last executing test programs: 1m2.480560169s ago: executing program 3 (id=3780): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000740)=@newsa={0x140, 0x1a, 0x1, 0xfffffffe, 0x100, {{@in=@multicast2, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x1, 0x71c, 0x4e23, 0x5, 0xa, 0x0, 0x20, 0x3a}, {@in6=@mcast2, 0x4d4, 0x6c}, @in6=@private2={0xfc, 0x2, '\x00', 0x1}, {0x0, 0x1000000000000192, 0x9ba3, 0xffff, 0x8251c, 0x5, 0xfffffffffffffffc}, {0xffffffffffffffff, 0x0, 0x1f, 0xfffffffffffffffe}, {0xfffffffe, 0x3fc}, 0x80, 0x3505, 0x2, 0x1, 0x0, 0x20}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @replay_thresh={0x8, 0xb, 0x7f}]}, 0x140}}, 0x844) 1m2.300928324s ago: executing program 3 (id=3783): r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000780)=ANY=[@ANYBLOB="200100002f00010000000000fcdbdf250801f2800c00060008ac0f000010000014000100fc00000000000000000000000000000008004400", @ANYRES32=0x0, @ANYBLOB="d90066802400328008004100b20000000800ca00ac1e000108003d00fcffffff0400c58004008a800800a18004000b80c073bf8f025953f538087c2947af34d793a12e66cd988ba2df542272ddf8f3b0594ff9883b7914bc9c92aafa8bb7b0c0552ff62f4a9716d08229fbc0558c09235f84d6771d08666d8b337ac75c741e4e77f4a9bc443c6a07a722469f8689554aa0e81e897ed6146a5b6cb1adf5cecbe76fb27a1c2610d17b8d3c80cfe639ce824597e338c1bb6a7d118257e8e8ac7e1f1c03054e4ec9bce7dfd5fc620229ab929fb9ebb5658776ab26000000080002"], 0x120}], 0x1, 0x0, 0x0, 0x1}, 0x0) 1m1.917516782s ago: executing program 3 (id=3792): r0 = socket$kcm(0x11, 0x3, 0x0) sendmsg$kcm(r0, &(0x7f00000000c0)={&(0x7f0000000100)=@ieee802154={0x24, @long={0x3, 0x2, {0xaaaaaaaaaaaa0102}}}, 0x80, 0x0}, 0x24000008) 1m1.642742063s ago: executing program 3 (id=3797): syz_mount_image$hfsplus(&(0x7f00000000c0), &(0x7f0000000980)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x3200004, &(0x7f00000010c0)=ANY=[@ANYBLOB='nls=cp863,decompose,umask=00000000000000000010000,uid=', @ANYRESHEX=0x0, @ANYBLOB="2c6e6f6465636f6d706f73652c00acdb50a352b211e5ceaed3e7a8c1731ef4c9512076cc4d573109eadda119088c8af27fda66847216b40d34ab7a25771158753d5ee6febab0d623e193a2f58059d92935253b97ee99dd"], 0x1, 0x6b9, &(0x7f0000000a00)="$eJzs3U1sHGcZB/D/bJx1Nkip26ZtQEi1GqmCRiR2ViVBQmpACOUQoQguvVqJ01jZpJXtorRCZAMUJE6cUA8cilA49IQQQionRDkjIXHh5BuHSNw45AAYzezsem1vHDuOvab9/aTJvLPv1zOP52N37GgDfGpdfD2Huyly8dSl2+X2yr12Z+Ve+2a/nGQySSOZ6K1StJLi4+RCeks+W75YD1c8bJ5X739UTLz/Ybu3NVEvVfvGVv02GdmymxwZbBxKMt0r/nvbw24ar1qqca6sjfeYikHcZcJO9hMH47a6SXetsvHI7ts/b4ED607vvrnJVHI0vbtr+T4g9dXh0VeG8dvy2tTdvzgAAABgr4z8LD/sqQd5kNs5tj/hAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwCdD0fvOwKJeGv3ydIr+9/83h75TvznmcHfpvWvV6ttPjTsQAAAAAAAAANiVFx/kQW7nWH97tah+5/9StXG8+vczeTtLmc9iTud25rKc5SxmNsnU0EDN23PLy4uzwz2rPxJY+nnKnqurq3fqnmdH9jy7Pq7uxkBH/aXBpkYAAAAAAAAA8Kn1g1xc+/0/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcBEVyqLeqluP98lQaE0mOJGkW04PmzbEG+wT8cdwBAAAAwN5r1etjxX97hdWi+sz/fPW5/0jezq0sZyHL6WQ+V6tnAb1P/Y2/dtudlXvtm+WyeeCv/XNHcVQjpvfsYfTMM1WL5wY9Luab+U5OZTqXs5iFfDdzWc58pvONqjSXIlP104uplXut9GPdHO+FdVuXN8b24lC5jO9EFUkr17JQxXY6V5r90Bt1uxNDs/2+mWyY8W6ZneK12jZzdLVel3v0s3p9MExVe354kJGZOvdlNp4ezvvm3O/wONk402wag2dQx9dmKTc3zvRYOT9ar8tc/3hvc77DR2nrM9H9abnVP/qe3zrnyRf/9qfL1xu3bly/tnTq4BxGj2njMdEeysQL28pEp8xEdxeZOLKb+J+cZp2N3lV0Z1fLl6q+x7KQb+XNXM18zmUmszmfmXwlZ9PO2aG8Prd1XqtzrbGzc+3kF+pCeU/6ydC9ad9MPqyizOvTQ3kdvtJNVXXDr6xl6ZltZKloZnSW/j4ylInP1YVyjh8O3XHGb5CJxtq1uR/ds1tn4pf/WU2y1Ll1Y/H63FvbnO/lel2etu+tvzb/6ons0M7Vu1seL8+UP6z0bhvDR0dZ92y/bt2RM1vVHR/Urb/PNZupzude3aPO1HKk5++OGqlX98LIWdpV3YmhunXvcvJmOoN3IQAcYEdfOdps3W/9pfVB60et661LR74+eX7y880c/vPEHw79pvHrxleLV/JBvp9j444UAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+CZbeeffGXKczv3gAC2k84QHvjqzqp6L3SvNg7PtWhcP7O+mhnTSe3OqI+m2SLbo3x5HMVpID8DOd62RiH+aazIiqS4NXWkljEE+SGwfkC+6AvXBm+eZbZ5beefdLCzfn3ph/Y/7W2fPnXjvX/vLsnTPXFjrzM71/xx0lsBfW3gaMOxIAAAAAAAAAAABgu3bz3wn+cWl7jUdMW3THsK8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA/6eLr+dwN0VmZ07PlNsr99qdcumX11pOJGkkKb6XFB8nF9JbMjU0XPGweV69/9EvXn7/w/baWBP99o0N/X73r9XVHe5Ft14yneRQvX60yW2Nd2VovO4OA+spBntYJuxkP3Ewbv8LAAD///zfBvQ=") mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) 1m1.255767877s ago: executing program 3 (id=3803): syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000100)='./file1\x00', 0x0, &(0x7f0000000040)=ANY=[@ANYRES32=0x0], 0x11, 0x6fd, &(0x7f0000000ac0)="$eJzs3U1sHFcdAPD/rNf2bioct03TIFWqaaWCiEjiWC6YSwxCyEgVVEGCs9U4jZXNB7aL3B6IC0hcOXBFKgdzgRMIISEhRSriCLfCzeJUgeDSU9JDB83Xeuzuetdx/FH4/aLJvJk3781//jPzZnclawL4v7VwPpr3ox0L519Zz5a3Nmc6W5szt4pyoxMR4xHRiGjWWiXvRsxHMcWnsxVVRb/9/Gx57up7H2y9Xyw1y6kRxX/t/gE2hzmKjXKKqYgYKecHsKO/1x6tv/HtYtLNTJawF6vEwXEbjYh0h++d3a7pJR2pLfS934FPjqR4btYU9/9kxKmIaFUPtI2isnH0EQ60r7Fo4/DiAAAAgBPj9IN7EesxcdxxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwCdJ+f7/pJweVuWpSKr3/4/V3rE/dszh9rd3ZK2qcL9xFMEAAAAAAAAAwOF6/kH86mqaTlTLaRKN74yUC+1y/kasxlIz4kKsx2KsxVqsxHRETNY6GltfXFtbmY4X8qUzH6ZpGk8ULWNlR8vLPVteHjLg9kGPGAAAAAAAAAD+p1yZHc/nP4yFmDjuYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoC6JGClm+XSmKk9GoxkRrYgYy7bbiPhrVT5BmvttcP9w4gAAAIAT5fSDeBDrMVEtp0n+nf9s/r2/FW/E7ViL5ViLTizFtfy3gOJbf2Nrc6aztTlzK5siYnRnv1/5z3b5txMDw8h7jOK3h957Ppdv0Y7rsZyvuRCvxZ3oxLVo5C0z56p4anHVvJ3FlFwppGmMD5Oga+U8O/KflvMj0R60wWSekdFuRi5lsSVFHp/cOxP1szOE3Xuajkb3l58z/ffU/TGmyvmVPfeSfJSmRelUtSbiiW/smfP8ehnd18H097c///tbAzbZnYnLtavv7N45j/js73793Rud2zdvJBvnj+wyeiTP9149/o/qDFWZKGzEUszUMvHs0Jm4vnrCM9HXzl8aG/FMt7wQX49vx/mYildjJZbj+7EYa7EUU/G1vLRYXs/Z/5N7Z2p+x9Krg2IaK8/LyK6YPnO6mO8V0wt524lYjm/GnbgWS/Fy/u9yTMcXYzZmY652hp8ZYqRt9Ljrf98/+Bc/Vxayge8n2wPg47q7DyDL65O1vNbH3Mm8rr6mEWn5ZHlqH8+jvcfGyvYjKzsTP6rdg8evm4lWdJ8SVXRPVxkY7ZmJX+TDymrn9s2VG4t3d/WbbPTe30ux8/BPzkCSXS9PdceInVdHVvd0z7rpvO5Mt66xu+6X7W7doDt1rPwM9/GeLud1z0bEz8tos7pMNoZndedq7bLPW6287sM0TYvPWwCcUB+l3S9Snz811v5X+y/td9o/bt9ov9L66viXxp8bi9E/jX65eWnkpcZzyW/infhBDP6GDgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADLT65ls3FzudpZVdhTRN7/WpOpRCNCN2rPnjH2rb5O8ai4jhO8y2nm9E5GuaURaGaP7PiCjX3Hu0w3m7V9V4DG7+9/KcHEnC9ygkQ2/c6nv9lIU7nyoP52Gapkd+ONW72vbdPC0d2yl4zIXqFVkfq0qaEX1aHctwBByhi2u37l5cffOtLyzfWnx96fWl23Ozs3OX5mZfnrl4fbnTOu7wgEOUP+vzzznHHQkAAAAAAAAAAAAwrOH+OCe5uRjFmmavvyIY1BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgABbOR/N+JDF96cKlbHlrc6aTTVU5m4/kWz6MiEZEJFMRybsR81FMMVnrLum3n42Iq+99sPV+sdQsp3z7xsGPYqOcYqoMd6r3dq1eK9N7/fpL8n7u9u9vSEk5jXTXzB+oP3hM/hsAAP//zi8OkA==") truncate(&(0x7f0000000040)='./file1\x00', 0x41bfc) 1m0.817868658s ago: executing program 3 (id=3814): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000440)=@dellink={0x28, 0x11, 0x1, 0x70bd27, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, 0x22920, 0x2300}, [@IFLA_GROUP={0x8, 0x1b, 0x8}]}, 0x28}, 0x1, 0x0, 0x0, 0x94}, 0xc040) 1m0.470945361s ago: executing program 32 (id=3814): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000440)=@dellink={0x28, 0x11, 0x1, 0x70bd27, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, 0x22920, 0x2300}, [@IFLA_GROUP={0x8, 0x1b, 0x8}]}, 0x28}, 0x1, 0x0, 0x0, 0x94}, 0xc040) 2.633116829s ago: executing program 5 (id=4618): r0 = syz_open_procfs(0x0, &(0x7f0000000140)='net/ipv6_route\x00') lseek(r0, 0x100000000000000, 0x1) 2.435787311s ago: executing program 1 (id=4620): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x40) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(r0, 0xc08c5335, &(0x7f0000000300)={0x0, 0x7f, 0x1, 'queue0\x00', 0x3}) 2.38325446s ago: executing program 5 (id=4622): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@newnexthop={0x30, 0x68, 0x1, 0x100003, 0x7ffffffd, {}, [@NHA_GROUP={0xc, 0x2, [{0x1, 0x15}]}, @NHA_ENCAP={0xc, 0x8, 0x0, 0x1, @SEG6_LOCAL_IIF={0x8, 0x6, 0xa}}]}, 0x30}, 0x1, 0x0, 0x0, 0x4008018}, 0x4000080) 2.268035524s ago: executing program 5 (id=4624): r0 = semget$private(0x0, 0x4, 0x10a) semctl$GETNCNT(r0, 0x2, 0xe, 0x0) 2.205695367s ago: executing program 1 (id=4627): r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000180)={@ipv4={'\x00', '\xff\xff', @remote}, 0x8000000, 0x0, 0xff, 0x1}, 0x20) 2.070922214s ago: executing program 5 (id=4631): r0 = socket(0xa, 0x5, 0x0) sendmsg$inet_sctp(r0, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x4e24, 0xff, @loopback, 0x5}, 0x1c, &(0x7f0000000040)=[{&(0x7f0000000100)="e6", 0x1}], 0x1, &(0x7f0000000140)=[@dstaddrv6={0x20, 0x84, 0x8, @rand_addr=' \x01\x00'}, @dstaddrv6={0x20, 0x84, 0x8, @ipv4={'\x00', '\xff\xff', @private=0xa010100}}], 0x40, 0x4855}, 0x24000052) 2.021929363s ago: executing program 1 (id=4632): r0 = syz_open_dev$radio(&(0x7f00000000c0), 0xffffffffffffffff, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r0, 0xc0205647, &(0x7f0000000100)={0xf000000, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x98f905}}) 1.853647673s ago: executing program 1 (id=4635): sched_setaffinity(0x0, 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000005100), &(0x7f0000000340)='./file0\x00', 0x810, &(0x7f00000004c0)={[{@treelog}, {@rescue={'rescue', 0x3d, 'nologreplay'}}, {@thread_pool={'thread_pool', 0x3d, 0xfff}}, {@space_cache}, {@nodatasum}, {@nobarrier}, {@flushoncommit}, {@user_subvol_rm}, {@nossd}, {@noenospc_debug}, {@noautodefrag}, {@commit={'commit', 0x3d, 0x7fffffff}}, {@nobarrier}, {@skip_balance}, {@max_inline={'max_inline', 0x3d, [0x38, 0x47, 0x38, 0x0, 0x36, 0x34]}}]}, 0x1, 0x510f, &(0x7f0000005140)="$eJzs3U+IVWUfB/Dnzp1x5lVw7iu84Lt6fSOQauHgJiKiq0xQUXTLxWAETi2CdOEkSLQQBlv0b+EtKWohuZJaJLMwgtq4kMII3IaGuXCjGEgu2mnMPee5c+5zvOfeGbUx/Xxk5pzn/M7znOdezuJ+r3POCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBCeO7XTw5X1U9fnz57fqa5++C2mSsHpjecCaHW2V7L67u2P/3S6zt2PT8RO8y+mC0bjX5DZl0vZI01PRsX+/X+vBpCGEsGqOfLp9aVRi2u7isPWOnGpb3Htuxvbj5xpF2/dvncqfJLZ9HEak9gteTn1cWlc6nZ+T2S7NFtF069Ws8pmvVPT7i/5UUAAMsy1eosuh9H84+43fZ8Wk/azaTdTtrxE0K72FiJbNw1/ea5Ka2v0jybWVQY7zvPpJ6//912K+2ftAtRY355M+t9SXmkmeg3z7mkfgvzLB98GfMEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuJs89OboA1X109enz56fae4+uG3myoHpDWdCaHS217Jybe27R5p/fL39+MHvt35x4uKzj9TzfnE5Wtg5/BJXHpsM4bVC5WIc9tL6EFq9hU4zfF4uvNFZeSYWAAAAuJf8t/N7pNvO4uBYT7vWSZO1zr8oC4s3Lu09tmV/c/OJI+36tcvnTq18vFaf8Zo3Ha/bbiz91ArBOMbfdLyletx1X2mcaumIaZ5/9MLUn1X9S/m/UZ3/4zsn/wMAAHAr5P90nGqD8v83r/z2UVX/Uv7f1HPIUv6PM475fySsLP8DAADA3exO5/9maZxqg/L/+AtjX1b1L+X/qeHy/2hx2nHjz3HCeyZDmBo0dQAAAKCP+P/uS18txLyefXOQ5vUnHj50vmq8Uv5vDpf/x27rqwIAAABuxdHPdj5YVS/l/9Zw+X/8js4aAAAAWI633p94r6peyv+zw+X/tfkyv/Ih6/RD/CuEw5MhTCyuzGWFH0P7yW4BAAAAuE1iTv/9493fVe1Xyv9z1ff/j3c6iNf/99z/r3T9f6GQ3fXvcTcGAAAA4H5Uvp4/3h4/e3JBv+fvD3v9///+dejlquOX8v/8cPm/Xlzezuf/AQAAwAr8057/t7M0TrVB9///zwdv/1TVv5T/28Pl/7hcV3x5J2u17P15ZzKEjYsr+d0Ev4qH25MUFsYKhY5W0mNH7JEXFsYLhY65pMfWyRD+v7gynxT+HQvtpHB1fV44mhTOxEJ+PnQLx5PCyXimfbo+n25a+DYW8gssFuIVFOu6l0QkPa7167FYuGmPc92DAwAA3FdieM6z7FhvM6RRdqE2aIe1g3YYGbRDfdAOo8kO6Y79tofZ3kLc3j67eXnP/z86XP6Pb8WabNHv+v8Qr//Pn2vYvf5/NhYaSWEhFlrpHQNa8RhZ2P0wHqPRyntc3dgtAAAAwD0tfi9QX+V5AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/MXevcbIVd0HAD/7fnq9kFQhNEo2SY3jJl6vbfJQmyprStWINM26oUFVlLLGXpPFC3ZsU2IUImMT0QhBaYOUfCjCKIpqPkCtQERSQLhIcYTKI6IqCiBQaA1RECkliUgTpLiavffM3jl357G213jp7yd558z8z/POw3PuvXMuAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/z8c/spVf9so/vBvz3/6uYvGL9u34aKXrzn/zMdDmJh9vC0Lt/Vff+v4z+88765996277Z6jF7y/Oy+Xx8NA5U97fue6WOvRZSHc2xZCZxpYPZgFuvL7g7G+dwyGcEaYC1RLTPVnJdKGw/f7QjgQ5gLVqr7XF8JgIXDhEw89eGMlcUtfCCtCCD1pG8/2ZG30pYFzurNAfxrY3pkFfnUsUw18tz0LwAmLb4bqi/7QRG2G4fnL1Xn9dZ20jr2x0uF1xMRw/Xw/27DInSroTh+YOKGnrVQdi6L09jjs3bYE3m2l7Xyzp634RSr/hnJsLtQT2rdMbd105czu+Eh7GB3tqFfTIj3PT736pc0LSS+Z12HswPBJeR3e9NiKOztWffLRe1avePHgB/a/dKLd/FFhkxbTi60n5K+5JfM8RuM+T5bA26/0LWnEl64QwtbP/96nGsVL8//hxvP/+HKOt+01uWOtrw9lc/P4yGBMvDKUzc0BAABgyVgKe023jz7wkUb1leb/I60d/4+H/PPJfDbawyGMzyb2Lw/hrNnHs8AdsblLlofw7tnURG1gQxI4HMLbZxOrqlUlJXpjiZEk8JOhPDCeBI7EwEQS+FYM3JwErouBQ0lgcwwcTgLnxUCYrh3H7w/l42g50BcDk9lGPBTPQvjFUGwt2VbPVKsCAAA4SfLZYVft3cK5DieaIU4vD/U1yxDPwK6boSepIZ3BVqdVdWvobFZDe7MaquPe23j4pZrbmtVcOg2jrTbDrb/8m0+HBkrz/7HG8/+eeTrSVjr+H8LG2b8xd3semanGJydqMgAAAAAnYOB/n/9mo3hp/j/e2vn/cZ9IRyFzeCTuhti2PISx2kBW7R+WA9lR74E8AAAAAEtB9Xh89Vj4dH6bnaKdzqfL+ScWmD8e+B+fN3/34fsnG/W3NP+faO38//7a26wTR2IvvrY8hN5C4Aexl5XArJEY+PHHagP5+I/EDXBDrCo/MaFa1Q2xxGQMjCWBA/VK/LBa4qzaQP5kVRvfXx3HdF6iEAAAAIBTLu4OiMfl4/n/7/nNuqsalSvN/ycXdv7/7Dy4dHr/zEAIazpD6Eh/GPBIf7YwYAwMtuWJB/qzujrSqq7tD+GjlYGlVT2fr//fma4x+ERfVlUMnPWeg6+eU0l8sy+ENcXAk5+9/YOVxO4kUG38L/tCeFdltGnj3+nNGu9KG/96bwjvLARm4lNxSW8Ilca606oe6smvY5BW9c89IbylEKj26kM9IexJn0gAlor4X+mW4oO79ly9bdPMzNTORUzEffh9Yev0zNTo5u0zW3rq9GlL0ueaZYyuLY+p1SvfPJMvUfSZuzcOtpKu/k5wrNhWvh+/dOJgfj9+F+qaHee6rpq769Mhv++95SZC4ZtUvSG3L/KQ+4uVzD2Jpfpj/u4wEHqv3DW1c/SLm3bv3rk2+9tq9nXZ33iYKdtWa9Nt1T9f31p4edRdLStxvNtqZbGSNbsv37Fm156rV09fvunSqUunrlj7oXVj546tH/vwuWsqoxrL/jYZ6sr5qk6Geuz2Fsd1Eod6dmehklPxqSExtXNXbzgtuiEh0Vpi+8DKhv8nl+b/OxrP/+OnTvzkz9dnqHf8fzge5s8enzvMPxkDB1o9/j9c72h+9cSAkSSwNwb2OswPAADAm0Oc5Me9mXGv9E9XfefFRuVK8/+9rf3+/ySt/19duv6Cesv8r4olxuqt/58u819d/39vvfX/02X+q+v/H3gD1v+/shpINskvrP8PAAC8GZy69f+bLu+fXiCglKHp8v7pBQJKGZou49/qBQIWvP7/s//5V/8dGijN/29ubf5v4X4AAAA4fXz5z676nUbx0vz/QGvz/1O//l+od/7/SL3ARL2FAa3/BwAAwBJVb/2/4ev7L25UrjT/P9Ta/D+edtFekzvW+vpQtqZdSNe0e2Wo+pMBAAAAWBraw+hoV4t5a1ZG3XD8bT6VLwXaKF30/J8cXdj5/4dbm//X/C7jpsdW3Nmx6pOPvn7P6hUvHvzA/pfmjv8DAAAAi6fV/RIAAAAAAAAAAAAAAMAb7/n/2Le+Ubz0+/+wcfbxer//Ty+W+Naa3LHW5uv/5fcv/MRde2aXLHxkKIT3FgPb9m07I+TX5l9ZDDz4uVVvqyT2pSXuf+68FyqJi9PAx1ef+VrNTyLywGRcJPHtSYnJeFXF15Ylgbi84r+ngVj5oTTQnQe+uiwbR1u6rX46mG2rtnRbPT0YwvJCoLqt7h3M2mhLBhhuSQLVAX4hDcQB/nkeaE97dddA1qsYGIxFbxsIfS5+AABwWovfArvC1umZqbH4FT7ent1ZexvVLFl2bbnathabfyZfmuwzd28cbCXdkX4XnbvWeFfoqQxhbenrajFL2+woT04tTTbdW+sMudlqb+11yqUWuum664+oLxvR6ObtM1u6mg58ffMs6zqbZllbmuwUs7TPbtIWammhLy2MqMVt00KX4/32MDrakeT6gxgcDjWavSJa/b1+cZ2/eq+CYp4rju7/VaP6SvP/4dbm/zX7AV7LLwawN15Z7++WW+YfAAAAFtdXN/z6G/Hfp69/+MlGeUvz/5HW5v9xD1Z+KDjb23E4Xv9///IQZi+tP5wF7ojNXbI8hHfPpiZiieyC+hfEEmNZ4I64w2RVLDE5UVtVbwwcSgI/GcoDh5PAkRjI91IcDPmunL8fCuGDs6mNtSV2xBLDSeBTMTCSBEZjYCwJLIuB8STw8rI8MJEE/i0GwnTttrp7Wb6tAAAAFiKfZ3XV3g3pPO9QZ7MMbc0y9DfL0N4sQ3ryeSlDvVHE+9+OGbqSk1faCpm60lr7klpKGeLF8Bfcr1KG8MPanGnBUtPx/IPq+QZttRnu+0hnT2igNP8fa23+3197m7V+JM7/567/lwV+ELv3tXjq+EgM/PhjtYF8x8CRONm9oVrVRF4in7TfEEuMx8BIEtgRA+NJYHJjHjjwttpAPtOuNr6/2vh0XqIQAAAAgFMu7iCIu2ni/P+2XV8ZaFSuNP8fX9jv/weKjV0Xaz26LIR72+Z6Uw2sHswCcT/GYPx5/DsGQzijsIOjWmKqPyvRnTQcvt+X/UK9O63qe33Zjw/i/QufeOjBGyuJW/pCWFHY+1Jt49merI2+NHBOdxboTwPbO7NA3PNTDXy3PQvACavuFYwvqPxUl6rh+cvVef29Wa4Jmg6vtA90nnzz/eZqsZR2uOb7VKsW9rQ13H/LSVN6exz2bluK77Zh77biF6n8G8qxuVBPaN8ytXXTlTO74yPFX7KWLNLzXPyVaivpk/A63Hv8vW2uJ+3AWPLxMTZ/uflfh22xupseW3Fnx6pPPnrP6hUvHvzA/pda7kYd8YfCD13zr4M/KmzexdYT8tfckvs8mfB5shT/GxjxtIUQNr789RsaxUvz/4nW5v+dye2sX8eNuWt5CO8rbNxH4ub/4+XZ52AhkH1KvqUcyA65/9dQ3U9OAAAAONmquzuq+wum89vshPB0nlzOP7HA/HF/xfi8+Vvtd/9ff25Fo3hp/j/ZeP7fm3TT8X/H/1kkjv/P63TfFd2bPrD3hHZFl6pjUTj+P6/T/d3m+P+8HP93/H8+jv834fj/vE73p630LWmHL10hhBf/6IGnG8VL8/8drc3/T+P1/3pO5fp/6aJ91fX/Juut/7ej3vp/e63/BwAALKo6C82l87zS6n2lDOnqfaUMTRcIbLrEoPX/Frz+3wtnP/ub0EBp/r+3tfl/fDkMFFtfKuv/jWysU9XNMbDDwoAAAACcjurtIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOCNdd8//M+WRvGHf3v+089dNH7Zvg0XvXzN+Wc+HsL07ONtWbit//pbx39+53l37btv3W33HL3g/T15ua789ndrcsdaXx8K4UDhkcGYeGWocmcucOEn7trTWUk8MhTCe4uBbfu2nVFJfGsohJXFwIOfW/W2SmJfWuL+5857oZK4OA18fPWZr1USH80DbWl3/3FZ1t22tLs3LgtheSFQ7e5ly2qrqrbxp3mgPW3jnwazNmJgMBb9xmDWRgzMxBLTvSGs6QyhI63q4Z6sqo60qn/pyarqSKv6ck8IHw0hdKZVPdedVdWZjvzx7qyqGDjrPQdfPaeSONAdwppi4MnP3v7BSuILSaDa+F90h/CuyksmbfzbXVnjXWnjt3SF8M4QQnda4pedWYnutMTznSG8ZS5wLBYIn+8MYU/gTSF++NR8ou3ac/W2TTMzUzsXMdGdt9UXtk7PTI1u3j6zpSfpUz1thfSxa49/7M+8+qXNldvP3L1xsJV0Z16ua7bL67pq7q4/3Xsf+9VfrGTu+SjVH/N3h4HQe+WuqZ2jX9y0e/fOtdnfVrOvy/525NFsW61dKttqZbGSNbsv37Fm156rV09fvunSqUunrlj7oXVj546tH/vwuWsqoxrL/p6Mod5+6od6dmehklPxASAhIbHUEu01n25jp/sHeemL/lxHu0LP7Ad0aVpRzNI2O8qTMegNxzni4/me0nREa0sTh1KWdfNkubY2y/rSZGKulr4sy+z3utLksNhY++wmjffbw+hoR73tMFx7t7h5f3YCm/epfNO1mgYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4P3bgQAAAAAAAyP+1EaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwAwcCAAAAAED+r41QVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVhR04FgAAAAAQ5m8dRs8GAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwKQAA///HtiJw") 1.834544718s ago: executing program 5 (id=4636): syz_mount_image$ocfs2(&(0x7f0000004740), &(0x7f0000004780)='./file0\x00', 0x100000a, &(0x7f00000002c0)={[{@journal_async_commit}, {@heartbeat_none}, {@usrquota}, {@barrier={'barrier', 0x3d, 0x7}}, {@heartbeat_none}, {@inode64}]}, 0x1, 0x4703, &(0x7f0000004800)="$eJzs212IXFcBB/BzJ6vZpMl2P9ImafoxSQQXLcumT9X6ENeqjabNh7bVVFlnN9vN6uzMujujBYPUIIiCoARBxQ+qQulLLYiBvtQiFPxAWoVSUbS+iBSq4INBG+jKzNybnXtntneyk7S0/f2gnb3n3nPumf3vPXfOPZNCrHZqYaW4sFIsVYrV2ftXbil+rlquL86FwqvktT4/vbkSOcn+tXPkfR/4yD23hPCHY1/70Orq6mpoGA5dHWj7+fy/T8+2vyYKmTqNdru31vLH+iMv/fwtr3REnhMhhB0d/WrYFEL42C9C2BxCGInLRuPXLSGEbSGEKITw6G/+9ePBfrrQ5uy9Lzx37MzhfWemHn/smQvzR9c9MArhu+XdN88vvrh/023Pv+MynR4AAF7RB48fufvo5IHwZBSGzg10fl7fGb8mn4/vfNun7np4YG3/Kr3Z9CqGCgAAABlr8//h6OUu63XJylqyJPjEAyfufipa229i+/p26K4jt79/8kC8/ht17L81Lvrnezc111Cz677Z9d+RTP3u679r53n4q8/+svLWjfc/6V9y3uEQFSZS24XCxEQIx6Za27uirYVydaX2zvur9crJjZ/3jSKdf3b1fm1Bv9f8RzPV89b/d3/i8z/bMtDPOxgL2b/axnax80+ZLtL5rz+W/+RLUU/5j2Xq5eV/x9Pbz/9qcz/vIHtGLkU6/9aFuK/9gGJrAGjk/82B/Px3ZNrPy//7U+cePbGB7/80xpnhqNHXwdQI8HJcvs5XmMhI598KIjV0xr/I9a7//2XyvybTfl7+d1b/8bu/9XH/X2/8H5/qp803j3T+rSCKqSPWrv+RQv71f22m/bz8f3vqz89+sq97dWf+jf6Pu//3JJ1/fCNOD57N32Sv4//OTPt5+e8au++hhQ30+8Nb4n4ORWGs7Vun5xq3sKG19ermlKaxe2kDJ3kTSOff+q2lLp2h1kvz+h/OH/93ZdrPy/+hPV9/z+m+vv/bffyfNP73JJ3/lmbZpeT/Uib/3Zn28/L/4em//+W+yzz+N7YPyr8n6fy3duxfe/5T6Gn+d12mft7zn32jTz3y1z7m/0n/kvMmz3+S5xDjUev5D92l879q3eN6vf/vydTLu/6/9Z/nn97fz/gfDXoC0Id0/ttahV0mgL3mf32m/bz8v3DPlz/+pw3M/5qf+AaT/Nvm/5tb5UeN/z1J57+9VZj6x1APNv/fvP9Hnbn/N5P/DZn28/K/cGhi4CuX+f7f6P94l0fZdErnP7TucY38f9/D/f/GTL28/L+496cv3tzX5/8QJs31Nyyd/9XrHte8/gfz878pUy8v/+9849dPPNhH/9/eR12y+bfu9anLKf5s3uv8v5hpPy//H42fP7v/Csz/bnX/70k6/9aq+aXkn53/7820n5f/9478YHngCjz/uUP+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGzIavw6HqDCR2i4UJiZCGIu3d4Wt0Uzp5PRMuTr7mZUQdsTlxTAazZerM6Xy9EKlenJuulQuV2dDuCbevyMMRivlam16sbR07cW2tkSn5krLtZm5Ui2EsDMuvz5sT9qaWagtlpaaxyZ1ropKn61Xa6WJ+srccth9sXxbUj6/XK0vXXexrasL1eWlU6XK9MmF5XdPTk5Ohj0X+zwSzT1Qm6vUWr1t7W3USeoOR21vprn7hrbzfbpaX66Uys3yG9vqlKuzpXJbnZvazldbrldmS7W56XJ1Pjlfsa1u23tr7t4b7xsPI6n3l9TNOhi/3n7o+EePHz7Qsb8YpfOu1BfnJrd3/5sAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4I3rydve9e0QwkBrqxBCOJj8EMX/pZy994Xnjp05vO/M1OOPPXNh/mi3YwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4PztwIAAAAAAA5P/aCFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVXYuZ+XKro4DsBnxve+FkgpbYRcBoaI6E7Cgn4RSeU1smWb1kGtEjIoCgwjWhYEQVC7qCBoFVT+BVELl62qTS1aGERQMTqTlzvCDS90zHkeGM4Mc++ZLwzcO3M+hwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALB+nN2x2JW1l3ZtXtq6+0PozM/9H0IYTZb3P+/tCD0hhK9fZk6HVdpCT1P/bybnxstXTX7v7R9/eH00WXv9xXeL63aHJB1qON6ZpOnQ0Nr736juDD6bHkxCSGMXQhQLY0/O1EIIHbELIYqfH+cvZr/v/8UuhCj6P9ztyu5/LXYhRLF196e+Wv6MR/Wcr18YbPzvb/UI3sYjOuvQ25NX3qVuauW9zN//k3zzPlgNsyeOvH8euwiimZ2bOhq7BgAA4O861yL/D1uW9+9fTkJPdzn3/9aU//c29b96/r/i3vYbYzNthRDbSmOT2fHwvnb63PhODVy9/bpmvKeq5P/VJv+vNvl/tcn/q03+X23yfzKv5P+V9PjmnsUXsYsgGvk/AABUz6HjE1P14ZHs5X/Tj85yXt+Xt/U8T39wa3rgUcO4kfzw33b42MSBg8Mj+X0vDwiurP+QLp39ns/3aG4Lk03zLlqt/9D7dGH+Wmf5E/U/nL9R1Fdc1/oPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAvdueehkEwCsPod1sRtdGqaMLCT4IPNDAiACnMaEAHEwZgIAQUMJBzlnuTZ3kBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA5/tXeV18f2mM9Foj0lR22bV/jqfZz9y3w/I+e9y4FQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADZ24EAGAAAAQJi/dR7tBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4KkAAAD//8Oayzs=") quotactl$Q_SETQUOTA(0xffffffff80000801, &(0x7f0000000080)=@loop={'/dev/loop', 0x0}, 0x0, &(0x7f0000000100)={0x3, 0x5, 0x20000246, 0x7ffffffffffffffd, 0xfffffffffffffffa, 0xffffffffffffffff, 0x0, 0x8007fff, 0xffff348b}) 1.592097532s ago: executing program 0 (id=4641): setreuid(0xee01, 0xee01) madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15) 1.446064636s ago: executing program 4 (id=4642): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDFONTOP_SET(r0, 0x4b72, &(0x7f00000006c0)={0x4, 0x1000000, 0x20000008, 0x20, 0x130, &(0x7f0000000040)="387ed7626d850509a2d6c1aa38f15cd0c263cb226db671261fff7ce9c555f18dafae3530db6dd493f2a3cc88731b9ae21b3e3b4523ae2594f47d8f62b480c4160b1f90ac9c41fae6ab12ac4c113fef588684ef494c89092883b902a41cd75387ef6f7bc7d461d5e665f398ff95596dc94ec97003c7e6f3c82fbd8de6e11aa4031a61c51caf7a65a2b613bda33f3eaeae635d7cd81761e74c38a7695800a15516eb337056e02335f9a7d10aa2eaf7beb7e1aed6e850ecb34211619b6a952db5bc96141b26c54d13c7a5416287a3b6f7aadf50bc549974b6401a19cdb130282b955592efa94242065a4c8d695a2cdd9ada350defd58c775b92d348305774d3a256c7520b28738ddbf5e20d604413ed2ddf9bcbf881caf811852806175d638909f6234fbcd7a88ae7dada7d6d0d77881387fdeaa0284abe90b88dfff412bff40c31c6415c54ae3335e54a49d315851feffe30d999c36def4df7df747695efbd649f42f310859122c0d2c1e558dc6586958a283762386ecf369274e43003a0fdff59ea515eb44504901ef0d00baa91c10a8e44a76aac3468a15bd3d45ad389977467f306f9bcde071b30769795eed2f1580414d168f557cd90605ff8f3a3d6bc5092548feb997204a12cece59181fcb5bad8c24bd9f8f78d17ab82831325501e80d899e9252f99d3a266639438ac5252d9bccff4dd9f45657f8224fc78eb1168fe0527fac33466aadf48f16994d29a47778566e0f3945b2bf36b6eecc7fa18914beb66ac9e519bd333b30d3ce2f50dddeea3447aebbe3bed781e39d5a0fb0cdc60e196f2261305feb596b68986af3eee7b199fefb5f79ffb2d1050e46982af1c14a88dd9000400002f56a8404755c73e74bb90e64bab9647c70ed5afca1c3d87907d01000100df6f40a80ace2bb8a2aad3b0c66915927db4233181943d88c0c76d5969e2043db5bd77fd600000013139929ccfec965c0c769785a4d23332ba1f0875e3146afef5b20cc306d3ecee65944fe9829ed0c3f6bb2fd81bc31152538db50f47dc38ba09fe0daa02d4e9c618b99266e7f2e88597e2813e1dba9c3c16e9fab3bda6ed33cb1c75513e2264b69d472dd0e1338688ba782b41bde141f99c4894ded98eff9aa53d22eb77c9d93169c04ab2490bf28106f770e07eb7a9e87dde71929f918b98c4cbfcb11a9013923167f493760278df0cc34be9e8f86f948d9a62e63ad6ca9d2195ff9c6320c85bddc42915e4f3a5db642447bc2195a3d64e04c9ecd1c313c08e29b814bd8fed1ab6d2846c73345962895d289ac77152cac2e0e32b75ce814731c542091f218dd1e68a15f8226577bf9481ae0555db64a717eb23a811356d000000000000000000000000000000000100"}) 1.445930011s ago: executing program 2 (id=4643): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=@newlink={0x58, 0x10, 0x401, 0x4002, 0x25dfdbff, {0x0, 0x0, 0xffff, 0x0, 0x1d188}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_VLAN_EGRESS_QOS={0x10, 0x3, 0x0, 0x1, [@IFLA_VLAN_QOS_MAPPING={0x6a, 0x1, {0x6, 0x9}}]}]}}}, @IFLA_IFNAME={0x14, 0x3, 'vlan0\x00'}]}, 0x58}}, 0x0) 1.351107197s ago: executing program 4 (id=4644): pipe(&(0x7f0000000100)={0xffffffffffffffff}) fsmount(r0, 0x0, 0x0) 1.250256028s ago: executing program 0 (id=4645): r0 = socket$l2tp(0x2, 0x2, 0x73) getsockopt$ARPT_SO_GET_ENTRIES(r0, 0x0, 0x61, &(0x7f0000000000)={'filter\x00', 0x4, "70e38ccf"}, &(0x7f0000000080)=0x2c) 1.163482557s ago: executing program 2 (id=4646): r0 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_CONTEXT(r0, 0x84, 0x11, 0x0, &(0x7f0000000180)) 1.135813704s ago: executing program 4 (id=4647): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="2800000012000100ea36e62ead494ab7bd7000fce2"], 0x28}, 0x1, 0x0, 0x0, 0x4000880}, 0x20000000) 1.116545573s ago: executing program 0 (id=4648): r0 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r0, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x7ffffffe, {0x0, 0xffffffffffffffff, 0x1, 0x0, 0x1003, 0x0, {0xa, 0x0, 0x404, @private1={0xfc, 0x1, '\x00', 0x1}}}}, 0x32) 1.017678609s ago: executing program 2 (id=4649): r0 = syz_open_dev$dri(&(0x7f0000000140), 0x0, 0x103000) ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(r0, 0xc01064bd, &(0x7f00000002c0)={0x0}) 952.82705ms ago: executing program 0 (id=4650): capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000040)={0x100, 0x100, 0x9, 0xffffffff}) bpf$PROG_LOAD(0x5, 0x0, 0x0) 827.537343ms ago: executing program 4 (id=4651): syz_mount_image$exfat(&(0x7f0000000280), &(0x7f00000000c0)='./file2\x00', 0x0, &(0x7f00000018c0)=ANY=[], 0xfd, 0x1501, &(0x7f00000002c0)="$eJzs3Am4T1X3OPC19t6H62b4JpnP2uvwTYZNkoSSZEiSJCRzQpIkSZK4ZEpCEjLeJHPInG665nnInHTzSpIkJCTZ/+c2/P16h5/3fX/9/vq/d32e5zz2cs7aZ+27nu89w/Pc79ddh1VvVKNKfWaGf4f+bYC//JMEAAkAMBAAcgBAAABlc5bNmb4/i8akf+sk4n9JgxlXugJxJUn/Mzbpf8Ym/c/YpP8Zm/Q/Y5P+Z2zS/4xN+i9EhjYr39WyZdxN3v//f079T5Ll+p8h4D/aIf3/T6P/paOl/xmb9D9jk/5nbNL/jCy40gWIK0w+/xmb9F+IDO0Pf6e84dyVfqct27+wCSGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQ/w+c85cYAPhtfKXrEkIIIYQQQgghxB/Hv3ulKxBCCCGEEEIIIcT/PgQFGgwEkAkyQwJkgUS4CrJCNsgOOSAGV0NOuAZywbWQG/JAXsgH+aEAFIQQCCwwRFAICkMcroMicD0UhWJQHEqAg5JQCm6A0nAjlIGboCzcDOXgFigPFX4+Z7rboTLcAVXgTqgK1aA61IC7oCbcDbXgHqgN90IduA/qwv1QDx6A+tAAGsKD0AgegsbQBJpCM2gOLaDlZfKTc/y9/OehB7wAPaEXJEFv6AMvQl/oB/1hAAyEl2AQvAyD4RUYAkNhGLwKw+E1GAGvw0gYBaPhDRgDY2EcjIcJMBGS4U2YBG/BZHj7oWwwFabBdJgBM2EWvAOzYQ7MhXdhHsyHBZCcZREshiXwHiyF9yEFPoBl8CGkwnJYASthFayGNbAW1sF62AAbYRNshi2wFbbBR7AddsBO2AW7YQ/shY9hH3wC++FTSMPP/sX8s7/Ph24ICKhQoUGDmTATJmACJmIiZsWsmB2zYwxjmBNzYi7MhbkxN+bFvJiE+bEgFkRCQkbGQlgI4xjHIlgEi2JRLI7F0aHDUlgKS+ONWAbLYFksi+WwHJbHClgBb8VbsRJWwspYGatgFayKVbE6Vse78C68G2thLayNtbEO1sG6WBfrYT2sj/WxITbERtgIG2NjbIpNsTk2x5bYElthK2yNrbEttsV22A7bY3vsgB2wI3bETtgJO2Nn7IJdsCt2xW74HD6Hz+Pz+AK+gL2wquqNfbAP9sW+2B8H4AB8CQfhy/gyvoJDcCgOw1fxVXwNR+AZHImjcDSOxkpqLI7D8chqIiZjMmaGSTgZJ+MUnIpTcTrOwJk4C2fhbJyDc/BdnIfzcT4uxIW4GJfgElyK72MKpuAyPIupuBxX4EpchatxFa7FdbgWN+BG3ICbcTNuxa34EX6EO3AH7sJduAf34Mf4MX6Cn+AQTMM0PIAH8CAexEN4CA/jYTyCR/AoHsVjeAyP43E8gSfxFJ7E03gaz+BZPAcA5/E8XsALeBEvpn/4VTqjjMqkMqkElaASVaLKqrKq7Cq7iqmYyqlyqlwql8qtcqu8Kq/Kr/KrgqqgIkWKVaQKqUIqruKqiCqiiqqiqrgqrpxyqpQqpUqr0qqMKqPKqptVOXWLKq8qqDbuVnWrqqTausrqDlVFVVFVVTVVXdVQNVRNVVPVUrVUbVVb1VF1VF11v6qnemN/bKDSO9NIDcXGahg2Vc1Uc9VCvYYPq1ZqBLZWbVRb9agahSOxvWrlOqgnVEc1Djupp9R4fFp1UROxq3pWdVPPqe7qedVDtXY9VS81BXurPmo69lX9VH81QM3Gaiq9Y9XVK+r5zEPVMPWqWoyvqRHqdTVSjVKj1RtqjBqrxqnxaoKaqJLVm2qSektNVm+rKWqqmqamqxlqppql3lGz1Rw1V72r5qn5aoFaqBapxWqJek8tVe+rFPWBWqY+VKlquVqhVqpVarVao9aqdWq92qA2qk1qs9qitqpt6iO1Xe1QO9UutVvtUXvVx2qf+kTtV5+qNPWZOqD+og6qz9Uh9YU6rL5UR9RX6qj6Wh1T36jj6lt1Qp1Up9R36rT6Xp1RZ9U59YM6r35UF9RP6qLyCjRqpbU2OtCZdGadoLPoRH2Vzqqz6ew6h47pq3VOfY3Opa/VuXUendfk0/l1AV1Qh5q01awjXUgX1nF9nS6ir9dFdTFdXJfQTpfUpfQNurS+UZfRN+my+mZdTt+iy+sKuqIHfZuupG/XlfUduoq+U1fV1XR1XUPfpWvqu3UtfY+ure/VdfR9uq6+X9fTD+j6uoFuqB/UjfRDurFuopvqZrq5bqFb6od1K/2Ibq3b6Lb6Ud1OP6bb68d1B/2E7qif1J30U7qzflp30c/orvpZ3U0/p7vrn/RF7XVP3Usn6d66j35R99X9dH89QA/UL+lB+mU9WL+ih+iheph+VQ/Xr+kR+nU9Uo/So/Ubeoweq8fp8XqCnqiT9Zt6kn5LT9Zv6yl6qp6mp+sZeqbu/+tMc/+J/Lf+Tv7gn8++VW/TH+nteofeqXfp3XqP3qv36n16n96v9+s0naYP6AP6oD6oD+lD+rA+rI/oI/qoPqqP6WP6uD6uT+iT+gf9nT6tv9dn9Fl9Vv+gz+vz+sKvPwMwaJTRxpjAZDKZTYLJYhLNVSaryWaymxwmZq42Oc01Jpe51uQ2eUxek8/kNwVMQRMaMtawiUwhU9jEzXWmiLneFDXFTHFTwjhT0pQyN/yP8y9XX0vT0rQyrUxr09q0NW1NO9POtDftTQfTwXQ0HU0n08l0Np1NF9PFdDVdTTfTzXQ33U0P08P0ND1NkkkyfcyLpq/pZ/qbAWageckMMoPMYDPYDDFDzDAzzAw3w80IM8KMNCPNaDPajDFjzDgzzkwwE0yyz2EmmUlmsplsppgpZtrAHGaGmWFmmVlmtplt5pq5Zp6ZZxaYBWaRWWSWmCVmqVlqUkyKWWaWmVSz3Cw3K81Ks9qsNmvNWrPerDcbzUaz2Ww2qWab2Wa2m+1mp9lpdpvdZq/Za/aZfWa/2W/STJo5YA6Yg+agOWQOmcPmsDlijpij5qg5Zo6Z4+a4OWFOmFPmlDltTpsz5ow5Z86Z8+a8uWAumIvmYvptX6ACFZjABJmCTEFCkBAkBolB1iBrkD3IHsSCWJAzyBnkCq4Ncgd5grxBviB/UCAoGIQBBTbgIAoKBYWDeHBdUCS4PigaFAuKByUCF5QMSgU3BKWDG4MywU1B2eDmoFxwS1A+qBBUDG4NbgsqBbcHlYM7girBnUHVoFpQPagR3BXUDO4OagX3BLWDe4M6wX1B3eD+oF7wQFA/aBA0DB4MGgUPBY2DJkHToFnQPGgRtPxD5/f+TJ5HXM+wV5gU9g77hC+GfcN+Yf9wQDgwfCkcFL4cDg5fCYeEQ8Nh4avh8PC1cET4ejgyHBWODt8Ix4Rjw3Hh+HBCODFMDt8MJ4VvhZPDt8Mp4dRwWjA9nBHODGeF74Szwznh3PDdcF44P1wQLgwXhYtD/OWWGFLCD8Jl4Ydharg8XBGuDFeFq8M14dpwXbg+3BBuDDeFm8sO+uXQcHu4I9wZ7gp3h3vCveHH4b7wk3B/+GmYFn4WHgj/Eh4MPw8PhV+Eh8MvwyPhV+HR8OvwWPhNeDz8NjwRngxPhd+Fp8PvwzPh2fBc+EN4PvwxvBD+FF4MffrNffrlnQwZykSZKIESKJESKStlpeyUnWIUo5yUk3JRLspNuSkv5aX8lJ8KUkFKx8RUiApRnOJUhIpQUSpKxak4OXJUikpRaSpNZagMlaWyVI7KUXkqTxWpIt1Gt9HtdDvdQXfQnXQnVaNqVINqUE2qSbWoFtWm2lSH6lBdqkv1qB7Vp/rUkBpSI2pEjakxNaWm1JyaU0tqSa2oFbWm1tSW2lI7akftqT11oA7UkTpSJ+pEnakzdaEu1JW6UjfqRt2pO/WgHtSTelISJVEf6kN9qS/1p/40kAbSIBpEg2kwDaEhNIyG0XAaTiNoBI2kUTSa3qAxNJbG0XiaQBMpmZJpEk2iyTSZptAUmkbTaAbNoFk0i2bTbJpLc2kezaMFtIAW0SJaQktoKS2lFEqhZbSMUimVVtAKWkWraA2toXW0jjbQBtpEm2gLbaFttI2203baSTtpN+2mvbSX9tE+2k/7KY3S6AAdoIN0kA7RITpMh+kIHaGjdJSO0TE6TsfpBJ2gU3SKTtNpOkNn6Bydo/P0I12gn+gieUqwWWyivcpmtdlsdpvD/nWc1+az+W0BW9CGNrfN87uYrLVFbTFb3Jawzpa0pewNfxOXtxVsRXurvc1Wsrfbyra8zQL/Na5p77a17D22tr3X1rB3/S6uY++zde1Dtp5tYuvbZrahbWEb2YdsY9vENrXNbHPbwrazj9n29nHbwT5hO9on/yZeat+36+x6u8FutPvsJ/ac/cEetV/b8/ZH29P2sgPtS3aQfdkOtq/YIXbo72MAO9q+YcfYsXacHW8n2Il/E0+z0+0MO9POsu/Y2XbO38RL7Ht2nk2xC+xCu8gu/jlOrynFfmCX2Q9tql1uV9iVdpVdbdfYtf+31pV2s91it9q99mO73e6wO+0uu9vu+TlOX8d++6lNs5/ZI/Yre9B+bg/ZY/aw/fLnOH19x+w39rj91p6wJ+0p+509bb+3Z+zZn9efvvbv7E/2ovUWGFmxZsMBZ+LMnMBZOJGv4qycjbNzDo7x1ZyTr+FcfC3n5jycl/Nxfi7ABTlkYsvMERfiwhzn67gIX89FuRgX5xLsuCSX4hu4NN/IZfgmLss3czm+hctzBa7It/JtXIlv58p8B1fhO7kqV+PqXIPv4pp8N9fie7g238t1+D6uy/dzPX6A63MDbsgPciN+iBtzE27Kzbg5t+CW/DC34ke4Nbfhtvwot+PHuD0/zh34Ce7IT3Infoo789PchZ/hrvwsd+PnuDs/zz34Be7JvTiJe3MffpH7cj/uzwN4IL/Eg/hlHsyv8BAeysP4VR7Or/EIfp1H8igezW/wGB7L43g8T+CJnMxv8iR+iyfz2zyFp/I0ns4zeCbP4nd4Ns/hufwuz+P5vIAX8iJezEv4PV7K73MKf8DL+ENO5eW8glfyKl7Na3gtr+P1vIE38ibezFt4K2/jj3g77+CdvIt38x7eyx/zPv6E9/OnnMaf8QH+Cx/kz/kQf8GH+Us+wl/xUf6aj/E3fJy/5RN8kk/xd3yav+czfJbP8Q98nn/kC/wTX2TPEGGkIh2ZKIgyRZmjhChLlBhdFWWNskXZoxxRLLo6yhldE+WKro1yR3mivFG+KH9UICoYhRFFNuIoigpFhaN4dF1UJLo+KhoVi4pHJSIXlYxKRTdEpaMbozLRTVHZ6OaoXHRLVD6qEFWMbo1uiypFt0eVozuiKtGdUdWoWlQ9qhHdFdWM7o5qRfdEtaN7ozLRfVHd6P6oXvRAVD9qEDWMHowaRQ9FjaMmUdOoWdQ8ahG1jB6OWkWPRK2jNlHb6NGoXfRY1D56POoQPRF1jJ68tL9Y8MvV9K/2J0W9I/3rG7J79KL44viS+HvxpfH34ynxD+LL4h/GU+PL4yviK+Or4qvja+Jr4+vi6+Mb4hvjm+Kb41viW+Pe18gMDtMfhMG4wGVymV2Cy+IS3VUuq8vmsrscLuaudjndNS6Xu9bldnlcXpfP5XcFXEEXOnLWsYtcIVfYxd11roi73hV1xVxxV8I5V9KVci1cS9fStXKPuNaujWvrHnWPusfcY+7xhF8Ld53cU66ze9p1cc+4Z9yzrpt7znV3z7se7gXX0/VySS7J9XF9XF/X1/V3/d1AN9ANcoPcYDfYDXFD3DA3zA13w90IN8KNdCPdaDfajXFj3Dg3zk1wE1yyS3aT3CQ32U12U9wUN81NczPcDDfLzXKz3Ww3181189w8t8AtcIvcIrfELXFL3VKX4lLcMrfMpbpUt8KtcKvcKrfGrXHr3Dq3wW1wm9wmt8VtcdvcNrfdbXc73U632+12e91et8/tc/vdfpfm0twBd8AddAfdIfeFO+y+dEfcV+6o+9odc9+44+5bd8KddKec16fd9+6MO+vOuR/cefeju+B+chedd8mxN2OTYm/FJsfejk2JTY1Ni02PzYjNjM2KvRObHZsTmxt7NzYvNj+2ILYwtii2OLYk9l5saez9WErsg9iy2Iex1Njy2IrYytiq2OqY9wW2R76QL+zj/jpfxF/vi/pivrgv4Z0v6Uv5G3xpf6Mv42/yZf3Nvpy/xZf3FXxF38Q39c18c9/Ct/QP+1b+Ed/at/Ft/aO+nX/Mt/eP+w7+Cd/RP+k7+ad8Z/+07+Kf8V39s/N/7bLv4V/wPX0vn+R7+z7+Rd/X9/P9/QA/0L/kB/mX/WD/ih/ih/ph/lU/3L/mR/jX/Ug/yo/2b/gxfqwf58f7CX6iT/Zv+kn+LT/Zv+2n+Kl+mp/uZ/iZfpZ/x8/2c/xc/66f5+f7BX6hX+QX+yX+Pb/Uv+9T/Ad+mf/Qp/rlfoVf6Vf51X6NX+vX+fV+g9/oN/nNfovf6rf5j/x2v8Pv9Lv8br/H7/Uf+33+E7/ff+rT/Gf+gP+LP+g/94f8F/6w/9If8V/5o/5rf8x/44/7b/0Jf9Kf8t/50/57f8af9ef8D/68/9Ff8D/5i/I3a0IIIYQQ/xR9mf29/87/qV+3dH0AINuOfIf/es5NuX8Z91P7OsYA4IleXRv8tjVokJSU9OuxqRqCwgsBIHYp/+fvH/g1Xg5t4THoAG2g9N+tr5+q+PN93383f/xmgESALL/lpD8eJcJfz3/jP5i/yXt8ufkXAhQtfCkn/US/xZfmL/MP5t/T7jLzZ/k8GaD1f8nJCpfiS/OXgkfgSejwuyOFEEIIIYQQQohf9FPnu13u+Tb9+Ty/uZSTGS7Fl3s+v4zKf8QahBBCCCGEEEII8d97+rnujz/coUObzv/Jg8x/jjL+BAMEgD9BGTL48w+u9G8mIYQQQgghxB/t0k3/la5ECCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYTIuP79bwhT//TBV3qNQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghxJX2fwIAAP//5g1V0w==") rename(&(0x7f0000001980)='./file1\x00', &(0x7f00000001c0)='./file0/file1\x00') 706.822591ms ago: executing program 2 (id=4652): r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000440)='/proc/mdstat\x00', 0x1800, 0x0) quotactl_fd$Q_GETFMT(r0, 0xffffffff80000401, 0xffffffffffffffff, &(0x7f0000000040)) 600.280325ms ago: executing program 0 (id=4653): r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/ip6_mr_cache\x00') read$FUSE(r0, &(0x7f0000000e00)={0x2020}, 0x2020) 500.242176ms ago: executing program 0 (id=4654): syz_usb_connect(0x3, 0x8c6, &(0x7f0000000300)=ANY=[@ANYBLOB="1201500236e47e2082055c2955d4010203010902b408048006a00309047f0e01ff2dde700a2401010080020102081305052f"], &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0}) sendmsg$NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, 0x0, 0x8040) 395.905119ms ago: executing program 2 (id=4655): syz_mount_image$hfs(&(0x7f00000007c0), &(0x7f0000000000)='./file1\x00', 0x30008c0, &(0x7f0000000040)=ANY=[@ANYBLOB="66696c655f756d61736b3d30303030303030303030303030303030303030373737372c6469725f756d61736b3d30303030303030303030303030303030303030303030302c696f636861727365743d69736f383835392d362c636f6465706167653d63703835352c63726561746f723d4ddd71752c00eeabc72a9832436950c6116498dda8be60a94746ea68766f63d1d63944fbda2a9337439b37b6f2a694ba98f40070d09c3890bd28a2018f1adfe1e0a630020a9cac1a43800a70a9328ddb2a2f2e207da7cd3caf243b39eaff4966b7aa97cb6cc7d2cfc59e7a976de0a00d23c7ffaaa056cc4f8bc7b4c0f9a21db642b3e832e30a90ba1b9e7933b77c60f6a1b9ca9128f0a2d0e23373c9d15c79865bae97ddd82b98001b6aa9c5390e4deaf5f0ee492c6842b1c08486e479a889491459a257e9d4083634dac6cd58520f72e6c2f11bbd5b03655bb1863b16f3", @ANYBLOB="11f4579be01e435c584a33c63f8173f96bc4546035804d47be19163bd9e589bfdd0a9e6804495a4e4d83804e78ac5a72446295afd79de3fd6a02932a26ab4045133c371e56b0d48544db3c7db23a432f837b93f89b6f223cd1f6731d407ffdcedd9467f5cd2d6c4e8b3043614238ac91501a4bb780c4723929e22f55254546facc4f0284e644e6", @ANYRES8, @ANYRESDEC=0x0], 0x11, 0x31b, &(0x7f0000000240)="$eJzs3T1rFE8cB/Dv7F5yl3+O/FcTESxEogHTiMZGbE7CvQgrUXMXCC4naoIPCEaxEjG9vaWtr0FsFME6VlZiYRULGZmHvX3e2+jt3UW/H/DY3dmZ/e3NzlMwWRDRP2u1vfvq/Bf1TwAuXODZRcAB0ABqAI7gaGOrt7mx6Xc7RQW5OF43uQRMTpE6Z63XzcragM1heWqvhmb0GFVDSnnp87iDoLHTrV+6we6M/jyhe4K6bZ06sTHGGLM83n+Wb+rmtqsIZqIU15TYwx7uNZsjC4eIiCaSMOO7Y8f5pp2/Ow6wZAcTlTZx4//v2ht3AJWThalm/MdcsPKSQtX7/zopXO/pJZxKd4JVYlZZrxP7U4n9aZinx40FMGhVqWNxZtY3/O6ZtZt+x8ETtKzIaQv6s2MfTysWbT1V9GLG2rRAv7SZ3FNE9oxyVt/DlLqHFRP/XQCx+OcLr1gB8U58EFeEh5fo6PpXalKoatI15SVqysR/Nr9EfZeeOgu222i1Wk7slEP6IsfsFawBd9mIhxE1bcuM/YDAGxSnznU4kcvc3bkBueYzc63o7WU4ObkWYrnU3axv+G/zLzUS4oW4LBbxFW/Q7te/aj6u6eqTLTPy0IetRiyZoUB/46p1xms2orZkeyI9cmx92n1ojqebS/9bTDdY60dxn0b78BzXcQFzd+4/uOH6fve22rjmq8dVb/SP3GraDb879RSIJk3KBrbDI3VILXVyMCiNMrDloRao+o+MJNWwet+DI6qVDSrw0Z/Go/qBSr+62RJ3sb+NoOsaToHt98N5kIJpQyzpp5RyhI1ox07Ykklj65lohMJKL3d+xlSHDjZVpcKs/8L1Ss1M9tSHlzlPL/mDAFuiVHPs/gouzCvNjBzAfwUruKxic1dw6TVXas2o11wnTwOnyl/Rs3H+JUQbH3E1Mv8nIiIiIiIiIiIiIiIiIiIiIiIiIqIDodpfMKih/P8sJyIiIiIiIiIiIiIiIiIiIiIiIiIiIiKiPKsNmL97jeD9vyj3/t/kq1hc8yfBh/L+350e+P5four9CgAA//8sNHMW") syz_mount_image$exfat(0x0, &(0x7f0000000100)='./bus\x00', 0x20020c0, 0x0, 0x1, 0x0, &(0x7f0000001a00)) 395.00376ms ago: executing program 1 (id=4656): r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$sock_timeval(r0, 0x1, 0x15, 0x0, &(0x7f0000000340)) 253.522139ms ago: executing program 5 (id=4657): r0 = syz_open_dev$vcsa(&(0x7f0000000380), 0x7b95b611, 0x802) write$sndseq(r0, 0x0, 0x0) 221.624947ms ago: executing program 4 (id=4658): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000b40)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x12, 0xa, 0x9, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x1}]}], {0x14}}, 0x64}}, 0x0) 166.634738ms ago: executing program 1 (id=4659): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000400)=@newtaction={0xb4, 0x30, 0x48b, 0x0, 0x0, {}, [{0xa0, 0x1, [@m_ctinfo={0x48, 0x2, 0x0, 0x0, {{0xb}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CTINFO_ACT={0x18, 0x3f, {0x1, 0x7, 0x7, 0x1, 0x3}}]}, {0x4}, {0xc}, {0xc}}}, @m_nat={0x54, 0x1, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{0x0, 0x0, 0x0, 0xfffffffe}, @multicast2, @remote}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xb4}}, 0x980) 45.406538ms ago: executing program 2 (id=4660): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt(r0, 0x84, 0x83, &(0x7f00000002c0)="8a00000000000000", 0x8) 0s ago: executing program 4 (id=4661): r0 = syz_init_net_socket$ax25(0x3, 0x2, 0xc4) bind$tipc(r0, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x3, {0x43, 0x4, 0x2}}, 0x10) kernel console output (not intermixed with test programs): New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 466.435278][T13937] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 466.442993][T13937] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 466.648973][ T5939] usb 2-1: new full-speed USB device number 105 using dummy_hcd [ 466.659613][ T5842] Bluetooth: hci4: unexpected event for opcode 0x2060 [ 466.730252][ T5841] usb 1-1: string descriptor 0 read error: -71 [ 466.775282][ T5841] option 1-1:234.242: GSM modem (1-port) converter detected [ 466.867366][ T5939] usb 2-1: config 9 has an invalid interface number: 81 but max is 0 [ 466.875697][ T5939] usb 2-1: config 9 has no interface number 0 [ 466.882839][ T5939] usb 2-1: config 9 interface 81 has no altsetting 0 [ 466.899096][ T5841] usb 1-1: USB disconnect, device number 106 [ 466.916909][ T5939] usb 2-1: New USB device found, idVendor=05f9, idProduct=ffff, bcdDevice=f0.f4 [ 466.929474][ T5939] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 466.953217][ T5939] usb 2-1: Product: syz [ 466.957452][ T5939] usb 2-1: Manufacturer: syz [ 466.977009][ T5841] option 1-1:234.242: device disconnected [ 466.984295][ T5939] usb 2-1: SerialNumber: syz [ 467.265406][ T5939] usbserial_generic 2-1:9.81: The "generic" usb-serial driver is only for testing and one-off prototypes. [ 467.298626][ T5939] usbserial_generic 2-1:9.81: Tell linux-usb@vger.kernel.org to add your device to a proper driver. [ 467.331489][ T5939] usbserial_generic 2-1:9.81: generic converter detected [ 467.365233][ T5939] usb 2-1: generic converter now attached to ttyUSB0 [ 467.382274][T13953] loop3: detected capacity change from 0 to 32768 [ 467.408471][ T5939] usb 2-1: USB disconnect, device number 105 [ 467.416594][T13953] jfs: Unexpected value for 'nodiscard' [ 467.454980][ T5939] generic ttyUSB0: generic converter now disconnected from ttyUSB0 [ 467.485710][ T5939] usbserial_generic 2-1:9.81: device disconnected [ 467.571277][T13977] loop2: detected capacity change from 0 to 1024 [ 467.673917][T13977] EXT4-fs error (device loop2): ext4_orphan_get:1417: comm syz.2.3409: bad orphan inode 14 [ 467.688552][T13977] loop2: lost filesystem error report for type 5 error -117 [ 467.690209][T13977] ext4_test_bit(bit=13, block=4) = 1 [ 467.697633][ C1] EXT4-fs (loop2): error count since last fsck: 1 [ 467.697657][ C1] EXT4-fs (loop2): initial error at time 1788339050: ext4_orphan_get:1417 [ 467.697691][ C1] EXT4-fs (loop2): last error at time 1788339050: ext4_orphan_get:1417 [ 467.788090][T13977] is_bad_inode(inode)=0 [ 467.792421][T13977] NEXT_ORPHAN(inode)=0 [ 467.796773][T13977] max_ino=32 [ 467.800036][T13977] i_nlink=1 [ 467.818696][T13977] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 468.067536][ T5853] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 468.306025][ T5939] usb 2-1: new high-speed USB device number 106 using dummy_hcd [ 468.463347][T13975] loop4: detected capacity change from 0 to 32768 [ 468.502945][T13975] lbmIODone: I/O error in JFS log [ 468.508290][T13975] *** Log Format Error ! *** [ 468.513530][ T5939] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 468.524539][ T5939] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 468.555394][T13975] lmLogInit: exit(-22) [ 468.564920][ T5939] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 468.573137][T13975] lmLogOpen: exit(-22) [ 468.578093][T13975] jfs_mount_rw failed, return code = -22 [ 468.595513][ T5939] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 468.617098][ T5939] usb 2-1: Product: syz [ 468.621329][ T5939] usb 2-1: Manufacturer: syz [ 468.658543][ T5939] usb 2-1: SerialNumber: syz [ 468.674865][ T5939] cdc_mbim 2-1:1.0: skipping garbage [ 468.690334][ T5939] cdc_mbim 2-1:1.0: skipping garbage [ 468.706944][ T5939] cdc_mbim 2-1:1.0: MBIM functional descriptor missing [ 468.725963][ T5939] cdc_mbim 2-1:1.0: bind() failure [ 468.793854][T13992] ip6_tunnel: non-ECT from fe80:0000:0000:0000:0000:0000:0000:00bb with DS=0x1f [ 468.937830][ T5939] usb 2-1: USB disconnect, device number 106 [ 469.083816][T13979] loop0: detected capacity change from 0 to 40427 [ 469.108407][T13979] f2fs: Unexpected value for 'prjquota' [ 469.578898][T14001] loop2: detected capacity change from 0 to 128 [ 469.732696][T13993] loop4: detected capacity change from 0 to 40427 [ 469.766923][T13993] F2FS-fs: quotafile must be on filesystem root [ 469.784778][T14009] loop0: detected capacity change from 0 to 16 [ 469.832369][T14009] erofs (device loop0): mounted with root inode @ nid 36. [ 469.882733][T14011] loop1: detected capacity change from 0 to 1024 [ 469.956786][T14011] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 469.974245][ T5907] usb 3-1: new full-speed USB device number 109 using dummy_hcd [ 470.102930][T14018] loop0: detected capacity change from 0 to 16 [ 470.127932][T14018] erofs (device loop0): mounted with root inode @ nid 36. [ 470.204560][ T5907] usb 3-1: unable to get BOS descriptor or descriptor too short [ 470.230313][ T5907] usb 3-1: not running at top speed; connect to a high speed hub [ 470.238943][ T5839] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 470.261652][ T5907] usb 3-1: config 13 has an invalid interface number: 120 but max is 0 [ 470.290280][ T5907] usb 3-1: config 13 has no interface number 0 [ 470.315728][ T5907] usb 3-1: config 13 interface 120 has no altsetting 0 [ 470.337399][ T5907] usb 3-1: New USB device found, idVendor=1604, idProduct=8005, bcdDevice=a1.c9 [ 470.346505][ T5907] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 470.390349][ T5907] usb 3-1: Product: syz [ 470.394578][ T5907] usb 3-1: Manufacturer: syz [ 470.438562][ T5907] usb 3-1: SerialNumber: syz [ 470.460049][T14020] loop0: detected capacity change from 0 to 1024 [ 470.478402][T14013] loop3: detected capacity change from 0 to 32768 [ 470.518949][T14013] BTRFS: device fsid 18898830-c59e-4026-919d-fe1055706c2c devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.3426 (14013) [ 470.541302][T14020] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 470.560269][T14013] BTRFS info (device loop3): first mount of filesystem 18898830-c59e-4026-919d-fe1055706c2c [ 470.614783][T14013] BTRFS info (device loop3): using xxhash64 checksum algorithm [ 470.755567][ T5836] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 470.804551][T14040] loop4: detected capacity change from 0 to 512 [ 470.822156][T14013] BTRFS info (device loop3): enabling ssd optimizations [ 470.829265][ T5931] usb 2-1: new high-speed USB device number 107 using dummy_hcd [ 470.855689][ T5907] usb 3-1: USB disconnect, device number 109 [ 470.874491][T14013] BTRFS info (device loop3): turning on async discard [ 470.894082][T14013] BTRFS info (device loop3): enabling free space tree [ 470.912008][T14040] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 471.031610][ T5931] usb 2-1: Using ep0 maxpacket: 32 [ 471.040074][ T5931] usb 2-1: config 0 has an invalid interface number: 219 but max is 0 [ 471.050572][ T5931] usb 2-1: config 0 has no interface number 0 [ 471.071581][ T5851] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 471.083860][T14046] loop0: detected capacity change from 0 to 512 [ 471.090199][ T5931] usb 2-1: config 0 interface 219 altsetting 0 has an endpoint descriptor with address 0xDB, changing to 0x8B [ 471.108771][ T6504] udevd[6504]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:13.120/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 471.126725][ T5931] usb 2-1: config 0 interface 219 altsetting 0 endpoint 0x8B has invalid maxpacket 28739, setting to 1024 [ 471.130482][ T5837] BTRFS info (device loop3): last unmount of filesystem 18898830-c59e-4026-919d-fe1055706c2c [ 471.143751][ T5931] usb 2-1: config 0 interface 219 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 471.171682][ T5931] usb 2-1: config 0 interface 219 altsetting 0 has a duplicate endpoint with address 0xB, skipping [ 471.185276][ T5931] usb 2-1: New USB device found, idVendor=108c, idProduct=0169, bcdDevice=75.b9 [ 471.197504][ T5931] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 471.208236][ T5931] usb 2-1: Product: syz [ 471.213016][ T5931] usb 2-1: Manufacturer: syz [ 471.218406][ T5931] usb 2-1: SerialNumber: syz [ 471.221283][T14046] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 471.230893][ T5931] usb 2-1: config 0 descriptor?? [ 471.244924][T14024] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 471.280132][T14046] ext4 filesystem being mounted at /686/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 471.372633][T14049] loop4: detected capacity change from 0 to 128 [ 471.480051][ T5836] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 471.527288][ T5931] etas_es58x 2-1:0.219: Starting syz syz (Serial Number syz) [ 471.615079][ T5931] usb 2-1: USB disconnect, device number 107 [ 471.618296][T14052] loop2: detected capacity change from 0 to 1024 [ 471.722468][T14052] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 471.858273][T14056] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 471.899850][T14059] ntfs3(loop0): Failed to load $MFT (-22). [ 471.946038][ T5853] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 472.054211][ T5851] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 472.350378][T14062] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 472.477536][T14065] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 472.575210][ T5853] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 472.790509][ T5851] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 472.814359][T14053] BTRFS: device fsid a4d06b90-61a4-49cd-bf5f-2183c3574322 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.3434 (14053) [ 472.911042][T14053] BTRFS info (device loop3): first mount of filesystem a4d06b90-61a4-49cd-bf5f-2183c3574322 [ 472.956823][T14053] BTRFS info (device loop3): using blake2b checksum algorithm [ 473.246344][T14053] BTRFS info (device loop3): enabling ssd optimizations [ 473.299539][T14053] BTRFS info (device loop3): turning on async discard [ 473.306379][T14053] BTRFS info (device loop3): enabling free space tree [ 473.506463][T14068] gfs2: fsid=syz:syz: Trying to join cluster "lock_dlm", "syz:syz" [ 473.561439][T14068] dlm: no local IP address has been set [ 473.578559][ T5837] BTRFS info (device loop3): last unmount of filesystem a4d06b90-61a4-49cd-bf5f-2183c3574322 [ 473.602913][T14068] dlm: cannot start dlm midcomms -107 [ 473.608505][T14068] gfs2: fsid=syz:syz: dlm_new_lockspace error -107 [ 473.912688][T14103] MTD: Attempt to mount non-MTD device "/dev/loop1" [ 473.994549][T14101] EXT4-fs error (device loop0): ext4_do_update_inode:5569: inode #15: comm syz.0.3449: corrupted inode contents [ 474.110556][T14101] loop0: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 474.111145][T14101] EXT4-fs (loop0): Remounting filesystem read-only [ 474.126946][ C0] EXT4-fs (loop0): error count since last fsck: 1 [ 474.126971][ C0] EXT4-fs (loop0): initial error at time 1788339056: ext4_do_update_inode:5569: inode 15 [ 474.127006][ C0] EXT4-fs (loop0): last error at time 1788339056: ext4_do_update_inode:5569: inode 15 [ 474.206075][T14101] EXT4-fs (loop0): 1 orphan inode deleted [ 474.230523][T14101] EXT4-fs (loop0): mounted filesystem 00000800-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 474.270844][ T5841] usb 4-1: new full-speed USB device number 104 using dummy_hcd [ 474.487077][ T5841] usb 4-1: config 0 has an invalid interface number: 31 but max is 0 [ 474.508223][ T5841] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 474.548957][ T5836] EXT4-fs (loop0): unmounting filesystem 00000800-0000-0000-0000-000000000000. [ 474.553927][ T5841] usb 4-1: config 0 has no interface number 0 [ 474.582434][ T5841] usb 4-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16 [ 474.624709][ T5841] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 474.651642][ T5841] usb 4-1: Product: syz [ 474.667543][ T5841] usb 4-1: Manufacturer: syz [ 474.677358][ T5841] usb 4-1: SerialNumber: syz [ 474.758736][ T5841] usb 4-1: config 0 descriptor?? [ 474.781568][ T5841] hub 4-1:0.31: bad descriptor, ignoring hub [ 474.809495][ T5841] hub 4-1:0.31: probe with driver hub failed with error -5 [ 474.840465][ T5841] uvcvideo 4-1:0.31: Found UVC 0.04 device syz (046d:08c3) [ 474.870230][ T5841] uvcvideo 4-1:0.31: No valid video chain found. [ 474.972107][T14110] BTRFS: device fsid 5ac8a51e-da3a-4998-8e66-e1df06b87bc8 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.3452 (14110) [ 475.020853][T14113] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 475.035589][T14105] btrfs: Bad value for 'max_inline' [ 475.043122][T14110] BTRFS info (device loop1): first mount of filesystem 5ac8a51e-da3a-4998-8e66-e1df06b87bc8 [ 475.130857][T14110] BTRFS info (device loop1): using xxhash64 checksum algorithm [ 475.227218][ T5841] usb 4-1: USB disconnect, device number 104 [ 475.256736][ T5836] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 475.468739][T14110] BTRFS info (device loop1): enabling ssd optimizations [ 475.475746][T14110] BTRFS info (device loop1): turning on async discard [ 475.532379][T14110] BTRFS info (device loop1): enabling free space tree [ 475.544467][T14131] set_capacity_and_notify: 16 callbacks suppressed [ 475.544487][T14131] loop0: detected capacity change from 0 to 128 [ 475.606137][T14133] loop4: detected capacity change from 0 to 128 [ 475.707920][ T5839] BTRFS info (device loop1): last unmount of filesystem 5ac8a51e-da3a-4998-8e66-e1df06b87bc8 [ 475.803157][T14135] loop3: detected capacity change from 0 to 512 [ 476.179603][T14137] loop4: detected capacity change from 0 to 8192 [ 476.508224][T14143] loop1: detected capacity change from 0 to 2048 [ 476.529534][T14145] loop4: detected capacity change from 0 to 128 [ 476.849972][T14148] loop4: detected capacity change from 0 to 16 [ 476.907019][T14148] erofs (device loop4): mounted with root inode @ nid 36. [ 476.907150][T14149] loop1: detected capacity change from 0 to 128 [ 478.028196][T14154] loop4: detected capacity change from 0 to 32768 [ 478.153740][T14151] loop2: detected capacity change from 0 to 32768 [ 478.196748][T14151] gfs2: fsid=syz:syz: Trying to join cluster "lock_dlm", "syz:syz" [ 478.237260][T14151] dlm: no local IP address has been set [ 478.242876][T14151] dlm: cannot start dlm midcomms -107 [ 478.293030][T14151] gfs2: fsid=syz:syz: dlm_new_lockspace error -107 [ 479.992165][T14161] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 480.033064][T14161] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 480.276720][T14161] gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents in 0ms [ 480.311103][ T5907] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 480.331724][ T5907] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 480.482373][T14169] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 480.539114][T14169] ext4 filesystem being mounted at /695/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 480.639892][ T5836] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 480.721747][ T5907] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 364ms [ 480.738794][ T5907] gfs2: fsid=syz:syz.0: jid=0: Done [ 480.746056][T14161] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 481.068501][T14176] set_capacity_and_notify: 4 callbacks suppressed [ 481.068523][T14176] loop0: detected capacity change from 0 to 4096 [ 481.166327][T14176] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512). [ 482.356688][T14181] loop1: detected capacity change from 0 to 32768 [ 482.522712][T14182] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 482.983449][T14179] loop0: detected capacity change from 0 to 65536 [ 483.359570][T14186] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 483.465082][T14188] loop4: detected capacity change from 0 to 1024 [ 483.932056][T14192] loop2: detected capacity change from 0 to 2048 [ 483.988659][T14193] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 484.266411][T14190] loop4: detected capacity change from 0 to 16384 [ 484.355438][T14196] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 484.807837][T14202] loop4: detected capacity change from 0 to 1 [ 484.834664][T14202] syz.4.3483: attempt to access beyond end of device [ 484.834664][T14202] loop4: rw=2048, sector=0, nr_sectors = 8 limit=1 [ 484.880431][T14202] SQUASHFS error: Failed to read block 0x0: -5 [ 484.902013][T14202] unable to read squashfs_super_block [ 485.137548][T14206] loop4: detected capacity change from 0 to 1024 [ 485.150779][T14198] loop0: detected capacity change from 0 to 32768 [ 485.183301][T14198] (syz.0.3479,14198,0):ocfs2_check_set_options:1244 ERROR: Invalid heartbeat mount options [ 485.208067][T14206] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 485.217500][T14198] (syz.0.3479,14198,0):ocfs2_fill_super:1177 ERROR: status = -22 [ 485.473849][T14211] loop0: detected capacity change from 0 to 512 [ 485.549398][T14211] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [ 485.556842][T14211] UDF-fs: Scanning with blocksize 512 failed [ 485.613994][T14211] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [ 485.621432][T14211] UDF-fs: Scanning with blocksize 1024 failed [ 485.639944][T14210] ntfs3(loop4): Different NTFS sector size (2048) and media sector size (512). [ 485.684903][T14211] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [ 485.699790][T14211] UDF-fs: Scanning with blocksize 2048 failed [ 485.731789][T14211] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256 [ 485.758009][T14211] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 486.150298][T14213] UDF-fs: warning (device loop0): udf_load_vrs: No anchor found [ 486.182015][T14213] UDF-fs: Scanning with blocksize 512 failed [ 486.259551][T14213] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 486.434367][T14204] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 486.501584][T14204] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 486.558158][T14204] gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents in 0ms [ 486.641858][ T5939] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 486.648693][ T5939] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 486.998120][T14219] set_capacity_and_notify: 3 callbacks suppressed [ 486.998140][T14219] loop0: detected capacity change from 0 to 16384 [ 487.037441][T14219] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [ 487.044876][T14219] UDF-fs: Scanning with blocksize 512 failed [ 487.074011][ T5939] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 397ms [ 487.112643][T14219] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [ 487.120190][T14219] UDF-fs: Scanning with blocksize 1024 failed [ 487.121722][ T5939] gfs2: fsid=syz:syz.0: jid=0: Done [ 487.155841][T14204] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 487.182749][T14219] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [ 487.217695][T14219] UDF-fs: Scanning with blocksize 2048 failed [ 487.274340][T14219] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 487.759785][T14225] loop0: detected capacity change from 0 to 128 [ 487.884642][T14227] loop1: detected capacity change from 0 to 2048 [ 488.134058][T14231] loop1: detected capacity change from 0 to 128 [ 488.405630][T14236] loop1: detected capacity change from 0 to 512 [ 488.417088][T14237] loop2: detected capacity change from 0 to 512 [ 488.426036][T14234] loop3: detected capacity change from 0 to 256 [ 488.708894][T14243] loop3: detected capacity change from 0 to 512 [ 490.200666][T14242] loop2: detected capacity change from 0 to 65536 [ 490.251630][T14242] XFS (loop2): Deprecated V4 format (crc=0) not supported by kernel. [ 491.073743][T14264] loop4: detected capacity change from 0 to 4096 [ 491.110482][T14264] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found [ 491.138632][T14264] UDF-fs: Scanning with blocksize 512 failed [ 491.186679][T14264] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 491.776633][T14278] ÿ: renamed from bond_slave_0 (while UP) [ 491.916143][T14280] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found [ 491.934132][T14280] UDF-fs: Scanning with blocksize 512 failed [ 491.979737][T14280] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 492.277791][T14288] netlink: 'syz.4.3519': attribute type 1 has an invalid length. [ 492.508730][ T5939] usb 1-1: new high-speed USB device number 107 using dummy_hcd [ 492.563321][T14294] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 492.570982][T14294] IPv6: NLM_F_CREATE should be set when creating new route [ 492.578398][T14294] IPv6: NLM_F_CREATE should be set when creating new route [ 492.695955][ T5939] usb 1-1: unable to get BOS descriptor or descriptor too short [ 492.705226][ T5939] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 492.729196][ T5939] usb 1-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 492.751005][ T5939] usb 1-1: config 1 has no interface number 1 [ 492.772229][ T5939] usb 1-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 492.796544][ T5939] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 492.818181][ T5939] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 492.830953][ T5939] usb 1-1: Product: syz [ 492.835164][ T5939] usb 1-1: Manufacturer: syz [ 492.851562][ T5939] usb 1-1: SerialNumber: syz [ 493.144433][ T5939] usb 1-1: 2:1 : invalid UAC_AS_GENERAL desc [ 493.284780][ T5939] usb 1-1: USB disconnect, device number 107 [ 493.355676][ T6108] udevd[6108]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 493.475307][T14323] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3538'. [ 493.487454][T14324] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3539'. [ 494.066616][T14344] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3549'. [ 494.143869][T14348] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3550'. [ 494.268708][T14350] set_capacity_and_notify: 1 callbacks suppressed [ 494.268731][T14350] loop2: detected capacity change from 0 to 512 [ 494.366111][T14350] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 494.402732][T14327] loop4: detected capacity change from 0 to 32768 [ 494.410805][T14327] xfs: Deprecated parameter 'noikeep' [ 494.473381][T14350] EXT4-fs error (device loop2): ext4_validate_block_bitmap:423: comm syz.2.3552: bg 0: bad block bitmap checksum [ 494.521703][T14327] XFS: noikeep mount option is deprecated. [ 494.582889][T14327] XFS (loop4): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 494.592454][T14350] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6687: Filesystem failed CRC [ 494.674133][T14334] loop0: detected capacity change from 0 to 32768 [ 494.751990][T14327] XFS (loop4): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 494.808062][ T5853] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 494.893041][ T5921] usb 4-1: new high-speed USB device number 105 using dummy_hcd [ 494.903091][T14327] XFS (loop4): Starting recovery (logdev: internal) [ 494.947986][T14327] XFS (loop4): Ending recovery (logdev: internal) [ 495.005694][T14327] XFS: no-recovery mounts must be read-only. [ 495.065867][ T5851] XFS (loop4): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 495.088053][ T5921] usb 4-1: Using ep0 maxpacket: 8 [ 495.095750][ T5921] usb 4-1: config 0 has an invalid interface number: 55 but max is 0 [ 495.113034][ T5921] usb 4-1: config 0 has no interface number 0 [ 495.141121][ T5921] usb 4-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 495.159998][T14379] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3562'. [ 495.192934][ T5921] usb 4-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 495.239075][ T5921] usb 4-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 495.282762][ T5921] usb 4-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 495.329241][T14382] netlink: 300 bytes leftover after parsing attributes in process `syz.0.3560'. [ 495.345048][ T5921] usb 4-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 495.394945][ T5921] usb 4-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 495.415525][ T5921] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 495.438287][ T5921] usb 4-1: config 0 descriptor?? [ 495.516747][ T5921] ldusb 4-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 495.524734][T14385] ip6t_REJECT: ECHOREPLY is not supported [ 495.655446][T14389] Illegal XDP return value 4294967274 on prog (id 260) dev N/A, expect packet loss! [ 495.684126][T14367] ldusb 4-1:0.55: Couldn't submit interrupt_in_urb -90 [ 495.693654][ T5939] usb 4-1: USB disconnect, device number 105 [ 495.715557][ T5939] ldusb 4-1:0.55: LD USB Device #0 now disconnected [ 495.776314][T14394] netlink: 'syz.1.3568': attribute type 1 has an invalid length. [ 495.818912][T14394] netlink: 224 bytes leftover after parsing attributes in process `syz.1.3568'. [ 495.941363][T14398] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3570'. [ 496.127106][T14406] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 496.138972][T14410] loop2: detected capacity change from 0 to 256 [ 496.232635][T14410] exFAT-fs (loop2): failed to load upcase table (idx : 0x0001ff53, chksum : 0xd72bb7d8, utbl_chksum : 0xe619d30d) [ 496.800185][T14428] netlink: 'syz.2.3585': attribute type 1 has an invalid length. [ 497.042032][T14436] netlink: 'syz.2.3589': attribute type 2 has an invalid length. [ 497.061087][T14436] netlink: 'syz.2.3589': attribute type 2 has an invalid length. [ 497.308693][T14416] loop3: detected capacity change from 0 to 32768 [ 497.371818][T14416] XFS (loop3): DAX unsupported by block device. Turning off DAX. [ 497.420216][T14416] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 497.531645][T14416] XFS (loop3): Ending clean mount [ 497.551245][ T5921] usb 5-1: new high-speed USB device number 67 using dummy_hcd [ 497.564914][T14416] XFS (loop3): Quotacheck needed: Please wait. [ 497.616678][ T1035] XFS (loop3): Metadata corruption detected at xfs_dinode_verify+0x1a9/0x1590, inode 0x1143 dinode [ 497.639883][T14402] loop0: detected capacity change from 0 to 65536 [ 497.648909][ T1035] XFS (loop3): Unmount and run xfs_repair [ 497.670479][ T1035] XFS (loop3): First 128 bytes of corrupted metadata buffer: [ 497.704469][ T1035] 00000000: 49 4e 41 ed 03 01 00 00 00 00 00 00 00 00 00 00 INA............. [ 497.715523][ T1035] 00000010: 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 497.724592][ T1035] 00000020: 34 f7 58 68 a5 a5 b6 11 34 f7 58 68 a5 a5 b6 11 4.Xh....4.Xh.... [ 497.732858][T14402] XFS (loop0): Mounting V5 Filesystem 6653b971-41ab-480a-bd7b-5ff79b9409b5 [ 497.742635][ T5921] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 497.753601][ T1035] 00000030: 34 f7 58 68 a5 a5 b6 11 00 00 00 00 00 00 00 20 4.Xh........... [ 497.762660][ T5921] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 3 [ 497.772072][ T1035] 00000040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 497.781600][ T5921] usb 5-1: New USB device found, idVendor=0000, idProduct=0000, bcdDevice= 0.00 [ 497.791138][ T5921] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 497.802679][ T5921] usb 5-1: config 0 descriptor?? [ 497.813548][ T5921] gspca_main: spca501-2.14.0 probing 0000:0000 [ 497.814051][ T1035] 00000050: 00 00 00 02 00 00 00 00 00 00 00 00 3f 08 c9 94 ............?... [ 497.828715][ T1035] 00000060: ff ff ff ff 49 55 aa 1c 00 00 00 00 00 00 00 04 ....IU.......... [ 497.837634][ T1035] 00000070: 00 00 00 01 00 00 00 10 00 00 00 00 00 00 00 08 ................ [ 497.848089][ T1035] loop3: lost file I/O error report for ino 0 type 5 pos 0x0 len 0x0 error -117 [ 497.893824][T14416] XFS (loop3): Quotacheck: Unsuccessful (Error -117): Disabling quotas. [ 497.997724][T14402] XFS (loop0): Ending clean mount [ 498.004749][T14416] loop3: lost filesystem error report for type 5 error -117 [ 498.135046][ T5837] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 498.174645][ T5836] XFS (loop0): Unmounting Filesystem 6653b971-41ab-480a-bd7b-5ff79b9409b5 [ 498.188679][ T5837] XFS (loop3): Uncorrected metadata errors detected; please run xfs_repair. [ 498.245082][ T5921] gspca_spca501: reg write: error -71 [ 498.270115][ T5921] spca501 5-1:0.0: Reg write failed for 0x02,0xa048,0x00 [ 498.313203][ T5921] spca501 5-1:0.0: probe with driver spca501 failed with error -22 [ 498.338942][ T5921] usb 5-1: USB disconnect, device number 67 [ 498.423448][T14480] loop0: detected capacity change from 0 to 512 [ 498.474617][T14480] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended [ 498.528684][T14480] EXT4-fs warning (device loop0): ext4_update_dynamic_rev:1142: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 498.551046][T14480] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.3604: bg 0: block 248: padding at end of block bitmap is not set [ 498.647166][T14480] loop0: lost filesystem error report for type 5 error -117 [ 498.656077][ C0] EXT4-fs (loop0): error count since last fsck: 1 [ 498.669928][ C0] EXT4-fs (loop0): last error at time 1788339079: ext4_validate_block_bitmap:441 [ 498.679448][T14480] Quota error (device loop0): write_blk: dquota write failed [ 498.686947][T14480] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota [ 498.740631][T14480] EXT4-fs error (device loop0): ext4_acquire_dquot:7003: comm syz.0.3604: Failed to acquire dquot type 1 [ 498.780717][T14480] loop0: lost filesystem error report for type 5 error -117 [ 498.782293][T14480] EXT4-fs (loop0): 1 truncate cleaned up [ 498.807991][T14480] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0008-000000000000 r/w without journal. Quota mode: writeback. [ 498.955238][T14480] EXT4-fs error (device loop0): ext4_lookup:1789: inode #2: comm syz.0.3604: deleted inode referenced: 12 [ 499.205418][ T5836] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0008-000000000000. [ 499.229965][T14502] cgroup: Need name or subsystem set [ 499.714528][ T5921] usb 5-1: new full-speed USB device number 68 using dummy_hcd [ 499.787109][T14527] loop1: detected capacity change from 0 to 16 [ 499.814715][T14527] erofs (device loop1): mounted with root inode @ nid 36. [ 499.933609][ T5921] usb 5-1: unable to get BOS descriptor or descriptor too short [ 499.962939][ T5921] usb 5-1: not running at top speed; connect to a high speed hub [ 499.986711][ T5921] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 500.003524][ T5921] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 500.050104][ T5921] usb 5-1: string descriptor 0 read error: -22 [ 500.065601][ T5921] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 500.099573][ T5921] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 500.150485][ T5921] usb 5-1: 0:2 : does not exist [ 500.253492][T14540] ip6gre1: entered promiscuous mode [ 500.276168][T14540] ip6gre1: entered allmulticast mode [ 500.342819][T14542] loop3: detected capacity change from 0 to 4096 [ 500.416969][T14548] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 500.425128][ T5921] usb 5-1: 5:0: failed to get current value for ch 0 (-22) [ 500.463939][ T29] audit: type=1326 audit(1788339081.598:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14550 comm="syz.0.3636" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f91ce99c629 code=0x7ffc0000 [ 500.464203][ T29] audit: type=1326 audit(1788339081.607:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14550 comm="syz.0.3636" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f91ce99c629 code=0x7ffc0000 [ 500.472464][ T5921] usb 5-1: 5:0: cannot get min/max values for control 2 (id 5) [ 500.474378][ T29] audit: type=1326 audit(1788339081.617:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14550 comm="syz.0.3636" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f91ce99c629 code=0x7ffc0000 [ 500.475382][ T29] audit: type=1326 audit(1788339081.617:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14550 comm="syz.0.3636" exe="/root/syz-executor" sig=0 arch=c000003e syscall=239 compat=0 ip=0x7f91ce99c629 code=0x7ffc0000 [ 500.475601][ T29] audit: type=1326 audit(1788339081.617:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14550 comm="syz.0.3636" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f91ce99c629 code=0x7ffc0000 [ 500.475923][ T29] audit: type=1326 audit(1788339081.617:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14550 comm="syz.0.3636" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f91ce99c629 code=0x7ffc0000 [ 500.476597][ T29] audit: type=1326 audit(1788339081.617:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14550 comm="syz.0.3636" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f91ce99c629 code=0x7ffc0000 [ 500.479357][ T29] audit: type=1326 audit(1788339081.617:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14550 comm="syz.0.3636" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f91ce99c629 code=0x7ffc0000 [ 500.490344][ T5921] usb 5-1: 5:0: cannot get min/max values for control 3 (id 5) [ 500.508844][ T5921] usb 5-1: 5:0: failed to get current value for ch 1 (-22) [ 500.607809][ T5921] usb 5-1: 5:0: cannot get min/max values for control 3 (id 5) [ 500.683168][T14553] vivid-000: ================= START STATUS ================= [ 500.683247][T14553] vivid-000: Radio HW Seek Mode: Bounded [ 500.683316][T14553] vivid-000: Radio Programmable HW Seek: false [ 500.683343][T14553] vivid-000: RDS Rx I/O Mode: Block I/O [ 500.683368][T14553] vivid-000: Generate RBDS Instead of RDS: false [ 500.683397][T14553] vivid-000: RDS Reception: true [ 500.683421][T14553] vivid-000: RDS Program Type: 0 inactive [ 500.683454][T14553] vivid-000: RDS PS Name: inactive [ 500.683559][T14553] vivid-000: RDS Radio Text: inactive [ 500.683592][T14553] vivid-000: RDS Traffic Announcement: false inactive [ 500.683625][T14553] vivid-000: RDS Traffic Program: false inactive [ 500.683658][T14553] vivid-000: RDS Music: false inactive [ 500.683689][T14553] vivid-000: ================== END STATUS ================== [ 500.689077][ T5921] usb 5-1: 5:0: cannot get min/max values for control 2 (id 5) [ 500.771641][ T5921] usb 5-1: USB disconnect, device number 68 [ 501.317580][T14571] tmpfs: Bad value for 'mpol' [ 502.205759][T14591] loop3: detected capacity change from 0 to 4096 [ 502.242588][T14591] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512). [ 502.262180][T14577] loop4: detected capacity change from 0 to 32768 [ 502.290049][T14602] netlink: 288 bytes leftover after parsing attributes in process `syz.2.3661'. [ 502.343840][T14577] add_index: next_index = 0. Resetting! [ 502.389928][T14577] find_entry called with index >= next_index [ 502.439130][T14577] find_entry called with index >= next_index [ 502.581992][T14608] netlink: 96 bytes leftover after parsing attributes in process `syz.2.3664'. [ 503.010842][T14624] loop2: detected capacity change from 0 to 16 [ 503.047846][T14624] erofs (device loop2): mounted with root inode @ nid 36. [ 503.085965][T14624] syz.2.3673: attempt to access beyond end of device [ 503.085965][T14624] loop2: rw=0, sector=301990144, nr_sectors = 257 limit=16 [ 503.124838][ T5939] usb 1-1: new full-speed USB device number 108 using dummy_hcd [ 503.146760][T14624] syz.2.3673: attempt to access beyond end of device [ 503.146760][T14624] loop2: rw=0, sector=301990400, nr_sectors = 1 limit=16 [ 503.215638][T14624] erofs (device loop2): read error -5 @ 0 of nid 36 [ 503.307444][ T5939] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 503.370725][ T5939] usb 1-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 503.379205][T14636] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 503.402938][T14634] loop4: detected capacity change from 0 to 4096 [ 503.425013][ T5939] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 503.470583][ T5939] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 503.505171][ T5939] usb 1-1: SerialNumber: syz [ 503.821708][ T5939] usb 1-1: USB disconnect, device number 108 [ 504.142415][T14664] loop4: detected capacity change from 0 to 4096 [ 504.176450][T14664] NILFS error (device loop4): nilfs_bmap_lookup_at_level: broken bmap (inode number=6) [ 504.186376][T14665] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 504.218676][T14664] NILFS (loop4): mounting fs with errors [ 504.285172][T14664] NILFS error (device loop4): nilfs_check_folio: bad entry in directory #2: disallowed inode number - offset=32, inode=9, rec_len=24, name_len=6 [ 504.608525][T14677] netlink: 'syz.4.3698': attribute type 3 has an invalid length. [ 505.047527][T14691] loop4: detected capacity change from 0 to 764 [ 505.070841][T14690] loop1: detected capacity change from 0 to 512 [ 505.078188][T14690] EXT4-fs: Ignoring removed nobh option [ 505.095387][T14688] loop2: detected capacity change from 0 to 1764 [ 505.145831][T14690] EXT4-fs: user quota file already specified [ 505.202670][T14690] loop1: detected capacity change from 0 to 256 [ 505.263831][T14690] exfat: Deprecated parameter 'namecase' [ 505.306679][T14690] exfat: Deprecated parameter 'namecase' [ 505.351973][T14690] exFAT-fs (loop1): Medium has reported failures. Some data may be lost. [ 505.455965][T14690] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x7f1fc68d, utbl_chksum : 0xe619d30d) [ 505.733446][T14707] netlink: 'syz.1.3712': attribute type 10 has an invalid length. [ 505.741383][T14707] netlink: 2 bytes leftover after parsing attributes in process `syz.1.3712'. [ 505.762814][T14709] ptrace attach of "./syz-executor exec"[5836] was attempted by " Œ Ðÿ ð¥ Àÿ Àÿ Ðÿ À• ðÿ °ÿ Àÿ ÿÿÿÿ"[14709] [ 505.820403][T14707] bond0: entered promiscuous mode [ 505.883320][T14707] bond_slave_0: entered promiscuous mode [ 505.903427][T14707] bond_slave_1: entered promiscuous mode [ 505.914784][T14707] bridge0: port 3(bond0) entered blocking state [ 505.923559][T14713] loop3: detected capacity change from 0 to 16 [ 505.942432][T14707] bridge0: port 3(bond0) entered disabled state [ 505.951516][T14707] bond0: entered allmulticast mode [ 505.956802][T14707] bond_slave_0: entered allmulticast mode [ 505.963909][T14713] MTD: Attempt to mount non-MTD device "/dev/loop3" [ 505.975532][T14707] bond_slave_1: entered allmulticast mode [ 505.981729][T14713] cramfs: empty filesystem [ 506.004583][T14707] bridge0: port 3(bond0) entered blocking state [ 506.011590][T14707] bridge0: port 3(bond0) entered forwarding state [ 506.178401][T14719] netlink: 'syz.3.3718': attribute type 11 has an invalid length. [ 506.218492][T14719] netlink: 140 bytes leftover after parsing attributes in process `syz.3.3718'. [ 506.231976][T14723] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT [ 506.286716][T14722] m1Ie5nè‹Ò: entered promiscuous mode [ 506.595538][T14737] veth1: entered promiscuous mode [ 506.783237][T14744] loop3: detected capacity change from 0 to 4096 [ 506.802704][T14749] netlink: 92 bytes leftover after parsing attributes in process `syz.1.3732'. [ 506.838184][T14744] ntfs3(loop3): Different NTFS sector size (2048) and media sector size (512). [ 507.002321][T14744] ntfs3(loop3): Failed to initialize $Extend/$ObjId. [ 507.316149][ T5931] usb 3-1: new high-speed USB device number 110 using dummy_hcd [ 507.520662][ T5931] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 507.533947][ T5931] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0 [ 507.559660][ T5931] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 507.612527][T14781] netlink: 'syz.0.3748': attribute type 29 has an invalid length. [ 507.620602][ T5931] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x89 has invalid maxpacket 0 [ 507.631878][T14781] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3748'. [ 507.658296][ T5931] usb 3-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b [ 507.689048][ T5931] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 507.714648][ T5931] usb 3-1: config 0 descriptor?? [ 507.936547][T14793] loop3: detected capacity change from 0 to 764 [ 507.986082][ T5931] hdpvr 3-1:0.0: firmware version 0x15 dated Š–¸&S¶3;¨“Ãx&X^„œ wÒΖŠ g/ƒ µn#»† [ 508.004952][T14793] syz.3.3754: attempt to access beyond end of device [ 508.004952][T14793] loop3: rw=524288, sector=872, nr_sectors = 256 limit=764 [ 508.056585][T14793] syz.3.3754: attempt to access beyond end of device [ 508.056585][T14793] loop3: rw=524288, sector=1128, nr_sectors = 256 limit=764 [ 508.115362][T14793] syz.3.3754: attempt to access beyond end of device [ 508.115362][T14793] loop3: rw=8388608, sector=872, nr_sectors = 8 limit=764 [ 508.163154][T14801] netlink: 'syz.4.3758': attribute type 1 has an invalid length. [ 508.172896][ T29] kauditd_printk_skb: 10 callbacks suppressed [ 508.172917][ T29] audit: type=1800 audit(1788339088.819:38): pid=14793 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.3754" name="file1" dev="loop3" ino=1807 res=0 errno=0 [ 508.180979][T14801] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3758'. [ 508.215590][ T5931] hdpvr 3-1:0.0: device init failed [ 508.220917][ T5931] hdpvr 3-1:0.0: probe with driver hdpvr failed with error -12 [ 508.275531][ T5931] usb 3-1: USB disconnect, device number 110 [ 508.310500][T14805] xt_CT: You must specify a L4 protocol and not use inversions on it [ 508.903610][T14831] overlayfs: missing 'workdir' [ 509.026637][T14835] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 509.149297][T14843] netdevsim netdevsim2 netdevsim0: entered promiscuous mode [ 509.208588][T14843] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 509.427577][T14854] veth1: entered promiscuous mode [ 509.462532][T14855] netlink: 'syz.3.3783': attribute type 1 has an invalid length. [ 509.533984][T14855] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3783'. [ 509.650019][T14864] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3790'. [ 509.861849][T14874] loop1: detected capacity change from 0 to 512 [ 509.941686][T14874] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #11: comm syz.1.3794: invalid indirect mapped block 4294967295 (level 1) [ 509.964479][T14874] loop1: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117 [ 509.965884][T14874] EXT4-fs (loop1): Remounting filesystem read-only [ 509.975218][ C1] EXT4-fs (loop1): error count since last fsck: 1 [ 509.975243][ C1] EXT4-fs (loop1): initial error at time 1788339090: ext4_free_branches:1023: inode 11 [ 509.975279][ C1] EXT4-fs (loop1): last error at time 1788339090: ext4_free_branches:1023: inode 11 [ 510.010416][T14874] EXT4-fs (loop1): 2 truncates cleaned up [ 510.018054][T14874] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 510.158241][ T5839] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 510.188447][T14884] loop3: detected capacity change from 0 to 1024 [ 510.366319][ T5837] hfsplus: bad catalog entry type [ 510.782384][ T12] hfsplus: b-tree write err: -5, ino 25 [ 510.782634][ T12] hfsplus: b-tree write err: -5, ino 4 [ 510.782761][ T12] hfsplus: b-tree write err: -5, ino 2 [ 511.030708][ T169] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 511.143658][ T169] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 511.280380][ T169] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 511.411185][T14923] netlink: 7064 bytes leftover after parsing attributes in process `syz.4.3820'. [ 511.437786][T14923] openvswitch: netlink: Missing key (keys=40, expected=200000) [ 511.495566][ T5921] usb 1-1: new high-speed USB device number 109 using dummy_hcd [ 511.508998][ T169] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 511.595999][T14927] loop2: detected capacity change from 0 to 512 [ 511.633336][ T5849] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 511.655781][ T5849] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 511.664860][ T5849] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 511.677567][ T5849] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 511.689408][ T5921] usb 1-1: Using ep0 maxpacket: 32 [ 511.694704][ T5849] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 511.720376][T14927] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -2 [ 511.732733][ T5921] usb 1-1: config 0 has an invalid interface number: 146 but max is 0 [ 511.747351][ T5921] usb 1-1: config 0 has no interface number 0 [ 511.755174][ T5921] usb 1-1: config 0 interface 146 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 511.766503][ T5921] usb 1-1: config 0 interface 146 altsetting 0 has an endpoint descriptor with address 0xE3, changing to 0x83 [ 511.778683][ T5921] usb 1-1: config 0 interface 146 altsetting 0 endpoint 0x83 has invalid maxpacket 33307, setting to 1024 [ 511.790435][ T5921] usb 1-1: config 0 interface 146 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024 [ 511.801046][ T5921] usb 1-1: config 0 interface 146 altsetting 0 has an endpoint descriptor with address 0xF2, changing to 0x82 [ 511.814708][ T5921] usb 1-1: config 0 interface 146 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 511.826086][T14927] EXT4-fs (loop2): 1 truncate cleaned up [ 511.850508][ T5921] usb 1-1: config 0 interface 146 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 511.872557][T14927] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 511.886238][ T5921] usb 1-1: config 0 interface 146 altsetting 0 endpoint 0x1 has invalid maxpacket 29557, setting to 1024 [ 511.930404][ T5921] usb 1-1: config 0 interface 146 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 1024 [ 511.962500][ T5921] usb 1-1: config 0 interface 146 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3 [ 511.975806][T14927] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000. [ 512.008740][ T5939] usb 5-1: new high-speed USB device number 69 using dummy_hcd [ 512.040925][ T5921] usb 1-1: New USB device found, idVendor=05da, idProduct=009a, bcdDevice=62.95 [ 512.074695][ T5921] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 512.101111][ T5921] usb 1-1: Product: syz [ 512.111478][ T5921] usb 1-1: Manufacturer: syz [ 512.116528][ T5921] usb 1-1: SerialNumber: syz [ 512.122895][ T5853] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 512.146578][ T5921] usb 1-1: config 0 descriptor?? [ 512.165938][T14921] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 512.174100][T14921] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 512.194920][ T5921] microtek usb (rev 0.4.3): will this work? Response EP is not usually 3 [ 512.204901][ T5921] microtek usb (rev 0.4.3): will this work? Image data EP is not usually 2 [ 512.235909][ T5921] scsi host1: microtekX6 [ 512.250520][ T5939] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 512.268074][ T169] bridge_slave_1: left allmulticast mode [ 512.292280][ T169] bridge_slave_1: left promiscuous mode [ 512.299809][ T5939] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 512.307864][ T5939] usb 5-1: Product: syz [ 512.337520][ T169] bridge0: port 2(bridge_slave_1) entered disabled state [ 512.363370][ T5939] usb 5-1: Manufacturer: syz [ 512.368083][ T5939] usb 5-1: SerialNumber: syz [ 512.392629][ T169] bridge_slave_0: left allmulticast mode [ 512.412696][ T5939] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 512.421892][ T169] bridge_slave_0: left promiscuous mode [ 512.439790][ T169] bridge0: port 1(bridge_slave_0) entered disabled state [ 512.478178][ T5855] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 512.537467][ T5954] usb 1-1: USB disconnect, device number 109 [ 512.579161][ T9] usb 3-1: new high-speed USB device number 111 using dummy_hcd [ 512.780155][ T9] usb 3-1: New USB device found, idVendor=0c45, idProduct=6005, bcdDevice=b5.55 [ 512.794058][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 512.803387][ T9] usb 3-1: Product: syz [ 512.812085][ T9] usb 3-1: Manufacturer: syz [ 512.816896][ T9] usb 3-1: SerialNumber: syz [ 512.828565][ T9] usb 3-1: config 0 descriptor?? [ 512.839012][T14956] tmpfs: Bad value for 'mpol' [ 512.848221][ T9] gspca_main: sonixb-2.14.0 probing 0c45:6005 [ 512.989598][ T5900] usb 5-1: USB disconnect, device number 69 [ 513.279648][ T9] usb 3-1: USB disconnect, device number 111 [ 513.284253][ T169] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 513.325456][ T169] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 513.371035][ T169] bond0 (unregistering): Released all slaves [ 513.688880][ T5855] ath9k_htc 5-1:1.0: ath9k_htc: Target is unresponsive [ 513.701750][ T5855] ath9k_htc: Failed to initialize the device [ 513.715593][ T5900] usb 5-1: ath9k_htc: USB layer deinitialized [ 513.795499][T14981] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 513.858893][ T5849] Bluetooth: hci1: command tx timeout [ 514.109370][T14992] loop0: detected capacity change from 0 to 256 [ 514.269579][T14972] loop1: detected capacity change from 0 to 32768 [ 514.278086][T14997] netlink: 'syz.2.3843': attribute type 1 has an invalid length. [ 514.287585][T14930] chnl_net:caif_netlink_parms(): no params data found [ 514.394002][T14972] JBD2: Ignoring recovery information on journal [ 514.546603][ T169] hsr_slave_0: left promiscuous mode [ 514.589150][T14972] ocfs2: Mounting device (7,1) on (node local, slot 0) with writeback data mode. [ 514.629293][ T169] hsr_slave_1: left promiscuous mode [ 514.636011][ T169] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 514.659848][ T169] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 514.688486][ T169] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 514.721646][ T169] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 514.793819][ T5839] ocfs2: Unmounting device (7,1) on (node local) [ 514.854249][ T169] veth1_macvtap: left promiscuous mode [ 514.871612][ T169] veth0_macvtap: left promiscuous mode [ 514.917135][ T169] veth1_vlan: left promiscuous mode [ 514.926249][ T169] veth0_vlan: left promiscuous mode [ 515.093236][T15019] loop1: detected capacity change from 0 to 4096 [ 515.105309][T15019] ntfs3(loop1): Different NTFS sector size (4096) and media sector size (512). [ 515.180962][T15019] ntfs3(loop1): ino=19, mi_enum_attr [ 515.264081][T15024] loop4: detected capacity change from 0 to 4096 [ 515.282033][T15019] ntfs3(loop1): failed to convert "c46c" to iso8859-14 [ 515.324029][T15019] ntfs3(loop1): ino=20, mi_enum_attr [ 515.405806][T15024] ntfs3(loop4): ino=5, "/" indx_read_ra [ 515.602377][ T29] audit: type=1326 audit(1788339095.769:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15032 comm="syz.1.3854" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f192959c629 code=0x7ffc0000 [ 515.678184][ T29] audit: type=1326 audit(1788339095.769:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15032 comm="syz.1.3854" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f192959c629 code=0x7ffc0000 [ 515.751104][ T29] audit: type=1326 audit(1788339095.797:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15032 comm="syz.1.3854" exe="/root/syz-executor" sig=0 arch=c000003e syscall=135 compat=0 ip=0x7f192959c629 code=0x7ffc0000 [ 515.777946][T15038] comedi comedi0: pcl726: I/O port conflict (0x7,16) [ 515.809458][ T29] audit: type=1326 audit(1788339095.797:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15032 comm="syz.1.3854" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f192959c629 code=0x7ffc0000 [ 515.884565][ T29] audit: type=1326 audit(1788339095.797:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15032 comm="syz.1.3854" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f192959c629 code=0x7ffc0000 [ 515.920129][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 515.926620][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 516.082278][ T5849] Bluetooth: hci1: command tx timeout [ 516.321106][T15036] loop4: detected capacity change from 0 to 32768 [ 516.334180][ T169] team0 (unregistering): Port device team_slave_1 removed [ 516.349752][T15036] (syz.4.3856,15036,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 516.399809][T15036] (syz.4.3856,15036,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 516.426222][ T169] team0 (unregistering): Port device team_slave_0 removed [ 516.463129][T15051] loop1: detected capacity change from 0 to 4096 [ 516.477630][T15036] JBD2: Ignoring recovery information on journal [ 516.486986][T15051] ntfs3(loop1): Different NTFS sector size (4096) and media sector size (512). [ 516.556125][T15036] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 516.760268][T15057] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 516.829620][T15005] mac80211_hwsim hwsim7 wlan1: entered promiscuous mode [ 516.841195][T15005] mac80211_hwsim hwsim7 wlan1: entered allmulticast mode [ 516.967004][ T5851] ocfs2: Unmounting device (7,4) on (node local) [ 517.036867][T15063] xt_CT: You must specify a L4 protocol and not use inversions on it [ 517.247975][T14930] bridge0: port 1(bridge_slave_0) entered blocking state [ 517.255375][T14930] bridge0: port 1(bridge_slave_0) entered disabled state [ 517.311580][T14930] bridge_slave_0: entered allmulticast mode [ 517.320167][T14930] bridge_slave_0: entered promiscuous mode [ 517.388445][T14930] bridge0: port 2(bridge_slave_1) entered blocking state [ 517.401856][T14930] bridge0: port 2(bridge_slave_1) entered disabled state [ 517.440671][T14930] bridge_slave_1: entered allmulticast mode [ 517.449385][T14930] bridge_slave_1: entered promiscuous mode [ 517.634686][T15085] overlayfs: workdir and upperdir must be separate subtrees [ 517.692333][T14930] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 517.731356][T14930] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 517.845765][ T9] usb 5-1: new high-speed USB device number 70 using dummy_hcd [ 517.901840][T15098] loop1: detected capacity change from 0 to 8 [ 517.935308][T15098] Page size > filesystem block size (0). This is currently not supported! [ 518.042481][ T9] usb 5-1: Using ep0 maxpacket: 16 [ 518.063165][T14930] team0: Port device team_slave_0 added [ 518.069007][ T9] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 518.111840][ T9] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 518.133518][T14930] team0: Port device team_slave_1 added [ 518.162823][ T9] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 518.202074][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 518.217953][ T9] usb 5-1: Product: syz [ 518.241338][ T9] usb 5-1: Manufacturer: syz [ 518.246016][ T9] usb 5-1: SerialNumber: syz [ 518.305897][ T5849] Bluetooth: hci1: command tx timeout [ 518.327625][T14930] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 518.334804][T14930] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 518.361552][T14930] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 518.376533][T14930] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 518.383957][T14930] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 518.410482][T14930] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 518.475583][T15109] overlayfs: conflicting options: metacopy=on,redirect_dir=follow [ 518.576170][ T9] usb 5-1: 0:2 : does not exist [ 518.588247][ T9] usb 5-1: unit 3 not found! [ 518.764979][T14930] hsr_slave_0: entered promiscuous mode [ 518.789488][ T9] usb 5-1: USB disconnect, device number 70 [ 518.809899][T14930] hsr_slave_1: entered promiscuous mode [ 518.869436][T14930] debugfs: 'hsr0' already exists in 'hsr' [ 518.916965][T14930] Cannot create hsr debugfs directory [ 519.049419][T15118] netlink: 'syz.1.3884': attribute type 11 has an invalid length. [ 519.070176][T15118] netlink: 'syz.1.3884': attribute type 5 has an invalid length. [ 519.299689][ T29] audit: type=1326 audit(1788339099.202:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15125 comm="syz.1.3888" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f192959c629 code=0x7ffc0000 [ 519.384222][ T29] audit: type=1326 audit(1788339099.202:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15125 comm="syz.1.3888" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f192959c629 code=0x7ffc0000 [ 519.488991][ T29] audit: type=1326 audit(1788339099.258:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15125 comm="syz.1.3888" exe="/root/syz-executor" sig=0 arch=c000003e syscall=108 compat=0 ip=0x7f192959c629 code=0x7ffc0000 [ 519.610086][ T29] audit: type=1326 audit(1788339099.258:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15125 comm="syz.1.3888" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f192959c629 code=0x7ffc0000 [ 519.716601][ T29] audit: type=1326 audit(1788339099.258:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15125 comm="syz.1.3888" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f192959c629 code=0x7ffc0000 [ 519.774435][T15142] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3896'. [ 520.040486][T15155] netlink: 'syz.1.3900': attribute type 10 has an invalid length. [ 520.160020][T15155] macvlan0: entered promiscuous mode [ 520.176435][T15155] macvlan0: entered allmulticast mode [ 520.219841][T15155] veth1_vlan: entered allmulticast mode [ 520.294816][T15155] bond0: (slave macvlan0): Enslaving as an active interface with an up link [ 520.420204][T14930] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 520.469642][T15168] loop0: detected capacity change from 0 to 256 [ 520.503033][T14930] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 520.529469][ T5849] Bluetooth: hci1: command tx timeout [ 520.546385][T15168] FAT-fs (loop0): Directory bread(block 64) failed [ 520.567774][T15168] FAT-fs (loop0): Directory bread(block 65) failed [ 520.578636][T15168] FAT-fs (loop0): Directory bread(block 66) failed [ 520.597918][T14930] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 520.602958][T15168] FAT-fs (loop0): Directory bread(block 67) failed [ 520.619756][T15168] FAT-fs (loop0): Directory bread(block 68) failed [ 520.626737][T15168] FAT-fs (loop0): Directory bread(block 69) failed [ 520.633501][T15168] FAT-fs (loop0): Directory bread(block 70) failed [ 520.640933][T15168] FAT-fs (loop0): Directory bread(block 71) failed [ 520.649839][T15168] FAT-fs (loop0): Directory bread(block 72) failed [ 520.672177][T14930] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 520.710622][T15168] FAT-fs (loop0): Directory bread(block 73) failed [ 520.765496][ T9] usb 3-1: new high-speed USB device number 112 using dummy_hcd [ 520.836218][T15179] loop4: detected capacity change from 0 to 1024 [ 520.842891][ T5931] IPVS: starting estimator thread 0... [ 520.956834][T15188] IPVS: using max 30 ests per chain, 72000 per kthread [ 520.956836][ T9] usb 3-1: Using ep0 maxpacket: 8 [ 521.003483][ T9] usb 3-1: config 0 has an invalid interface number: 186 but max is 0 [ 521.019024][ T9] usb 3-1: config 0 has no interface number 0 [ 521.041325][T15191] SET target dimension over the limit! [ 521.051245][ T9] usb 3-1: config 0 interface 186 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 521.080797][ T13] hfsplus: b-tree write err: -5, ino 25 [ 521.095416][ T9] usb 3-1: config 0 interface 186 altsetting 0 endpoint 0x1 has an invalid bInterval 18, changing to 8 [ 521.108157][ T13] hfsplus: b-tree write err: -5, ino 4 [ 521.113756][ T13] hfsplus: b-tree write err: -5, ino 2 [ 521.132907][ T9] usb 3-1: config 0 interface 186 altsetting 0 has an endpoint descriptor with address 0x9A, changing to 0x8A [ 521.200993][ T9] usb 3-1: config 0 interface 186 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7 [ 521.246032][T14930] 8021q: adding VLAN 0 to HW filter on device bond0 [ 521.253036][ T9] usb 3-1: config 0 interface 186 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3 [ 521.304154][ T9] usb 3-1: New USB device found, idVendor=07c0, idProduct=1505, bcdDevice=b8.c5 [ 521.315493][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 521.336486][ T9] usb 3-1: Product: syz [ 521.340871][ T9] usb 3-1: Manufacturer: syz [ 521.352800][ T9] usb 3-1: SerialNumber: syz [ 521.378322][ T9] usb 3-1: config 0 descriptor?? [ 521.396148][T14930] 8021q: adding VLAN 0 to HW filter on device team0 [ 521.466811][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 521.474069][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 521.579721][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 521.586999][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 521.642730][ T9] iowarrior 3-1:0.186: IOWarrior product=0x1505, serial=42424242 interface=186 now attached to iowarrior0 [ 521.735877][T15209] netlink: 132 bytes leftover after parsing attributes in process `syz.1.3919'. [ 521.851859][ T9] usb 3-1: USB disconnect, device number 112 [ 521.966064][T15216] loop0: detected capacity change from 0 to 1024 [ 521.988251][T15219] overlayfs: conflicting options: userxattr,metacopy=on [ 522.019237][T15216] hfsplus: inconsistency in B*Tree (1,0,2,1,0) [ 522.033542][T15216] hfsplus: xattr searching failed [ 522.062222][T15216] hfsplus: inconsistency in B*Tree (1,0,2,1,0) [ 522.080560][T15216] hfsplus: xattr searching failed [ 522.199945][ T12] hfsplus: b-tree write err: -5, ino 25 [ 522.211131][ T12] hfsplus: b-tree write err: -5, ino 4 [ 522.216720][ T12] hfsplus: b-tree write err: -5, ino 2 [ 522.263437][ T12] hfsplus: b-tree write err: -5, ino 20 [ 522.606835][T15237] tmpfs: Bad value for 'mpol' [ 522.619242][T14930] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 522.872498][T15252] netlink: 'syz.0.3934': attribute type 1 has an invalid length. [ 522.880303][T15252] netlink: 224 bytes leftover after parsing attributes in process `syz.0.3934'. [ 522.901229][T15254] comedi comedi2: ni_at_a2150: I/O port conflict (0xafff,28) [ 523.184692][T15264] netlink: 21 bytes leftover after parsing attributes in process `syz.1.3938'. [ 523.569922][T15281] __vm_enough_memory: pid: 15281, comm: syz.0.3946, bytes: 4115879641088 not enough memory for the allocation [ 523.651707][ T29] audit: type=1326 audit(1788339103.280:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15284 comm="syz.2.3947" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0505d9c629 code=0x7ffc0000 [ 523.689470][T14930] veth0_vlan: entered promiscuous mode [ 523.721292][ T29] audit: type=1326 audit(1788339103.280:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15284 comm="syz.2.3947" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0505d9c629 code=0x7ffc0000 [ 523.766121][ T29] audit: type=1326 audit(1788339103.337:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15284 comm="syz.2.3947" exe="/root/syz-executor" sig=0 arch=c000003e syscall=242 compat=0 ip=0x7f0505d9c629 code=0x7ffc0000 [ 523.843371][ T29] audit: type=1326 audit(1788339103.337:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15284 comm="syz.2.3947" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0505d9c629 code=0x7ffc0000 [ 523.867472][ T29] audit: type=1326 audit(1788339103.337:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15284 comm="syz.2.3947" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0505d9c629 code=0x7ffc0000 [ 523.911414][T15291] netlink: 'syz.2.3951': attribute type 3 has an invalid length. [ 524.034298][T14930] veth1_vlan: entered promiscuous mode [ 524.048633][T15296] x_tables: unsorted underflow at hook 1 [ 524.170556][T14930] veth0_macvtap: entered promiscuous mode [ 524.191755][T14930] veth1_macvtap: entered promiscuous mode [ 524.230690][T14930] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 524.300317][T14930] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 524.374962][ T169] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 524.417623][ T169] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 524.462419][ T169] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 524.502278][ T169] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 524.527693][T15309] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3960'. [ 524.883973][ T3574] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 524.910764][ T3574] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 525.030817][ T3574] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 525.052416][T15331] netlink: 408 bytes leftover after parsing attributes in process `syz.4.3970'. [ 525.056251][ T3574] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 525.597166][T15354] ieee802154 phy0 wpan0: encryption failed: -22 [ 525.755935][T15362] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 525.988184][T15376] loop0: detected capacity change from 0 to 64 [ 526.072563][T15376] hfs: unable to locate alternate MDB [ 526.116764][T15376] hfs: continuing without an alternate MDB [ 526.259425][ T9] usb 2-1: new high-speed USB device number 108 using dummy_hcd [ 526.456038][ T9] usb 2-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00 [ 526.472632][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 526.507394][ T9] usb 2-1: Product: syz [ 526.511740][ T9] usb 2-1: Manufacturer: syz [ 526.535606][ T9] usb 2-1: SerialNumber: syz [ 526.546818][ T9] usb 2-1: config 0 descriptor?? [ 526.619098][T15398] Cannot find set identified by id 0 to match [ 526.802923][ T9] usb-storage 2-1:0.0: USB Mass Storage device detected [ 527.016488][ T9] usb 2-1: USB disconnect, device number 108 [ 527.136273][T15424] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 527.535003][T15444] loop4: detected capacity change from 0 to 128 [ 527.587283][T15444] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 527.655726][T15444] ext4 filesystem being mounted at /768/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 527.692109][T15444] EXT4-fs warning (device loop4): ext4_dirblock_csum_verify:375: inode #2: comm syz.4.4023: No space for directory leaf checksum. Please run e2fsck -D. [ 527.744492][T15444] EXT4-fs error (device loop4): __ext4_find_entry:1626: inode #2: comm syz.4.4023: checksumming directory block 0 [ 527.860010][ T5851] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 528.097148][T15464] i2c i2c-0: Frontend requested software zigzag, but didn't set the frequency step size [ 528.333410][T15472] warning: `syz.4.4035' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 528.785223][T15493] loop4: detected capacity change from 0 to 512 [ 528.808733][T15493] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 528.846773][ T9] usb 1-1: new high-speed USB device number 110 using dummy_hcd [ 528.859706][T15493] EXT4-fs (loop4): mount failed [ 529.018335][ T5931] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 529.044550][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 529.060189][ T9] usb 1-1: New USB device found, idVendor=2040, idProduct=5530, bcdDevice=a8.82 [ 529.080275][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 529.099495][ T9] usb 1-1: config 0 descriptor?? [ 529.139758][ T9] smsusb:smsusb_probe: board id=8, interface number 0 [ 529.149271][ T9] smsusb:smsusb_probe: Device initialized with return code -19 [ 529.202856][ T5931] usb 6-1: config 0 has an invalid interface number: 106 but max is 0 [ 529.223183][ T5931] usb 6-1: config 0 has an invalid descriptor of length 182, skipping remainder of the config [ 529.254263][T15509] xt_NFQUEUE: number of queues (62232) out of range (got 67565) [ 529.271100][ T5931] usb 6-1: config 0 has no interface number 0 [ 529.282312][ T5931] usb 6-1: config 0 interface 106 altsetting 0 has an endpoint descriptor with address 0xBC, changing to 0x8C [ 529.316794][ T5931] usb 6-1: config 0 interface 106 altsetting 0 endpoint 0x8C has an invalid bInterval 84, changing to 10 [ 529.354101][ T5931] usb 6-1: config 0 interface 106 altsetting 0 endpoint 0x8C has invalid maxpacket 42064, setting to 1024 [ 529.355700][ T5907] usb 1-1: USB disconnect, device number 110 [ 529.398301][ T5931] usb 6-1: config 0 interface 106 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 6 [ 529.423154][ T5931] usb 6-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=df.bb [ 529.451415][ T5931] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 529.497848][ T5931] usb 6-1: config 0 descriptor?? [ 529.523114][T15489] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22 [ 529.561852][ T5931] usb 6-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 529.760713][T15500] loop1: detected capacity change from 0 to 32768 [ 529.787748][ T5931] usb 6-1: USB disconnect, device number 2 [ 529.795378][ T35] usb 6-1: Failed to submit usb control message: -71 [ 529.806147][T15500] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.4048 (15500) [ 529.807580][ T35] usb 6-1: unable to send the bmi data to the device: -71 [ 529.827305][ T35] usb 6-1: unable to get target info from device [ 529.836980][ T35] usb 6-1: could not get target info (-71) [ 529.844800][ T35] usb 6-1: could not probe fw (-71) [ 529.893032][T15500] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 529.921567][T15500] BTRFS info (device loop1): using sha256 checksum algorithm [ 529.977288][T15524] loop2: detected capacity change from 0 to 4096 [ 529.996180][T15524] ntfs3(loop2): Different NTFS sector size (4096) and media sector size (512). [ 530.083512][T15500] BTRFS info (device loop1): enabling ssd optimizations [ 530.123278][T15544] netlink: 'syz.0.4060': attribute type 1 has an invalid length. [ 530.128227][T15500] BTRFS info (device loop1): turning on async discard [ 530.142696][T15544] netlink: 224 bytes leftover after parsing attributes in process `syz.0.4060'. [ 530.160256][T15524] ntfs3(loop2): ino=19, mi_enum_attr [ 530.204325][T15524] ntfs3(loop2): Mark volume as dirty due to NTFS errors [ 530.215283][T15500] BTRFS info (device loop1): enabling free space tree [ 530.339991][T15524] ntfs3(loop2): failed to convert "c46c" to macgreek [ 530.372698][T15524] ntfs3(loop2): ino=20, mi_enum_attr [ 530.479057][ T5839] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 530.850952][T15563] loop2: detected capacity change from 0 to 256 [ 530.864579][T15562] loop5: detected capacity change from 0 to 256 [ 530.904286][T15562] exfat: Deprecated parameter 'namecase' [ 530.945826][T15562] exfat: Deprecated parameter 'utf8' [ 530.973907][T15562] exFAT-fs (loop5): Medium has reported failures. Some data may be lost. [ 531.033742][T15562] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0x5f1fc80d, utbl_chksum : 0xe619d30d) [ 531.251224][ T29] audit: type=1326 audit(1788339110.389:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15570 comm="syz.2.4073" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0505d9c629 code=0x7ffc0000 [ 531.367998][ T29] audit: type=1326 audit(1788339110.389:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15570 comm="syz.2.4073" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0505d9c629 code=0x7ffc0000 [ 531.441561][T15575] netlink: 'syz.1.4075': attribute type 3 has an invalid length. [ 531.478877][T15575] netlink: 'syz.1.4075': attribute type 1 has an invalid length. [ 531.486768][ T29] audit: type=1326 audit(1788339110.455:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15570 comm="syz.2.4073" exe="/root/syz-executor" sig=0 arch=c000003e syscall=106 compat=0 ip=0x7f0505d9c629 code=0x7ffc0000 [ 531.516626][T15578] netlink: 'syz.2.4078': attribute type 1 has an invalid length. [ 531.538709][T15575] netlink: 224 bytes leftover after parsing attributes in process `syz.1.4075'. [ 531.583650][T15575] NCSI netlink: No device for ifindex 0 [ 531.600474][ T29] audit: type=1326 audit(1788339110.455:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15570 comm="syz.2.4073" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0505d9c629 code=0x7ffc0000 [ 531.717413][ T29] audit: type=1326 audit(1788339110.455:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15570 comm="syz.2.4073" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0505d9c629 code=0x7ffc0000 [ 532.117766][ T5931] usb 3-1: new high-speed USB device number 113 using dummy_hcd [ 532.196476][T15569] loop0: detected capacity change from 0 to 32768 [ 532.261643][T15569] XFS (loop0): DAX unsupported by block device. Turning off DAX. [ 532.330014][ T5931] usb 3-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36 [ 532.339723][T15569] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 532.366952][ T5931] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 532.422307][ T5931] usb 3-1: Product: syz [ 532.458647][ T5931] usb 3-1: Manufacturer: syz [ 532.482071][ T5931] usb 3-1: SerialNumber: syz [ 532.496159][T15569] XFS (loop0): Ending clean mount [ 532.503670][ T5931] usb 3-1: config 0 descriptor?? [ 532.511687][ T5931] ch341 3-1:0.0: ch341-uart converter detected [ 532.556748][T15569] XFS (loop0): Quotacheck needed: Please wait. [ 532.688128][T15569] XFS (loop0): Quotacheck: Done. [ 532.886656][ T5836] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 532.961895][ T5931] usb 3-1: failed to send control message: -71 [ 533.006175][ T5931] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -71 [ 533.051219][ T5931] usb 3-1: USB disconnect, device number 113 [ 533.072759][ T5931] ch341 3-1:0.0: device disconnected [ 533.109788][T15627] xt_CT: No such helper "netbios-ns" [ 533.497425][T15642] kAFS: unable to lookup cell '(' [ 533.507273][T15640] loop4: detected capacity change from 0 to 4096 [ 533.538723][T15644] netlink: 232 bytes leftover after parsing attributes in process `syz.0.4099'. [ 533.552591][T15640] ntfs3(loop4): Different NTFS sector size (4096) and media sector size (512). [ 533.699143][T15650] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 533.764135][T15640] ntfs3(loop4): Mark volume as dirty due to NTFS errors [ 533.796163][T15640] ntfs3(loop4): ino=19, mi_enum_attr [ 533.864528][T15640] ntfs3(loop4): failed to convert "c46c" to macgaelic [ 533.916719][T15640] ntfs3(loop4): ino=20, mi_enum_attr [ 533.953674][T15660] IPVS: set_ctl: invalid protocol: 60 0.0.0.0:20000 [ 534.293765][T15675] loop5: detected capacity change from 0 to 256 [ 534.341884][T15675] exfat: Deprecated parameter 'utf8' [ 534.396051][T15675] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0xbe675ead, utbl_chksum : 0xe619d30d) [ 534.475873][T15675] overlay: filesystem on ./file0 not supported [ 534.930185][T15704] loop0: detected capacity change from 0 to 1024 [ 535.007719][T15704] hfsplus: invalid extended attribute record [ 535.038939][T15706] loop1: detected capacity change from 0 to 512 [ 535.059754][T15704] hfsplus: b-tree write err: -5, ino 2 [ 535.210397][ T49] hfsplus: b-tree write err: -5, ino 25 [ 535.250294][ T49] hfsplus: b-tree write err: -5, ino 4 [ 535.277627][ T49] hfsplus: b-tree write err: -5, ino 2 [ 535.758506][T15737] netlink: 'syz.1.4142': attribute type 2 has an invalid length. [ 535.908891][ T5954] IPVS: starting estimator thread 0... [ 536.030523][T15743] IPVS: using max 29 ests per chain, 69600 per kthread [ 536.205265][T15758] loop5: detected capacity change from 0 to 164 [ 536.221813][ T29] audit: type=1326 audit(1788339115.048:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15759 comm="syz.0.4152" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f91ce99c629 code=0x7ffc0000 [ 536.287213][T15758] Symlink component flag not implemented [ 536.315129][T15758] Symlink component flag not implemented (7) [ 536.340509][ T29] audit: type=1326 audit(1788339115.076:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15759 comm="syz.0.4152" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f91ce99c629 code=0x7ffc0000 [ 536.392721][T15764] netlink: 16 bytes leftover after parsing attributes in process `syz.4.4153'. [ 536.440277][ T29] audit: type=1326 audit(1788339115.095:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15759 comm="syz.0.4152" exe="/root/syz-executor" sig=0 arch=c000003e syscall=64 compat=0 ip=0x7f91ce99c629 code=0x7ffc0000 [ 536.536105][ T29] audit: type=1326 audit(1788339115.095:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15759 comm="syz.0.4152" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f91ce99c629 code=0x7ffc0000 [ 536.586761][T15767] openvswitch: netlink: Unexpected mask (mask=240040, allowed=10048) [ 536.659116][ T29] audit: type=1326 audit(1788339115.095:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15759 comm="syz.0.4152" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f91ce99c629 code=0x7ffc0000 [ 536.848000][T15775] netlink: 'syz.4.4157': attribute type 20 has an invalid length. [ 536.878934][T15775] IPv6: NLM_F_CREATE should be specified when creating new route [ 537.151032][T15778] loop5: detected capacity change from 0 to 8192 [ 537.197637][ T6140] loop5: p2 p3 p4[EZD] [ 537.228395][ T6140] loop5: p3 start 360447 is beyond EOD, truncated [ 537.234985][ T6140] loop5: p4 size 262912 extends beyond EOD, truncated [ 537.278716][T15751] loop1: detected capacity change from 0 to 32768 [ 537.291783][T15754] loop2: detected capacity change from 0 to 32768 [ 537.311521][T15754] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.4149 (15754) [ 537.330856][T15751] (syz.1.4148,15751,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 537.352780][T15751] (syz.1.4148,15751,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 537.370309][T15778] loop5: p2 p3 p4[EZD] [ 537.400023][T15754] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 537.411202][ T5900] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 537.419494][T15778] loop5: p3 start 360447 is beyond EOD, truncated [ 537.455064][T15778] loop5: p4 size 262912 extends beyond EOD, truncated [ 537.477258][T15751] JBD2: Ignoring recovery information on journal [ 537.518947][T15754] BTRFS info (device loop2): using sha256 checksum algorithm [ 537.615261][ T5900] usb 6-1: Using ep0 maxpacket: 32 [ 537.622436][T15751] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 537.669680][ T5900] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 537.715212][ T5900] usb 6-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80 [ 537.763240][ T5900] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 537.771300][ T5900] usb 6-1: Product: syz [ 537.812516][T15754] BTRFS info (device loop2): enabling ssd optimizations [ 537.858959][T15754] BTRFS info (device loop2): turning on async discard [ 537.865797][T15754] BTRFS info (device loop2): enabling free space tree [ 537.888287][ T5900] usb 6-1: Manufacturer: syz [ 537.921432][ T5900] usb 6-1: SerialNumber: syz [ 537.973262][ T5900] usb 6-1: config 0 descriptor?? [ 538.024419][ T5900] cdc_ether 6-1:0.0: invalid descriptor buffer length [ 538.079916][ T5900] usb 6-1: bad CDC descriptors [ 538.098971][ T5900] usb 6-1: unsupported MDLM descriptors [ 538.107682][ T5839] ocfs2: Unmounting device (7,1) on (node local) [ 538.188574][ T5853] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 538.245790][ T5900] usb 6-1: USB disconnect, device number 3 [ 538.619419][T15787] loop4: detected capacity change from 0 to 32768 [ 539.274540][T15842] loop0: detected capacity change from 0 to 1024 [ 539.432443][ T5838] udevd[5838]: inotify_add_watch(7, /dev/loop5p4, 10) failed: No such file or directory [ 539.446644][ T5964] udevd[5964]: inotify_add_watch(7, /dev/loop5p2, 10) failed: No such file or directory [ 539.530456][ T35] hfsplus: b-tree write err: -5, ino 25 [ 539.536177][ T35] hfsplus: b-tree write err: -5, ino 4 [ 539.579837][ T35] hfsplus: b-tree write err: -5, ino 2 [ 539.638769][ T35] hfsplus: b-tree write err: -5, ino 17 [ 539.698920][T15855] trusted_key: encrypted_key: hex blob is missing [ 539.825519][T15859] netlink: 992 bytes leftover after parsing attributes in process `syz.4.4180'. [ 540.146800][ T9] usb 3-1: new high-speed USB device number 114 using dummy_hcd [ 540.173194][T15829] loop1: detected capacity change from 0 to 32768 [ 540.209306][T15829] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.4165 (15829) [ 540.270413][T15829] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 540.296698][T15829] BTRFS info (device loop1): using sha256 checksum algorithm [ 540.318005][T15874] loop5: detected capacity change from 0 to 1764 [ 540.349456][ T9] usb 3-1: Using ep0 maxpacket: 16 [ 540.395890][ T9] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 540.447014][ T9] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 540.510687][ T9] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 540.577578][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 540.602237][T15829] BTRFS info (device loop1): enabling ssd optimizations [ 540.622569][ T9] usb 3-1: Product: syz [ 540.626798][ T9] usb 3-1: Manufacturer: syz [ 540.628206][T15829] BTRFS info (device loop1): turning on async discard [ 540.670631][T15829] BTRFS info (device loop1): enabling free space tree [ 540.686065][ T9] usb 3-1: SerialNumber: syz [ 540.831439][ T5839] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 540.957624][T15910] 9pnet: Limiting 'msize' to 1048576 as this is the maximum supported by transport fd [ 541.024140][ T9] usb 3-1: 0:2 : does not exist [ 541.029142][ T9] usb 3-1: unit 9 not found! [ 541.073966][ T9] usb 3-1: 4:0: cannot get min/max values for control 4 (id 4) [ 541.204373][T15914] 8021q: adding VLAN 0 to HW filter on device bond1 [ 541.328071][ T9] usb 3-1: USB disconnect, device number 114 [ 541.476864][ T6140] udevd[6140]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 541.634240][T15931] netlink: 16 bytes leftover after parsing attributes in process `syz.5.4203'. [ 541.758598][T15935] loop0: detected capacity change from 0 to 128 [ 541.871258][T15941] xt_recent: hitcount (134217728) is larger than allowed maximum (65535) [ 542.145990][T15951] binder: binder_mmap: 15949 2000004cd000-2000004ce000 bad vm_flags failed -1 [ 542.455915][T15959] loop4: detected capacity change from 0 to 4096 [ 542.473005][T15959] ntfs3(loop4): Different NTFS sector size (4096) and media sector size (512). [ 542.526245][T15969] netlink: 'syz.0.4222': attribute type 1 has an invalid length. [ 542.556379][T15969] netlink: 96 bytes leftover after parsing attributes in process `syz.0.4222'. [ 542.599134][T15969] netlink: 1 bytes leftover after parsing attributes in process `syz.0.4222'. [ 542.600641][T15959] ntfs3(loop4): Mark volume as dirty due to NTFS errors [ 542.608361][ T29] audit: type=1326 audit(1788339121.016:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15972 comm="syz.5.4223" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f50d8d9c629 code=0x7ffc0000 [ 542.653196][T15969] netlink: 658 bytes leftover after parsing attributes in process `syz.0.4222'. [ 542.684803][T15959] ntfs3(loop4): ino=19, mi_enum_attr [ 542.709893][ T29] audit: type=1326 audit(1788339121.044:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15972 comm="syz.5.4223" exe="/root/syz-executor" sig=0 arch=c000003e syscall=73 compat=0 ip=0x7f50d8d9c629 code=0x7ffc0000 [ 542.796127][T15959] ntfs3(loop4): failed to convert "c46c" to macromanian [ 542.808966][ T29] audit: type=1326 audit(1788339121.044:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15972 comm="syz.5.4223" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f50d8d9c629 code=0x7ffc0000 [ 542.835056][T15959] ntfs3(loop4): ino=20, mi_enum_attr [ 542.926090][ T29] audit: type=1326 audit(1788339121.053:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15972 comm="syz.5.4223" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f50d8d9c629 code=0x7ffc0000 [ 543.648570][T16007] loop0: detected capacity change from 0 to 4096 [ 543.685271][T16007] ntfs3(loop0): Different NTFS sector size (4096) and media sector size (512). [ 543.813340][T16007] ntfs3(loop0): Mark volume as dirty due to NTFS errors [ 543.842377][T16007] ntfs3(loop0): ino=19, mi_enum_attr [ 543.847751][T16012] loop2: detected capacity change from 0 to 2048 [ 543.867959][T16012] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024) [ 543.933280][T16007] ntfs3(loop0): failed to convert "c46c" to cp863 [ 543.945806][T16007] ntfs3(loop0): ino=20, mi_enum_attr [ 543.960916][T16015] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 543.987112][T15985] loop5: detected capacity change from 0 to 32768 [ 544.008315][T15985] (syz.5.4233,15985,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 544.060301][T16010] loop1: detected capacity change from 0 to 8192 [ 544.078852][T15985] (syz.5.4233,15985,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 544.194970][T15985] JBD2: Ignoring recovery information on journal [ 544.375236][T15985] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode. [ 544.678871][T16034] netlink: 'syz.1.4252': attribute type 39 has an invalid length. [ 544.715323][T14930] ocfs2: Unmounting device (7,5) on (node local) [ 544.817639][T16033] loop4: detected capacity change from 0 to 4096 [ 544.840796][T16033] ntfs3(loop4): Different NTFS sector size (4096) and media sector size (512). [ 544.964052][T16033] ntfs3(loop4): ino=19, mi_enum_attr [ 545.038291][T16033] ntfs3(loop4): failed to convert "c46c" to koi8-u [ 545.077236][T16033] ntfs3(loop4): ino=20, mi_enum_attr [ 545.446530][T16050] loop4: detected capacity change from 0 to 8192 [ 545.531760][T16050] FAT-fs (loop4): error, invalid access to FAT (entry 0x00003c09) [ 545.549718][T16050] FAT-fs (loop4): Filesystem has been set read-only [ 545.577486][T16050] FAT-fs (loop4): error, invalid access to FAT (entry 0x00003c09) [ 545.592414][ T5921] usb 3-1: new high-speed USB device number 115 using dummy_hcd [ 545.627641][T16050] FAT-fs (loop4): error, invalid access to FAT (entry 0x00003c09) [ 545.657946][T16062] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4266'. [ 545.791836][ T5921] usb 3-1: Using ep0 maxpacket: 8 [ 545.828935][ T5921] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9 [ 545.863283][ T5921] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 545.908179][ T5921] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 545.958181][ T5921] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12592, setting to 1024 [ 545.980440][ T5921] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 546.003502][ T5921] usb 3-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58 [ 546.030184][ T5921] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 546.059328][ T5921] usb 3-1: config 0 descriptor?? [ 546.072030][T16052] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 546.128838][T16074] loop4: detected capacity change from 0 to 2048 [ 546.172526][T16074] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 546.185610][T16082] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4275'. [ 546.241054][T16079] bond1: option primary: mode dependency failed, not supported in mode 802.3ad(4) [ 546.338176][T16079] bond1 (unregistering): Released all slaves [ 546.428203][T16086] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4277'. [ 546.536272][ T9] usb 3-1: USB disconnect, device number 115 [ 546.544593][ T5849] Bluetooth: hci5: Opcode 0x0c03 failed: -19 [ 546.625398][T16090] loop0: detected capacity change from 0 to 64 [ 546.651617][T16090] syz.0.4281: attempt to access beyond end of device [ 546.651617][T16090] loop0: rw=2049, sector=268435468, nr_sectors = 2 limit=64 [ 547.282621][T16117] netlink: 16 bytes leftover after parsing attributes in process `syz.1.4292'. [ 547.314377][T16118] loop5: detected capacity change from 0 to 512 [ 547.396613][T16118] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 547.448709][T16118] ext4 filesystem being mounted at /64/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 547.616613][T16131] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 547.644708][T14930] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 547.704686][ T9] usb 3-1: new high-speed USB device number 116 using dummy_hcd [ 547.824102][T16098] loop0: detected capacity change from 0 to 40427 [ 547.832613][T16098] F2FS-fs (loop0): build fault injection rate: 684 [ 547.839511][T16098] F2FS-fs (loop0): build fault injection type: 0x0 [ 547.847926][T16098] F2FS-fs (loop0): invalid crc value [ 547.907820][ T9] usb 3-1: Using ep0 maxpacket: 8 [ 547.935595][ T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9 [ 547.984956][ T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 548.036388][ T9] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 548.038469][T16098] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 548.065241][ T9] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 49 [ 548.106531][T16098] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 548.115673][ T9] usb 3-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58 [ 548.142980][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 548.196895][ T9] usb 3-1: config 0 descriptor?? [ 548.218798][T16125] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 548.487824][ C0] Bluetooth: hci5: Unexpected continuation: 1 bytes [ 548.496607][T16077] Bluetooth: hci5: Received unexpected HCI Event 0x00 [ 548.503788][T16077] Bluetooth: hci5: Received unexpected HCI Event 0x00 [ 548.513026][T16077] Bluetooth: hci5: Received unexpected HCI Event 0x00 [ 548.520261][T16077] Bluetooth: hci5: Received unexpected HCI Event 0x00 [ 548.528141][T16077] Bluetooth: hci5: Received unexpected HCI Event 0x00 [ 548.535021][T16077] Bluetooth: hci5: Received unexpected HCI Event 0x00 [ 548.544060][T16077] Bluetooth: hci5: Received unexpected HCI Event 0x00 [ 548.551238][T16077] Bluetooth: hci5: Received unexpected HCI Event 0x00 [ 548.558569][T16077] Bluetooth: hci5: Received unexpected HCI Event 0x00 [ 548.565874][T16077] Bluetooth: hci5: Received unexpected HCI Event 0x00 [ 548.581414][T16077] Bluetooth: hci5: Received unexpected HCI Event 0x00 [ 548.588391][T16077] Bluetooth: hci5: Received unexpected HCI Event 0x00 [ 548.595355][T16077] Bluetooth: hci5: Received unexpected HCI Event 0x00 [ 548.602611][T16077] Bluetooth: hci5: Received unexpected HCI Event 0x00 [ 548.609560][T16077] Bluetooth: hci5: Received unexpected HCI Event 0x00 [ 548.617042][T16077] Bluetooth: hci5: Received unexpected HCI Event 0x00 [ 548.624076][T16077] Bluetooth: hci5: Received unexpected HCI Event 0x00 [ 548.631252][T16077] Bluetooth: hci5: Received unexpected HCI Event 0x00 [ 548.638734][T16077] Bluetooth: hci5: Received unexpected HCI Event 0x00 [ 548.646063][T16077] Bluetooth: hci5: Received unexpected HCI Event 0x00 [ 548.652962][T16077] Bluetooth: hci5: Received unexpected HCI Event 0x00 [ 548.659961][T16077] Bluetooth: hci5: Received unexpected HCI Event 0x00 [ 548.667519][T16077] Bluetooth: hci5: Received unexpected HCI Event 0x00 [ 548.668192][ T5921] usb 5-1: new high-speed USB device number 71 using dummy_hcd [ 548.674967][T16077] Bluetooth: hci5: Received unexpected HCI Event 0x00 [ 548.689212][T16077] Bluetooth: hci5: Received unexpected HCI Event 0x00 [ 548.696244][T16077] Bluetooth: hci5: Received unexpected HCI Event 0x00 [ 548.703405][T16077] Bluetooth: hci5: Received unexpected HCI Event 0x00 [ 548.710453][T16077] Bluetooth: hci5: Received unexpected HCI Event 0x00 [ 548.715693][ T5900] usb 3-1: USB disconnect, device number 116 [ 548.718203][T16077] Bluetooth: hci5: Received unexpected HCI Event 0x00 [ 548.732814][ T5849] Bluetooth: hci5: Opcode 0x0c03 failed: -71 [ 548.934140][ T5921] usb 5-1: Using ep0 maxpacket: 32 [ 548.977600][ T5921] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 102, changing to 10 [ 549.020241][ T5921] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24624, setting to 1024 [ 549.057432][ T5921] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 549.081614][T16154] loop1: detected capacity change from 0 to 32768 [ 549.107654][ T5921] usb 5-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.22 [ 549.116649][T16154] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.4307 (16154) [ 549.153439][ T5921] usb 5-1: New USB device strings: Mfr=1, Product=130, SerialNumber=131 [ 549.161674][T16154] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 549.173719][ T5921] usb 5-1: Product: syz [ 549.177938][ T5921] usb 5-1: Manufacturer: syz [ 549.211809][ T5921] usb 5-1: SerialNumber: syz [ 549.213935][T16154] BTRFS info (device loop1): using sha256 checksum algorithm [ 549.264918][ T5921] input: appletouch as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/input/input43 [ 549.415545][T16154] BTRFS info (device loop1): enabling ssd optimizations [ 549.454824][T16154] BTRFS info (device loop1): turning on async discard [ 549.511470][T16154] BTRFS info (device loop1): enabling free space tree [ 549.550876][ T5931] usb 5-1: USB disconnect, device number 71 [ 549.557030][ C0] appletouch 5-1:1.0: atp_complete: usb_submit_urb failed with result -19 [ 549.689425][ T5931] appletouch 5-1:1.0: input: appletouch disconnected [ 549.720949][ T5839] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 550.057645][T16196] comedi comedi4: bad chanlist[0]=0x00400002 chan=2 range length=2 [ 550.331928][T16204] netlink: 'syz.5.4325': attribute type 39 has an invalid length. [ 550.579808][T16188] loop0: detected capacity change from 0 to 32768 [ 550.613064][T16188] ocfs2: Slot 0 on device (7,0) was already allocated to this node! [ 550.659798][T16188] JBD2: Ignoring recovery information on journal [ 550.724733][T16188] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 550.905159][T16226] nftables ruleset with unbound chain [ 550.944837][T16188] OCFS2: ERROR (device loop0): int ocfs2_validate_gd_self(struct super_block *, struct buffer_head *, int): Group descriptor #17056 has bit count 256 but claims that 2046 are free [ 551.007291][T16188] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted. [ 551.037216][T16188] OCFS2: File system is now read-only. [ 551.070031][T16188] (syz.0.4317,16188,0):ocfs2_search_chain:1888 ERROR: status = -30 [ 551.101319][T16188] (syz.0.4317,16188,0):ocfs2_search_chain:2011 ERROR: status = -30 [ 551.110345][T16188] (syz.0.4317,16188,0):ocfs2_claim_suballoc_bits:2098 ERROR: status = -30 [ 551.165677][T16188] (syz.0.4317,16188,0):ocfs2_claim_suballoc_bits:2151 ERROR: status = -30 [ 551.204536][T16188] (syz.0.4317,16188,0):ocfs2_claim_new_inode:2392 ERROR: status = -30 [ 551.275694][T16188] (syz.0.4317,16188,0):ocfs2_claim_new_inode:2407 ERROR: status = -30 [ 551.305198][T16239] loop2: detected capacity change from 0 to 2048 [ 551.318177][T16188] (syz.0.4317,16188,0):ocfs2_mknod_locked:642 ERROR: status = -30 [ 551.326065][T16188] (syz.0.4317,16188,0):ocfs2_mknod:389 ERROR: status = -30 [ 551.358636][T16188] (syz.0.4317,16188,0):ocfs2_mknod:506 ERROR: status = -30 [ 551.378819][T16239] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 551.388296][T16188] (syz.0.4317,16188,0):ocfs2_create:679 ERROR: status = -30 [ 551.485647][T16246] openvswitch: netlink: IPv4 tun info is not correct [ 551.514214][ T5836] ocfs2: Unmounting device (7,0) on (node local) [ 551.939019][T16261] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4353'. [ 552.047843][T16264] loop0: detected capacity change from 0 to 256 [ 552.266011][T16264] FAT-fs (loop0): Directory bread(block 64) failed [ 552.273647][T16264] FAT-fs (loop0): Directory bread(block 65) failed [ 552.313783][T16264] FAT-fs (loop0): Directory bread(block 66) failed [ 552.320374][T16264] FAT-fs (loop0): Directory bread(block 67) failed [ 552.350482][T16264] FAT-fs (loop0): Directory bread(block 68) failed [ 552.361036][T16271] loop5: detected capacity change from 0 to 4096 [ 552.368926][T16264] FAT-fs (loop0): Directory bread(block 69) failed [ 552.388607][T16271] ntfs3(loop5): Different NTFS sector size (4096) and media sector size (512). [ 552.397944][T16264] FAT-fs (loop0): Directory bread(block 70) failed [ 552.404565][T16264] FAT-fs (loop0): Directory bread(block 71) failed [ 552.417437][T16264] FAT-fs (loop0): Directory bread(block 72) failed [ 552.441939][T16277] loop4: detected capacity change from 0 to 2048 [ 552.461402][T16264] FAT-fs (loop0): Directory bread(block 73) failed [ 552.486471][T16271] ntfs3(loop5): ino=3, ntfs_set_state failed, -22. [ 552.493170][T16277] UDF-fs: error (device loop4): udf_process_sequence: Primary Volume Descriptor not found! [ 552.516576][T16271] ntfs3(loop5): Failed to initialize $Extend/$Reparse. [ 552.528973][T16273] loop1: detected capacity change from 0 to 4096 [ 552.570042][T16273] ntfs3(loop1): Different NTFS sector size (2048) and media sector size (512). [ 552.585684][T16271] ntfs3(loop5): ino=1e, mi_enum_attr [ 552.602796][T16277] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 552.623544][T16271] ntfs3(loop5): ino=1e, mi_enum_attr [ 552.680915][ T29] audit: type=1800 audit(1788339130.444:68): pid=16277 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.4360" name="file1" dev="loop4" ino=1367 res=0 errno=0 [ 552.757848][ T12] ntfs3(loop5): ino=3, ntfs3_write_inode failed, -22. [ 552.787060][T14930] ntfs3(loop5): ino=3, ntfs_set_state failed, -22. [ 552.838779][T14930] ntfs3(loop5): Mark volume as dirty due to NTFS errors [ 552.846145][T14930] ntfs3(loop5): ino=3, ntfs_set_state failed, -22. [ 552.904831][ T13] ntfs3(loop5): ino=3, ntfs3_write_inode failed, -22. [ 553.033708][T16283] loop0: detected capacity change from 0 to 512 [ 553.104181][T16283] EXT4-fs error (device loop0): ext4_orphan_get:1391: inode #15: comm syz.0.4364: inode has both inline data and extents flags [ 553.171601][T16283] loop0: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 553.178185][ C0] EXT4-fs (loop0): error count since last fsck: 1 [ 553.189641][T16283] EXT4-fs error (device loop0): ext4_orphan_get:1396: comm syz.0.4364: couldn't read orphan inode 15 (err -117) [ 553.193880][ C0] EXT4-fs (loop0): initial error at time 1788339130: ext4_orphan_get:1391: inode 15 [ 553.215182][ C0] EXT4-fs (loop0): last error at time 1788339130: ext4_orphan_get:1391: inode 15 [ 553.244259][T16283] loop0: lost filesystem error report for type 5 error -117 [ 553.263869][ T5900] usb 5-1: new full-speed USB device number 72 using dummy_hcd [ 553.288236][T16283] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 553.338176][T16283] EXT4-fs error (device loop0): htree_dirblock_to_tree:1051: inode #2: comm syz.0.4364: Directory hole found for htree leaf block 0 [ 553.445707][T16293] loop1: detected capacity change from 0 to 1764 [ 553.456980][ T5836] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 553.490197][ T5900] usb 5-1: config 8 has an invalid interface number: 223 but max is 0 [ 553.496782][T16293] iso9660: Corrupted directory entry in block 2 of inode 1920 [ 553.498718][ T5900] usb 5-1: config 8 has an invalid descriptor of length 0, skipping remainder of the config [ 553.531039][ T5900] usb 5-1: config 8 has no interface number 0 [ 553.537214][ T5900] usb 5-1: config 8 interface 223 altsetting 0 endpoint 0x7 has invalid maxpacket 512, setting to 64 [ 553.567486][ T5900] usb 5-1: config 8 interface 223 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 553.594937][ T5900] usb 5-1: New USB device found, idVendor=a6da, idProduct=7458, bcdDevice=2d.4d [ 553.620844][ T5900] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 553.628986][ T5900] usb 5-1: Product: syz [ 553.633187][ T5900] usb 5-1: Manufacturer: syz [ 553.637968][ T5900] usb 5-1: SerialNumber: syz [ 553.912082][ T5900] usb 5-1: USB disconnect, device number 72 [ 554.087717][T16316] loop0: detected capacity change from 0 to 256 [ 554.124366][T16318] loop1: detected capacity change from 0 to 1024 [ 554.197471][T16320] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4380'. [ 554.540855][T16333] xt_time: unknown flags 0xc [ 554.729486][T16336] can: request_module (can-proto-0) failed. [ 555.157373][T16352] FAT-fs (loop5): Directory bread(block 64) failed [ 555.172892][T16360] bridge2: trying to set multicast query interval above maximum, setting to 8640000 (86400000ms) [ 555.200740][T16352] FAT-fs (loop5): Directory bread(block 65) failed [ 555.227570][T16352] FAT-fs (loop5): Directory bread(block 66) failed [ 555.252238][T16352] FAT-fs (loop5): Directory bread(block 67) failed [ 555.258944][T16352] FAT-fs (loop5): Directory bread(block 68) failed [ 555.295266][T16352] FAT-fs (loop5): Directory bread(block 69) failed [ 555.301961][T16352] FAT-fs (loop5): Directory bread(block 70) failed [ 555.350374][T16352] FAT-fs (loop5): Directory bread(block 71) failed [ 555.390922][T16352] FAT-fs (loop5): Directory bread(block 72) failed [ 555.401364][T16366] : entered promiscuous mode [ 555.429399][T16352] FAT-fs (loop5): Directory bread(block 73) failed [ 556.219869][T16405] ieee802154 phy1 wpan1: encryption failed: -90 [ 556.350951][T16412] set_capacity_and_notify: 2 callbacks suppressed [ 556.350973][T16412] loop4: detected capacity change from 0 to 8 [ 556.412648][T16417] loop2: detected capacity change from 0 to 64 [ 556.437466][T16412] MTD: Attempt to mount non-MTD device "/dev/loop4" [ 556.465581][ T6140] udevd[6140]: incorrect cramfs checksum on /dev/loop4 [ 556.571501][ T6108] udevd[6108]: incorrect cramfs checksum on /dev/loop4 [ 556.861894][T16431] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 556.901728][T16427] loop4: detected capacity change from 0 to 4096 [ 556.961889][T16427] ntfs3(loop4): ino=3, ntfs_set_state failed, -22. [ 556.980188][T16433] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 556.996294][T16427] ntfs3(loop4): Failed to initialize $Extend/$ObjId. [ 557.019317][ T13] ntfs3(loop4): ino=3, ntfs3_write_inode failed, -22. [ 557.041135][T16435] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4435'. [ 557.061367][T16427] ntfs3(loop4): ino=19, ntfs_sync_fs failed, -22. [ 557.146298][T16427] ntfs3(loop4): ino=3, ntfs_set_state failed, -22. [ 557.169965][T16427] ntfs3(loop4): Mark volume as dirty due to NTFS errors [ 557.215369][T16427] ntfs3(loop4): ino=3, ntfs_set_state failed, -22. [ 557.236209][T16427] ntfs3(loop4): ino=3, ntfs3_write_inode failed, -22. [ 557.914959][T16463] loop4: detected capacity change from 0 to 256 [ 557.968623][T16463] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 558.025463][T16463] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 558.061688][T16463] FAT-fs (loop4): Filesystem has been set read-only [ 558.097118][T16463] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 558.141022][T16463] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 558.391148][T16481] netlink: 68 bytes leftover after parsing attributes in process `syz.2.4458'. [ 558.400700][T16481] netlink: 64 bytes leftover after parsing attributes in process `syz.2.4458'. [ 558.421201][T16482] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4457'. [ 558.551702][T16486] loop5: detected capacity change from 0 to 1764 [ 558.736370][T16492] bridge1: entered allmulticast mode [ 559.004929][T16507] netlink: 4768 bytes leftover after parsing attributes in process `syz.0.4470'. [ 559.291704][T16523] comedi comedi2: dac02: I/O port conflict (0x8e7a3,8) [ 559.419503][T16526] openvswitch: netlink: Unexpected mask (mask=4000040, allowed=10048) [ 559.667682][T16538] overlay: Unknown parameter 'smackfstransmute' [ 559.684653][T16541] netlink: 'syz.2.4488': attribute type 6 has an invalid length. [ 559.770192][T16544] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4489'. [ 559.830255][T16544] netlink: 44 bytes leftover after parsing attributes in process `syz.0.4489'. [ 559.862438][T16548] xt_cgroup: invalid path, errno=-2 [ 560.123640][T16556] bond1: option ad_select: invalid value (7) [ 560.149333][T16556] bond1 (unregistering): Released all slaves [ 560.183613][T16565] loop1: detected capacity change from 0 to 1024 [ 560.191067][T16565] EXT4-fs: Ignoring removed oldalloc option [ 560.218338][T16564] loop5: detected capacity change from 0 to 2048 [ 560.234619][T16564] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=3932051, location=3932051 [ 560.264956][T16565] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 560.289423][T16564] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 560.394188][T16565] EXT4-fs error (device loop1): ext4_get_first_dir_block:3550: inode #11: comm syz.1.4499: directory missing '..' [ 560.542933][ T5931] kernel write not supported for file /input/mice (pid: 5931 comm: kworker/0:4) [ 560.571899][T16579] infiniband: Added to hash: ib_dev=ffff888076168000 (0)() ndev=ffff88807ebfc000 (23)(wg1) [ 560.588712][ T5839] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 560.658698][T16579] wg1 speed is unknown, defaulting to 1000 [ 560.747988][T16579] wg1 speed is unknown, defaulting to 1000 [ 560.824251][T16579] wg1 speed is unknown, defaulting to 1000 [ 560.883418][T16579] smbdirect: ib_dev[syz2]: added: RNIC max_fast_reg_page_list_len=256 device_cap_flags=0x200000 kernel_cap_flags=0x10 page_size_cap=0x1000 [ 560.939725][T16579] smbdirect: ib_dev[syz2]: num_ports=1 max_qp_rd_atom=128 max_qp_init_rd_atom=128 max_sgl_rd=0 max_sge_rd=1 max_cqe=3276800 max_qp_wr=32768 max_send_sge=6 max_recv_sge=6 [ 561.040347][T16579] smbdirect: ib_dev[syz2]PORT[1]: iwarp=1 ib=0 roce=0 v1=0 v2=0 core_cap_flags=0x400008 [ 561.105550][T16579] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 561.174562][T16579] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 561.320552][T16605] netlink: 48 bytes leftover after parsing attributes in process `syz.4.4517'. [ 561.368250][T16579] wg1 speed is unknown, defaulting to 1000 [ 561.392048][T16579] wg1 speed is unknown, defaulting to 1000 [ 561.414589][T16579] wg1 speed is unknown, defaulting to 1000 [ 561.439269][T16579] wg1 speed is unknown, defaulting to 1000 [ 561.476275][T16579] wg1 speed is unknown, defaulting to 1000 [ 561.839747][T16628] loop2: detected capacity change from 0 to 512 [ 561.883093][T16628] EXT4-fs (loop2): Test dummy encryption mode enabled [ 561.889966][T16628] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 561.979160][T16628] EXT4-fs error (device loop2): ext4_orphan_get:1417: comm syz.2.4529: bad orphan inode 131083 [ 562.019395][T16628] loop2: lost filesystem error report for type 5 error -117 [ 562.044296][T16628] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 562.289185][ T5853] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 562.455227][T16646] xt_bpf: check failed: parse error [ 562.542571][T16648] loop2: detected capacity change from 0 to 256 [ 562.566266][T16617] loop0: detected capacity change from 0 to 32768 [ 562.573791][T16617] btrfs: Deprecated parameter 'usebackuproot' [ 562.625398][T16617] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 562.669737][T16648] FAT-fs (loop2): Directory bread(block 64) failed [ 562.682539][T16617] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.4521 (16617) [ 562.695579][T16648] FAT-fs (loop2): Directory bread(block 65) failed [ 562.702246][T16648] FAT-fs (loop2): Directory bread(block 66) failed [ 562.756433][T16648] FAT-fs (loop2): Directory bread(block 67) failed [ 562.773940][T16617] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 562.800118][T16648] FAT-fs (loop2): Directory bread(block 68) failed [ 562.806714][T16648] FAT-fs (loop2): Directory bread(block 69) failed [ 562.825992][T16617] BTRFS info (device loop0): using crc32c checksum algorithm [ 562.864590][T16648] FAT-fs (loop2): Directory bread(block 70) failed [ 562.871846][T16648] FAT-fs (loop2): Directory bread(block 71) failed [ 562.907426][T16648] FAT-fs (loop2): Directory bread(block 72) failed [ 562.925616][T16648] FAT-fs (loop2): Directory bread(block 73) failed [ 562.938418][ T13] BTRFS warning (device loop0): checksum verify failed on logical 5337088 mirror 1 wanted 0xe63dbdda found 0x32b4fbab level 0 [ 562.992019][T16617] BTRFS error (device loop0): failed to load root extent [ 562.999443][T16617] BTRFS warning (device loop0): try to load backup roots slot 1 [ 563.027525][T16617] BTRFS info (device loop0): setting nodatasum [ 563.109561][T16617] BTRFS info (device loop0): disabling tree log [ 563.163220][T16617] BTRFS info (device loop0): turning on flush-on-commit [ 563.170356][T16617] BTRFS info (device loop0): turning on async discard [ 563.213127][T16617] BTRFS info (device loop0): enabling free space tree [ 563.228198][T16680] loop1: detected capacity change from 0 to 8 [ 563.234437][T16617] BTRFS info (device loop0): force clearing of disk cache [ 563.244008][T16680] MTD: Attempt to mount non-MTD device "/dev/loop1" [ 563.262612][T16617] BTRFS info (device loop0): trying to use backup root at mount time [ 563.278967][ T6504] udevd[6504]: incorrect cramfs checksum on /dev/loop1 [ 563.319553][T16680] cramfs: Error -3 while decompressing! [ 563.362399][T16680] cramfs: ffffffff9a3b5c48(18)->ffff888051dbf000(4096) [ 563.388400][T16680] cramfs: Error -3 while decompressing! [ 563.400719][T16680] cramfs: ffffffff9a3b5c48(18)->ffff888051dbf000(4096) [ 563.415935][ T29] audit: type=1800 audit(1788339140.472:69): pid=16680 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.4545" name="file1" dev="loop1" ino=324 res=0 errno=0 [ 563.440611][ T6108] udevd[6108]: incorrect cramfs checksum on /dev/loop1 [ 563.453922][ T5836] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 564.217743][T16709] xt_TPROXY: Can be used only with -p tcp or -p udp [ 564.262390][T16712] loop5: detected capacity change from 0 to 1024 [ 564.467223][T16719] loop1: detected capacity change from 0 to 1024 [ 564.569805][T16723] netlink: 'syz.5.4565': attribute type 2 has an invalid length. [ 564.591203][T16723] netlink: 36 bytes leftover after parsing attributes in process `syz.5.4565'. [ 564.602443][ T12] hfsplus: b-tree write err: -5, ino 25 [ 564.630751][ T12] hfsplus: b-tree write err: -5, ino 4 [ 564.636377][ T12] hfsplus: b-tree write err: -5, ino 2 [ 564.691068][ T12] hfsplus: b-tree write err: -5, ino 17 [ 564.804564][T16699] loop4: detected capacity change from 0 to 32768 [ 564.820921][T16699] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.4555 (16699) [ 564.864426][T16730] loop1: detected capacity change from 0 to 64 [ 564.900932][T16699] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 564.934461][T16699] BTRFS info (device loop4): using sha256 checksum algorithm [ 565.233729][T16699] BTRFS info (device loop4): enabling ssd optimizations [ 565.269414][T16699] BTRFS info (device loop4): turning on async discard [ 565.310119][T16699] BTRFS info (device loop4): enabling free space tree [ 565.477290][T16759] loop1: detected capacity change from 0 to 512 [ 565.495246][T16699] BTRFS info (device loop4): balance: start -sprofiles=data|raid0,devid=0,vrange=2..127 [ 565.531879][T16699] BTRFS info (device loop4): balance: ended with status: 0 [ 565.570546][T16759] Quota error (device loop1): do_check_range: Getting dqdh_prev_free 1536 out of range 0-5 [ 565.591757][T16759] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 565.611534][T16759] EXT4-fs error (device loop1): ext4_acquire_dquot:7003: comm syz.1.4577: Failed to acquire dquot type 1 [ 565.716024][T16759] loop1: lost filesystem error report for type 5 error -117 [ 565.727058][T16759] Quota error (device loop1): do_check_range: Getting dqdh_prev_free 1536 out of range 0-5 [ 565.734580][ C0] EXT4-fs (loop1): error count since last fsck: 1 [ 565.734607][ C0] EXT4-fs (loop1): last error at time 1788339142: ext4_acquire_dquot:7003 [ 565.804649][T16759] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 565.829625][T16759] EXT4-fs error (device loop1): ext4_acquire_dquot:7003: comm syz.1.4577: Failed to acquire dquot type 1 [ 565.857480][T16759] loop1: lost filesystem error report for type 5 error -117 [ 565.869142][T16759] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.4577: bg 0: block 248: padding at end of block bitmap is not set [ 565.870642][ T5851] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 565.935948][T16759] loop1: lost filesystem error report for type 5 error -117 [ 565.937228][T16759] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6687: Corrupt filesystem [ 566.009683][T16759] loop1: lost filesystem error report for type 5 error -117 [ 566.010539][T16759] Quota error (device loop1): do_check_range: Getting dqdh_prev_free 1536 out of range 0-5 [ 566.070917][T16759] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 566.092684][T16759] EXT4-fs error (device loop1): ext4_acquire_dquot:7003: comm syz.1.4577: Failed to acquire dquot type 1 [ 566.131679][T16759] loop1: lost filesystem error report for type 5 error -117 [ 566.132172][T16759] EXT4-fs (loop1): 1 orphan inode deleted [ 566.174460][T16774] xt_limit: Overflow, try lower: 268435456/134217728 [ 566.205912][T16759] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 566.285096][T16759] ext4 filesystem being mounted at /935/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 566.351472][ T29] audit: type=1326 audit(1788339143.222:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16777 comm="syz.0.4584" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f91ce99c629 code=0x7ffc0000 [ 566.445268][ T29] audit: type=1326 audit(1788339143.231:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16777 comm="syz.0.4584" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f91ce99c629 code=0x7ffc0000 [ 566.556688][ T29] audit: type=1326 audit(1788339143.269:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16777 comm="syz.0.4584" exe="/root/syz-executor" sig=0 arch=c000003e syscall=86 compat=0 ip=0x7f91ce99c629 code=0x7ffc0000 [ 566.591972][ T5839] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 567.031411][T16769] loop5: detected capacity change from 0 to 32768 [ 567.066050][T16799] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4592'. [ 567.109641][T16799] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4592'. [ 567.146382][T16769] XFS (loop5): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 567.203087][T16769] XFS (loop5): Ending clean mount [ 567.237212][T16769] XFS (loop5): Quotacheck needed: Please wait. [ 567.349880][T16769] XFS (loop5): Quotacheck: Done. [ 567.577019][T14930] XFS (loop5): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 567.667010][T16817] netlink: 'syz.2.4599': attribute type 21 has an invalid length. [ 567.797614][T16797] loop1: detected capacity change from 0 to 32768 [ 567.840595][T16789] loop0: detected capacity change from 0 to 40427 [ 567.876066][T16797] __jfs_setxattr: xattr_size = 74, new_size = 12053 [ 567.889977][T16789] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 567.897769][T16789] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 567.964488][T16789] F2FS-fs (loop0): invalid crc value [ 568.281638][T16832] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4604'. [ 568.307831][T16832] netlink: 56 bytes leftover after parsing attributes in process `syz.1.4604'. [ 568.336753][T16789] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 568.346597][T16832] netlink: 580 bytes leftover after parsing attributes in process `syz.1.4604'. [ 568.347518][T16836] netlink: 'syz.4.4605': attribute type 29 has an invalid length. [ 568.402795][T16832] netlink: 56 bytes leftover after parsing attributes in process `syz.1.4604'. [ 568.412361][T16789] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 568.448456][T16789] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 568.671110][T16844] loop4: detected capacity change from 0 to 512 [ 568.737592][T16844] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 568.824194][T16844] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 568.960309][ T5851] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 570.292163][T16913] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4643'. [ 570.332421][T16913] vlan0: entered promiscuous mode [ 570.606858][T16922] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4647'. [ 570.623376][T16900] loop5: detected capacity change from 0 to 32768 [ 570.685261][T16900] (syz.5.4636,16900,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 570.701183][T16899] loop1: detected capacity change from 0 to 32768 [ 570.708673][T16899] BTRFS warning: excessive commit interval 2147483647, use with care [ 570.748874][T16900] (syz.5.4636,16900,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 570.786758][T16899] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.4635 (16899) [ 570.852779][T16900] JBD2: Ignoring recovery information on journal [ 570.891021][T16899] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 570.971369][T16930] loop4: detected capacity change from 0 to 256 [ 570.998368][T16899] BTRFS info (device loop1): using crc32c checksum algorithm [ 571.009150][ T6108] udevd[6108]: incorrect btrfs checksum on /dev/loop1 [ 571.038515][T16899] BTRFS error (device loop1): superblock checksum mismatch [ 571.051811][T16930] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 571.066393][T16899] BTRFS error (device loop1): open_ctree failed: -22 [ 571.079485][T16900] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode. [ 571.226813][T16930] exFAT-fs (loop4): start_clu is invalid cluster(0xffffffff) [ 571.257520][T16930] exFAT-fs (loop4): valid_size(150994954) is greater than size(10) [ 571.268688][ T6108] udevd[6108]: incorrect btrfs checksum on /dev/loop1 [ 571.300031][T16939] loop2: detected capacity change from 0 to 64 [ 571.368948][T16939] hfs: unable to locate alternate MDB [ 571.383249][T16939] hfs: continuing without an alternate MDB [ 571.460725][ T5931] usb 1-1: new high-speed USB device number 111 using dummy_hcd [ 571.470041][T14930] ocfs2: Unmounting device (7,5) on (node local) [ 571.620448][ T169] [ 571.622841][ T169] ====================================================== [ 571.629885][ T169] WARNING: possible circular locking dependency detected [ 571.636977][ T169] syzkaller #0 Not tainted [ 571.641423][ T169] ------------------------------------------------------ [ 571.648527][ T169] kworker/u8:5/169 is trying to acquire lock: [ 571.654624][ T169] ffff88807eec9af8 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xf2/0x15e0 [ 571.665474][ T169] [ 571.665474][ T169] but task is already holding lock: [ 571.672862][ T169] ffff8880600580b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfs_find_init+0x18e/0x300 [ 571.682229][ T169] [ 571.682229][ T169] which lock already depends on the new lock. [ 571.682229][ T169] [ 571.692650][ T169] [ 571.692650][ T169] the existing dependency chain (in reverse order) is: [ 571.701773][ T169] [ 571.701773][ T169] -> #1 (&tree->tree_lock/1){+.+.}-{4:4}: [ 571.709796][ T169] __mutex_lock+0x19f/0x1300 [ 571.714941][ T169] hfs_find_init+0x18e/0x300 [ 571.720157][ T169] hfs_get_block+0x556/0xc50 [ 571.725291][ T169] block_read_full_folio+0x29f/0x830 [ 571.731124][ T169] filemap_read_folio+0x137/0x3b0 [ 571.736689][ T169] do_read_cache_folio+0x358/0x590 [ 571.742438][ T169] read_cache_page+0x5d/0x170 [ 571.747672][ T169] __hfs_bnode_create+0x4b9/0x980 [ 571.753249][ T169] hfs_bnode_find+0x211/0xd40 [ 571.758468][ T169] hfs_brec_find+0x17b/0x510 [ 571.763607][ T169] hfs_brec_read+0x24/0x110 [ 571.768648][ T169] hfs_cat_find_brec+0x177/0x3f0 [ 571.774124][ T169] hfs_fill_super+0x4ff/0x770 [ 571.779351][ T169] get_tree_bdev_flags+0x431/0x4f0 [ 571.785005][ T169] vfs_get_tree+0x92/0x2a0 [ 571.790069][ T169] do_new_mount+0x341/0xd30 [ 571.795116][ T169] __se_sys_mount+0x31d/0x420 [ 571.800335][ T169] do_syscall_64+0x14d/0xf80 [ 571.805469][ T169] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 571.811903][ T169] [ 571.811903][ T169] -> #0 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}: [ 571.821142][ T169] __lock_acquire+0x15a5/0x2cf0 [ 571.826628][ T169] lock_acquire+0xf0/0x2e0 [ 571.831588][ T169] __mutex_lock+0x19f/0x1300 [ 571.836724][ T169] hfs_extend_file+0xf2/0x15e0 [ 571.842127][ T169] hfs_bmap_reserve+0x107/0x430 [ 571.847630][ T169] __hfs_ext_write_extent+0x1fa/0x470 [ 571.853548][ T169] hfs_ext_write_extent+0x17e/0x210 [ 571.859298][ T169] hfs_write_inode+0x117/0x960 [ 571.864609][ T169] __writeback_single_inode+0x75a/0x11a0 [ 571.870790][ T169] writeback_sb_inodes+0x992/0x1a20 [ 571.876538][ T169] wb_writeback+0x456/0xb70 [ 571.881596][ T169] wb_workfn+0x414/0xf50 [ 571.886377][ T169] process_one_work+0x949/0x1650 [ 571.891856][ T169] worker_thread+0xb46/0x1140 [ 571.897099][ T169] kthread+0x388/0x470 [ 571.901732][ T169] ret_from_fork+0x51e/0xb90 [ 571.906875][ T169] ret_from_fork_asm+0x1a/0x30 [ 571.912173][ T169] [ 571.912173][ T169] other info that might help us debug this: [ 571.912173][ T169] [ 571.922416][ T169] Possible unsafe locking scenario: [ 571.922416][ T169] [ 571.929883][ T169] CPU0 CPU1 [ 571.935259][ T169] ---- ---- [ 571.940657][ T169] lock(&tree->tree_lock/1); [ 571.945380][ T169] lock(&HFS_I(tree->inode)->extents_lock); [ 571.953895][ T169] lock(&tree->tree_lock/1); [ 571.961118][ T169] lock(&HFS_I(tree->inode)->extents_lock); [ 571.967162][ T169] [ 571.967162][ T169] *** DEADLOCK *** [ 571.967162][ T169] [ 571.975319][ T169] 3 locks held by kworker/u8:5/169: [ 571.980525][ T169] #0: ffff88801feaf948 ((wq_completion)writeback){+.+.}-{0:0}, at: process_one_work+0x855/0x1650 [ 571.991169][ T169] #1: ffffc90003177c40 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_one_work+0x87c/0x1650 [ 572.003030][ T169] #2: ffff8880600580b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfs_find_init+0x18e/0x300 [ 572.012813][ T169] [ 572.012813][ T169] stack backtrace: [ 572.018752][ T169] CPU: 0 UID: 0 PID: 169 Comm: kworker/u8:5 Not tainted syzkaller #0 PREEMPT(full) [ 572.018778][ T169] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 572.018794][ T169] Workqueue: writeback wb_workfn (flush-7:2) [ 572.018825][ T169] Call Trace: [ 572.018832][ T169] [ 572.018839][ T169] dump_stack_lvl+0xe8/0x150 [ 572.018865][ T169] print_circular_bug+0x2e1/0x300 [ 572.018894][ T169] check_noncircular+0x12e/0x150 [ 572.018922][ T169] __lock_acquire+0x15a5/0x2cf0 [ 572.018945][ T169] ? unwind_next_frame+0x1aaf/0x23c0 [ 572.018973][ T169] ? unwind_next_frame+0xa5/0x23c0 [ 572.018999][ T169] ? ret_from_fork_asm+0x1a/0x30 [ 572.019014][ T169] ? ret_from_fork_asm+0x1a/0x30 [ 572.019032][ T169] lock_acquire+0xf0/0x2e0 [ 572.019053][ T169] ? hfs_extend_file+0xf2/0x15e0 [ 572.019078][ T169] __mutex_lock+0x19f/0x1300 [ 572.019102][ T169] ? hfs_extend_file+0xf2/0x15e0 [ 572.019124][ T169] ? check_path+0x21/0x40 [ 572.019148][ T169] ? check_noncircular+0xda/0x150 [ 572.019174][ T169] ? add_lock_to_list+0xc7/0x100 [ 572.019197][ T169] ? hfs_extend_file+0xf2/0x15e0 [ 572.019220][ T169] ? __pfx___mutex_lock+0x10/0x10 [ 572.019243][ T169] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 572.019269][ T169] hfs_extend_file+0xf2/0x15e0 [ 572.019291][ T169] ? __pfx___mutex_trylock_common+0x10/0x10 [ 572.019309][ T169] ? __pfx_hfs_extend_file+0x10/0x10 [ 572.019329][ T169] ? trace_contention_end+0x3d/0x150 [ 572.019346][ T169] ? __mutex_lock+0x319/0x1300 [ 572.019372][ T169] ? __asan_memset+0x22/0x50 [ 572.019387][ T169] ? hfs_brec_find+0x19a/0x510 [ 572.019406][ T169] hfs_bmap_reserve+0x107/0x430 [ 572.019431][ T169] __hfs_ext_write_extent+0x1fa/0x470 [ 572.019455][ T169] hfs_ext_write_extent+0x17e/0x210 [ 572.019477][ T169] ? __pfx_hfs_ext_write_extent+0x10/0x10 [ 572.019505][ T169] hfs_write_inode+0x117/0x960 [ 572.019530][ T169] ? __pfx_hfs_write_inode+0x10/0x10 [ 572.019555][ T169] ? __pfx_hfs_writepages+0x10/0x10 [ 572.019582][ T169] ? do_raw_spin_unlock+0xf5/0x210 [ 572.019602][ T169] __writeback_single_inode+0x75a/0x11a0 [ 572.019627][ T169] writeback_sb_inodes+0x992/0x1a20 [ 572.019660][ T169] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 572.019680][ T169] ? do_raw_spin_lock+0x12b/0x2f0 [ 572.019712][ T169] ? rcu_is_watching+0x15/0xb0 [ 572.019746][ T169] wb_writeback+0x456/0xb70 [ 572.019768][ T169] ? queue_io+0x1e1/0x4a0 [ 572.019792][ T169] ? __pfx_wb_writeback+0x10/0x10 [ 572.019812][ T169] ? do_raw_spin_lock+0x12b/0x2f0 [ 572.019835][ T169] wb_workfn+0x414/0xf50 [ 572.019853][ T169] ? look_up_lock_class+0x57/0x110 [ 572.019880][ T169] ? __pfx_wb_workfn+0x10/0x10 [ 572.019898][ T169] ? do_raw_spin_lock+0x12b/0x2f0 [ 572.019916][ T169] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 572.019942][ T169] ? process_one_work+0x87c/0x1650 [ 572.019963][ T169] process_one_work+0x949/0x1650 [ 572.019994][ T169] ? __pfx_process_one_work+0x10/0x10 [ 572.020015][ T169] ? do_raw_spin_lock+0x12b/0x2f0 [ 572.020039][ T169] worker_thread+0xb46/0x1140 [ 572.020072][ T169] kthread+0x388/0x470 [ 572.020088][ T169] ? __pfx_worker_thread+0x10/0x10 [ 572.020110][ T169] ? __pfx_kthread+0x10/0x10 [ 572.020127][ T169] ret_from_fork+0x51e/0xb90 [ 572.020151][ T169] ? __pfx_ret_from_fork+0x10/0x10 [ 572.020172][ T169] ? __switch_to+0xc7d/0x1450 [ 572.020192][ T169] ? __pfx_kthread+0x10/0x10 [ 572.020209][ T169] ret_from_fork_asm+0x1a/0x30 [ 572.020230][ T169] [ 572.378565][ T5931] usb 1-1: Using ep0 maxpacket: 32 [ 572.409050][ T5931] usb 1-1: unable to get BOS descriptor or descriptor too short [ 572.418109][ T5931] usb 1-1: config 128 has an invalid interface number: 127 but max is 3 [ 572.426543][ T5931] usb 1-1: config 128 has an invalid descriptor of length 0, skipping remainder of the config [ 572.436875][ T5931] usb 1-1: config 128 has 1 interface, different from the descriptor's value: 4 [ 572.445980][ T5931] usb 1-1: config 128 has no interface number 0 [ 572.452304][ T5931] usb 1-1: config 128 interface 127 altsetting 14 endpoint 0x5 has an invalid bInterval 0, changing to 7 [ 572.467051][ T5931] usb 1-1: config 128 interface 127 altsetting 14 endpoint 0x5 has invalid wMaxPacketSize 0 [ 572.477272][ T5931] usb 1-1: config 128 interface 127 has no altsetting 0 [ 572.496556][ T5931] usb 1-1: New USB device found, idVendor=0582, idProduct=295c, bcdDevice=d4.55 [ 572.506218][ T5931] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 572.514294][ T5931] usb 1-1: Product: syz [ 572.518506][ T5931] usb 1-1: Manufacturer: syz [ 572.523156][ T5931] usb 1-1: SerialNumber: syz [ 572.773021][ T5931] usb 1-1: USB disconnect, device number 111 [ 572.788050][ T6108] udevd[6108]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:128.127/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 581.607831][ T1305] ieee802154 phy1 wpan1: encryption failed: -22