last executing test programs:

1m12.303261496s ago: executing program 0 (id=271):
syz_mount_image$btrfs(&(0x7f0000000080), &(0x7f0000000000)='./file0\x00', 0x16, &(0x7f00000002c0)={[{@nobarrier}, {@noflushoncommit}, {@nossd}, {@commit={'commit', 0x3d, 0x3f}}, {@nodatasum}, {@nodiscard}, {@nobarrier}, {@compress_algo={'compress', 0x3d, 'zstd'}}, {@noacl}]}, 0x9, 0x5104, &(0x7f000000a5c0)="$eJzs3U+IVWUfB/Dnzp1x5lVw7isEtsoikGrh4CYioqtMUFF0y8VgBE4tgnThJEi0EMQW/Vt4S4paSK6kFsksjKA2LqQwArehYS7cKAaSi3Yac8957pz7HO+5d0ZtTD8fmTnnOb/zPOe5l7O43+uccwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACEEF74/bNDVfVT16bPnJtp7jywZebyvul1p0OodbbX8vqOrc++8ua2HS9OxA6zL2fLRqPfkFnX81ljVc/GhX69P6+HEMaSAer58pk1pVGLq3vKA1a6fnH30U17mxuPH27Xr146e7L80lkwsdITWCn5eXVh8Vxqdn6PJHt024VTr9Zzimb90xPuX3kRAMCSTLU6i+7H0fwjbre9P60n7WbSbift+AmhXWwsRzbuqn7z3JDWV2iezSwqjPedZ1LP3/9uu5X2T9pJ1FjCPHt3zSPNRL95ziX1lZonAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJ3kkbdHH6qqn7o2febcTHPngS0zl/dNrzsdQqOzvZaVa6vfP9z869utxw78uPmr4xeef6ye94vL0cLO4be48sRkCG8UKhfisBfXhtDqLXSa4cty4a3OynOxAAAAwN3k/s7vkW47i4NjPe1aJ03WOv+iLCxev7j76Ka9zY3HD7frVy+dPbn88Vp9xmvecLxuu7H4UysE4xh/0/EW63HXPaVxqqUjpnn+8fNTf1f1L+X/RnX+j++c/A8AAMDNkP/TcaoNyv/fvfbHJ1X9S/l/Q88hS/k/zjjm/5GwvPwPAAAAd7Lbnf+bpXGqDcr/4y+NfV3Vv5T/p4bL/6PFaceNv8YJ75pcNWjiAAAAQF/x/90Xv1qIeT375iDN6089evBc1Xil/N8cLv+P3dJXBQAAANyMI19sf7iqXsr/reHy//htnTUAAACwFO98OPFBVb2U/2dvnP/rSf5fnS/zKx+yTj/Fv0I4NBnCxMLKXFb4ObSf7hYAAACAWyTm9D8/3flD1X6l/D9Xff//eKeDeP1/z/3/Ctf/hzDVW8ju+vdkXgAAAIB7Svl6/nh7/OzJBf2evz/s9f8P/O/gq1XHL+X//cPl/3pxeSuf/wcAAADL8F97/t/20jjVBt3//76P3v2lqn8p/7eHy/9xuab48k7E9+e9yRDWL6zkdxP8Jh5uV1KYHysUOlpJj22xR16YHy8UOuaSHpsnQ3hwYWV/Uvh/LLSTwpW1eeFIUjgdC/n50C0cSwon4pn2+dp8umnh+1jIL7CYj1dQrOleEpH0uNqvx0Lhhj3Odg8OAABwT4nhOc+yY73NkEbZ+dqgHVYP2mFk0A71QTuMJjukO/bbHmZ7C3F7+8zGpT3//8hw+T++Fflz/vpd/x/i9f/5cw271//PxkIjKczHQiu9Y0ArHiMLux/HYzRaeY8r67sFAAAAuKvF7wXqKzwPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+Ie9e42Rq7oPAH72Od6H1wtJFUKjZJPUOG7i9domD7VUWVOqRqQ064aCqohiY6/J4gU7tikxCpGxiWiEoLRBSj4UYRRFNR+gViAiKSBcpDhC5RFRFQUQKLSGKIiUkkSkCVKoZu89s3fO3Xks9hov/f0k75yZ/3neeXjOvXfOBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/n84/JWr/rZZ/OHfnvP0cxeOX7Zv/YUvX3POqY+HMDHzeEcW7ui//tbxn9959l377lt72z1Hz/1wb14uj4eB6p/O/M51sdajS0O4tyOE7jSwajAL9OT3B2N97xkM4ZQwG6iVmOzPSqQNh+/3hXAgzAZqVX2vL4TBQuD8Jx568MZq4pa+EJaHECppG89Wsjb60sAZvVmgPw1s784Cv3ojUwt8tzMLwDGLb4bai/7QRH2G4bnLNXj99Ry3jr210uF1xcRw43w/W7/AnSroTR+YOKanrVQdC6L09jjs3bYI3m2l7Xyzp634RSr/hvLGbKgSOrdMbt105fTu+EhnGB3talTTAj3PT736pc3zSS+a12HswPBxeR3e9NjyO7tWnvfoPauWv3jwI/tfOtZu/qiwSYvphVYJ+Wtu0TyP0bjPk0Xw9it9SxrxpSuEsPXzv/eZZvHS/H+4+fw/vpzjbWdd7ljr60PZ3Dw+MhgTrwxlc3MAAABYNBbDXtPtow98oll9pfn/SHvH/+Mh/3wyn432cAjjM4n9y0I4bebxLHBHbO6SZSG8fyY1UR9YnwQOh/DumcTKWlVJiSWxxEgS+MlQHhhPAkdiYCIJfCsGbk4C18XAoSSwOQYOJ4GzYyBM1Y/j94fycbQd6IuBjdlGPBTPQvjFUGwt2VbP1KoCAAA4TvLZYU/93cK5DseaIU4vD/W1yhDPwG6YoZLUkM5ga9OqhjV0t6qhs1UNtXHvbT78Us0drWounYbRUZ/h1l/+zWdDE6X5/1jz+X9ljo50lI7/h7Bh5m/M3ZlHpmvxjRN1GQAAAIBjMPC/z3+zWbw0/x9v7/z/uE+kq5A5PBJ3Q2xbFsJYfSCr9g/Lgeyo90AeAAAAgMWgdjy+dix8Kr/NTtFO59Pl/BPzzB8P/I/Pmb/38P0bm/W3NP+faO/8//7626wTR2IvvrYshCWFwA9iL6uBGSMx8ONP1gfy8R+JG+CGWFV+YkKtqhtiiY0xMJYEDjQq8cNaidPqA/mTVWt8f20cU3mJQgAAAABOuLg7IB6Xj+f/f+A3a69qVq40/984v/P/Z+bBpdP7pwdCWN0dQlf6w4BH+rOFAWNgsCNPPNCf1dWVVnVtfwhnVQeWVvV8vv5/d7rG4BN9WVUxcNoHDr56RjXxzb4QVhcDT37u9o9WE7uTQK3xv+wL4X3V0aaNf2dJ1nhP2vjXl4Tw3kKgVtUlS0KoNtabVvVQJb+OQVrVP1dCeEchUKvqY5UQ9gQAFqn4X+mW4oO79ly9bdP09OTOBUzEffh9YevU9OTo5u3TWyoN+rQl6XPdMkbXlsfU7pVvnsmXKLrg7g2D7aRrvxMcK7aV78cvnTiY34/fhXpmxrm2p+7uunTIH/pguYlQ+CbVaMidCzzk/mIls09iqf6YvzcMhCVX7prcOfrFTbt371yT/W03+9rsbzzMlG2rNem26p+rb228PBqulpV4s9tqRbGS1bsv37F6156rV01dvunSyUsnr1jzsbVjZ46tG/v4mauroxrL/rYY6oq5qk6G+sbtbY7rOA719O5CJSfiU0NCQmKxJbYPrGj6f3Jp/r+j+fw/furET/58fYZGx/+H42H+7PHZw/wbY+BAu8f/hxsdza+dGDCSBPbGwF6H+QEAAHh7iJP8uDcz7pX+6crvvNisXGn+v7e93/8fp/X/a0vXn9tomf+VscRYo/X/02X+a+v/7220/n+6zH9t/f8Db8H6/1fWAskm+YX1/wEAgLeDE7f+f8vl/dMLBJQytFzeP71AQClDy2X8271AwLzX/3/2P//qv0MTpfn/ze3N/y3cDwAAACePL//ZVb/TLF6a/x9ob/5/4tf/C43O/x9pFJhotDCg9f8AAABYpBqt/zd8ff/FzcqV5v+H2pv/x9MuOutyx1pfH8rWtAvpmnavDNV+MgAAAACLQ2cYHe1pM2/dyqjr33ybT+VLgTZLFz3/J0fnd/7/4fbm/3W/y7jpseV3dq0879HX71m1/MWDH9n/0uzxfwAAAGDhtLtfAgAAAAAAAAAAAAAAeOs9/x/71jWLl37/HzbMPN7o9//xun/x9wXvrMsda229/l9+//xP37VnZsnCR4ZC+GAxsG3ftlNCfm3+FcXAgxetfFc1sS8tcf9zZ79QTVycBj616tTXqomzksDGuEjiu9NAvKria0uTQFxe8d/TQNweh9JAbx746tJsHB3ptvrpYLatOtJt9fRgCMsKgdq2uncwa6MjHeAtSaA2wC+kgTjAP88DnWmv7hrIehUDg7HobQNZrwAAOGnFb4E9YevU9ORY/Aofb0/vrr+N6pYsu7ZcbUebzT+TL012wd0bBttJd6XfRWevNd4TKtUhrCl9XS1m6ZgZ5fGppcWme2eDIbda7a2zQbnUfDddb+MR9WUjGt28fXpLT8uBr2udZW13yyxrSpOdYpbOmU3aRi1t9KWNEbW5bdrocrzfGUZHu5JcfxCDw6FOq1dEu7/XL67z1+hVUMxzxdH9v2pWX2n+P9ze/L9SHNdr+cUA9sYr6/3dMsv8AwAAwML66vpffyP+++z1Dz/ZLG9p/j/S3vw/7sHKDwVnezsOx+v/718Wwsyl9YezwB2xuUuWhfD+mdRELJFdUP/cWGIsC9wRd5isjCU2TtRXtSQGDiWBnwzlgcNJ4EgM5HspDoZ8V87fD4Xw0ZnUhvoSO2KJ4STwmRgYSQKjMTCWBJbGwHgSeHlpHphIAv8WA2GqflvdvTTfVgAAAPORz7N66u+GdJ53qLtVho5WGfpbZehslaHSKkOjUcT7344ZepKTVzoKmXrSWvuSWkoZ4sXw592vUobww/qcacFS0/H8g9r5Bh31Ge77RHclNFGa/4+1N//vr7/NWj8S5/+z1//LAj+I3ftaPHV8JAZ+/Mn6QL5j4Eic7N5Qq2oiL5FP2m+IJcZjYCQJ7IiB8SSwcUMeOPCu+kA+0641vr/W+FReohAAAACAEy7uIIi7aeL8/7ZdXxloVi6f/4/U5v/j7c3/Y3sDxcaui7UeXRrCvR2zvakFVg1mgbgfYzD+PP49gyGcUtjBUSsx2Z+V6E0aDt/vy36h3ptW9b2+7McH8f75Tzz04I3VxC19ISwv7H2ptfFsJWujLw2c0ZsF+tPA9u4sEPf81ALf7cwCcMxqewXjCyo/1aVmeO5yDV5/b5drgqbDK+0DnSPfXL+5WiilHa75PtWa+T1tTfffctyU3h6HvdsW47tt2Lut+EUq/4byxmyoEjq3TG7ddOX07vhI8ZesJQv0PBd/pdpO+ji8Dve++d62Vkk7MJZ8fIzNXW7u12FHrO6mx5bf2bXyvEfvWbX8xYMf2f9S291oIP5Q+KFr/nXwR4XNu9AqIX/NLbrPkwmfJ4vxv4ERT1sIYcPLX7+hWbx0/H+ivfl/d3I749dxY+5aFsKHChv3kbj5/3hZ9jlYCGSfku8oB7JD7v811PCTEwAAAI632u6O2v6Cqfw2OyE8nSeX80/MM3/cXzE+Z/52+93/1xctbxYvzf83Np//L0m66fi/4/8sEMf/53Sy74pekj6w95h2RZeqY0E4/j+nk/3d5vj/nBz/d/x/Lo7/t+D4/5xO9qet9C1phy9dIYQX/+iBp5vFS/P/He3N/63/N/eifbX1/zY2Wv9vR6P1//Za/w8AAFhQDRaaS+d5pdX7ShnS1ftKGVouENhyiUHr/817/b8XTn/2N6GJ0vx/b3vz//hyGCi2vljW/xvZ0KCqm2Ngh4UBAQAAOBk12kEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAW+u+f/ifLc3iD//2nKefu3D8sn3rL3z5mnNOfTyEqZnHO7JwR//1t47//M6z79p339rb7jl67ocrebme/PZ363LHWl8fCuFA4ZHBmHhlqHpnNnD+p+/a011NPDIUwgeLgW37tp1STXxrKIQVxcCDF618VzWxLy1x/3Nnv1BNXJwGPrXq1NeqibPyQEfa3X9cmnW3I+3ujUtDWFYI1Lp72dL6qmpt/Gke6Ezb+KfBrI0YGIxFvzGYtRED07HE1JIQVneH0JVW9XAlq6orrepfKllVXWlVX66EcFYIoTut6rnerKrudOSP92ZVxcBpHzj46hnVxIHeEFYXA09+7vaPVhNfSAK1xv+iN4T3VV8yaePf7ska70kbv6UnhPeGEHrTEr/szkr0piWe7w7hHYVArfHPd4ewJ/C2ED986j7Rdu25etum6enJnQuY6M3b6gtbp6YnRzdvn95SSfrUSEch/ca1b37sz7z6pc3V2wvu3jDYTro7L9cz0+W1PXV3153svY/96i9WMvt8lOqP+XvDQFhy5a7JnaNf3LR798412d92s6/N/nbl0WxbrVks22pFsZLVuy/fsXrXnqtXTV2+6dLJSyevWPOxtWNnjq0b+/iZq6ujGsv+Nh5qb9tDvf3ED/X07kIlJ+IDQOLEJqqvy5OgGxKLOtFZ9+k2drJ/kJe+6M92tCdUZj6gS9OKYpaOmVEej0GvT4Irjv+gR+L3lJYjWlOaOJSyrG2dZV1pMjGbpS/LMvO9rjQ5LNbUObNJ4/3OMDra1Wg7DNffLW7en6Wbdx6eyjdju2kAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgP9jBw4EAAAAAID8XxuhqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqCjtwIAAAAAAA5P/aCFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVXYgWMBAAAAAGH+1mH0bAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAlwIAAP//5DAgkw==")
r0 = open(&(0x7f0000000040)='./bus\x00', 0x60142, 0x0)
write$FUSE_NOTIFY_INVAL_ENTRY(r0, &(0x7f0000000800)=ANY=[], 0x23)
fallocate(r0, 0x10, 0x0, 0x2000)

1m11.801174653s ago: executing program 0 (id=278):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000)
recvmmsg(r0, &(0x7f0000002c00)=[{{0x0, 0x0, 0x0}, 0x8103}, {{0x0, 0x0, 0x0}, 0x10000}, {{0x0, 0x0, 0x0}, 0x1}, {{0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000380)=""/180, 0xb4}, {&(0x7f0000000500)=""/253, 0xfd}, {&(0x7f0000000040)=""/92, 0x5c}, {&(0x7f0000001b40)=""/4109, 0x100d}, {&(0x7f00000006c0)=""/229, 0xe5}], 0x5}, 0x80000000}, {{0x0, 0x0, 0x0}, 0x2}, {{0x0, 0x0, 0x0}, 0x9}, {{0x0, 0x0, &(0x7f0000001a80)=[{&(0x7f0000000940)=""/134, 0x86}, {&(0x7f0000002e00)=""/4109, 0x100d}, {&(0x7f0000000000)=""/44, 0x2c}, {&(0x7f0000006080)=""/4096, 0x1000}, {&(0x7f0000000480)=""/90, 0x5a}], 0x5}, 0xb0}, {{0x0, 0x0, 0x0}, 0x6}], 0x8, 0x20, 0x0)

1m11.330105583s ago: executing program 0 (id=283):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x6, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="180200000900000000000000fdffffff850000003600000018010000756c6c2700000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000a000000850000000600000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x0, 0xe, 0x0, &(0x7f0000000100)="178d048604bf0bfb1945d7430008", 0x0, 0x501, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x9}, 0x50)

1m11.214066884s ago: executing program 0 (id=285):
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800700, &(0x7f0000000200)={[{@usrjquota}, {@journal_dev={'journal_dev', 0x3d, 0x8000}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5c}}, {@minixdf}, {@resgid}, {@grpquota}, {@usrjquota}, {@barrier}]}, 0x3, 0x45b, &(0x7f0000000880)="$eJzs3M9vFFUcAPDvzLZF+dWK+ANErRJj44+WFlQOXjSaeMBoogc81rYQwkINrYkQAtUYvJgYEj0bjyb+Bd68GPVk4lXvhoQoF9BTzczOwO6yW9iy7Vb280kG3pv3dt97++btvJm30wD61mj2TxKxNSJ+j4jhWrQxw2jtv2tXzs78c+XsTBLLy+/8leT5rl45O1NmLV+3pYiMpRHpp0lRSKOF02eOT1erc6eK+MTiiQ8mFk6fef7Yiemjc0fnTk4dPHhg/+RLL069EM1VWo2sXVd3n5vfs+uN9y6+OXP44vs/f5e96dYivb4d3TKaNfzv5Vxz2lPdLqzHttWFk4EeVoSOVCIi667BfPwPRyVudN5wvP5JTysHrKns3LSpffLSMnAXS6LXNQB6ozzRZ9e/5Vbuu3Zu7ecfvXb5ldoFUNbua8VWSxmItMgz2HR9202jEXF46d+vsy3W6D4EAEC9z2e+OhTPtZr/pfFgXb7txRrKSETcFxE7IuL+iNgZEQ9E5HkfioiHOyy/eWno5vlPemlVDbtN2fzv5WJtq3H+V87+YqRSxLbl7R9Mjhyrzu0rPpOxGNyUxSdXKOOH1377ol1a/fwv27Lyy7lgUY9LA0036GanF6fzSWkXXP44YvdAq/Yn11cCkojYFRG7O3vr7WXg2DPf7mmX6dbtX0EX1pmWv4l4utb/S9HU/lKy8vrkxD1Rnds3UR4VN/vl1wtvtyv/jtrfBVn/b248/puzjCT167ULnZdx4Y/P2l7TrPb4H0rezftlqNj30fTi4qnJiKHkUB5v2D9147VlvMyftX9sb+vxv6N4TVbOIxGRHcSPRsRjEfF4UfcnIuLJiNi7Qvt/erV92kbo/9mW33/Xj/+m/u88UDn+4/ftyr+9/j+Qh8aKPfn33y3cbgXv5LMDAACA/4s0/w18ko5fD6fp+HjtN/w7Y3NanV9YfPbI/IcnZ2u/lR+JwbS80zVcdz90Mlkq3rEWnyruFZfp+4v7xl9W7s3j4zPz1dketx363ZY24z/zZ6XXtQPWXKt1tKmhHlQEWHfN4z9tjJ5/az0rA6wrz2tD/7rF+E/Xqx7A+nP+h/7Vavyfb4pbC4C7k/M/9C/jH/qX8Q/9y/iHvlT/SHwlVvmAv8AqA+XfWNgo9ekkEOmGqIbAGgV6/MUEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQJf8FAAD//0O47AY=")
socket(0x840000000002, 0x3, 0x100)
socket$inet6(0xa, 0x2, 0x3a)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x109041, 0x0)
mount$bind(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x81105a, 0x0)
socket(0x28, 0x801, 0x0)
mount$bind(&(0x7f0000000880)='./file0/../file0\x00', &(0x7f0000000440)='./file0/file0\x00', 0x0, 0x1adc11, 0x0)
mount$bind(&(0x7f0000000100)='./file0/../file0\x00', &(0x7f0000000080)='./file0/file0/file0\x00', 0x0, 0x887008, 0x0)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00')
read$FUSE(r0, &(0x7f0000006b40)={0x2020}, 0x2020)

1m11.121421291s ago: executing program 0 (id=287):
r0 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000100)={0x80000001, 0xfffffffd, 0xfffffffc}, 0x5b)
write(r0, &(0x7f0000000000)="240000001a005f0214f9f407000904001f000000fe1f00000000000008000f00fe000000", 0x24)

1m10.682679778s ago: executing program 0 (id=288):
r0 = socket$nl_route(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, 0x0, 0x4804)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004bc311ec8500000075000000a70000000800000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000980)={&(0x7f0000000940)='rxrpc_recvmsg\x00', r1}, 0x10)
socket(0x21, 0x2, 0x10000000000002)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r2}, 0x10)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000100)={0x0, 0x300, &(0x7f00000000c0)={&(0x7f0000000140)={0x1c, 0x20, 0x9, 0x2, 0x25dfdbff, {0x2}, [@typed={0x8, 0x8, 0x0, 0x0, @fd=r3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000)

1m10.236126687s ago: executing program 32 (id=288):
r0 = socket$nl_route(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, 0x0, 0x4804)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004bc311ec8500000075000000a70000000800000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000980)={&(0x7f0000000940)='rxrpc_recvmsg\x00', r1}, 0x10)
socket(0x21, 0x2, 0x10000000000002)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r2}, 0x10)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000100)={0x0, 0x300, &(0x7f00000000c0)={&(0x7f0000000140)={0x1c, 0x20, 0x9, 0x2, 0x25dfdbff, {0x2}, [@typed={0x8, 0x8, 0x0, 0x0, @fd=r3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000)

1.245035156s ago: executing program 1 (id=939):
syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x0, &(0x7f0000000040), 0x2, 0x46b, &(0x7f0000000580)="$eJzs3M1vFOUfAPDvzLbw+/HWivgColaJsfGlpQWVgxeNJh4wmugB9VTbQgiFGloTIUSqMXgxMSR6Vo8m/gXevBj1ZGLiSe+GhCgX0FPNzM5Ad9ltt3TZrd3PJxl4nn2e7TzfPvPMPDPPbgPoWUPZP0nEtoj4LSIGqtnaCkPV/65dOTf595Vzk0ksLr72Z5LXu3rl3GRZtXzf1iIznEakHyXFTmrNnTl7YmJmZvp0kR+dP/nO6NyZs08ePzlxbPrY9KnxQ4cOHhh75unxp9oSZxbX1T3vz+7d/dIbF1+ePHLx7R+/ydq7rShfGsct2XTzS0NZ4H8t5urLHon/r2l36832Jemkr4sNYVUqEZF1V38+/geiEjc6byBe/LCrjQNuq+zatLl58cIisIEl0e0WAN1RXuiz+99y69DUY124/Fz1BiiL+1qxVUv6Ii3q9Nfd37bTUEQcWfjni2yLdjyHAABYwSeTnx+OJxrN/9K4e0m9HcUaymBE3BEROyPizojYFRF3ReR174mIe1e5//qloZvnP+mlWwqsRdn879libat2/lfO/mKwUuS25/H3J0ePz0zvL34nw9G/OcuPLbOP71745dNmZUvnf9mW7b+cCxbtuNRX94BuamJ+Ip+UtsHlDyL29DWKP7m+EpBExO6I2LO6H72jTBx/7Ou9zSqtHP8y2rDOtPhVxKPV/l+IuvhLyfLrk6P/i5np/aPlUXGzn36+8Gqz/a8p/jbI+n9L7fFflHx5pkgMvrV0vXYuVr1yeeH3j5ve09zq8b8peT0/H5XLru9NzM+fHovYlBzO8zWvj994b5kv62fxD+9rPP53Fu/J+v++iMgO4vsj4oGIeLBo+0MR8XBE7Fsm/h+eb162Hvp/quH57/rxP5jU9P/qE5UT33/bbP+t9f/BPDVcvJKf/1bQagPX8rsDAACA/4o0/wx8ko5cT6fpyEj1M/y7Yks6Mzs3//jR2XdPTVU/Kz8Y/Wn5pGtgyfPQsWSh+InV/HjxrLgsP1A8N/6sEnl+ZHJ2ZqrLsUOv29pk/Gf+qHS7dcBt12gdbbzBF9qAjad+/Ke12fOvdLIxQEf5vjb0rhXGf9qpdgCd5/oPvavR+D9fl7cWABuT6z/0LuMfepfxD72rbvxX4tdutQTooLV8r1+ilxORrotmtJRo/e9B3O7Em+ujGS0kun1mAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAaI9/AwAA//9sbvBf")
r0 = openat(0xffffffffffffff9c, &(0x7f00000013c0)='./file0/file0\x00', 0x40042, 0x8)
pwrite64(r0, &(0x7f0000000140)='2', 0x1, 0xe627)
ioctl$EXT4_IOC_MOVE_EXT(r0, 0x40305829, &(0x7f0000000300)={0x17c04, 0xffffffffffffffff, 0x8001, 0x100000001, 0x0, 0xdc})

1.201743021s ago: executing program 1 (id=940):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x80200, 0x0)
ioctl$TIOCGPTPEER(r0, 0x5441, 0x7fffffffffff7fff)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
r1 = socket$kcm(0x10, 0x2, 0x0)
recvmsg(r1, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x22)
syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[@ANYBLOB='6@\x00\x00&\x00'], 0xfe33)

1.024069512s ago: executing program 1 (id=941):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000840)={0xb0, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_SEQ_ADJ_ORIG={0x1c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x34eaaa04}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x7}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x400}]}]}, 0xb0}}, 0x0)

1.023787255s ago: executing program 1 (id=942):
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000380)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c)
connect$inet6(0xffffffffffffffff, &(0x7f0000000240)={0xa, 0x4e23, 0x3, @loopback, 0x9}, 0x1c)
r1 = syz_io_uring_setup(0x10e, &(0x7f0000000140)={0x0, 0x334e, 0x10, 0x3, 0x801}, &(0x7f00000003c0)=<r2=>0x0, &(0x7f0000000300)=<r3=>0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuset.memory_pressure_enabled\x00', 0x275a, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x1, 0x7})
write$UHID_CREATE2(r4, &(0x7f00000001c0)=ANY=[@ANYBLOB="06"], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r4, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0, 0x60, 0x185100})
io_uring_enter(r1, 0x7277, 0x0, 0x28, 0x0, 0x0)

898.261804ms ago: executing program 2 (id=943):
r0 = syz_open_dev$sndctrl(&(0x7f0000000e00), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r0, 0xc1105511, &(0x7f00000000c0)={{0xb, 0x0, 0x2}, 0x0, [0xfffffffffffffffc, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc7b5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x2, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0xf]})

883.753025ms ago: executing program 1 (id=944):
pipe2(&(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
pselect6(0x40, &(0x7f0000000100), 0x0, &(0x7f0000000240)={0x1f}, 0x0, 0x0)
vmsplice(r1, &(0x7f0000000280)=[{&(0x7f0000000100)='n', 0x1}], 0x1, 0x7)
pipe2(&(0x7f00000000c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x800)
fcntl$setstatus(r2, 0x4, 0x2800)
splice(r0, 0x0, r3, 0x0, 0x8000000000000000, 0x0)

802.34454ms ago: executing program 2 (id=945):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0100000004000000080000000d"], 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000e80)={0x11, 0x10, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0x20}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x19383fb31bd4d798}, {0x85, 0x0, 0x0, 0x3}}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r1}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000b80)={{r0}, &(0x7f0000000b00), &(0x7f00000008c0)='%ps    \x00'}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r2}, 0x10)

745.338044ms ago: executing program 2 (id=948):
r0 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r0, &(0x7f0000000140)=@file={0x1, './file1\x00'}, 0x2)

744.962403ms ago: executing program 2 (id=949):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xd)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
newfstatat(0xffffffffffffff9c, 0x0, 0x0, 0x4000)
fanotify_mark(0xffffffffffffffff, 0x115, 0x5000003a, 0xffffffffffffffff, 0x0)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000840), 0x0)
close(0x3)

594.525594ms ago: executing program 3 (id=950):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000008c0)={0x2c, 0x13, 0x1, 0x2, 0x25dfdbf6, "", [@typed={0x7, 0x0, 0x0, 0x0, @str='\x13\x00\x00'}, @typed={0x8, 0x3fff, 0x0, 0x0, @fd}, @nested={0xc, 0x1a, 0x0, 0x1, [@nested={0x8, 0x0, 0x0, 0x1, [@typed={0x4, 0x6e}]}]}]}, 0x2c}], 0x1}, 0x0)

455.333729ms ago: executing program 3 (id=951):
migrate_pages(0x0, 0x3, &(0x7f00000002c0)=0x7f, &(0x7f0000000300)=0xa)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='numa_maps\x00')
lseek(r0, 0x1000000, 0x0)

261.301505ms ago: executing program 3 (id=952):
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19)

260.576322ms ago: executing program 2 (id=953):
r0 = landlock_create_ruleset(&(0x7f0000000040)={0x501a, 0x3, 0x3}, 0x18, 0x0)
r1 = socket$unix(0x1, 0x2, 0x0)
r2 = socket$unix(0x1, 0x2, 0x0)
landlock_restrict_self(r0, 0x1)
bind$unix(r2, &(0x7f0000003000)=@file={0x1}, 0x6e)
connect$unix(r1, &(0x7f0000000640)=@file={0x1}, 0x6e)

196.301117ms ago: executing program 2 (id=954):
syz_mount_image$ocfs2(&(0x7f0000004740), &(0x7f0000004780)='./file0\x00', 0x100000a, &(0x7f00000002c0)={[{@journal_async_commit}, {@heartbeat_none}, {@usrquota}, {@barrier={'barrier', 0x3d, 0x7}}, {@heartbeat_none}, {@inode64}]}, 0x1, 0x4703, &(0x7f0000004800)="$eJzs212IXFcBB/BzJ6vZpMl2P9ImafoxSQQXLcumT9X6ENeqjabNh7bVVFlnN9vN6uzMujujBYPUIIiCoARBxQ+qQulLLYiBvtQiFPxAWoVSUbS+iBSq4INBG+jKzNybnXtntneyk7S0/f2gnb3n3nPumf3vPXfOPZNCrHZqYaW4sFIsVYrV2ftXbil+rlquL86FwqvktT4/vbkSOcn+tXPkfR/4yD23hPCHY1/70Orq6mpoGA5dHWj7+fy/T8+2vyYKmTqNdru31vLH+iMv/fwtr3REnhMhhB0d/WrYFEL42C9C2BxCGInLRuPXLSGEbSGEKITw6G/+9ePBfrrQ5uy9Lzx37MzhfWemHn/smQvzR9c9MArhu+XdN88vvrh/023Pv+MynR4AAF7RB48fufvo5IHwZBSGzg10fl7fGb8mn4/vfNun7np4YG3/Kr3Z9CqGCgAAABlr8//h6OUu63XJylqyJPjEAyfufipa229i+/p26K4jt79/8kC8/ht17L81Lvrnezc111Cz677Z9d+RTP3u679r53n4q8/+svLWjfc/6V9y3uEQFSZS24XCxEQIx6Za27uirYVydaX2zvur9crJjZ/3jSKdf3b1fm1Bv9f8RzPV89b/d3/i8z/bMtDPOxgL2b/axnax80+ZLtL5rz+W/+RLUU/5j2Xq5eV/x9Pbz/9qcz/vIHtGLkU6/9aFuK/9gGJrAGjk/82B/Px3ZNrPy//7U+cePbGB7/80xpnhqNHXwdQI8HJcvs5XmMhI598KIjV0xr/I9a7//2XyvybTfl7+d1b/8bu/9XH/X2/8H5/qp803j3T+rSCKqSPWrv+RQv71f22m/bz8f3vqz89+sq97dWf+jf6Pu//3JJ1/fCNOD57N32Sv4//OTPt5+e8au++hhQ30+8Nb4n4ORWGs7Vun5xq3sKG19ermlKaxe2kDJ3kTSOff+q2lLp2h1kvz+h/OH/93ZdrPy/+hPV9/z+m+vv/bffyfNP73JJ3/lmbZpeT/Uib/3Zn28/L/4em//+W+yzz+N7YPyr8n6fy3duxfe/5T6Gn+d12mft7zn32jTz3y1z7m/0n/kvMmz3+S5xDjUev5D92l879q3eN6vf/vydTLu/6/9Z/nn97fz/gfDXoC0Id0/ttahV0mgL3mf32m/bz8v3DPlz/+pw3M/5qf+AaT/Nvm/5tb5UeN/z1J57+9VZj6x1APNv/fvP9Hnbn/N5P/DZn28/K/cGhi4CuX+f7f6P94l0fZdErnP7TucY38f9/D/f/GTL28/L+496cv3tzX5/8QJs31Nyyd/9XrHte8/gfz878pUy8v/+9849dPPNhH/9/eR12y+bfu9anLKf5s3uv8v5hpPy//H42fP7v/Csz/bnX/70k6/9aq+aXkn53/7820n5f/9478YHngCjz/uUP+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGzIavw6HqDCR2i4UJiZCGIu3d4Wt0Uzp5PRMuTr7mZUQdsTlxTAazZerM6Xy9EKlenJuulQuV2dDuCbevyMMRivlam16sbR07cW2tkSn5krLtZm5Ui2EsDMuvz5sT9qaWagtlpaaxyZ1ropKn61Xa6WJ+srccth9sXxbUj6/XK0vXXexrasL1eWlU6XK9MmF5XdPTk5Ohj0X+zwSzT1Qm6vUWr1t7W3USeoOR21vprn7hrbzfbpaX66Uys3yG9vqlKuzpXJbnZvazldbrldmS7W56XJ1Pjlfsa1u23tr7t4b7xsPI6n3l9TNOhi/3n7o+EePHz7Qsb8YpfOu1BfnJrd3/5sAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4I3rydve9e0QwkBrqxBCOJj8EMX/pZy994Xnjp05vO/M1OOPPXNh/mi3YwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4PztwIAAAAAAA5P/aCFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVXYuZ+XKro4DsBnxve+FkgpbYRcBoaI6E7Cgn4RSeU1smWb1kGtEjIoCgwjWhYEQVC7qCBoFVT+BVELl62qTS1aGERQMTqTlzvCDS90zHkeGM4Mc++ZLwzcO3M+hwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALB+nN2x2JW1l3ZtXtq6+0PozM/9H0IYTZb3P+/tCD0hhK9fZk6HVdpCT1P/bybnxstXTX7v7R9/eH00WXv9xXeL63aHJB1qON6ZpOnQ0Nr736juDD6bHkxCSGMXQhQLY0/O1EIIHbELIYqfH+cvZr/v/8UuhCj6P9ztyu5/LXYhRLF196e+Wv6MR/Wcr18YbPzvb/UI3sYjOuvQ25NX3qVuauW9zN//k3zzPlgNsyeOvH8euwiimZ2bOhq7BgAA4O861yL/D1uW9+9fTkJPdzn3/9aU//c29b96/r/i3vYbYzNthRDbSmOT2fHwvnb63PhODVy9/bpmvKeq5P/VJv+vNvl/tcn/q03+X23yfzKv5P+V9PjmnsUXsYsgGvk/AABUz6HjE1P14ZHs5X/Tj85yXt+Xt/U8T39wa3rgUcO4kfzw33b42MSBg8Mj+X0vDwiurP+QLp39ns/3aG4Lk03zLlqt/9D7dGH+Wmf5E/U/nL9R1Fdc1/oPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAvdueehkEwCsPod1sRtdGqaMLCT4IPNDAiACnMaEAHEwZgIAQUMJBzlnuTZ3kBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA5/tXeV18f2mM9Foj0lR22bV/jqfZz9y3w/I+e9y4FQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADZ24EAGAAAAQJi/dR7tBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4KkAAAD//8Oayzs=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
fchown(r0, 0x0, 0xee01)

86.388059ms ago: executing program 3 (id=955):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x20, 0x3, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @netfilter=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x80000000}, 0x50)

86.195994ms ago: executing program 3 (id=956):
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r0, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4)
setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000180)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c)
sendmmsg(r0, &(0x7f0000005880)=[{{&(0x7f00000001c0)=@qipcrtr={0x2a, 0x4}, 0x80, 0x0}}], 0x1, 0x800)

2.996297ms ago: executing program 3 (id=957):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x1b)
ioctl$TCSETS(r0, 0x80204705, 0x0)

0s ago: executing program 1 (id=958):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$cgroup_int(r0, &(0x7f0000000200), 0xffffffc1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x22051, r0, 0x0)
mmap(&(0x7f00007a6000/0x3000)=nil, 0x3000, 0x100000c, 0x22051, r0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0)

kernel console output (not intermixed with test programs):

mber 3 using dummy_hcd
[   84.177694][   T24] usb 1-1: Using ep0 maxpacket: 16
[   84.181983][   T24] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   84.189158][   T24] usb 1-1: New USB device found, idVendor=0fe6, idProduct=9700, bcdDevice=d1.9a
[   84.193018][   T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   84.196224][   T24] usb 1-1: Product: syz
[   84.198351][   T24] usb 1-1: Manufacturer: syz
[   84.200194][   T24] usb 1-1: SerialNumber: syz
[   84.204656][   T24] usb 1-1: config 0 descriptor??
[   84.210660][   T24] dm9601 1-1:0.0: probe with driver dm9601 failed with error -22
[   84.215842][   T24] sr9700 1-1:0.0: probe with driver sr9700 failed with error -22
[   84.228799][   T96] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[   84.389874][   T96] usb 3-1: Using ep0 maxpacket: 32
[   84.393892][   T96] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 102, changing to 10
[   84.398996][   T96] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24624, setting to 1024
[   84.404137][   T96] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[   84.414737][   T24] usb 1-1: USB disconnect, device number 3
[   84.415680][   T96] usb 3-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.22
[   84.427744][   T96] usb 3-1: New USB device strings: Mfr=1, Product=130, SerialNumber=131
[   84.431256][   T96] usb 3-1: Product: syz
[   84.432954][   T96] usb 3-1: Manufacturer: syz
[   84.445069][   T96] usb 3-1: SerialNumber: syz
[   84.456465][   T96] input: appletouch as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/input/input4
[   84.662152][   T96] usb 3-1: USB disconnect, device number 3
[   84.687016][ T6271] loop1: detected capacity change from 0 to 164
[   84.692784][ T6271] ISOFS: unable to read i-node block
[   84.694809][ T6271] ISOFS: root inode is unusable. Disabling Rock Ridge and switching to Joliet.
[   84.702594][ T6271] netlink: 56 bytes leftover after parsing attributes in process `syz.1.152'.
[   84.708539][ T6271] netlink: 4 bytes leftover after parsing attributes in process `syz.1.152'.
[   84.714514][   T96] appletouch 3-1:1.0: input: appletouch disconnected
[   85.027099][ T6278] loop1: detected capacity change from 0 to 64
[   85.094414][ T6280] loop1: detected capacity change from 0 to 128
[   85.103746][ T6280] =======================================================
[   85.103746][ T6280] WARNING: The mand mount option has been deprecated and
[   85.103746][ T6280]          and is ignored by this kernel. Remove the mand
[   85.103746][ T6280]          option from the mount to silence this warning.
[   85.103746][ T6280] =======================================================
[   85.168435][ T6280] vfat: Unknown parameter 'sys_immutable(unilxlate'
[   85.243629][ T6285] futex_wake_op: syz.2.158 tries to shift op by -1; fix this program
[   85.288321][ T6288] loop1: detected capacity change from 0 to 512
[   85.296664][ T6288] EXT4-fs warning (device loop1): ext4_multi_mount_protect:292: Invalid MMP block in superblock
[   85.352569][ T6286] loop0: detected capacity change from 0 to 4096
[   85.362872][ T6286] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512).
[   85.379055][ T6293] netlink: 8 bytes leftover after parsing attributes in process `syz.1.162'.
[   85.399198][ T6286] ntfs3(loop0): Mark volume as dirty due to NTFS errors
[   85.476169][ T6298] overlayfs: "xino" feature enabled using 2 upper inode bits.
[   86.190401][ T6316] syz.1.171: attempt to access beyond end of device
[   86.190401][ T6316] loop1: rw=0, sector=1, nr_sectors = 1 limit=0
[   86.194653][ T6316] qnx4: unable to read the superblock
[   86.270136][ T6320] loop1: detected capacity change from 0 to 2048
[   86.289431][ T6320] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   86.301737][ T6320] ext4 filesystem being mounted at /42/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   86.369662][ T5978] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   86.458801][ T6326] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   86.602949][    T9] cfg80211: failed to load regulatory.db
[   86.840876][ T6327] netlink: 248 bytes leftover after parsing attributes in process `syz.1.174'.
[   86.847224][ T6327] netlink: 156 bytes leftover after parsing attributes in process `syz.1.174'.
[   86.866684][ T6329] loop0: detected capacity change from 0 to 512
[   86.892156][ T6329] Quota error (device loop0): do_check_range: Getting dqdh_prev_free 1536 out of range 0-5
[   86.896354][ T6329] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota
[   86.907371][ T6329] EXT4-fs error (device loop0): ext4_acquire_dquot:6933: comm syz.0.175: Failed to acquire dquot type 1
[   86.919502][ T6329] EXT4-fs (loop0): 1 truncate cleaned up
[   86.923097][ T6329] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   86.929445][ T6329] ext4 filesystem being mounted at /23/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   86.963334][ T5975] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   87.184913][ T6346] loop2: detected capacity change from 0 to 256
[   87.224707][ T6348] netlink: 'syz.1.182': attribute type 1 has an invalid length.
[   87.238426][ T6348] netlink: 244 bytes leftover after parsing attributes in process `syz.1.182'.
[   87.296612][ T6350] loop0: detected capacity change from 0 to 256
[   87.320077][ T6350] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d)
[   87.402584][ T6350] netlink: 20 bytes leftover after parsing attributes in process `syz.0.183'.
[   89.695144][ T6395] mmap: syz.2.201 (6395) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[   90.203035][ T6401] loop2: detected capacity change from 0 to 128
[   90.215619][ T6401] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256
[   90.224546][ T6401] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[   90.283105][ T6405] process 'syz.2.206' launched './file0' with NULL argv: empty string added
[   90.343020][ T5313] hid-generic 00A0:0006:0003.0001: unknown main item tag 0x0
[   90.346752][ T5313] hid-generic 00A0:0006:0003.0001: unknown main item tag 0x0
[   90.356905][ T5313] hid-generic 00A0:0006:0003.0001: unknown main item tag 0x0
[   90.360447][ T5313] hid-generic 00A0:0006:0003.0001: unknown main item tag 0x0
[   90.373351][ T5313] hid-generic 00A0:0006:0003.0001: unknown main item tag 0x0
[   90.376366][ T5313] hid-generic 00A0:0006:0003.0001: unknown main item tag 0x0
[   90.380626][ T5313] hid-generic 00A0:0006:0003.0001: unknown main item tag 0x0
[   90.383568][ T5313] hid-generic 00A0:0006:0003.0001: unknown main item tag 0x0
[   90.386489][ T5313] hid-generic 00A0:0006:0003.0001: unknown main item tag 0x0
[   90.389504][ T5313] hid-generic 00A0:0006:0003.0001: unknown main item tag 0x0
[   90.396585][ T5313] hid-generic 00A0:0006:0003.0001: hidraw0: <UNKNOWN> HID v0.05 Device [syz1] on syz0
[   90.578891][   T24] usb 3-1: new full-speed USB device number 4 using dummy_hcd
[   90.667626][ T5313] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[   90.751055][   T24] usb 3-1: config 0 has an invalid interface number: 212 but max is 0
[   90.754472][   T24] usb 3-1: config 0 has no interface number 0
[   90.757286][   T24] usb 3-1: config 0 interface 212 has no altsetting 0
[   90.763127][   T24] usb 3-1: New USB device found, idVendor=1ae7, idProduct=0525, bcdDevice=ca.e6
[   90.767070][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   90.770869][   T24] usb 3-1: Product: syz
[   90.773616][   T24] usb 3-1: Manufacturer: syz
[   90.775626][   T24] usb 3-1: SerialNumber: syz
[   90.782248][   T24] usb 3-1: config 0 descriptor??
[   90.790242][   T24] HFC-S_USB 3-1:0.212: probe with driver HFC-S_USB failed with error -5
[   90.827732][ T5313] usb 2-1: Using ep0 maxpacket: 32
[   90.833203][ T5313] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA6, changing to 0x86
[   90.838046][ T5313] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x86 has an invalid bInterval 0, changing to 7
[   90.842465][ T5313] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x86 has invalid wMaxPacketSize 0
[   90.846494][ T5313] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x7 has an invalid bInterval 255, changing to 11
[   90.852461][ T5313] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid maxpacket 59391, setting to 1024
[   90.860287][ T5313] usb 2-1: New USB device found, idVendor=05ef, idProduct=020a, bcdDevice=91.36
[   90.863966][ T5313] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   90.867202][ T5313] usb 2-1: Product: syz
[   90.870200][ T5313] usb 2-1: Manufacturer: syz
[   90.871985][ T5313] usb 2-1: SerialNumber: syz
[   90.878585][ T5313] usb 2-1: config 0 descriptor??
[   90.997122][   T24] usb 3-1: USB disconnect, device number 4
[   91.288034][ T5313] iforce 2-1:0.0: usb_submit_urb failed: -32
[   91.290666][ T5313] input input5: Device does not respond to id packet M
[   91.295932][ T5313] iforce 2-1:0.0: usb_submit_urb failed: -32
[   91.301637][ T5313] input input5: Device does not respond to id packet P
[   91.306776][ T5313] iforce 2-1:0.0: usb_submit_urb failed: -32
[   91.309931][ T5313] input input5: Device does not respond to id packet B
[   91.516443][ T5313] iforce 2-1:0.0: usb_submit_urb failed: -71
[   91.525164][ T5313] iforce 2-1:0.0: usb_submit_urb failed: -71
[   91.530615][ T5313] iforce 2-1:0.0: usb_submit_urb failed: -71
[   91.534072][ T5313] iforce 2-1:0.0: usb_submit_urb failed: -71
[   91.547040][ T5313] input: Unknown I-Force Device [%04x:%04x] as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input5
[   91.566415][ T5313] usb 2-1: USB disconnect, device number 3
[   91.569914][ T5280] iforce 2-1:0.0: usb_submit_urb failed -19
[   91.610376][ T5313] iforce 2-1:0.0: usb_submit_urb failed -19
[   92.714303][ T6429] Bluetooth: MGMT ver 1.23
[   93.117622][ T5313] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[   93.173605][ T6443] team0: Port device team_slave_0 removed
[   93.280853][ T5313] usb 3-1: Using ep0 maxpacket: 32
[   93.294972][ T5313] usb 3-1: config 0 has an invalid interface number: 184 but max is 0
[   93.298617][ T5313] usb 3-1: config 0 has no interface number 0
[   93.300998][ T5313] usb 3-1: config 0 interface 184 has no altsetting 0
[   93.313304][ T5313] usb 3-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[   93.317060][ T5313] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   93.320346][ T5313] usb 3-1: Product: syz
[   93.321978][ T5313] usb 3-1: Manufacturer: syz
[   93.323789][ T5313] usb 3-1: SerialNumber: syz
[   93.330459][ T5313] usb 3-1: config 0 descriptor??
[   93.343109][ T5313] smsc75xx v1.0.0
[   93.344787][ T5313] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[   93.349729][ T5313] smsc75xx 3-1:0.184: probe with driver smsc75xx failed with error -22
[   93.863546][ T6432] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[   93.866330][ T6432] Bluetooth: hci0: Error when powering off device on rfkill (-4)
[   93.885087][ T6432] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[   93.887432][ T6432] Bluetooth: hci1: Error when powering off device on rfkill (-4)
[   93.899858][ T6432] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[   93.903319][ T6432] Bluetooth: hci2: Error when powering off device on rfkill (-4)
[   95.846451][ T5313] usb 3-1: USB disconnect, device number 5
[   95.859700][ T6494] netlink: 'syz.1.242': attribute type 1 has an invalid length.
[   96.048365][ T6505] loop2: detected capacity change from 0 to 2048
[   96.064777][ T6505] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[   96.088176][   T96] usb 1-1: new full-speed USB device number 4 using dummy_hcd
[   96.147368][ T6509] loop1: detected capacity change from 0 to 512
[   96.151516][ T6509] EXT4-fs: Ignoring removed orlov option
[   96.158380][ T6509] EXT4-fs: Ignoring removed mblk_io_submit option
[   96.169529][ T6509] EXT4-fs (loop1): orphan cleanup on readonly fs
[   96.173022][ T6509] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -13
[   96.188259][ T6509] EXT4-fs error (device loop1): ext4_clear_blocks:876: inode #13: comm syz.1.249: attempt to clear invalid blocks 2 len 1
[   96.196721][ T6509] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters
[   96.207415][ T6509] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #13: comm syz.1.249: invalid indirect mapped block 1819239214 (level 0)
[   96.218034][ T6509] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #13: comm syz.1.249: invalid indirect mapped block 1819239214 (level 1)
[   96.224843][ T6509] EXT4-fs (loop1): 1 truncate cleaned up
[   96.238165][ T6509] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   96.244925][   T96] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   96.249036][   T96] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[   96.261415][   T96] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[   96.264284][   T96] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   96.266741][   T96] usb 1-1: Product: syz
[   96.278005][   T96] usb 1-1: Manufacturer: syz
[   96.279512][   T96] usb 1-1: SerialNumber: syz
[   96.295786][ T5978] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   96.625822][   T96] usb 1-1: 0:2 : does not exist
[   96.632165][   T96] usb 1-1: 5:0: failed to get current value for ch 0 (-22)
[   96.655755][   T96] usb 1-1: USB disconnect, device number 4
[   96.994662][ T6259] udevd[6259]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[   97.361454][ T6515] kexec: Could not allocate control_code_buffer
[   97.413613][   T33] audit: type=1326 audit(1755393678.822:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6528 comm="syz.2.257" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb80258ebe9 code=0x0
[   97.453068][ T6531] Zero length message leads to an empty skb
[   97.456188][ T6531] netlink: 'syz.0.258': attribute type 10 has an invalid length.
[   97.475306][ T6531] dummy0: entered promiscuous mode
[   97.478079][ T6531] dummy0: entered allmulticast mode
[   97.480895][ T6531] bond0: (slave dummy0): Enslaving as an active interface with an up link
[   97.637812][ T6540] netlink: 72 bytes leftover after parsing attributes in process `syz.0.262'.
[   97.721518][ T6542] loop0: detected capacity change from 0 to 8192
[   97.760422][ T6259] Dev loop0: unable to read partition block 838860800
[   97.762836][ T6259]  loop0: RDSK (419430400) unable to read partition table
[   97.765156][ T6259] loop0: partition table beyond EOD, truncated
[   97.770399][ T6542] Dev loop0: unable to read partition block 838860800
[   97.773786][ T6542]  loop0: RDSK (419430400) unable to read partition table
[   97.776039][ T6542] loop0: partition table beyond EOD, truncated
[   97.778834][ T6542] loop_reread_partitions: partition scan of loop0 () failed (rc=-5)
[   98.097678][   T24] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[   98.247905][   T24] usb 1-1: Using ep0 maxpacket: 16
[   98.252436][   T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   98.256971][   T24] usb 1-1: New USB device found, idVendor=046d, idProduct=c513, bcdDevice= 0.00
[   98.260928][   T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   98.280053][   T24] usb 1-1: config 0 descriptor??
[   98.466622][ T6550] loop2: detected capacity change from 0 to 4096
[   98.479856][ T6550] ntfs3(loop2): Different NTFS sector size (4096) and media sector size (512).
[   98.532195][ T6550] ntfs3(loop2): Failed to initialize $Extend/$Reparse.
[   98.703012][   T24] hid_parser_main: 4 callbacks suppressed
[   98.703033][   T24] logitech-djreceiver 0003:046D:C513.0002: unknown main item tag 0x0
[   98.713743][   T24] logitech-djreceiver 0003:046D:C513.0002: unknown main item tag 0x0
[   98.717093][   T24] logitech-djreceiver 0003:046D:C513.0002: unknown main item tag 0x0
[   98.722959][   T24] logitech-djreceiver 0003:046D:C513.0002: unknown main item tag 0x0
[   98.725835][   T24] logitech-djreceiver 0003:046D:C513.0002: unknown main item tag 0x0
[   98.907221][    T9] usb 1-1: USB disconnect, device number 5
[   98.958995][   T96] usb 3-1: new full-speed USB device number 6 using dummy_hcd
[   99.119937][   T96] usb 3-1: not running at top speed; connect to a high speed hub
[   99.123835][   T96] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   99.129977][   T96] usb 3-1: New USB device found, idVendor=11ba, idProduct=1001, bcdDevice=ec.57
[   99.132928][   T96] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   99.135568][   T96] usb 3-1: Product: syz
[   99.136881][   T96] usb 3-1: Manufacturer: syz
[   99.139187][   T96] usb 3-1: SerialNumber: syz
[   99.350952][   T96] pvrusb2: Hardware description: OnAir USB2 Hybrid USB tuner
[   99.356579][   T96] usb 3-1: USB disconnect, device number 6
[   99.356661][ T2397] pvrusb2: Invalid write control endpoint
[   99.391381][ T2397] pvrusb2: Invalid write control endpoint
[   99.393695][ T2397] pvrusb2: Invalid write control endpoint
[   99.395980][ T2397] pvrusb2: Invalid write control endpoint
[   99.398708][ T2397] pvrusb2: Invalid write control endpoint
[   99.401138][ T2397] pvrusb2: Invalid write control endpoint
[   99.403457][ T2397] pvrusb2: Invalid write control endpoint
[   99.405922][ T2397] pvrusb2: Invalid write control endpoint
[   99.410750][ T2397] pvrusb2: Invalid write control endpoint
[   99.412717][ T2397] pvrusb2: Invalid write control endpoint
[   99.414445][ T2397] pvrusb2: Invalid write control endpoint
[   99.416148][ T2397] pvrusb2: Invalid write control endpoint
[   99.418868][ T2397] pvrusb2: Invalid write control endpoint
[   99.420865][ T2397] pvrusb2: Invalid write control endpoint
[   99.422859][ T2397] pvrusb2: Invalid write control endpoint
[   99.424775][ T2397] pvrusb2: Invalid write control endpoint
[   99.426760][ T2397] pvrusb2: Invalid write control endpoint
[   99.429345][ T2397] pvrusb2: Invalid write control endpoint
[   99.431702][ T2397] pvrusb2: Invalid write control endpoint
[   99.437595][ T2397] pvrusb2: Invalid write control endpoint
[   99.439865][ T2397] pvrusb2: Invalid write control endpoint
[   99.444943][ T2397] pvrusb2: Invalid write control endpoint
[   99.446965][ T2397] pvrusb2: Invalid write control endpoint
[   99.453666][ T2397] pvrusb2: Invalid write control endpoint
[   99.455548][ T2397] pvrusb2: Invalid write control endpoint
[   99.459792][ T2397] pvrusb2: Invalid write control endpoint
[   99.461637][ T2397] pvrusb2: Invalid write control endpoint
[   99.463501][ T2397] pvrusb2: Invalid write control endpoint
[   99.465506][ T2397] pvrusb2: Invalid write control endpoint
[   99.467671][ T2397] pvrusb2: Invalid write control endpoint
[   99.471820][ T2397] pvrusb2: Invalid write control endpoint
[   99.473750][ T2397] pvrusb2: Invalid write control endpoint
[   99.475814][ T2397] pvrusb2: Invalid write control endpoint
[   99.486008][ T2397] pvrusb2: Module ID 3 (saa7115) for device OnAir USB2 Hybrid USB tuner failed to load.  Possible missing sub-device kernel module or initialization failure within module.
[   99.512889][ T2397] cs53l32a 2-0011: chip found @ 0x22 (pvrusb2_a)
[   99.515725][ T2397] pvrusb2: Invalid write control endpoint
[   99.518293][ T2397] pvrusb2: Invalid write control endpoint
[   99.520261][ T2397] pvrusb2: Invalid write control endpoint
[   99.522381][ T2397] pvrusb2: Invalid write control endpoint
[   99.524437][ T2397] pvrusb2: Invalid write control endpoint
[   99.526580][ T2397] pvrusb2: Invalid write control endpoint
[   99.529334][ T2397] pvrusb2: Invalid write control endpoint
[   99.532856][ T2397] pvrusb2: Invalid write control endpoint
[   99.535058][ T2397] pvrusb2: Invalid write control endpoint
[   99.536938][ T2397] pvrusb2: Invalid write control endpoint
[   99.539026][ T2397] pvrusb2: Invalid write control endpoint
[   99.541593][ T2397] pvrusb2: Invalid write control endpoint
[   99.544031][ T2397] pvrusb2: Invalid write control endpoint
[   99.544176][ T6557] netlink: 'syz.0.270': attribute type 10 has an invalid length.
[   99.546304][ T2397] pvrusb2: Invalid write control endpoint
[   99.553809][ T2397] pvrusb2: Invalid write control endpoint
[   99.555947][ T2397] pvrusb2: Invalid write control endpoint
[   99.557095][ T6557] mac80211_hwsim hwsim3 wlan1: entered promiscuous mode
[   99.558195][ T2397] pvrusb2: Invalid write control endpoint
[   99.558209][ T2397] pvrusb2: Invalid write control endpoint
[   99.558218][ T2397] pvrusb2: Invalid write control endpoint
[   99.558229][ T2397] pvrusb2: Invalid write control endpoint
[   99.558265][ T2397] pvrusb2: Invalid write control endpoint
[   99.560464][ T2397] pvrusb2: Attached sub-driver cs53l32a
[   99.562161][ T6557] mac80211_hwsim hwsim3 wlan1: entered allmulticast mode
[   99.579609][ T6557] bond0: (slave wlan1): Enslaving as an active interface with an up link
[   99.595211][ T2397] pvrusb2: Invalid write control endpoint
[   99.598332][ T2397] pvrusb2: Invalid write control endpoint
[   99.600566][ T2397] pvrusb2: Invalid write control endpoint
[   99.602642][ T2397] pvrusb2: Invalid write control endpoint
[   99.604753][ T2397] pvrusb2: Module ID 4 (tuner) for device OnAir USB2 Hybrid USB tuner failed to load.  Possible missing sub-device kernel module or initialization failure within module.
[   99.614429][ T2397] pvrusb2: Device being rendered inoperable
[   99.616765][ T2397] pvrusb2: ***WARNING*** pvrusb2 driver initialization failed due to the failure of one or more sub-device kernel modules.
[   99.623710][ T2397] pvrusb2: You need to resolve the failing condition before this driver can function.  There should be some earlier messages giving more information about the problem.
[   99.884663][ T6561] loop0: detected capacity change from 0 to 32768
[   99.903093][ T6561] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.271 (6561)
[   99.963277][ T6561] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[   99.972944][ T6561] BTRFS info (device loop0): using crc32c (crc32c-lib) checksum algorithm
[   99.976828][ T6561] BTRFS info (device loop0): using free-space-tree
[  100.244153][ T5975] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  100.415758][ T6593] loop2: detected capacity change from 0 to 1024
[  100.420435][ T6593] EXT4-fs: Ignoring removed nomblk_io_submit option
[  100.457707][ T6593] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003]
[  100.461420][ T6593] System zones: 0-1, 3-36
[  100.486790][ T6593] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  100.537003][ T6593] capability: warning: `syz.2.280' uses deprecated v2 capabilities in a way that may be insecure
[  100.611291][ T5977] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  100.764577][ T6607] input: syz0 as /devices/virtual/input/input7
[  100.768611][   T24] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  100.772305][ T6606] loop0: detected capacity change from 0 to 512
[  100.789430][ T6606] EXT4-fs error (device loop0): ext4_iget_extra_inode:5104: inode #15: comm syz.0.285: corrupted in-inode xattr: invalid ea_ino
[  100.818682][ T6606] EXT4-fs error (device loop0): ext4_orphan_get:1397: comm syz.0.285: couldn't read orphan inode 15 (err -117)
[  100.825521][ T6606] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  100.852100][ T5975] EXT4-fs error (device loop0): htree_dirblock_to_tree:1080: inode #2: block 13: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=76, inode=0, rec_len=0, size=1024 fake=0
[  100.889811][ T5975] EXT4-fs error (device loop0): ext4_lookup:1791: inode #2: comm syz-executor: deleted inode referenced: 15
[  100.904199][ T5975] EXT4-fs error (device loop0): ext4_lookup:1791: inode #2: comm syz-executor: deleted inode referenced: 15
[  100.920458][   T24] usb 2-1: Using ep0 maxpacket: 32
[  100.931247][   T24] usb 2-1: config 0 has an invalid interface number: 12 but max is 0
[  100.934342][   T24] usb 2-1: config 0 has no interface number 0
[  100.944409][   T24] usb 2-1: config 0 interface 12 has no altsetting 0
[  100.952985][   T24] usb 2-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  100.960206][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  100.967212][   T24] usb 2-1: Product: syz
[  100.977594][   T24] usb 2-1: Manufacturer: syz
[  100.979493][   T24] usb 2-1: SerialNumber: syz
[  100.996911][   T24] usb 2-1: config 0 descriptor??
[  101.209840][ T5975] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  101.272591][ T5676] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  101.355281][ T5676] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  101.417852][   T24] f81534 2-1:0.12: f81534_get_register: reg: 1003 failed: -71
[  101.425870][   T24] f81534 2-1:0.12: f81534_find_config_idx: read failed: -71
[  101.433978][   T24] f81534 2-1:0.12: f81534_calc_num_ports: find idx failed: -71
[  101.438584][   T24] f81534 2-1:0.12: probe with driver f81534 failed with error -71
[  101.465952][ T5676] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  101.468538][   T24] usb 2-1: USB disconnect, device number 4
[  101.629998][ T5676] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  101.868978][ T5676] macvlan2: left promiscuous mode
[  101.870788][ T5676] bond0: left promiscuous mode
[  101.878906][ T5676] bridge0: port 3(macvlan2) entered disabled state
[  101.885399][ T5676] bridge_slave_1: left allmulticast mode
[  101.889818][ T5676] bridge_slave_1: left promiscuous mode
[  101.891668][ T5676] bridge0: port 2(bridge_slave_1) entered disabled state
[  101.897441][ T5676] bridge_slave_0: left allmulticast mode
[  101.899238][ T5676] bridge_slave_0: left promiscuous mode
[  101.901116][ T5676] bridge0: port 1(bridge_slave_0) entered disabled state
[  101.913536][ T5676] bond_slave_0: left promiscuous mode
[  101.916095][ T5676] bond_slave_1: left promiscuous mode
[  101.918548][ T5676] dummy0: left promiscuous mode
[  101.920425][ T5676] mac80211_hwsim hwsim3 wlan1: left promiscuous mode
[  102.145769][   T55] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  102.150847][   T55] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  102.153635][   T55] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  102.158013][   T55] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  102.161195][   T55] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  102.179324][ T5981] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  102.182587][ T5981] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  102.186078][ T5981] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  102.190485][ T5981] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  102.193326][ T5981] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  102.432478][ T5676] bond0 (unregistering): left allmulticast mode
[  102.435086][ T5676] bond_slave_0: left allmulticast mode
[  102.437945][ T5676] bond_slave_1: left allmulticast mode
[  102.440158][ T5676] dummy0: left allmulticast mode
[  102.442403][ T5676] mac80211_hwsim hwsim3 wlan1: left allmulticast mode
[  102.482128][ T5676] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  102.494695][ T5676] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  102.506965][ T5676] bond0 (unregistering): (slave dummy0): Releasing backup interface
[  102.519583][ T5676] bond0 (unregistering): (slave wlan1): Releasing backup interface
[  102.586822][   T24] usb 2-1: new full-speed USB device number 5 using dummy_hcd
[  102.587140][ T5676] bond0 (unregistering): Released all slaves
[  102.697383][ T5676] tipc: Left network mode
[  102.754997][   T24] usb 2-1: unable to get BOS descriptor or descriptor too short
[  102.762476][   T24] usb 2-1: not running at top speed; connect to a high speed hub
[  102.773523][   T24] usb 2-1: config 1 has an invalid interface descriptor of length 5, skipping
[  102.776451][   T24] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  102.788129][   T24] usb 2-1: config 1 has 3 interfaces, different from the descriptor's value: 19
[  102.793813][   T24] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 59, changing to 4
[  102.797943][   T24] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 4
[  102.810423][   T24] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  102.813459][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  102.815957][   T24] usb 2-1: Product: syz
[  102.827771][   T24] usb 2-1: Manufacturer: syz
[  102.829304][   T24] usb 2-1: SerialNumber: syz
[  103.054239][   T24] usb 2-1: 2:1 : UAC_AS_GENERAL descriptor not found
[  103.074037][ T5676] hsr_slave_0: left promiscuous mode
[  103.080537][ T5676] hsr_slave_1: left promiscuous mode
[  103.087840][ T5676] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  103.097206][   T24] usb 2-1: USB disconnect, device number 5
[  103.099304][ T5676] batman_adv: batadv0: Removing interface: batadv_slave_0
[  103.122348][ T5676] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  103.125520][ T5676] batman_adv: batadv0: Removing interface: batadv_slave_1
[  103.155916][ T5676] veth1_macvtap: left promiscuous mode
[  103.160056][ T5676] veth0_macvtap: left promiscuous mode
[  103.164950][ T5676] veth1_vlan: left promiscuous mode
[  103.167651][ T5676] veth0_vlan: left promiscuous mode
[  103.614868][ T5676] team0 (unregistering): Port device team_slave_1 removed
[  104.079687][ T6633] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  104.086262][ T6633] batman_adv: batadv0: Removing interface: batadv_slave_0
[  104.091394][ T6633] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  104.094563][ T6633] batman_adv: batadv0: Removing interface: batadv_slave_1
[  104.125404][ T6615] chnl_net:caif_netlink_parms(): no params data found
[  104.211115][ T6615] bridge0: port 1(bridge_slave_0) entered blocking state
[  104.216471][ T6615] bridge0: port 1(bridge_slave_0) entered disabled state
[  104.220308][ T6615] bridge_slave_0: entered allmulticast mode
[  104.224191][ T6615] bridge_slave_0: entered promiscuous mode
[  104.230423][ T6615] bridge0: port 2(bridge_slave_1) entered blocking state
[  104.233368][ T6615] bridge0: port 2(bridge_slave_1) entered disabled state
[  104.238380][ T6615] bridge_slave_1: entered allmulticast mode
[  104.250090][ T6615] bridge_slave_1: entered promiscuous mode
[  104.286774][ T5981] Bluetooth: hci0: command tx timeout
[  104.350308][ T6615] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  104.369135][ T6615] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  104.461799][ T6615] team0: Port device team_slave_0 added
[  104.468489][ T6615] team0: Port device team_slave_1 added
[  104.509647][ T6615] batman_adv: batadv0: Adding interface: batadv_slave_0
[  104.512248][ T6615] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  104.533973][ T6615] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  104.560433][ T6615] batman_adv: batadv0: Adding interface: batadv_slave_1
[  104.563221][ T6615] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  104.579343][ T6615] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  104.704806][ T6615] hsr_slave_0: entered promiscuous mode
[  104.712304][ T6615] hsr_slave_1: entered promiscuous mode
[  104.769743][ T6656] loop1: detected capacity change from 0 to 1024
[  104.800321][ T6656] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  104.805007][ T6656] ext4 filesystem being mounted at /92/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  104.852120][ T6656] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.300: bg 0: block 393: padding at end of block bitmap is not set
[  104.859447][ T6656] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 2050 with max blocks 1 with error 117
[  104.869392][ T6656] EXT4-fs (loop1): This should not happen!! Data will be lost
[  104.869392][ T6656] 
[  104.911174][ T5978] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  104.985033][ T6615] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  105.004441][ T6615] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  105.023976][ T6615] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  105.040637][ T6615] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  105.073627][ T6615] bridge0: port 2(bridge_slave_1) entered blocking state
[  105.075966][ T6615] bridge0: port 2(bridge_slave_1) entered forwarding state
[  105.078305][ T6615] bridge0: port 1(bridge_slave_0) entered blocking state
[  105.081255][ T6615] bridge0: port 1(bridge_slave_0) entered forwarding state
[  105.097881][   T36] bridge0: port 1(bridge_slave_0) entered disabled state
[  105.101280][   T36] bridge0: port 2(bridge_slave_1) entered disabled state
[  105.146232][ T6683] netlink: 4 bytes leftover after parsing attributes in process `syz.1.305'.
[  105.173975][ T6615] 8021q: adding VLAN 0 to HW filter on device bond0
[  105.208374][ T6615] 8021q: adding VLAN 0 to HW filter on device team0
[  105.220474][ T1094] bridge0: port 1(bridge_slave_0) entered blocking state
[  105.222713][ T1094] bridge0: port 1(bridge_slave_0) entered forwarding state
[  105.240351][ T6688] binder: 6686:6688 ioctl c0306201 200000000240 returned -14
[  105.245081][ T1094] bridge0: port 2(bridge_slave_1) entered blocking state
[  105.247365][ T1094] bridge0: port 2(bridge_slave_1) entered forwarding state
[  105.274144][ T6692] loop1: detected capacity change from 0 to 2048
[  105.319008][ T6692] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  105.362677][ T6701] netlink: 96 bytes leftover after parsing attributes in process `syz.2.309'.
[  105.362724][ T6692] EXT4-fs: Cannot specify journal on remount
[  105.453536][ T6615] 8021q: adding VLAN 0 to HW filter on device batadv0
[  105.461484][ T5978] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  105.488369][ T6615] veth0_vlan: entered promiscuous mode
[  105.496520][ T6615] veth1_vlan: entered promiscuous mode
[  105.519146][ T6615] veth0_macvtap: entered promiscuous mode
[  105.526443][ T6615] veth1_macvtap: entered promiscuous mode
[  105.543467][ T6615] batman_adv: batadv0: Interface activated: batadv_slave_0
[  105.551124][ T6615] batman_adv: batadv0: Interface activated: batadv_slave_1
[  105.631468][ T6007] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  106.038523][ T6007] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  106.041716][ T6007] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  106.104744][ T6007] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  106.117952][ T1227] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  106.121017][ T1227] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  106.171559][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  106.179906][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  106.355200][ T6725] tipc: Started in network mode
[  106.357219][ T6725] tipc: Node identity 9e9cbaaa31ad, cluster identity 4711
[  106.366878][ T5981] Bluetooth: hci0: command tx timeout
[  106.371291][ T6725] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  106.399690][ T6723] tipc: Resetting bearer <eth:syzkaller0>
[  106.414167][ T6728] loop2: detected capacity change from 0 to 64
[  106.423481][ T6721] tipc: Disabling bearer <eth:syzkaller0>
[  106.445596][ T6728] MINIX-fs: mounting file system with errors, running fsck is recommended
[  106.557116][ T6731] loop1: detected capacity change from 0 to 256
[  106.813306][ T6749] affs: No valid root block on device nullb0
[  107.140527][ T6759] loop2: detected capacity change from 0 to 512
[  107.197080][ T6759] EXT4-fs error (device loop2): ext4_orphan_get:1392: inode #15: comm syz.2.324: casefold flag without casefold feature
[  107.226995][ T6759] EXT4-fs (loop2): Remounting filesystem read-only
[  107.250848][ T6759] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  107.493124][ T5977] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  107.617325][ T6767] syz_tun: entered allmulticast mode
[  107.781717][ T6769] loop2: detected capacity change from 0 to 256
[  107.795261][ T6769] exfat: Deprecated parameter 'namecase'
[  107.801440][ T6769] exfat: Deprecated parameter 'utf8'
[  107.828832][ T6769] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[  107.847445][ T6757] loop1: detected capacity change from 0 to 32768
[  108.049307][ T6757] bcachefs (loop1): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=crc64,data_checksum=none,compression=lz4,journal_flush_disabled,fsck,recovery_pass_last=set_may_go_rw,reconstruct_alloc,no_data_io
[  108.049323][ T6757]   allowing incompatible features above 0.0: (unknown version)
[  108.049328][ T6757]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  108.059899][ T6757] bcachefs (loop1): Using encoding defined by superblock: utf8-12.1.0
[  108.068904][ T6757] bcachefs (loop1): recovering from clean shutdown, journal seq 10
[  108.072495][ T6757] bcachefs (loop1): Version upgrade required:
[  108.072495][ T6757] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete
[  108.072495][ T6757] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.28: inode_has_case_insensitive
[  108.072495][ T6757]   running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,check_rebalance_work,set_fs_needs_rebalance
[  108.114156][ T6757] bcachefs (loop1): dropping and reconstructing all alloc info
[  108.132842][ T6757] bcachefs (loop1): accounting_read... done
[  108.140299][ T6757] bcachefs (loop1): alloc_read... done
[  108.142817][ T6757] bcachefs (loop1): snapshots_read... done
[  108.146106][ T6757] bcachefs (loop1): check_allocations... done
[  108.168731][ T6757] bcachefs (loop1): going read-write
[  108.188531][ T6757] bcachefs (loop1): done starting filesystem
[  108.221198][ T6794] binder: 6793:6794 ioctl c0306201 0 returned -14
[  108.262513][ T6757] bcachefs (loop1): inode 536870913 truncated to 0 but i_blocks 24 (ondisk 24)
[  108.274490][ T3622] bcachefs (loop1): bucket incorrectly unset in freespace btree
[  108.274508][ T3622]   u64s 5 type deleted 0:30:0 len 0 ver 0, , continuing
[  108.296335][ T3622] bcachefs (loop1): bucket incorrectly unset in freespace btree
[  108.296374][ T3622]   u64s 5 type deleted 0:29:0 len 0 ver 0, , continuing
[  108.314956][ T3622] bcachefs (loop1): bucket incorrectly unset in freespace btree
[  108.314984][ T3622]   u64s 5 type deleted 0:33:0 len 0 ver 0, , continuing
[  108.409388][ T6757] syz.1.323 (6757) used greatest stack depth: 17848 bytes left
[  108.435182][ T5978] bcachefs (loop1): shutting down
[  108.438292][ T5978] bcachefs (loop1): going read-only
[  108.440396][ T5978] bcachefs (loop1): finished waiting for writes to stop
[  108.443858][ T5981] Bluetooth: hci0: command tx timeout
[  108.452156][ T5978] bcachefs (loop1): flushing journal and stopping allocators, journal seq 11
[  108.480211][   T36] bcachefs (loop1): bucket incorrectly unset in freespace btree
[  108.480224][   T36]   u64s 5 type deleted 0:43:0 len 0 ver 0, , continuing
[  108.516184][ T5978] bcachefs (loop1): flushing journal and stopping allocators complete, journal seq 11
[  108.550227][ T5978] bcachefs (loop1): unclean shutdown complete, journal seq 12
[  108.578244][ T5978] bcachefs (loop1): done going read-only, filesystem not clean
[  108.650226][ T5978] bcachefs (loop1): shutdown complete
[  108.823852][   T24] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  108.984032][   T24] usb 3-1: Using ep0 maxpacket: 8
[  109.003807][   T24] usb 3-1: config 179 has an invalid interface number: 65 but max is 0
[  109.012741][   T24] usb 3-1: config 179 has no interface number 0
[  109.020346][   T24] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  109.029316][   T24] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  109.032899][   T24] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  109.037053][   T24] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  109.040646][   T24] usb 3-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  109.046369][   T24] usb 3-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  109.049651][   T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  109.065527][ T6809] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  109.319815][   T24] input: Generic X-Box pad as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:179.65/input/input8
[  109.498947][ T6809] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  109.513971][ T6809] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  109.740937][    C1] xpad 3-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  109.740943][   T96] usb 3-1: USB disconnect, device number 7
[  109.740982][    C1] xpad 3-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  110.189452][ T6834] loop1: detected capacity change from 0 to 32768
[  110.209690][ T6834] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  110.229667][ T6834] XFS (loop1): Ending clean mount
[  110.267046][ T5978] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  110.522941][ T5981] Bluetooth: hci0: command tx timeout
[  110.535800][ T6857] openvswitch: netlink: IP tunnel dst address not specified
[  110.834800][ T6876] loop1: detected capacity change from 0 to 256
[  110.838438][ T6876] exfat: Deprecated parameter 'utf8'
[  110.859151][ T6876] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x1a9973fb, utbl_chksum : 0xe619d30d)
[  110.914568][ T6877] netlink: 'syz.2.357': attribute type 1 has an invalid length.
[  111.468663][ T6879] loop3: detected capacity change from 0 to 32768
[  111.582739][ T5963] usb 2-1: new low-speed USB device number 6 using dummy_hcd
[  111.733922][ T5963] usb 2-1: config 65 has an invalid interface number: 95 but max is 0
[  111.737202][ T5963] usb 2-1: config 65 has no interface number 0
[  111.747948][ T5963] usb 2-1: string descriptor 0 read error: -22
[  111.750325][ T5963] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a0, bcdDevice=6f.b6
[  111.754182][ T5963] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  111.762267][ T5963] usbtest 2-1:65.95: Linux gadget zero
[  111.764267][ T5963] usbtest 2-1:65.95: low-speed {control in/out} tests (+alt)
[  111.915320][ T6890] loop2: detected capacity change from 0 to 764
[  111.919371][ T6890] rock: directory entry would overflow storage
[  111.921352][ T6890] rock: sig=0x5245, size=8, remaining=5
[  111.968611][   T24] usb 2-1: USB disconnect, device number 6
[  113.352808][ T6916] loop1: detected capacity change from 0 to 2048
[  113.364541][ T6916] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024)
[  113.398422][ T6919] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  113.456103][ T6916] syz.1.381: attempt to access beyond end of device
[  113.456103][ T6916] loop1: rw=0, sector=262216, nr_sectors = 2 limit=2048
[  113.462658][ T6916] NILFS (loop1): I/O error reading meta-data file (ino=6, block-offset=1)
[  113.649683][ T6930] loop3: detected capacity change from 0 to 512
[  113.656828][ T6930] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem
[  113.667411][ T6930] EXT4-fs (loop3): orphan cleanup on readonly fs
[  113.667648][ T6927] loop1: detected capacity change from 0 to 4096
[  113.670153][ T6930] EXT4-fs error (device loop3): ext4_orphan_get:1392: inode #15: comm syz.3.384: iget: bad i_size value: 360287970189639680
[  113.681315][    T9] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  113.681912][ T6930] EXT4-fs error (device loop3): ext4_orphan_get:1397: comm syz.3.384: couldn't read orphan inode 15 (err -117)
[  113.691953][ T6930] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  113.698656][ T6930] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  113.831159][    T9] usb 3-1: Using ep0 maxpacket: 32
[  113.836424][    T9] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  113.840478][    T9] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  113.844924][    T9] usb 3-1: New USB device found, idVendor=05ac, idProduct=029c, bcdDevice= 0.00
[  113.849568][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  113.860525][    T9] usb 3-1: config 0 descriptor??
[  114.137939][    T9] usb 3-1: USB disconnect, device number 8
[  115.141519][ T6952] loop2: detected capacity change from 0 to 32768
[  115.520491][   T24] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  115.555410][ T6959] loop3: detected capacity change from 0 to 512
[  115.562483][ T6959] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2842e028, mo2=0002]
[  115.565903][ T6959] System zones: 1-12
[  115.575433][ T6959] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm syz.3.395: invalid indirect mapped block 8 (level 2)
[  115.584011][ T6959] EXT4-fs (loop3): Remounting filesystem read-only
[  115.586592][ T6959] EXT4-fs (loop3): 1 truncate cleaned up
[  115.589821][ T6959] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  115.610977][ T6615] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  115.700267][   T24] usb 3-1: Using ep0 maxpacket: 8
[  115.704661][   T24] usb 3-1: config 0 interface 0 altsetting 5 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  115.734278][   T24] usb 3-1: config 0 interface 0 altsetting 5 endpoint 0x81 has invalid wMaxPacketSize 0
[  115.738420][   T24] usb 3-1: config 0 interface 0 has no altsetting 0
[  115.742944][   T24] usb 3-1: New USB device found, idVendor=1038, idProduct=1410, bcdDevice= 0.00
[  115.746547][   T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  115.756186][   T24] usb 3-1: config 0 descriptor??
[  116.063459][   T96] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  116.170398][   T24] steelseries 0003:1038:1410.0003: item fetching failed at offset 2/5
[  116.174676][   T24] steelseries 0003:1038:1410.0003: parse failed
[  116.177568][   T24] steelseries 0003:1038:1410.0003: probe with driver steelseries failed with error -22
[  116.383946][   T24] usb 3-1: USB disconnect, device number 9
[  116.711453][   T96] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  116.719730][   T96] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  116.723214][   T96] usb 2-1: New USB device found, idVendor=056a, idProduct=030c, bcdDevice= 0.00
[  116.729739][   T96] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  116.734779][   T96] usb 2-1: config 0 descriptor??
[  116.842173][ T6976] netlink: 32 bytes leftover after parsing attributes in process `syz.3.402'.
[  116.926132][ T6980] netlink: 'syz.3.404': attribute type 3 has an invalid length.
[  117.017378][ T6988] loop2: detected capacity change from 0 to 512
[  117.021994][ T6988] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended
[  117.024957][ T6988] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem
[  117.031729][ T6988] EXT4-fs (loop2): warning: mounting unchecked fs, running e2fsck is recommended
[  117.035348][ T6988] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a002e01c, mo2=0006]
[  117.038135][ T6988] System zones: 0-2, 18-18, 34-35
[  117.042131][ T6988] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  117.141132][ T6985] loop3: detected capacity change from 0 to 40427
[  117.158207][ T6985] F2FS-fs (loop3): invalid crc value
[  117.204223][ T6985] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  117.210591][ T6985] F2FS-fs (loop3): Start checkpoint disabled!
[  117.220264][ T6985] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[  117.513403][ T6994] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.408: bg 0: block 353: padding at end of block bitmap is not set
[  117.524236][   T96] usb 2-1: USB disconnect, device number 7
[  117.889800][   T52] kworker/u9:2: attempt to access beyond end of device
[  117.889800][   T52] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  117.896566][   T52] CPU: 0 UID: 0 PID: 52 Comm: kworker/u9:2 Not tainted 6.17.0-rc1-syzkaller-00036-gdfc0f6373094-dirty #0 PREEMPT(full) 
[  117.896582][   T52] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  117.896591][   T52] Workqueue: writeback wb_workfn (flush-7:3)
[  117.896612][   T52] Call Trace:
[  117.896683][   T52]  <TASK>
[  117.896734][   T52]  dump_stack_lvl+0x189/0x250
[  117.896748][   T52]  ? __pfx_dump_stack_lvl+0x10/0x10
[  117.896757][   T52]  ? __pfx_queue_work_on+0x10/0x10
[  117.896765][   T52]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  117.896776][   T52]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  117.896791][   T52]  f2fs_handle_critical_error+0x37c/0x540
[  117.896806][   T52]  f2fs_write_end_io+0x886/0xb60
[  117.896826][   T52]  __submit_merged_bio+0x27a/0x6a0
[  117.896851][   T52]  __submit_merged_write_cond+0x255/0x530
[  117.896872][   T52]  f2fs_write_data_pages+0x261d/0x3000
[  117.896905][   T52]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  117.896925][   T52]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  117.896952][   T52]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  117.896969][   T52]  ? trace_f2fs_writepages+0x7f/0x200
[  117.897006][   T52]  ? f2fs_write_node_pages+0x478/0x6e0
[  117.897019][   T52]  ? __pfx_f2fs_write_node_pages+0x10/0x10
[  117.897037][   T52]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  117.897049][   T52]  do_writepages+0x32e/0x550
[  117.897063][   T52]  ? reacquire_held_locks+0x127/0x1d0
[  117.897071][   T52]  ? writeback_sb_inodes+0x384/0x1010
[  117.897086][   T52]  __writeback_single_inode+0x145/0xff0
[  117.897095][   T52]  ? do_raw_spin_unlock+0x4d/0x240
[  117.897107][   T52]  writeback_sb_inodes+0x6c7/0x1010
[  117.897120][   T52]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  117.897139][   T52]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  117.897176][   T52]  ? rcu_is_watching+0x15/0xb0
[  117.897190][   T52]  wb_writeback+0x43b/0xaf0
[  117.897204][   T52]  ? queue_io+0x3c1/0x590
[  117.897215][   T52]  ? __pfx_wb_writeback+0x10/0x10
[  117.897229][   T52]  ? _raw_spin_unlock_irq+0x23/0x50
[  117.897241][   T52]  wb_workfn+0x409/0xef0
[  117.897273][   T52]  ? __pfx_wb_workfn+0x10/0x10
[  117.897284][   T52]  ? __lock_acquire+0xab9/0xd20
[  117.897301][   T52]  ? process_scheduled_works+0x9ef/0x17b0
[  117.897312][   T52]  ? _raw_spin_unlock_irq+0x23/0x50
[  117.897320][   T52]  ? process_scheduled_works+0x9ef/0x17b0
[  117.897327][   T52]  ? process_scheduled_works+0x9ef/0x17b0
[  117.897335][   T52]  process_scheduled_works+0xae1/0x17b0
[  117.897359][   T52]  ? __pfx_process_scheduled_works+0x10/0x10
[  117.897376][   T52]  worker_thread+0x8a0/0xda0
[  117.897398][   T52]  kthread+0x711/0x8a0
[  117.897410][   T52]  ? __pfx_worker_thread+0x10/0x10
[  117.897418][   T52]  ? __pfx_kthread+0x10/0x10
[  117.897428][   T52]  ? _raw_spin_unlock_irq+0x23/0x50
[  117.897436][   T52]  ? lockdep_hardirqs_on+0x9c/0x150
[  117.897446][   T52]  ? __pfx_kthread+0x10/0x10
[  117.897456][   T52]  ret_from_fork+0x3fc/0x770
[  117.897466][   T52]  ? __pfx_ret_from_fork+0x10/0x10
[  117.897477][   T52]  ? __switch_to_asm+0x39/0x70
[  117.897487][   T52]  ? __switch_to_asm+0x33/0x70
[  117.897495][   T52]  ? __pfx_kthread+0x10/0x10
[  117.897505][   T52]  ret_from_fork_asm+0x1a/0x30
[  117.897523][   T52]  </TASK>
[  117.960768][   T52] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  118.065418][ T5977] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  118.734672][ T7016] loop1: detected capacity change from 0 to 16
[  118.750944][ T7016] erofs (device loop1): mounted with root inode @ nid 36.
[  118.773881][ T7016] netlink: 4 bytes leftover after parsing attributes in process `syz.1.414'.
[  118.854675][ T7023] syz.3.409 (7023): /proc/7022/oom_adj is deprecated, please use /proc/7022/oom_score_adj instead.
[  119.010997][ T7027] loop3: detected capacity change from 0 to 32768
[  119.015399][ T7027] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.416 (7027)
[  119.065394][ T7027] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  119.074136][ T7027] BTRFS info (device loop3): using crc32c (crc32c-lib) checksum algorithm
[  119.076955][ T7027] BTRFS error (device loop3): nologreplay must be used with ro mount option
[  119.081468][ T7027] BTRFS info (device loop3): using free-space-tree
[  119.084463][ T7027] BTRFS error (device loop3): open_ctree failed: -22
[  119.088947][ T5941] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  119.212961][ T7045] loop2: detected capacity change from 0 to 1024
[  119.250047][ T5941] usb 2-1: Using ep0 maxpacket: 16
[  119.254106][ T5941] usb 2-1: too many configurations: 123, using maximum allowed: 8
[  119.259586][ T5941] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  119.270506][ T5941] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  119.276484][ T5941] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  119.287157][ T5941] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  119.298768][ T5941] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  119.310679][ T5941] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  119.317154][ T5941] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  119.327723][ T5941] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  119.336989][ T7056] cgroup: subsys name conflicts with all
[  119.340737][ T5941] usb 2-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00
[  119.345813][ T5941] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=45
[  119.354018][ T5941] usb 2-1: SerialNumber: syz
[  119.359393][ T5941] usb 2-1: config 0 descriptor??
[  119.367671][ T5941] input: bcm5974 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input9
[  119.553719][ T7081] loop2: detected capacity change from 0 to 22
[  119.566074][ T5280] bcm5974 2-1:0.0: could not read from device
[  119.572441][ T7081] MTD: Attempt to mount non-MTD device "/dev/loop2"
[  119.587202][ T5941] usb 2-1: USB disconnect, device number 8
[  119.590755][ T5280] bcm5974 2-1:0.0: could not read from device
[  119.600400][ T7081] romfs: Mounting image 'rom 637cf1fa' through the block layer
[  119.748649][ T7091] loop3: detected capacity change from 0 to 512
[  119.760324][ T7091] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256
[  119.928218][   T96] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  120.011465][ T7096] loop3: detected capacity change from 0 to 32768
[  120.022262][ T7096] (syz.3.433,7096,1):ocfs2_read_blocks:239 ERROR: status = -12
[  120.024725][ T7096] (syz.3.433,7096,1):ocfs2_read_virt_blocks:1029 ERROR: status = -12
[  120.027311][ T7096] (syz.3.433,7096,1):ocfs2_read_dir_block:511 ERROR: status = -12
[  120.031460][ T7096] (syz.3.433,7096,1):ocfs2_read_blocks:239 ERROR: status = -12
[  120.035111][ T7096] (syz.3.433,7096,1):ocfs2_read_virt_blocks:1029 ERROR: status = -12
[  120.037697][ T7096] (syz.3.433,7096,1):ocfs2_read_dir_block:511 ERROR: status = -12
[  120.040309][ T7096] (syz.3.433,7096,1):ocfs2_read_blocks:239 ERROR: status = -12
[  120.042682][ T7096] (syz.3.433,7096,1):ocfs2_read_virt_blocks:1029 ERROR: status = -12
[  120.045402][ T7096] (syz.3.433,7096,1):ocfs2_read_dir_block:511 ERROR: status = -12
[  120.048711][ T7096] (syz.3.433,7096,1):ocfs2_init_global_system_inodes:465 ERROR: status = -22
[  120.053653][ T7096] (syz.3.433,7096,1):ocfs2_init_global_system_inodes:467 ERROR: Unable to load system inode 1, possibly corrupt fs?
[  120.053670][ T7096] (syz.3.433,7096,1):ocfs2_init_global_system_inodes:476 ERROR: status = -22
[  120.060988][ T7096] (syz.3.433,7096,1):ocfs2_initialize_super:2198 ERROR: status = -22
[  120.063528][ T7096] (syz.3.433,7096,1):ocfs2_fill_super:1177 ERROR: status = -22
[  120.089310][   T96] usb 3-1: Using ep0 maxpacket: 8
[  120.095431][   T96] usb 3-1: config 168 descriptor has 1 excess byte, ignoring
[  120.103281][   T96] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  120.113012][   T96] usb 3-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  120.117275][   T96] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  120.122584][   T96] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  120.127313][   T96] usb 3-1: config 168 descriptor has 1 excess byte, ignoring
[  120.130217][   T96] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  120.134424][   T96] usb 3-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  120.144533][   T96] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  120.149932][   T96] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  120.160874][   T96] usb 3-1: config 168 descriptor has 1 excess byte, ignoring
[  120.163627][   T96] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  120.178386][   T96] usb 3-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  120.183226][   T96] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  120.187009][   T96] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  120.199061][   T96] usb 3-1: string descriptor 0 read error: -22
[  120.201070][   T96] usb 3-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  120.207128][   T96] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  120.224221][   T96] adutux 3-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  120.435663][   T96] usb 3-1: USB disconnect, device number 10
[  121.289954][ T7123] netlink: 16 bytes leftover after parsing attributes in process `syz.2.444'.
[  121.637325][  T973] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  121.701084][    C1] vxcan1: j1939_tp_rxtimer: 0xffff8881069c8000: rx timeout, send abort
[  121.807196][  T973] usb 2-1: Using ep0 maxpacket: 32
[  121.811441][  T973] usb 2-1: config 1 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0
[  121.815258][  T973] usb 2-1: config 1 interface 0 altsetting 254 bulk endpoint 0x82 has invalid maxpacket 32
[  121.818501][  T973] usb 2-1: config 1 interface 0 altsetting 254 bulk endpoint 0x3 has invalid maxpacket 16
[  121.821665][  T973] usb 2-1: config 1 interface 0 altsetting 254 has 3 endpoint descriptors, different from the interface descriptor's value: 22
[  121.826945][  T973] usb 2-1: config 1 interface 0 has no altsetting 0
[  121.831301][  T973] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  121.834294][  T973] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  121.837190][  T973] usb 2-1: SerialNumber: syz
[  121.844865][ T7125] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  121.847591][ T7125] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  121.852637][  T973] cdc_acm 2-1:1.0: Control and data interfaces are not separated!
[  121.857347][  T973] cdc_acm 2-1:1.0: probe with driver cdc_acm failed with error -12
[  122.057028][  T973] usb 2-1: USB disconnect, device number 9
[  122.205432][    C1] vxcan1: j1939_tp_rxtimer: 0xffff8881069c8000: abort rx timeout. Force session deactivation
[  122.338942][ T5981] Bluetooth: hci0: SCO packet for unknown connection handle 0
[  122.448600][ T7135] nbd2: detected capacity change from 0 to 1024
[  122.656352][ T7142] loop1: detected capacity change from 0 to 8192
[  122.659550][ T7142] ntfs3(loop1): Different NTFS sector size (4096) and media sector size (512).
[  122.670667][ T7142] ntfs3(loop1): Mark volume as dirty due to NTFS errors
[  122.673489][ T7142] ntfs3(loop1): Failed to load $Extend (-2).
[  122.675811][ T7142] ntfs3(loop1): Failed to initialize $Extend.
[  123.197537][ T7135] block nbd2: shutting down sockets
[  123.321859][ T7155] loop2: detected capacity change from 0 to 64
[  123.345131][ T7155] BFS-fs: bfs_fill_super(): Superblock is corrupted on loop2
[  123.422318][ T7160] loop3: detected capacity change from 0 to 1024
[  123.476967][ T7160] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  123.496404][ T7160] ext4 filesystem being mounted at /54/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  123.512000][ T7160] EXT4-fs (loop3): shut down requested (1)
[  123.571813][ T6615] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  123.576293][ T7167] loop2: detected capacity change from 0 to 16
[  123.593317][ T7167] erofs (device loop2): mounted with root inode @ nid 36.
[  123.619101][   T33] audit: type=1800 audit(1755393961.041:4): pid=7167 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.463" name="file1" dev="loop2" ino=86 res=0 errno=0
[  123.719355][ T7167] syz.2.463: attempt to access beyond end of device
[  123.719355][ T7167] loop2: rw=34816, sector=34359738360, nr_sectors = 5176 limit=16
[  124.071919][ T7181] netlink: 'syz.3.470': attribute type 10 has an invalid length.
[  124.110890][ T7181] veth0_vlan: left promiscuous mode
[  124.118212][ T7181] veth0_vlan: entered promiscuous mode
[  124.125586][ T7181] team0: Device veth0_vlan failed to register rx_handler
[  124.382685][   T33] audit: type=1326 audit(1755393961.801:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7190 comm="syz.2.475" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb80258ebe9 code=0x7ffc0000
[  124.389883][   T33] audit: type=1326 audit(1755393961.801:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7190 comm="syz.2.475" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb80258ebe9 code=0x7ffc0000
[  124.397412][   T33] audit: type=1326 audit(1755393961.811:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7190 comm="syz.2.475" exe="/syz-executor" sig=0 arch=c000003e syscall=63 compat=0 ip=0x7fb80258ebe9 code=0x7ffc0000
[  124.405005][   T33] audit: type=1326 audit(1755393961.811:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7190 comm="syz.2.475" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb80258ebe9 code=0x7ffc0000
[  124.811328][   T33] audit: type=1326 audit(1755393962.201:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7192 comm="syz.2.476" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb80258ebe9 code=0x7ffc0000
[  124.863350][   T33] audit: type=1326 audit(1755393962.201:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7192 comm="syz.2.476" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb80258ebe9 code=0x7ffc0000
[  124.913685][   T33] audit: type=1326 audit(1755393962.211:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7192 comm="syz.2.476" exe="/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fb80258ebe9 code=0x7ffc0000
[  124.940702][   T33] audit: type=1326 audit(1755393962.211:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7192 comm="syz.2.476" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb80258ebe9 code=0x7ffc0000
[  124.962630][   T33] audit: type=1326 audit(1755393962.211:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7192 comm="syz.2.476" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb80258ebe9 code=0x7ffc0000
[  125.275425][   T96] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  125.448789][   T96] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  125.452822][   T96] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  125.474302][   T96] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  125.478137][   T96] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  125.483481][   T96] usb 2-1: config 0 descriptor??
[  125.645271][   T24] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  125.672471][ T7210] loop3: detected capacity change from 0 to 32768
[  125.680556][ T7210] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.483 (7210)
[  125.689963][ T7210] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  125.694922][ T7210] BTRFS info (device loop3): using crc32c (crc32c-lib) checksum algorithm
[  125.702222][ T7210] BTRFS info (device loop3): using free-space-tree
[  125.808002][   T24] usb 3-1: Using ep0 maxpacket: 8
[  125.821511][   T24] usb 3-1: New USB device found, idVendor=0c45, idProduct=614a, bcdDevice=c4.6d
[  125.826965][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  125.830190][   T24] usb 3-1: Product: syz
[  125.831886][   T24] usb 3-1: Manufacturer: syz
[  125.833760][   T24] usb 3-1: SerialNumber: syz
[  125.835343][ T6615] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  125.839079][   T24] usb 3-1: config 0 descriptor??
[  125.847676][   T24] gspca_main: sonixj-2.14.0 probing 0c45:614a
[  125.905316][   T96] keytouch 0003:0926:3333.0005: fixing up Keytouch IEC report descriptor
[  125.956563][   T96] input: HID 0926:3333 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0926:3333.0005/input/input10
[  126.056490][ T7227] openvswitch: netlink: IP tunnel attribute has 8 unknown bytes.
[  126.059960][   T96] keytouch 0003:0926:3333.0005: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.1-1/input0
[  126.186862][ T7233] netlink: 4 bytes leftover after parsing attributes in process `syz.3.487'.
[  126.227369][ T7235] loop3: detected capacity change from 0 to 16
[  126.231124][ T7235] erofs (device loop3): mounted with root inode @ nid 36.
[  126.319605][  T973] usb 2-1: USB disconnect, device number 10
[  126.327098][ T7235] erofs (device loop3): corrupted dir block 72 @ nid 36
[  126.653927][   T24] gspca_sonixj: reg_r err -71
[  126.655705][   T24] sonixj 3-1:0.0: probe with driver sonixj failed with error -71
[  126.661026][   T24] usb 3-1: USB disconnect, device number 11
[  126.679231][ T6039] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  126.834702][ T6039] usb 4-1: Using ep0 maxpacket: 8
[  126.847923][ T6039] usb 4-1: config 0 has an invalid interface number: 186 but max is 0
[  126.851016][ T6039] usb 4-1: config 0 has no interface number 0
[  126.863168][ T6039] usb 4-1: config 0 interface 186 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  126.868218][ T6039] usb 4-1: config 0 interface 186 altsetting 0 has an endpoint descriptor with address 0x9A, changing to 0x8A
[  126.872679][ T6039] usb 4-1: config 0 interface 186 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  126.876791][ T6039] usb 4-1: config 0 interface 186 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3
[  126.883124][ T6039] usb 4-1: New USB device found, idVendor=07c0, idProduct=1505, bcdDevice=b8.c5
[  126.887719][ T6039] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  126.890761][ T6039] usb 4-1: Product: syz
[  126.892101][ T6039] usb 4-1: Manufacturer: syz
[  126.893604][ T6039] usb 4-1: SerialNumber: syz
[  126.896959][ T6039] usb 4-1: config 0 descriptor??
[  127.109210][ T6039] iowarrior 4-1:0.186: IOWarrior product=0x1505, serial= interface=186 now attached to iowarrior0
[  127.112629][ T6039] usb 4-1: USB disconnect, device number 2
[  127.508258][ T7259] loop2: detected capacity change from 0 to 32768
[  127.511073][ T7259] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.499 (7259)
[  127.519448][ T7259] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  127.526043][ T7259] BTRFS info (device loop2): using crc32c (crc32c-lib) checksum algorithm
[  127.529147][ T7259] BTRFS info (device loop2): using free-space-tree
[  127.673023][ T7283] loop1: detected capacity change from 0 to 4096
[  127.676591][ T7283] ntfs3(loop1): Different NTFS sector size (4096) and media sector size (512).
[  127.934452][ T7283] ntfs3(loop1): Mark volume as dirty due to NTFS errors
[  127.938070][ T7283] ntfs3(loop1): Failed to load $Extend (-22).
[  127.940571][ T7283] ntfs3(loop1): Failed to initialize $Extend.
[  127.958695][ T5977] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  128.157151][ T7299] loop3: detected capacity change from 0 to 1024
[  128.193232][ T7299] hfsplus: request for non-existent node 33423360 in B*Tree
[  128.204205][ T7299] hfsplus: request for non-existent node 33423360 in B*Tree
[  128.218353][ T7299] hfsplus: request for non-existent node 33423360 in B*Tree
[  128.220870][ T7299] hfsplus: request for non-existent node 33423360 in B*Tree
[  128.225704][ T7299] hfsplus: request for non-existent node 33423360 in B*Tree
[  128.228045][ T7299] hfsplus: request for non-existent node 33423360 in B*Tree
[  128.233674][ T7299] hfsplus: request for non-existent node 33423360 in B*Tree
[  128.237871][ T7299] hfsplus: request for non-existent node 33423360 in B*Tree
[  128.241628][ T7299] hfsplus: request for non-existent node 33423360 in B*Tree
[  128.245003][ T7299] hfsplus: request for non-existent node 33423360 in B*Tree
[  128.262629][ T7299] hfsplus: request for non-existent node 33423360 in B*Tree
[  128.265806][ T7299] hfsplus: request for non-existent node 33423360 in B*Tree
[  128.269522][ T7299] hfsplus: request for non-existent node 33423360 in B*Tree
[  128.271772][ T7299] hfsplus: request for non-existent node 33423360 in B*Tree
[  128.283628][ T7299] hfsplus: request for non-existent node 33423360 in B*Tree
[  128.286661][ T7299] hfsplus: request for non-existent node 33423360 in B*Tree
[  128.290528][ T7299] hfsplus: request for non-existent node 33423360 in B*Tree
[  128.293045][ T7299] hfsplus: request for non-existent node 33423360 in B*Tree
[  128.344526][ T7299] hfsplus: request for non-existent node 33423360 in B*Tree
[  128.347528][ T7299] hfsplus: request for non-existent node 33423360 in B*Tree
[  128.560223][ T7301] loop2: detected capacity change from 0 to 32768
[  128.565735][ T7301] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.508 (7301)
[  128.571811][ T7301] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  128.575419][ T7301] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm
[  128.578826][ T7301] BTRFS info (device loop2): using free-space-tree
[  128.641369][   T33] kauditd_printk_skb: 166 callbacks suppressed
[  128.641383][   T33] audit: type=1800 audit(1755393966.063:180): pid=7301 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.508" name="file1" dev="loop2" ino=260 res=0 errno=0
[  128.684052][ T5941] usb 2-1: new full-speed USB device number 11 using dummy_hcd
[  128.716785][ T5977] BTRFS info (device loop2): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  128.867436][ T7341] loop2: detected capacity change from 0 to 65
[  128.871087][ T7341] BFS-fs: bfs_fill_super(): NOTE: filesystem loop2 was created with 512 inodes, the real maximum is 511, mounting anyway
[  128.946274][ T5941] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid maxpacket 1023, setting to 64
[  128.950551][ T5941] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid wMaxPacketSize 0
[  128.958741][ T5941] usb 2-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[  128.962379][ T5941] usb 2-1: New USB device strings: Mfr=1, Product=0, SerialNumber=3
[  128.965665][ T5941] usb 2-1: Manufacturer: syz
[  128.967683][ T5941] usb 2-1: SerialNumber: syz
[  128.973081][ T5941] usb 2-1: config 0 descriptor??
[  128.977334][ T7307] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  128.981379][ T5941] usb 2-1: ucan: probing device on interface #0
[  128.984114][ T5941] usb 2-1: ucan: invalid endpoint configuration
[  128.986652][ T5941] usb 2-1: ucan: probe failed; try to update the device firmware
[  129.190473][   T96] usb 2-1: USB disconnect, device number 11
[  129.383712][ T5941] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  129.533359][ T5941] usb 3-1: Using ep0 maxpacket: 32
[  129.537565][ T5941] usb 3-1: config 0 interface 0 altsetting 4 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  129.542500][ T5941] usb 3-1: config 0 interface 0 has no altsetting 0
[  129.545950][ T5941] usb 3-1: New USB device found, idVendor=5543, idProduct=0781, bcdDevice= 0.00
[  129.549440][ T5941] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  129.555940][ T5941] usb 3-1: config 0 descriptor??
[  129.979651][ T5941] uclogic 0003:5543:0781.0006: ignoring exceeding usage max
[  129.984696][ T5941] uclogic 0003:5543:0781.0006: unbalanced collection at end of report description
[  129.989470][ T5941] uclogic 0003:5543:0781.0006: parse failed
[  129.992012][ T5941] uclogic 0003:5543:0781.0006: probe with driver uclogic failed with error -22
[  130.176070][ T5941] usb 3-1: USB disconnect, device number 12
[  130.741160][ T7375] loop3: detected capacity change from 0 to 32768
[  130.752260][ T7375] ERROR: (device loop3): dbDiscardAG: -EIO
[  130.752260][ T7375] 
[  130.756775][ T7375] ERROR: (device loop3): remounting filesystem as read-only
[  130.802356][ T7377] netlink: 'syz.2.538': attribute type 3 has an invalid length.
[  130.819994][ T7377] netlink: 130984 bytes leftover after parsing attributes in process `syz.2.538'.
[  130.855004][ T7380] loop3: detected capacity change from 0 to 128
[  130.860728][ T7381] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  130.899869][ T7383] netlink: 24 bytes leftover after parsing attributes in process `syz.2.540'.
[  130.918889][ T7383] netlink: 4 bytes leftover after parsing attributes in process `syz.2.540'.
[  131.095651][ T7395] loop1: detected capacity change from 0 to 8
[  131.184554][ T7404] loop1: detected capacity change from 0 to 256
[  131.187541][ T7404] exFAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  131.191549][ T7404] exFAT-fs (loop1): Medium has reported failures. Some data may be lost.
[  131.202672][ T7404] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  131.332914][ T6039] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  131.492391][ T6039] usb 4-1: Using ep0 maxpacket: 16
[  131.498463][ T6039] usb 4-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  131.502098][ T6039] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  131.502352][    T9] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  131.505504][ T6039] usb 4-1: Product: syz
[  131.509853][ T6039] usb 4-1: Manufacturer: syz
[  131.511662][ T6039] usb 4-1: SerialNumber: syz
[  131.519823][ T6039] r8152-cfgselector 4-1: Unknown version 0x0000
[  131.522514][ T6039] r8152-cfgselector 4-1: config 0 descriptor??
[  131.642280][   T24] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  131.655378][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  131.659860][    T9] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2c2e, bcdDevice= 0.00
[  131.664725][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  131.670004][    T9] usb 2-1: config 0 descriptor??
[  131.793522][   T24] usb 3-1: Using ep0 maxpacket: 16
[  131.799486][   T24] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  131.804515][   T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  131.810672][   T24] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  131.814750][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  131.817863][   T24] usb 3-1: Product: syz
[  131.820131][   T24] usb 3-1: Manufacturer: syz
[  131.821984][   T24] usb 3-1: SerialNumber: syz
[  131.828192][   T24] usb 3-1: config 0 descriptor??
[  131.834061][   T24] em28xx 3-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  131.837661][   T24] em28xx 3-1:0.0: Audio interface 0 found (Vendor Class)
[  131.947391][ T6039] r8152-cfgselector 4-1: USB disconnect, device number 3
[  132.084042][    T9] lua 0003:1E7D:2C2E.0007: hidraw0: USB HID v0.00 Device [HID 1e7d:2c2e] on usb-dummy_hcd.1-1/input0
[  132.292270][ T6039] usb 2-1: USB disconnect, device number 12
[  132.437933][   T24] em28xx 3-1:0.0: unknown em28xx chip ID (0)
[  132.440862][   T24] em28xx 3-1:0.0: Config register raw data: 0xfffffffb
[  132.490515][ T7410] program syz.3.553 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  132.544538][ T7412] loop3: detected capacity change from 0 to 4096
[  132.597316][ T1364] ieee802154 phy0 wpan0: encryption failed: -22
[  132.599919][ T1364] ieee802154 phy1 wpan1: encryption failed: -22
[  132.934775][ T7428] sctp: [Deprecated]: syz.1.561 (pid 7428) Use of struct sctp_assoc_value in delayed_ack socket option.
[  132.934775][ T7428] Use struct sctp_sack_info instead
[  133.047651][   T24] em28xx 3-1:0.0: Unknown AC97 audio processor detected!
[  133.053879][   T24] em28xx 3-1:0.0: couldn't setup AC97 register 2
[  133.058750][   T24] em28xx 3-1:0.0: couldn't setup AC97 register 4
[  133.063574][   T24] em28xx 3-1:0.0: couldn't setup AC97 register 6
[  133.270607][ T7450] loop3: detected capacity change from 0 to 2048
[  133.288111][ T7450] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  133.294445][ T7450] ext4 filesystem being mounted at /104/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  133.337113][ T7450] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.572: bg 0: block 345: padding at end of block bitmap is not set
[  133.435839][ T6615] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  133.670704][   T24] em28xx 3-1:0.0: couldn't setup AC97 register 56
[  133.681031][   T24] usb 3-1: USB disconnect, device number 13
[  134.285909][ T7474] random: crng reseeded on system resumption
[  135.425399][ T7493] loop3: detected capacity change from 0 to 2048
[  135.428666][ T7493] UDF-fs: error (device loop3): udf_read_tagged: tag checksum failed, block 96: 0x25 != 0x13
[  135.433666][ T7493] UDF-fs: error (device loop3): udf_process_sequence: Primary Volume Descriptor not found!
[  135.438790][ T7493] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  135.486054][ T7495] loop2: detected capacity change from 0 to 4096
[  135.489827][ T7495] ntfs3(loop2): Different NTFS sector size (2048) and media sector size (512).
[  135.491076][    T9] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  135.502442][ T7495] ntfs3(loop2): Mark volume as dirty due to NTFS errors
[  135.506563][ T7495] ntfs3(loop2): Failed to load $AttrDef (-22)
[  135.524190][ T7497] dlm: no locking on control device
[  135.647086][    T9] usb 2-1: config 8 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  135.660241][    T9] usb 2-1: config 8 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  135.664147][    T9] usb 2-1: config 8 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  135.669320][    T9] usb 2-1: New USB device found, idVendor=07b5, idProduct=0312, bcdDevice= 0.00
[  135.679429][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  135.832548][ T7512] loop3: detected capacity change from 0 to 1024
[  135.835318][ T7512] EXT4-fs: Ignoring removed orlov option
[  135.844694][ T7512] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  135.881209][ T6615] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  135.960115][   T24] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  136.087101][ T7524] loop3: detected capacity change from 0 to 128
[  136.114503][   T24] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  136.120533][   T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  136.125191][   T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  136.128735][   T24] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  136.133890][    T9] megaworld 0003:07B5:0312.0008: hidraw0: USB HID v0.00 Device [HID 07b5:0312] on usb-dummy_hcd.1-1/input0
[  136.134359][   T24] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  136.138243][    T9] megaworld 0003:07B5:0312.0008: no inputs found
[  136.154883][   T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  136.161471][   T24] usb 3-1: config 0 descriptor??
[  136.340099][ T5963] usb 2-1: USB disconnect, device number 13
[  136.383441][ T7526] loop3: detected capacity change from 0 to 32768
[  136.387156][ T7526] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.602 (7526)
[  136.393646][ T7526] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  136.396782][ T7526] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm
[  136.400009][ T7526] BTRFS info (device loop3): using free-space-tree
[  136.447305][   T33] audit: type=1800 audit(1755393973.867:181): pid=7526 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.602" name="file1" dev="loop3" ino=260 res=0 errno=0
[  136.465218][   T33] audit: type=1804 audit(1755393973.887:182): pid=7526 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.602" name="/newroot/121/file0/file1" dev="loop3" ino=260 res=1 errno=0
[  136.504078][ T6615] BTRFS info (device loop3): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  136.594758][   T24] plantronics 0003:047F:FFFF.0009: ignoring exceeding usage max
[  136.644173][   T24] plantronics 0003:047F:FFFF.0009: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  136.732768][ T7543] loop3: detected capacity change from 0 to 2048
[  136.750042][ T7544] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  136.768273][ T7544] NILFS (loop3): vblocknr = 23 has abnormal lifetime: start cno (= 4294967298) > current cno (= 3)
[  136.774268][ T7544] NILFS error (device loop3): nilfs_bmap_propagate: broken bmap (inode number=4)
[  136.783988][ T7544] Remounting filesystem read-only
[  136.806604][ T6615] NILFS (loop3): disposed unprocessed dirty file(s) when stopping log writer
[  136.850724][ T7546] loop3: detected capacity change from 0 to 256
[  136.859130][ T7546] exFAT-fs (loop3): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d)
[  138.946703][ T7568] loop2: detected capacity change from 0 to 64
[  139.024761][ T7570] GUP no longer grows the stack in syz.2.612 (7570): 200000004000-20000000a000 (200000002000)
[  139.030997][ T7570] CPU: 0 UID: 0 PID: 7570 Comm: syz.2.612 Not tainted 6.17.0-rc1-syzkaller-00036-gdfc0f6373094-dirty #0 PREEMPT(full) 
[  139.031021][ T7570] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  139.031031][ T7570] Call Trace:
[  139.031037][ T7570]  <TASK>
[  139.031044][ T7570]  dump_stack_lvl+0x189/0x250
[  139.031072][ T7570]  ? __pfx_dump_stack_lvl+0x10/0x10
[  139.031089][ T7570]  ? __pfx__printk+0x10/0x10
[  139.031108][ T7570]  ? find_vma+0xe7/0x160
[  139.031138][ T7570]  __get_user_pages+0x24d0/0x2ce0
[  139.031174][ T7570]  ? mtree_load+0x100/0x700
[  139.031203][ T7570]  get_user_pages_remote+0x2f1/0xad0
[  139.031220][ T7570]  ? __pfx_mtree_load+0x10/0x10
[  139.031246][ T7570]  ? __pfx_get_user_pages_remote+0x10/0x10
[  139.031266][ T7570]  ? __access_remote_vm+0x367/0x7d0
[  139.031289][ T7570]  __access_remote_vm+0x211/0x7d0
[  139.031315][ T7570]  ? __pfx___access_remote_vm+0x10/0x10
[  139.031337][ T7570]  ? alloc_pages_noprof+0xbe/0x190
[  139.031360][ T7570]  proc_pid_cmdline_read+0x430/0x810
[  139.031383][ T7570]  ? __pfx_proc_pid_cmdline_read+0x10/0x10
[  139.031400][ T7570]  ? rw_verify_area+0x2a6/0x4d0
[  139.031421][ T7570]  vfs_readv+0x5aa/0x850
[  139.031435][ T7570]  ? __pfx_proc_pid_cmdline_read+0x10/0x10
[  139.031452][ T7570]  ? __pfx_vfs_readv+0x10/0x10
[  139.031474][ T7570]  ? __fget_files+0x2a/0x420
[  139.031488][ T7570]  ? __fget_files+0x3a0/0x420
[  139.031500][ T7570]  ? __fget_files+0x2a/0x420
[  139.031548][ T7570]  __x64_sys_preadv+0x197/0x2a0
[  139.031575][ T7570]  ? __pfx___x64_sys_preadv+0x10/0x10
[  139.031594][ T7570]  ? rcu_is_watching+0x15/0xb0
[  139.031614][ T7570]  ? do_syscall_64+0xbe/0x3b0
[  139.031637][ T7570]  do_syscall_64+0xfa/0x3b0
[  139.031678][ T7570]  ? lockdep_hardirqs_on+0x9c/0x150
[  139.031698][ T7570]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  139.031721][ T7570]  ? exc_page_fault+0x9f/0xf0
[  139.031742][ T7570]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  139.031756][ T7570] RIP: 0033:0x7fb80258ebe9
[  139.031771][ T7570] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  139.031783][ T7570] RSP: 002b:00007fb8034b3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127
[  139.031800][ T7570] RAX: ffffffffffffffda RBX: 00007fb8027b5fa0 RCX: 00007fb80258ebe9
[  139.031810][ T7570] RDX: 0000000000000001 RSI: 00002000000003c0 RDI: 0000000000000003
[  139.031819][ T7570] RBP: 00007fb802611e19 R08: 0000000021000008 R09: 0000000000000000
[  139.031829][ T7570] R10: 0000000000000304 R11: 0000000000000246 R12: 0000000000000000
[  139.031837][ T7570] R13: 00007fb8027b6038 R14: 00007fb8027b5fa0 R15: 00007ffe4c417a28
[  139.031861][ T7570]  </TASK>
[  139.308485][   T24] usb 3-1: USB disconnect, device number 14
[  139.462575][ T7578] loop3: detected capacity change from 0 to 2048
[  139.475831][ T7578] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  139.482563][ T7578] ext4 filesystem being mounted at /125/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  139.504349][ T6615] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  139.594171][ T7591] syz.3.621 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  139.642119][ T7592] loop1: detected capacity change from 0 to 4096
[  139.760773][ T7592] ntfs3(loop1): failed to convert "0080" to macturkish
[  139.767753][ T7592] ntfs3(loop1): failed to convert name for inode 1e.
[  139.771186][ T7592] ntfs3(loop1): ino=1f, mi_enum_attr
[  139.773250][ T7592] ntfs3(loop1): Mark volume as dirty due to NTFS errors
[  140.311902][ T7609] loop1: detected capacity change from 0 to 32768
[  140.317366][ T7609] XFS (loop1): invalid logbufs value: 1 [not 2-8]
[  140.351632][ T7613] loop3: detected capacity change from 0 to 512
[  140.355095][ T7613] EXT4-fs: Ignoring removed orlov option
[  140.361518][ T7613] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem
[  140.367501][ T7613] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8042c119, mo2=0002]
[  140.374366][ T7613] EXT4-fs error (device loop3): ext4_iget_extra_inode:5104: inode #15: comm syz.3.629: corrupted in-inode xattr: e_value size too large
[  140.382315][ T7613] EXT4-fs error (device loop3): ext4_orphan_get:1397: comm syz.3.629: couldn't read orphan inode 15 (err -117)
[  140.390135][ T7613] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  140.450219][ T6615] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  140.482567][ T7616] loop1: detected capacity change from 0 to 512
[  140.536735][ T7616] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  140.542081][ T7616] ext4 filesystem being mounted at /195/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  140.561821][ T7625] loop2: detected capacity change from 0 to 1024
[  140.565365][ T7625] EXT4-fs: inline encryption not supported
[  140.599262][ T7625] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  140.634602][ T5977] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  140.681542][ T5978] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  140.944418][ T7646] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.640'.
[  141.262996][ T7651] loop2: detected capacity change from 0 to 512
[  141.290229][ T7651] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem
[  141.311043][ T7651] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8042c11c, mo2=0102]
[  141.313897][ T7651] EXT4-fs error (device loop2): ext4_iget_extra_inode:5104: inode #15: comm syz.2.641: corrupted in-inode xattr: e_value size too large
[  141.319241][ T7651] EXT4-fs error (device loop2): ext4_orphan_get:1397: comm syz.2.641: couldn't read orphan inode 15 (err -117)
[  141.324145][ T7651] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  142.076447][ T5977] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  142.284922][ T7667] netlink: 36 bytes leftover after parsing attributes in process `syz.3.646'.
[  142.368278][  T973] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  142.550139][ T7671] loop3: detected capacity change from 0 to 1024
[  142.577745][  T973] usb 3-1: Using ep0 maxpacket: 16
[  142.594928][  T973] usb 3-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  142.608627][  T973] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  142.614578][  T973] usb 3-1: Product: syz
[  142.618578][  T973] usb 3-1: Manufacturer: syz
[  142.620373][  T973] usb 3-1: SerialNumber: syz
[  142.635209][  T973] r8152-cfgselector 3-1: Unknown version 0x0000
[  142.646120][  T973] r8152-cfgselector 3-1: config 0 descriptor??
[  142.657492][   T53] hfsplus: b-tree write err: -5, ino 3
[  142.786131][ T7683] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[  143.245049][    T9] r8152-cfgselector 3-1: USB disconnect, device number 15
[  144.273265][ T7712] netlink: 108 bytes leftover after parsing attributes in process `syz.3.664'.
[  144.277808][ T7712] netlink: 108 bytes leftover after parsing attributes in process `syz.3.664'.
[  144.281638][ T7712] netlink: 108 bytes leftover after parsing attributes in process `syz.3.664'.
[  144.493239][ T7719] cgroup: fork rejected by pids controller in /syz1
[  144.603463][ T5978] syz-executor (5978) used greatest stack depth: 17512 bytes left
[  144.833519][ T7725] loop3: detected capacity change from 0 to 32768
[  144.891936][ T7725] bcachefs (loop3): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,nojournal_transaction_names
[  144.891962][ T7725]   allowing incompatible features above 0.0: (unknown version)
[  144.891972][ T7725]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  144.909351][ T7725] bcachefs (loop3): Using encoding defined by superblock: utf8-12.1.0
[  144.912462][ T7725] bcachefs (loop3): initializing new filesystem
[  144.922752][ T7725] bcachefs (loop3): going read-write
[  144.938034][   T55] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  144.939812][ T5956] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  144.948789][   T55] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  144.956965][   T55] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  144.958982][ T7725] bcachefs (loop3): marking superblocks
[  144.966550][   T55] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  144.969075][   T55] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  144.974263][ T7725] bcachefs (loop3): initializing freespace
[  144.980184][ T7725] bcachefs (loop3): done initializing freespace
[  144.986369][ T7725] bcachefs (loop3): reading snapshots table
[  144.988717][ T7725] bcachefs (loop3): reading snapshots done
[  145.016954][ T7725] bcachefs (loop3): done starting filesystem
[  145.100321][ T5956] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  145.223833][ T5956] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  145.353212][ T5956] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  145.566956][   T24] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[  145.725303][   T24] usb 3-1: Using ep0 maxpacket: 8
[  145.732966][   T24] usb 3-1: config 32 has an invalid descriptor of length 48, skipping remainder of the config
[  145.737744][   T24] usb 3-1: too many endpoints for config 32 interface 0 altsetting 48: 48, using maximum allowed: 30
[  145.738167][ T7734] chnl_net:caif_netlink_parms(): no params data found
[  145.743612][   T24] usb 3-1: config 32 interface 0 altsetting 48 has 0 endpoint descriptors, different from the interface descriptor's value: 48
[  145.751492][   T24] usb 3-1: config 32 interface 0 has no altsetting 0
[  145.753602][   T24] usb 3-1: New USB device found, idVendor=19b5, idProduct=0021, bcdDevice=98.c7
[  145.756519][   T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  145.906867][ T5956] bridge_slave_1: left allmulticast mode
[  145.909063][ T5956] bridge_slave_1: left promiscuous mode
[  145.911941][ T5956] bridge0: port 2(bridge_slave_1) entered disabled state
[  145.922798][ T5956] bridge_slave_0: left allmulticast mode
[  145.926144][ T5956] bridge_slave_0: left promiscuous mode
[  145.928923][ T5956] bridge0: port 1(bridge_slave_0) entered disabled state
[  145.969629][   T24] usb 3-1: string descriptor 0 read error: -71
[  145.972385][   T24] hub 3-1:32.0: bad descriptor, ignoring hub
[  145.974309][   T24] hub 3-1:32.0: probe with driver hub failed with error -5
[  146.065173][   T24] usb 3-1: USB disconnect, device number 16
[  146.524278][ T5956] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  146.530400][ T5956] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  146.538146][ T5956] bond0 (unregistering): Released all slaves
[  146.650852][ T7734] bridge0: port 1(bridge_slave_0) entered blocking state
[  146.653505][ T7734] bridge0: port 1(bridge_slave_0) entered disabled state
[  146.658373][ T7734] bridge_slave_0: entered allmulticast mode
[  146.662541][ T7734] bridge_slave_0: entered promiscuous mode
[  146.670628][ T7734] bridge0: port 2(bridge_slave_1) entered blocking state
[  146.673756][ T7734] bridge0: port 2(bridge_slave_1) entered disabled state
[  146.678093][ T7734] bridge_slave_1: entered allmulticast mode
[  146.681398][ T7734] bridge_slave_1: entered promiscuous mode
[  146.730290][ T7756] nbd: must specify a size in bytes for the device
[  146.759081][ T7725] syz.3.670 (7725) used greatest stack depth: 14600 bytes left
[  146.798303][ T6615] bcachefs (loop3): shutting down
[  146.800475][ T6615] bcachefs (loop3): going read-only
[  146.802605][ T6615] bcachefs (loop3): finished waiting for writes to stop
[  146.814016][ T6615] bcachefs (loop3): flushing journal and stopping allocators, journal seq 3
[  146.823050][ T7734] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  146.838381][ T6615] bcachefs (loop3): flushing journal and stopping allocators complete, journal seq 4
[  146.858212][ T6615] bcachefs (loop3): clean shutdown complete, journal seq 5
[  146.861835][ T6615] bcachefs (loop3): marking filesystem clean
[  146.870309][ T7734] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  146.913646][ T6615] bcachefs (loop3): shutdown complete
[  146.988902][ T7734] team0: Port device team_slave_0 added
[  146.992198][ T7734] team0: Port device team_slave_1 added
[  146.994616][   T55] Bluetooth: hci2: command tx timeout
[  147.022897][ T5956] hsr_slave_0: left promiscuous mode
[  147.040926][ T5956] hsr_slave_1: left promiscuous mode
[  147.075703][ T5956] veth1_macvtap: left promiscuous mode
[  147.078097][ T5956] veth0_macvtap: left promiscuous mode
[  147.080470][ T5956] veth1_vlan: left promiscuous mode
[  147.082639][ T5956] veth0_vlan: left promiscuous mode
[  147.088854][ T7759] loop2: detected capacity change from 0 to 32768
[  147.124515][ T7759] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[  147.147916][ T7759] (syz.2.677,7759,0):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #65: rec_len is smaller than minimal - offset=16, inode=65, rec_len=12, name_len=0
[  147.158885][ T7759] (syz.2.677,7759,0):ocfs2_prepare_dir_for_insert:4302 ERROR: status = -2
[  147.163027][ T7759] (syz.2.677,7759,0):ocfs2_rename:1486 ERROR: status = -2
[  147.167539][ T7759] (syz.2.677,7759,0):ocfs2_rename:1702 ERROR: status = -2
[  147.243765][ T5977] ocfs2: Unmounting device (7,2) on (node local)
[  147.576380][ T5956] team0 (unregistering): Port device team_slave_1 removed
[  147.626450][ T5956] team0 (unregistering): Port device team_slave_0 removed
[  148.117656][ T7734] batman_adv: batadv0: Adding interface: batadv_slave_0
[  148.120458][ T7734] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  148.131540][ T7734] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  148.146994][ T7734] batman_adv: batadv0: Adding interface: batadv_slave_1
[  148.149808][ T7734] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  148.161165][ T7734] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  148.245627][ T7734] hsr_slave_0: entered promiscuous mode
[  148.250917][ T7734] hsr_slave_1: entered promiscuous mode
[  148.261215][ T7734] debugfs: 'hsr0' already exists in 'hsr'
[  148.263559][ T7734] Cannot create hsr debugfs directory
[  148.326623][ T7783] loop2: detected capacity change from 0 to 4096
[  148.331071][ T7783] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512).
[  148.759622][ T7734] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  148.769377][ T7734] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  148.778312][ T7734] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  148.788483][ T7734] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  148.928785][ T7734] 8021q: adding VLAN 0 to HW filter on device bond0
[  148.957132][ T7734] 8021q: adding VLAN 0 to HW filter on device team0
[  148.968522][ T1089] bridge0: port 1(bridge_slave_0) entered blocking state
[  148.971228][ T1089] bridge0: port 1(bridge_slave_0) entered forwarding state
[  148.985644][ T1089] bridge0: port 2(bridge_slave_1) entered blocking state
[  148.988245][ T1089] bridge0: port 2(bridge_slave_1) entered forwarding state
[  149.063676][   T55] Bluetooth: hci2: command tx timeout
[  149.311271][ T7734] 8021q: adding VLAN 0 to HW filter on device batadv0
[  149.381121][ T7734] veth0_vlan: entered promiscuous mode
[  149.396993][ T7734] veth1_vlan: entered promiscuous mode
[  149.439629][ T7734] veth0_macvtap: entered promiscuous mode
[  149.454256][ T7734] veth1_macvtap: entered promiscuous mode
[  149.479405][ T7734] batman_adv: batadv0: Interface activated: batadv_slave_0
[  149.494760][ T7734] batman_adv: batadv0: Interface activated: batadv_slave_1
[  149.549132][ T6014] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  149.552724][ T5956] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  149.581441][ T5956] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  149.607450][ T5956] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  149.701235][   T26] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  149.707858][   T26] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  149.743696][   T26] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  149.746724][   T26] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  149.889931][ T7821] loop1: detected capacity change from 0 to 256
[  149.894396][ T7821] exfat: Deprecated parameter 'utf8'
[  149.896720][ T7821] exfat: Deprecated parameter 'utf8'
[  149.899109][ T7821] exfat: Deprecated parameter 'utf8'
[  149.915960][ T7821] exFAT-fs (loop1): failed to load upcase table (idx : 0x00011f41, chksum : 0xf6d3f72e, utbl_chksum : 0xe619d30d)
[  149.973476][ T5941] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[  150.064138][ T7828] loop1: detected capacity change from 0 to 256
[  150.087099][ T7828] FAT-fs (loop1): Directory bread(block 64) failed
[  150.089974][ T7828] FAT-fs (loop1): Directory bread(block 65) failed
[  150.092839][ T7828] FAT-fs (loop1): Directory bread(block 66) failed
[  150.097444][ T7828] FAT-fs (loop1): Directory bread(block 67) failed
[  150.100395][ T7828] FAT-fs (loop1): Directory bread(block 68) failed
[  150.102996][ T7828] FAT-fs (loop1): Directory bread(block 69) failed
[  150.105555][ T7828] FAT-fs (loop1): Directory bread(block 70) failed
[  150.108093][ T7828] FAT-fs (loop1): Directory bread(block 71) failed
[  150.110673][ T7828] FAT-fs (loop1): Directory bread(block 72) failed
[  150.115658][ T7828] FAT-fs (loop1): Directory bread(block 73) failed
[  150.133007][ T5941] usb 3-1: Using ep0 maxpacket: 8
[  150.143089][ T5941] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9
[  150.147438][ T5941] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  150.151072][ T5941] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  150.163248][ T5941] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  150.174533][ T5941] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0
[  150.178553][ T5941] usb 3-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58
[  150.182119][ T5941] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  150.195552][ T5941] usb 3-1: config 0 descriptor??
[  150.214354][   T55] Bluetooth: hci3: urb ffff88804077ee00 submission failed (90)
[  150.291415][ T7836] netlink: 84 bytes leftover after parsing attributes in process `syz.3.701'.
[  150.471037][ T5313] usb 3-1: USB disconnect, device number 17
[  150.943882][   T33] audit: type=1326 audit(1755393988.385:183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7851 comm="syz.3.708" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fafa798ebe9 code=0x7ffc0000
[  150.953874][   T33] audit: type=1326 audit(1755393988.385:184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7851 comm="syz.3.708" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fafa798ebe9 code=0x7ffc0000
[  150.964553][   T33] audit: type=1326 audit(1755393988.385:185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7851 comm="syz.3.708" exe="/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fafa798ebe9 code=0x7ffc0000
[  150.974333][   T33] audit: type=1326 audit(1755393988.395:186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7851 comm="syz.3.708" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fafa798ebe9 code=0x7ffc0000
[  150.985194][   T33] audit: type=1326 audit(1755393988.395:187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7851 comm="syz.3.708" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fafa798ebe9 code=0x7ffc0000
[  150.997497][   T33] audit: type=1326 audit(1755393988.405:188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7851 comm="syz.3.708" exe="/syz-executor" sig=0 arch=c000003e syscall=221 compat=0 ip=0x7fafa798ebe9 code=0x7ffc0000
[  151.007717][   T33] audit: type=1326 audit(1755393988.405:189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7851 comm="syz.3.708" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fafa798ebe9 code=0x7ffc0000
[  151.018729][   T33] audit: type=1326 audit(1755393988.405:190): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7851 comm="syz.3.708" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fafa798ebe9 code=0x7ffc0000
[  151.027302][ T7854] loop3: detected capacity change from 0 to 4096
[  151.031258][ T7854] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512).
[  151.053507][ T7854] ntfs3(loop3): ino=1d, mi_enum_attr
[  151.055775][ T7854] ntfs3(loop3): Mark volume as dirty due to NTFS errors
[  151.060140][ T7854] ntfs3(loop3): ino=1d, mi_enum_attr
[  151.065495][ T7854] ntfs3(loop3): ino=1d, mi_enum_attr
[  151.069302][ T7854] ntfs3(loop3): ino=1b, "file0" ntfs_readdir
[  151.152553][   T55] Bluetooth: hci2: command tx timeout
[  151.166132][ T7858] netlink: 1041 bytes leftover after parsing attributes in process `syz.3.710'.
[  151.232234][ T7864] loop1: detected capacity change from 0 to 128
[  151.288871][ T7734] FAT-fs (loop1): error, invalid access to FAT (entry 0x266f0005)
[  151.292505][ T7734] FAT-fs (loop1): Filesystem has been set read-only
[  151.376367][ T7878] loop2: detected capacity change from 0 to 1024
[  151.391117][ T7878] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  151.399888][ T7878] ext4 filesystem being mounted at /201/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  151.464360][ T5977] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  151.557127][ T7898] loop3: detected capacity change from 0 to 2048
[  151.560828][ T7899] netlink: 56 bytes leftover after parsing attributes in process `syz.2.729'.
[  151.578585][ T7898] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  151.603545][ T6615] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  151.642939][ T7907] libceph: resolve '400' (ret=-3): failed
[  152.174267][ T7919] loop1: detected capacity change from 0 to 32768
[  152.255514][ T7919] read_mapping_page failed!
[  152.259071][ T7919] ERROR: (device loop1): txCommit: 
[  152.259071][ T7919] 
[  152.266085][ T7919] ERROR: (device loop1): remounting filesystem as read-only
[  152.543262][ T7945] binder_alloc: 7944: binder_alloc_buf, no vma
[  152.810947][ T7949] loop3: detected capacity change from 0 to 1024
[  152.859262][ T7954] bond0: option active_slave: mode dependency failed, not supported in mode balance-rr(0)
[  152.859648][ T7949] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  152.976190][ T6615] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  153.181641][ T7960] loop3: detected capacity change from 0 to 512
[  153.233353][   T55] Bluetooth: hci2: command tx timeout
[  153.247026][ T7960] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  153.250882][ T7960] ext4 filesystem being mounted at /182/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  153.359154][ T6615] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  153.777727][ T7983] trusted_key: encrypted_key: key trusted:syz not found
[  154.007162][ T7991] loop3: detected capacity change from 0 to 1024
[  154.082695][ T1089] hfsplus: b-tree write err: -5, ino 3
[  154.088447][ T6615] hfsplus: node 4:3 still has 3 user(s)!
[  154.170597][ T7994] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  154.535916][ T8015] loop1: detected capacity change from 0 to 32768
[  154.539439][ T8015] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.775 (8015)
[  154.547210][ T8015] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  154.550540][ T8015] BTRFS info (device loop1): using crc32c (crc32c-lib) checksum algorithm
[  154.553954][ T8015] BTRFS info (device loop1): using free-space-tree
[  154.579472][   T33] audit: type=1800 audit(1755393992.016:191): pid=8015 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.775" name="file1" dev="loop1" ino=260 res=0 errno=0
[  155.372466][ T7734] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  155.560738][ T5941] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  155.736318][ T8041] loop1: detected capacity change from 0 to 32768
[  155.739608][ T8041] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.778 (8041)
[  155.747067][ T8041] BTRFS info (device loop1): first mount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6
[  155.751216][ T8041] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm
[  155.754720][ T5941] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 4
[  155.754916][ T8041] BTRFS info (device loop1): using free-space-tree
[  155.764100][ T5941] usb 4-1: Dual-Role OTG device on HNP port
[  155.766848][ T5941] usb 4-1: New USB device found, idVendor=1a0a, idProduct=0102, bcdDevice=7a.b1
[  155.772231][ T5941] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  155.775895][ T5941] usb 4-1: Product: syz
[  155.777293][ T5941] usb 4-1: Manufacturer: syz
[  155.778919][ T5941] usb 4-1: SerialNumber: syz
[  155.783207][ T5941] usb 4-1: config 0 descriptor??
[  155.789003][ T5941] usb_ehset_test 4-1:0.0: probe with driver usb_ehset_test failed with error -32
[  155.882715][ T7734] BTRFS info (device loop1): last unmount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6
[  156.003067][ T5941] usb 4-1: USB disconnect, device number 4
[  156.419925][ T6039] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  156.586569][ T6039] usb 2-1: config 0 has an invalid interface number: 95 but max is 0
[  156.597096][ T6039] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  156.607384][ T6039] usb 2-1: config 0 has no interface number 0
[  156.613169][ T6039] usb 2-1: config 0 interface 95 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 8
[  156.623928][ T8070] netlink: 64138 bytes leftover after parsing attributes in process `syz.3.783'.
[  156.625455][ T6039] usb 2-1: New USB device found, idVendor=7725, idProduct=b0a8, bcdDevice= 7.46
[  156.637597][ T6039] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  156.642152][ T6039] usb 2-1: Product: syz
[  156.644001][ T6039] usb 2-1: Manufacturer: syz
[  156.646107][ T6039] usb 2-1: SerialNumber: syz
[  156.663545][ T6039] usb 2-1: config 0 descriptor??
[  156.668822][ T8065] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  156.891472][ T6039] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  156.897155][ T6039] usb 2-1: MIDIStreaming interface descriptor not found
[  157.016034][ T6039] usb 2-1: USB disconnect, device number 14
[  157.710703][ T8086] openvswitch: netlink: Message has 4 unknown bytes.
[  157.992520][ T8097] erspan0: entered promiscuous mode
[  158.001485][ T8097] erspan0: left promiscuous mode
[  158.181646][ T8110] loop1: detected capacity change from 0 to 1024
[  158.186191][ T8110] EXT4-fs: Ignoring removed bh option
[  158.228608][ T8110] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  158.259872][ T5313] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  158.292174][ T7734] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  158.412843][ T5313] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  158.418069][ T5313] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  158.422492][ T5313] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  158.426432][ T5313] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  158.435523][ T8102] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  158.443392][ T5313] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  158.521295][ T8129] sp0: Synchronizing with TNC
[  158.585843][ T8125] loop1: detected capacity change from 0 to 32768
[  158.593039][ T8125] btrfs: Deprecated parameter 'usebackuproot'
[  158.595427][ T8125] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  158.599113][ T8125] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.809 (8125)
[  158.604551][ T8125] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  158.607699][ T8125] BTRFS info (device loop1): using crc32c (crc32c-lib) checksum algorithm
[  158.612259][ T8125] BTRFS info (device loop1): disk space caching is enabled
[  158.614441][ T8125] BTRFS warning (device loop1): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  158.678476][ T7734] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  158.834872][ T6039] usb 4-1: USB disconnect, device number 5
[  158.917396][ T8152] loop2: detected capacity change from 0 to 4096
[  158.929352][ T8152] EXT4-fs: Ignoring removed i_version option
[  158.949460][ T8152] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003]
[  158.952770][ T8152] System zones: 0-5
[  158.961665][ T8152] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  158.992618][ T8154] loop1: detected capacity change from 0 to 4096
[  159.011058][ T5977] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  159.193426][ T8165] syz.1.821 uses obsolete (PF_INET,SOCK_PACKET)
[  159.470200][ T8187] netlink: 4 bytes leftover after parsing attributes in process `syz.1.832'.
[  159.648283][   T24] usb 3-1: new low-speed USB device number 18 using dummy_hcd
[  159.824495][   T24] usb 3-1: config 32 interface 0 altsetting 0 endpoint 0x85 has invalid maxpacket 65535, setting to 8
[  159.829225][   T24] usb 3-1: New USB device found, idVendor=19b5, idProduct=0021, bcdDevice=98.c7
[  159.832862][   T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  159.846393][ T8185] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  160.061730][   T24] usb 3-1: string descriptor 0 read error: -71
[  160.065147][   T24] hub 3-1:32.0: USB hub found
[  160.071667][   T24] hub 3-1:32.0: config failed, can't read hub descriptor (err -22)
[  160.209658][   T24] usb 3-1: USB disconnect, device number 18
[  161.886916][ T8217] loop2: detected capacity change from 0 to 1024
[  161.953521][ T8217] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  162.014709][ T8217] EXT4-fs (loop2): shut down requested (2)
[  162.095009][ T5977] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  163.358675][ T8240] loop1: detected capacity change from 0 to 32768
[  163.363779][ T8240] XFS (loop1): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  163.375216][ T8240] XFS (loop1): Ending clean mount
[  163.384415][ T8240] XFS (loop1): Quotacheck needed: Please wait.
[  163.411105][ T8240] XFS (loop1): Quotacheck: Done.
[  163.451314][ T7734] XFS (loop1): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  163.491056][ T8246] loop2: detected capacity change from 0 to 32768
[  163.553578][ T8246] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  163.582433][ T8246] XFS (loop2): Ending clean mount
[  163.623891][ T5977] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  163.679250][ T8270] RDS: rds_bind could not find a transport for fc02::1, load rds_tcp or rds_rdma?
[  163.840386][ T8282] netlink: 4 bytes leftover after parsing attributes in process `syz.1.865'.
[  163.952909][ T8293] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  164.264341][ T8306] loop2: detected capacity change from 0 to 32768
[  164.474748][ T8310] loop3: detected capacity change from 0 to 32768
[  164.488211][   T33] audit: type=1800 audit(1755394001.931:192): pid=8310 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.877" name="file1" dev="loop3" ino=4 res=0 errno=0
[  164.570113][ T8316] loop1: detected capacity change from 0 to 32768
[  164.698357][ T8320] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  164.833768][ T8328] loop2: detected capacity change from 0 to 4096
[  164.837444][ T8328] ntfs3(loop2): Mark volume as dirty due to NTFS errors
[  164.844012][ T8328] ntfs3(loop2): volume is dirty and "force" flag is not set!
[  165.147100][ T8350] netlink: 4 bytes leftover after parsing attributes in process `syz.1.896'.
[  165.234876][ T8350] team1: entered promiscuous mode
[  165.236722][ T8350] team1: entered allmulticast mode
[  165.856007][ T5941] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  166.005403][ T5941] usb 2-1: Using ep0 maxpacket: 32
[  166.031330][ T5941] usb 2-1: config 0 has an invalid interface number: 67 but max is 0
[  166.037599][ T5941] usb 2-1: config 0 has no interface number 0
[  166.060056][ T5941] usb 2-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  166.063747][ T5941] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  166.067545][ T5941] usb 2-1: Product: syz
[  166.069521][ T5941] usb 2-1: Manufacturer: syz
[  166.071836][ T5941] usb 2-1: SerialNumber: syz
[  166.081479][ T5941] usb 2-1: config 0 descriptor??
[  166.093266][ T5941] smsc95xx v2.0.0
[  166.545880][ T5941] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[  166.549320][ T5941] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  166.961714][ T8377] loop3: detected capacity change from 0 to 32768
[  166.979913][ T8377] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  166.989931][ T5956] (kworker/u8:3,5956,1):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #72: rec_len % 4 != 0 - offset=16, inode=66, rec_len=491, name_len=2
[  167.105631][ T6615] ocfs2: Unmounting device (7,3) on (node local)
[  167.865734][ T8401] loop2: detected capacity change from 0 to 32768
[  167.870603][ T8401] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.918 (8401)
[  167.879339][ T8401] BTRFS info (device loop2): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  167.883471][ T8401] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm
[  167.887456][ T8401] BTRFS info (device loop2): disk space caching is enabled
[  167.890421][ T8401] BTRFS warning (device loop2): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  167.939907][ T8401] BTRFS info (device loop2): rebuilding free space tree
[  167.968376][ T8401] BTRFS info (device loop2): disabling free space tree
[  167.971249][ T8401] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  167.977012][ T8401] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  168.012086][ T5977] BTRFS info (device loop2): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  168.081351][ T5941] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000038: -71
[  168.091881][ T5941] smsc95xx 2-1:0.67: probe with driver smsc95xx failed with error -71
[  168.112553][ T5941] usb 2-1: USB disconnect, device number 15
[  168.167492][ T8418] loop3: detected capacity change from 0 to 512
[  168.179071][ T8418] EXT4-fs (loop3): Test dummy encryption mode enabled
[  168.186884][ T8418] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  168.201905][ T8418] EXT4-fs (loop3): 1 truncate cleaned up
[  168.206153][ T8418] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  168.281025][ T8418] fscrypt: AES-256-CBC-CTS using implementation "cts(cbc(ecb(aes-fixed-time)))"
[  168.338645][ T6615] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  168.703721][  T973] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  168.854242][  T973] usb 4-1: Using ep0 maxpacket: 32
[  168.882329][  T973] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  168.890486][  T973] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  168.897222][  T973] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  168.905179][  T973] usb 4-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00
[  168.912159][  T973] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  169.019666][  T973] usb 4-1: config 0 descriptor??
[  169.443163][  T973] input: HID 0458:5011 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0458:5011.000A/input/input11
[  169.509288][  T973] input: HID 0458:5011 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0458:5011.000A/input/input12
[  169.520038][  T973] kye 0003:0458:5011.000A: input,hiddev0,hidraw0: USB HID v0.00 Mouse [HID 0458:5011] on usb-dummy_hcd.3-1/input0
[  170.596443][    C1] kye 0003:0458:5011.000A: usb_submit_urb(ctrl) failed: -1
[  170.634695][ T8464] netlink: 28 bytes leftover after parsing attributes in process `syz.1.936'.
[  170.739092][ T8470] loop1: detected capacity change from 0 to 512
[  170.746884][ T8470] EXT4-fs (loop1): 1 truncate cleaned up
[  170.749787][ T8470] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  170.780562][ T7734] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  170.880434][ T8474] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.940'.
[  170.885268][ T8473] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.940'.
[  171.377312][   T96] usb 4-1: USB disconnect, device number 6
[  171.917095][ T8506] loop2: detected capacity change from 0 to 32768
[  171.922784][ T8506] (syz.2.954,8506,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  171.928486][ T8506] (syz.2.954,8506,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  171.943586][ T8506] JBD2: Ignoring recovery information on journal
[  171.977874][ T8506] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[  172.013821][ T8506] 
[  172.014625][ T8506] ======================================================
[  172.017161][ T8506] WARNING: possible circular locking dependency detected
[  172.019964][ T8506] 6.17.0-rc1-syzkaller-00036-gdfc0f6373094-dirty #0 Not tainted
[  172.023764][ T8506] ------------------------------------------------------
[  172.026873][ T8506] syz.2.954/8506 is trying to acquire lock:
[  172.029224][ T8506] ffff888113b55240 (&ocfs2_sysfile_lock_key[LOCAL_ALLOC_SYSTEM_INODE]){+.+.}-{4:4}, at: ocfs2_reserve_local_alloc_bits+0x125/0x24e0
[  172.034551][ T8506] 
[  172.034551][ T8506] but task is already holding lock:
[  172.037463][ T8506] ffff888113b50660 (&ocfs2_quota_ip_alloc_sem_key){++++}-{4:4}, at: ocfs2_lock_global_qf+0x1e8/0x270
[  172.041743][ T8506] 
[  172.041743][ T8506] which lock already depends on the new lock.
[  172.041743][ T8506] 
[  172.045875][ T8506] 
[  172.045875][ T8506] the existing dependency chain (in reverse order) is:
[  172.049408][ T8506] 
[  172.049408][ T8506] -> #7 (&ocfs2_quota_ip_alloc_sem_key){++++}-{4:4}:
[  172.052899][ T8506]        lock_acquire+0x120/0x360
[  172.054935][ T8506]        down_write+0x96/0x1f0
[  172.056875][ T8506]        ocfs2_lock_global_qf+0x1e8/0x270
[  172.059152][ T8506]        ocfs2_acquire_dquot+0x2b0/0xb30
[  172.061411][ T8506]        dqget+0x7b1/0xf10
[  172.063197][ T8506]        ocfs2_setattr+0xf68/0x1b40
[  172.065314][ T8506]        notify_change+0xb36/0xe40
[  172.067402][ T8506]        chown_common+0x40c/0x5c0
[  172.069424][ T8506]        ksys_fchown+0xea/0x160
[  172.071372][ T8506]        __x64_sys_fchown+0x7a/0x90
[  172.073455][ T8506]        do_syscall_64+0xfa/0x3b0
[  172.075398][ T8506]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  172.077843][ T8506] 
[  172.077843][ T8506] -> #6 (&ocfs2_sysfile_lock_key[GROUP_QUOTA_SYSTEM_INODE]){+.+.}-{4:4}:
[  172.081946][ T8506]        lock_acquire+0x120/0x360
[  172.083962][ T8506]        down_write+0x96/0x1f0
[  172.085884][ T8506]        ocfs2_lock_global_qf+0x1ca/0x270
[  172.088079][ T8506]        ocfs2_acquire_dquot+0x2b0/0xb30
[  172.090336][ T8506]        dqget+0x7b1/0xf10
[  172.092125][ T8506]        ocfs2_setattr+0xf68/0x1b40
[  172.094194][ T8506]        notify_change+0xb36/0xe40
[  172.096259][ T8506]        chown_common+0x40c/0x5c0
[  172.098286][ T8506]        ksys_fchown+0xea/0x160
[  172.100285][ T8506]        __x64_sys_fchown+0x7a/0x90
[  172.102353][ T8506]        do_syscall_64+0xfa/0x3b0
[  172.104376][ T8506]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  172.106916][ T8506] 
[  172.106916][ T8506] -> #5 (&dquot->dq_lock){+.+.}-{4:4}:
[  172.109893][ T8506]        lock_acquire+0x120/0x360
[  172.111897][ T8506]        __mutex_lock+0x187/0x1360
[  172.113943][ T8506]        dqget+0x72a/0xf10
[  172.115739][ T8506]        dquot_transfer+0x4b8/0x6d0
[  172.117819][ T8506]        ext4_setattr+0x865/0x1bc0
[  172.119851][ T8506]        notify_change+0xb36/0xe40
[  172.121884][ T8506]        chown_common+0x40c/0x5c0
[  172.123902][ T8506]        do_fchownat+0x161/0x270
[  172.125931][ T8506]        __x64_sys_lchown+0x85/0xa0
[  172.128017][ T8506]        do_syscall_64+0xfa/0x3b0
[  172.130042][ T8506]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  172.132612][ T8506] 
[  172.132612][ T8506] -> #4 (&ei->xattr_sem){++++}-{4:4}:
[  172.135614][ T8506]        lock_acquire+0x120/0x360
[  172.137639][ T8506]        down_read+0x46/0x2e0
[  172.139550][ T8506]        ext4_setattr+0x855/0x1bc0
[  172.141524][ T8506]        notify_change+0xb36/0xe40
[  172.143529][ T8506]        chown_common+0x40c/0x5c0
[  172.145545][ T8506]        do_fchownat+0x161/0x270
[  172.147518][ T8506]        __x64_sys_chown+0x82/0xa0
[  172.149556][ T8506]        do_syscall_64+0xfa/0x3b0
[  172.151552][ T8506]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  172.154067][ T8506] 
[  172.154067][ T8506] -> #3 (jbd2_handle){++++}-{0:0}:
[  172.156992][ T8506]        lock_acquire+0x120/0x360
[  172.159054][ T8506]        start_this_handle+0x1fa7/0x21c0
[  172.161301][ T8506]        jbd2__journal_start+0x2c1/0x5b0
[  172.163500][ T8506]        jbd2_journal_start+0x2a/0x40
[  172.165662][ T8506]        ocfs2_start_trans+0x376/0x6d0
[  172.167749][ T8506]        ocfs2_mknod+0xe93/0x2050
[  172.169703][ T8506]        ocfs2_create+0x1a5/0x440
[  172.171684][ T8506]        path_openat+0x14f4/0x3830
[  172.173657][ T8506]        do_filp_open+0x1fa/0x410
[  172.175603][ T8506]        do_sys_openat2+0x121/0x1c0
[  172.177606][ T8506]        __x64_sys_openat+0x138/0x170
[  172.179739][ T8506]        do_syscall_64+0xfa/0x3b0
[  172.181706][ T8506]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  172.184267][ T8506] 
[  172.184267][ T8506] -> #2 (&journal->j_trans_barrier){.+.+}-{4:4}:
[  172.187608][ T8506]        lock_acquire+0x120/0x360
[  172.189613][ T8506]        down_read+0x46/0x2e0
[  172.191528][ T8506]        ocfs2_start_trans+0x36a/0x6d0
[  172.193608][ T8506]        ocfs2_mknod+0xe93/0x2050
[  172.195599][ T8506]        ocfs2_create+0x1a5/0x440
[  172.197602][ T8506]        path_openat+0x14f4/0x3830
[  172.199636][ T8506]        do_filp_open+0x1fa/0x410
[  172.201606][ T8506]        do_sys_openat2+0x121/0x1c0
[  172.203643][ T8506]        __x64_sys_openat+0x138/0x170
[  172.205782][ T8506]        do_syscall_64+0xfa/0x3b0
[  172.207684][ T8506]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  172.210215][ T8506] 
[  172.210215][ T8506] -> #1 (sb_internal#8){.+.+}-{0:0}:
[  172.213208][ T8506]        lock_acquire+0x120/0x360
[  172.215260][ T8506]        ocfs2_start_trans+0x26b/0x6d0
[  172.217458][ T8506]        ocfs2_mknod+0xe93/0x2050
[  172.219475][ T8506]        ocfs2_create+0x1a5/0x440
[  172.221391][ T8506]        path_openat+0x14f4/0x3830
[  172.223434][ T8506]        do_filp_open+0x1fa/0x410
[  172.225518][ T8506]        do_sys_openat2+0x121/0x1c0
[  172.227534][ T8506]        __x64_sys_openat+0x138/0x170
[  172.229668][ T8506]        do_syscall_64+0xfa/0x3b0
[  172.231692][ T8506]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  172.234243][ T8506] 
[  172.234243][ T8506] -> #0 (&ocfs2_sysfile_lock_key[LOCAL_ALLOC_SYSTEM_INODE]){+.+.}-{4:4}:
[  172.238420][ T8506]        validate_chain+0xb9b/0x2140
[  172.240528][ T8506]        __lock_acquire+0xab9/0xd20
[  172.242582][ T8506]        lock_acquire+0x120/0x360
[  172.244614][ T8506]        down_write+0x96/0x1f0
[  172.246543][ T8506]        ocfs2_reserve_local_alloc_bits+0x125/0x24e0
[  172.249250][ T8506]        ocfs2_reserve_clusters_with_limit+0x1be/0xba0
[  172.251954][ T8506]        ocfs2_lock_allocators+0x2fa/0x5c0
[  172.254209][ T8506]        ocfs2_extend_allocation+0x39b/0x17a0
[  172.256580][ T8506]        ocfs2_extend_no_holes+0x20e/0x4a0
[  172.258740][ T8506]        ocfs2_acquire_dquot+0x6c6/0xb30
[  172.260874][ T8506]        dqget+0x7b1/0xf10
[  172.262673][ T8506]        ocfs2_setattr+0xf68/0x1b40
[  172.264694][ T8506]        notify_change+0xb36/0xe40
[  172.266699][ T8506]        chown_common+0x40c/0x5c0
[  172.268659][ T8506]        ksys_fchown+0xea/0x160
[  172.270615][ T8506]        __x64_sys_fchown+0x7a/0x90
[  172.272616][ T8506]        do_syscall_64+0xfa/0x3b0
[  172.274581][ T8506]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  172.277092][ T8506] 
[  172.277092][ T8506] other info that might help us debug this:
[  172.277092][ T8506] 
[  172.280960][ T8506] Chain exists of:
[  172.280960][ T8506]   &ocfs2_sysfile_lock_key[LOCAL_ALLOC_SYSTEM_INODE] --> &ocfs2_sysfile_lock_key[GROUP_QUOTA_SYSTEM_INODE] --> &ocfs2_quota_ip_alloc_sem_key
[  172.280960][ T8506] 
[  172.288663][ T8506]  Possible unsafe locking scenario:
[  172.288663][ T8506] 
[  172.291647][ T8506]        CPU0                    CPU1
[  172.293745][ T8506]        ----                    ----
[  172.295785][ T8506]   lock(&ocfs2_quota_ip_alloc_sem_key);
[  172.297938][ T8506]                                lock(&ocfs2_sysfile_lock_key[GROUP_QUOTA_SYSTEM_INODE]);
[  172.301730][ T8506]                                lock(&ocfs2_quota_ip_alloc_sem_key);
[  172.304942][ T8506]   lock(&ocfs2_sysfile_lock_key[LOCAL_ALLOC_SYSTEM_INODE]);
[  172.307878][ T8506] 
[  172.307878][ T8506]  *** DEADLOCK ***
[  172.307878][ T8506] 
[  172.311063][ T8506] 5 locks held by syz.2.954/8506:
[  172.313071][ T8506]  #0: ffff88802ac22428 (sb_writers#34){.+.+}-{0:0}, at: mnt_want_write_file+0x60/0x200
[  172.316861][ T8506]  #1: ffff888113b29840 (&type->i_mutex_dir_key#24){+.+.}-{4:4}, at: chown_common+0x313/0x5c0
[  172.320778][ T8506]  #2: ffff88811393c0a8 (&dquot->dq_lock){+.+.}-{4:4}, at: ocfs2_acquire_dquot+0x2a3/0xb30
[  172.324704][ T8506]  #3: ffff888113b509c0 (&ocfs2_sysfile_lock_key[GROUP_QUOTA_SYSTEM_INODE]){+.+.}-{4:4}, at: ocfs2_lock_global_qf+0x1ca/0x270
[  172.329565][ T8506]  #4: ffff888113b50660 (&ocfs2_quota_ip_alloc_sem_key){++++}-{4:4}, at: ocfs2_lock_global_qf+0x1e8/0x270
[  172.334010][ T8506] 
[  172.334010][ T8506] stack backtrace:
[  172.336382][ T8506] CPU: 1 UID: 0 PID: 8506 Comm: syz.2.954 Not tainted 6.17.0-rc1-syzkaller-00036-gdfc0f6373094-dirty #0 PREEMPT(full) 
[  172.336411][ T8506] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  172.336422][ T8506] Call Trace:
[  172.336431][ T8506]  <TASK>
[  172.336438][ T8506]  dump_stack_lvl+0x189/0x250
[  172.336460][ T8506]  ? __pfx_dump_stack_lvl+0x10/0x10
[  172.336478][ T8506]  ? __pfx__printk+0x10/0x10
[  172.336498][ T8506]  ? print_lock_name+0xde/0x100
[  172.336517][ T8506]  print_circular_bug+0x2ee/0x310
[  172.336535][ T8506]  check_noncircular+0x134/0x160
[  172.336551][ T8506]  validate_chain+0xb9b/0x2140
[  172.336567][ T8506]  ? __mutex_unlock_slowpath+0x1a1/0x760
[  172.336588][ T8506]  ? look_up_lock_class+0x74/0x170
[  172.336608][ T8506]  ? register_lock_class+0x51/0x320
[  172.336630][ T8506]  __lock_acquire+0xab9/0xd20
[  172.336652][ T8506]  ? ocfs2_reserve_local_alloc_bits+0x125/0x24e0
[  172.336675][ T8506]  lock_acquire+0x120/0x360
[  172.336694][ T8506]  ? ocfs2_reserve_local_alloc_bits+0x125/0x24e0
[  172.336717][ T8506]  ? do_raw_spin_lock+0x121/0x290
[  172.336736][ T8506]  down_write+0x96/0x1f0
[  172.336748][ T8506]  ? ocfs2_reserve_local_alloc_bits+0x125/0x24e0
[  172.336769][ T8506]  ? __pfx_down_write+0x10/0x10
[  172.336788][ T8506]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  172.336805][ T8506]  ? lockdep_hardirqs_on+0x9c/0x150
[  172.336823][ T8506]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  172.336841][ T8506]  ocfs2_reserve_local_alloc_bits+0x125/0x24e0
[  172.336864][ T8506]  ? stack_depot_save_flags+0x41b/0x860
[  172.336885][ T8506]  ? kasan_save_track+0x4f/0x80
[  172.336902][ T8506]  ? __kasan_kmalloc+0x93/0xb0
[  172.336919][ T8506]  ? ocfs2_reserve_clusters_with_limit+0xea/0xba0
[  172.336935][ T8506]  ? ocfs2_lock_allocators+0x2fa/0x5c0
[  172.336950][ T8506]  ? ocfs2_extend_no_holes+0x20e/0x4a0
[  172.336971][ T8506]  ? __pfx_ocfs2_reserve_local_alloc_bits+0x10/0x10
[  172.336992][ T8506]  ? chown_common+0x40c/0x5c0
[  172.337005][ T8506]  ? ksys_fchown+0xea/0x160
[  172.337018][ T8506]  ? __x64_sys_fchown+0x7a/0x90
[  172.337030][ T8506]  ? do_syscall_64+0xfa/0x3b0
[  172.337048][ T8506]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  172.337068][ T8506]  ? __lock_acquire+0xab9/0xd20
[  172.337093][ T8506]  ? do_raw_spin_unlock+0x4d/0x240
[  172.337110][ T8506]  ? _raw_spin_unlock+0x28/0x50
[  172.337126][ T8506]  ? ocfs2_alloc_should_use_local+0x152/0x310
[  172.337145][ T8506]  ? ocfs2_reserve_clusters_with_limit+0x16b/0xba0
[  172.337160][ T8506]  ocfs2_reserve_clusters_with_limit+0x1be/0xba0
[  172.337178][ T8506]  ? __pfx_ocfs2_reserve_clusters_with_limit+0x10/0x10
[  172.337196][ T8506]  ? rcu_is_watching+0x15/0xb0
[  172.337209][ T8506]  ? ocfs2_num_free_extents+0x347/0x620
[  172.337256][ T8506]  ? __pfx_ocfs2_num_free_extents+0x10/0x10
[  172.337272][ T8506]  ? __pfx_ocfs2_read_blocks+0x10/0x10
[  172.337288][ T8506]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  172.337307][ T8506]  ocfs2_lock_allocators+0x2fa/0x5c0
[  172.337326][ T8506]  ? __pfx_ocfs2_lock_allocators+0x10/0x10
[  172.337343][ T8506]  ? ocfs2_read_inode_block+0x11d/0x190
[  172.337357][ T8506]  ? __pfx_ocfs2_read_inode_block+0x10/0x10
[  172.337376][ T8506]  ocfs2_extend_allocation+0x39b/0x17a0
[  172.337397][ T8506]  ? chown_common+0x40c/0x5c0
[  172.337417][ T8506]  ? ksys_fchown+0xea/0x160
[  172.337429][ T8506]  ? __x64_sys_fchown+0x7a/0x90
[  172.337448][ T8506]  ? __pfx_ocfs2_extend_allocation+0x10/0x10
[  172.337475][ T8506]  ? kasan_quarantine_put+0xdd/0x220
[  172.337495][ T8506]  ? __pfx_ocfs2_journal_access_di+0x10/0x10
[  172.337515][ T8506]  ? find_tree_dqentry+0xc6c/0x1070
[  172.337537][ T8506]  ? __lock_acquire+0xab9/0xd20
[  172.337560][ T8506]  ocfs2_extend_no_holes+0x20e/0x4a0
[  172.337581][ T8506]  ? __pfx_ocfs2_extend_no_holes+0x10/0x10
[  172.337602][ T8506]  ? do_raw_spin_unlock+0x4d/0x240
[  172.337620][ T8506]  ? _raw_spin_unlock+0x28/0x50
[  172.337636][ T8506]  ? ocfs2_qinfo_unlock+0x121/0x150
[  172.337677][ T8506]  ocfs2_acquire_dquot+0x6c6/0xb30
[  172.337700][ T8506]  ? __pfx_ocfs2_acquire_dquot+0x10/0x10
[  172.337720][ T8506]  dqget+0x7b1/0xf10
[  172.337736][ T8506]  ocfs2_setattr+0xf68/0x1b40
[  172.337760][ T8506]  ? __pfx_ocfs2_setattr+0x10/0x10
[  172.337780][ T8506]  ? ktime_get_coarse_real_ts64_mg+0x52/0x1e0
[  172.337799][ T8506]  ? seqcount_lockdep_reader_access+0x175/0x1c0
[  172.337820][ T8506]  ? ktime_get_coarse_real_ts64_mg+0x1be/0x1e0
[  172.337840][ T8506]  ? current_time+0x222/0x370
[  172.337854][ T8506]  ? evm_inode_setattr+0x1bd/0x7d0
[  172.337870][ T8506]  ? __pfx_current_time+0x10/0x10
[  172.337883][ T8506]  ? apparmor_path_chown+0x238/0x2d0
[  172.337901][ T8506]  ? try_break_deleg+0x79/0x130
[  172.337916][ T8506]  ? __pfx_ocfs2_setattr+0x10/0x10
[  172.337936][ T8506]  notify_change+0xb36/0xe40
[  172.337956][ T8506]  chown_common+0x40c/0x5c0
[  172.337972][ T8506]  ? __pfx_chown_common+0x10/0x10
[  172.337988][ T8506]  ? mnt_get_write_access+0x223/0x2a0
[  172.338004][ T8506]  ? mnt_want_write_file+0x172/0x200
[  172.338020][ T8506]  ksys_fchown+0xea/0x160
[  172.338034][ T8506]  __x64_sys_fchown+0x7a/0x90
[  172.338047][ T8506]  do_syscall_64+0xfa/0x3b0
[  172.338066][ T8506]  ? lockdep_hardirqs_on+0x9c/0x150
[  172.338084][ T8506]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  172.338098][ T8506]  ? exc_page_fault+0x9f/0xf0
[  172.338115][ T8506]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  172.338129][ T8506] RIP: 0033:0x7fb80258ebe9
[  172.338143][ T8506] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  172.338155][ T8506] RSP: 002b:00007fb8034b3038 EFLAGS: 00000246 ORIG_RAX: 000000000000005d
[  172.338170][ T8506] RAX: ffffffffffffffda RBX: 00007fb8027b5fa0 RCX: 00007fb80258ebe9
[  172.338181][ T8506] RDX: 000000000000ee01 RSI: 0000000000000000 RDI: 0000000000000004
[  172.338189][ T8506] RBP: 00007fb802611e19 R08: 0000000000000000 R09: 0000000000000000
[  172.338198][ T8506] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  172.338207][ T8506] R13: 00007fb8027b6038 R14: 00007fb8027b5fa0 R15: 00007ffe4c417a28
[  172.338252][ T8506]  </TASK>
[  172.565361][    C1] vkms_vblank_simulate: vblank timer overrun
[  172.568030][    C1] clocksource: Long readout interval, skipping watchdog check: cs_nsec: 1005789654 wd_nsec: 1005789628
[  172.747976][ T5977] ocfs2: Unmounting device (7,2) on (node local)

VM DIAGNOSIS:
01:22:33  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000000 RBX=1ffff11026cc7f61 RCX=ffff888021308000 RDX=0000000000000000
RSI=0000000000000001 RDI=0000000000000000 RBP=ffffc90003a9f6c0 RSP=ffffc90003a9f540
R8 =ffffffff8fa37e37 R9 =1ffffffff1f46fc6 R10=dffffc0000000000 R11=fffffbfff1f46fc7
R12=ffff88813663fb08 R13=dffffc0000000000 R14=ffff88804b03b1c0 R15=0000000000000001
RIP=ffffffff81b44d44 RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000555590b82500 ffffffff 00c00000
GS =0000 ffff8880b861c000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f61b40e56c0 CR3=000000003dd12000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=2525252525252525 2525252525252525
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=0000000000000000 00000000000000ff XMM05=0000000000000000 00007f61b3412e53
XMM06=0000000000000000 00007f61b3412e4d XMM07=0000000000000000 00007f61b3412e61
XMM08=0000000000000000 00007f61b3412ee7 XMM09=0000000000000000 00007f61b3412fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000000 RBX=0000000000000000 RCX=0000000000000000 RDX=00000000000003f9
RSI=000000000000275f RDI=0000000000002760 RBP=00000000000003f9 RSP=ffffc90002bee3d0
R8 =0000000000000003 R9 =0000000000000004 R10=dffffc0000000000 R11=ffffffff854efeb0
R12=dffffc0000000000 R13=dffffc0000000000 R14=ffffffff99dee3a0 R15=0000000000000000
RIP=ffffffff854eff2c RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007fb8034b36c0 ffffffff 00c00000
GS =0000 ffff8881a3c1c000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000001b32615ff8 CR3=000000010d744000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=ffffffff8174859b ffffffff8133c57e
XMM02=00007fb802787498 ffffffff8133c57e XMM03=00007fb8027874a8 00007fb8027874a0
XMM04=00007fb8032ed100 00007fb802787460 XMM05=00007fb802787478 00007fb8027874c0
XMM06=00007fb8027874b8 00007fb8027874b0 XMM07=00007fb8027874a8 00007fb8027874a0
XMM08=0000000000000000 0000000000000000 XMM09=0000000000000000 00007fb802612fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
