40427
[   99.512902][ T5727] IPVS: wlc: UDP 0.0.0.0:0 - no destination available
[   99.563666][ T4191] attempt to access beyond end of device
[   99.563666][ T4191] loop2: rw=2049, want=45104, limit=40427
[  100.150656][ T5732] loop4: detected capacity change from 0 to 32768
[  100.244264][ T5732] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt
[  100.244264][ T5732] 
[  100.269054][ T5732] ERROR: (device loop4): remounting filesystem as read-only
[  100.401923][ T5041] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  100.679729][ T5756] loop0: detected capacity change from 0 to 40427
[  100.724007][ T5756] F2FS-fs (loop0): Insane cp_payload (553648128 >= 504)
[  100.748004][ T5756] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  100.769975][ T5756] F2FS-fs (loop0): build fault injection attr: rate: 17008, type: 0x1ffff
[  100.809456][ T5756] F2FS-fs (loop0): build fault injection attr: rate: 0, type: 0x1f8
[  100.817131][ T5041] usb 4-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config
[  100.839998][ T5041] usb 4-1: New USB device found, idVendor=041e, idProduct=4007, bcdDevice=5d.18
[  100.859382][ T5041] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  100.862573][ T5756] F2FS-fs (loop0): invalid crc value
[  100.928201][ T5756] F2FS-fs (loop0): Found nat_bits in checkpoint
[  100.948418][ T5041] gspca_main: stv0680-2.14.0 probing 041e:4007
[  101.071486][ T5756] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  101.080669][ T5756] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  101.145498][   T26] audit: type=1800 audit(1756462118.792:10): pid=5756 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.591" name="file1" dev="loop0" ino=10 res=0 errno=0
[  101.183017][ T5756] attempt to access beyond end of device
[  101.183017][ T5756] loop0: rw=2049, want=54048, limit=40427
[  101.211039][ T4189] attempt to access beyond end of device
[  101.211039][ T4189] loop0: rw=2049, want=45104, limit=40427
[  101.337988][ T4237] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  101.518867][ T5788] loop4: detected capacity change from 0 to 4096
[  101.569166][ T5788] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  101.584166][ T4237] usb 3-1: Using ep0 maxpacket: 32
[  101.627605][ T5788] EXT4-fs (loop4): re-mounted. Opts: (null). Quota mode: writeback.
[  101.748660][ T4237] usb 3-1: config 0 has an invalid interface number: 66 but max is 0
[  101.786428][ T4237] usb 3-1: config 0 has no interface number 0
[  101.920585][ T5793] loop0: detected capacity change from 0 to 32768
[  101.957705][ T5793] ERROR: (device loop0): xtSearch: XT_GETPAGE: xtree page corrupt
[  101.957705][ T5793] 
[  101.973945][ T5793] ERROR: (device loop0): remounting filesystem as read-only
[  101.975499][ T4237] usb 3-1: New USB device found, idVendor=0fe9, idProduct=d501, bcdDevice=23.50
[  102.007248][ T4237] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  102.015583][ T4237] usb 3-1: Product: syz
[  102.019829][ T4237] usb 3-1: Manufacturer: syz
[  102.036617][ T4237] usb 3-1: SerialNumber: syz
[  102.054072][ T4237] usb 3-1: config 0 descriptor??
[  102.113704][ T5041] gspca_stv0680: usb_control_msg error 0, request = 0x88, error = -32
[  102.123669][ T4237] dvb-usb: found a 'DViCO FusionHDTV5 USB Gold' in warm state.
[  102.131300][ T4237] dvb-usb: bulk message failed: -22 (2/0)
[  102.152113][ T5041] stv0680 4-1:4.0: STV(e): camera ping failed!!
[  102.163732][ T4237] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  102.202099][ T5041] stv0680 4-1:4.0: last error: 0,  command = 0x0
[  102.211508][ T4237] dvbdev: DVB: registering new adapter (DViCO FusionHDTV5 USB Gold)
[  102.223896][ T4237] usb 3-1: media controller created
[  102.240062][ T4237] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  102.256064][ T4237] cxusb: set interface failed
[  102.260769][ T4237] dvb-usb: bulk message failed: -22 (1/0)
[  102.285761][ T4237] DVB: Unable to find symbol lgdt330x_attach()
[  102.294110][ T4237] dvb-usb: no frontend was attached by 'DViCO FusionHDTV5 USB Gold'
[  102.326759][ T5781] cxusb: i2c rd: len=133 is too big!
[  102.326759][ T5781] 
[  102.391949][ T4294] usb 2-1: new full-speed USB device number 8 using dummy_hcd
[  102.420881][ T5041] usb 4-1: USB disconnect, device number 6
[  102.441947][ T4237] rc_core: IR keymap rc-dvico-portable not found
[  102.448521][ T4237] Registered IR keymap rc-empty
[  102.466425][ T4237] rc rc0: DViCO FusionHDTV5 USB Gold as /devices/platform/dummy_hcd.2/usb3/3-1/rc/rc0
[  102.477551][ T4237] input: DViCO FusionHDTV5 USB Gold as /devices/platform/dummy_hcd.2/usb3/3-1/rc/rc0/input8
[  102.497343][ T4237] dvb-usb: schedule remote query interval to 100 msecs.
[  102.504550][ T4237] dvb-usb: DViCO FusionHDTV5 USB Gold successfully initialized and connected.
[  102.522388][ T4237] usb 3-1: USB disconnect, device number 7
[  102.571060][ T4237] dvb-usb: DViCO FusionHDTV5 USB Gold successfully deinitialized and disconnected.
[  102.752334][ T4294] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  102.782290][ T4294] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  102.816749][ T4294] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4
[  102.839236][ T4294] usb 2-1: New USB device found, idVendor=056a, idProduct=005d, bcdDevice= 0.00
[  102.858821][ T4294] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  102.875984][ T4294] usb 2-1: config 0 descriptor??
[  102.900771][ T5823] loop0: detected capacity change from 0 to 4096
[  103.004460][ T5823] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  103.098317][ T5829] loop2: detected capacity change from 0 to 8192
[  103.130393][ T5823] EXT4-fs (loop0): re-mounted. Opts: (null). Quota mode: writeback.
[  103.169456][ T5829] REISERFS (device loop2): found reiserfs format "3.6" with non-standard journal
[  103.221507][ T5829] REISERFS (device loop2): using ordered data mode
[  103.228393][ T5829] reiserfs: using flush barriers
[  103.238531][ T5829] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  103.342816][ T4237] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  103.355105][ T4294] wacom 0003:056A:005D.000A: unbalanced collection at end of report description
[  103.372241][ T5829] REISERFS (device loop2): checking transaction log (loop2)
[  103.380097][ T4294] wacom 0003:056A:005D.000A: parse failed
[  103.400158][ T4294] wacom: probe of 0003:056A:005D.000A failed with error -22
[  103.409058][ T5829] REISERFS (device loop2): Using r5 hash to sort names
[  103.504011][ T5831] loop4: detected capacity change from 0 to 40427
[  103.536328][ T5831] F2FS-fs (loop4): Insane cp_payload (553648128 >= 504)
[  103.557852][ T5831] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  103.570544][ T5831] F2FS-fs (loop4): build fault injection attr: rate: 17008, type: 0x1ffff
[  103.580313][ T5831] F2FS-fs (loop4): build fault injection attr: rate: 0, type: 0x1f8
[  103.589452][ T4294] usb 2-1: USB disconnect, device number 8
[  103.619753][ T5831] F2FS-fs (loop4): invalid crc value
[  103.625592][ T4237] usb 4-1: Using ep0 maxpacket: 32
[  103.673272][ T5831] F2FS-fs (loop4): Found nat_bits in checkpoint
[  103.770097][ T5831] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  103.777623][ T4237] usb 4-1: config 0 has an invalid interface number: 66 but max is 0
[  103.790869][ T4237] usb 4-1: config 0 has no interface number 0
[  103.797418][ T5831] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  103.825842][ T5845] blktrace: Concurrent blktraces are not allowed on sg0
[  103.867724][   T26] audit: type=1800 audit(1756462121.512:11): pid=5831 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.619" name="file1" dev="loop4" ino=10 res=0 errno=0
[  103.877434][ T5831] attempt to access beyond end of device
[  103.877434][ T5831] loop4: rw=2049, want=54048, limit=40427
[  103.987520][ T4192] attempt to access beyond end of device
[  103.987520][ T4192] loop4: rw=2049, want=45104, limit=40427
[  104.012029][ T4237] usb 4-1: New USB device found, idVendor=0fe9, idProduct=d501, bcdDevice=23.50
[  104.057946][ T4237] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  104.070616][ T4237] usb 4-1: Product: syz
[  104.083017][ T4237] usb 4-1: Manufacturer: syz
[  104.087629][ T4237] usb 4-1: SerialNumber: syz
[  104.108365][ T4237] usb 4-1: config 0 descriptor??
[  104.158888][ T4237] dvb-usb: found a 'DViCO FusionHDTV5 USB Gold' in warm state.
[  104.179584][ T4237] dvb-usb: bulk message failed: -22 (2/0)
[  104.209049][ T4237] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  104.257088][ T4237] dvbdev: DVB: registering new adapter (DViCO FusionHDTV5 USB Gold)
[  104.272082][ T4237] usb 4-1: media controller created
[  104.313031][ T4237] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  104.366843][ T5827] cxusb: i2c rd: len=133 is too big!
[  104.366843][ T5827] 
[  104.391924][   T26] audit: type=1800 audit(1756462122.032:12): pid=5859 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.643" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0
[  104.407277][ T4237] cxusb: set interface failed
[  104.429459][ T5861] loop4: detected capacity change from 0 to 128
[  104.439948][ T4237] dvb-usb: bulk message failed: -22 (1/0)
[  104.492860][ T5861] hpfs: bad mount options.
[  104.530171][ T4237] DVB: Unable to find symbol lgdt330x_attach()
[  104.542119][ T4237] dvb-usb: no frontend was attached by 'DViCO FusionHDTV5 USB Gold'
[  104.607459][ T5866] loop1: detected capacity change from 0 to 1024
[  104.658623][ T5871] blktrace: Concurrent blktraces are not allowed on sg0
[  104.692283][ T4237] rc_core: IR keymap rc-dvico-portable not found
[  104.706826][ T4237] Registered IR keymap rc-empty
[  104.731376][ T4237] rc rc0: DViCO FusionHDTV5 USB Gold as /devices/platform/dummy_hcd.3/usb4/4-1/rc/rc0
[  104.769800][ T4237] input: DViCO FusionHDTV5 USB Gold as /devices/platform/dummy_hcd.3/usb4/4-1/rc/rc0/input9
[  104.815325][ T4237] dvb-usb: schedule remote query interval to 100 msecs.
[  104.836987][ T4237] dvb-usb: DViCO FusionHDTV5 USB Gold successfully initialized and connected.
[  104.904490][ T4237] usb 4-1: USB disconnect, device number 7
[  104.986918][ T4237] dvb-usb: DViCO FusionHDTV5 USB Gold successfully deinitialized and disconnected.
[  105.258561][ T5892] loop3: detected capacity change from 0 to 256
[  105.445840][ T5875] loop2: detected capacity change from 0 to 32768
[  105.561483][ T5875] ocfs2: Mounting device (7,2) on (node local, slot 0) with writeback data mode.
[  105.715326][ T5875] OCFS2: ERROR (device loop2): int ocfs2_validate_gd_self(struct super_block *, struct buffer_head *, int): Group descriptor #17056 has bit count 57088 but max bitmap bits of 2048
[  105.801051][ T5875] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted.
[  105.838604][ T5875] OCFS2: File system is now read-only.
[  105.851990][ T5875] (syz.2.639,5875,0):ocfs2_search_chain:1761 ERROR: status = -30
[  105.901944][ T5875] (syz.2.639,5875,0):ocfs2_search_chain:1871 ERROR: status = -30
[  105.908896][ T5885] loop1: detected capacity change from 0 to 40427
[  105.909737][ T5875] (syz.2.639,5875,0):ocfs2_claim_suballoc_bits:1940 ERROR: status = -30
[  105.940626][ T5875] (syz.2.639,5875,0):ocfs2_claim_suballoc_bits:1983 ERROR: status = -30
[  105.951126][ T5875] (syz.2.639,5875,0):ocfs2_claim_new_inode:2216 ERROR: status = -30
[  105.967675][ T5875] (syz.2.639,5875,0):ocfs2_claim_new_inode:2231 ERROR: status = -30
[  105.978022][ T5875] (syz.2.639,5875,0):ocfs2_mknod_locked:639 ERROR: status = -30
[  105.989329][ T5907] loop3: detected capacity change from 0 to 8192
[  106.002507][ T5885] F2FS-fs (loop1): Insane cp_payload (553648128 >= 504)
[  106.026388][ T5885] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  106.029315][ T5875] (syz.2.639,5875,0):ocfs2_mknod:385 ERROR: status = -30
[  106.044418][ T5885] F2FS-fs (loop1): build fault injection attr: rate: 17008, type: 0x1ffff
[  106.062077][ T5885] F2FS-fs (loop1): build fault injection attr: rate: 0, type: 0x1f8
[  106.086075][ T5875] (syz.2.639,5875,0):ocfs2_mknod:502 ERROR: status = -30
[  106.115269][ T5875] (syz.2.639,5875,0):ocfs2_mkdir:659 ERROR: status = -30
[  106.145586][ T5885] F2FS-fs (loop1): invalid crc value
[  106.217199][ T5885] F2FS-fs (loop1): Found nat_bits in checkpoint
[  106.251574][ T4191] ocfs2: Unmounting device (7,2) on (node local)
[  106.292298][ T5920] device veth1_macvtap left promiscuous mode
[  106.298314][ T5920] device macsec0 entered promiscuous mode
[  106.331931][ T4237] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  106.346410][ T5922] device veth1_macvtap entered promiscuous mode
[  106.393763][ T5885] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  106.400825][ T5885] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  106.406986][ T5041] Bluetooth: hci2: command 0x0811 tx timeout
[  106.413913][ T5922] device macsec0 left promiscuous mode
[  106.434862][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  106.538356][   T26] audit: type=1800 audit(1756462124.182:13): pid=5885 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.641" name="file1" dev="loop1" ino=10 res=0 errno=0
[  106.577139][ T5885] attempt to access beyond end of device
[  106.577139][ T5885] loop1: rw=2049, want=54048, limit=40427
[  106.631902][ T4237] usb 1-1: Using ep0 maxpacket: 32
[  106.639239][ T4183] attempt to access beyond end of device
[  106.639239][ T4183] loop1: rw=2049, want=45104, limit=40427
[  106.719731][ T5929] loop4: detected capacity change from 0 to 256
[  106.744783][ T5931] loop2: detected capacity change from 0 to 256
[  106.772102][ T4237] usb 1-1: config 0 has an invalid interface number: 66 but max is 0
[  106.780248][ T4237] usb 1-1: config 0 has no interface number 0
[  106.833630][ T5929] exfat: Deprecated parameter 'utf8'
[  106.863855][ T5929] exfat: Deprecated parameter 'namecase'
[  106.938104][ T5929] exFAT-fs (loop4): failed to load upcase table (idx : 0x0001015b, chksum : 0xeba6baed, utbl_chksum : 0xe619d30d)
[  106.969551][ T5923] loop3: detected capacity change from 0 to 32768
[  106.992173][ T4237] usb 1-1: New USB device found, idVendor=0fe9, idProduct=d501, bcdDevice=23.50
[  107.001240][ T4237] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  107.047334][ T4237] usb 1-1: Product: syz
[  107.051532][ T4237] usb 1-1: Manufacturer: syz
[  107.061930][ T4237] usb 1-1: SerialNumber: syz
[  107.078390][ T4237] usb 1-1: config 0 descriptor??
[  107.129610][ T5923] ERROR: (device loop3): jfs_readdir: JFS:Dtree error: ino = 2, bn=0, index = 4
[  107.129610][ T5923] 
[  107.144908][ T5923] ERROR: (device loop3): remounting filesystem as read-only
[  107.148575][ T4237] dvb-usb: found a 'DViCO FusionHDTV5 USB Gold' in warm state.
[  107.167777][ T4237] dvb-usb: bulk message failed: -22 (2/0)
[  107.190701][ T4237] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  107.258057][ T4237] dvbdev: DVB: registering new adapter (DViCO FusionHDTV5 USB Gold)
[  107.266534][ T4237] usb 1-1: media controller created
[  107.290010][ T4237] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  107.327391][ T5913] cxusb: i2c rd: len=133 is too big!
[  107.327391][ T5913] 
[  107.344446][ T4237] cxusb: set interface failed
[  107.368581][ T5942] netlink: 220 bytes leftover after parsing attributes in process `syz.2.669'.
[  107.393890][ T4237] dvb-usb: bulk message failed: -22 (1/0)
[  107.417904][ T5944] mkiss: ax0: crc mode is auto.
[  107.448661][ T5942] netlink: 24 bytes leftover after parsing attributes in process `syz.2.669'.
[  107.509543][ T4237] DVB: Unable to find symbol lgdt330x_attach()
[  107.521934][ T4237] dvb-usb: no frontend was attached by 'DViCO FusionHDTV5 USB Gold'
[  107.652198][ T4237] rc_core: IR keymap rc-dvico-portable not found
[  107.658689][ T4237] Registered IR keymap rc-empty
[  107.697850][ T4237] rc rc0: DViCO FusionHDTV5 USB Gold as /devices/platform/dummy_hcd.0/usb1/1-1/rc/rc0
[  107.719686][ T4237] input: DViCO FusionHDTV5 USB Gold as /devices/platform/dummy_hcd.0/usb1/1-1/rc/rc0/input10
[  107.748164][ T4237] dvb-usb: schedule remote query interval to 100 msecs.
[  107.761867][ T4237] dvb-usb: DViCO FusionHDTV5 USB Gold successfully initialized and connected.
[  107.783191][ T4237] usb 1-1: USB disconnect, device number 7
[  107.869556][ T5959] mkiss: ax0: crc mode is auto.
[  107.889384][ T4237] dvb-usb: DViCO FusionHDTV5 USB Gold successfully deinitialized and disconnected.
[  107.901902][ T1111] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  108.099499][ T5966] loop1: detected capacity change from 0 to 256
[  108.157628][ T5966] exfat: Deprecated parameter 'utf8'
[  108.168065][ T5966] exfat: Deprecated parameter 'namecase'
[  108.217609][ T5966] exFAT-fs (loop1): failed to load upcase table (idx : 0x0001015b, chksum : 0xeba6baed, utbl_chksum : 0xe619d30d)
[  108.272177][ T1111] usb 3-1: config 0 has an invalid interface number: 74 but max is 0
[  108.300663][ T1111] usb 3-1: config 0 has no interface number 0
[  108.357752][ T5956] loop3: detected capacity change from 0 to 40427
[  108.396909][ T5956] F2FS-fs (loop3): Insane cp_payload (553648128 >= 504)
[  108.415069][ T5956] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  108.442652][ T5961] loop4: detected capacity change from 0 to 32768
[  108.466369][ T5956] F2FS-fs (loop3): build fault injection attr: rate: 17008, type: 0x1ffff
[  108.476182][ T1111] usb 3-1: New USB device found, idVendor=a257, idProduct=2013, bcdDevice=d0.db
[  108.502564][ T1111] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  108.526149][ T5956] F2FS-fs (loop3): build fault injection attr: rate: 0, type: 0x1f8
[  108.541926][ T1111] usb 3-1: Product: syz
[  108.552105][ T1111] usb 3-1: Manufacturer: syz
[  108.568552][ T1111] usb 3-1: SerialNumber: syz
[  108.578261][ T5956] F2FS-fs (loop3): invalid crc value
[  108.599642][ T1111] usb 3-1: config 0 descriptor??
[  108.629663][ T5956] F2FS-fs (loop3): Found nat_bits in checkpoint
[  108.652893][ T5977] netlink: 8 bytes leftover after parsing attributes in process `syz.1.683'.
[  108.785091][ T5956] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  108.790652][ T5968] loop0: detected capacity change from 0 to 32768
[  108.799353][ T5983] program syz.1.684 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  108.823898][ T5956] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  108.913873][ T4294] usb 3-1: USB disconnect, device number 8
[  108.941334][ T5968] ERROR: (device loop0): jfs_readdir: JFS:Dtree error: ino = 2, bn=0, index = 4
[  108.941334][ T5968] 
[  108.989958][   T26] audit: type=1800 audit(1756462126.632:14): pid=5956 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.675" name="file1" dev="loop3" ino=10 res=0 errno=0
[  109.002453][ T5968] ERROR: (device loop0): remounting filesystem as read-only
[  109.020876][ T5956] attempt to access beyond end of device
[  109.020876][ T5956] loop3: rw=2049, want=54048, limit=40427
[  109.113061][ T4187] attempt to access beyond end of device
[  109.113061][ T4187] loop3: rw=2049, want=45104, limit=40427
[  109.128503][ T5991] netlink: 56 bytes leftover after parsing attributes in process `syz.4.689'.
[  109.162115][ T5991] netlink: 8 bytes leftover after parsing attributes in process `syz.4.689'.
[  109.348768][ T5993] Zero length message leads to an empty skb
[  109.656382][ T5999] loop2: detected capacity change from 0 to 4096
[  109.686570][ T6010] netlink: 72 bytes leftover after parsing attributes in process `syz.3.690'.
[  109.695408][ T5999] ntfs: (device loop2): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel.
[  109.803299][ T5999] ntfs: volume version 3.1.
[  110.563940][ T6016] loop3: detected capacity change from 0 to 40427
[  110.585772][ T6016] F2FS-fs (loop3): Insane cp_payload (553648128 >= 504)
[  110.626954][ T6016] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  110.667719][ T6016] F2FS-fs (loop3): build fault injection attr: rate: 17008, type: 0x1ffff
[  110.728334][ T6016] F2FS-fs (loop3): build fault injection attr: rate: 0, type: 0x1f8
[  110.758696][ T6016] F2FS-fs (loop3): invalid crc value
[  110.827137][ T6016] F2FS-fs (loop3): Found nat_bits in checkpoint
[  110.920336][ T6055] loop2: detected capacity change from 0 to 4096
[  110.951314][ T6016] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  110.971523][ T6016] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  111.008507][ T6037] loop1: detected capacity change from 0 to 32768
[  111.033746][ T6055] ntfs3: loop2: Mark volume as dirty due to NTFS errors
[  111.114031][ T6055] ntfs3: loop2: Failed to load $Extend.
[  111.171148][   T26] audit: type=1800 audit(1756462128.812:15): pid=6016 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.701" name="file1" dev="loop3" ino=10 res=0 errno=0
[  111.254049][ T6016] attempt to access beyond end of device
[  111.254049][ T6016] loop3: rw=2049, want=54048, limit=40427
[  111.324895][ T4187] attempt to access beyond end of device
[  111.324895][ T4187] loop3: rw=2049, want=45104, limit=40427
[  111.540269][ T6048] loop0: detected capacity change from 0 to 32768
[  111.830727][ T6048] XFS (loop0): Mounting V5 Filesystem
[  111.917929][ T6105] loop2: detected capacity change from 0 to 1024
[  112.013803][ T6105] hfsplus: request for non-existent node 3 in B*Tree
[  112.014662][ T6048] XFS (loop0): Ending clean mount
[  112.020908][ T6105] hfsplus: request for non-existent node 3 in B*Tree
[  112.028332][ T6048] XFS (loop0): Quotacheck needed: Please wait.
[  112.117165][ T6048] XFS (loop0): Quotacheck: Done.
[  112.280415][ T4189] XFS (loop0): Unmounting Filesystem
[  112.563091][ T6090] loop1: detected capacity change from 0 to 32768
[  112.686989][ T6090] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  112.770496][ T4183] ocfs2: Unmounting device (7,1) on (node local)
[  112.861950][   T21] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  113.005457][ T6130] loop0: detected capacity change from 0 to 40427
[  113.059968][ T6130] F2FS-fs (loop0): Insane cp_payload (553648128 >= 504)
[  113.070775][ T6130] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  113.101685][ T5040] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  113.104743][ T6130] F2FS-fs (loop0): build fault injection attr: rate: 17008, type: 0x1ffff
[  113.129395][ T6130] F2FS-fs (loop0): build fault injection attr: rate: 0, type: 0x1f8
[  113.144757][ T6130] F2FS-fs (loop0): invalid crc value
[  113.173812][ T6130] F2FS-fs (loop0): Found nat_bits in checkpoint
[  113.193120][ T6139] loop3: detected capacity change from 0 to 4096
[  113.231615][ T6130] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  113.233286][ T6139] ntfs: (device loop3): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel.
[  113.246123][ T6130] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  113.296337][   T21] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  113.310258][   T21] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  113.340413][   T21] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  113.352486][ T6139] ntfs: volume version 3.1.
[  113.365138][ T5040] usb 2-1: Using ep0 maxpacket: 8
[  113.371088][   T21] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  113.402252][ T6126] raw-gadget.1 gadget: fail, usb_ep_enable returned -22
[  113.402402][   T26] audit: type=1800 audit(1756462131.052:16): pid=6130 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.733" name="file1" dev="loop0" ino=10 res=0 errno=0
[  113.455206][ T6130] attempt to access beyond end of device
[  113.455206][ T6130] loop0: rw=2049, want=54048, limit=40427
[  113.522273][ T5040] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  113.586574][ T4189] attempt to access beyond end of device
[  113.586574][ T4189] loop0: rw=2049, want=45104, limit=40427
[  113.713738][ T5040] usb 2-1: New USB device found, idVendor=1397, idProduct=00bd, bcdDevice=d2.54
[  113.746804][ T5040] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  113.770863][ T5040] usb 2-1: Product: syz
[  113.781016][ T5040] usb 2-1: Manufacturer: syz
[  113.785967][ T5040] usb 2-1: SerialNumber: syz
[  113.794292][ T5040] usb 2-1: config 0 descriptor??
[  113.848630][ T5040] usb 2-1: invalid MIDI EP
[  113.867536][ T5040] usb 2-1: snd-bcd2000: error during probing
[  113.885701][ T5040] snd-bcd2000: probe of 2-1:0.0 failed with error -22
[  114.049284][ T5040] usb 2-1: USB disconnect, device number 9
[  114.296903][ T6157] loop3: detected capacity change from 0 to 32768
[  114.320943][ T6152] loop4: detected capacity change from 0 to 32768
[  114.394061][ T6157] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  114.397243][ T6167] loop0: detected capacity change from 0 to 4096
[  114.440628][ T6152] XFS (loop4): Mounting V5 Filesystem
[  114.462980][ T6167] ntfs3: loop0: Mark volume as dirty due to NTFS errors
[  114.477832][ T4187] ocfs2: Unmounting device (7,3) on (node local)
[  114.488049][ T6167] ntfs3: loop0: Failed to load $Extend.
[  114.622080][ T6152] XFS (loop4): Ending clean mount
[  114.640763][ T6152] XFS (loop4): Quotacheck needed: Please wait.
[  114.785760][ T6152] XFS (loop4): Quotacheck: Done.
[  114.830051][ T6179] loop1: detected capacity change from 0 to 4096
[  114.912952][ T6179] ntfs: (device loop1): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel.
[  114.941214][ T4192] XFS (loop4): Unmounting Filesystem
[  115.048688][ T6179] ntfs: volume version 3.1.
[  115.259470][ T6195] loop3: detected capacity change from 0 to 16
[  115.277456][ T5041] usb 3-1: USB disconnect, device number 9
[  115.303080][ T6195] erofs: (device loop3): mounted with root inode @ nid 36.
[  115.393711][   T26] audit: type=1800 audit(1756462133.042:17): pid=6195 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.763" name="file2" dev="loop3" ino=89 res=0 errno=0
[  115.588758][ T6205] loop4: detected capacity change from 0 to 4096
[  115.643676][ T6205] ntfs3: loop4: Mark volume as dirty due to NTFS errors
[  115.690572][ T6185] loop0: detected capacity change from 0 to 40427
[  115.718174][ T6205] ntfs3: loop4: Failed to load $Extend.
[  115.740916][ T6185] F2FS-fs (loop0): Insane cp_payload (553648128 >= 504)
[  115.759202][ T6185] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  115.832207][ T6185] F2FS-fs (loop0): build fault injection attr: rate: 17008, type: 0x1ffff
[  115.840773][ T6185] F2FS-fs (loop0): build fault injection attr: rate: 0, type: 0x1f8
[  115.849181][ T6216] loop3: detected capacity change from 0 to 128
[  115.929076][ T6185] F2FS-fs (loop0): invalid crc value
[  115.965790][ T6216] autofs4:pid:6216:autofs_fill_super: called with bogus options
[  115.989240][ T6185] F2FS-fs (loop0): Found nat_bits in checkpoint
[  116.178995][ T6231] netlink: 'syz.3.776': attribute type 30 has an invalid length.
[  116.189193][ T6185] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  116.205925][ T6185] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  116.319072][ T6227] loop4: detected capacity change from 0 to 4096
[  116.329306][   T26] audit: type=1800 audit(1756462133.982:18): pid=6185 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.755" name="file1" dev="loop0" ino=10 res=0 errno=0
[  116.367470][ T6185] attempt to access beyond end of device
[  116.367470][ T6185] loop0: rw=2049, want=54048, limit=40427
[  116.408136][ T4189] attempt to access beyond end of device
[  116.408136][ T4189] loop0: rw=2049, want=45104, limit=40427
[  116.462490][ T6227] ntfs: (device loop4): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel.
[  116.569959][ T6227] ntfs: volume version 3.1.
[  116.809949][ T6219] loop1: detected capacity change from 0 to 32768
[  117.007091][ T6219] XFS (loop1): Mounting V5 Filesystem
[  117.120245][ T6219] XFS (loop1): Ending clean mount
[  117.152113][ T6219] XFS (loop1): Quotacheck needed: Please wait.
[  117.194643][ T6266] loop2: detected capacity change from 0 to 1024
[  117.239282][ T6219] XFS (loop1): Quotacheck: Done.
[  117.288481][ T6266] EXT4-fs (loop2): Ignoring removed nomblk_io_submit option
[  117.299075][ T6266] EXT4-fs (loop2): Quota format mount options ignored when QUOTA feature is enabled
[  117.330286][ T6266] EXT4-fs (loop2): Ignoring removed nomblk_io_submit option
[  117.348609][ T6266] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  117.416222][ T6266] EXT4-fs (loop2): mounted filesystem without journal. Opts: grpquota,sysvgroups,nomblk_io_submit,bsddf,dioread_nolock,jqfmt=vfsv0,nomblk_io_submit,noauto_da_alloc,,errors=continue. Quota mode: writeback.
[  117.453259][ T4183] XFS (loop1): Unmounting Filesystem
[  117.577301][ T6283] loop0: detected capacity change from 0 to 4096
[  117.653937][ T6283] ntfs: (device loop0): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel.
[  117.753421][ T6283] ntfs: volume version 3.1.
[  118.035126][ T6272] loop4: detected capacity change from 0 to 40427
[  118.084482][ T6272] F2FS-fs (loop4): Insane cp_payload (553648128 >= 504)
[  118.091462][ T6272] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  118.157419][ T6272] F2FS-fs (loop4): build fault injection attr: rate: 17008, type: 0x1ffff
[  118.171946][ T6272] F2FS-fs (loop4): build fault injection attr: rate: 0, type: 0x1f8
[  118.207850][ T6272] F2FS-fs (loop4): invalid crc value
[  118.278934][ T6272] F2FS-fs (loop4): Found nat_bits in checkpoint
[  118.286685][ T5041] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  118.416614][ T6272] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  118.423954][ T6272] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  118.439474][ T6313] loop0: detected capacity change from 0 to 128
[  118.505513][   T26] audit: type=1800 audit(1756462136.152:19): pid=6272 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.792" name="file1" dev="loop4" ino=10 res=0 errno=0
[  118.520902][ T6313] autofs4:pid:6313:autofs_fill_super: called with bogus options
[  118.581956][ T5041] usb 4-1: Using ep0 maxpacket: 8
[  118.585278][ T6272] attempt to access beyond end of device
[  118.585278][ T6272] loop4: rw=2049, want=54048, limit=40427
[  118.616833][ T6293] loop2: detected capacity change from 0 to 32768
[  118.646578][ T4192] attempt to access beyond end of device
[  118.646578][ T4192] loop4: rw=2049, want=45104, limit=40427
[  118.673021][ T6293] MetaData crosses page boundary!!
[  118.682102][ T6293] lblock = 631800, size  = 28672
[  118.687108][ T6293] CPU: 1 PID: 6293 Comm: syz.2.802 Not tainted syzkaller #0
[  118.694393][ T6293] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  118.704472][ T6293] Call Trace:
[  118.707763][ T6293]  <TASK>
[  118.710701][ T6293]  dump_stack_lvl+0x168/0x230
[  118.715405][ T6293]  ? show_regs_print_info+0x20/0x20
[  118.720624][ T6293]  ? load_image+0x3b0/0x3b0
[  118.725150][ T6293]  __get_metapage+0xbfa/0x1060
[  118.729928][ T6293]  dtSearch+0x5d5/0x2050
[  118.734215][ T6293]  jfs_lookup+0x152/0x380
[  118.738562][ T6293]  ? jfs_get_parent+0xa0/0xa0
[  118.743269][ T6293]  ? d_alloc_parallel+0x1203/0x12d0
[  118.748496][ T6293]  ? __init_waitqueue_head+0xa5/0x150
[  118.754006][ T6293]  __lookup_slow+0x27d/0x3d0
[  118.758608][ T6293]  ? lookup_one_len+0x2c0/0x2c0
[  118.763492][ T6293]  ? down_read+0x1aa/0x2e0
[  118.767924][ T6293]  lookup_slow+0x53/0x70
[  118.772204][ T6293]  walk_component+0x319/0x460
[  118.776900][ T6293]  path_lookupat+0x169/0x440
[  118.781511][ T6293]  do_o_path+0x94/0x1f0
[  118.785681][ T6293]  ? do_tmpfile+0x370/0x370
[  118.790211][ T6293]  path_openat+0x2954/0x2f30
[  118.794824][ T6293]  ? verify_lock_unused+0x140/0x140
[  118.800032][ T6293]  ? __kasan_slab_alloc+0xb3/0xd0
[  118.805060][ T6293]  ? __kasan_slab_alloc+0x9c/0xd0
[  118.810089][ T6293]  ? slab_post_alloc_hook+0x4c/0x380
[  118.815381][ T6293]  ? verify_lock_unused+0x140/0x140
[  118.820589][ T6293]  ? __x64_sys_open+0x11b/0x140
[  118.825446][ T6293]  ? do_syscall_64+0x4c/0xa0
[  118.830052][ T6293]  ? do_filp_open+0x3e0/0x3e0
[  118.834807][ T6293]  do_filp_open+0x1b3/0x3e0
[  118.839320][ T6293]  ? vfs_tmpfile+0x300/0x300
[  118.843933][ T6293]  ? _raw_spin_unlock+0x24/0x40
[  118.848798][ T6293]  ? alloc_fd+0x598/0x630
[  118.853146][ T6293]  do_sys_openat2+0x142/0x4a0
[  118.857840][ T6293]  ? do_sys_open+0xe0/0xe0
[  118.862274][ T6293]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[  118.868267][ T6293]  ? lock_chain_count+0x20/0x20
[  118.873186][ T6293]  ? vtime_user_exit+0x2dc/0x400
[  118.878137][ T6293]  __x64_sys_open+0x11b/0x140
[  118.882825][ T6293]  do_syscall_64+0x4c/0xa0
[  118.887332][ T6293]  ? clear_bhb_loop+0x30/0x80
[  118.892014][ T6293]  ? clear_bhb_loop+0x30/0x80
[  118.896697][ T6293]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  118.902598][ T6293] RIP: 0033:0x7f9e08de1be9
[  118.907020][ T6293] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  118.926632][ T6293] RSP: 002b:00007f9e07049038 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[  118.935079][ T6293] RAX: ffffffffffffffda RBX: 00007f9e09008fa0 RCX: 00007f9e08de1be9
[  118.943055][ T6293] RDX: 0000000000000011 RSI: 0000000000648500 RDI: 0000200000000080
[  118.951017][ T6293] RBP: 00007f9e08e64e19 R08: 0000000000000000 R09: 0000000000000000
[  118.958973][ T6293] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  118.966929][ T6293] R13: 00007f9e09009038 R14: 00007f9e09008fa0 R15: 00007ffdbd25ff98
[  118.974902][ T6293]  </TASK>
[  118.977971][    C1] vkms_vblank_simulate: vblank timer overrun
[  118.987372][ T5041] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  118.996860][ T6293] bread failed!
[  119.000534][ T6293] jfs_lookup: dtSearch returned -5
[  119.119806][ T6321] loop1: detected capacity change from 0 to 1024
[  119.178223][ T5041] usb 4-1: New USB device found, idVendor=1397, idProduct=00bd, bcdDevice=d2.54
[  119.192647][ T5041] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  119.200676][ T5041] usb 4-1: Product: syz
[  119.210655][ T5041] usb 4-1: Manufacturer: syz
[  119.215413][ T5041] usb 4-1: SerialNumber: syz
[  119.222818][ T5041] usb 4-1: config 0 descriptor??
[  119.237664][ T6321] EXT4-fs (loop1): Ignoring removed nomblk_io_submit option
[  119.268516][ T6321] EXT4-fs (loop1): Quota format mount options ignored when QUOTA feature is enabled
[  119.284943][ T5041] usb 4-1: invalid MIDI EP
[  119.302480][ T5041] usb 4-1: snd-bcd2000: error during probing
[  119.308865][ T5041] snd-bcd2000: probe of 4-1:0.0 failed with error -22
[  119.313055][ T6321] EXT4-fs (loop1): Ignoring removed nomblk_io_submit option
[  119.380240][ T6321] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  119.437241][ T6321] EXT4-fs (loop1): mounted filesystem without journal. Opts: grpquota,sysvgroups,nomblk_io_submit,bsddf,dioread_nolock,jqfmt=vfsv0,nomblk_io_submit,noauto_da_alloc,,errors=continue. Quota mode: writeback.
[  119.543457][ T5041] usb 4-1: USB disconnect, device number 8
[  119.669219][ T6328] loop2: detected capacity change from 0 to 32768
[  119.730342][ T6337] loop1: detected capacity change from 0 to 1024
[  119.848807][ T6328] XFS (loop2): Mounting V5 Filesystem
[  119.880085][ T6326] loop0: detected capacity change from 0 to 40427
[  119.906131][ T6326] F2FS-fs (loop0): invalid crc value
[  119.978019][ T6326] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109)
[  119.988644][ T6337] hfsplus: request for non-existent node 3 in B*Tree
[  120.061100][ T6337] hfsplus: request for non-existent node 3 in B*Tree
[  120.078390][ T6328] XFS (loop2): Ending clean mount
[  120.090839][ T6328] XFS (loop2): Quotacheck needed: Please wait.
[  120.184742][ T6352] loop3: detected capacity change from 0 to 4096
[  120.194950][ T6328] XFS (loop2): Quotacheck: Done.
[  120.252127][ T6326] F2FS-fs (loop0): Cannot turn on quotas: -2 on 0
[  120.273104][ T6326] F2FS-fs (loop0): Start checkpoint disabled!
[  120.318006][ T6326] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6
[  120.347411][ T4191] XFS (loop2): Unmounting Filesystem
[  120.404878][ T6356] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  120.713334][ T6350] loop4: detected capacity change from 0 to 32768
[  120.805223][ T6350] MetaData crosses page boundary!!
[  120.810675][ T6350] lblock = 631800, size  = 28672
[  120.881982][ T6350] CPU: 1 PID: 6350 Comm: syz.4.822 Not tainted syzkaller #0
[  120.889307][ T6350] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  120.899379][ T6350] Call Trace:
[  120.902663][ T6350]  <TASK>
[  120.905600][ T6350]  dump_stack_lvl+0x168/0x230
[  120.910307][ T6350]  ? show_regs_print_info+0x20/0x20
[  120.915511][ T6350]  ? load_image+0x3b0/0x3b0
[  120.920038][ T6350]  __get_metapage+0xbfa/0x1060
[  120.920046][ T6367] loop3: detected capacity change from 0 to 1024
[  120.920079][ T6350]  dtSearch+0x5d5/0x2050
[  120.935386][ T6350]  jfs_lookup+0x152/0x380
[  120.939724][ T6350]  ? jfs_get_parent+0xa0/0xa0
[  120.944422][ T6350]  ? d_alloc_parallel+0x1203/0x12d0
[  120.949639][ T6350]  ? __init_waitqueue_head+0xa5/0x150
[  120.955022][ T6350]  __lookup_slow+0x27d/0x3d0
[  120.959628][ T6350]  ? lookup_one_len+0x2c0/0x2c0
[  120.964498][ T6350]  ? down_read+0x1aa/0x2e0
[  120.968927][ T6350]  lookup_slow+0x53/0x70
[  120.973185][ T6350]  walk_component+0x319/0x460
[  120.977873][ T6350]  path_lookupat+0x169/0x440
[  120.982474][ T6350]  do_o_path+0x94/0x1f0
[  120.986637][ T6350]  ? do_tmpfile+0x370/0x370
[  120.991158][ T6350]  path_openat+0x2954/0x2f30
[  120.995766][ T6350]  ? verify_lock_unused+0x140/0x140
[  121.000981][ T6350]  ? __kasan_slab_alloc+0xb3/0xd0
[  121.006105][ T6350]  ? __kasan_slab_alloc+0x9c/0xd0
[  121.011139][ T6350]  ? slab_post_alloc_hook+0x4c/0x380
[  121.016438][ T6350]  ? verify_lock_unused+0x140/0x140
[  121.021639][ T6350]  ? __x64_sys_open+0x11b/0x140
[  121.026492][ T6350]  ? do_syscall_64+0x4c/0xa0
[  121.031087][ T6350]  ? do_filp_open+0x3e0/0x3e0
[  121.035775][ T6350]  do_filp_open+0x1b3/0x3e0
[  121.040274][ T6350]  ? vfs_tmpfile+0x300/0x300
[  121.044866][ T6350]  ? _raw_spin_unlock+0x24/0x40
[  121.049707][ T6350]  ? alloc_fd+0x598/0x630
[  121.054030][ T6350]  do_sys_openat2+0x142/0x4a0
[  121.058706][ T6350]  ? do_sys_open+0xe0/0xe0
[  121.063110][ T6350]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[  121.069088][ T6350]  ? lock_chain_count+0x20/0x20
[  121.073923][ T6350]  ? vtime_user_exit+0x2dc/0x400
[  121.078936][ T6350]  __x64_sys_open+0x11b/0x140
[  121.083609][ T6350]  do_syscall_64+0x4c/0xa0
[  121.088015][ T6350]  ? clear_bhb_loop+0x30/0x80
[  121.092681][ T6350]  ? clear_bhb_loop+0x30/0x80
[  121.097354][ T6350]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  121.103247][ T6350] RIP: 0033:0x7fbc1d398be9
[  121.107652][ T6350] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  121.127245][ T6350] RSP: 002b:00007fbc1b600038 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[  121.135653][ T6350] RAX: ffffffffffffffda RBX: 00007fbc1d5bffa0 RCX: 00007fbc1d398be9
[  121.143612][ T6350] RDX: 0000000000000011 RSI: 0000000000648500 RDI: 0000200000000080
[  121.151572][ T6350] RBP: 00007fbc1d41be19 R08: 0000000000000000 R09: 0000000000000000
[  121.159530][ T6350] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  121.167484][ T6350] R13: 00007fbc1d5c0038 R14: 00007fbc1d5bffa0 R15: 00007fff2ab23798
[  121.175453][ T6350]  </TASK>
[  121.178562][    C1] vkms_vblank_simulate: vblank timer overrun
[  121.274235][ T6367] EXT4-fs (loop3): Ignoring removed nomblk_io_submit option
[  121.281589][ T6367] EXT4-fs (loop3): Quota format mount options ignored when QUOTA feature is enabled
[  121.397146][ T6367] EXT4-fs (loop3): Ignoring removed nomblk_io_submit option
[  121.441491][ T6367] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  121.456262][ T6350] bread failed!
[  121.460184][ T6350] jfs_lookup: dtSearch returned -5
[  121.518464][ T6367] EXT4-fs (loop3): mounted filesystem without journal. Opts: grpquota,sysvgroups,nomblk_io_submit,bsddf,dioread_nolock,jqfmt=vfsv0,nomblk_io_submit,noauto_da_alloc,,errors=continue. Quota mode: writeback.
[  121.771908][   T13] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  121.957040][ T6374] loop2: detected capacity change from 0 to 40427
[  121.995083][ T6374] F2FS-fs (loop2): Insane cp_payload (553648128 >= 504)
[  122.005526][ T6374] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  122.014062][ T6374] F2FS-fs (loop2): build fault injection attr: rate: 17008, type: 0x1ffff
[  122.022852][ T6374] F2FS-fs (loop2): build fault injection attr: rate: 0, type: 0x1f8
[  122.057018][ T6374] F2FS-fs (loop2): invalid crc value
[  122.102666][ T6374] F2FS-fs (loop2): Found nat_bits in checkpoint
[  122.142336][   T13] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  122.173661][   T13] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  122.201983][   T13] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  122.221250][   T13] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  122.261552][ T6374] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  122.270432][ T6402] loop3: detected capacity change from 0 to 64
[  122.277159][ T6380] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  122.293587][ T6374] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  122.359248][ T6388] loop1: detected capacity change from 0 to 40427
[  122.424475][   T26] audit: type=1800 audit(1756462140.072:20): pid=6374 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.831" name="file1" dev="loop2" ino=10 res=0 errno=0
[  122.443476][ T6374] attempt to access beyond end of device
[  122.443476][ T6374] loop2: rw=2049, want=54048, limit=40427
[  122.505948][ T4191] attempt to access beyond end of device
[  122.505948][ T4191] loop2: rw=2049, want=45104, limit=40427
[  122.507640][ T6388] F2FS-fs (loop1): invalid crc value
[  122.596332][ T6388] F2FS-fs (loop1): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109)
[  122.777978][ T6388] F2FS-fs (loop1): Cannot turn on quotas: -2 on 0
[  122.788817][ T6388] F2FS-fs (loop1): Start checkpoint disabled!
[  122.809691][ T6388] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[  123.301967][ T5040] usb 3-1: new full-speed USB device number 10 using dummy_hcd
[  123.712214][ T5040] usb 3-1: config 0 interface 0 altsetting 96 endpoint 0x81 has invalid maxpacket 1024, setting to 64
[  123.723339][ T5040] usb 3-1: config 0 interface 0 altsetting 96 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  123.736496][ T5040] usb 3-1: config 0 interface 0 has no altsetting 0
[  123.743287][ T5040] usb 3-1: New USB device found, idVendor=056a, idProduct=0333, bcdDevice= 0.00
[  123.745313][ T4294] usb 1-1: USB disconnect, device number 8
[  123.752699][ T5040] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  123.770078][ T5040] usb 3-1: config 0 descriptor??
[  123.802245][ T6416] raw-gadget.2 gadget: fail, usb_ep_enable returned -22
[  124.259304][ T5040] wacom 0003:056A:0333.000B: hidraw0: USB HID v0.01 Device [HID 056a:0333] on usb-dummy_hcd.2-1/input0
[  124.320926][ T6421] loop1: detected capacity change from 0 to 2048
[  124.399695][ T6426] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  124.522335][ T5040] usb 3-1: USB disconnect, device number 10
[  124.847756][ T6422] loop3: detected capacity change from 0 to 32768
[  124.862304][ T6440] loop1: detected capacity change from 0 to 4096
[  124.868377][ T6422] BTRFS: device fsid e0cb6322-611b-4325-acdf-015f79de3787 devid 1 transid 8 /dev/loop3 scanned by syz.3.853 (6422)
[  124.912504][ T6440] ntfs: (device loop1): check_mft_mirror(): $MFT and $MFTMirr (record 1) do not match.  Run ntfsfix or chkdsk.
[  124.947319][ T6422] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm
[  124.981927][ T6422] BTRFS info (device loop3): using free space tree
[  124.997712][ T6422] BTRFS info (device loop3): has skinny extents
[  125.005168][ T6440] ntfs: (device loop1): load_system_files(): $MFTMirr does not match $MFT.  Mounting read-only.  Run ntfsfix and/or chkdsk.
[  125.028978][ T6444] loop0: detected capacity change from 0 to 8192
[  125.102470][ T6440] ntfs: (device loop1): ntfs_read_locked_inode(): First extent of $DATA attribute has non zero lowest_vcn.
[  125.125616][ T6455] loop4: detected capacity change from 0 to 2048
[  125.134474][ T6440] ntfs: (device loop1): ntfs_read_locked_inode(): Failed with error code -5.  Marking corrupt inode 0xa as bad.  Run chkdsk.
[  125.148373][ T6440] ntfs: (device loop1): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default.
[  125.252107][ T6440] ntfs: volume version 3.1.
[  125.288509][ T6464] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  125.334230][ T6440] ntfs: (device loop1): ntfs_check_logfile(): Did not find any restart pages in $LogFile and it was not empty.
[  125.409399][ T6440] ntfs: (device loop1): load_system_files(): Failed to load $LogFile.  Will not be able to remount read-write.  Mount in Windows.
[  125.427807][ T6440] ntfs: (device loop1): ntfs_lookup_inode_by_name(): Index entry out of bounds in directory inode 0x5.
[  125.444392][ T6440] ntfs: (device loop1): check_windows_hibernation_status(): Failed to find inode number for hiberfil.sys.
[  125.574475][ T6422] BTRFS info (device loop3): enabling ssd optimizations
[  125.813545][ T6492] loop1: detected capacity change from 0 to 64
[  125.822084][ T5040] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  125.843614][ T4294] usb 1-1: new full-speed USB device number 9 using dummy_hcd
[  125.868653][ T4175] BTRFS: device fsid e0cb6322-611b-4325-acdf-015f79de3787 devid 1 transid 9 /dev/loop3 scanned by udevd (4175)
[  126.203185][ T4294] usb 1-1: config 0 interface 0 altsetting 96 endpoint 0x81 has invalid maxpacket 1024, setting to 64
[  126.228961][ T4294] usb 1-1: config 0 interface 0 altsetting 96 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  126.252222][ T5040] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  126.264400][ T4294] usb 1-1: config 0 interface 0 has no altsetting 0
[  126.271038][ T5040] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  126.289619][ T5040] usb 3-1: config 0 descriptor??
[  126.297193][ T4294] usb 1-1: New USB device found, idVendor=056a, idProduct=0333, bcdDevice= 0.00
[  126.322360][ T4294] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  126.343683][ T5040] cp210x 3-1:0.0: cp210x converter detected
[  126.358358][ T4294] usb 1-1: config 0 descriptor??
[  126.385611][ T6518] loop3: detected capacity change from 0 to 2048
[  126.392444][ T6484] raw-gadget.1 gadget: fail, usb_ep_enable returned -22
[  126.418010][ T6516] loop1: detected capacity change from 0 to 8192
[  126.529188][ T6519] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  126.590318][ T6512] loop4: detected capacity change from 0 to 40427
[  126.615550][ T6512] F2FS-fs (loop4): invalid crc value
[  126.632152][ T6512] F2FS-fs (loop4): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109)
[  126.734448][ T6512] F2FS-fs (loop4): Cannot turn on quotas: -2 on 0
[  126.741367][ T6512] F2FS-fs (loop4): Start checkpoint disabled!
[  126.758432][ T6512] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6
[  126.864029][ T4294] wacom 0003:056A:0333.000C: hidraw0: USB HID v0.01 Device [HID 056a:0333] on usb-dummy_hcd.0-1/input0
[  126.919241][ T6527] loop3: detected capacity change from 0 to 4096
[  126.982163][ T5040] cp210x 3-1:0.0: failed to get vendor val 0x3711 size 2: -71
[  126.989787][ T5040] cp210x 3-1:0.0: GPIO initialisation failed: -71
[  126.999009][ T5040] usb 3-1: cp210x converter now attached to ttyUSB0
[  127.022445][ T6527] ntfs: volume version 3.1.
[  127.038901][ T5040] usb 3-1: USB disconnect, device number 11
[  127.054972][ T5040] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  127.076014][ T6506] usb 1-1: USB disconnect, device number 9
[  127.100399][ T5040] cp210x 3-1:0.0: device disconnected
[  127.112026][ T1108] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  127.382117][ T1108] usb 2-1: Using ep0 maxpacket: 16
[  127.400981][ T6539] loop3: detected capacity change from 0 to 64
[  127.508057][ T6541] loop2: detected capacity change from 0 to 256
[  127.514881][ T1108] usb 2-1: config 0 has an invalid interface number: 180 but max is 0
[  127.535789][ T1108] usb 2-1: config 0 has no interface number 0
[  127.546824][ T6535] loop4: detected capacity change from 0 to 32768
[  127.732228][ T1108] usb 2-1: New USB device found, idVendor=1b80, idProduct=d3b2, bcdDevice=54.40
[  127.742608][ T1108] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  127.750613][ T1108] usb 2-1: Product: syz
[  127.818036][ T1108] usb 2-1: Manufacturer: syz
[  127.833481][ T1108] usb 2-1: SerialNumber: syz
[  127.840246][ T1108] usb 2-1: config 0 descriptor??
[  127.873329][ T6547] loop2: detected capacity change from 0 to 8192
[  128.069650][ T6554] loop0: detected capacity change from 0 to 4096
[  128.102419][ T6559] loop3: detected capacity change from 0 to 512
[  128.177606][ T6554] __ntfs_error: 23 callbacks suppressed
[  128.177632][ T6554] ntfs: (device loop0): check_mft_mirror(): $MFT and $MFTMirr (record 1) do not match.  Run ntfsfix or chkdsk.
[  128.211702][ T6559] EXT4-fs (loop3): mounted filesystem without journal. Opts: quota,barrier=0x0000000000001000,grpjquota=,norecovery,dioread_lock,,errors=continue. Quota mode: writeback.
[  128.221041][ T6554] ntfs: (device loop0): load_system_files(): $MFTMirr does not match $MFT.  Mounting read-only.  Run ntfsfix and/or chkdsk.
[  128.252077][ T6559] ext4 filesystem being mounted at /209/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  128.271548][ T6554] ntfs: (device loop0): ntfs_read_locked_inode(): First extent of $DATA attribute has non zero lowest_vcn.
[  128.291861][ T6554] ntfs: (device loop0): ntfs_read_locked_inode(): Failed with error code -5.  Marking corrupt inode 0xa as bad.  Run chkdsk.
[  128.294028][ T6569] loop4: detected capacity change from 0 to 64
[  128.312399][ T6554] ntfs: (device loop0): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default.
[  128.335456][ T6554] ntfs: volume version 3.1.
[  128.351652][ T6554] ntfs: (device loop0): ntfs_check_logfile(): Did not find any restart pages in $LogFile and it was not empty.
[  128.363958][ T6554] ntfs: (device loop0): load_system_files(): Failed to load $LogFile.  Will not be able to remount read-write.  Mount in Windows.
[  128.378246][ T6554] ntfs: (device loop0): ntfs_lookup_inode_by_name(): Index entry out of bounds in directory inode 0x5.
[  128.391224][ T6554] ntfs: (device loop0): check_windows_hibernation_status(): Failed to find inode number for hiberfil.sys.
[  128.408079][ T6554] ntfs: (device loop0): load_system_files(): Failed to determine if Windows is hibernated.  Will not be able to remount read-write.  Run chkdsk.
[  128.619052][ T6579] loop4: detected capacity change from 0 to 256
[  128.688410][ T6578] loop2: detected capacity change from 0 to 4096
[  128.756466][ T6578] ntfs: volume version 3.1.
[  128.782057][ T4294] usb 4-1: new full-speed USB device number 9 using dummy_hcd
[  129.084487][ T6588] loop2: detected capacity change from 0 to 32768
[  129.142135][ T4294] usb 4-1: config 0 interface 0 altsetting 96 endpoint 0x81 has invalid maxpacket 1024, setting to 64
[  129.153496][ T4294] usb 4-1: config 0 interface 0 altsetting 96 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  129.166623][ T4294] usb 4-1: config 0 interface 0 has no altsetting 0
[  129.173397][ T4294] usb 4-1: New USB device found, idVendor=056a, idProduct=0333, bcdDevice= 0.00
[  129.182674][ T4294] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  129.192408][ T4294] usb 4-1: config 0 descriptor??
[  129.212620][ T6573] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  129.677481][ T4294] wacom 0003:056A:0333.000D: hidraw0: USB HID v0.01 Device [HID 056a:0333] on usb-dummy_hcd.3-1/input0
[  129.786996][ T1108] usb 2-1: USB disconnect, device number 10
[  129.884302][ T4294] usb 4-1: USB disconnect, device number 9
[  130.437019][ T6593] syz.2.916 uses old SIOCAX25GETINFO
[  130.635826][ T6598] loop3: detected capacity change from 0 to 8192
[  130.736133][ T6615] netlink: 12 bytes leftover after parsing attributes in process `syz.0.927'.
[  131.005846][ T6633] loop2: detected capacity change from 0 to 128
[  131.130048][ T6633] FAT-fs (loop2): Invalid FSINFO signature: 0x00fffff8, 0x00000000 (sector = 1)
[  131.194448][ T4294] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  131.228530][ T6647] netlink: 12 bytes leftover after parsing attributes in process `syz.3.941'.
[  131.345495][ T6656] loop2: detected capacity change from 0 to 164
[  131.388880][ T6656] ISOFS: unable to read i-node block
[  131.395075][ T6656] ISOFS: root inode is unusable. Disabling Rock Ridge and switching to Joliet.
[  131.562050][ T4294] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  131.571321][ T4294] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  131.584215][ T4294] usb 2-1: config 0 descriptor??
[  131.624667][ T4294] cp210x 2-1:0.0: cp210x converter detected
[  131.931287][ T6661] loop4: detected capacity change from 0 to 8192
[  132.176937][ T6679] loop3: detected capacity change from 0 to 128
[  132.201195][ T6679] FAT-fs (loop3): Invalid FSINFO signature: 0x00fffff8, 0x00000000 (sector = 1)
[  132.282171][ T4294] cp210x 2-1:0.0: failed to get vendor val 0x3711 size 2: -71
[  132.289705][ T4294] cp210x 2-1:0.0: GPIO initialisation failed: -71
[  132.336668][ T6681] loop4: detected capacity change from 0 to 4096
[  132.349082][ T6683] netlink: 12 bytes leftover after parsing attributes in process `syz.2.956'.
[  132.358841][ T4294] usb 2-1: cp210x converter now attached to ttyUSB0
[  132.393976][ T4294] usb 2-1: USB disconnect, device number 11
[  132.424050][ T4294] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  132.449172][ T4294] cp210x 2-1:0.0: device disconnected
[  132.478169][ T6681] ntfs: volume version 3.1.
[  132.610920][ T6665] loop0: detected capacity change from 0 to 32768
[  132.620721][ T1422] ieee802154 phy0 wpan0: encryption failed: -22
[  132.627065][ T1422] ieee802154 phy1 wpan1: encryption failed: -22
[  132.659250][ T6688] loop2: detected capacity change from 0 to 8192
[  132.710845][ T6688] REISERFS (device loop2): found reiserfs format "3.5" with non-standard journal
[  132.758151][ T6688] REISERFS (device loop2): using ordered data mode
[  132.765980][ T6688] reiserfs: using flush barriers
[  132.812578][ T6688] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  132.966953][ T6708] loop3: detected capacity change from 0 to 512
[  132.973752][ T6688] REISERFS (device loop2): checking transaction log (loop2)
[  132.987364][ T6688] REISERFS (device loop2): Using tea hash to sort names
[  133.004109][ T6688] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage.
[  133.073800][ T6710] loop0: detected capacity change from 0 to 128
[  133.126231][ T6708] EXT4-fs (loop3): mounted filesystem without journal. Opts: errors=remount-ro,delalloc,bsdgroups,. Quota mode: writeback.
[  133.151946][ T4294] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  133.196650][ T6710] FAT-fs (loop0): Invalid FSINFO signature: 0x00fffff8, 0x00000000 (sector = 1)
[  133.213375][ T6708] ext4 filesystem being mounted at /224/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  133.291288][ T6702] loop4: detected capacity change from 0 to 32768
[  133.370128][ T6702] XFS (loop4): Mounting V5 Filesystem
[  133.408564][ T6721] loop0: detected capacity change from 0 to 256
[  133.422238][ T4294] usb 2-1: Using ep0 maxpacket: 8
[  133.542068][ T4294] usb 2-1: config 0 has an invalid interface number: 31 but max is 0
[  133.550175][ T4294] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  133.561614][ T6702] XFS (loop4): Ending clean mount
[  133.600931][ T6729] loop2: detected capacity change from 0 to 8192
[  133.606965][ T6721] FAT-fs (loop0): Directory bread(block 64) failed
[  133.638601][ T4294] usb 2-1: config 0 has no interface number 0
[  133.648245][ T6721] FAT-fs (loop0): Directory bread(block 65) failed
[  133.681778][ T6721] FAT-fs (loop0): Directory bread(block 66) failed
[  133.731114][ T6721] FAT-fs (loop0): Directory bread(block 67) failed
[  133.752122][   T26] kauditd_printk_skb: 14 callbacks suppressed
[  133.752137][   T26] audit: type=1800 audit(1756462151.392:21): pid=6702 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.969" name="bus" dev="loop4" ino=4425 res=0 errno=0
[  133.795514][ T6721] FAT-fs (loop0): Directory bread(block 68) failed
[  133.827808][ T6721] FAT-fs (loop0): Directory bread(block 69) failed
[  133.838074][ T4294] usb 2-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16
[  133.862877][ T4294] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  133.870880][ T4294] usb 2-1: Product: syz
[  133.879584][ T6721] FAT-fs (loop0): Directory bread(block 70) failed
[  133.898928][ T6721] FAT-fs (loop0): Directory bread(block 71) failed
[  133.906011][ T4294] usb 2-1: Manufacturer: syz
[  133.910620][ T4294] usb 2-1: SerialNumber: syz
[  133.915842][ T6721] FAT-fs (loop0): Directory bread(block 72) failed
[  133.926613][ T4294] usb 2-1: config 0 descriptor??
[  133.931754][ T6721] FAT-fs (loop0): Directory bread(block 73) failed
[  133.953685][ T4192] XFS (loop4): Unmounting Filesystem
[  133.963995][ T4294] usb 2-1: Found UVC 0.00 device syz (046d:08c3)
[  133.970703][ T4294] usb 2-1: No valid video chain found.
[  134.111478][ T6741] netlink: 12 bytes leftover after parsing attributes in process `syz.2.989'.
[  134.175329][ T5040] usb 2-1: USB disconnect, device number 12
[  134.425265][ T6755] loop0: detected capacity change from 0 to 512
[  134.548627][ T6755] EXT4-fs (loop0): mounted filesystem without journal. Opts: errors=remount-ro,delalloc,bsdgroups,. Quota mode: writeback.
[  134.548725][ T6755] ext4 filesystem being mounted at /176/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  134.841241][ T6778] netlink: 'syz.0.993': attribute type 2 has an invalid length.
[  134.893388][ T6781] netlink: 12 bytes leftover after parsing attributes in process `syz.3.998'.
[  135.030662][ T6794] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1000'.
[  135.060113][ T6794] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1000'.
[  135.079880][ T6788] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1000'.
[  135.165103][ T6803] loop1: detected capacity change from 0 to 512
[  135.252057][ T6807] netlink: 'syz.3.1008': attribute type 2 has an invalid length.
[  135.280551][ T6803] EXT4-fs (loop1): mounted filesystem without journal. Opts: errors=remount-ro,delalloc,bsdgroups,. Quota mode: writeback.
[  135.322110][ T6803] ext4 filesystem being mounted at /188/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  135.626604][ T6826] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1013'.
[  135.761678][ T6830] loop3: detected capacity change from 0 to 8192
[  135.800311][ T6815] loop0: detected capacity change from 0 to 32768
[  135.842895][ T6815] 
[  135.842895][ T6815]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  135.842895][ T6815] 
[  135.861070][ T6815] ERROR: (device loop0): diWrite: ixpxd invalid
[  135.861070][ T6815] 
[  135.888536][ T6815] ERROR: (device loop0): txCommit: 
[  135.888536][ T6815] 
[  136.019472][ T4189] 
[  136.019472][ T4189]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  136.019472][ T4189] 
[  136.057245][ T4189] 
[  136.057245][ T4189]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  136.057245][ T4189] 
[  136.245761][ T6847] netlink: 'syz.2.1023': attribute type 2 has an invalid length.
[  136.400169][ T6852] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1027'.
[  136.459612][ T6836] loop1: detected capacity change from 0 to 32768
[  136.523678][ T6861] loop3: detected capacity change from 0 to 8
[  136.561548][ T6836] XFS (loop1): Mounting V5 Filesystem
[  136.576730][ T6869] comedi comedi3: 8255: I/O port conflict (0x5,4)
[  136.604163][ T6861] SQUASHFS error: Unable to read directory block [631:26]
[  136.618009][ T6864] loop0: detected capacity change from 0 to 8192
[  136.624938][ T6869] comedi comedi3: 8255: I/O port conflict (0x2,4)
[  136.647005][ T6869] comedi comedi3: 8255: I/O port conflict (0x1,4)
[  136.658857][ T6869] comedi comedi3: 8255: I/O port conflict (0x5c95239c,4)
[  136.666074][ T6869] comedi comedi3: 8255: I/O port conflict (0x5,4)
[  136.671590][ T6836] XFS (loop1): Ending clean mount
[  136.674436][ T6869] comedi comedi3: 8255: I/O port conflict (0x3ff,4)
[  136.687508][ T6869] comedi comedi3: 8255: I/O port conflict (0x1,4)
[  136.695930][ T6869] comedi comedi3: 8255: I/O port conflict (0x2,4)
[  136.702592][ T6869] comedi comedi3: 8255: I/O port conflict (0x9,4)
[  136.709145][ T6869] comedi comedi3: 8255: I/O port conflict (0x6,4)
[  136.715698][ T6869] comedi comedi3: 8255: I/O port conflict (0x4,4)
[  136.722267][ T6869] comedi comedi3: 8255: I/O port conflict (0x3,4)
[  136.731973][ T6869] comedi comedi3: 8255: I/O port conflict (0xffffffff80000089,4)
[  136.739803][ T6869] comedi comedi3: 8255: I/O port conflict (0xfffffffffffffffe,4)
[  136.777267][ T6869] comedi comedi3: 8255: I/O port conflict (0xa,4)
[  136.847728][   T26] audit: type=1800 audit(1756462154.492:22): pid=6836 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1030" name="bus" dev="loop1" ino=4425 res=0 errno=0
[  136.881989][ T6869] comedi comedi3: 8255: I/O port conflict (0xfffffffffffffff5,4)
[  136.909291][ T6869] comedi comedi3: 8255: I/O port conflict (0xffffffffffffcadb,4)
[  136.915771][ T4183] XFS (loop1): Unmounting Filesystem
[  136.939791][ T6869] comedi comedi3: 8255: I/O port conflict (0x3,4)
[  137.575134][ T6911] loop4: detected capacity change from 0 to 256
[  137.587242][ T6903] loop1: detected capacity change from 0 to 8192
[  137.695926][ T6911] FAT-fs (loop4): Directory bread(block 64) failed
[  137.732341][ T6911] FAT-fs (loop4): Directory bread(block 65) failed
[  137.771749][ T6911] FAT-fs (loop4): Directory bread(block 66) failed
[  137.802708][ T6923] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1059'.
[  137.814921][ T6911] FAT-fs (loop4): Directory bread(block 67) failed
[  137.821567][ T6911] FAT-fs (loop4): Directory bread(block 68) failed
[  137.878176][ T6911] FAT-fs (loop4): Directory bread(block 69) failed
[  137.926111][ T6911] FAT-fs (loop4): Directory bread(block 70) failed
[  137.967644][ T6911] FAT-fs (loop4): Directory bread(block 71) failed
[  138.001969][ T6911] FAT-fs (loop4): Directory bread(block 72) failed
[  138.008534][ T6911] FAT-fs (loop4): Directory bread(block 73) failed
[  138.047506][ T6927] loop0: detected capacity change from 0 to 8192
[  138.101911][ T6506] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  138.140762][ T6938] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1065'.
[  138.176594][ T6938] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1065'.
[  138.188011][ T6935] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1065'.
[  138.447483][ T6946] tipc: Enabled bearer <eth:vlan0>, priority 10
[  138.472158][ T6506] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  138.498059][ T6506] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  138.517687][ T6506] usb 3-1: config 1 has no interface number 1
[  138.535364][ T6506] usb 3-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0
[  138.628335][ T6506] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x6 has an invalid bInterval 0, changing to 7
[  138.639521][ T6956] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1073'.
[  138.732422][ T6964] loop3: detected capacity change from 0 to 256
[  138.822236][ T6506] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  138.825809][ T6964] exFAT-fs (loop3): failed to load upcase table (idx : 0x000102ea, chksum : 0x657c5c7e, utbl_chksum : 0xe619d30d)
[  138.853976][ T6506] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  138.881899][ T6506] usb 3-1: Product: syz
[  138.886120][ T6506] usb 3-1: Manufacturer: syz
[  138.890710][ T6506] usb 3-1: SerialNumber: syz
[  138.916318][ T6964] exFAT-fs (loop3): error, tried to truncate zeroed cluster.
[  138.958177][ T6974] comedi comedi3: 8255: I/O port conflict (0x5,4)
[  138.972047][ T6964] exFAT-fs (loop3): Filesystem has been set read-only
[  138.982434][ T6926] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  139.003860][ T6974] comedi comedi3: 8255: I/O port conflict (0x2,4)
[  139.028940][ T6974] comedi comedi3: 8255: I/O port conflict (0x1,4)
[  139.049249][ T6974] comedi comedi3: 8255: I/O port conflict (0x5c95239c,4)
[  139.112599][ T6974] comedi comedi3: 8255: I/O port conflict (0x5,4)
[  139.160557][ T6984] loop4: detected capacity change from 0 to 8
[  139.172585][ T6974] comedi comedi3: 8255: I/O port conflict (0x3ff,4)
[  139.195648][ T6974] comedi comedi3: 8255: I/O port conflict (0x1,4)
[  139.212001][ T6974] comedi comedi3: 8255: I/O port conflict (0x2,4)
[  139.219887][ T6974] comedi comedi3: 8255: I/O port conflict (0x9,4)
[  139.219961][ T6974] comedi comedi3: 8255: I/O port conflict (0x6,4)
[  139.219992][ T6974] comedi comedi3: 8255: I/O port conflict (0x4,4)
[  139.220025][ T6974] comedi comedi3: 8255: I/O port conflict (0x3,4)
[  139.220079][ T6974] comedi comedi3: 8255: I/O port conflict (0xffffffff80000089,4)
[  139.220112][ T6974] comedi comedi3: 8255: I/O port conflict (0xfffffffffffffffe,4)
[  139.220144][ T6974] comedi comedi3: 8255: I/O port conflict (0xa,4)
[  139.220173][ T6974] comedi comedi3: 8255: I/O port conflict (0xfffffffffffffff5,4)
[  139.220207][ T6974] comedi comedi3: 8255: I/O port conflict (0xffffffffffffcadb,4)
[  139.220237][ T6974] comedi comedi3: 8255: I/O port conflict (0x3,4)
[  139.292090][ T6984] SQUASHFS error: Unable to read directory block [631:26]
[  139.322129][ T6506] usb 3-1: 2:1 : no or invalid class specific endpoint descriptor
[  139.322346][ T6506] usb 3-1: 2:1 : no or invalid class specific endpoint descriptor
[  139.447075][ T6506] usb 3-1: USB disconnect, device number 12
[  139.753108][ T4313] udevd[4313]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  139.802572][ T7020] comedi comedi3: 8255: I/O port conflict (0x5,4)
[  139.809032][ T7020] comedi comedi3: 8255: I/O port conflict (0x2,4)
[  139.824677][ T7020] comedi comedi3: 8255: I/O port conflict (0x1,4)
[  139.842015][ T7020] comedi comedi3: 8255: I/O port conflict (0x5c95239c,4)
[  139.849075][ T7020] comedi comedi3: 8255: I/O port conflict (0x5,4)
[  139.861942][ T7020] comedi comedi3: 8255: I/O port conflict (0x3ff,4)
[  139.883531][ T7020] comedi comedi3: 8255: I/O port conflict (0x1,4)
[  139.890172][ T7020] comedi comedi3: 8255: I/O port conflict (0x2,4)
[  139.896803][ T7020] comedi comedi3: 8255: I/O port conflict (0x9,4)
[  139.904093][ T7020] comedi comedi3: 8255: I/O port conflict (0x6,4)
[  139.910633][ T7020] comedi comedi3: 8255: I/O port conflict (0x4,4)
[  139.917673][ T7020] comedi comedi3: 8255: I/O port conflict (0x3,4)
[  139.924309][ T7020] comedi comedi3: 8255: I/O port conflict (0xffffffff80000089,4)
[  139.932271][ T7020] comedi comedi3: 8255: I/O port conflict (0xfffffffffffffffe,4)
[  139.940117][ T7020] comedi comedi3: 8255: I/O port conflict (0xa,4)
[  139.946780][ T7020] comedi comedi3: 8255: I/O port conflict (0xfffffffffffffff5,4)
[  139.954692][ T7020] comedi comedi3: 8255: I/O port conflict (0xffffffffffffcadb,4)
[  139.962898][ T7020] comedi comedi3: 8255: I/O port conflict (0x3,4)
[  140.085913][ T5040] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  140.266771][ T7022] loop4: detected capacity change from 0 to 32768
[  140.302266][ T7022] ERROR: (device loop4): dbAllocAG: unable to allocate blocks
[  140.302266][ T7022] 
[  140.322080][ T7022] ERROR: (device loop4): remounting filesystem as read-only
[  140.329474][ T7022] ERROR: (device loop4): dbDiscardAG: -EIO
[  140.329474][ T7022] 
[  140.351881][ T5040] usb 4-1: Using ep0 maxpacket: 8
[  140.492234][ T5040] usb 4-1: config 0 has an invalid interface number: 31 but max is 0
[  140.500368][ T5040] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  140.525781][ T5040] usb 4-1: config 0 has no interface number 0
[  140.530049][ T7049] PKCS8: Unsupported PKCS#8 version
[  140.698139][ T7053] loop4: detected capacity change from 0 to 64
[  140.742069][ T5040] usb 4-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16
[  140.757904][ T5040] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  140.791950][ T5040] usb 4-1: Product: syz
[  140.802366][ T5040] usb 4-1: Manufacturer: syz
[  140.806985][ T5040] usb 4-1: SerialNumber: syz
[  140.824788][ T7039] loop1: detected capacity change from 0 to 32768
[  140.854724][ T5040] usb 4-1: config 0 descriptor??
[  140.895005][ T5040] usb 4-1: Found UVC 0.00 device syz (046d:08c3)
[  140.901416][ T5040] usb 4-1: No valid video chain found.
[  140.911900][ T7039] 
[  140.911900][ T7039]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  140.911900][ T7039] 
[  140.980897][ T7039] ERROR: (device loop1): diWrite: ixpxd invalid
[  140.980897][ T7039] 
[  141.044247][ T7062] loop0: detected capacity change from 0 to 256
[  141.048697][ T7039] ERROR: (device loop1): txCommit: 
[  141.048697][ T7039] 
[  141.096288][ T7062] exFAT-fs (loop0): failed to load upcase table (idx : 0x000102ea, chksum : 0x657c5c7e, utbl_chksum : 0xe619d30d)
[  141.145394][ T5040] usb 4-1: USB disconnect, device number 10
[  141.196527][ T7062] exFAT-fs (loop0): error, tried to truncate zeroed cluster.
[  141.219682][ T4183] 
[  141.219682][ T4183]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  141.219682][ T4183] 
[  141.240791][ T7062] exFAT-fs (loop0): Filesystem has been set read-only
[  141.263394][ T7045] loop2: detected capacity change from 0 to 32768
[  141.266510][ T4183] 
[  141.266510][ T4183]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  141.266510][ T4183] 
[  141.328531][ T7045] (syz.2.1116,7045,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  141.358933][ T7045] (syz.2.1116,7045,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  141.432629][ T7045] JBD2: Ignoring recovery information on journal
[  141.525541][ T7045] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[  141.598165][ T7045] 
[  141.600519][ T7045] ======================================================
[  141.607526][ T7045] WARNING: possible circular locking dependency detected
[  141.614624][ T7045] syzkaller #0 Not tainted
[  141.619012][ T7045] ------------------------------------------------------
[  141.626001][ T7045] syz.2.1116/7045 is trying to acquire lock:
[  141.631954][ T7045] ffff88805c744650 (sb_internal#2){.+.+}-{0:0}, at: ocfs2_acquire_dquot+0x677/0xaf0
[  141.641356][ T7045] 
[  141.641356][ T7045] but task is already holding lock:
[  141.648694][ T7045] ffff8880704cb120 (&ocfs2_quota_ip_alloc_sem_key){++++}-{3:3}, at: ocfs2_lock_global_qf+0x1e5/0x270
[  141.659551][ T7045] 
[  141.659551][ T7045] which lock already depends on the new lock.
[  141.659551][ T7045] 
[  141.669946][ T7045] 
[  141.669946][ T7045] the existing dependency chain (in reverse order) is:
[  141.678939][ T7045] 
[  141.678939][ T7045] -> #6 (&ocfs2_quota_ip_alloc_sem_key){++++}-{3:3}:
[  141.687772][ T7045]        down_write+0x38/0x60
[  141.692455][ T7045]        ocfs2_lock_global_qf+0x1e5/0x270
[  141.698151][ T7045]        ocfs2_acquire_dquot+0x29d/0xaf0
[  141.703760][ T7045]        dqget+0x778/0xeb0
[  141.708211][ T7045]        dquot_set_dqblk+0x27/0xf90
[  141.713400][ T7045]        quota_setquota+0x4ac/0x530
[  141.718593][ T7045]        __se_sys_quotactl+0x295/0x6c0
[  141.724032][ T7045]        do_syscall_64+0x4c/0xa0
[  141.728949][ T7045]        entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  141.735344][ T7045] 
[  141.735344][ T7045] -> #5 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#6){+.+.}-{3:3}:
[  141.745833][ T7045]        down_write+0x38/0x60
[  141.750491][ T7045]        ocfs2_lock_global_qf+0x1c7/0x270
[  141.756189][ T7045]        ocfs2_acquire_dquot+0x29d/0xaf0
[  141.761799][ T7045]        dqget+0x778/0xeb0
[  141.766211][ T7045]        dquot_set_dqblk+0x27/0xf90
[  141.771381][ T7045]        quota_setquota+0x4ac/0x530
[  141.776588][ T7045]        __se_sys_quotactl+0x295/0x6c0
[  141.782026][ T7045]        do_syscall_64+0x4c/0xa0
[  141.786939][ T7045]        entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  141.793340][ T7045] 
[  141.793340][ T7045] -> #4 (&dquot->dq_lock){+.+.}-{3:3}:
[  141.800953][ T7045]        __mutex_lock_common+0x1eb/0x2390
[  141.806655][ T7045]        mutex_lock_nested+0x17/0x20
[  141.811933][ T7045]        dquot_commit+0x5a/0x410
[  141.816848][ T7045]        ext4_write_dquot+0x1f0/0x360
[  141.822197][ T7045]        mark_all_dquot_dirty+0xf9/0x400
[  141.827809][ T7045]        __dquot_free_space+0x7ca/0xb90
[  141.833331][ T7045]        ext4_free_blocks+0x1af5/0x2480
[  141.838870][ T7045]        ext4_ext_remove_space+0x22c4/0x43a0
[  141.844830][ T7045]        ext4_ext_truncate+0x192/0x240
[  141.850274][ T7045]        ext4_truncate+0x9f1/0x10d0
[  141.855452][ T7045]        ext4_setattr+0xffe/0x19e0
[  141.860549][ T7045]        notify_change+0xbcd/0xee0
[  141.865666][ T7045]        do_truncate+0x197/0x220
[  141.870586][ T7045]        path_openat+0x28af/0x2f30
[  141.875689][ T7045]        do_filp_open+0x1b3/0x3e0
[  141.880699][ T7045]        do_sys_openat2+0x142/0x4a0
[  141.885873][ T7045]        __x64_sys_openat+0x135/0x160
[  141.891246][ T7045]        do_syscall_64+0x4c/0xa0
[  141.896158][ T7045]        entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  141.902553][ T7045] 
[  141.902553][ T7045] -> #3 (&ei->i_data_sem){++++}-{3:3}:
[  141.910169][ T7045]        down_write+0x38/0x60
[  141.914846][ T7045]        ext4_truncate+0x96d/0x10d0
[  141.920023][ T7045]        ext4_setattr+0xffe/0x19e0
[  141.925634][ T7045]        notify_change+0xbcd/0xee0
[  141.930744][ T7045]        do_truncate+0x197/0x220
[  141.935659][ T7045]        do_sys_ftruncate+0x31b/0x3d0
[  141.941008][ T7045]        do_syscall_64+0x4c/0xa0
[  141.945944][ T7045]        entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  141.952338][ T7045] 
[  141.952338][ T7045] -> #2 (jbd2_handle){++++}-{0:0}:
[  141.959603][ T7045]        start_this_handle+0x1338/0x15a0
[  141.965211][ T7045]        jbd2__journal_start+0x2b7/0x5a0
[  141.970851][ T7045]        jbd2_journal_start+0x26/0x30
[  141.976195][ T7045]        ocfs2_start_trans+0x374/0x6c0
[  141.981630][ T7045]        ocfs2_shutdown_local_alloc+0x1fd/0xa10
[  141.987846][ T7045]        ocfs2_dismount_volume+0x1de/0x880
[  141.993653][ T7045]        generic_shutdown_super+0x130/0x300
[  141.999522][ T7045]        kill_block_super+0x7c/0xe0
[  142.004696][ T7045]        deactivate_locked_super+0x93/0xf0
[  142.010475][ T7045]        cleanup_mnt+0x418/0x4d0
[  142.015391][ T7045]        task_work_run+0x125/0x1a0
[  142.020476][ T7045]        exit_to_user_mode_loop+0x10f/0x130
[  142.026344][ T7045]        exit_to_user_mode_prepare+0xb1/0x140
[  142.032385][ T7045]        syscall_exit_to_user_mode+0x16/0x40
[  142.038341][ T7045]        do_syscall_64+0x58/0xa0
[  142.043258][ T7045]        entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  142.049651][ T7045] 
[  142.049651][ T7045] -> #1 (&journal->j_trans_barrier){.+.+}-{3:3}:
[  142.058138][ T7045]        down_read+0x44/0x2e0
[  142.062821][ T7045]        ocfs2_start_trans+0x368/0x6c0
[  142.068265][ T7045]        ocfs2_shutdown_local_alloc+0x1fd/0xa10
[  142.074486][ T7045]        ocfs2_dismount_volume+0x1de/0x880
[  142.080283][ T7045]        generic_shutdown_super+0x130/0x300
[  142.086158][ T7045]        kill_block_super+0x7c/0xe0
[  142.091340][ T7045]        deactivate_locked_super+0x93/0xf0
[  142.097124][ T7045]        cleanup_mnt+0x418/0x4d0
[  142.102059][ T7045]        task_work_run+0x125/0x1a0
[  142.107157][ T7045]        exit_to_user_mode_loop+0x10f/0x130
[  142.113061][ T7045]        exit_to_user_mode_prepare+0xb1/0x140
[  142.119132][ T7045]        syscall_exit_to_user_mode+0x16/0x40
[  142.125586][ T7045]        do_syscall_64+0x58/0xa0
[  142.130506][ T7045]        entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  142.136931][ T7045] 
[  142.136931][ T7045] -> #0 (sb_internal#2){.+.+}-{0:0}:
[  142.144390][ T7045]        __lock_acquire+0x2c33/0x7c60
[  142.149744][ T7045]        lock_acquire+0x197/0x3f0
[  142.154746][ T7045]        ocfs2_start_trans+0x269/0x6c0
[  142.160182][ T7045]        ocfs2_acquire_dquot+0x677/0xaf0
[  142.165796][ T7045]        dqget+0x778/0xeb0
[  142.170191][ T7045]        dquot_set_dqblk+0x27/0xf90
[  142.175366][ T7045]        quota_setquota+0x4ac/0x530
[  142.180570][ T7045]        __se_sys_quotactl+0x295/0x6c0
[  142.186009][ T7045]        do_syscall_64+0x4c/0xa0
[  142.190924][ T7045]        entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  142.197314][ T7045] 
[  142.197314][ T7045] other info that might help us debug this:
[  142.197314][ T7045] 
[  142.207515][ T7045] Chain exists of:
[  142.207515][ T7045]   sb_internal#2 --> &ocfs2_sysfile_lock_key[args->fi_sysfile_type]#6 --> &ocfs2_quota_ip_alloc_sem_key
[  142.207515][ T7045] 
[  142.224555][ T7045]  Possible unsafe locking scenario:
[  142.224555][ T7045] 
[  142.231979][ T7045]        CPU0                    CPU1
[  142.237339][ T7045]        ----                    ----
[  142.242679][ T7045]   lock(&ocfs2_quota_ip_alloc_sem_key);
[  142.248290][ T7045]                                lock(&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#6);
[  142.258072][ T7045]                                lock(&ocfs2_quota_ip_alloc_sem_key);
[  142.266200][ T7045]   lock(sb_internal#2);
[  142.270422][ T7045] 
[  142.270422][ T7045]  *** DEADLOCK ***
[  142.270422][ T7045] 
[  142.278541][ T7045] 4 locks held by syz.2.1116/7045:
[  142.283632][ T7045]  #0: ffff88805c7440e0 (&type->s_umount_key#76){++++}-{3:3}, at: user_get_super+0x118/0x240
[  142.293784][ T7045]  #1: ffff8880704460a8 (&dquot->dq_lock){+.+.}-{3:3}, at: ocfs2_acquire_dquot+0x290/0xaf0
[  142.303758][ T7045]  #2: ffff8880704cb488 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#6){+.+.}-{3:3}, at: ocfs2_lock_global_qf+0x1c7/0x270
[  142.316722][ T7045]  #3: ffff8880704cb120 (&ocfs2_quota_ip_alloc_sem_key){++++}-{3:3}, at: ocfs2_lock_global_qf+0x1e5/0x270
[  142.328006][ T7045] 
[  142.328006][ T7045] stack backtrace:
[  142.333877][ T7045] CPU: 1 PID: 7045 Comm: syz.2.1116 Not tainted syzkaller #0
[  142.341254][ T7045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  142.351372][ T7045] Call Trace:
[  142.354639][ T7045]  <TASK>
[  142.357553][ T7045]  dump_stack_lvl+0x168/0x230
[  142.362224][ T7045]  ? load_image+0x3b0/0x3b0
[  142.366732][ T7045]  ? show_regs_print_info+0x20/0x20
[  142.371917][ T7045]  ? print_circular_bug+0x12b/0x1a0
[  142.377112][ T7045]  check_noncircular+0x274/0x310
[  142.382029][ T7045]  ? add_chain_block+0x940/0x940
[  142.386954][ T7045]  ? lockdep_lock+0xdc/0x1e0
[  142.391573][ T7045]  ? mark_lock+0x94/0x320
[  142.395882][ T7045]  ? mark_lock+0x94/0x320
[  142.400197][ T7045]  __lock_acquire+0x2c33/0x7c60
[  142.405065][ T7045]  ? verify_lock_unused+0x140/0x140
[  142.410266][ T7045]  ? verify_lock_unused+0x140/0x140
[  142.415477][ T7045]  ? quota_setquota+0x4ac/0x530
[  142.420332][ T7045]  ? entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  142.426420][ T7045]  ? verify_lock_unused+0x140/0x140
[  142.431621][ T7045]  lock_acquire+0x197/0x3f0
[  142.436132][ T7045]  ? ocfs2_acquire_dquot+0x677/0xaf0
[  142.441417][ T7045]  ? __might_sleep+0xf0/0xf0
[  142.446001][ T7045]  ? do_raw_spin_lock+0x11d/0x280
[  142.451001][ T7045]  ? read_lock_is_recursive+0x10/0x10
[  142.456365][ T7045]  ? __rwlock_init+0x140/0x140
[  142.461107][ T7045]  ? do_raw_spin_unlock+0x11d/0x230
[  142.466284][ T7045]  ocfs2_start_trans+0x269/0x6c0
[  142.471205][ T7045]  ? ocfs2_acquire_dquot+0x677/0xaf0
[  142.476483][ T7045]  ? ocfs2_recovery_exit+0x50/0x50
[  142.481588][ T7045]  ? do_raw_spin_unlock+0x11d/0x230
[  142.486765][ T7045]  ? _raw_spin_unlock+0x24/0x40
[  142.491633][ T7045]  ? ocfs2_qinfo_unlock+0x11a/0x140
[  142.496818][ T7045]  ocfs2_acquire_dquot+0x677/0xaf0
[  142.501918][ T7045]  ? ocfs2_destroy_dquot+0x40/0x40
[  142.507009][ T7045]  dqget+0x778/0xeb0
[  142.510891][ T7045]  dquot_set_dqblk+0x27/0xf90
[  142.515549][ T7045]  quota_setquota+0x4ac/0x530
[  142.520208][ T7045]  ? quota_getnextquota+0x450/0x450
[  142.525390][ T7045]  ? bpf_lsm_capable+0x5/0x10
[  142.530052][ T7045]  ? do_quotactl+0x4f3/0x710
[  142.534622][ T7045]  __se_sys_quotactl+0x295/0x6c0
[  142.539537][ T7045]  ? __x64_sys_quotactl+0xa0/0xa0
[  142.544541][ T7045]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[  142.550501][ T7045]  ? lock_chain_count+0x20/0x20
[  142.555382][ T7045]  ? vtime_user_exit+0x2dc/0x400
[  142.560300][ T7045]  ? lockdep_hardirqs_on+0x94/0x140
[  142.565477][ T7045]  do_syscall_64+0x4c/0xa0
[  142.569872][ T7045]  ? clear_bhb_loop+0x30/0x80
[  142.574521][ T7045]  ? clear_bhb_loop+0x30/0x80
[  142.579172][ T7045]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  142.585047][ T7045] RIP: 0033:0x7f9e08de1be9
[  142.589442][ T7045] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  142.609025][ T7045] RSP: 002b:00007f9e07049038 EFLAGS: 00000246 ORIG_RAX: 00000000000000b3
[  142.617415][ T7045] RAX: ffffffffffffffda RBX: 00007f9e09008fa0 RCX: 00007f9e08de1be9
[  142.625432][ T7045] RDX: 0000000000000000 RSI: 0000200000002540 RDI: ffffffff80000800
[  142.633392][ T7045] RBP: 00007f9e08e64e19 R08: 0000000000000000 R09: 0000000000000000
[  142.641345][ T7045] R10: 0000200000000140 R11: 0000000000000246 R12: 0000000000000000
[  142.649298][ T7045] R13: 00007f9e09009038 R14: 00007f9e09008fa0 R15: 00007ffdbd25ff98
[  142.657252][ T7045]  </TASK>
[  142.660257][    C1] vkms_vblank_simulate: vblank timer overrun
[  142.707257][ T4191] ocfs2: Unmounting device (7,2) on (node local)