last executing test programs: 4.530064984s ago: executing program 2 (id=3009): mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x1002, 0x0, 0x9, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}, {@redirect_dir_nofollow}]}) r0 = syz_open_procfs(0x0, &(0x7f0000000100)='mountinfo\x00') read$FUSE(r0, &(0x7f0000000ec0)={0x2020}, 0x608) 4.419878749s ago: executing program 2 (id=3011): r0 = socket(0x2, 0x80805, 0x0) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}, 0x9}]}, &(0x7f00000002c0)=0x10) getsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f00000001c0)={r2, 0x8000}, &(0x7f0000000280)=0x8) 3.411991182s ago: executing program 2 (id=3028): r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000000)="1400000010003507d25a806f8c6394f90324fc60", 0x14}], 0x1}, 0x0) recvmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001600)=[{&(0x7f00000004c0)=""/4096, 0x1000}], 0x1}, 0x0) r1 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0xffffff0a, &(0x7f0000000080)=[{&(0x7f0000000040)="c01803002f000b12d25a80648c2594f90124fc60100c034002000000053582c137153e370248078000f01700d1bd", 0x33fe0}], 0x1}, 0x0) 3.095725256s ago: executing program 2 (id=3035): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000280)={0x24, 0x0, 0x0, &(0x7f0000000300)={0x0, 0x22, 0xf, {[@global=@item_012={0x2, 0x1, 0xe31d2cc890952081, '\x00\x00'}, @local=@item_4={0x3, 0x2, 0x0, "45501821"}, @main=@item_4={0x3, 0x0, 0x8, "fbd881fa"}, @global=@item_012={0x1, 0x1, 0x7, "84"}]}}, 0x0}, 0x0) r1 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0) ioctl$HIDIOCGFIELDINFO(r1, 0xc038480a, &(0x7f0000000040)={0x1, 0x100, 0x7, 0xacd, 0x7, 0x82, 0xa, 0x4, 0x12, 0x6, 0x7, 0x0, 0x1, 0x54}) 3.095579336s ago: executing program 4 (id=3036): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}) writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000080)="2e9b3d0007e03dd65193dfb6c575963f86ddf06712e9001c2f8db0049d90491ceaebfd26d4eef23248000000f858dbb8a190", 0x32}, {&(0x7f0000000040)="071a00000e80006558881a9f", 0xc}], 0x2) 2.950580883s ago: executing program 3 (id=3039): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000180)={{{@in=@rand_addr=0x64010100, @in=@loopback, 0x0, 0xbf, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0xfffffffffffffffc, 0x0, 0x1}, {0x3, 0x0, 0x0, 0x2}}, {{@in=@local, 0x0, 0x32}, 0x0, @in=@broadcast, 0x0, 0x3, 0x1, 0x0, 0xf000000}}, 0xe8) listen(r0, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000380)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3d}, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @empty, @broadcast}, {{0x4e23, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x10, 0x100}}}}}}, 0x0) 2.828007168s ago: executing program 3 (id=3041): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000040)={0x1, &(0x7f0000000340)=[{0x6, 0x1, 0x0, 0x67b}]}, 0x10) bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r0, 0x84, 0x71, &(0x7f0000000000)={0x0, 0x6}, &(0x7f00000000c0)=0x8) 2.694151154s ago: executing program 4 (id=3044): r0 = syz_usb_connect(0x3, 0x3c, &(0x7f0000000380)=ANY=[@ANYBLOB="120101000814c910be0632a2f333010203010902120001000000000904"], 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) r1 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402) ioctl$I2C_RDWR(r1, 0x707, &(0x7f00000002c0)={&(0x7f00000001c0)=[{0x2, 0x8411, 0x22, &(0x7f00000006c0)="0203204bdcc36cda8907f47563863d1428f47b34551c000bce0f6bc6584f11a7489c"}], 0x1}) 2.166954627s ago: executing program 0 (id=3052): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f00000027c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000011c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="14000000000000000100000001"], 0x18, 0x20000010}}], 0x1, 0x40) sendmmsg$unix(r1, &(0x7f00000bd000), 0x2d, 0x20040040) recvmmsg$unix(r0, &(0x7f0000002640)=[{{0x0, 0x0, 0x0}}], 0x1, 0x100, 0x0) 2.110574099s ago: executing program 0 (id=3053): r0 = socket(0x840000000002, 0x3, 0xff) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='gre0\x00', 0x10) r1 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000200)={'gre0\x00', 0x0}) setsockopt$inet_mreqn(r0, 0x0, 0x20, &(0x7f0000000180)={@initdev={0xac, 0x1e, 0x0, 0x0}, @loopback, r2}, 0xc) 2.018418663s ago: executing program 0 (id=3054): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000001c0)={0x4, 0x0, 0x0, 'queue0\x00'}) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x8882) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r1, 0x40605346, &(0x7f0000000400)={0x0, 0x0, {0x3, 0x2, 0x0, 0x0, 0x3}, 0x1000d023}) write$sndseq(r1, &(0x7f0000000140)=[{0x1f, 0x0, 0x0, 0xfd, @tick=0x4, {}, {}, @raw32={[0x0, 0x8]}}], 0x1c) 2.008125074s ago: executing program 4 (id=3055): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x13, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000f80085000000b0000000180100002020782500000000f01f20207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000400)='virtio_transport_alloc_pkt\x00', r0}, 0x18) r1 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r1, &(0x7f0000000040)={0x28, 0x0, 0x0, @local}, 0x10) 1.86588056s ago: executing program 3 (id=3057): syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000280)='./file1\x00', 0x14552, &(0x7f0000000b40)=ANY=[], 0xfb, 0x1219, &(0x7f0000001100)="$eJzs28FrXEUcB/BfkqapqclGrdUWxEEvFeTR5OBFL0FSkC4obSO0gvBqXnTJczfkLYEVsXry6t8hggjeBPGml1z8DwRvuXisID7JrrZd3RVWQjfI53PZH8z7zs7ssAuzzBy+8tn7O9tVtp13Y3ZmJmZ3I9LdFClm4y8fxwsvf//DM9dv3rq63mxuXEvpyvqN1ZdSSsvPfvvWh18891337JtfL3+zEAcrbx/+svbzwfmDC4e/33ivVaVWldqdbsrT7U6nm98ui7TVqnaylN4oi7wqUqtdFXtD7dtlZ3e3l/L21tLi7l5RVSlv99JO0UvdTuru9VL+bt5qpyzL0tJiMLlT96rNz+/WdR1R1/NxOuq6rh+JxTgbj8ZSLEcjVuKxeDyeiHPxZJyPp+Lp+OqnL3tHCQAAAAAAAAAAAAAAAAAAAOD4THr//0L/qWmPGgAAAAAAAAAAAAAAAAAAAP5frt+8dXW92dy4ltKZiPLT/c39zcHroH19O1pRRhGXoxG/Rf/2/8CgvvJac+Ny6luJT8o7f+bv7G/ODedXoxEvjs6vDvJpOL8Qiw/m16IR50bl52NtZP5MXHr+gXwWjfjxnehEGVtxlL3//h+tpvTq682/5S/2nxtv7mEsDwAAAByLLN0zcv+eZePaB/kJ/h8Y2l8fZS+emurUiYiq98FOXpbFnmJkcelkDKNfnD7ODucjYrLUr3VdT/9DmFIx/puyEBH/ueeZiDgZE/xHMe1fJh6G+4s+7ZEAAAAAAAAAAAAwibHHABf+7YTg3ETHCac9RwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+YAeOBQAAAACE+Vun0bEBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfBUAAP//0AbP3Q==") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000240), 0x3af4701e) r1 = creat(&(0x7f00000000c0)='./bus\x00', 0x1a2) fallocate(r1, 0x0, 0xbf5, 0x2000402) 1.84803793s ago: executing program 1 (id=3058): timer_create(0x0, &(0x7f0000000180)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x4}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) fanotify_mark(0xffffffffffffffff, 0x39, 0x1a, 0xffffffffffffffff, 0x0) 1.83933049s ago: executing program 0 (id=3059): syz_mount_image$f2fs(&(0x7f00000002c0), &(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000005c0)=ANY=[], 0x1, 0x5508, &(0x7f0000000740)="$eJzs3M1rI2UYAPAn7Xa/XYt48LYDi9jCJjT9WPRWdRc/sEtZ9eBJ0yQN2U0ypUnT2pMHj+LB/0QUPHn0b/Dg2Zt4ULwJSmamuvUDhKaJ3f5+MHnmffPmmecNy8IzUxLAuTWf/PJTKW7ElYiYjYjrEdl5qTgy63l4LiJuRsTMY0epmP9j4mJEXI2IG6Pkec5S8dZnt4e31n588+evv7104drnX303vV0D0/Z8RHR38vP9bh7TVh4fFvO1YTuL3dVhEfM3uo+KcZrH/eZWlmG/drSulsWVVr4+3dnrj+J2p1YfxVZ7O5vf6eUX7A9bR3myDzys7WbjRnMri+1+msXWYV7XwWH+f9thf5DnaRT5PszSx2BwFPP55kEz38/OoyzWe4NiPs+bNpoHozgsYnG5qKedRlbH1km+6f+3t9q9vYNk2Nztt9Neslapvlip3ilXd9NGc9BcLde6jTuryUKrM1pWHjRr3fVWmrY6zUo97S4mC616vVytJgt3m1vtWi+pVisrlaXy2mJxdjt57f67SaeRLIziK+3e3qDd6Sfb6W6Sf2IxWa6svLSY3Komb29sJpsP7t3b2Hzn/bvv3X95441Xi0V/KytZWF5aXi5Xl8rL1cVztP+Pi6LHuH84kdK0CwA4e/T/wDScXv+/+yDi9Pv/0P+PxZnqfyfY/79wTvYPJ6L/BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4t76f++L17GQ+H18r5p8qpp4pxqWImImI3/7BbFw8lnO2yDP3L+vn/lLDN6XIMoyucak4rkbEenH8+vRpfwsAAADw5Pryo5uf5t16/jI/7YKYpPymzcz1D8aUrxQRc/M/jCnbzOjl2TEly/59X4iDMWXLbmBdHlOy/JbbhXFl+09mj4XLj4VSHmYmWg4AADARxzuByXYhAAAATNIn0y6A6SjF0aPMo2fB2V/e//lA8MqxEQAAAHAGlaZdAAAAAHDqsv7f7/8BAADAky3//T8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB+Z+d+bhMHojgAPxu8sP+0aLX3bWVvUMaWsMc9RhSQJiggB9JCGqAGcksJEUR4HAIRh0ge20r0fZIzGcv8eIPgMDPSAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdOm+Wi9ur35ft83Z7dvJMxoAAADgkm21XtT/zFL/a3P/e3PrZ9MvIqKMiEtz91F8OsscNTnVy/M3p89Xr2q4i6gTDu8xaa4vEfGnuR5/dP0pAAAAwMe1Wa7mabae/syGLog+pUWb8tvfTHlFRFSzh0xp5SHvV6aw+vs9jv+Z0uoFrGmmsLTkNs6V9ib1z/24ajc9aYrUlBdfdiwy29gBAIAejc6afmchAAAA9Onf0AUwjCKetzKPW4GT1DTbe5/PegAAAMA7VAxdAAAAANC5ev7f0/l/e+f/AQAAwDDS+X8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB0aVutF5vlat42Z7dvJ89oAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeGJ/3lEgBMIgDPau70zm/oeVBk1NTapA+PgbgwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN787i//J6bGmWTutbH0PJKsnRpbp8beuXH0h/H1awAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAi/15SYEQCIIomDP+d9L3P6wk6BlEiICGRxW1aAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAL/rdL/8npsaZZO60sXQ8kqxdNbauGnsPGkcPxtu/AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAi527542jCAMAPLt7eyHh6zDoCiMEEgU05HIJCekQBcii4CcgWc4lmFz4SFyQKEK4oUOu0yAoEUICmS7/IXUipQldiiuCRA2avV3fJrHk42v3bD+PNDvvrVY77+xJlt+dsQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKAyeWcWZ/HQm8Zpee72g+trsb/zSB/d3Lq7HFuMkyaT3h9eqn9I+u0lAgAAwOGRVfV9COFevr0S+7RX1P95dU2s+b97ehpX9fyjdX/VV7V/bL/+cv+FnYF603HiTc+vj0cnHk+l8//NcrE9u+cVneLJF+9esuILSd/ffH6SF88z+ebWrXe7RXikiWwBgH/ieNWXQfX7UOyHbSYGwKHRqRXeVf2f9drNCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKAJk83wZBUnIYTlziyO7jy4vrZbf3Pr7nLVzty4sRW+mt0z3iIPIZxfH49ONDqbxXbl6rWLq+Px6HLzwcshhLZGf7uc/sUPx8/seXEIrTwfwX8UpOWXvSj57I+gxR9KAAAcSHnZYl1/L99eieeSpRD+/P7h+v+1WhzmrP/vf3Tmdn2sev0/bGyGi2+wcemzwZWr195Yv7R6YXRh9MmbJ4dvDU+dPX367KB4VzLwxgQAAIB/p1u2ev2fLj2+/n+sFoc56//Pvx1+WR8rU//varbo13YmAAAAh9tzr/zxe7LL+aTbDV+sbmxc7oR4HO58Pjk9tpDq33akbPX6P1tqOysAAACgCZPN5KH1/3O1OMy5/v/UDy/+VL9nFkI4Wq7/H1/7dHyuuekstCb+nLjtOQIAANCuo2Wrr//nxf7/dGfLQxpCeP3VaVz+G8C56v/sva9/rI9V3/9/qrkpLqS0P30eRd8PodNvOyMAAAAOsifKFov93/LtlY9/PvZB1/5/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgKb9FQAA//+AcD1H") r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x183341, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x5) pwrite64(r1, &(0x7f0000000140)='2', 0xff10, 0x8000c61) ioctl$F2FS_IOC_START_ATOMIC_WRITE(r0, 0xf501, 0x0) 1.772117794s ago: executing program 4 (id=3060): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x9}]}, &(0x7f00000002c0)=0x10) getsockopt$inet_sctp_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, &(0x7f00000003c0)={0x0, 0xb5dd}, &(0x7f0000000080)=0x8) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$bt_hci(r1, 0x84, 0x1f, &(0x7f0000000080)=""/4057, &(0x7f0000001180)=0xfd9) 1.675628578s ago: executing program 1 (id=3061): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4) sendmsg$inet6(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="380000000000000029000000390000002f04000900000000fe8000000000000000000000000000bbfc010000000000000000000000000000140000000000000029"], 0xb8}, 0x4004011) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'gretap0\x00', 0x0}) sendto$packet(r0, &(0x7f0000000180)="0b0312002e0064000200475400f6a13bb1000000086086dd4803", 0x100a6, 0x0, &(0x7f0000000140)={0x11, 0x8100, r1}, 0x14) 1.567744843s ago: executing program 1 (id=3062): r0 = socket(0x2, 0x80805, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x1, 0x0, 0x0, 0x0, 0x1}, 0x94) r1 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x84, &(0x7f0000000440)={r2, @in={{0x2, 0x4e21, @empty}}, 0xfffc, 0x86}, &(0x7f0000000500)=0x90) 1.420010599s ago: executing program 1 (id=3063): close(0xffffffffffffffff) eventfd2(0x0, 0x0) r0 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x10c2, 0x1, 0x10}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x3, 0x0, 0x0, 0x0, 0x8}) io_uring_enter(r0, 0x3516, 0x0, 0x0, 0x0, 0x0) 1.382347541s ago: executing program 1 (id=3064): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10) connect$inet(r0, &(0x7f00000009c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x35}}, 0x10) writev(r0, &(0x7f0000000200)=[{&(0x7f00000000c0)='X', 0x8030000}], 0x1) recvmmsg(r0, &(0x7f0000003e40)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000035c0)=""/241, 0xf1, 0xfebf}}, {{&(0x7f0000000540)=@un=@abs, 0x80, &(0x7f00000001c0)=[{&(0x7f0000000040)=""/12, 0xc}], 0x0, &(0x7f00000005c0)=""/246, 0xf6}}, {{&(0x7f0000003c80)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @empty}}}, 0x80, 0x0, 0x0, &(0x7f0000000240)=""/53, 0x30}}, {{0x0, 0x0, &(0x7f0000000480)=[{0x0}, {&(0x7f0000003a00)=""/190, 0xbe}, {&(0x7f0000003ac0)=""/131, 0xfffffd18}, {0x0}, {&(0x7f0000000300)=""/84, 0x54}, {&(0x7f0000000380)=""/211, 0xd3}], 0x6, &(0x7f0000003c00)=""/65, 0x41}, 0x8001}], 0x4, 0x40000121, 0x0) 1.247669126s ago: executing program 2 (id=3065): sendmsg$DEVLINK_CMD_RATE_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x3c, 0x0, 0x8, 0x70bd2b, 0x25dfdbfd, {}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_PORT_INDEX={0x8}]}, 0x3c}}, 0x40) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x42002) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000540)={0x3, 0x0, 0x0, 'queue1\x00'}) write$sndseq(r0, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32}], 0xffc8) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000140)={0x14f, @tick=0x7}) 840.098994ms ago: executing program 2 (id=3066): r0 = socket$inet_sctp(0x2, 0x1, 0x84) r1 = dup(r0) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r1, 0x84, 0x84, &(0x7f00000008c0)={0x0, @in6={{0xa, 0x4e20, 0x0, @empty, 0x4}}, 0x651, 0xd}, 0x90) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e21, @local}], 0x10) sendmsg$inet_sctp(r0, &(0x7f0000000700)={&(0x7f00000004c0)=@in={0x2, 0x4e21, @local}, 0x10, &(0x7f00000002c0)=[{&(0x7f00000005c0)="97", 0x1}], 0x1, 0x0, 0x0, 0x804c040}, 0x0) 796.312886ms ago: executing program 4 (id=3067): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000b00)={{r0, 0xffffffffffffffff}, &(0x7f0000000380), &(0x7f00000003c0)='%-010d \x00'}, 0x20) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000000c0)={r1, 0xffffffffffffffff}, 0x4) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x16, 0x10, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000ffff0b867b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r3, 0x0, 0xe, 0x48000000, &(0x7f0000000300)="40f0538ef047b21fb60068305500", 0x0, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 641.793513ms ago: executing program 0 (id=3068): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='veno', 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r0, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0) 512.120419ms ago: executing program 4 (id=3069): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) sched_setscheduler(0x0, 0x2, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) remap_file_pages(&(0x7f000013e000/0x3000)=nil, 0x3000, 0x0, 0x21, 0x1) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x9) 511.869029ms ago: executing program 3 (id=3070): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000840)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x0, {{@in, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x3a}, {0x0, 0x7, 0x0, 0x0, 0x0, 0x2}, {0xc31}, 0x0, 0x0, 0x1, 0x0, 0x1}, [@tmpl={0x44, 0x5, [{{@in6=@rand_addr=' \x01\x00', 0x2, 0x2b}, 0xa, @in6=@remote, 0x0, 0x4}]}]}, 0xfc}}, 0x0) r1 = socket$inet(0x2, 0x3, 0x7f) bind$inet(r1, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) 394.138384ms ago: executing program 1 (id=3071): syz_mount_image$jfs(&(0x7f0000000400), &(0x7f0000000380)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x1c802, &(0x7f0000002740)=ANY=[], 0x3, 0x5f4f, &(0x7f0000009040)="$eJzs3V1vHFf9B/DfPnj90H/TqPqrChEXbgqlpTTPCZSnplxwAUggoVyTyHWrQFpQEhCtIuIqF4gLHl4C3PSGi76RIvEKEC+ASAlXlaAMGvucZDxeex1i76x9Ph/JmfntmfGeydfj2fXM7AkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIL7z7R+e6UXElV+kB45G/F8MIvoRi3W9HPXMpbz8MCKOxXpzPBcRg/mIev31f56JOB8RHx+JuP/g9kr98Nld9uPC6Vs3Pv3ut/7269/fPfbjN3/0Ybv9B/9/7qPf3Ik4+v3XPvr0zt5sOwAAAJSiqqqql97mH0/v7/tddwoAmIp8/K+S/LharVar97T+XX+2+qMutG6qxrvTLCJirblO/ZrB6XgAOGDW4pOuu0CH5F+0YUQ81XUngJnW67oD7Iv7D26v9FK+vebxYHmjPf+dclP+a72H93dsN52kfY3JtH6+7sYgnt2mP4tT6sMsyfn32/lf2WgfpeX2O/9p2S7/0catT8XJ+Q/a+bdsyv8PEXFg8++Pzb9UOf/h4+S/NjjA+7/8AQAAAAA4/PLf/492fP53/sk3ZVd2Ov+7PKU+AAAAAAAAAMBee9Lx/x4y/h8AAADMrPq9eu2PRx49tt1nsdWPX+5FPN1aHihMullmqet+AAAAAAAAAAAAAEBJhhvX8F7uRcxFxNNLS1VV1V9N7fpxPen6B13p2w8l6/qXPAAAbPj4SOte/l7EQkRcTp/1N7e0tFRVC4tL1VK1OJ9fz47mF6rFxvvaPK0fmx/t4gXxcFTV32yhsV7TpPfLk9rb369+rlE12EXHpqPDwAEgIjaORvcdkQ6Zqnomun6Vw8Fg/z987P/sRtc/pwAAAMD+q6qq6qWP8z6ezvn3u+4UADANC/n43z4voFar1Wq1+vDVTdV4d5pFRKw116lfMxiOHwAOmLX4pOsu0CH5F20YEce67gQw03pdd4B9cf/B7ZVeyrfXPB6k8d3ztSCb8l/rra+X1x83naR9jcm0fr7uxiCe3aY/z02pD7Mk599v539lo32Ultvv/Kdlu/zr7TzaQX+6lvMftPNvOTz598fmX6qc//Cx8h/IHwAAAAAAZlj++//Rcs//DnJ/lqfUBwAAAAAAAADYa/cf3F7J973m8/+fHbNcrznn/s9DI+ff23X+7v89THL+/Xb+rQtyBo35e288yv+fD26vfHjrH5/J05nPf24wqp97rtcfDNM1P9XcW3EtrsdqnN6y/HBT+5kt7XOb2s9OaD+3pX1Uty/m9pOxEj+N6/Hmw/b5CRdGLUxorya05/wH9v8i5fyHja86/6XU3mtNa/c+6G/Z75vTcc9z6c//fnHr3jV9d2PwcNua6u070UF/1v9PnhrFz2+u3jj5y6u3bt04E2my6dGzkSZ7LOc/l75y/i+9sNGef+8399d7H4weO/9ZcTeG2+b/QmO+3t6Xp9y3LuT8R+kr55+PQOP3/4Oc//b7/ysd9AcAAAAAAAAAAAAAAAB2UlXV+i2ilyLiYrr/p6t7MwGAqfrt99JMlYRarVar1epDWzdV473eLGJh8zoXI+JX474ZADDL/hMRf++6E3RG/gXLn/dXTz/XdWeAqbr53vs/uXr9+uqNm133BAAAAAAAAAD4X+XxP5cb4z+vXwfUGjd60/ivb8TygR3/sz8arI91njbo+dh5/O8TsfP438MJzzc3oX00oX1+QvvChPaxN3o05PyfTxnn/I+nDStp/NeXOuhP13L+J9JYzzn/L7SWa+Zf/ekg59/flP+pW+/87NTN995/9do7V99efXv13TOnL54/d+H8uQsXTr117frq6Y1/O+zx/sr557GvXQdalpx/zlz+Zcn5fz7V8i9Lzv/FVMu/LDn//HpP/mXJ+ef3PvIvS87/5VTLvyw5/y+mWv5lyfm/kmr5lyXn/6VUy78sOf9XUy3/suT8T6Za/mXJ+Z9KtfzLkvPPZ7jkX5acf76yQf5lyfmfTbX8y5LzP5dq+Zcl538+1fIvS87/QqrlX5ac/8VUy78sOf8vp1r+Zcn5fyXV8i9Lzv+1VMu/LDn/r6Za/mXJ+X8t1fIvS87/66mWf1ly/t9ItfzLkvP/ZqrlX5ac/+upln9ZHn3+v5kpz/zrLxEz0A0zpc68+9edlun6NxMAAAAAAAAAAAAA0DaNK4273kYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+C87cCAAAAAAAOT/2ghVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV2IEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsLe3cXIVd5nAD/7Za8NCW4ghBAnrI0BA4t311/gEINJQkpJm1IS0qYlNY69Nk78Ve86AYTKUmhLFKQitRf0omkSpVGktgJFkZpKNEJqpPauXCXiJmolLiwVKgcllVIFtjpz3vfdmdnZmfXH4jnn/H4I/70zZ2beOXNmdp+1nhkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAaLbhY9N/PpBlWf5/4491WXZp/vc12Z78y7mdF3uFAAAAwPl6q/HnP1yWTtizjAs1bfNvH/qP78/Pz89nX3jz9Nt/OT+fzhjLsqHVWdY4L/r3X/5ivnmb4KlsdGCw6evBHjc/1OP84R7nj/Q4f1WP81f3OH+0x/mLdsAia4rfxzSubFPjr+uKXZpdkY00ztvU4VJPDaweHIy/y2kYaFxmfuRgdjg7kk1nk4suM9D4L8te2pDf1j1ZvK3Bpttan2XZmZ89vj+uYSDs401Zy401ND92b9yVjb35s8f3f2f29fd3mj13w6KVZtnmjfk6n86yhV9XZQPZ6rRP4joHm9a5vsM6h1rWOdC4XP739nWeWeY64/0eDet8pcs614fTHrk2y7K5bMlt2j2VDWZr22417e/R4ojIryN/KN+TDZ/VcbJhGcdJfpnXrm09TtqPybj/N4R9MrzEGpofjjeeXLVov5/rcZLf6344VvPrvi+/0dHR5l+tthyr+TaPX7f0MdDxsetwDKRjuekY2NjrGBhcNdQ4BgYX1ryx5RiYWnSZwWygcVunr+t+DEzMHj0xMfPoY7ccPrrv0PSh6WNTkzu3b9uxfduOHRMHDx+Zniz+PLtdWiJrs8F0DG4MrzXxGLyhbdvmQ3L+mxfueTDaJ8+D/L5/5vp8QZcOZksc4/k2T28+/+dB+r7f9DwYbnoedHxN7fA8GF7G8yDf5szm5X3PHG76v9MaVuq1cF3TMXAxvx/mt/ngjUu/Fq4P63rmprP9fji06BiId2sgPPfyU9LPe6O3hf2y+Li4Oj/jklXZqZnpk1se2Tc7e3IqC+MdcXnTY9V+vKxtuk/ZouNl8KyPlz1//6vrr+5w+rqwr0Zv7v5Y5dtsH+/+WDVe3Vv356qs2J8tp27NwrjA3un92em7Wb4/U5bosj/zbZ6+5fx/Fky5pOn1b6TX69/QyHDx+jeU9sZIy+vf4odmqLGyLDtzy/Je/0bC/+/0698VffL6l++rB7d0PwbybZ6ZONtjYLjr69+1YQ6E9dwYEsNoU+5/u3H+XHGYNj2WPY+b4eGRcNwMx1tsPW62LbpMfm35bW+ePLfjZvO1rY9Vy88tFTxu8n31V5Pdj5t8m5enzv+1Y038a9Nrx6pex8DI0Kp8vSPpIChe7+bXxGNgS7Y/O54dyQ6ky+SPcn5b41uXdwysCv+/068dV/XJMZDvq+e3dj8G8m1+tO3C/uy0OZyStmn62an99wtLZf6rhxeur323XejMn6/z4z/+VDqtU4bIt3l9+9nmjO776eZwyiUd9lP782epY/pA9s7sp6vCOo/s6P67qXybK3Yu83jak2XZq1OvNn7fFX6/+71TP/5+y+99O/1O+dWpV++duP8nZ7N+AADO3duNP+dWFT9rNv2L9XL+/R8AAAAohZj7B8NM5H8AAACojJj7h8JM5H8AAACojJj7h8NMapL/H75t1wtvPZGldwOcD+L5cTfcd0exXex4z4Wvx+YX5Kd/9NsjL3z1ieXd9mCWZb+69wMdt3/4jriuwom4zg+3nr7IVdcs6/YfemBhu+b3Tzizq7j+eH+WexjErvJLE1sb1zv26FRjvnxv1pj3zz3zVHH9xddx+9Pbiu3/JrxpyZ6DAy2X3xzWsynMsfCeMvftWdgP+YyXe2H9h/718s8u3F683MDGdzfu5vN/XFxvfI+o5y4vto/3e6n1/8vXvvtCvv0j13Ve/xODndd/Olzva2H+cnexffM+/2rT+v80rD/eXrzclm/9sOP6X3xfsf2L4bj4Rpjt67/rLz74VqfHK97OntuLy8Xbn/zf7Y3LxeuL19++/tEnplr2R/v1v/xmcT27v/zzoebt4+nxdqKHbm89vgfC49vSI8+y7Lt/lrXs5+wjxeX+uW398fpO3N55/Te3rfPEwDWNyy/cn3Ut9+vrf7e14/2N69nzj+ta7s9zd4f99+bEj/LrPX1/OB7D+f/3SnF97e9l+uLdra83cftvrCuet/H6JtrW/1zb+ueuyfdd7/Xf82ax/hfvXN2y/j2fCMfTPcXstf5Df3tZy+W/+Z3i8Tj5lfFjx2dOHT7QtFebn8erR9esveTSd737svBa2v713uOzD0+fHJscm8yysRK+ZeBKr/9bYf5PMeYu/C0UfvLz4rh79pPF960bflF8/Vw4/aHweMbvj1//65GW47X9cZ+7s5jnu/6bwjqW631f+69rlrXh6c+/dOqf/uT19p8L4v058d7Rxv17fsOVjfMGXi7Ob3+96uU/39v6vP7p8GRj/iDs1/nwzswbryxur/3643uTPPvp4vkbf5KLl8/a3k9k3VDr/Tjf9f80/Bzzw6taX//i8fGDJ9rezXldNpAvYS68PmRzxflxq7i/nz1zZcfbi+/Dk829/2yWuaSZR2cmjhw+duqRidnpmdmJmUcf23v0+Kljs3sb712694u9Lr/w/F7beH4fmN65PWs8248XY4Vd7PWfeGD/gVsnrz8wfXDfqYOzD5yYPnlo/8zM/ukDM9fvO3hw+iu9Ln/4wO6prbu23bp1/NDhA7tv27Vr267xw8eO58soFtXDzskvjR87ubdxkZnd23dN7dixfXL86PED07tvnZwcP9Xr8o3vTeP5pb88fnL6yL7Zw0enx2cOPza9e2rXzp1be77749ETB2fGJk6eOjZxamb65ERxX8ZmGyfn3/t6XZ56mDkeXu/aDISfzj938870/ri5bz+55FUVm7T+eJq9Ed4LKn5/6/V1zP0jYSY1yf8AAABQBzH3hzf+XzhD/gcAAIDKiLl/dZiJ/A8AAACVEXN/kfxH08e/1yX/X6j+/5P6/w36//r/mf5/ov+v/5/p/+v/96D/r/9f5vXr/+v/01u/9f9D7s/WZJl//wcAAICKirl/bZiJ/A8AAACVEXP/JWEm8j8AAABURsz9l4aZ1CT/+/x//X/9/279/7it/n+m/98P/f9N/63/v4j+v/5/pv9/zi52f77s6+/D/v8a/X/6Tb/1/2Puf1eYSU3yPwAAANRBzP3vDjOR/wEAAKAyYu6/LMxE/gcAAIDKiLl/XZhJTfK//r/+v/6/z//X/y9N/9/n/3eg/6//n+n/n7OL3Z8v+/r7sP/v8//pO/3W/4+5/9fCTGqS/wEAAKAOYu5/T5iJ/A8AAACVEXP/5WEm8j8AAABURsz9V4SZ1CT/17P//1qWZfr/mf6//n/bOvX/9f9Xgv6//n83+v/6/2Vev/6//j+99Vv/P+b+94aZ1CT/AwAAQB3E3H9lmIn8DwAAAJURc//7wkzkfwAAAKiMmPuvCjOpSf6vZ//f5//r/xf0/1vXqf+v/78S9P/1/7vR/9f/L/P69f/1/+mt3/r/Mfe/P8ykJvkfAAAA6iDm/qvDTOR/AAAAqIyY+z8QZiL/AwAAQGXE3L8+zKQm+V//X/9f/1//X/9f/38llav/P7jkOfr/Bf3/Vheu/z+3sAD9/9KsX/9f/5/e+q3/H3P/B8NMapL/AQAAoA5i7v9QmIn8DwAAAJURc/81YSbyPwAAAFRGzP1jYSY1yf/6//r/+v/6//r/+v8rqVz9/6Xp/xf0/1v5/H/9f/1//X+667f+f8z9G8JMapL/AQAAoA5i7t8YZiL/AwAAQGXE3H9tmIn8DwAAAJURc/+mMJOa5H/9f/1//X/9f/1//f+VpP+v/9+N/r/+f5nXr/+v/09v/db/j7n/ujCTmuR/AAAAqIOY+68PM5H/AQAAoDJi7r8hzET+BwAAgMqIuX9zmElN8r/+v/6//n+J+/9D+v+Z/n/f0//X/+9G/1//v8zr1//X/6e3fuv/x9x/Y5hJTfI/AAAA1EHM/TeFmcj/AAAAUBkx998cZiL/AwAAQGXE3D8eZlKT/K//r/+v/1/i/r/P/29Zv/5/f9L/L0v/f6T1S/3/ZdH/1//X/9f/p7t+6//H3H9LmElN8j8AAADUQcz9W8JM5H8AAACojJj7J8JM5H8AAACojJj7J8NMapL/9f/1//X/9f/1//X/V5L+f1n6/230/5dF/1//X/9f/5/u+q3/H3P/VJhJTfI/AAAA1EHM/VvDTOR/AAAAqIyY+7eFmcj/AAAAUBkx928PM6lJ/i9J/39LKkDp/+v/6//r/+v/l4r+v/5/N/r/+v9lXr/+v/4/rQY7nNZv/f+Y+3eEmdQk/wMAAEAdxNy/M8xE/gcAAIDKiLn/1jAT+R8AAAAqI+b+28JMapL/S9L/9/n/+v/6/030//X/y0T/X/+/G/1//f8yr1//X/+f3vqt/x9z/64wk5rkfwAAAKiDmPs/HGYi/wMAAEBlxNx/e5iJ/A8AAACl0ulzCKOY+z8SZlKT/K//X/X+//xq/X/9f/3/7uvX/19Z+v/6/93o/+v/l3n9+v/6//TWb/3/mPt3h5nUJP8DAABAHcTcf0eYifwPAAAAlRFz/51hJvI/AAAAVEbM/XvCTGqS//X/q97/9/n/+v/6/73Wr/+/svT/9f+70f8vZ/8//Nii/99H/f/8GNL/px/1W/8/5v67wkxqkv8BAACgDmLu/2iYifwPAAAAlRFz/8fCTOR/AAAAqIyY+z8eZlKT/K//r/+v/6//r/+v/7+S9P9XrP/feCnU/y/o/5+bi92fL/v6+6n/7/P/6Vf91v+Puf/uMJOa5H8AAACog5j7PxFmIv8DAABAZcTc/+thJvI/AAAAVEbM/feEmdQk/+v/6//r/+v/6//r/68k/X+f/9+N/r/+f5nXr/+v/09v/db/j7n/N8JMapL/AQAAoA5i7r83zET+BwAAgMqIuf+TYSbyPwAAAJTMqiXPibn/N8NMapL/y9f/Hytl/38wXb/+v/6//r/+v/7/haT/r/+f6f+fs4vdny/7+vX/9f/prd/6/zH3/1aYSU3yPwAAANRBzP2fCjOR/wEAAKAyYu7/7TAT+R8AAAAqI+b++8JMapL/L3T/v/3y3fj8f/3/TP9f/1//X///POn/6/9n+v/n7GL350u8/vijiP6//j899Fv/P+b+3wkzqUn+BwAAgDqIuf/+MBP5HwAAAPrUw2d9iZj7Px1mIv8DAABAZcTc/5kwk5rk//J9/r/+v/6//r/+v/5/mej/6/93o/+v/1/m9fv8f/1/euu3/n/M/Q+EmdQk/wMAAEAdxNz/2TAT+R8AAAAqI+b+3w0zkf8BAACgMmLu/70wk5rkf/1//X/9f/1//X/9/5Wk/7+4/5+/hun/F/T/9f/LvH79f/1/euu3/n/M/Z8LM6lJ/gcAAIA6iLn/98NM5H8AAACojJj7/yDMRP4HAACAyoi5/8Ewk5rkf/1//X/9f/1//X/9/5Wk/+/z/7vR/9f/L/P69f/1/+mt3/r/Mfd/PsykJvkfAAAA6iDm/j8MM5H/AQAAoDJi7t8bZiL/AwAAQGXE3P9QmElN8r/+v/6//r/+v/6//v9K0v/X/+9G/1//v8zr1//X/6e3fuv/x9y/L8xkT+vNAAAAAOUVc/8Xwkxq8u//AAAAUAcx9+8PM5H/AQAAoDJi7j8QZlKT/K//r/+v/6//r/+v/7+S9P/1/7vR/9f/L/P69f/1/+mt3/r/MfdPh5nUJP8DAABAHcTcfzDMRP4HAACAyoi5/1CYifwPAAAAlRFz/8NhJjXJ//r/+v/6/7Xt/7/yvbZ16v/r/68E/X/9/270//X/y7x+/X/9f3rrt/5/zP2Hw0xqkv8BAACgDmLu/2KYifwPAAAAlRFz/5fCTOR/AAAAqIyY+4+EmdQk/+v/6//r/9e2/7+8z/9fs3C7+v/6/+dC/1//vxv9f/3/Mq9f/1//n976rf8fc//RMJOa5H8AAACog5j7j4WZyP8AAABQGTH3Hw8zkf8BAACgMmLuPxFmUpP8r/9/dv3/gSW6gfr/ndev/1+B/n8T/X/9/3Oh/6//343+v/5/mdev/6//T2/91v+Puf+Pwkxqkv8BAACgDmLuPxlmIv8DAABAZcTcPxNmIv8DAABAZcTcPxtmUpP8r//v8//1//X/9f/1/1eS/r/+fzf6//r/ZV6//r/+P731W/8/5v5TYSY1yf8A8P/s3XeuXlfVx/HndV6Do4g5RMyAETAExoCEGAK9JPTQIfTeQm+hQ+i99x56b4HQqwTK9Vor2Nx7zrV9H3ufvT6fP7LCDSg7SpD4yXx1AAA6yN1/v7jF/gcAAIBp5O6/f9xi/wMAAMA0cvc/IG5psv/1//p//b/+X/+v/98n/b/+f4n+X/+/5ffr//X/rBut/8/d/8C4pcn+BwAAgA5y9z8obrH/AQAAYBq5+x8ct9j/AAAAMI3c/Q+JW5rsf/2//l//r//X/+v/90n/r/9fov/X/2/5/fp//T/rRuv/c/c/NG5psv8BAACgg9z9D4tb7H8AAACYRu7+h8ct9j8AAABMI3f/dXFLk/2v/9f/6/832P//v/5f/78d+n/9/xL9v/5/y+/X/+v/WTda/5+7//q4pcn+BwAAgA5y9z8ibrH/AQAAYHPuft/Df567/5Fxi/0PAAAA08jd/6i4pcn+1//r//X/G+z/ff9f/78h+n/9/xL9v/5/y+/X/+v/WTda/5+7/9FxS5P9DwAAAB3k7n9M3GL/AwAAwDRy9z82brH/AQAAYOtO5+/k7n9c3NJk/+v/9f/6f/2//l//v0/6f/3/Ev2//n/L79f/6/9Zt/f+/143HNzj9v+5+2+IW5rsfwAAAOggd//j4xb7HwAAAKaRu/8JcYv9DwAAANPI3f/EuKXJ/tf/6//v7P///X/6f/2//v/On+v/T4b+X/+/RP+v/9/y+/X/+n/W7b3/X+n9z//XufufFLc02f8AAADQQe7+J8ct9j8AAABMI3f/U+IW+x8AAACmkbv/qXFLk/2v/9f/+/6//l//r//fJ/3/sP3/+f/VO5f+/1j0//r/o/r/ex7j/fp/Ohit/8/d/7S4pcn+BwAAgA5y9z89brH/AQAAYBq5+2+MW+x/AAAAmEbu/mfELU32v/5f/6//1/+f2/+fatn/3/Ez/f9+6P+H7f+X6f+PRf+v//f9f/0/y0br/3P3PzNuabL/AQAAoIPc/c+KW+x/AAAAmEbu/mfHLfY/AAAATCN3/3Pilib7X/+v/9f/6/8v6fv/V83R//v+//7o//X/S/T/+v8tv1//r/9n3Wj9f+7+58YtTfY/AAAATO/Urnb/8+IW+x8AAACmkbv/+XGL/Q8AAADTyN3/grilyf7X/+v/9f/6/0vq/yf5/r/+f3/0//r/Jcft/3f6//pr0f+P8379v/6fdaP1/7n7Xxi3NNn/AAAA0EHu/hfFLfY/AAAATCN3/4vjFvsfAAAAppG7/yVxS5P9r//X/+v/9f/6f/3/Pun/9f9LfP9f/7/l9+v/9f+sG63/z93/0rilyf4HAACADnL3vyxusf8BAABgGrn7Xx632P8AAAAwjdz9r4hbzt//py7nqy4f/b/+X/+v/9f/6//3Sf+v/1+i/z+8/z9zxJ9P/z/W+/X/+n/Wjdb/5+6/KW7x6/8AAAAwjdz9r4xb7H8AAACYRu7+V8Ut9j8AAABMI3f/q+OWJvv/qP7/9mvO/nH9//Ho/w9/v/5f/6//1//r//X/S/T/vv+/5ffr//X/rBut/8/d/5q4pcn+BwAAgA5y9782brH/AQAAYBq5+18Xt9j/AAAAMI3c/a+PW5rs/5P//v+1+n/9v/4/rv5f/6//1//r/5fp//X/W36//l//z7rR+v/c/W+IW5rsfwAAAOggd/8b4xb7HwAAAKaRu/9NcYv9DwAAANPI3f/muKXJ/j/5/t/3//X/F9j/n9L/J/1//H3V/+v/L4D+X/+/0/9ftCvdz2/9/fp//T/rRuv/c/fffDD1+u1/AAAA6ODmg9+e2b0lbrH/AQAAYBq5+98at9j/AAAAMI3c/W+LW5rsf/2//v+K9/++/1/0//H3Vf+v/78A+n/9/07/f9GudD+/9ffr//X/rBut/8/d//a4pcn+BwAAgA5y978jbrH/AQAAYBqx+8/+n9/tfwAAAJjSOw9+e2b3rrilyf5v3P9fe6n9/9X/9fv6/8Pfr/8/kf7/5vP/2dP/6/+3RP+v/1+i/9f/b/n94/T/8YPr9P+MZ7T+P3f/u+OWJvsfAAAAOsjd/564xf4HAACAaeTuvyVusf8BAABgGrn73xu3NNn/jfv/Sb7/f+/b4gX6/3n7f9//j6v/1/8fRv8/Qf9/x//80v/Xn1//v533j9P/+/4/4xqt/8/d/764pcn+BwAAgA5y978/brH/AQAAYBq5+z8Qt9j/AAAAMI3c/R+MW5rsf/3/1vt/3//X/+v/9f9j0//r/5f4/r/+f8vv1//r/1k3Wv+fu/9DcUuT/Q8AAAAd5O7/cNxi/wMAAMA0cvd/JG6x/wEAAGAaufs/Grc02f/6f/3/vvr/O/4k+v8m/f/1+v+d/v9I+n/9/xL9v/5/y+/X/+v/WTda/5+7/2NxS5P9DwAAAB3k7v943GL/AwAAwDRy938ibrH/AQAAYBq5+z8ZN9zjblfuSSfr9BE/j95c/6//9/1//b/v/+v/90n/r/9fov/X/2/5/fp//T/rRuv/c/d/Km7x6/8AAAAwjdz9n45b7H8AAACYRu7+z8Qt9j8AAABMI3f/Z+OWJvtf/6//1/9vtv+/Wv9/7vv1/2PS/+v/l+j/9f9bfv+x+/9bD//P6//pYLT+P3f/5+KWJvsfAAAAOsjd//m4xf4HAACAaeTu/0LcYv8DAADANHL3fzFuabL/9f/6f/3/Zvt/3/8/7/36/zHp//X/S/T/+v8tv9/3//X/rBut/8/d/6W4pcn+BwAAgA5y9385brH/AQAAYBq5+78St9j/AAAAMI3c/V+NW5rsf/2//l//r//X/+v/90n/r/9fov/X/2/5/fp//T/rRuv/c/d/LW5psv8BAACgg9z9X49b7H8AAACYRu7+b8Qt9j8AAABMI3f/N+OWJvt/5v5/6d+m/z9L/6//3+n/9f97pv/X/y/R/+v/t/x+/b/+n3Wj9f+5+78VtzTZ/wAAANBB7v5vxy32PwAAAEwjd/+tcYv9DwAAANPI3f+duKXJ/p+5/1+i/z9L/6//3+n/9f97pv/X/y/R/+v/t/x+/b/+n3VXqP8/vTui/8/d/924pcn+BwAAgA5y938vbrH/AQAAYBq5+78ft9j/AAAAMI3c/T+IW+bZ//e5ZeEP6v9PvP8/+IdI/6//3+n/9f/6/wP6f/3/Ev2//n/L79f/6/9ZN9r3/3P3/zBumWf/AwAAQHu5+38Ut9j/AAAAMI3c/T+OW+x/AAAAmEbu/p/ELU32v/7f9//1/636/6t2+n/9/2Wm/9f/L9H/6/+3/H79v/6fdaP1/7n7fxq35PC75mL+KgEAAICR5O7/WdzS5Nf/AQAAoIPc/T+PW+x/AAAAmEbu/l/ELU32v/5f/6//b9X/+/6//v+y0//r/5fo//X/W35/9v/5z53+X//P/xqt/8/d/8u4pcn+BwAAgA5y9/8qbrH/AQAAYBq5+38dt9j/AAAAMI3c/b+JW5rsf/2//l//r//X/+v/90n/r/9fov/X/2/5/b7/r/9n3Wj9f+7+2+KWJvsfAAAAOsjd/9u4xf4HAACAaeTu/13cYv8DAADANHL33x63NNn/+n/9/5T9/131//p//f8o9P/6/yX6f/3/lt+v/9f/s260/j93/+/jlib7HwAAADrI3f+HuMX+BwAAgGnk7v9j3GL/AwAAwDRy9/8pbmmy//X/+v8L7/9P11/3sP2/7//r//X/w5i3/7+L/v+w/v/Mhb2/e/9/401nf6z/3+b79f/6f9aN1v/n7v9z3NJk/wMAAEAHufv/ErfY/wAAADCN3P1/jVvsfwAAAJhG7v6/xS1N9r/+X/8/5ff/9f/6f/3/MObt/33/3/f/ff9f/6//1/+zZrT+P3f/3+OWJvsfAAAAOsjd/4+4xf4HAACAaeTu/2fcYv8DAADANHL3/ytuabL/9f/6f/2//l//r//fJ/2//n+J/l//v+X36//1/6wbrf/P3f+fAAAA///vXi84") syz_mount_image$exfat(0x0, &(0x7f0000000100)='./bus\x00', 0x80c400, 0x0, 0x1, 0x0, &(0x7f0000000000)) chdir(&(0x7f00000000c0)='./bus\x00') mknodat$loop(0xffffffffffffff9c, &(0x7f0000000180)='./file2\x00', 0x6000, 0x1) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x2) 212.978891ms ago: executing program 3 (id=3072): r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000040), 0x8) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000040)={0x2000003c, &(0x7f0000000280)}) bind$bt_hci(r1, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x3}, 0x6) write$bt_hci(r1, &(0x7f0000000040)=ANY=[], 0x6) 54.498649ms ago: executing program 0 (id=3073): r0 = syz_usb_connect$uac1(0x2, 0xb8, &(0x7f0000000100)=ANY=[@ANYBLOB="12010103000000106b1d01014000010203010902a600030156c0020904000000010100000a24010101bb02010211240601040507000a0008000300020005052405060f0f2406020504020002200a000a00040c24020203020250800009010d2406050203078887000a00000924030101010505"], &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x2000000000000046}) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000480)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000340)={0x20, 0x81, 0x1, "d6"}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000640)={0x44, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)={0x20, 0x83, 0x2, "81f4"}, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, &(0x7f00000007c0)={0x84, &(0x7f0000000980)=ANY=[@ANYBLOB="201532"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000580)={0xcdf9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x20, 0x84, 0x2, '\x00\x00'}, 0x0}) 0s ago: executing program 3 (id=3074): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001280)={0x11, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000000c0)='GPL\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='contention_end\x00', r0}, 0x10) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi1\x00', 0x2180, 0x0) close_range(r1, 0xffffffffffffffff, 0x0) kernel console output (not intermixed with test programs): worker_thread+0xaa2/0x1250 [ 233.046884][ T4279] kthread+0x29d/0x330 [ 233.046904][ T4279] ? worker_clr_flags+0x1a0/0x1a0 [ 233.046921][ T4279] ? kthread_blkcg+0xd0/0xd0 [ 233.046945][ T4279] ret_from_fork+0x1f/0x30 [ 233.046977][ T4279] [ 233.051249][ T4279] kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 233.098331][ T4279] Bluetooth: hci0: failed to register connection device [ 233.264939][ T8713] netlink: 64 bytes leftover after parsing attributes in process `syz.0.1542'. [ 233.425440][ T8716] loop0: detected capacity change from 0 to 512 [ 233.451159][ T8716] ext4: Bad value for 'mb_optimize_scan' [ 233.501368][ T4273] BTRFS info (device loop4): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 233.745403][ T8723] loop1: detected capacity change from 0 to 22 [ 233.784067][ T8723] MTD: Attempt to mount non-MTD device "/dev/loop1" [ 233.915386][ T8723] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 234.160325][ T8733] device veth0 entered promiscuous mode [ 234.204916][ T8733] device veth0 left promiscuous mode [ 234.253403][ T4899] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 234.424997][ T8743] netlink: 80 bytes leftover after parsing attributes in process `syz.0.1555'. [ 234.451085][ T4899] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 234.473404][ T4899] usb 4-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00 [ 234.522403][ T4899] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 234.540376][ T4899] usb 4-1: config 0 descriptor?? [ 234.585288][ T8745] loop1: detected capacity change from 0 to 4096 [ 234.615013][ T8745] ntfs: (device loop1): ntfs_mapping_pairs_decompress(): Corrupt attribute. deltaxcn = 0x1, max_cluster = 0x0 [ 234.643635][ T8745] ntfs: (device loop1): ntfs_mapping_pairs_decompress(): Corrupt mapping pairs array in non-resident attribute. [ 234.666045][ T8745] ntfs: (device loop1): ntfs_read_block(): Failed to read from inode 0x1, attribute type 0x80, vcn 0x0, offset 0x0 because its location on disk could not be determined even after retrying (error code -5). [ 234.700374][ T8745] ntfs: (device loop1): ntfs_mapping_pairs_decompress(): Corrupt attribute. deltaxcn = 0x1, max_cluster = 0x0 [ 234.713752][ T8745] ntfs: (device loop1): ntfs_mapping_pairs_decompress(): Corrupt mapping pairs array in non-resident attribute. [ 234.725967][ T8745] ntfs: (device loop1): ntfs_read_block(): Failed to read from inode 0x1, attribute type 0x80, vcn 0x0, offset 0x800 because its location on disk could not be determined even after retrying (error code -5). [ 234.750803][ T8745] ntfs: (device loop1): check_mft_mirror(): Failed to read $MFTMirr. [ 234.759352][ T8745] ntfs: (device loop1): load_system_files(): $MFTMirr does not match $MFT. Will not be able to remount read-write. Run ntfsfix and/or chkdsk. [ 234.775325][ T8745] ntfs: (device loop1): ntfs_mapping_pairs_decompress(): Corrupt attribute. [ 234.792055][ T8745] ntfs: (device loop1): ntfs_read_block(): Failed to read from inode 0xa, attribute type 0x80, vcn 0x0, offset 0x0 because its location on disk could not be determined even after retrying (error code -5). [ 234.833500][ T4339] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 234.850834][ T8745] ntfs: volume version 3.1. [ 234.956028][ T4899] lg-g15 0003:046D:C222.0015: unknown main item tag 0x0 [ 234.969648][ T4899] lg-g15 0003:046D:C222.0015: unknown main item tag 0x0 [ 234.977821][ T4899] lg-g15 0003:046D:C222.0015: unknown main item tag 0x0 [ 234.985564][ T4899] lg-g15 0003:046D:C222.0015: unknown main item tag 0x0 [ 234.994601][ T4899] lg-g15 0003:046D:C222.0015: unknown main item tag 0x0 [ 235.001587][ T4899] lg-g15 0003:046D:C222.0015: unknown main item tag 0x0 [ 235.009250][ T4899] lg-g15 0003:046D:C222.0015: unknown main item tag 0x0 [ 235.041778][ T4899] lg-g15 0003:046D:C222.0015: hidraw0: USB HID v10.00 Device [HID 046d:c222] on usb-dummy_hcd.3-1/input0 [ 235.055330][ T4339] usb 5-1: Using ep0 maxpacket: 32 [ 235.073943][ T4339] usb 5-1: config 0 has an invalid interface number: 51 but max is 0 [ 235.082063][ T4339] usb 5-1: config 0 has no interface number 0 [ 235.099010][ T4339] usb 5-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 235.108744][ T4339] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 235.122827][ T4339] usb 5-1: Product: syz [ 235.127283][ T4339] usb 5-1: Manufacturer: syz [ 235.131902][ T4339] usb 5-1: SerialNumber: syz [ 235.155043][ T4339] usb 5-1: config 0 descriptor?? [ 235.157181][ T4265] usb 4-1: USB disconnect, device number 16 [ 235.162724][ T4339] quatech2 5-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 235.214854][ T8765] fido_id[8765]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory [ 235.353464][ T4338] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 235.366082][ T4339] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 235.378409][ T4339] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 235.543519][ T4338] usb 1-1: Using ep0 maxpacket: 32 [ 235.551711][ T4338] usb 1-1: config 0 has an invalid interface number: 12 but max is 0 [ 235.559850][ T4338] usb 1-1: config 0 has no interface number 0 [ 235.570152][ T4338] usb 1-1: config 0 interface 12 has no altsetting 0 [ 235.578729][ T4338] usb 1-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 235.588140][ T4338] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 235.596509][ T4338] usb 1-1: Product: syz [ 235.600724][ T4338] usb 1-1: Manufacturer: syz [ 235.605711][ T4338] usb 1-1: SerialNumber: syz [ 235.612655][ T4338] usb 1-1: config 0 descriptor?? [ 235.771334][ C1] usb 5-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 235.772149][ T4265] usb 5-1: USB disconnect, device number 15 [ 235.790580][ T4265] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 235.807244][ T4265] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 235.824068][ T4265] quatech2 5-1:0.51: device disconnected [ 236.029423][ T8773] loop2: detected capacity change from 0 to 22 [ 236.039188][ T8773] MTD: Attempt to mount non-MTD device "/dev/loop2" [ 236.051801][ T8773] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 236.359517][ T8782] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1572'. [ 236.642863][ T4338] f81534 1-1:0.12: f81534_get_register: reg: 1003 failed: -71 [ 236.650573][ T4338] f81534 1-1:0.12: f81534_find_config_idx: read failed: -71 [ 236.657929][ T4338] f81534 1-1:0.12: f81534_calc_num_ports: find idx failed: -71 [ 236.665585][ T4338] f81534: probe of 1-1:0.12 failed with error -71 [ 236.674292][ T4338] usb 1-1: USB disconnect, device number 11 [ 237.519897][ T8816] mkiss: ax0: crc mode is auto. [ 237.815925][ T8826] loop4: detected capacity change from 0 to 128 [ 237.874924][ T8826] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 237.892167][ T8826] hpfs: filesystem error: improperly stopped [ 237.921775][ T8826] hpfs: filesystem error: warning: spare dnodes used, try chkdsk [ 237.930186][ T8826] hpfs: You really don't want any checks? You are crazy... [ 237.937758][ T8826] hpfs: hpfs_map_sector(): read error [ 237.955262][ T8826] hpfs: code page support is disabled [ 237.971337][ T8826] hpfs: hpfs_map_4sectors(): unaligned read [ 237.977640][ T8826] hpfs: hpfs_map_4sectors(): unaligned read [ 238.016745][ T8826] hpfs: filesystem error: unable to find root dir [ 238.371322][ T8845] loop3: detected capacity change from 0 to 256 [ 238.426077][ T4673] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 238.428369][ T8821] loop2: detected capacity change from 0 to 32768 [ 238.499632][ T8821] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 238.515819][ T8821] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 238.571117][ T8821] gfs2: fsid=syz:syz.s: journal 0 mapped with 5 extents in 0ms [ 238.630676][ T8821] gfs2: fsid=syz:syz.s: first mount done, others may mount [ 239.043442][ T4375] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 239.243599][ T4375] usb 3-1: Using ep0 maxpacket: 16 [ 239.254563][ T4375] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 239.292033][ T4375] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 239.317935][ T4375] usb 3-1: config 0 interface 0 has no altsetting 0 [ 239.330915][ T4375] usb 3-1: New USB device found, idVendor=05ac, idProduct=0247, bcdDevice= 0.00 [ 239.340324][ T4375] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 239.345363][ T8858] loop0: detected capacity change from 0 to 128 [ 239.362762][ T4375] usb 3-1: config 0 descriptor?? [ 239.383498][ T8858] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 239.439573][ T8858] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 239.647776][ T9] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 239.795393][ T4375] apple 0003:05AC:0247.0016: unexpected long global item [ 239.811134][ T4375] apple 0003:05AC:0247.0016: parse failed [ 239.826360][ T4375] apple: probe of 0003:05AC:0247.0016 failed with error -22 [ 240.013908][ T4338] usb 3-1: USB disconnect, device number 12 [ 240.097095][ T8873] loop1: detected capacity change from 0 to 4096 [ 240.662320][ T4339] hid-generic 0000:0000:0000.0017: unknown main item tag 0x0 [ 240.696154][ T4339] hid-generic 0000:0000:0000.0017: hidraw0: HID v0.00 Device [syz1] on syz0 [ 241.137362][ T4339] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 241.182152][ T8908] loop0: detected capacity change from 0 to 128 [ 241.208010][ T4899] kernel write not supported for file /input/event3 (pid: 4899 comm: kworker/1:13) [ 241.286314][ T8908] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 241.323575][ T8908] hpfs: filesystem error: improperly stopped [ 241.329611][ T8908] hpfs: filesystem error: warning: spare dnodes used, try chkdsk [ 241.335485][ T4339] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 241.353066][ T8908] hpfs: You really don't want any checks? You are crazy... [ 241.373399][ T4339] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 241.373733][ T8908] hpfs: hpfs_map_sector(): read error [ 241.407153][ T4339] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 241.416227][ T8908] hpfs: code page support is disabled [ 241.453461][ T8908] hpfs: hpfs_map_4sectors(): unaligned read [ 241.459466][ T8908] hpfs: hpfs_map_4sectors(): unaligned read [ 241.470334][ T4339] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 241.487429][ T4339] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 241.491223][ T8908] hpfs: filesystem error: unable to find root dir [ 241.518806][ T4339] usb 3-1: config 0 descriptor?? [ 241.586159][ T8908] hpfs: hpfs_map_4sectors(): unaligned read [ 241.819881][ T8924] loop1: detected capacity change from 0 to 64 [ 241.957257][ T4339] plantronics 0003:047F:FFFF.0018: No inputs registered, leaving [ 241.989149][ T4339] plantronics 0003:047F:FFFF.0018: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 242.307098][ T8917] loop4: detected capacity change from 0 to 32768 [ 242.393592][ T8917] XFS (loop4): Mounting V5 Filesystem [ 242.476763][ T8917] XFS (loop4): Ending clean mount [ 242.603053][ T4273] XFS (loop4): Unmounting Filesystem [ 243.001819][ T8939] loop1: detected capacity change from 0 to 32768 [ 243.088293][ T8939] XFS (loop1): Mounting V5 Filesystem [ 243.301124][ T8939] XFS (loop1): Ending clean mount [ 243.309248][ T8939] XFS (loop1): Quotacheck needed: Please wait. [ 243.310957][ T8969] 9pnet: p9_errstr2errno: server reported unknown error @cF S+ [ 243.400238][ T8939] XFS (loop1): Quotacheck: Done. [ 243.544076][ T4264] XFS (loop1): Unmounting Filesystem [ 243.849837][ T8983] overlayfs: failed to create directory ./bus/work (errno: 13); mounting read-only [ 243.863390][ T4339] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 243.923549][ T8983] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 244.055643][ T4339] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 244.076104][ T4339] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 244.096693][ T4339] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 244.150346][ T4338] usb 3-1: USB disconnect, device number 13 [ 244.155736][ T4339] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 244.174250][ T4339] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 244.216485][ T4339] usb 4-1: config 0 descriptor?? [ 244.299734][ T8995] loop0: detected capacity change from 0 to 4096 [ 244.390964][ T8995] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 244.521763][ T4276] EXT4-fs (loop0): unmounting filesystem. [ 244.639633][ T4339] plantronics 0003:047F:FFFF.0019: No inputs registered, leaving [ 244.679906][ T4339] plantronics 0003:047F:FFFF.0019: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 244.913910][ T4339] usb 4-1: USB disconnect, device number 17 [ 244.927197][ T8992] loop1: detected capacity change from 0 to 32768 [ 244.986132][ T9011] loop0: detected capacity change from 0 to 1024 [ 244.993949][ T9008] fido_id[9008]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory [ 245.072017][ T8992] XFS (loop1): Mounting V5 Filesystem [ 245.110395][ T9011] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 245.252185][ T8992] XFS (loop1): Ending clean mount [ 245.265430][ T9026] loop2: detected capacity change from 0 to 2048 [ 245.332468][ T9026] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 245.375983][ T9033] loop4: detected capacity change from 0 to 256 [ 245.391826][ T4338] XFS (loop1): Metadata CRC error detected at xfs_rmapbt_read_verify+0x3a/0xd0, xfs_rmapbt block 0x14 [ 245.411009][ T4338] XFS (loop1): Unmount and run xfs_repair [ 245.438665][ T4276] EXT4-fs (loop0): unmounting filesystem. [ 245.438979][ T4338] XFS (loop1): First 128 bytes of corrupted metadata buffer: [ 245.518987][ T9033] FAT-fs (loop4): Directory bread(block 64) failed [ 245.526624][ T4338] 00000000: 52 4d 42 33 00 00 00 0c ff ff ff ff ff ff ff ff RMB3............ [ 245.543946][ T4266] EXT4-fs (loop2): unmounting filesystem. [ 245.566076][ T9033] FAT-fs (loop4): Directory bread(block 65) failed [ 245.572818][ T9033] FAT-fs (loop4): Directory bread(block 66) failed [ 245.593349][ T4338] 00000010: 00 00 00 00 00 00 00 14 00 00 00 01 00 00 00 80 ................ [ 245.619210][ T4338] 00000020: bf dc 47 fc 10 d8 4e ed a5 62 11 a8 31 b3 f7 91 ..G...N..b..1... [ 245.623445][ T9033] FAT-fs (loop4): Directory bread(block 67) failed [ 245.641089][ T4338] 00000030: 00 00 00 00 5b af 3b 1d 00 00 00 00 00 00 00 01 ....[.;......... [ 245.644630][ T9033] FAT-fs (loop4): Directory bread(block 68) failed [ 245.650723][ T4338] 00000040: ff ff ff ff ff ff ff fd 00 00 00 00 00 00 00 00 ................ [ 245.666836][ T9033] FAT-fs (loop4): Directory bread(block 69) failed [ 245.678290][ T4338] 00000050: 00 00 00 01 00 00 00 02 ff ff ff ff ff ff ff fb ................ [ 245.693132][ T9033] FAT-fs (loop4): Directory bread(block 70) failed [ 245.693172][ T4338] 00000060: 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 02 ................ [ 245.713890][ T9033] FAT-fs (loop4): Directory bread(block 71) failed [ 245.714875][ T4338] 00000070: ff ff ff ff ff ff ff fa 00 00 00 00 00 00 00 00 ................ [ 245.724239][ T9033] FAT-fs (loop4): Directory bread(block 72) failed [ 245.733812][ T8992] XFS (loop1): metadata I/O error in "xfs_btree_read_buf_block+0x1d3/0x2c0" at daddr 0x14 len 4 error 74 [ 245.763475][ T9033] FAT-fs (loop4): Directory bread(block 73) failed [ 245.783846][ T8992] XFS (loop1): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0x1784/0x1e50 (fs/xfs/libxfs/xfs_defer.c:580). Shutting down filesystem. [ 245.902984][ T8992] XFS (loop1): Please unmount the filesystem and rectify the problem(s) [ 246.059756][ T4264] XFS (loop1): Unmounting Filesystem [ 246.163063][ T9047] loop3: detected capacity change from 0 to 1024 [ 246.219922][ T9047] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (29950!=20869) [ 246.243728][ T9047] EXT4-fs (loop3): invalid journal inode [ 246.249624][ T9047] EXT4-fs (loop3): can't get journal size [ 246.306887][ T9047] EXT4-fs error (device loop3): ext4_protect_reserved_inode:182: inode #2: comm syz.3.1677: blocks 48-48 from inode overlap system zone [ 246.344072][ T9047] EXT4-fs (loop3): failed to initialize system zone (-117) [ 246.351516][ T9047] EXT4-fs (loop3): mount failed [ 246.678992][ T9066] 9pnet: p9_errstr2errno: server reported unknown error  [ 246.807949][ T9072] device syzkaller1 entered promiscuous mode [ 247.077589][ T9076] loop2: detected capacity change from 0 to 4096 [ 247.109230][ T9076] ntfs3: loop2: Different NTFS' sector size (4096) and media sector size (512) [ 247.252456][ T9068] loop1: detected capacity change from 0 to 32768 [ 247.320269][ T9068] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 247.604164][ T4264] ocfs2: Unmounting device (7,1) on (node local) [ 247.853463][ T41] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 248.064359][ T41] usb 3-1: Using ep0 maxpacket: 16 [ 248.069799][ T9110] vxcan0: tx drop: invalid da for name 0x0000020000000000 [ 248.084544][ T41] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 248.114229][ T41] usb 3-1: New USB device found, idVendor=0c70, idProduct=f010, bcdDevice= 0.00 [ 248.139731][ T41] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 248.178789][ T41] usb 3-1: config 0 descriptor?? [ 248.511605][ T9128] blktrace: Concurrent blktraces are not allowed on loop2 [ 248.571928][ T9121] loop0: detected capacity change from 0 to 8192 [ 248.612496][ T41] aquacomputer_d5next 0003:0C70:F010.001A: unknown main item tag 0x0 [ 248.634010][ T9121] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 248.639815][ T41] aquacomputer_d5next 0003:0C70:F010.001A: unknown main item tag 0x0 [ 248.665673][ T41] aquacomputer_d5next 0003:0C70:F010.001A: unknown main item tag 0x0 [ 248.683413][ T41] aquacomputer_d5next 0003:0C70:F010.001A: unknown main item tag 0x0 [ 248.697187][ T41] aquacomputer_d5next 0003:0C70:F010.001A: unknown main item tag 0x0 [ 248.750835][ T9121] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 248.760304][ T9121] REISERFS (device loop0): using ordered data mode [ 248.769583][ T41] aquacomputer_d5next 0003:0C70:F010.001A: hidraw0: USB HID v0.05 Device [HID 0c70:f010] on usb-dummy_hcd.2-1/input0 [ 248.782099][ T9121] reiserfs: using flush barriers [ 248.795936][ T9121] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 248.875365][ T41] usb 3-1: USB disconnect, device number 14 [ 248.927347][ T9121] REISERFS (device loop0): checking transaction log (loop0) [ 248.974073][ T9121] REISERFS (device loop0): Using r5 hash to sort names [ 249.001598][ T9121] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 249.158236][ T9138] fido_id[9138]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory [ 249.894954][ T9141] loop1: detected capacity change from 0 to 32768 [ 250.514254][ T9141] XFS (loop1): Mounting V5 Filesystem [ 250.773487][ T9141] XFS (loop1): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 250.854214][ T9141] XFS (loop1): Starting recovery (logdev: internal) [ 250.896381][ T9141] XFS (loop1): Ending recovery (logdev: internal) [ 250.906033][ T4375] kernel write not supported for file bpf-prog (pid: 4375 comm: kworker/0:8) [ 250.942407][ T9141] XFS (loop1): Quotacheck needed: Please wait. [ 251.089051][ T9141] XFS (loop1): Quotacheck: Done. [ 251.316376][ T4264] XFS (loop1): Unmounting Filesystem [ 251.769094][ T9269] loop0: detected capacity change from 0 to 2048 [ 251.808745][ T9269] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 252.967599][ T9301] device syzkaller1 entered promiscuous mode [ 255.505879][ T1278] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.512266][ T1278] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.548160][ T9377] loop3: detected capacity change from 0 to 40427 [ 255.564245][ T9377] F2FS-fs (loop3): build fault injection attr: rate: 771, type: 0x3ffff [ 255.588320][ T9377] F2FS-fs (loop3): invalid crc value [ 255.607472][ T9377] F2FS-fs (loop3): Found nat_bits in checkpoint [ 255.690234][ T9377] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 255.762890][ T9396] f2fs_ckpt-7:3: attempt to access beyond end of device [ 255.762890][ T9396] loop3: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 257.373721][ T4339] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 257.458267][ T9444] loop0: detected capacity change from 0 to 32768 [ 257.617482][ T9444] XFS (loop0): Mounting V5 Filesystem [ 257.668818][ T9444] XFS (loop0): Ending clean mount [ 257.684709][ T9444] XFS (loop0): Quotacheck needed: Please wait. [ 257.751855][ T9444] XFS (loop0): Quotacheck: Done. [ 257.817883][ T26] kauditd_printk_skb: 10 callbacks suppressed [ 257.817897][ T26] audit: type=1804 audit(1763642478.860:35): pid=9444 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.1823" name="/newroot/397/file1/file1" dev="loop0" ino=9286 res=1 errno=0 [ 257.876275][ T4339] usb 3-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 257.895763][ T4339] usb 3-1: New USB device found, idVendor=0582, idProduct=0000, bcdDevice= 0.00 [ 257.918562][ T4339] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 257.935416][ T4276] XFS (loop0): Unmounting Filesystem [ 257.975465][ T4339] snd-usb-audio: probe of 3-1:27.0 failed with error -22 [ 258.033543][ T4673] udevd[4673]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 258.187449][ T4339] usb 3-1: USB disconnect, device number 15 [ 259.399821][ T9467] loop3: detected capacity change from 0 to 32768 [ 259.403689][ T4550] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 259.437610][ T9467] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop3 scanned by syz.3.1832 (9467) [ 259.527147][ T9467] BTRFS info (device loop3): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 259.544343][ T9467] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 259.593953][ T9467] BTRFS info (device loop3): using free space tree [ 259.613507][ T4550] usb 3-1: Using ep0 maxpacket: 32 [ 259.624907][ T4550] usb 3-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 259.656853][ T9491] overlayfs: failed to set xattr on upper [ 259.662657][ T9491] overlayfs: ...falling back to index=off,metacopy=off. [ 259.691637][ T4550] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 259.736268][ T4550] usb 3-1: config 0 descriptor?? [ 259.754452][ T4550] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 259.903483][ T9467] BTRFS info (device loop3): enabling ssd optimizations [ 260.112027][ T4270] BTRFS info (device loop3): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 260.254082][ T9521] loop1: detected capacity change from 0 to 256 [ 260.330234][ T9521] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 260.364154][ T9521] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 260.412788][ T9521] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 260.444407][ T26] audit: type=1800 audit(1763642481.490:36): pid=9521 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1850" name="file1" dev="loop1" ino=1048631 res=0 errno=0 [ 260.476033][ T9522] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 260.506153][ T26] audit: type=1800 audit(1763642481.550:37): pid=9522 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1850" name="file1" dev="loop1" ino=1048631 res=0 errno=0 [ 260.532797][ T9521] FAT-fs (loop1): error, invalid access to FAT (entry 0x00000001) [ 260.629984][ T9525] loop0: detected capacity change from 0 to 512 [ 260.664353][ T9528] loop3: detected capacity change from 0 to 512 [ 260.683493][ T9528] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 260.700728][ T9525] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 260.761203][ T9525] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a802c01c, mo2=0003] [ 260.771997][ T4550] gspca_nw80x: reg_w err -71 [ 260.788878][ T4550] nw80x: probe of 3-1:0.0 failed with error -71 [ 260.797419][ T9528] EXT4-fs error (device loop3): ext4_orphan_get:1400: inode #15: comm syz.3.1849: inode has both inline data and extents flags [ 260.840910][ T9525] System zones: 1-2, 4-12, 8-8 [ 260.850461][ T4550] usb 3-1: USB disconnect, device number 16 [ 260.867311][ T9528] EXT4-fs error (device loop3): ext4_orphan_get:1405: comm syz.3.1849: couldn't read orphan inode 15 (err -117) [ 260.906192][ T9525] EXT4-fs error (device loop0): ext4_orphan_get:1400: inode #15: comm syz.0.1861: iget: bad i_size value: 38620345925642 [ 260.937943][ T9528] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 260.948407][ T9525] EXT4-fs error (device loop0): ext4_orphan_get:1405: comm syz.0.1861: couldn't read orphan inode 15 (err -117) [ 260.995735][ T9525] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 261.209291][ T9190] EXT4-fs error (device loop0): ext4_validate_block_bitmap:429: comm kworker/u4:13: bg 0: block 5: invalid block bitmap [ 261.242934][ T9190] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2 with error 28 [ 261.273538][ T9190] EXT4-fs (loop0): This should not happen!! Data will be lost [ 261.273538][ T9190] [ 261.291639][ T9190] EXT4-fs (loop0): Total free blocks count 0 [ 261.310036][ T9190] EXT4-fs (loop0): Free/Dirty block details [ 261.320174][ T9190] EXT4-fs (loop0): free_blocks=0 [ 261.328801][ T4270] EXT4-fs (loop3): unmounting filesystem. [ 261.361473][ T9190] EXT4-fs (loop0): dirty_blocks=4 [ 261.389422][ T9190] EXT4-fs (loop0): Block reservation details [ 261.405730][ T9190] EXT4-fs (loop0): i_reserved_data_blocks=4 [ 261.436593][ T4276] EXT4-fs (loop0): unmounting filesystem. [ 261.461295][ T9545] sctp: [Deprecated]: syz.1.1858 (pid 9545) Use of struct sctp_assoc_value in delayed_ack socket option. [ 261.461295][ T9545] Use struct sctp_sack_info instead [ 261.523910][ T9547] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1856'. [ 261.676042][ T9555] input: syz0 as /devices/virtual/input/input29 [ 262.641800][ T9574] loop3: detected capacity change from 0 to 32768 [ 262.802047][ T106] ERROR: (device loop3): diFree: numfree > numinos [ 262.802047][ T106] [ 262.868209][ T4324] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 262.962366][ T9597] 9pnet: p9_errstr2errno: server reported unknown error 01777777777777777777777 [ 263.063563][ T4324] usb 3-1: Using ep0 maxpacket: 8 [ 263.071963][ T4324] usb 3-1: config index 0 descriptor too short (expected 301, got 45) [ 263.108188][ T4324] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 263.128309][ T4324] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 263.150320][ T4324] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 263.174231][ T4324] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 263.208438][ T4324] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 263.243343][ T4324] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 264.050036][ T9632] usbtmc 3-1:16.0: simple usb_control_msg returned 0 [ 264.215561][ T9637] input: syz0 as /devices/virtual/input/input30 [ 264.252345][ T41] usb 3-1: USB disconnect, device number 17 [ 264.862115][ T9652] loop1: detected capacity change from 0 to 256 [ 264.884270][ T9652] exfat: Deprecated parameter 'utf8' [ 264.919308][ T9652] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x88000078, utbl_chksum : 0xe619d30d) [ 265.113477][ T4550] usb 3-1: new full-speed USB device number 18 using dummy_hcd [ 265.261462][ T9659] loop1: detected capacity change from 0 to 1024 [ 265.305235][ T4550] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 265.320135][ T4550] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 265.324278][ T9659] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 265.344267][ T4550] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid maxpacket 65535, setting to 64 [ 265.355651][ T4550] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5 [ 265.381140][ T4550] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 265.402550][ T4550] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 265.421902][ T4550] usb 3-1: Manufacturer: syz [ 265.447988][ T4550] usb 3-1: config 0 descriptor?? [ 265.469627][ T4264] EXT4-fs (loop1): unmounting filesystem. [ 265.633913][ T4551] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 265.763442][ T4550] rc_core: IR keymap rc-hauppauge not found [ 265.769472][ T4550] Registered IR keymap rc-empty [ 265.781128][ T4550] mceusb 3-1:0.0: Error: mce write urb status = -71 [ 265.813521][ T4551] usb 1-1: Using ep0 maxpacket: 16 [ 265.820549][ T4550] mceusb 3-1:0.0: Error: mce write urb status = -71 [ 265.828139][ T4551] usb 1-1: config 0 has an invalid interface number: 105 but max is 0 [ 265.845187][ T4551] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 265.861169][ T4551] usb 1-1: config 0 has no interface number 0 [ 265.874180][ T4550] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0 [ 265.896612][ T4550] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input31 [ 265.910055][ T4551] usb 1-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28 [ 265.919494][ T4551] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 265.927631][ T4551] usb 1-1: Product: syz [ 265.931802][ T4551] usb 1-1: Manufacturer: syz [ 265.940711][ T4551] usb 1-1: SerialNumber: syz [ 265.946605][ T4550] mceusb 3-1:0.0: Error: mce write urb status = -71 [ 265.964487][ T4551] usb 1-1: config 0 descriptor?? [ 265.977832][ T4551] usb 1-1: Found UVC 0.00 device syz (046d:08f3) [ 265.984351][ T4551] usb 1-1: No valid video chain found. [ 266.000368][ T4550] mceusb 3-1:0.0: Error: mce write urb status = -71 [ 266.033685][ T4550] mceusb 3-1:0.0: Error: mce write urb status = -71 [ 266.068152][ T4550] mceusb 3-1:0.0: Error: mce write urb status = -71 [ 266.103751][ T4550] mceusb 3-1:0.0: Error: mce write urb status = -71 [ 266.133642][ T4550] mceusb 3-1:0.0: Error: mce write urb status = -71 [ 266.163659][ T4550] mceusb 3-1:0.0: Error: mce write urb status = -71 [ 266.189290][ T4551] usb 1-1: USB disconnect, device number 12 [ 266.201194][ T4550] mceusb 3-1:0.0: Error: mce write urb status = -71 [ 266.244186][ T4550] mceusb 3-1:0.0: Error: mce write urb status = -71 [ 266.273810][ T4550] mceusb 3-1:0.0: Error: mce write urb status = -71 [ 266.303707][ T4550] mceusb 3-1:0.0: Error: mce write urb status = -71 [ 266.334448][ T4550] mceusb 3-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 266.348018][ T4550] mceusb 3-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 266.375120][ T4550] usb 3-1: USB disconnect, device number 18 [ 266.720244][ T9679] netlink: 129384 bytes leftover after parsing attributes in process `syz.3.1913'. [ 266.913023][ T9688] loop0: detected capacity change from 0 to 1024 [ 267.010774][ T9688] EXT4-fs: Ignoring removed orlov option [ 267.125479][ T9688] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 267.351434][ T4276] EXT4-fs (loop0): unmounting filesystem. [ 267.498283][ T9713] loop0: detected capacity change from 0 to 512 [ 268.051251][ T9710] loop1: detected capacity change from 0 to 32768 [ 268.173687][ T9710] XFS (loop1): Mounting V5 Filesystem [ 268.262021][ T9710] XFS (loop1): Ending clean mount [ 268.294210][ T9710] XFS (loop1): Quotacheck needed: Please wait. [ 268.397443][ T9710] XFS (loop1): Quotacheck: Done. [ 268.527664][ T4264] XFS (loop1): Unmounting Filesystem [ 269.324769][ T9775] loop2: detected capacity change from 0 to 128 [ 269.344126][ T9775] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 269.377756][ T9775] ext4 filesystem being mounted at /372/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 269.394203][ T9782] loop3: detected capacity change from 0 to 8 [ 269.520652][ T4266] EXT4-fs (loop2): unmounting filesystem. [ 270.032664][ T9802] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1967'. [ 270.518026][ T9820] loop1: detected capacity change from 0 to 2048 [ 270.567677][ T9820] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 270.789884][ T5055] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1097: group 0, block bitmap and bg descriptor inconsistent: 25 vs 281 free clusters [ 270.843514][ T5055] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 270.874377][ T9807] loop2: detected capacity change from 0 to 32768 [ 270.883128][ T5055] EXT4-fs (loop1): This should not happen!! Data will be lost [ 270.883128][ T5055] [ 270.903094][ T5055] EXT4-fs (loop1): Total free blocks count 0 [ 270.947645][ T5055] EXT4-fs (loop1): Free/Dirty block details [ 270.961673][ T5055] EXT4-fs (loop1): free_blocks=4096 [ 270.973409][ T5055] EXT4-fs (loop1): dirty_blocks=512 [ 270.985358][ T5055] EXT4-fs (loop1): Block reservation details [ 270.998076][ T5055] EXT4-fs (loop1): i_reserved_data_blocks=32 [ 271.012497][ T5055] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 18 with max blocks 480 with error 28 [ 271.067013][ T9807] XFS (loop2): Mounting V5 Filesystem [ 271.105637][ T9828] loop3: detected capacity change from 0 to 40427 [ 271.128257][ T9828] F2FS-fs (loop3): invalid crc value [ 271.146628][ T9828] F2FS-fs (loop3): Found nat_bits in checkpoint [ 271.187210][ T9828] F2FS-fs (loop3): Start checkpoint disabled! [ 271.201969][ T9828] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6 [ 271.224763][ T9807] XFS (loop2): Ending clean mount [ 271.248700][ T9807] XFS (loop2): Quotacheck needed: Please wait. [ 271.287682][ T9823] loop0: detected capacity change from 0 to 32768 [ 271.391234][ T9823] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 271.410200][ T9807] XFS (loop2): Quotacheck: Done. [ 271.468220][ T9823] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 271.576193][ T9823] gfs2: fsid=syz:syz.s: journal 0 mapped with 5 extents in 0ms [ 271.620231][ T9190] kworker/u4:13: attempt to access beyond end of device [ 271.620231][ T9190] loop3: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 271.640463][ T4266] XFS (loop2): Unmounting Filesystem [ 271.743621][ T9823] gfs2: fsid=syz:syz.s: first mount done, others may mount [ 272.210994][ T9858] sctp: [Deprecated]: syz.0.1989 (pid 9858) Use of struct sctp_assoc_value in delayed_ack socket option. [ 272.210994][ T9858] Use struct sctp_sack_info instead [ 272.441611][ T9865] netlink: 104 bytes leftover after parsing attributes in process `syz.0.1992'. [ 273.184996][ T9873] loop0: detected capacity change from 0 to 32768 [ 273.300196][ T9873] XFS (loop0): Mounting V5 Filesystem [ 273.400228][ T9873] XFS (loop0): Ending clean mount [ 273.421144][ T9873] XFS (loop0): Quotacheck needed: Please wait. [ 273.515069][ T9873] XFS (loop0): Quotacheck: Done. [ 273.629330][ T4276] XFS (loop0): Unmounting Filesystem [ 273.856831][ T9913] loop3: detected capacity change from 0 to 1024 [ 274.687478][ T9927] loop3: detected capacity change from 0 to 32768 [ 274.804998][ T9927] XFS (loop3): Mounting V5 Filesystem [ 274.952546][ T9942] loop1: detected capacity change from 0 to 2048 [ 274.986734][ T9942] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 275.024363][ T9927] XFS (loop3): Ending clean mount [ 275.036153][ T9927] XFS (loop3): Quotacheck needed: Please wait. [ 275.153921][ T9927] XFS (loop3): Quotacheck: Done. [ 275.250149][ T26] audit: type=1800 audit(1763642496.290:38): pid=9927 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2015" name="file1" dev="loop3" ino=9286 res=0 errno=0 [ 275.665163][ T4270] XFS (loop3): Unmounting Filesystem [ 275.828395][ T9961] loop0: detected capacity change from 0 to 4096 [ 275.866451][ T9961] ntfs: (device loop0): ntfs_mapping_pairs_decompress(): Corrupt attribute. deltaxcn = 0x1, max_cluster = 0x0 [ 275.880963][ T9963] loop2: detected capacity change from 0 to 128 [ 275.928096][ T9963] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 275.940253][ T9961] ntfs: (device loop0): ntfs_mapping_pairs_decompress(): Corrupt mapping pairs array in non-resident attribute. [ 275.986191][ T9961] ntfs: (device loop0): ntfs_read_block(): Failed to read from inode 0x1, attribute type 0x80, vcn 0x0, offset 0x0 because its location on disk could not be determined even after retrying (error code -5). [ 276.014153][ T9963] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 276.059333][ T9961] ntfs: (device loop0): ntfs_mapping_pairs_decompress(): Corrupt attribute. deltaxcn = 0x1, max_cluster = 0x0 [ 276.102117][ T9961] ntfs: (device loop0): ntfs_mapping_pairs_decompress(): Corrupt mapping pairs array in non-resident attribute. [ 276.123479][ T9951] loop1: detected capacity change from 0 to 32768 [ 276.134020][ T9961] ntfs: (device loop0): ntfs_read_block(): Failed to read from inode 0x1, attribute type 0x80, vcn 0x0, offset 0x800 because its location on disk could not be determined even after retrying (error code -5). [ 276.181102][ T9951] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop1 scanned by syz.1.2021 (9951) [ 276.205891][ T9961] ntfs: (device loop0): check_mft_mirror(): Failed to read $MFTMirr. [ 276.248425][ T9951] BTRFS info (device loop1): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 276.279400][ T9961] ntfs: (device loop0): load_system_files(): $MFTMirr does not match $MFT. Will not be able to remount read-write. Run ntfsfix and/or chkdsk. [ 276.323390][ T9951] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [ 276.332861][ T9951] BTRFS info (device loop1): using free space tree [ 276.352061][ T5055] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 276.354075][ T9961] ntfs: (device loop0): ntfs_mapping_pairs_decompress(): Corrupt attribute. [ 276.434247][ T9961] ntfs: volume version 3.1. [ 276.463984][ T9972] loop2: detected capacity change from 0 to 512 [ 276.544354][ T9972] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 276.607689][ T9972] ext4 filesystem being mounted at /386/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 276.737009][ T9993] EXT4-fs error (device loop2): ext4_get_first_dir_block:3594: inode #12: comm syz.2.2038: directory missing '.' [ 276.815594][ T9993] EXT4-fs (loop2): Remounting filesystem read-only [ 276.873669][ T9951] BTRFS info (device loop1): enabling ssd optimizations [ 276.909665][ T4279] Bluetooth: hci1: unexpected subevent 0x01 length: 37 > 18 [ 276.919077][ T4279] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:201' [ 276.929120][ T4279] CPU: 0 PID: 4279 Comm: kworker/u5:5 Not tainted syzkaller #0 [ 276.936666][ T4279] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 276.946714][ T4279] Workqueue: hci1 hci_rx_work [ 276.951394][ T4279] Call Trace: [ 276.954661][ T4279] [ 276.957583][ T4279] dump_stack_lvl+0x168/0x22e [ 276.962256][ T4279] ? show_regs_print_info+0x12/0x12 [ 276.967444][ T4279] ? load_image+0x3b0/0x3b0 [ 276.971946][ T4279] sysfs_create_dir_ns+0x252/0x280 [ 276.977051][ T4279] ? hci_rx_work+0x3eb/0xd40 [ 276.981638][ T4279] ? sysfs_warn_dup+0xa0/0xa0 [ 276.986306][ T4279] ? do_raw_spin_unlock+0x11d/0x230 [ 276.991504][ T4279] kobject_add_internal+0x6b8/0xc80 [ 276.996707][ T4279] kobject_add+0x152/0x210 [ 277.001117][ T4279] ? kobject_init+0x1d0/0x1d0 [ 277.005794][ T4279] ? klist_children_get+0x50/0x50 [ 277.010809][ T4279] ? get_device_parent+0x121/0x3f0 [ 277.015912][ T4279] device_add+0x483/0xfb0 [ 277.020228][ T4279] ? kmem_cache_free+0xf7/0x290 [ 277.025073][ T4279] hci_conn_add_sysfs+0xd1/0x1e0 [ 277.030005][ T4279] le_conn_complete_evt+0xfec/0x15d0 [ 277.035289][ T4279] ? hci_le_big_info_adv_report_evt+0x310/0x310 [ 277.041522][ T4279] ? bt_info+0x150/0x150 [ 277.045755][ T4279] ? __mutex_unlock_slowpath+0x19e/0x6a0 [ 277.051378][ T4279] ? skb_pull_data+0xf7/0x200 [ 277.056050][ T4279] hci_le_conn_complete_evt+0x183/0x440 [ 277.061583][ T4279] ? hci_remote_host_features_evt+0x270/0x270 [ 277.067641][ T4279] hci_event_packet+0x791/0x1210 [ 277.072573][ T4279] ? bis_list+0x280/0x280 [ 277.076892][ T4279] ? _raw_spin_unlock_irqrestore+0xaa/0x100 [ 277.082781][ T4279] ? kcov_remote_start+0x4c7/0x7e0 [ 277.087884][ T4279] ? nf_l4proto_log_invalid+0x1f9/0x26e [ 277.093506][ T4279] ? hci_send_to_monitor+0x9c/0x4a0 [ 277.098694][ T4279] hci_rx_work+0x3eb/0xd40 [ 277.103104][ T4279] ? _raw_spin_unlock+0x40/0x40 [ 277.107952][ T4279] ? process_one_work+0x7a1/0x1160 [ 277.113047][ T4279] process_one_work+0x898/0x1160 [ 277.117987][ T4279] ? worker_detach_from_pool+0x240/0x240 [ 277.123611][ T4279] ? _raw_spin_lock_irq+0xab/0xe0 [ 277.128627][ T4279] ? _raw_spin_lock_irqsave+0xf0/0xf0 [ 277.133988][ T4279] ? kthread_data+0x4b/0xc0 [ 277.138486][ T4279] worker_thread+0xaa2/0x1250 [ 277.143170][ T4279] kthread+0x29d/0x330 [ 277.147230][ T4279] ? worker_clr_flags+0x1a0/0x1a0 [ 277.152261][ T4279] ? kthread_blkcg+0xd0/0xd0 [ 277.156842][ T4279] ret_from_fork+0x1f/0x30 [ 277.161262][ T4279] [ 277.165232][ T4279] kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 277.179489][ T4279] Bluetooth: hci1: failed to register connection device [ 277.199422][ T4266] EXT4-fs (loop2): unmounting filesystem. [ 277.564277][ T4264] BTRFS info (device loop1): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 278.160362][T10027] loop3: detected capacity change from 0 to 4096 [ 278.244104][T10027] ntfs: volume version 3.1. [ 278.773382][ T4338] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 278.908957][T10056] loop1: detected capacity change from 0 to 128 [ 278.931031][T10056] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 278.971906][T10056] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 278.984380][ T4338] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 279.004131][ T4338] usb 1-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00 [ 279.042152][ T4338] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 279.078464][ T4338] usb 1-1: config 0 descriptor?? [ 279.106045][ T5055] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 279.121492][T10045] loop3: detected capacity change from 0 to 32768 [ 279.157814][T10045] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop3 scanned by syz.3.2050 (10045) [ 279.212844][ T22] hid-generic 0000:0000:0000.001B: unknown main item tag 0x0 [ 279.242374][ T22] hid-generic 0000:0000:0000.001B: hidraw0: HID v0.00 Device [syz1] on syz0 [ 279.249838][T10062] loop1: detected capacity change from 0 to 1024 [ 279.274890][T10045] BTRFS info (device loop3): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 279.306512][T10045] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 279.329322][T10045] BTRFS info (device loop3): using free space tree [ 279.369189][T10062] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 279.417620][ T4551] kernel write not supported for file /uhid (pid: 4551 comm: kworker/1:9) [ 279.498044][ T4338] lg-g15 0003:046D:C222.001C: unknown main item tag 0x0 [ 279.511448][ T4264] EXT4-fs (loop1): unmounting filesystem. [ 279.563444][ T4338] lg-g15 0003:046D:C222.001C: unknown main item tag 0x0 [ 279.600946][T10045] BTRFS info (device loop3): enabling ssd optimizations [ 279.630093][ T4338] lg-g15 0003:046D:C222.001C: unknown main item tag 0x0 [ 279.687611][ T4338] lg-g15 0003:046D:C222.001C: unknown main item tag 0x0 [ 279.704318][ T4338] lg-g15 0003:046D:C222.001C: unknown main item tag 0x0 [ 279.727821][ T4338] lg-g15 0003:046D:C222.001C: unknown main item tag 0x0 [ 279.735501][T10086] loop2: detected capacity change from 0 to 4096 [ 279.757935][ T4338] lg-g15 0003:046D:C222.001C: unknown main item tag 0x0 [ 279.779512][T10086] ntfs: volume version 3.1. [ 279.810268][ T4338] lg-g15 0003:046D:C222.001C: hidraw0: USB HID v10.00 Device [HID 046d:c222] on usb-dummy_hcd.0-1/input0 [ 279.834356][ T4338] usb 1-1: USB disconnect, device number 13 [ 280.034753][ T4270] BTRFS info (device loop3): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 280.112320][T10091] fido_id[10091]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory [ 280.226403][ T4672] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 11 /dev/loop3 scanned by udevd (4672) [ 280.571878][T10100] loop0: detected capacity change from 0 to 4096 [ 280.842779][T10090] loop1: detected capacity change from 0 to 32768 [ 280.960727][T10090] jfs_unlink: dtDelete returned -116 [ 280.992646][T10090] jfs_unlink: dtDelete returned -116 [ 281.277292][T10119] input: syz1 as /devices/virtual/input/input32 [ 281.583580][ T4338] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 281.773411][ T4338] usb 3-1: Using ep0 maxpacket: 32 [ 281.780310][ T4338] usb 3-1: config 0 has an invalid interface number: 67 but max is 0 [ 281.820443][ T4338] usb 3-1: config 0 has no interface number 0 [ 281.856155][ T4338] usb 3-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 281.888759][ T4338] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 281.917395][ T4338] usb 3-1: Product: syz [ 281.921599][ T4338] usb 3-1: Manufacturer: syz [ 281.957879][ T4338] usb 3-1: SerialNumber: syz [ 281.999068][ T4338] usb 3-1: config 0 descriptor?? [ 282.036845][ T4338] smsc95xx v2.0.0 [ 282.250790][T10124] loop3: detected capacity change from 0 to 131072 [ 282.266720][T10124] F2FS-fs (loop3): invalid crc value [ 282.322476][T10124] F2FS-fs (loop3): Found nat_bits in checkpoint [ 282.359213][T10124] F2FS-fs (loop3): Cannot turn on quotas: -2 on 2 [ 282.377109][T10124] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4 [ 282.397301][ T26] kauditd_printk_skb: 48 callbacks suppressed [ 282.397313][ T26] audit: type=1800 audit(1763642503.440:39): pid=10124 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2075" name="file1" dev="loop3" ino=7 res=0 errno=0 [ 282.429120][ T4338] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32 [ 282.468266][ T4338] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 282.593603][T10139] loop0: detected capacity change from 0 to 4096 [ 282.680096][T10118] loop1: detected capacity change from 0 to 32768 [ 282.714856][T10118] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 282.738442][T10118] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 282.804866][T10118] gfs2: fsid=syz:syz.s: journal 0 mapped with 5 extents in 0ms [ 282.829217][ T4276] ntfs3: loop0: ntfs_evict_inode r=5 failed, -22. [ 282.854213][ T4276] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 282.939092][T10118] gfs2: fsid=syz:syz.s: first mount done, others may mount [ 282.956580][ T4338] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000108: -71 [ 282.997429][ T4338] smsc95xx: probe of 3-1:0.67 failed with error -71 [ 283.044912][ T4338] usb 3-1: USB disconnect, device number 19 [ 283.207096][T10142] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2084'. [ 283.418431][T10149] hugetlbfs: Bad value '0x00000000ffffffff' for mount option 'gid' [ 283.418431][T10149] [ 283.429815][T10147] loop1: detected capacity change from 0 to 4096 [ 284.275744][T10172] 9pnet: p9_errstr2errno: server reported unknown error  [ 284.570065][T10183] netlink: 340 bytes leftover after parsing attributes in process `syz.3.2100'. [ 285.200441][T10203] 9pnet: p9_errstr2errno: server reported unknown error  [ 285.538406][T10221] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2120'. [ 285.585167][T10224] loop2: detected capacity change from 0 to 4096 [ 285.633514][ T4375] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 285.640405][T10226] overlayfs: failed to clone lowerpath [ 285.672837][T10226] overlayfs: failed to clone lowerpath [ 285.712033][T10226] overlayfs: failed to clone lowerpath [ 285.832075][ T4375] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 285.872384][ T4375] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 285.893359][ T4375] usb 1-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice=d6.af [ 285.932320][ T4375] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 285.971177][ T4375] usb 1-1: config 0 descriptor?? [ 286.313347][ T41] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 286.417981][ T4375] playstation 0003:054C:0DF2.001D: unknown main item tag 0x0 [ 286.439514][ T4375] playstation 0003:054C:0DF2.001D: unknown main item tag 0x0 [ 286.447602][ T4375] playstation 0003:054C:0DF2.001D: unknown main item tag 0x0 [ 286.462554][ T4375] playstation 0003:054C:0DF2.001D: unknown main item tag 0x0 [ 286.472426][ T4375] playstation 0003:054C:0DF2.001D: unknown main item tag 0x0 [ 286.489471][ T4375] playstation 0003:054C:0DF2.001D: hidraw0: USB HID v1.01 Device [HID 054c:0df2] on usb-dummy_hcd.0-1/input0 [ 286.513498][ T41] usb 3-1: Using ep0 maxpacket: 32 [ 286.520598][ T41] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 286.539263][ T41] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 286.555880][ T41] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 286.574374][T10253] tipc: Started in network mode [ 286.575373][ T41] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 286.579294][T10253] tipc: Node identity ac14142f, cluster identity 4711 [ 286.596684][T10253] tipc: New replicast peer: 0.0.0.0 [ 286.603077][T10253] tipc: Enabled bearer , priority 10 [ 286.624084][ T41] usb 3-1: config 0 descriptor?? [ 286.633836][T10253] tipc: New replicast peer: fc00:0000:0000:0000:0000:0000:0000:0000 [ 287.015643][ T4375] playstation 0003:054C:0DF2.001D: Failed to retrieve feature with reportID 5: -71 [ 287.041885][ T41] savu 0003:1E7D:2D5A.001E: hiddev0,hidraw1: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.2-1/input0 [ 287.049184][ T4375] playstation 0003:054C:0DF2.001D: Failed to retrieve DualSense calibration info: -71 [ 287.102645][ T4375] playstation 0003:054C:0DF2.001D: Failed to get calibration data from DualSense [ 287.123408][ T4375] playstation 0003:054C:0DF2.001D: Failed to create dualsense. [ 287.141809][ T4375] playstation: probe of 0003:054C:0DF2.001D failed with error -71 [ 287.190688][ T4375] usb 1-1: USB disconnect, device number 14 [ 287.306904][ T4338] usb 3-1: USB disconnect, device number 20 [ 287.408711][T10272] fido_id[10272]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory [ 287.713387][ T4375] tipc: Node number set to 2886997039 [ 287.898772][T10290] tipc: Started in network mode [ 287.919785][T10290] tipc: Node identity ac14142f, cluster identity 4711 [ 287.947909][T10290] tipc: New replicast peer: 0.0.0.0 [ 287.961446][T10290] tipc: Enabled bearer , priority 10 [ 287.991616][T10292] loop2: detected capacity change from 0 to 1024 [ 288.008059][T10295] tipc: New replicast peer: fc00:0000:0000:0000:0000:0000:0000:0000 [ 288.235529][ T9200] hfsplus: b-tree write err: -5, ino 4 [ 288.414078][T10309] fuse: Bad value for 'fd' [ 288.771053][T10328] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2167'. [ 288.904299][T10334] netlink: 80 bytes leftover after parsing attributes in process `syz.4.2170'. [ 288.927028][T10332] device veth1_to_team entered promiscuous mode [ 288.956962][T10332] device bridge0 entered promiscuous mode [ 288.991028][ T9183] IPv6: ADDRCONF(NETDEV_CHANGE): hsr1: link becomes ready [ 289.073761][ T4338] tipc: Node number set to 2886997039 [ 289.222979][T10349] netlink: 'syz.3.2177': attribute type 11 has an invalid length. [ 289.385704][T10355] hugetlbfs: Bad value '0x00000000ffffffff' for mount option 'gid' [ 289.385704][T10355] [ 289.463531][ T41] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 289.550996][T10362] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2183'. [ 289.663577][ T41] usb 1-1: Using ep0 maxpacket: 8 [ 289.672989][ T41] usb 1-1: unable to get BOS descriptor or descriptor too short [ 289.692945][ T41] usb 1-1: config 4 interface 0 has no altsetting 0 [ 289.712806][ T41] usb 1-1: string descriptor 0 read error: -22 [ 289.722285][ T41] usb 1-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05 [ 289.751109][ T41] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 289.782794][ T41] usb 1-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state [ 289.811183][ T41] usb 1-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 289.831075][ T41] dvbdev: DVB: registering new adapter (Sigmatek DVB-110) [ 289.850473][ T41] usb 1-1: media controller created [ 289.852526][T10375] loop2: detected capacity change from 0 to 512 [ 289.876620][ T41] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 289.923247][T10375] EXT4-fs: Ignoring removed mblk_io_submit option [ 289.968281][T10375] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 290.091098][T10375] EXT4-fs (loop2): 1 truncate cleaned up [ 290.102296][T10375] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 290.258104][T10394] EXT4-fs (loop2): shut down requested (2) [ 290.498458][ T4266] EXT4-fs (loop2): unmounting filesystem. [ 291.137520][ T41] usb 1-1: USB disconnect, device number 15 [ 291.515387][T10405] loop2: detected capacity change from 0 to 32768 [ 291.611830][T10405] XFS (loop2): Mounting V5 Filesystem [ 291.735395][T10405] XFS (loop2): Ending clean mount [ 291.767699][T10405] XFS (loop2): syz.2.2200 should use fallocate; XFS_IOC_{ALLOC,FREE}SP ioctl unsupported [ 291.837131][ T4266] XFS (loop2): Unmounting Filesystem [ 291.901842][T10438] overlayfs: maximum fs stacking depth exceeded [ 292.052799][T10442] loop0: detected capacity change from 0 to 64 [ 292.610872][T10460] loop2: detected capacity change from 0 to 2048 [ 292.733784][T10460] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 292.743647][T10460] ext4 filesystem being mounted at /421/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 292.823810][ T26] audit: type=1800 audit(1763642513.870:40): pid=10460 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.2212" name="file0" dev="loop2" ino=13 res=0 errno=0 [ 292.973584][ T4266] EXT4-fs (loop2): unmounting filesystem. [ 293.140748][T10473] loop2: detected capacity change from 0 to 1024 [ 293.577453][T10479] loop2: detected capacity change from 0 to 1024 [ 293.631639][T10479] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 293.646570][T10479] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869) [ 293.668623][T10479] JBD2: no valid journal superblock found [ 293.690908][T10479] EXT4-fs (loop2): error loading journal [ 294.244446][T10503] netlink: 'syz.4.2238': attribute type 12 has an invalid length. [ 294.255083][T10504] loop0: detected capacity change from 0 to 2048 [ 294.264479][T10503] netlink: 'syz.4.2238': attribute type 29 has an invalid length. [ 294.272313][T10503] netlink: 148 bytes leftover after parsing attributes in process `syz.4.2238'. [ 294.319885][T10504] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 294.340296][T10504] ext4 filesystem being mounted at /471/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 294.352011][T10503] netlink: 59 bytes leftover after parsing attributes in process `syz.4.2238'. [ 294.439548][T10500] loop2: detected capacity change from 0 to 32768 [ 294.451075][T10505] netlink: 'syz.4.2238': attribute type 12 has an invalid length. [ 294.460315][T10505] netlink: 'syz.4.2238': attribute type 29 has an invalid length. [ 294.469354][T10505] netlink: 148 bytes leftover after parsing attributes in process `syz.4.2238'. [ 294.479015][ T26] audit: type=1800 audit(1763642515.520:41): pid=10504 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2237" name="file0" dev="loop0" ino=13 res=0 errno=0 [ 294.480233][T10505] netlink: 59 bytes leftover after parsing attributes in process `syz.4.2238'. [ 294.533520][T10500] XFS (loop2): Mounting V5 Filesystem [ 294.584390][T10516] device macvtap0 entered promiscuous mode [ 294.591382][T10516] device macvtap0 left promiscuous mode [ 294.689584][ T4276] EXT4-fs (loop0): unmounting filesystem. [ 294.696538][T10500] XFS (loop2): Ending clean mount [ 294.743629][T10500] XFS (loop2): Quotacheck needed: Please wait. [ 294.850627][T10500] XFS (loop2): Quotacheck: Done. [ 294.911914][ T26] audit: type=1804 audit(1763642515.950:42): pid=10500 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.2236" name="/newroot/426/file1/file1" dev="loop2" ino=9286 res=1 errno=0 [ 295.014117][ T4266] XFS (loop2): Unmounting Filesystem [ 295.180425][T10535] loop0: detected capacity change from 0 to 2048 [ 295.258066][T10535] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 295.291199][ T26] audit: type=1326 audit(1763642516.330:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10542 comm="syz.4.2250" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5ac538f749 code=0x7ffc0000 [ 295.314249][T10535] ext4 filesystem being mounted at /473/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 295.333033][ T26] audit: type=1326 audit(1763642516.340:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10542 comm="syz.4.2250" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5ac538f749 code=0x7ffc0000 [ 295.443384][ T26] audit: type=1326 audit(1763642516.340:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10542 comm="syz.4.2250" exe="/root/syz-executor" sig=0 arch=c000003e syscall=103 compat=0 ip=0x7f5ac538f749 code=0x7ffc0000 [ 295.472780][T10535] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz.0.2248: bg 0: block 345: padding at end of block bitmap is not set [ 295.505098][ T26] audit: type=1326 audit(1763642516.370:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10542 comm="syz.4.2250" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5ac538f749 code=0x7ffc0000 [ 295.520198][T10535] EXT4-fs (loop0): Remounting filesystem read-only [ 295.558062][ T26] audit: type=1326 audit(1763642516.370:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10542 comm="syz.4.2250" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5ac538f749 code=0x7ffc0000 [ 295.559736][T10535] fs-verity (loop0, inode 13): Error -117 writing Merkle tree block 0 [ 295.593954][T10535] fs-verity (loop0, inode 13): Error -117 building Merkle tree [ 295.700266][T10556] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 295.718550][T10556] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 295.727718][T10556] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 295.736830][T10556] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 295.745916][T10556] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 295.755014][T10556] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 295.764146][T10556] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 295.773197][T10556] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 295.782312][T10556] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 295.791401][T10556] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 295.799690][T10559] fuse: Bad value for 'fd' [ 295.986682][ T4338] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 296.026933][ T4276] EXT4-fs (loop0): unmounting filesystem. [ 296.173399][ T4338] usb 3-1: Using ep0 maxpacket: 16 [ 296.188509][ T4338] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 296.220825][ T4338] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 296.251721][ T4338] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 296.271237][ T4338] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 296.281161][ T4338] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 296.297861][ T4338] usb 3-1: config 0 descriptor?? [ 296.727374][ T4338] HID 045e:07da: Invalid code 65791 type 1 [ 296.765130][ T4338] input: HID 045e:07da as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:045E:07DA.001F/input/input33 [ 296.815297][ T4338] microsoft 0003:045E:07DA.001F: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.2-1/input0 [ 296.929578][ T4620] usb 3-1: USB disconnect, device number 21 [ 297.043066][T10578] fido_id[10578]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory [ 297.239442][ T26] audit: type=1326 audit(1763642518.280:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10584 comm="syz.1.2266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdec0f8f749 code=0x7ffc0000 [ 297.293595][ T26] audit: type=1326 audit(1763642518.300:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10584 comm="syz.1.2266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdec0f8f749 code=0x7ffc0000 [ 297.447284][T10595] loop0: detected capacity change from 0 to 64 [ 298.251295][T10621] loop0: detected capacity change from 0 to 512 [ 298.292689][T10621] EXT4-fs: Ignoring removed mblk_io_submit option [ 298.343487][T10621] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 298.393214][T10599] loop2: detected capacity change from 0 to 32768 [ 298.414190][T10621] EXT4-fs (loop0): 1 truncate cleaned up [ 298.419888][T10621] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 298.552289][T10599] XFS (loop2): Mounting V5 Filesystem [ 298.674025][T10640] EXT4-fs (loop0): shut down requested (2) [ 298.722922][T10599] XFS (loop2): Ending clean mount [ 298.809214][ T4551] XFS (loop2): Metadata CRC error detected at xfs_rmapbt_read_verify+0x3a/0xd0, xfs_rmapbt block 0x14 [ 298.840655][ T4551] XFS (loop2): Unmount and run xfs_repair [ 298.852910][ T4551] XFS (loop2): First 128 bytes of corrupted metadata buffer: [ 298.876711][ T4551] 00000000: 52 4d 42 33 00 00 00 0c ff ff ff ff ff ff ff ff RMB3............ [ 298.903448][ T4551] 00000010: 00 00 00 00 00 00 00 14 00 00 00 01 00 00 00 80 ................ [ 298.939168][ T4551] 00000020: bf dc 47 fc 10 d8 4e ed a5 62 11 a8 31 b3 f7 91 ..G...N..b..1... [ 298.948845][ T4551] 00000030: 00 00 00 00 5b af 3b 1d 00 00 00 00 00 00 00 01 ....[.;......... [ 298.966813][ T4551] 00000040: ff ff ff ff ff ff ff fd 00 00 00 00 00 00 00 00 ................ [ 298.978915][ T4551] 00000050: 00 00 00 01 00 00 00 02 ff ff ff ff ff ff ff fb ................ [ 298.991900][ T4551] 00000060: 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 02 ................ [ 299.008390][ T4551] 00000070: ff ff ff ff ff ff ff fa 00 00 00 00 00 00 00 00 ................ [ 299.023088][T10599] XFS (loop2): metadata I/O error in "xfs_btree_read_buf_block+0x1d3/0x2c0" at daddr 0x14 len 4 error 74 [ 299.038094][ T4276] EXT4-fs (loop0): unmounting filesystem. [ 299.052897][T10599] XFS (loop2): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0x1784/0x1e50 (fs/xfs/libxfs/xfs_defer.c:580). Shutting down filesystem. [ 299.073527][T10599] XFS (loop2): Please unmount the filesystem and rectify the problem(s) [ 299.218938][ T4266] XFS (loop2): Unmounting Filesystem [ 300.090362][T10665] input: syz0 as /devices/virtual/input/input34 [ 300.119205][T10668] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2299'. [ 300.146158][T10668] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2299'. [ 300.164566][T10672] sctp: [Deprecated]: syz.0.2300 (pid 10672) Use of struct sctp_assoc_value in delayed_ack socket option. [ 300.164566][T10672] Use struct sctp_sack_info instead [ 300.465087][T10682] loop0: detected capacity change from 0 to 4096 [ 300.534457][T10682] ntfs: volume version 3.1. [ 300.582907][T10682] __ntfs_error: 3 callbacks suppressed [ 300.582922][T10682] ntfs: (device loop0): ntfs_cluster_alloc(): Failed to allocate clusters, aborting (error -28). [ 300.621721][T10682] ntfs: (device loop0): ntfs_attr_extend_allocation(): Cannot extend allocation of inode 0x43, attribute type 0x80, because the allocation of clusters failed with error code -28. [ 300.671941][T10691] ntfs: (device loop0): ntfs_cluster_alloc(): Failed to allocate clusters, aborting (error -28). [ 301.694915][ T4338] usb 3-1: new high-speed USB device number 22 using dummy_hcd [ 301.894212][ T4338] usb 3-1: too many configurations: 9, using maximum allowed: 8 [ 301.914547][ T4338] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 301.943435][ T4338] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 301.963409][ T4338] usb 3-1: config 0 interface 0 has no altsetting 0 [ 301.994522][ T4338] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 302.013404][ T4338] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 302.039013][ T4338] usb 3-1: config 0 interface 0 has no altsetting 0 [ 302.054566][ T4338] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 302.073378][ T4338] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 302.109683][ T4338] usb 3-1: config 0 interface 0 has no altsetting 0 [ 302.135587][ T4338] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 302.163401][ T4338] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 302.184910][ T4338] usb 3-1: config 0 interface 0 has no altsetting 0 [ 302.202929][ T4338] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 302.226395][ T4338] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 302.257978][ T4338] usb 3-1: config 0 interface 0 has no altsetting 0 [ 302.265920][ T4338] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 302.295527][ T4338] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 302.314729][ T4338] usb 3-1: config 0 interface 0 has no altsetting 0 [ 302.341166][ T4338] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 302.358953][ T4338] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 302.403346][ T4338] usb 3-1: config 0 interface 0 has no altsetting 0 [ 302.437420][ T4338] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 302.452098][ T4338] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 302.483466][ T4338] usb 3-1: config 0 interface 0 has no altsetting 0 [ 302.505813][ T4338] usb 3-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 302.525291][ T4338] usb 3-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 302.543184][ T4338] usb 3-1: Product: syz [ 302.553517][ T4338] usb 3-1: Manufacturer: syz [ 302.562707][ T4338] usb 3-1: SerialNumber: syz [ 302.608477][ T4338] usb 3-1: config 0 descriptor?? [ 302.634072][ T4338] yurex 3-1:0.0: USB YUREX device now attached to Yurex #0 [ 302.892160][T10766] loop0: detected capacity change from 0 to 1024 [ 302.942502][ T4338] usb 3-1: USB disconnect, device number 22 [ 302.960605][ T4338] yurex 3-1:0.0: USB YUREX #0 now disconnected [ 303.245938][T10777] 9pnet_fd: Insufficient options for proto=fd [ 303.336651][T10779] netlink: 129384 bytes leftover after parsing attributes in process `syz.4.2361'. [ 303.599490][T10793] loop0: detected capacity change from 0 to 1024 [ 303.711078][T10793] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 303.921720][ T4276] EXT4-fs (loop0): unmounting filesystem. [ 304.319658][T10818] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2367'. [ 304.336115][T10818] batman_adv: batadv0: Adding interface: macsec1 [ 304.342688][T10818] batman_adv: batadv0: The MTU of interface macsec1 is too small (1468) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 304.369063][T10818] batman_adv: batadv0: Not using interface macsec1 (retrying later): interface not active [ 304.763505][ T22] usb 3-1: new high-speed USB device number 23 using dummy_hcd [ 304.923402][ T7] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 304.963391][ T22] usb 3-1: Using ep0 maxpacket: 16 [ 304.970359][ T22] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 304.987372][ T22] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 304.998860][ T22] usb 3-1: New USB device found, idVendor=6161, idProduct=4d15, bcdDevice= 0.00 [ 305.008062][ T22] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 305.017965][ T22] usb 3-1: config 0 descriptor?? [ 305.121088][ T7] usb 1-1: Using ep0 maxpacket: 16 [ 305.128360][ T7] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 305.158025][ T7] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 305.171506][ T7] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 305.213609][ T7] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 305.242511][ T7] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 305.274741][ T7] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 305.293680][ T7] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 305.304938][ T7] usb 1-1: Manufacturer: syz [ 305.319746][ T7] usb 1-1: config 0 descriptor?? [ 305.329117][T10853] overlayfs: failed to clone upperpath [ 305.633190][ T22] usb 3-1: language id specifier not provided by device, defaulting to English [ 305.733416][ T7] rc_core: IR keymap rc-hauppauge not found [ 305.740813][ T7] Registered IR keymap rc-empty [ 305.751958][ T7] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 305.809403][ T7] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 305.833904][ T22] letsketch 0003:6161:4D15.0020: Device info: ᑔ [ 305.853972][ T7] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0 [ 305.890072][ T7] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input35 [ 305.927838][ T7] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 305.983417][ T7] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 306.023872][ T7] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 306.053434][ T7] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 306.072225][ T22] usb 3-1: Max retries (5) exceeded reading string descriptor 201 [ 306.083380][ T7] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 306.090746][ T22] letsketch: probe of 0003:6161:4D15.0020 failed with error -71 [ 306.113398][ T7] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 306.118998][ T22] usb 3-1: USB disconnect, device number 23 [ 306.163720][ T7] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 306.223565][ T7] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 306.253414][ T7] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 306.283398][ T7] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 306.324494][ T7] mceusb 1-1:0.0: Registered with mce emulator interface version 1 [ 306.332517][ T7] mceusb 1-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 306.370430][ T7] usb 1-1: USB disconnect, device number 16 [ 306.850559][ T7] hid-generic 000B:0003:0004.0021: unknown main item tag 0x0 [ 306.865231][ T7] hid-generic 000B:0003:0004.0021: unknown main item tag 0x0 [ 306.873047][ T7] hid-generic 000B:0003:0004.0021: unknown main item tag 0x0 [ 306.881386][ T7] hid-generic 000B:0003:0004.0021: unknown main item tag 0x0 [ 306.889274][ T7] hid-generic 000B:0003:0004.0021: unknown main item tag 0x0 [ 306.902579][ T7] hid-generic 000B:0003:0004.0021: unknown main item tag 0x0 [ 306.911176][ T7] hid-generic 000B:0003:0004.0021: unknown main item tag 0x0 [ 306.919009][ T7] hid-generic 000B:0003:0004.0021: unknown main item tag 0x0 [ 306.926766][ T7] hid-generic 000B:0003:0004.0021: unknown main item tag 0x0 [ 306.940018][ T7] hid-generic 000B:0003:0004.0021: unknown main item tag 0x0 [ 306.948150][ T7] hid-generic 000B:0003:0004.0021: unknown main item tag 0x0 [ 306.955897][ T7] hid-generic 000B:0003:0004.0021: unknown main item tag 0x0 [ 306.963476][ T7] hid-generic 000B:0003:0004.0021: unknown main item tag 0x0 [ 306.971018][ T7] hid-generic 000B:0003:0004.0021: unknown main item tag 0x0 [ 306.978988][ T7] hid-generic 000B:0003:0004.0021: unknown main item tag 0x0 [ 306.986774][ T7] hid-generic 000B:0003:0004.0021: unknown main item tag 0x0 [ 306.994434][ T7] hid-generic 000B:0003:0004.0021: unknown main item tag 0x0 [ 307.001888][ T7] hid-generic 000B:0003:0004.0021: unknown main item tag 0x0 [ 307.012523][ T7] hid-generic 000B:0003:0004.0021: hidraw0: HID v0.00 Device [syz1] on syz1 [ 307.162208][T10897] fido_id[10897]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 307.645859][ T22] kernel write not supported for file bpf-prog (pid: 22 comm: kworker/1:0) [ 308.525591][T10946] loop2: detected capacity change from 0 to 128 [ 308.531452][T10944] loop0: detected capacity change from 0 to 4096 [ 308.549521][T10946] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 308.615494][T10944] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 308.642328][T10946] hpfs: filesystem error: improperly stopped [ 308.662288][T10944] ntfs3: loop0: Failed to load $Extend. [ 308.674700][T10946] hpfs: filesystem error: warning: spare dnodes used, try chkdsk [ 308.682456][T10946] hpfs: You really don't want any checks? You are crazy... [ 308.717663][T10946] hpfs: hpfs_map_sector(): read error [ 308.723084][T10946] hpfs: code page support is disabled [ 308.769627][T10946] hpfs: hpfs_map_4sectors(): unaligned read [ 308.776482][T10946] hpfs: hpfs_map_4sectors(): unaligned read [ 308.782401][T10946] hpfs: filesystem error: unable to find root dir [ 309.166956][T10961] loop2: detected capacity change from 0 to 2048 [ 309.222673][T10961] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 309.278576][T10966] fuse: Bad value for 'fd' [ 309.897525][T10984] vxcan1: tx drop: invalid sa for name 0x0000000000000004 [ 309.910758][T10986] input: syz1 as /devices/virtual/input/input36 [ 310.205976][T10968] loop0: detected capacity change from 0 to 32768 [ 310.313385][T10968] XFS (loop0): Mounting V5 Filesystem [ 310.480644][T10997] loop2: detected capacity change from 0 to 32768 [ 310.529539][T10968] XFS (loop0): Ending clean mount [ 310.547380][T10997] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 310.634677][T10968] XFS (loop0): Metadata CRC error detected at xfs_rmapbt_read_verify+0x3a/0xd0, xfs_rmapbt block 0x14 [ 310.669740][T10968] XFS (loop0): Unmount and run xfs_repair [ 310.696007][T10968] XFS (loop0): First 128 bytes of corrupted metadata buffer: [ 310.730193][T10968] 00000000: 52 4d 42 33 00 00 00 0c ff ff ff ff ff ff ff ff RMB3............ [ 310.758064][ T4266] ocfs2: Unmounting device (7,2) on (node local) [ 310.763191][T10968] 00000010: 00 00 00 00 00 00 00 14 00 00 00 01 00 00 00 80 ................ [ 310.805571][T10968] 00000020: bf dc 47 fc 10 d8 4e ed a5 62 11 a8 31 b3 f7 91 ..G...N..b..1... [ 310.838493][T10968] 00000030: 00 00 00 00 5b af 3b 1d 00 00 00 00 00 00 00 01 ....[.;......... [ 310.868877][T10968] 00000040: ff ff ff ff ff ff ff fd 00 00 00 00 00 00 00 00 ................ [ 310.897685][T10968] 00000050: 00 00 00 01 00 00 00 02 ff ff ff ff ff ff ff fb ................ [ 310.916357][T10968] 00000060: 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 02 ................ [ 311.013144][T10968] 00000070: ff ff ff ff ff ff ff fa 00 00 00 00 00 00 00 00 ................ [ 311.022611][T10968] XFS (loop0): metadata I/O error in "xfs_btree_read_buf_block+0x1d3/0x2c0" at daddr 0x14 len 4 error 74 [ 311.049240][T10968] XFS (loop0): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0x1784/0x1e50 (fs/xfs/libxfs/xfs_defer.c:580). Shutting down filesystem. [ 311.093409][T10968] XFS (loop0): Please unmount the filesystem and rectify the problem(s) [ 311.243869][ T4276] XFS (loop0): Unmounting Filesystem [ 311.387053][T11037] vxcan0: tx drop: invalid da for name 0x0000020000000000 [ 311.797843][T11047] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2468'. [ 312.595703][T11066] loop0: detected capacity change from 0 to 4096 [ 312.730492][T11066] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 313.362532][ T4276] EXT4-fs (loop0): unmounting filesystem. [ 313.573414][ T7] usb 3-1: new high-speed USB device number 24 using dummy_hcd [ 313.705693][ T4551] libceph: connect (1)[c::]:6789 error -101 [ 313.719618][ T4551] libceph: mon0 (1)[c::]:6789 connect error [ 313.783404][ T7] usb 3-1: Using ep0 maxpacket: 32 [ 313.799159][ T7] usb 3-1: config 0 has an invalid interface number: 51 but max is 0 [ 313.812192][ T7] usb 3-1: config 0 has no interface number 0 [ 313.829216][ T7] usb 3-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 313.858892][ T7] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 313.878949][T11100] ceph: No mds server is up or the cluster is laggy [ 313.878961][ T7] usb 3-1: Product: syz [ 313.895007][ T7] usb 3-1: Manufacturer: syz [ 313.899703][ T7] usb 3-1: SerialNumber: syz [ 313.914689][ T7] usb 3-1: config 0 descriptor?? [ 313.922853][ T7] quatech2 3-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 314.129466][ T7] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 314.146922][ T7] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 314.351628][T11085] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 314.370169][T11085] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 314.422609][T11132] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2502'. [ 314.579566][T11138] loop0: detected capacity change from 0 to 1024 [ 314.597384][ C0] usb 3-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 314.598157][ T4551] usb 3-1: USB disconnect, device number 24 [ 314.628902][ T4551] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 314.637922][T11141] overlayfs: failed to clone upperpath [ 314.652810][ T4551] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 314.666492][T11141] overlayfs: failed to clone upperpath [ 314.681161][ T4551] quatech2 3-1:0.51: device disconnected [ 315.103421][ T4265] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 315.153414][T11158] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2513'. [ 315.295523][ T4265] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 315.319237][ T4265] usb 1-1: New USB device found, idVendor=17ef, idProduct=6047, bcdDevice= 0.00 [ 315.338766][ T4265] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 315.364055][ T4265] usb 1-1: config 0 descriptor?? [ 315.782747][ T4265] lenovo 0003:17EF:6047.0022: hidraw0: USB HID v0.00 Device [HID 17ef:6047] on usb-dummy_hcd.0-1/input0 [ 315.823583][ T4620] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 316.019713][ T4620] usb 3-1: config 0 has an invalid interface number: 255 but max is 0 [ 316.037704][ T4620] usb 3-1: config 0 has no interface number 0 [ 316.047078][ T4620] usb 3-1: too many endpoints for config 0 interface 255 altsetting 255: 255, using maximum allowed: 30 [ 316.059168][ T4620] usb 3-1: config 0 interface 255 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 255 [ 316.090493][ T4620] usb 3-1: config 0 interface 255 has no altsetting 0 [ 316.106111][ T4620] usb 3-1: New USB device found, idVendor=0bda, idProduct=0177, bcdDevice=7d.0b [ 316.116396][ T4620] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 316.137505][ T4620] usb 3-1: config 0 descriptor?? [ 316.154317][ T4620] ums-realtek 3-1:0.255: USB Mass Storage device detected [ 316.348180][ T7] usb 3-1: USB disconnect, device number 25 [ 316.381644][ T4265] lenovo 0003:17EF:6047.0022: Fn-lock setting failed: -71 [ 316.393713][ T4265] lenovo 0003:17EF:6047.0022: Sensitivity setting failed: -71 [ 316.441248][ T4265] usb 1-1: USB disconnect, device number 17 [ 316.558410][T11219] fido_id[11219]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory [ 316.664333][ T26] audit: type=1326 audit(1763642537.710:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11221 comm="syz.3.2543" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fc1aeb8f749 code=0x0 [ 316.948771][ T1278] ieee802154 phy0 wpan0: encryption failed: -22 [ 316.955128][ T1278] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.404846][T11252] loop2: detected capacity change from 0 to 512 [ 317.420058][T11252] EXT4-fs (loop2): Test dummy encryption mode enabled [ 317.428314][T11252] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 317.461020][T11252] EXT4-fs error (device loop2): ext4_orphan_get:1426: comm syz.2.2556: bad orphan inode 131083 [ 317.483455][ T7] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 317.499427][T11252] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 317.655250][ T4266] EXT4-fs (loop2): unmounting filesystem. [ 317.675390][ T7] usb 1-1: Using ep0 maxpacket: 16 [ 317.694220][ T7] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 317.712980][ T7] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 317.738398][ T7] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 317.757324][ T7] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 317.769392][ T7] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 317.785631][ T7] usb 1-1: config 0 descriptor?? [ 318.202579][ T7] HID 045e:07da: Invalid code 65791 type 1 [ 318.218074][ T7] input: HID 045e:07da as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:045E:07DA.0023/input/input37 [ 318.231882][ T7] microsoft 0003:045E:07DA.0023: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.0-1/input0 [ 318.380829][T11290] loop2: detected capacity change from 0 to 512 [ 318.401585][T11290] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 318.459044][ T7] usb 1-1: USB disconnect, device number 18 [ 318.467010][T11290] EXT4-fs (loop2): 1 truncate cleaned up [ 318.472803][T11290] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 318.505295][T11290] EXT4-fs (loop2): shut down requested (1) [ 318.540136][T11290] syz.2.2572 (pid 11290) is setting deprecated v1 encryption policy; recommend upgrading to v2. [ 318.611623][ T4266] EXT4-fs (loop2): unmounting filesystem. [ 318.912610][T11307] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2580'. [ 318.993399][ T4375] usb 3-1: new high-speed USB device number 26 using dummy_hcd [ 319.193456][ T4375] usb 3-1: Using ep0 maxpacket: 8 [ 319.214419][ T4375] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 319.233353][ T4375] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 319.252752][ T4375] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 319.269024][ T4375] usb 3-1: config 0 descriptor?? [ 319.479366][T11328] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2589'. [ 319.493569][ T4375] iowarrior 3-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 319.495031][T11328] device bond_slave_0 entered promiscuous mode [ 319.510686][T11328] device bond_slave_1 entered promiscuous mode [ 319.519683][T11328] device macvlan2 entered promiscuous mode [ 319.545010][T11328] device bond0 entered promiscuous mode [ 319.565768][T11328] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 319.961463][ T4375] usb 3-1: USB disconnect, device number 26 [ 320.045917][T11335] loop0: detected capacity change from 0 to 32768 [ 320.067076][T11335] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz.0.2593 (11335) [ 320.099975][T11335] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 320.130699][T11335] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 320.161079][T11335] BTRFS info (device loop0): using free space tree [ 320.417634][T11335] BTRFS info (device loop0): enabling ssd optimizations [ 320.435025][T11368] overlayfs: failed to clone lowerpath [ 320.584024][T11370] fuse: Bad value for 'fd' [ 320.840313][ T4276] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 321.217092][ T26] audit: type=1326 audit(1763642542.260:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11397 comm="syz.3.2614" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc1aeb8f749 code=0x7ffc0000 [ 321.297491][ T26] audit: type=1326 audit(1763642542.280:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11397 comm="syz.3.2614" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc1aeb8f749 code=0x7ffc0000 [ 321.403391][ T26] audit: type=1326 audit(1763642542.280:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11397 comm="syz.3.2614" exe="/root/syz-executor" sig=0 arch=c000003e syscall=221 compat=0 ip=0x7fc1aeb8f749 code=0x7ffc0000 [ 321.490489][ T26] audit: type=1326 audit(1763642542.280:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11397 comm="syz.3.2614" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc1aeb8f749 code=0x7ffc0000 [ 321.701867][T11414] loop0: detected capacity change from 0 to 8192 [ 321.744360][T11414] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 321.772289][T11414] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 321.792795][T11414] REISERFS (device loop0): using ordered data mode [ 321.809747][T11414] reiserfs: using flush barriers [ 321.870105][T11414] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 321.913850][T11414] REISERFS (device loop0): checking transaction log (loop0) [ 321.929364][ T4900] kernel write not supported for file bpf-prog (pid: 4900 comm: kworker/1:14) [ 321.944062][T11414] REISERFS (device loop0): Using r5 hash to sort names [ 321.954029][T11414] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 322.031833][T11414] REISERFS warning (device loop0): super-6502 reiserfs_getopt: unknown mount option "<\}OLqQ·χ [ 322.031833][T11414] OQ6b" [ 322.454772][T11408] loop2: detected capacity change from 0 to 40427 [ 322.568021][T11408] F2FS-fs (loop2): Found nat_bits in checkpoint [ 322.723860][T11408] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 322.838916][ T26] audit: type=1326 audit(1763642543.880:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11434 comm="syz.4.2628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5ac538f749 code=0x7fc00000 [ 322.872404][ T4266] syz-executor: attempt to access beyond end of device [ 322.872404][ T4266] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 323.513487][ T26] audit: type=1326 audit(1763642544.550:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11434 comm="syz.4.2628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f5ac538f749 code=0x7fc00000 [ 324.003378][ T4265] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 324.206821][ T4265] usb 1-1: Using ep0 maxpacket: 8 [ 324.219204][ T4265] usb 1-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c [ 324.233245][ T4265] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 324.248018][ T4265] usb 1-1: Product: syz [ 324.252212][ T4265] usb 1-1: Manufacturer: syz [ 324.260392][ T4265] usb 1-1: SerialNumber: syz [ 324.272326][ T4265] usb 1-1: config 0 descriptor?? [ 324.287869][ T4265] gspca_main: se401-2.14.0 probing 047d:5003 [ 324.413418][ T125] usb 3-1: new high-speed USB device number 27 using dummy_hcd [ 324.606267][ T125] usb 3-1: Using ep0 maxpacket: 16 [ 324.617427][ T125] usb 3-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3 [ 324.637142][ T125] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 324.655494][ T125] usb 3-1: Product: syz [ 324.663539][ T125] usb 3-1: Manufacturer: syz [ 324.673531][ T125] usb 3-1: SerialNumber: syz [ 324.706552][ T125] usb 3-1: config 0 descriptor?? [ 324.889594][ T4265] input: se401 as /devices/platform/dummy_hcd.0/usb1/1-1/input/input38 [ 324.921128][T11521] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2667'. [ 325.091338][ T4265] usb 1-1: USB disconnect, device number 19 [ 325.121532][ T125] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state. [ 325.167647][ T125] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 325.204094][ T125] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T) [ 325.232648][ T125] usb 3-1: media controller created [ 325.271952][ T125] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 325.434281][T11531] device wlan1 entered promiscuous mode [ 325.726843][T11547] loop3: detected capacity change from 0 to 1 [ 325.743572][ T4673] Dev loop3: unable to read RDB block 1 [ 325.749298][ T4673] loop3: unable to read partition table [ 325.763343][ T4673] loop3: partition table beyond EOD, truncated [ 325.782619][T11547] Dev loop3: unable to read RDB block 1 [ 325.788311][T11547] loop3: unable to read partition table [ 325.803668][T11547] loop3: partition table beyond EOD, truncated [ 325.820153][T11547] loop_reread_partitions: partition scan of loop3 (被x ) failed (rc=-5) [ 325.838731][T11552] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2681'. [ 325.887392][ T125] zl10353_read_register: readreg error (reg=127, ret==0) [ 325.904944][ T125] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T' [ 325.921015][ T125] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully initialized and connected. [ 325.979814][ T125] usb 3-1: USB disconnect, device number 27 [ 326.012975][T11556] netlink: 27 bytes leftover after parsing attributes in process `syz.4.2684'. [ 326.064453][ T125] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully deinitialized and disconnected. [ 326.400612][T11576] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2691'. [ 326.679034][T11589] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2697'. [ 326.960802][T11601] overlayfs: workdir and upperdir must reside under the same mount [ 327.294622][T11610] loop2: detected capacity change from 0 to 256 [ 327.317018][T11610] exFAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 327.328041][T11610] exFAT-fs (loop2): Medium has reported failures. Some data may be lost. [ 327.357061][T11610] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x262da998, utbl_chksum : 0xe619d30d) [ 327.479536][T11610] exFAT-fs (loop2): error, found bogus dentry(18) beyond unused empty group(0) (start_clu : 5, cur_clu : 5) [ 327.514934][T11610] exFAT-fs (loop2): Filesystem has been set read-only [ 327.575277][ T5055] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 327.615293][ T5055] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 327.792476][ T5055] netdevsim netdevsim0 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 327.833580][ T5055] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 327.963201][T11627] loop2: detected capacity change from 0 to 2048 [ 328.005947][T11627] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 328.015172][ T5055] netdevsim netdevsim0 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 328.073413][ T5055] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 328.250487][ T5055] netdevsim netdevsim0 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 328.273230][ T5055] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 328.424420][ T4279] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 328.434941][ T4279] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 328.469159][ T4279] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 328.476356][ T4375] usb 3-1: new high-speed USB device number 28 using dummy_hcd [ 328.490117][ T4279] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 328.498825][ T4279] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 328.506649][ T4279] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 328.638479][ T5055] tipc: Disabling bearer [ 328.663399][ T4375] usb 3-1: Using ep0 maxpacket: 16 [ 328.668788][ T5055] tipc: Left network mode [ 328.675736][ T4375] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 328.688594][ T4375] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 328.719236][ T4375] usb 3-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 328.732789][ T4375] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 328.758934][ T4375] usb 3-1: config 0 descriptor?? [ 328.844096][T11637] chnl_net:caif_netlink_parms(): no params data found [ 329.202486][ T4375] mcp2221 0003:04D8:00DD.0024: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.2-1/input0 [ 329.427097][T11634] i2c i2c-1: unsupported multi-msg i2c transaction [ 329.466108][ T4375] usb 3-1: USB disconnect, device number 28 [ 329.580469][T11637] bridge0: port 1(bridge_slave_0) entered blocking state [ 329.591935][T11637] bridge0: port 1(bridge_slave_0) entered disabled state [ 329.645900][T11637] device bridge_slave_0 entered promiscuous mode [ 329.660029][T11637] bridge0: port 2(bridge_slave_1) entered blocking state [ 329.687722][T11637] bridge0: port 2(bridge_slave_1) entered disabled state [ 329.704500][T11637] device bridge_slave_1 entered promiscuous mode [ 329.790028][T11682] overlayfs: failed to clone upperpath [ 329.861889][T11637] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 329.957856][T11637] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 330.168402][T11637] team0: Port device team_slave_0 added [ 330.248362][T11637] team0: Port device team_slave_1 added [ 330.362826][T11637] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 330.375403][T11637] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 330.432548][T11637] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 330.501152][T11637] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 330.510448][T11637] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 330.543664][ T4279] Bluetooth: hci3: command 0x0409 tx timeout [ 330.565463][T11637] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 330.699984][T11637] device hsr_slave_0 entered promiscuous mode [ 330.729870][T11637] device hsr_slave_1 entered promiscuous mode [ 330.753218][T11637] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 330.778334][T11637] Cannot create hsr debugfs directory [ 331.484113][ T5055] device hsr_slave_0 left promiscuous mode [ 331.500891][ T5055] device hsr_slave_1 left promiscuous mode [ 331.547224][ T5055] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 331.572348][T11708] capability: warning: `syz.3.2744' uses 32-bit capabilities (legacy support in use) [ 331.593571][ T5055] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 331.602862][ T5055] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 331.629865][ T5055] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 331.648113][ T5055] device bridge_slave_1 left promiscuous mode [ 331.667429][ T5055] bridge0: port 2(bridge_slave_1) entered disabled state [ 331.705090][ T5055] device bridge_slave_0 left promiscuous mode [ 331.755385][ T5055] bridge0: port 1(bridge_slave_0) entered disabled state [ 331.833482][ T4279] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:201' [ 331.842986][ T4279] CPU: 0 PID: 4279 Comm: kworker/u5:5 Not tainted syzkaller #0 [ 331.850550][ T4279] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 331.860616][ T4279] Workqueue: hci1 hci_rx_work [ 331.865320][ T4279] Call Trace: [ 331.868728][ T4279] [ 331.871696][ T4279] dump_stack_lvl+0x168/0x22e [ 331.876401][ T4279] ? show_regs_print_info+0x12/0x12 [ 331.881619][ T4279] ? load_image+0x3b0/0x3b0 [ 331.886162][ T4279] sysfs_create_dir_ns+0x252/0x280 [ 331.891298][ T4279] ? hci_rx_work+0x3eb/0xd40 [ 331.895914][ T4279] ? sysfs_warn_dup+0xa0/0xa0 [ 331.900614][ T4279] ? do_raw_spin_unlock+0x11d/0x230 [ 331.905839][ T4279] kobject_add_internal+0x6b8/0xc80 [ 331.906626][ T5055] device bond0 left promiscuous mode [ 331.911050][ T4279] kobject_add+0x152/0x210 [ 331.920794][ T4279] ? kobject_init+0x1d0/0x1d0 [ 331.925476][ T4279] ? klist_children_get+0x50/0x50 [ 331.930497][ T4279] ? get_device_parent+0x121/0x3f0 [ 331.935613][ T4279] device_add+0x483/0xfb0 [ 331.939936][ T4279] ? kmem_cache_free+0xf7/0x290 [ 331.944791][ T4279] hci_conn_add_sysfs+0xd1/0x1e0 [ 331.949769][ T4279] le_conn_complete_evt+0xfec/0x15d0 [ 331.955057][ T4279] ? hci_le_big_info_adv_report_evt+0x310/0x310 [ 331.961293][ T4279] ? __mutex_unlock_slowpath+0x19e/0x6a0 [ 331.966934][ T4279] ? skb_pull_data+0xf7/0x200 [ 331.971620][ T4279] hci_le_enh_conn_complete_evt+0x185/0x460 [ 331.977512][ T4279] ? hci_le_remote_conn_param_req_evt+0xcc0/0xcc0 [ 331.983923][ T4279] ? hci_remote_host_features_evt+0x270/0x270 [ 331.989984][ T4279] hci_event_packet+0x791/0x1210 [ 331.994937][ T4279] ? bis_list+0x280/0x280 [ 331.999262][ T4279] ? _raw_spin_unlock_irqrestore+0xaa/0x100 [ 332.005157][ T4279] ? kcov_remote_start+0x4c7/0x7e0 [ 332.010269][ T4279] ? nf_l4proto_log_invalid+0x1f9/0x26e [ 332.015811][ T4279] ? hci_send_to_monitor+0x9c/0x4a0 [ 332.021003][ T4279] hci_rx_work+0x3eb/0xd40 [ 332.025419][ T4279] ? _raw_spin_unlock+0x40/0x40 [ 332.030272][ T4279] ? process_one_work+0x7a1/0x1160 [ 332.035376][ T4279] process_one_work+0x898/0x1160 [ 332.040314][ T4279] ? worker_detach_from_pool+0x240/0x240 [ 332.045939][ T4279] ? _raw_spin_lock_irq+0xab/0xe0 [ 332.050954][ T4279] ? _raw_spin_lock_irqsave+0xf0/0xf0 [ 332.056322][ T4279] ? kthread_data+0x4b/0xc0 [ 332.060826][ T4279] worker_thread+0xaa2/0x1250 [ 332.065517][ T4279] kthread+0x29d/0x330 [ 332.069589][ T4279] ? worker_clr_flags+0x1a0/0x1a0 [ 332.074606][ T4279] ? kthread_blkcg+0xd0/0xd0 [ 332.079188][ T4279] ret_from_fork+0x1f/0x30 [ 332.083601][ T4279] [ 332.089558][ T4279] kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 332.102845][ T4279] Bluetooth: hci1: failed to register connection device [ 332.151497][ T5055] device bond_slave_0 left promiscuous mode [ 332.158174][ T5055] device bond_slave_1 left promiscuous mode [ 332.166558][ T5055] device veth1_macvtap left promiscuous mode [ 332.173675][ T5055] device veth0_macvtap left promiscuous mode [ 332.179790][ T5055] device veth1_vlan left promiscuous mode [ 332.185957][ T5055] device veth0_vlan left promiscuous mode [ 332.623498][ T4279] Bluetooth: hci3: command 0x041b tx timeout [ 333.143837][T11755] loop2: detected capacity change from 0 to 40427 [ 333.168973][T11755] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 333.178149][T11755] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 333.209541][T11755] F2FS-fs (loop2): invalid crc value [ 333.249200][T11755] F2FS-fs (loop2): Found nat_bits in checkpoint [ 333.389430][T11755] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 333.407793][T11755] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 333.695093][ T26] audit: type=1326 audit(1763642554.740:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11779 comm="syz.4.2770" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5ac538f749 code=0x7ffc0000 [ 333.730325][ T5055] team0 (unregistering): Port device team_slave_1 removed [ 333.750618][ T26] audit: type=1326 audit(1763642554.740:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11779 comm="syz.4.2770" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5ac538f749 code=0x7ffc0000 [ 333.781766][ T26] audit: type=1326 audit(1763642554.740:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11779 comm="syz.4.2770" exe="/root/syz-executor" sig=0 arch=c000003e syscall=93 compat=0 ip=0x7f5ac538f749 code=0x7ffc0000 [ 333.812181][ T26] audit: type=1326 audit(1763642554.740:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11779 comm="syz.4.2770" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5ac538f749 code=0x7ffc0000 [ 333.841640][ T26] audit: type=1326 audit(1763642554.740:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11779 comm="syz.4.2770" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5ac538f749 code=0x7ffc0000 [ 333.902599][ T5055] team0 (unregistering): Port device team_slave_0 removed [ 334.022940][ T5055] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 334.169728][ T5055] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 334.706755][ T4279] Bluetooth: hci3: command 0x040f tx timeout [ 334.745468][ T5055] bond0 (unregistering): Released all slaves [ 335.200007][T11804] loop2: detected capacity change from 0 to 1024 [ 335.514588][T11813] syz.1.2782 sent an empty control message without MSG_MORE. [ 335.523642][ T9183] hfsplus: b-tree write err: -5, ino 4 [ 335.810943][T11637] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 335.847787][T11637] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 335.878068][T11637] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 335.922364][T11637] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 336.004426][T11835] overlayfs: failed to clone upperpath [ 336.034868][T11835] overlayfs: failed to clone upperpath [ 336.178665][T11637] 8021q: adding VLAN 0 to HW filter on device bond0 [ 336.236449][ T9183] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 336.246796][ T9183] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 336.270269][T11637] 8021q: adding VLAN 0 to HW filter on device team0 [ 336.303220][ T9200] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 336.325054][ T9200] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 336.366310][ T9200] bridge0: port 1(bridge_slave_0) entered blocking state [ 336.373626][ T9200] bridge0: port 1(bridge_slave_0) entered forwarding state [ 336.403735][ T9200] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 336.442195][ T9183] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 336.466796][ T9183] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 336.489007][ T9183] bridge0: port 2(bridge_slave_1) entered blocking state [ 336.497888][ T9183] bridge0: port 2(bridge_slave_1) entered forwarding state [ 336.527659][ T9183] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 336.569066][ T9183] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 336.586455][ T9183] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 336.620282][ T9183] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 336.643666][ T9183] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 336.663586][ T9183] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 336.716805][ T9183] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 336.739868][ T9183] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 336.759674][ T9183] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 336.783834][ T4279] Bluetooth: hci3: command 0x0419 tx timeout [ 336.791403][ T9183] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 336.827316][ T9183] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 336.899408][T11637] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 337.600144][ T9190] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 337.618463][ T9190] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 337.644768][T11637] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 337.704463][ T9203] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 337.724046][ T9203] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 337.762903][ T9203] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 337.813322][ T9203] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 337.841869][ T9203] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 337.860115][ T9203] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 337.896459][T11637] device veth0_vlan entered promiscuous mode [ 337.948820][T11637] device veth1_vlan entered promiscuous mode [ 338.060590][ T9183] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 338.070517][ T9183] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 338.096625][ T9183] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 338.098616][T11922] netlink: 72 bytes leftover after parsing attributes in process `syz.4.2816'. [ 338.120760][ T9183] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 338.186372][T11637] device veth0_macvtap entered promiscuous mode [ 338.218650][T11637] device veth1_macvtap entered promiscuous mode [ 338.262840][T11637] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 338.282991][T11637] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 338.293450][T11637] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 338.316591][T11637] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 338.335908][T11637] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 338.347937][T11637] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 338.359975][T11637] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 338.391131][T11637] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 338.417052][T11637] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 338.449667][ T9203] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 338.478159][ T9203] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 338.503017][ T9203] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 338.529086][ T9203] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 338.595133][T11637] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 338.634003][T11637] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 338.673315][T11637] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 338.708172][T11637] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 338.723659][T11637] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 338.734690][T11637] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 338.745017][T11637] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 338.755908][T11637] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 338.789549][T11637] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 338.804514][ T9203] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 338.815618][ T9203] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 338.844067][T11637] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 338.882589][T11637] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 338.910276][T11637] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 338.932429][T11637] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 339.246985][ T9203] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 339.283443][ T9203] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 339.332705][ T9203] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 339.388060][ T9190] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 339.417889][ T9190] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 339.492080][ T9190] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 340.271236][T11992] overlayfs: overlay with incompat feature 'volatile' cannot be mounted [ 340.546324][T12009] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2846'. [ 341.086730][ T26] audit: type=1326 audit(1763642562.130:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12034 comm="syz.2.2855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7face538f749 code=0x7ffc0000 [ 341.157624][ T26] audit: type=1326 audit(1763642562.130:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12034 comm="syz.2.2855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7face538f749 code=0x7ffc0000 [ 341.253388][ T26] audit: type=1326 audit(1763642562.130:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12034 comm="syz.2.2855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7face538f749 code=0x7ffc0000 [ 341.368875][ T26] audit: type=1326 audit(1763642562.130:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12034 comm="syz.2.2855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7face538f749 code=0x7ffc0000 [ 341.466920][ T26] audit: type=1326 audit(1763642562.130:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12034 comm="syz.2.2855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7face538f749 code=0x7ffc0000 [ 341.549942][ T26] audit: type=1326 audit(1763642562.130:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12034 comm="syz.2.2855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7face538f749 code=0x7ffc0000 [ 341.642166][ T26] audit: type=1326 audit(1763642562.160:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12034 comm="syz.2.2855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7face538f749 code=0x7ffc0000 [ 341.740906][ T26] audit: type=1326 audit(1763642562.170:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12034 comm="syz.2.2855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=7 compat=0 ip=0x7face538f749 code=0x7ffc0000 [ 341.859185][ T26] audit: type=1326 audit(1763642562.170:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12034 comm="syz.2.2855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7face538f749 code=0x7ffc0000 [ 341.947345][ T26] audit: type=1326 audit(1763642562.170:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12034 comm="syz.2.2855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7face538f749 code=0x7ffc0000 [ 342.365980][T12046] loop0: detected capacity change from 0 to 32768 [ 342.514069][T12046] XFS (loop0): Mounting V5 Filesystem [ 342.703625][T12046] XFS (loop0): Ending clean mount [ 342.755154][T12046] XFS (loop0): Quotacheck needed: Please wait. [ 342.854876][T12046] XFS (loop0): Quotacheck: Done. [ 342.990551][T11637] XFS (loop0): Unmounting Filesystem [ 343.400949][T12105] loop2: detected capacity change from 0 to 2048 [ 343.971157][T12123] 9pnet_fd: Insufficient options for proto=fd [ 345.323396][ T7112] usb 3-1: new high-speed USB device number 29 using dummy_hcd [ 345.513233][ T7112] usb 3-1: Using ep0 maxpacket: 8 [ 345.520017][ T7112] usb 3-1: config 0 has no interfaces? [ 345.538280][ T7112] usb 3-1: New USB device found, idVendor=19d2, idProduct=0167, bcdDevice=bc.89 [ 345.569545][ T7112] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 345.587914][ T7112] usb 3-1: Product: syz [ 345.594622][ T7112] usb 3-1: Manufacturer: syz [ 345.605684][ T7112] usb 3-1: SerialNumber: syz [ 345.622211][ T7112] usb 3-1: config 0 descriptor?? [ 345.754443][T12175] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2906'. [ 345.776344][T12171] loop0: detected capacity change from 0 to 4096 [ 345.826628][T12171] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 346.050345][T12183] netlink: 'syz.3.2909': attribute type 1 has an invalid length. [ 346.057397][ T7112] usb 3-1: USB disconnect, device number 29 [ 346.115214][T12183] netlink: 'syz.3.2909': attribute type 6 has an invalid length. [ 346.153581][T11637] ntfs3: loop0: ntfs_evict_inode r=5 failed, -22. [ 346.163384][T12183] netlink: 52 bytes leftover after parsing attributes in process `syz.3.2909'. [ 346.479637][T12195] device batadv_slave_1 entered promiscuous mode [ 346.506377][T12194] device batadv_slave_1 left promiscuous mode [ 346.688688][T12201] netlink: 'syz.4.2916': attribute type 39 has an invalid length. [ 346.983929][ T4620] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 347.173491][ T4620] usb 1-1: Using ep0 maxpacket: 32 [ 347.181413][ T4620] usb 1-1: config 0 interface 0 has no altsetting 0 [ 347.208644][ T4620] usb 1-1: New USB device found, idVendor=1b1c, idProduct=0c10, bcdDevice= 0.00 [ 347.225619][ T4620] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 347.255502][ T4620] usb 1-1: config 0 descriptor?? [ 347.451594][T12221] net_ratelimit: 3256 callbacks suppressed [ 347.451609][T12221] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 347.798492][T12230] loop2: detected capacity change from 0 to 64 [ 348.850211][ T4620] corsair-cpro 0003:1B1C:0C10.0025: hidraw0: USB HID v4.06 Device [HID 1b1c:0c10] on usb-dummy_hcd.0-1/input0 [ 349.070154][ T4620] corsair-cpro: probe of 0003:1B1C:0C10.0025 failed with error -71 [ 349.091864][ T4620] usb 1-1: USB disconnect, device number 20 [ 349.258481][T12251] fido_id[12251]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory [ 349.288557][T12255] overlayfs: failed to clone upperpath [ 349.990669][T12273] loop0: detected capacity change from 0 to 47 [ 350.086290][T12273] syz.0.2948: attempt to access beyond end of device [ 350.086290][T12273] loop0: rw=2049, sector=48, nr_sectors = 2 limit=47 [ 350.151742][T12273] Buffer I/O error on dev loop0, logical block 24, lost async page write [ 350.203552][T12273] syz.0.2948: attempt to access beyond end of device [ 350.203552][T12273] loop0: rw=2049, sector=50, nr_sectors = 2 limit=47 [ 350.227161][T12273] Buffer I/O error on dev loop0, logical block 25, lost async page write [ 350.267828][T12273] syz.0.2948: attempt to access beyond end of device [ 350.267828][T12273] loop0: rw=2049, sector=52, nr_sectors = 2 limit=47 [ 350.281898][T12273] Buffer I/O error on dev loop0, logical block 26, lost async page write [ 350.290817][T12273] syz.0.2948: attempt to access beyond end of device [ 350.290817][T12273] loop0: rw=2049, sector=54, nr_sectors = 2 limit=47 [ 350.304678][T12273] Buffer I/O error on dev loop0, logical block 27, lost async page write [ 350.362029][T12284] netlink: 100 bytes leftover after parsing attributes in process `syz.3.2952'. [ 350.849335][T12307] netlink: 72 bytes leftover after parsing attributes in process `syz.2.2962'. [ 351.042882][T12311] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2964'. [ 351.436076][T12324] loop2: detected capacity change from 0 to 2048 [ 351.459021][T12302] loop0: detected capacity change from 0 to 40427 [ 351.484129][T12302] F2FS-fs (loop0): Wrong MAIN_AREA boundary, start(4096) end(12800) block(12288) [ 351.523602][T12302] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 351.531979][T12302] F2FS-fs (loop0): build fault injection attr: rate: 0, type: 0x35f7 [ 351.540746][T12302] F2FS-fs (loop0): build fault injection attr: rate: 690, type: 0x3ffff [ 351.548438][T12324] loop2: p1 < > p4 [ 351.562020][T12324] loop2: p4 size 8388608 extends beyond EOD, truncated [ 351.564090][T12302] F2FS-fs (loop0): invalid crc value [ 351.655439][T12324] syz.2.2969: attempt to access beyond end of device [ 351.655439][T12324] loop2p1: rw=2048, sector=0, nr_sectors = 8 limit=2 [ 351.656431][T12302] F2FS-fs (loop0): Found nat_bits in checkpoint [ 351.683217][T12324] SQUASHFS error: Failed to read block 0x0: -5 [ 351.795180][T12302] F2FS-fs (loop0): Start checkpoint disabled! [ 351.828994][T12302] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 351.839731][T12302] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [ 352.104884][ T9203] kworker/u4:18: attempt to access beyond end of device [ 352.104884][ T9203] loop0: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 352.132607][T12343] device bond0 entered promiscuous mode [ 352.160645][T12343] device bond_slave_0 entered promiscuous mode [ 352.179034][T12343] device bond_slave_1 entered promiscuous mode [ 352.683647][T12353] loop2: detected capacity change from 0 to 32768 [ 352.699104][T12353] ocfs2: Slot 0 on device (7,2) was already allocated to this node! [ 352.712187][T12353] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 352.930839][ T4266] ocfs2: Unmounting device (7,2) on (node local) [ 353.961913][T12392] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 353.970258][ T125] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 354.163515][ T125] usb 1-1: Using ep0 maxpacket: 8 [ 354.172124][ T125] usb 1-1: config 32 has an invalid interface number: 32 but max is 0 [ 354.193658][ T125] usb 1-1: config 32 has an invalid descriptor of length 0, skipping remainder of the config [ 354.206867][ T125] usb 1-1: config 32 has no interface number 0 [ 354.214110][ T125] usb 1-1: New USB device found, idVendor=19b5, idProduct=0021, bcdDevice=98.c7 [ 354.223592][ T125] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 354.249651][ T125] hub 1-1:32.32: bad descriptor, ignoring hub [ 354.269748][ T125] hub: probe of 1-1:32.32 failed with error -5 [ 354.845899][ T4338] usb 1-1: reset high-speed USB device number 21 using dummy_hcd [ 355.954421][ T41] usb 1-1: USB disconnect, device number 21 [ 356.222091][T12471] netlink: 'syz.2.3028': attribute type 3 has an invalid length. [ 356.250674][T12471] netlink: 'syz.2.3028': attribute type 1 has an invalid length. [ 356.276360][T12471] netlink: 198452 bytes leftover after parsing attributes in process `syz.2.3028'. [ 356.793538][ T125] usb 3-1: new high-speed USB device number 30 using dummy_hcd [ 356.992359][ T125] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 357.010378][ T125] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 357.023073][ T125] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 357.036990][ T125] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 357.046503][ T125] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 357.057808][ T125] usb 3-1: config 0 descriptor?? [ 357.486789][ T125] plantronics 0003:047F:FFFF.0026: No inputs registered, leaving [ 357.500057][ T125] plantronics 0003:047F:FFFF.0026: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 357.773606][ T125] usb 3-1: USB disconnect, device number 30 [ 357.805157][T12527] fido_id[12527]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:047F:FFFF.0026/report_descriptor': No such device [ 358.485021][T12540] loop0: detected capacity change from 0 to 40427 [ 358.508473][T12540] F2FS-fs (loop0): invalid crc value [ 358.585984][T12540] F2FS-fs (loop0): Found nat_bits in checkpoint [ 358.732358][T12540] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 358.790542][T12540] F2FS-fs (loop0): Unexpected flush for atomic writes: ino=10, npages=17 [ 358.832341][T12540] syz.0.3059: attempt to access beyond end of device [ 358.832341][T12540] loop0: rw=2049, sector=77824, nr_sectors = 136 limit=40427 [ 358.929174][T11637] syz-executor: attempt to access beyond end of device [ 358.929174][T11637] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 359.592001][T12574] mmap: syz.4.3069 (12574) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 359.638544][T12574] [ 359.640911][T12574] ====================================================== [ 359.647923][T12574] WARNING: possible circular locking dependency detected [ 359.654938][T12574] syzkaller #0 Not tainted [ 359.659330][T12574] ------------------------------------------------------ [ 359.666327][T12574] syz.4.3069/12574 is trying to acquire lock: [ 359.672371][T12574] ffff88807bf9d4a0 (&sb->s_type->i_mutex_key#12){+.+.}-{3:3}, at: process_measurement+0x33c/0x1a10 [ 359.683061][T12574] [ 359.683061][T12574] but task is already holding lock: [ 359.690407][T12574] ffff8880574f8158 (&mm->mmap_lock){++++}-{3:3}, at: __se_sys_remap_file_pages+0x17d/0x770 [ 359.700398][T12574] [ 359.700398][T12574] which lock already depends on the new lock. [ 359.700398][T12574] [ 359.710778][T12574] [ 359.710778][T12574] the existing dependency chain (in reverse order) is: [ 359.719772][T12574] [ 359.719772][T12574] -> #1 (&mm->mmap_lock){++++}-{3:3}: [ 359.727317][T12574] down_read_killable+0x4c/0x340 [ 359.732764][T12574] mmap_read_lock_killable+0x1d/0x60 [ 359.738555][T12574] lock_mm_and_find_vma+0x2b1/0x2f0 [ 359.744267][T12574] do_user_addr_fault+0x2db/0xb10 [ 359.749795][T12574] exc_page_fault+0x60/0x100 [ 359.754897][T12574] asm_exc_page_fault+0x22/0x30 [ 359.760252][T12574] fault_in_readable+0x13e/0x1f0 [ 359.765694][T12574] fault_in_iov_iter_readable+0xbb/0x2e0 [ 359.771853][T12574] generic_perform_write+0x1d2/0x560 [ 359.777660][T12574] __generic_file_write_iter+0x172/0x430 [ 359.783805][T12574] generic_file_write_iter+0xab/0x2e0 [ 359.789700][T12574] vfs_write+0x44c/0x960 [ 359.794459][T12574] __x64_sys_pwrite64+0x191/0x220 [ 359.800000][T12574] do_syscall_64+0x4c/0xa0 [ 359.804929][T12574] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 359.811329][T12574] [ 359.811329][T12574] -> #0 (&sb->s_type->i_mutex_key#12){+.+.}-{3:3}: [ 359.820007][T12574] __lock_acquire+0x2cf8/0x7c50 [ 359.825367][T12574] lock_acquire+0x1b4/0x490 [ 359.830374][T12574] down_write+0x36/0x60 [ 359.835038][T12574] process_measurement+0x33c/0x1a10 [ 359.840747][T12574] ima_file_mmap+0x104/0x150 [ 359.845847][T12574] __se_sys_remap_file_pages+0x53e/0x770 [ 359.851989][T12574] do_syscall_64+0x4c/0xa0 [ 359.856913][T12574] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 359.863316][T12574] [ 359.863316][T12574] other info that might help us debug this: [ 359.863316][T12574] [ 359.873525][T12574] Possible unsafe locking scenario: [ 359.873525][T12574] [ 359.880971][T12574] CPU0 CPU1 [ 359.886325][T12574] ---- ---- [ 359.891675][T12574] lock(&mm->mmap_lock); [ 359.895992][T12574] lock(&sb->s_type->i_mutex_key#12); [ 359.903961][T12574] lock(&mm->mmap_lock); [ 359.910794][T12574] lock(&sb->s_type->i_mutex_key#12); [ 359.916245][T12574] [ 359.916245][T12574] *** DEADLOCK *** [ 359.916245][T12574] [ 359.924368][T12574] 1 lock held by syz.4.3069/12574: [ 359.929457][T12574] #0: ffff8880574f8158 (&mm->mmap_lock){++++}-{3:3}, at: __se_sys_remap_file_pages+0x17d/0x770 [ 359.939891][T12574] [ 359.939891][T12574] stack backtrace: [ 359.945760][T12574] CPU: 1 PID: 12574 Comm: syz.4.3069 Not tainted syzkaller #0 [ 359.953196][T12574] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 359.963229][T12574] Call Trace: [ 359.966497][T12574] [ 359.969412][T12574] dump_stack_lvl+0x168/0x22e [ 359.974080][T12574] ? load_image+0x3b0/0x3b0 [ 359.978571][T12574] ? show_regs_print_info+0x12/0x12 [ 359.983755][T12574] ? print_circular_bug+0x12b/0x1a0 [ 359.988939][T12574] check_noncircular+0x274/0x310 [ 359.993862][T12574] ? add_chain_block+0x940/0x940 [ 359.998784][T12574] ? lockdep_lock+0xdc/0x1e0 [ 360.003362][T12574] ? _find_first_zero_bit+0xcf/0x100 [ 360.008650][T12574] __lock_acquire+0x2cf8/0x7c50 [ 360.013501][T12574] ? ima_match_policy+0x104/0x2100 [ 360.018600][T12574] ? verify_lock_unused+0x140/0x140 [ 360.023792][T12574] ? ima_match_policy+0x207a/0x2100 [ 360.028986][T12574] lock_acquire+0x1b4/0x490 [ 360.033481][T12574] ? process_measurement+0x33c/0x1a10 [ 360.038854][T12574] ? __might_sleep+0xd0/0xd0 [ 360.043437][T12574] ? read_lock_is_recursive+0x10/0x10 [ 360.048803][T12574] ? ima_get_action+0x71/0xa0 [ 360.053471][T12574] down_write+0x36/0x60 [ 360.057620][T12574] ? process_measurement+0x33c/0x1a10 [ 360.062979][T12574] process_measurement+0x33c/0x1a10 [ 360.068168][T12574] ? ima_file_mmap+0x150/0x150 [ 360.072919][T12574] ? aa_file_perm+0x117/0xec0 [ 360.077588][T12574] ? mtree_load+0xeb/0xa40 [ 360.082008][T12574] ? mtree_load+0x90a/0xa40 [ 360.086508][T12574] ? aa_get_current_label+0x110/0x1d0 [ 360.091882][T12574] ? apparmor_current_getsecid_subj+0xb1/0x110 [ 360.098033][T12574] ima_file_mmap+0x104/0x150 [ 360.102615][T12574] ? ima_file_free+0x3e0/0x3e0 [ 360.107365][T12574] ? common_file_perm+0x171/0x1c0 [ 360.112381][T12574] ? bpf_lsm_mmap_file+0x5/0x10 [ 360.117220][T12574] ? security_mmap_file+0x11b/0x180 [ 360.122406][T12574] __se_sys_remap_file_pages+0x53e/0x770 [ 360.128023][T12574] ? __se_sys_futex+0x14a/0x440 [ 360.132867][T12574] ? __x64_sys_remap_file_pages+0xc0/0xc0 [ 360.138576][T12574] ? lock_chain_count+0x20/0x20 [ 360.143419][T12574] ? lockdep_hardirqs_on+0x94/0x140 [ 360.148605][T12574] ? __x64_sys_remap_file_pages+0x1c/0xc0 [ 360.154311][T12574] do_syscall_64+0x4c/0xa0 [ 360.158709][T12574] ? clear_bhb_loop+0x60/0xb0 [ 360.163367][T12574] ? clear_bhb_loop+0x60/0xb0 [ 360.168024][T12574] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 360.173899][T12574] RIP: 0033:0x7f5ac538f749 [ 360.178299][T12574] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 360.197891][T12574] RSP: 002b:00007f5ac6175038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d8 [ 360.206288][T12574] RAX: ffffffffffffffda RBX: 00007f5ac55e6090 RCX: 00007f5ac538f749 [ 360.214240][T12574] RDX: 0000000000000000 RSI: 0000000000003000 RDI: 000020000013e000 [ 360.222191][T12574] RBP: 00007f5ac5413f91 R08: 0000000000000001 R09: 0000000000000000 [ 360.230142][T12574] R10: 0000000000000021 R11: 0000000000000246 R12: 0000000000000000 [ 360.238101][T12574] R13: 00007f5ac55e6128 R14: 00007f5ac55e6090 R15: 00007ffcbba82138 [ 360.246061][T12574] [ 360.413396][ T125] usb 1-1: new full-speed USB device number 22 using dummy_hcd [ 360.605169][ T125] usb 1-1: unable to get BOS descriptor or descriptor too short [ 360.613503][ T125] usb 1-1: not running at top speed; connect to a high speed hub [ 360.622211][ T125] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 360.632346][ T125] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 360.643427][ T125] usb 1-1: string descriptor 0 read error: -22 [ 360.649637][ T125] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 360.658714][ T125] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 360.669485][ T125] usb 1-1: 0:2 : does not exist [ 361.678802][ T125] usb 1-1: 5:0: cannot get min/max values for control 3 (id 5) [ 361.689001][ T125] usb 1-1: 5:0: failed to get current value for ch 1 (-22) [ 361.702089][ T125] usb 1-1: 5:0: cannot get min/max values for control 3 (id 5) [ 361.711352][ T125] usb 1-1: USB disconnect, device number 22 [ 361.924963][ T4673] udevd[4673]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory