last executing test programs: 14.440078487s ago: executing program 5 (id=916): bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='pids.max\x00', 0x2, 0x0) write$cgroup_int(r1, &(0x7f0000000180)=0x400000000, 0x12) 14.25870584s ago: executing program 5 (id=920): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000080)=ANY=[@ANYBLOB="5c00000010000304feffffff0000000000062d00", @ANYRES32=0x0, @ANYBLOB="fe0f0000000000002c0012800a00010069706f69620000001c00028006000300000000000600030001000000060003000100000008000500", @ANYRES32=r2], 0x5c}, 0x1, 0xba01}, 0x0) 13.991494187s ago: executing program 5 (id=925): syz_mount_image$nilfs2(&(0x7f0000000dc0), &(0x7f0000000400)='./file0\x00', 0x90, &(0x7f0000003280)=ANY=[@ANYBLOB="0001def4774774366f0b8a20db13db64e85fc9322c3fe018b91ff1291b4f4c56de7e4543f49818e1307d98d09daa1e2a7dbf88003e9401dc73aad0b7dbb5685565c7825ba8340621faeae92abed19c524ab06c4303258d253722e159642af447aeb096c6a26d345d82f2925163331b0e9157441a9c61dd1051d3b970f9ac12f5975cf1ad4e45acef1a54921c492a77bcb1858b68758ed339608b8e43c733219f1f9e0b867840f821e03bc0e8a497c4d5dde436000090a397637dedb2f3"], 0x1, 0xd99, &(0x7f0000006900)="$eJzs3UtvXNUdAPBzx544LxqHmMZN09glpbiP2CRYpbsaKV2gSqgSnwClgYYa+ghdgIKUsOi2kRAfoIh9F31mgRSxSsWmVb8AYtVNipBoG1UCI9vnjMf/zOjOOLbH4/n9pDtn7v2fe88587hz575OAkZWY+1xcXG6SuntW29dvDcz/r/VKTOtHLNrj+N5bCml1GzNl9JkWN7SxHr62SfXLrWnn+e0ShdSlarW9PTs3da8R1JK19Nsup0m03Mfn7z50gfPLL934saJi2/M3dmZ1gMAwGi596N3f/m3x3947fj/f39mKU20ppft86U8fjRv9y9V6+M5af0PqNrSqm28OBDyjeehEfKNdcjXXk4z5BvvUv6BsNxml3wTNeWPtU3r1G4YZhv/46vG/KbxRmN+fv0/+aoPxw5U869cWX7h6oAqCmy7T2fyLj6DwTByw8qxQa+BANbF44b3uR73LDyY1tLGeyv/7tONzvPDNtjtz7/yh6v8d29Y47B99uunqbSrfI+O5vF4HGE8zNfv978sLx6PaPZYz27HEYbl+EK3eo7tcj22qlv94+div/paTsvrcCbE278/8T0dlvcY6Oye/f8Gw8gOK4NeAQF7VjxvbiUr8XheX4xP1MQP1sQP1cQP18SP1MRhlP3h1d+mm9XG//z4n77f/WFlP9tDOf1Sn/WJ+yP7LT+e99uvBy0/nk8Me9rcf09/+uvbf4/n/38ezv8/m39LJ/MKouwvjPvVW+f+hwuDG13yPRyq81CH/GvPpzbnq6Y2lpPa1jP31WN683zHuuU7vTnfZMh3OG+LHAz1jdsnh8N8ZfujrFfL6zUe2tsM7TgQ6lHemeM5PRjac7xbu8KO7AMhXzMPJ0K7pkK7HgnzfTm0q5re3K64/7zU52SYHo+TlHzhbbvvdym+F/G6jEdz+mZO38np+zn9qEO5o6h8Hrud/18+n9OpWb1wZfnyE3m8fE7vjDUnVqef3+V6Aw+u1+t/ptPm63+OtqY3G+3rhWMb06v29cJkmH6hy/Qn83j5Pfvp2KG16fOXfr78k+1uPIy4q6+9/rPnl5cv/8oTTzzxpPVk0GsmYKctvPryLxauvvb6uSsvP//i5Rcvv3L+ie9/78mnnlpcWNuqX2jftgf2l40f/UHXBAAAAAAAAAAAAOhZdajz5JzW3d+2XE9erk+P18czHMr7Vj4N5T4G5frPbvd1KddvHt+FOrL9duNyokG3Eejs3+7/azCM7LCy4i7+wN4w6P7/yn0PS3r03D+Prw4l292nN68v4/0L4UHs9f7nlL+/+v9r9X/V8/ov9Jg1ubVy/3jv0D/aik2nei0/tr/cB3aqv/L/lMsvrXks9Vb+yu9C+fFGpT36cyj/cI/l39f+01sr/y+5/PKyzZ3ttfz1GleNzfWI+43LfQDjfuPir6H95d5+fbd/ix213crlwygbln4m+zUs/X92U5Zb1oN59dw6Tlfuvx37O+i3/uW+3+V34JGw/Krm903/n8Otrv/P8vlb0P8n7DsfOv5nMIzssLKyMtCuT0a135W9YtCv/6C3IQdd/qBf/zqx/8/4fyn2/xnjsf/PGI/9f8Z47F8rxmP/n/H1jP1/xvjJsNzYP+h0TfwrNfFTNfGv1sRP18Tj/7cYn62Jn6mJz9TEH66JP1oTP1sT/0ZN/LGa+OM18bma+H739ZyOavthlMV+I33/YXSU4z/dvv9TNXFgeMV+neP3+5s1cWB4lfM8fL9hBFWd79gR97eX/bhv5vSdnL6f0492rILshm/l9Ns5/U5Ov5vTczmdz+lCTvUNOdx+869TZ25WG+f5HQvxXs8njdcDxPvEnO+xPvH4XL/ns57ssZydKn+Ll4MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADI3G2uPi4nSV0tu33rr4n6kf/Hh1ykwrx+za43geW0opNVNKVR4fD8u7PrGefvbJtUud0ipdWHss4+nZu615j6zOn2bT7TSZnvv45M2XPnhm+b0TN05cfGPuzs60HgAAAEbDFwEAAP//ManlwQ==") r0 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file2\x00', 0x4b142, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000200)='./bus\x00', 0x141842, 0x0) write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, 0x0, {0x7, 0x28, 0x6, 0x1284400, 0x3, 0x6, 0x6, 0x1}}, 0x50) 13.466145441s ago: executing program 5 (id=932): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000001c0)=ANY=[@ANYBLOB="440000001000010400"/20, @ANYRES32=r1, @ANYBLOB="000000000000000024001280110001006272696467655f736c617665000000000c000580050027"], 0x44}}, 0x0) 13.192319026s ago: executing program 5 (id=936): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_ro(r0, &(0x7f0000000200)='blkio.throttle.io_serviced_recursive\x00', 0x0, 0x0) preadv2(r1, &(0x7f00000003c0)=[{&(0x7f0000000840)=""/193, 0xc1}], 0x1, 0x0, 0x0, 0x0) 12.957483832s ago: executing program 5 (id=943): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000000)='GPL\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r0}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1400000024000900000e00000000000006"], 0x14}}, 0x0) 4.641655637s ago: executing program 4 (id=1036): syz_mount_image$jfs(&(0x7f0000000100), &(0x7f0000000000)='./file0\x00', 0x1010003, &(0x7f0000000700)={[{@discard}, {@nodiscard}, {@iocharset={'iocharset', 0x3d, 'cp1255'}}, {@errors_remount}, {@errors_remount}, {@nodiscard}, {@uid}, {@grpquota}, {@gid}]}, 0x23, 0x6180, &(0x7f0000006840)="$eJzs3c1vHGcdB/Df7JtfQtOoh6pECLlteCmleS0hUKDtAQ5cOKBcUSLXrSJSQElAaRURV75w4I8AIXFEiCMn/oAeuHLjDyBSggTqAXXQ2M/jjKe7XjuJd3Yzn4/kzPz2mfE+k+/uzq5nZp8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOKHP/jxuSIirvwq3XAi4nPRj+hFrFT1WkSsrJ2or/NCbDfH8xExXIqo1t/+59mI1yPi4+MR9x/cWa9uPn/Afnz/z//4w0+O/ejvfxqe+e9fbvXfmLTc7du//c9f7z769gIAAEAXlWVZFulj/smIGKTP9gDA0y/v/8sk366eu3pzzvqjVqvV6gWs68rx7taLiNisr1O9Z3A4HgAWzGZ80nYXaJH8O20QEcfa7gQw14q2O8CRuP/gznqR8i3q+4O1nfZ8Lsie/DeL3es7Jk2naZ5jMqvH11b047kJ/VmZUR/mSc6/18z/yk77KC131PnPyqT8RzuXPnVOzr/fzL/h6cm/Nzb/rsr5Dw6Vf1/+AAAAAAAwx/Lf/0+0fPx36fE35UD2O/67NqM+AAAAAAAAAMCTdtjx/waN8f92Gf8PAAAA5lb1Wb3yu+MPb5v0XWzV7ZeLiGcaywMdky6WWW27HwAAAAAAAAAAAADQJYOdc3gvFxHDiHhmdbUsy+qnrlkf1uOuv+i6vv3QZW2/yAMAwI6Pjzeu5S8iliPicvquv+Hq6mpZLq+slqvlylJ+PztaWi5Xap9r87S6bWl0gDfEg1FZ/bLl2np10z4vT2tv/r7qvkZl/wAdm40WAweAiNjZG92ftEf6n/3VYirLZ6PlNzksiH2e/ywoz38Oou3HKQAAAHD0yrIsi/R13ifTMf9e250CAGYi7/+bxwXUarVarVY/fXVdOd7dehERm/V1qvcMhuMHgAWzGZ+03QVaJP9OG0TEC213AphrRdsd4Ejcf3BnvUj5FvX9QRrfPZ8Lsif/zWJ7vbz+uOk0zXNMZvX42op+PDehP8/PqA/zJOffa+Z/Zad9lJY76vxnZVL+1XaeaKE/bcv595v5Nzw9+ffG5t9VOf/BofLvyx8AAAAAAOZY/vv/ibk6/jt61M2Zar/jv2tj1zi6vgAAAAAAAADAk3L/wZ31fN1rPv7/hTHLuf7z6ZTzL+TfSTn/XiP/rzaW69fm7739MP9/P7iz/sdb//p8nh40/6U8U6RHVpEeEUW6p2KQpo+zdZ+1NeyPqnsaFr3+IJ3zUw7fjWtxPTbi7J5le+n/42H7uT3tVU+H2+1lf6f9/J72wW57Xv/CnvZhOruoXMntp2M9fh7X453t9qptacr2L09pL6e05/z7nv+dlPMf1H6q/FdTe9GYVu591PvM874+HXc/b1374m/OHv3mTLUV/d1tq6u276UW+rP9f3JsFL+8uXHj9O2rt27dOBdpsufW85EmT1jOf5h+dl//X95pz6/79efrvY9Gh86/Nf295VYMJub/cm2+2t5XZtG/luX8R+kn5/9Oah///F+g/Bv2e/6/2kJ/AAAAAAAAAAAAAAAAYD9lWW5fIvpWRFxM1/+0dW0mADBbef9fJvn2WdX9Gd+fWr3gdTFn/Zlp/Wk5X/1RqxexrivHe7NeRMTf6utU7xl+Pe6XAQDz7NOI+GfbnaA18u+w/H1/1fRU250BZurmBx/+9Or16xs3brbdEwAAAAAAAADgUeXxP9dq4z+fKsvybmO5PeO/vh1rjzv+5yDP7A4wOmGg6v7ht2k/W71Rv1cbbvzFmDT+93B3br/xvwdT7m84pX00pX1pSvvylPaxF3rU5PxfrI13fioiTjaGX+/C+K/NMe+7IOf/Uu3xXOX/lcZy9fzL3y9y/r09+Z+59f4vztz84MPXrr1/9b2N9zZ+duHcubMXLl68dOnSmXevXd84u/Nviz0+Wjn/PPa180C7JeefM5d/t+T8v5Rq+XdLzv/LqZZ/t+T88/s9+XdLzj9/9pF/t+T8X0m1/Lsl5/+1VMu/W3L+r6Za/t2S8/96quXfLTn/11It/27J+Z9Otfy7Jed/JtUHzH/lqPvFbOT88xEuz/9uyfnnMxvk3y05//Opln+35PwvpFr+3ZLzfz3V8u+WnP83Ui3/bsn5X0y1/Lsl5//NVMu/W3L+l1It/27J+X8r1fLvlpz/t1Mt/27J+b+Ravl3S87/O6mWf7fk/L+bavl3S87/e6mWf7fk/N9Mtfy75eH3/5sxY8ZMnmn7lQkAAAAAAAAAAAAAaJrF6cRtbyMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP9nBw4EAAAAAID8XxuhqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqCjtwIAAAAAAA5P/aCFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVXYu7cYue76DuBnr944kBgIqZMa2DgmGGeTXV/iC62LCdeGWwmEQi/YrndtFnzDa5dAI9koUCJhVFTRNjy0BYTavFT4gQdaAcoDaoVUCdoH+oKoUHmIKoMCUiVaQbaac/7//87Mzs7s2pP1mXM+Hyn5ZWfOzDlz5szZ/e7mOwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0u+v1c58eyrKs8U/+r01Z9oLGf980uSm/7DU3egsBAACA6/Wr/N/P3pouOLSKGzUt8y8v/+7XFhcXF7P3jfzF2OcXF9MVk1k2tiHL8uuiKz96/1DzMsHj2cTQcNPXwz1WP9Lj+tEe14/1uH68x/Ubelw/0eP6ZTtgmZuK38fkd7Yt/89NxS7NbsvG8uu2dbjV40Mbhofj73JyQ/ltFseOZ/PZyWwum2lZvlh2KF/+G3c11vWWLK5ruGldWxpHyM8eOxa3YSjs420t61q6z+gnr8smf/6zx4793fmrd3SaPXdDy/0V27l9a2M7PxkuKbZ1KNuQ9knczuGm7dzS4TkZadnOofx2jf9u385nV7mdI0ubua7an/OJbDj/7+/l+2m0+dd6aT9tCZf94u4syy4tbXb7MsvWlQ1nG1suGV56fiaKI7JxH41D6cXZ6JqO07tWcZw25uy21uO0/TURn/+7wu1GV9iG5qfpJ58Yb3ref7l4Lcdp1HjUK71W2o/Bfr9WynIMxuPie/mDfqLjMbgtPP7H7ln5GOx47HQ4BtPjbjoGt/Y6BofHR/JtTk/CUH6bpWNwZ8vyI/mahvL5zD3dj8Hp86fOTi987OP3zZ86emLuxNzp3Tt3zuzeu3f//v3Tx+dPzs0U/77GvV1+G7Ph9BrYGvZdfA28qm3Z5kN18Uvjy86/1/o6nOjyOtzUtmy/X4ej7Q9uaH1ekMuP6eK18Z7GTp+4PJyt8BrLn58d1/86TI+76XU42vQ67Pg9pcPrcHQVr8PGMmd3rO5nltGmfzptw8rfC67vGNzUdAy2/zzSfgz2++eRshyDE+G4+MGOlb8XbAnb+8TUWn8eGVl2DKaHG849jUvSz/sT+/PR6bi8s3HFzePZhYW5c/c/evT8+XM7szDWxUuajpX243Vj02PKlh2vw2s+Xg/Nv/yJOztcvinsq4n7Gv+aWPG5aiyz5/7uz1X+3a3z/my5dFcWRp+t9/7s9N28sT/Hs+wL3/7Ew9987AuvX3F/NvLmJ6ev/2fxlEubzr9jK5x/Y+5/rlhfuqvHR8ZGi9fvSNo7Yy3n49anajQ/dw3l6352enXn47Hwz3qfj2/rcj7e3LZsv8/HY+0PLp6Ph3r9tuP6tD+fE+E4OTnT/XzcWGbzrrUek6Ndz8d3hzkU9v+rQ1JIuajp2FnpuE3rGh0dC49rNK6h9Tjd3bL8WMhmjXU9tesajtOfZdn2u4v7GkmPbsl6HaeTbcv2+zhNv/ta6Tgd6vXbt2vT/nxOhOPitt3dj9PGMk/vuf5z503xP5vOneO9jsGxkfHGNo+lgzA/32eLN8Vj8P7sWHYmO5nN5teO58fTUL6uqQdWdwyOh3/W+1y5ucsxuL1t2X4fg+n72ErH3tDo8gffB+3P50Q4Lp58oPsx2FjmDfv6+7Pr9nBJWqbpZ9f236+t9DuvO9t20/N1rIyG7fz2vu6/m20sc3L/WnNm9/10b7jk5g77qf31u9JrajZbn/20OWzn1f0r76fG9jSW+fyBVR5Ph7Isu/iRB/Pf94a/r1y88P2vtfzdpdPfdC5+5MGfvvD4P69l+wEYfM8VY2Pxva7pL1Or+fs/AAAAMBBi7h8OM5H/AQAAoDJi7o//V3gi/wMAAEBlxNw/GmZSk/y/+Q1X55+7mKVm/mIQr0+74aFiudhxnQlfTy4uaVz+4Ffm/uefLq5u3cNZlv3yoT/puPzmh+J2FSbDdl55Y+vly3ztvlWt+8gjF9N6m/vrXwz3Hx/Pag+DThXcmSzLvnHrZ/P1TL7/cj6ffuhIPh++9MTjjWWePVB8HW//zEuK5f86lH8PHT/acvtnwn74cZgzb+28P+Ltvnr51Vv2vXdpffF2Q1tvyR/2kx8o7je+T87nHi+Wj/t5pe3/5mee+mpj+Udf2Xn7Lw533v6nwv1+Jcz/fVmxfPNz0Pg63u5TYfvj+uLt7v/ytzpu/5VPF8uffVOx3JEw4/q3h6+3venqfPP+enToaMvjyt5cLBfXP/P9P8uvj/cX7799+ycOX27ZH+3Hx9P/XtzPdNvy8fK4nugf29bfuJ/m4zOu/6k/PdKyn3ut/8rDz7yscb/t67+3bbmzH9mRr3/p/lrfselvPvXZjuuL23PoH862PJ5D7wqv47D+Jz8Qjsdw/f9dKe6v/d0Vjryr9fwTl//ipostjyd6y8+L9V957Yl8bpi4aePNL3jhLZde0dh3Wfa9DcX99Vr/ib8907L9X7q92B/x+tjRb1//SuL6z3106vSZhQvzs2mvPnZr/t45byu2J27vreHc2v714TPnPzh3bnJmcibLJqv7FnrX7Mth/rQYl7ovvbjsDLrjkfB83vlX39h4z799Jl7+H+8pLr/81uL71qvCcp8Ll28Kz9/a1r/ck3fdnr++h54OW7i4/P2Cr8eWbf+9f1ULhsff/nNBPN7PvvSD+X5oXJd/34iv6+vc/h/OFvfz9bBfF8M7M2+9fWl9zcvH90a4/O7i9X7d+y+c5uLz+vfh+X77j4v7j9sVH+8Pw88x39rcer6Lx8fXLw6333/+Lh6Xwvkku1RcH5eK+/vys7d33Lz4PiTZpTvyr/883c8da3qYK1n42ML0yfnTFx6dPj+3cH564WMfP3zqzIXT5w/n7+V5+EO9br90ftqYn59m5/buyfKz1ZliPM9u9PaffeTY7L6Ze2bnjh+9cPz8I2fnzp04trBwbG524Z6jx4/PfbTX7ednD+7cdWD3vl1TJ+ZnD+4/cGD3gan502cam1FsVA97Zz48dfrc4fwmCwf3HNj5wAN7ZqZOnZmdO7hvZmbqQq/b59+bphq3/uOpc3Mnj56fPzU3tTD/8bmDOw/s3bur57sBnjp7fGFy+tyF09MXFubOTRePZfJ8fnHje1+v21NNC/9Z/Dzbbqh4I77snffuTe/P2vCVT6x4V8UibW8gejW8F813XnR2/2q+jrl/LMykJvkfAAAA6iDm/vEwE/kfAAAAKiPm/g1hJvI/AAAAVEbM/RNhpv8loCb5v3L9/80XV7V+/X/9/+b9pf9fs/7/u8vW/y/OF/r//XG9/Xv9/0D/X/9f/1//X/+fPihb/z/m/puyzN//AQAAoKJi7t8YZiL/AwAAQGXE3H9zmIn8DwAAAJURc/8Lwkxqkv/1//X/9f/1//X/O69f/38w6f93p//fg/7/dFav/v+lfm6//r/+P8uVrf8fc/8Lw0xqkv8BAACgDmLuvyXMRP4HAACAyoi5/9YwE/kfAAAAKiPm/k1hJjXJ//r/+v/6//r/+v+d16//P5j0/7vT/+9B/9/n/+v/6//TV2Xr/8fc/6Iwk5rkfwAAAKiDmPtfHGYi/wMAAED5jF7bzWLuf0mYybL8f40rAAAAAG64mPtvy9qK4DX5+7/+v/6//r/+v/5/5/Wvvv8/kun/l4f+f3f6/z3o/+v/6//r/9NXZev/57k/m8heGmZSk/wPAAAAdRBz/+1hJvI/AAAAVEbM/b8WZiL/AwAAQGXE3L85zKQm+V//vzL9/180P3X6/1fnn/vFUl9/RP+/Zf36/z7/v8r0/7vT/+9B/1//X/9f/5++Klv/P+b+O8JMapL/AQAAoA5i7r8zzET+BwAAgMqIuf/Xw0zkfwAAAKiMmPu3hJnUJP/r/5e8/x+boz7/3+f/6/+Xsv8/of9fOvr/3en/96D/r/+v/6//T1+Vrf8fc//Lwkxqkv8BAACgDmLuf3mYifwPAAAAlRFz/yvCTOR/AAAAqIyY+yfDTGqS//X/S97/L3rw46v4/P8W+v/6/93Wr//v8/+rTP+/O/3/HvT/9f/1//X/6auy9f9j7r8rzKQm+R8AAADqIOb+rWEm8j8AAABURsz9d4eZyP8AAABQGTH3bwszqUn+1/8fiP5/pv+v/6//r/+v/786+v/d6f/3oP+v/6//r/9PX5Wt/x9z/yvDTGqS/wEAAKAOYu6/J8xE/gcAAIDKiLn/VWEm8j8AAABURsz928NMapL/9f/1//X/9f/1/zuvX/9/MOn/d6f/34P+v/6//r/+P31Vtv5/zP2vDjOpSf4HAACAOoi5f0eYifwPAAAAlRFz/71hJvI/AAAAVEbM/VNhJjXJ//r/+v/6//r/+v+d16//P5j0/7vT/+9B/1//X/9f/5++Klv/P+b++8JMapL/AQAAoA5i7r8/zET+BwAAgMqIuX86zET+BwAAgMqIuX8mzKQm+V//X/9f/1//f039/1cs3a/+f0H/v1z0/7vT/+9B/1///4b3/8f0/6mUsvX/Y+7fGWZSk/wPAAAAdRBz/64wE/kfAAAAKiPm/t1hJvI/AAAAVEbM/XvCTGqS//X/9f/1//X/ff5/5/Xr/w8m/f/u+t//jw9R/1//X//f5//r/7Nc2fr/Mfc/EGZSk/wPAAAAdRBz/94wE/kfAAAAKiPm/n1hJvI/AAAAVEbM/fvDTGqS//X/9f/1//X/9f87r1//fzDp/3fn8/970P/X/x/g/n/j2NL/p2zK1v+Puf9AmElN8j8AAADUQcz9rwkzkf8BAACgMmLu/40wE/kfAAAAKiPm/t8MM6lJ/tf/1//X/9f/L3v/f1z/X/9/DfT/u9P/70H/X/9/gPv/Pv+fMipb/z/m/oNhJjXJ/wAAAFAHMff/VpiJ/A8AAACVEXP/a8NM5H8AAACojJj7D4WZ1CT/6/+vU/8/Xqj/r/+v/+/z//X/n1f6/93p//eg/6//r/+v/09fla3/H3P/68JMapL/AQAAoA5i7n8wzET+BwAAgMqIuf/1YSbyPwAAAFRGzP1vCDOpSf7X//f5/ze+/z/Wsu36/0u30/8v6P/r/6+F/n93+v896P/r/+v/6//TV2Xr/8fc/8Ywk5rkfwAAAKiDmPvfFGYi/wMAAEBlxNz/5jAT+R8AAAAqI+b+t4SZ1CT/6//r/9/4/r/P/9f/L+j/6//3g/5/d/r/Pej/6//r/+v/01dl6//H3P/bYSY1yf8AAABQBzH3PxRmIv8DAABAZcTc/9YwE/kfAAAAKiPm/reFmdQk/+v/6//r/+v/6/93Xr/+/2DS/+9uwPr/v7olXK7/X9D/L/f2r7X/P9r29fPS///RSv3/xQ3tt9f/5/lQtv5/zP1vDzOpSf4HAACAOoi5/x1hJvI/AAAAVEbM/e8MM5H/AQAAoDJi7v+dMJOa5H/9/8Z2LLWX9f/1//ML9P/1//X/B5b+f3cD1v/3+f9t9P/Lvf0+/1//n+XK1v+Puf9dYSY1yf8AAABQBzH3PxxmIv8DAABAZcTc/+4wE/kfAAAAKiPm/veEmdQk/+v/+/x//X/9f/3/zuvX/x9M+v/d6f/3oP+v/1+2/v9/6f8z2MrW/4+5/5Ewk5rkfwAAAKiDmPvfG2Yi/wMAAEBlxNz/u2Em8j8AAABURsz97wszqUn+1/8flP7/pP6//r/+f9vj0f/X/+9E/787/f8e9P/1/8vW//f5/wy4svX/Y+5/f5jJ6vP/xKqXBAAAAG6ImPt/L8ykJn//BwAAgDqIuf/3w0zkfwAAAKiMmPv/IMykJvlf/39Q+v8+/z/T/9f/b3s8+v/6/52sX/8/nnn0//X/9f8j/X/9f/1/2pWt/x9z/x+GmdQk/wMAAEAdxNz/gTAT+R8AAAAGQqf/J7tdzP2Hw0zkfwAAAKiMmPuPhJnUJP/r/+v/6/+XtP//l1v/9QfffceRnfr/+v/6/2uyrp//33jx+/x//X/9/0T/X/9f/592Zev/x9x/NMxkKfi9zQf8AwAAwGCLuf+Pwkxq8vd/AAAAqIOY+4+Fmcj/AAAAUBkx98+GmdQk/+v/6//r/5e0/z/An/8f98cg9f+nNgxQ/z+edPX/O1rX/v97l3ri+v9r7f+Pd7xU/1//v8/b/50sy/T/9f+5gcrW/4+5fy7MpCb5HwAAAOog5P7h48VcukL+BwAAgMqIuf9EmIn8DwAAAJURc/8Hw0xqkv/1//X/9f/1/33+f+f1l7b/7/P/u9L/7648/f/O9P/1/wd5+/X/9f9Zrmz9/5j758NMapL/AQAAoA5i7v9QmIn8DwAAAJURc/+Hw0zkfwAAAKiMmPtPhpnUJP/r/+v/6//r/+v/d16//v9g0v/vTv+/B/1//X/9f/1/+qps/f+Y+0+FmdQk/wMAAEAdxNx/OsxE/gcAAP6fvfto0qy+7jjeg4dipth454UX9t4vgYW9tl+AF9544yqXF044JwYrJ5RzQFkooAASQgnlACghoSwkoZwDykiqUYk+50z39O37dA9Pd9/nfz6fhQ5qGN1HqingR89XFxhG7v5/iFvsfwAAABhG7v5/jFua7H/9v/5/2P7/T/X/+z1f/6//H5n+f57+fwX9v/5f/6//Z62W1v/n7v+nuKXJ/gcAAIAOcvf/c9xi/wMAAMAwcvdfHbfY/wAAADCM3P3/Erc02f8X9f+ntnr2/5nx6v9H6v+9/3/f5+v/9f8jO97+/9rf/ZlP/6//1/8H/b/+X//PxZbW/+fu/9e4pcn+BwAAgA5y9/9b3GL/AwAAwDBy9/973GL/AwAAwDBy9/9H3NJk/3v/v/f/6//1//r/6efr/zeT9//P69T/X333lX9/3y1/eOthnq//1//r//X/rNfS+v/c/f8ZtzTZ/wAAANBB7v7/ilvsfwAAABhG7v7/jlvsfwAAANhAZye/mrv/f+KWJvtf/6//1//r//X/08/X/28m/f+8Tv3/pTxf/6//1//r/1mvpfX/ufv/N25psv8BAACgg9z9/xe32P8AAAAwjNz918Qt9j8AAAAMI3f/ubilyf7X/x99//8b/b/+P67+X/+v/z96+v95+v8V9P/6f/2//p+1Wlr/n7v/2rilyf4HAACADnL3/3/cYv8DAADAMHL3PyRusf8BAABgGLn7Hxq3NNn/+n/v/9f/6//1/9PP1/9vJv3/PP3/Cvr/B9vPX67/1//r/9npkP3//TN/2l5L/5+7/2FxS5P9DwAAAB3k7n943GL/AwAAwDBy9z8ibrH/AQAAYBi5+x8ZtzTZ//p//b/+X/9/yf3/3p96D9D/T9P/H4919v87/9yk/9+2tv7/1OnJL+v/N77/9/5//b/+n12W9v7/3P2Pilua7H8AAADoIHf/o+OWmf1/6H+YDwAAAJyo3P2PiVt8/x8AAAA2XlZnufsfG7c02f/6f/2//l//7/3/08+f6/9v3fH59P/L4v3/8xbT/+9D/6//3+TPr//X/7PX0vr/3P2Pi1ua7H8AAADoIHf/dXGL/Q8AAADDyN3/+LjF/gcAAIBh5O5/QtzSZP9P9/8Xfr/+/2D0/7s/v/5/+ufHuvr//E/U/8/2/3/m/f896f/n6f9X0P/r//X/+/X/Z1f9eP0/U5bW/+fuf2Lc0mT/AwAAQAe5+58Ut9j/AAAAMIzc/U+OW+x/AAAAGEbu/qfELU32v/f/6//1/5vX/3v//7aTfP//1rH3/6f1/wek/5+n/19B/6//1//Pv/9/5v8FQP/PlKX1/7n7nxq3NNn/AAAA0EHu/qfFLfY/AAAAbIadv3bg4l9QGnL3Pz1usf8BAABgGLn7nxG3NNn/+n/9v/5f/6//n37+svp/7/8/KP3/PP3/Cvr/o+jnTw/W/1+/349fQv9/zVH3/zP0/0zZ1f/fduHrJ9X/5+5/ZtzSZP8DAABAB7n7nxW32P8AAAAwjNz9z45b7H8AAAAYRu7+58QtTfb/kff/M+8I1f/r//X/+n/9v/5/3fT/8/T/K+j/vf/f+//1/6zVrv5/h5Pq/3P3PzduabL/AQAAoIPc/c+LW+x/AAAAGEbu/uvjpstO7BMBAAAA65a7//lxS5Pv/3v/v/5f/6//1/9PP1//v5n0//P0/yvo//X/+n/9P2u1tP4/d/8L4pYm+x8AAAA6yN3/wrjF/gcAAIBh5O5/Udxi/wMAAMAwcve/OG5psv/1/0fb/+fX9f/6/y39v/5f/38s2vb/p6b+SrTXPv3/nX977i92f0X/r//X/+v/9f8c0O/P/L5F9P/nL/zdZe7+l8QtTfY/AAAAdJC7/6Vxi/0PAAAAw8jd/7K4xf4HAACAYeTuvyFuOeT+n2selkz/7/3/+n/9v/5/+vn6/83Utv8/IO//X0H/r//X/+v/WatF9P87/n3u/pfHLb7/DwAAAMPI3f+KuMX+BwAAgGHk7n9l3GL/AwAAwDBy978qbmmy//X/+n/9v/5f/z/9fP3/ZtL/z9P/r7BJ/f8N+v9L/Py3H9Xn1//r/9lraf1/7v4b45Ym+x8AAAA6yN3/6rjF/gcAAIBh5O5/Tdxi/wMAAMAwcve/Nm5psv/1//p//b/+X/8//Xz9/2bS/88boP8/s/OPv6T+/6aZDzDV/5+/Ypn9v/f/L+7z6//1/+y1tP4/d//r4pYm+x8AAAA6yN1/U9xi/wMAAMAwcvffHLfY/wAAADCM3P2vj1ua7H/9v/5f/6//1/9PP1//v5n0//MG6P+9/39L/7/Uz6//1/+z19L6/9z9b4hbmux/AAAA6CB3/y1xi/0PAAAAw8jd/8a4xf4HAACAYeTuvzVuabL/9f/6f/2//l//P/18/f9mOrr+f0v/r//X/6+g/9f/6/+52NL6/9z9b4pbmux/AAAA6CB3/5vjFvsfAAAAhpG7/y1xi/0PAAAAw8jd/9a4pcn+1//r//X/+n/9//Tz9f+byfv/5+n/V9D/6//1//p/1mq6/7/mxPr/3P1vi1ua7H8AAADoIHf/bXGL/Q8AAADDyN3/9rjF/gcAAIBh5O5/R9zSZP/r//X/u/v/rS39v/5f/7/tGPr/M1v6/7XT/8/T/6+g/x+z/79sa6D+/+y+P17/zxIt7f3/ufvfGbc02f8AAADQQe7+d8Ut9j8AAAAMI3f/u+MW+x8AAACGkbv/PXFLk/2v/9f/e/+//l//P/187//fTPr/efr/FfT/Y/b/3v+v/+fELK3/z93/3rilyf4HAACADnL3vy9usf8BAABgGLn73x+32P8AAAAwjNz9H4hbmux//b/+X/+v/9f/Tz9f/7+Z9P/z9P8r6P/1//p//T9rtbT+P3f/7XFLk/0PAAAAHeTuvyNusf8BAABgGLn774xb7H8AAAAYRu7+D8YtTfa//l//r//fzP7/jP5f/6//n7SU/v+qq/78Lv2//l//r//X/+v/u1ta/5+7/0NxS5P9DwAAAB3k7v9w3GL/AwAAwDBy938kbrH/AQAAYBi5+z8atzTZ/3v7/8u3tgvVbVP9fzRq+v8d9P+7P7/+f/rnh/f/6//1/0dvKf2/9/9f2ufX/+v/N/nzH6r//+O9P17/z4iW1v/n7r8rbmmy/wEAAKCD3P0fi1vsfwAAABhG7v6Pxy32PwAAAAwjd//dcUuT/e/9//p//b/+X/8//Xz9/2Y6uv5/++8R9P/6f/3//vT/g7z///f0/6zP0vr/3P2fiFua7H8AAADoIHf/J+MW+x8AAACGkbv/U3GL/Q8AAADDyN3/6bilyf7X/+v/9f/6f/3/9PP1/5vJ+//n6f9X6NP/n5n64kn38w/WSX/+Yfp/7/9njZbW/+fu/0zc0mT/AwAAQAe5+z8bt9j/AAAAMIzc/Z+LW+x/AAAAGEbu/s/HLU32v/5f/z9+///X+v+Lnq//1/+PTP+ff0Wfpv9foU//P+mk+/lN//z6f/0/ey2t/8/df0/c0mT/AwAAQAe5+78Qt9j/AAAAMIzc/V+MW+x/AAAAGEbu/i/FLU32v/6/V/9/aqtj/+/9//p//X8n+v95+v8V9P/6f/2//p+1Wlr/n7v/3lOnW+5/AAAA2FR/+Sd/d89B/9h7H/jXM1tfjlvsfwAAABhG7v6vxC32PwAAAAwjd/9X45Ym+1//36v/7/n+f/2//l//34n+f57+fwX9v/5f/6//Z62W1v/n7v9a3LJj+J0+9H9LAAAAYEly9389bmny/X8AAADoIHf/N+KWPfv//AF/VTsAAACwNLn7vxm3NPn+v/5/4f3/1hH1//HH6f+36f/1/1PP1/9vJv3/vAfZ/58/pf/X/8/Q/+v/9f9cbGn9f+7+b8UtTfY/AAAADGrXP1HI3f/tuMX+BwAAgGHk7v9O3GL/AwAAwDBy9383bmmy//X/x97/Z6p+hO//P1u/5f3/zfv/685MPl//r/8fmf5/nvf/r6D/H6X/v0L/r/9nGZbW/+fu/17c0mT/AwAAQAe5+78ft9j/AAAAMIzc/T+IW+x/AAAAGEbu/h/GLU32v/5/4e//v6T+/wDv/9f/9+j/93n+OP3/H1x57o6/+pubb9T/c8Fx9v/5c0H/r//X/29bUP/v/f/6fxZi/f3/6V1fPGz/n7v/R3FLk/0PAAAAHeTuvy9usf8BAABgGLn7fxy32P8AAAAwjNz9P4lbmux//b/+fyn9f/5vfQL9/7nN6/+zKe7e/3v/v/5/L+//n6f/X0H/r//X/+v/Wav19/+7v3jY/j93/0/jlib7HwAAADrI3f+zuCX3/6lD/6N7AAAAYGFy9/88bvH9fwAAABhG7v5fxC1N9r/+X/+/lP4/ef//hR/n/f/bxuj//6h+S/9/tC6lv9/5c1j/H/T/+n/9v/5f/88aLK3/z93/y7ilyf4HAACADnL33x+32P8AAAAwjNz9v4pb7H8AAAAYRu7+X8ctTfa//n/U/j+LeP2//l//v4z+3/v/j4v3/8/T/6+g/9f/6//1/6zV0vr/3P2/DQAA//+PenJG") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) r1 = fanotify_init(0x0, 0x0) fanotify_mark(r1, 0x49, 0x40000000, 0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00') getdents64(r0, &(0x7f0000000500)=""/222, 0xde) 4.604794738s ago: executing program 3 (id=1037): io_setup(0x3, &(0x7f0000000000)=0x0) r1 = timerfd_create(0x0, 0x0) io_submit(r0, 0x1, &(0x7f00000009c0)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}]) timerfd_settime(r1, 0x3, &(0x7f0000000080)={{0x0, 0x3938700}, {0x77359400}}, 0x0) clock_adjtime(0x0, &(0x7f0000000000)={0x3fd, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}) 4.363127517s ago: executing program 2 (id=1040): r0 = socket(0x2, 0x80805, 0x0) sendmmsg$inet_sctp(0xffffffffffffffff, &(0x7f0000001a40)=[{&(0x7f0000000000)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0}], 0x1, 0x0) r1 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f00000001c0)=0x8) setsockopt$inet_sctp6_SCTP_AUTH_DELETE_KEY(r0, 0x84, 0x19, &(0x7f0000000080)={r2}, 0x8) 4.262316306s ago: executing program 3 (id=1041): r0 = socket$unix(0x1, 0x5, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000003900000008000300", @ANYRES32=r3, @ANYBLOB="24005a80200001801400030000000000000081be"], 0x40}}, 0x0) 4.051119396s ago: executing program 2 (id=1042): r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000004900), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000004940)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_WOWLAN(r1, &(0x7f0000009180)={0x0, 0x0, &(0x7f0000009140)={&(0x7f0000004980)={0x1c, r2, 0x1, 0x0, 0x0, {{}, {@void, @val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) 3.936224131s ago: executing program 3 (id=1044): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000340)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f000905", @ANYRES64], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000b00)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB="00000f00000009003d140f3c369197d09647190890"], 0x0, 0x0, 0x0, 0x0}, 0x0) r1 = syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x0) ioctl$HIDIOCGUSAGE(r1, 0xc038480a, &(0x7f0000000000)={0x2, 0x100}) 3.727362742s ago: executing program 2 (id=1045): r0 = socket$inet_sctp(0x2, 0x5, 0x84) sendto$inet(r0, &(0x7f00000000c0)="cb", 0x1, 0x0, &(0x7f0000000100)={0x2, 0x0, @private=0xa010102}, 0x10) sendmmsg$inet_sctp(r0, &(0x7f00000058c0)=[{&(0x7f0000000180)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000880)=[{&(0x7f0000000340)="a1", 0x1}], 0x1}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x1c, &(0x7f0000000400)={0x0}, &(0x7f0000000440)=0x8) setsockopt$inet_sctp_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f0000000140)=@sack_info={r1, 0x0, 0x3}, 0xc) 3.726721543s ago: executing program 1 (id=1046): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeeb, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) 3.638457218s ago: executing program 0 (id=1047): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0x3, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) write$tun(r0, &(0x7f0000000080)={@val={0x8, 0x800}, @val={0x7, 0x0, 0x300}, @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0x8002, 0x0, 0x0, 0x0, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast}, {{0x2800, 0x22eb, 0x41424344, 0x41424344, 0x0, 0x0, 0x4}}}}, 0xfdef) 3.214046512s ago: executing program 0 (id=1048): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf64(r0, &(0x7f0000000000)=ANY=[], 0x10132) setsockopt$sock_int(r1, 0x1, 0x10, &(0x7f0000000100)=0xffff, 0x4) recvmmsg(r1, &(0x7f0000001140)=[{{0x0, 0x0, 0x0}}], 0x700, 0x2, 0x0) 2.993378666s ago: executing program 0 (id=1049): pipe(&(0x7f0000001680)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000700)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x0) close(r1) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/uevent_helper', 0x42, 0x0) splice(r0, 0x0, r1, 0x0, 0x10500, 0x0) 2.79923959s ago: executing program 4 (id=1051): r0 = socket(0x10, 0x803, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="a000000010003b0e2a1a86eb2636037f00000000", @ANYRES32=r1, @ANYBLOB="02000000000080008000120008000100767469"], 0xa0}}, 0x0) r2 = socket(0x10, 0x3, 0x0) sendmmsg(r2, &(0x7f0000000000), 0x4000000000001f2, 0x0) 2.721352912s ago: executing program 2 (id=1052): bpf$MAP_CREATE(0x0, 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0) fsetxattr(r0, &(0x7f0000000080)=@known='trusted.overlay.upper\x00', 0x0, 0x0, 0x0) fgetxattr(r0, &(0x7f0000000000)=@known='trusted.overlay.upper\x00', 0x0, 0xffde) 2.716491085s ago: executing program 0 (id=1053): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000010000c50000000e00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x45) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='rxrpc_peer\x00', r0}, 0x10) r1 = socket(0x2000000000000021, 0x2, 0x10000000000002) connect$rxrpc(r1, &(0x7f0000000140)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0xfffd}}, 0x24) sendmmsg(r1, &(0x7f0000000180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=[{0x18, 0x110, 0x1, '\n'}], 0x18, 0xe000}, 0x5}], 0x1, 0x0) 2.554421324s ago: executing program 1 (id=1054): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = fsopen(&(0x7f0000000400)='ocfs2_dlmfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) fsconfig$FSCONFIG_SET_PATH(r0, 0x3, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0xffffffffffffffff, r1) 2.481222819s ago: executing program 2 (id=1055): syz_mount_image$jfs(&(0x7f0000000400), &(0x7f00000000c0)='./file0\x00', 0x14c46, &(0x7f0000002740)=ANY=[], 0x1, 0x5f16, &(0x7f0000003100)="$eJzs3V1vHFcZB/BnX7x+KU2jClUh4iJNobSU5j2B8taUCy4ACSSUaxK5bhVIASUB0SoirnKBuODlI8BNb7joFylfAfEBiBRzVQnKoLHPScbjddZp4p1dn99PcmaePTPeM/l7PLuemT0BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMT3vvvj072IuPzr9MDhiM/EIKIfsVzXx6KeuZiXH0bEkdhsjuciYrAYUa+/+c8zEeci4qNDEfc2bq3WD5/ZYz/On7p5/ZPvf+cfv/vTnSM/ffMnH7Tbf/TZsx/+/nbE4R++9uEnt5/MtgMAAEApqqqqeult/tH0/r7fdacAgKnIx/8qyY+r1Wq1+onWf+zPVn/UhdZN1Xi3m0VErDfXqV8zOB0PAHNmPT7uugt0SP5FG0bEU113Aphpva47wL64t3FrtZfy7TWPB8e22vPfKbflv967f3/HbtNJ2teYTOvn604M4tld+rM8pT7Mkpx/v53/5a32UVpuv/Oflt3yH23d+lScnP+gnX/Ltvz/HBFzm39/bP6lyvkPHyX/9cEc7//yBwAAAADg4Mt//z/c8fnfxcfflD152PnfY1PqAwAAAAAAAAA8aY87/t99xv8DAACAmVW/V6/95dCDx3b7LLb68Uu9iKdbywOFSTfLrHTdDwAAAAAAAAAAAAAoyXDrGt5LvYiFiHh6ZaWqqvqrqV0/qsddf96Vvv1Qsq5/yQMAwJaPDrXu5e9FLEXEpfRZfwsrKytVtbS8Uq1Uy4v59exocalabryvzdP6scXRHl4QD0dV/c2WGus1TXq/PKm9/f3q5xpVgz10bDo6DBwAImLraHTPEemAqapnoutXOcwH+//BY/9nL7r+OQUAAAD2X1VVVS99nPfRdM6/33WnAIBpWMrH//Z5AbVarVar1QevbqrGu90sImK9uU79msFw/AAwZ9bj4667QIfkX7RhRBzpuhPATOt13QH2xb2NW6u9lG+veTxI47vna0G25b/e21wvrz9uOkn7GpNp/XzdiUE8u0t/nptSH2ZJzr/fzv/yVvsoLbff+U/LbvnX23m4g/50Lec/aOffcnDy74/Nv1Q5/+Ej5T+QPwAAAAAAzLD89//Dzv/mTQYAAAAAAACAuXNv49Zqvu81n////Jjles05938eGDn/3p7zd//vQZLz77fzb12QM2jM333jQf7/3ri1+sHNf30uT2c+/4XBqH7uhV5/MEzX/FQLb8XVuBZrcWrH8sNt7ad3tC9saz8zof3sjvZR3b6c20/EavwirsWb99sXJ1wYtTShvZrQnvMf2P+LlPMfNr7q/FdSe681rd19v79jv29Oxz3Pxb/998Wde9f03YnB/W1rqrfveAf92fw/eWoUv7qxdv3Eb67cvHn9dKTJtkfPRJo8YTn/hfSV83/pha32/Hu/ub/efX/0yPnPijsx3DX/Fxrz9fa+POW+dSHnP0pfOf98BBq//89z/rvv/6900B8AAAAAAAAAAAAAAAB4mKqqNm8RvRgRF9L9P13dmwkATNUffpBmqiTUarVarVYf2LqpGu/1ZhFL29e5EBG/HffNAIBZ9r+I+GfXnaAz8i9Y/ry/evqFrjsDTNWNd9/72ZVr19au3+i6JwAAAAAAAADAp5XH/zzWGP958zqg1rjR28Z/fSOOze34n/3RYHOs87RBz8fDx/8+Hg8f/3s44fkWJrSPJrQvTmhfmtA+9kaPhpz/8ynjnP/RtGEljf/6Ugf96VrO/3ga6znn/6XWcs38q7/Oc/79bfmfvPnOL0/eePe9V6++c+XttbfXfn761IVzZ8+fO3v+/Mm3rl5bO7X1b4c93l85/zz2tetAy5Lzz5nLvyw5/y+mWv5lyfm/mGr5lyXnn1/vyb8sOf/83kf+Zcn5v5xq+Zcl5//lVMu/LDn/V1It/7Lk/L+SavmXJef/aqrlX5ac/4lUy78sOf+TqZZ/WXL++QyX/MuS889XNsi/LDn/M6mWf1ly/mdTLf+y5PzPpVr+Zcn5n0+1/MuS87+QavmXJef/1VTLvyw5/6+lWv5lyfm/lmr5lyXn//VUy78sOf9vpFr+Zcn5fzPV8i9Lzv9bqZZ/WXL+3061/MuS83891fIvy4PP/zcz5Zn//D1iBrphxsy4ma5/MwEAAAAAAAAAAAAAbdO4nLjrbQQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP7PDhwIAAAAAAD5vzZCVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVFXbgQAAAAAAAyP+1Eaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwd3cxcpX3GcDPftlrQ4IbCCHECWtjwMDi3fUXOMRgkpBS0qaUhLRpSY1jr40Tf9W7TgChshTaEgWpSO0FvWiaRGkUqa1AUaSmEo2QGqm9K1eJuIlaiQtLhcpBSaVUga3OnPd9d2Z2dmb9sXjOOb8fwn/vzJmZd86cmd1nrWcGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAZhs+Nv3nA1mW5f83/liXZZfmf1+T7cm/nNt5sVcIAAAAnK+3Gn/+w2XphD3LuFDTNv/2of/4/vz8/Hz2hTdPv/2X8/PpjLEsG1qdZY3zon//5S/mm7cJnspGBwabvh7scfNDPc4f7nH+SI/zV/U4f3WP80d7nL9oByyypvh9TOPKNjX+uq7YpdkV2UjjvE0dLvXUwOrBwfi7nIaBxmXmRw5mh7Mj2XQ2uegyA43/suylDflt3ZPF2xpsuq31WZad+dnj++MaBsI+3pS13FhD82P3xl3Z2Js/e3z/d2Zff3+n2XM3LFpplm3emK/z6Sxb+HVVNpCtTvskrnOwaZ3rO6xzqGWdA43L5X9vX+eZZa4z3u/RsM5XuqxzfTjtkWuzLJvLltym3VPZYLa27VbT/h4tjoj8OvKH8j3Z8FkdJxuWcZzkl3nt2tbjpP2YjPt/Q9gnw0usofnheOPJVYv2+7keJ/m97odjNb/u+/IbHR1t/tVqy7Gab/P4dUsfAx0fuw7HQDqWm46Bjb2OgcFVQ41jYHBhzRtbjoGpRZcZzAYat3X6uu7HwMTs0RMTM48+dsvho/sOTR+aPjY1uXP7th3bt+3YMXHw8JHpyeLPs9ulJbI2G0zH4MbwWhOPwRvatm0+JOe/eeGeB6N98jzI7/tnrs8XdOlgtsQxnm/z9Obzfx6k7/tNz4PhpudBx9fUDs+D4WU8D/Jtzmxe3vfM4ab/O61hpV4L1zUdAxfz+2F+mw/euPRr4fqwrmduOtvvh0OLjoF4twbCcy8/Jf28N3pb2C+Lj4ur8zMuWZWdmpk+ueWRfbOzJ6eyMN4Rlzc9Vu3Hy9qm+5QtOl4Gz/p42fP3v7r+6g6nrwv7avTm7o9Vvs328e6PVePVvXV/rsqK/dly6tYsjAvsnd6fnb6b5fszZYku+zPf5ulbzv9nwZRLml7/Rnq9/g2NDBevf0Npb4y0vP4tfmiGGivLsjO3LO/1byT8/06//l3RJ69/+b56cEv3YyDf5pmJsz0Ghru+/l0b5kBYz40hMYw25f63G+fPFYdp02PZ87gZHh4Jx81wvMXW42bbosvk15bf9ubJcztuNl/b+li1/NxSweMm31d/Ndn9uMm3eXnq/F871sS/Nr12rOp1DIwMrcrXO5IOguL1bn5NPAa2ZPuz49mR7EC6TP4o57c1vnV5x8Cq8P87/dpxVZ8cA/m+en5r92Mg3+ZH2y7sz06bwylpm6afndp/v7BU5r96eOH62nfbhc78+To//uNPpdM6ZYh8m9e3n23O6L6fbg6nXNJhP7U/f5Y6pg9k78x+uiqs88iO7r+byre5Yucyj6c9WZa9OvVq4/dd4fe73zv14++3/N630++UX5169d6J+39yNusHAODcvd34c25V8bNm079YL+ff/wEAAIBSiLl/MMxE/gcAAIDKiLl/KMxE/gcAAIDKiLl/OMykJvn/4dt2vfDWE1l6N8D5IJ4fd8N9dxTbxY73XPh6bH5BfvpHvz3ywlefWN5tD2ZZ9qt7P9Bx+4fviOsqnIjr/HDr6Ytcdc2ybv+hBxa2a37/hDO7iuuP92e5h0HsKr80sbVxvWOPTjXmy/dmjXn/3DNPFddffB23P72t2P5vwpuW7Dk40HL5zWE9m8IcC+8pc9+ehf2Qz3i5F9Z/6F8v/+zC7cXLDWx8d+NuPv/HxfXG94h67vJi+3i/l1r/v3ztuy/k2z9yXef1PzHYef2nw/W+FuYvdxfbN+/zrzat/0/D+uPtxctt+dYPO67/xfcV278YjotvhNm+/rv+4oNvdXq84u3sub24XLz9yf/d3rhcvL54/e3rH31iqmV/tF//y28W17P7yz8fat4+nh5vJ3ro9tbjeyA8vi098izLvvtnWct+zj5SXO6f29Yfr+/E7Z3Xf3PbOk8MXNO4/ML9Wddyv77+d1s73t+4nj3/uK7l/jx3d9h/b078KL/e0/eH4zGc/3+vFNfX/l6mL97d+noTt//GuuJ5G69vom39z7Wtf+6afN/1Xv89bxbrf/HO1S3r3/OJcDzdU8xe6z/0t5e1XP6b3ykej5NfGT92fObU4QNNe7X5ebx6dM3aSy5917svC6+l7V/vPT778PTJscmxySwbK+FbBq70+r8V5v8UY+7C30LhJz8vjrtnP1l837rhF8XXz4XTHwqPZ/z++PW/Hmk5Xtsf97k7i3m+678prGO53ve1/7pmWRue/vxLp/7pT15v/7kg3p8T7x1t3L/nN1zZOG/g5eL89terXv7zva3P658OTzbmD8J+nQ/vzLzxyuL22q8/vjfJs58unr/xJ7l4+azt/UTWDbXej/Nd/0/DzzE/vKr19S8eHz94ou3dnNdlA/kS5sLrQzZXnB+3ivv72TNXdry9+D482dz7z2aZS5p5dGbiyOFjpx6ZmJ2emZ2YefSxvUePnzo2u7fx3qV7v9jr8gvP77WN5/eB6Z3bs8az/XgxVtjFXv+JB/YfuHXy+gPTB/edOjj7wInpk4f2z8zsnz4wc/2+gwenv9Lr8ocP7J7aumvbrVvHDx0+sPu2Xbu27Ro/fOx4voxiUT3snPzS+LGTexsXmdm9fdfUjh3bJ8ePHj8wvfvWycnxU70u3/jeNJ5f+svjJ6eP7Js9fHR6fObwY9O7p3bt3Lm157s/Hj1xcGZs4uSpYxOnZqZPThT3ZWy2cXL+va/X5amHmePh9a7NQPjp/HM370zvj5v79pNLXlWxSeuPp9kb4b2g4ve3Xl/H3D8SZlKT/A8AAAB1EHN/eOP/hTPkfwAAAKiMmPtXh5nI/wAAAFAZMfcXyX80ffx7XfL/her/P6n/36D/r/+f6f8n+v/6/5n+v/5/D/r/+v9lXr/+v/4/vfVb/z/k/mxNlvn3fwAAAKiomPvXhpnI/wAAAFAZMfdfEmYi/wMAAEBlxNx/aZhJTfK/z//X/9f/79b/j9vq/2f6//3Q/9/03/r/i+j/6/9n+v/n7GL358u+/j7s/6/R/6ff9Fv/P+b+d4WZ1CT/AwAAQB3E3P/uMBP5HwAAACoj5v7LwkzkfwAAAKiMmPvXhZnUJP/r/+v/6//7/H/9/9L0/33+fwf6//r/mf7/ObvY/fmyr78P+/8+/5++02/9/5j7fy3MpCb5HwAAAOog5v73hJnI/wAAAFAZMfdfHmYi/wMAAEBlxNx/RZhJTfJ/Pfv/r2VZpv+f6f/r/7etU/9f/38l6P/r/3ej/6//X+b16//r/9Nbv/X/Y+5/b5hJTfI/AAAA1EHM/VeGmcj/AAAAUBkx978vzET+BwAAgMqIuf+qMJOa5P969v99/r/+f0H/v3Wd+v/6/ytB/1//vxv9f/3/Mq9f/1//n976rf8fc//7w0xqkv8BAACgDmLuvzrMRP4HAACAyoi5/wNhJvI/AAAAVEbM/evDTGqS//X/9f/1//X/9f/1/1dSufr/g0ueo/9f0P9vdeH6/3MLC9D/L8369f/1/+mt3/r/Mfd/MMykJvkfAAAA6iDm/g+Fmcj/AAAAUBkx918TZiL/AwAAQGXE3D8WZlKT/K//r/+v/6//r/+v/7+SytX/X5r+f0H/v5XP/9f/1//X/6e7fuv/x9y/IcykJvkfAAAA6iDm/o1hJvI/AAAAVEbM/deGmcj/AAAAUBkx928KM6lJ/tf/1//X/9f/1//X/19J+v/6/93o/+v/l3n9+v/6//TWb/3/mPuvCzOpSf4HAACAOoi5//owE/kfAAAAKiPm/hvCTOR/AAAAqIyY+zeHmdQk/+v/6//r/5e4/z+k/5/p//c9/X/9/270//X/y7x+/X/9f3rrt/5/zP03hpnUJP8DAABAHcTcf1OYifwPAAAAlRFz/81hJvI/AAAAVEbM/eNhJjXJ//r/+v/6/yXu//v8/5b16//3J/1//f9u9P/1/8u8fv1//X9667f+f8z9t4SZ1CT/AwAAQB3E3L8lzET+BwAAgMqIuX8izET+BwAAgMqIuX8yzKQm+V//X/9f/1//X/9f/38l6f/r/3ej/6//X+b16//r/9Nbv/X/Y+6fCjOpSf4HAACAOoi5f2uYifwPAAAAlRFz/7YwE/kfAAAAKiPm/u1hJjXJ/yXp/29JBSj9f/1//X/9f/3/UtH/1//vRv9f/7/M69f/1/+n1WCH0/qt/x9z/44wk5rkfwAAAKiDmPt3hpnI/wAAAFAZMfffGmYi/wMAAEBlxNx/W5hJTfJ/Sfr/Pv9f/1//v4n+v/5/mej/6/93o/+v/1/m9ev/6//TW7/1/2Pu3xVmUpP8DwAAAHUQc/+Hw0zkfwAAAKiMmPtvDzOR/wEAAKBUOn0OYRRz/0fCTGqS//X/q97/n1+t/6//r//fff36/ytL/1//vxv9f/3/Mq9f/1//n976rf8fc//uMJOa5H8AAACog5j77wgzkf8BAACgMmLuvzPMRP4HAACAyoi5f0+YSU3yv/5/1fv/Pv9f/1//v9f69f9Xlv6//n83+v/l7P+HH1v0//uo/58fQ/r/9KN+6//H3H9XmElN8j8AAADUQcz9Hw0zkf8BAACgMmLu/1iYifwPAAAAlRFz/8fDTGqS//X/9f/1//X/9f/1/1eS/v+K9f8bL4X6/wX9/3NzsfvzZV9/P/X/ff4//arf+v8x998dZlKT/A8AAAB1EHP/J8JM5H8AAACojJj7fz3MRP4HAACAyoi5/54wk5rkf/1//X/9f/1//X/9/5Wk/+/z/7vR/9f/L/P69f/1/+mt3/r/Mff/RphJTfI/AAAA1EHM/feGmcj/AAAAUBkx938yzET+BwAAgJJZteQ5Mff/ZphJTfJ/+fr/Y6Xs/w+m69f/1//X/9f/1/+/kPT/9f8z/f9zdrH782Vfv/6//j+99Vv/P+b+3wozqUn+BwAAgDqIuf9TYSbyPwAAAFRGzP2/HWYi/wMAAEBlxNx/X5hJTfL/he7/t1++G5//r/+f6f/r/+v/6/+fJ/1//f9M//+cXez+fNnXr/+v/09v/db/j7n/d8JMapL/AQAAoA5i7r8/zET+BwAAgD718FlfIub+T4eZyP8AAABQGTH3fybMpCb5v3yf/6//r/+v/6//r/9fJvr/+v/d6P/r/5d5/fr/+v/01m/9/5j7HwgzqUn+BwAAgDqIuf+zYSbyPwAAAFRGzP2/G2Yi/wMAAEBlxNz/e2EmNcn/+v/6//r/+v/6//r/K0n/f3H/P38N0/8v6P/r/5d5/fr/+v/01m/9/5j7PxdmUpP8DwAAAHUQc//vh5nI/wAAAFAZMff/QZiJ/A8AAACVEXP/g2EmNcn/+v/6//r/+v/6//r/K0n/3+f/d6P/r/9f5vXr/+v/01u/9f9j7v98mElN8j8AAADUQcz9fxhmIv8DAABAZcTcvzfMRP4HAACAyoi5/6Ewk5rkf/1//X/9f/1//X/9/5Wk/6//343+v/5/mdev/6//T2/91v+PuX9fmMme1psBAAAAyivm/i+EmdTk3/8BAACgDmLu3x9mIv8DAABAZcTcfyDMpCb5X/9f/1//X/9f/1//fyXp/+v/d6P/r/9f5vXr/+v/01u/9f9j7p8OM6lJ/gcAAIA6iLn/YJiJ/A8AAACVEXP/oTAT+R8AAAAqI+b+h8NMapL/9f/1//X/a9v/f+V7bevU/9f/Xwn6//r/3ej/6/+Xef36//r/9NZv/f+Y+w+HmdQk/wMAAEAdxNz/xTAT+R8AAAAqI+b+L4WZyP8AAABQGTH3HwkzqUn+1//X/9f/r23/f3mf/79m4Xb1//X/z4X+v/5/N/r/+v9lXr/+v/4/vfVb/z/m/qNhJjXJ/wAAAFAHMfcfCzOR/wEAAKAyYu4/HmYi/wMAAEBlxNx/IsykJvlf///s+v8DS3QD9f87r1//vwL9/yb6//r/50L/X/+/G/1//f8yr1//X/+f3vqt/x9z/x+FmdQk/wMAAEAdxNx/MsxE/gcAAIDKiLl/JsxE/gcAAIDKiLl/NsykJvlf/9/n/+v/6//r/+v/ryT9f/3/bvT/9f/LvH79f/1/euu3/n/M/afCTGqS/wEAAKAO/p+9+8zV66riOPziYHCEmEOmwAgYAmNAYgz0ktBDh9B7C72ZDqH33nvvPRB6lUC5XmsFO77nXNv39d1nr+f5kAU3SNlRzIe/nJ9O7v77xy32PwAAAEwjd/8D4hb7HwAAAKaRu/+BcUuT/a//1//r//X/+n/9/z7p//X/S/T/+v8tv1//r/9n3Wj9f+7+B8UtTfY/AAAAdJC7/8Fxi/0PAAAA08jd/5C4xf4HAACAaeTuf2jc0mT/6//1//p//b/+X/+/T/p//f8S/b/+f8vv1//r/1k3Wv+fu/9hcUuT/Q8AAAAd5O5/eNxi/wMAAMA0cvc/Im6x/wEAAGAaufuvj1ua7H/9v/5f/7/B/v+u+n/9/3bo//X/S/T/+v8tv1//r/9n3Wj9f+7+G+KWJvsfAAAAOsjd/8i4xf4HAACAaeTuf1TcYv8DAADANHL3PzpuabL/9f/6f/3/Bvt/3//X/2+I/l//v0T/r//f8vv1//p/1o3W/+fuf0zc0mT/AwAAQAe5+x8bt9j/AAAAMI3c/Y+LW+x/AAAAmEbu/sfHLU32v/5f/6//1//r//X/+6T/1/8v0f/r/7f8fv2//p91e+//73PjwT1q/5+7/8a4pcn+BwAAgA5y9z8hbrH/AQAAYBq5+58Yt9j/AAAAMI3c/U+KW5rsf/2//v+O/v+/d9H/6//1/3f8XP9/PPT/+v8l+n/9/5bfr//X/7Nu7/3/Su9/4X/P3f/kuKXJ/gcAAIAOcvc/JW6x/wEAAGAaufufGrfY/wAAADCN3P1Pi1ua7H/9v/7f9//1//p//f8+6f+H7f8v/L/e+fT/R6L/1/8f1v/f+wjv1//TwWj9f+7+p8ctTfY/AAAAdJC7/xlxi/0PAAAA08jdf1PcYv8DAADANHL3PzNuabL/9f/6f/2//v/8/v9Uy/7/9p/p//dD/z9s/79M/38k+n/9v+//6/9ZNlr/n7v/WXFLk/0PAAAAHeTuf3bcYv8DAADANHL3Pydusf8BAABgGrn7nxu3NNn/+n/9v/5f/39F3/+/Zo7+3/f/90f/r/9fov/X/2/5/fp//T/rRuv/c/c/L25psv8BAABgeqd2tfufH7fY/wAAADCN3P0viFvsfwAAAJhG7v4Xxi1N9r/+X/+v/9f/X1H/P8n3//X/+6P/1/8vOWr/v9P/19+L/n+c9+v/9f+sG63/z93/orilyf4HAACADnL3vzhusf8BAABgGrn7XxK32P8AAAAwjdz9L41bmux//b/+X/+v/9f/6//3Sf+v/1/i+//6/y2/X/+v/2fdaP1/7v6XxS1N9j8AAAB0kLv/5XGL/Q8AAADTyN3/irjF/gcAAIBp5O5/Zdxy4f4/dTVfdfXo//X/+n/9v/5f/79P+n/9/xL9/8X7/zOH/PX0/2O9X/+v/2fdaP1/7v6b4xa//w8AAADTyN3/qrjF/gcAAIBp5O5/ddxi/wMAAMA0cve/Jm5psv8P6/9vu8e5P6//Pxr9/8Xfr//X/+v/9f/6f/3/Ev2/7/9v+f36f/0/60br/3P3vzZuabL/AQAAoIPc/a+LW+x/AAAAmEbu/tfHLfY/AAAATCN3/xvilib7//i//3+d/l//r/+Pq//X/+v/9f/6/2X6f/3/lt+v/9f/s260/j93/xvjlib7HwAAADrI3f+muMX+BwAAgGnk7n9z3GL/AwAAwDRy978lbmmy/4+///f9f/3/Jfb/p/T/Sf8f/1z1//r/S6D/1//v9P+X7aT7+a2/X/+v/2fdaP1/7v6zB1Ov3/4HAACADs4e/PHM7q1xi/0PAAAA08jd/7a4xf4HAACAaeTuf3vc0mT/6//1/yfe//v+f9H/xz9X/b/+/xLo//X/O/3/ZTvpfn7r79f/6/9ZN1r/n7v/HXFLk/0PAAAAHeTuf2fcYv8DAADANGL3n/uX3+1/AAAAmNK7Dv54ZvfuuKXJ/m/c/193pf3/tf/3n/X/F3+//v9Y+v+zF/7a0//r/7dE/6//X6L/1/9v+f3j9P/xg+v1/4xntP4/d/974pYm+x8AAAA6yN3/3rjF/gcAAIBp5O6/JW6x/wEAAGAaufvfF7c02f+N+/9Jvv9/31vjBfr/eft/3/+Pq//X/1+M/l//v9P/X7aT7ue3/v5x+n/f/2dco/X/ufvfH7c02f8AAADQQe7+D8Qt9j8AAABMI3f/B+MW+x8AAACmkbv/Q3FLk/2v/996/+/7//p//b/+f2z6f/3/Ev2//n/L79f/6/9ZN1r/n7v/w3FLk/0PAAAAHeTu/0jcYv8DAADANHL3fzRusf8BAABgGrn7Pxa3NNn/+n/9/776/9v/Ivr/Jv3/Dfr/nf7/UPp//f8S/b/+f8vv1//r/1k3Wv+fu//jcUuT/Q8AAAAd5O7/RNxi/wMAAMA0cvd/Mm6x/wEAAGAaufs/FTfc654n96TjdfqQn0dvrv/X//v+v/7f9//1//uk/9f/L9H/6/+3/H79v/6fdaP1/7n7Px23+P1/AAAAmEbu/s/ELfY/AAAATCN3/2fjFvsfAAAAppG7/3NxS5P9r//X/+v/N9v/X6v/P//9+v8x6f/1/0v0//r/Lb9f/6//Z91o/X/u/s/HLU32PwAAAHSQu/8LcYv9DwAAANPI3f/FuMX+BwAAgGnk7v9S3NJk/+v/9f/6/832/77/f8H79f9j0v/r/5fo//X/W36//l//z7rR+v/c/V+OW5rsfwAAAOggd/9X4hb7HwAAAKaRu/+rcYv9DwAAANPI3f+1uKXJ/tf/6//1//p//b/+f5/0//r/Jfp//f+W36//1/+zbrT+P3f/1+OWJvsfAAAAOsjd/424xf4HAACAaeTu/2bcYv8DAADANHL3fytuabL/Z+7/l/5n+v9z9P/6/53+X/+/Z/p//f8S/b/+f8vv1//r/1k3Wv+fu//bcUuT/Q8AAAAd5O7/Ttxi/wMAAMA0cvd/N26x/wEAAGAaufu/F7c02f8z9/9L9P/n6P/1/zv9v/5/z/T/+v8l+n/9/5bfr//X/7PuhPr/07tD+v/c/d+PW5rsfwAAAOggd/8P4hb7HwAAAKaRu/+HcYv9DwAAANPI3f+juGWe/X+/Wxb+pP7/2Pv/g19E+n/9/07/r//X/x/Q/+v/l+j/9f9bfr/+X//PutG+/5+7/8dxyzz7HwAAANrL3f+TuMX+BwAAgGnk7v9p3GL/AwAAwDRy9/8sbmmy//X/vv+v/2/V/1+z0//r/68y/b/+f4n+X/+/5ffr//X/rBut/8/d//O4pcn+BwAAgA5y9/8ibrH/AQAAYBq5+38Zt9j/AAAAMI3c/b+KW5rsf/2//l//36r/9/1//f9Vp//X/y/R/+v/t/z+7P/z153+X//PnY3W/+fu/3Xc0mT/AwAAQAe5+38Tt9j/AAAAMI3c/b+NW+x/AAAAmEbu/t/FLU32v/5f/6//1//r//X/+6T/1/8v0f/r/7f8ft//1/+zbrT+P3f/rXFLk/0PAAAAHeTu/33cYv8DAADANHL3/yFusf8BAABgGrn7b4tbmux//b/+f8r+/+76f/2//n8U+n/9/xL9v/5/y+/X/+v/WTda/5+7/49xS5P9DwAAAB3k7v9T3GL/AwAAwDRy9/85brH/AQAAYBq5+/8StzTZ//p//f+l9/+n6+972P7f9//1//r/Yczb/99N/6//v+L+/6abz/1Y/7/N9+v/9f+sG63/z93/17ilyf4HAACADnL3/y1usf8BAABgGrn7/x632P8AAAAwjdz9/4hbmux//b/+f8rv/+v/9f/6/2HM2//7/r/+3/f/9f/6f/0/a0br/3P3/zNuabL/AQAAoIPc/f+KW+x/AAAAmEbu/n/HLfY/AAAATCN3/3/ilib7X/+v/9f/6//1//r/fdL/6/+X6P/1/1t+v/5f/8+60fr/3P3/CwAA//8gszKL") syz_mount_image$msdos(&(0x7f0000000180), &(0x7f0000000400)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, &(0x7f00000008c0)=ANY=[], 0x1, 0x0, &(0x7f0000000200)) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) lseek(r0, 0x8001, 0x0) getdents(r0, 0x0, 0x58) 2.462278478s ago: executing program 0 (id=1056): r0 = timerfd_create(0x0, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000200)) timerfd_settime(r0, 0x3, &(0x7f0000000440)={{0x0, 0x989680}}, 0x0) clock_adjtime(0x0, &(0x7f0000000480)={0xd54, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}) 2.281247133s ago: executing program 1 (id=1057): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$team(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000000)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_OPTIONS_SET(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000001340)={0x58, r1, 0x1, 0x0, 0x0, {}, [{{0x8, 0x1, r3}, {0x3c, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x2}}}]}}]}, 0x58}}, 0x0) 1.973394866s ago: executing program 0 (id=1058): r0 = fsopen(&(0x7f0000000000)='hugetlbfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) mknodat$loop(r1, &(0x7f0000000080)='./file0\x00', 0x0, 0x1) name_to_handle_at(r1, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0) 1.972880257s ago: executing program 1 (id=1059): r0 = socket$nl_route(0x10, 0x3, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000003c80)={'team0\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@newlink={0x3c, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_IFNAME={0x14, 0x3, 'virt_wifi0\x00'}, @IFLA_MASTER={0x8, 0xa, r1}]}, 0x3c}}, 0x0) 1.927962364s ago: executing program 4 (id=1060): setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000700)=@raw={'raw\x00', 0x8, 0x3, 0x2a0, 0x0, 0xa, 0x148, 0x368, 0x10, 0x5b8, 0x2a8, 0x2a8, 0x5b8, 0x2a8, 0x3, 0x0, {[{{@ip={@multicast2=0xe000000b, @multicast2, 0x0, 0x0, 'bridge0\x00', 'rose0\x00'}, 0x0, 0xc8, 0x138, 0x0, {0x200003ae, 0x7f00}, [@common=@inet=@hashlimit1={{0x58}, {'veth1_to_team\x00', {0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "f2f7b9f28413d9d8ad470ad2b60c45cb4ea6e7bf902bdc2ff8a9304d9f655c746adc0bdc773506378bc2d27efd6abb05175089830cc46186074d7de46d5af300"}}}, {{@ip={@empty, @broadcast, 0x0, 0x0, 'syzkaller0\x00', 'veth0_to_team\x00'}, 0x0, 0x70, 0xd0}, @common=@SET={0x60}}], {{'\x00', 0xc8, 0x70, 0x98}, {0x28}}}}, 0x300) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet6_IPV6_RTHDR(r0, 0x29, 0x39, &(0x7f0000000800)=ANY=[@ANYBLOB="00020201"], 0x18) setsockopt$inet6_IPV6_DSTOPTS(r0, 0x29, 0x3b, &(0x7f0000000000)=ANY=[], 0x18) sendmmsg$inet6(r0, &(0x7f00000007c0)=[{{&(0x7f00000002c0)={0xa, 0x0, 0x0, @dev, 0x9}, 0x1c, &(0x7f00000005c0)=[{&(0x7f0000000300)='Y', 0x1}], 0x1}}], 0x1, 0x40) 1.655264412s ago: executing program 1 (id=1061): syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)) mount$tmpfs(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000400), 0x0, &(0x7f00000002c0)={[{@huge_always}]}) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) pwrite64(r0, &(0x7f00000000c0)='a', 0x200000c1, 0x9000) 1.505370832s ago: executing program 4 (id=1062): r0 = syz_io_uring_setup(0x7dca, &(0x7f0000000340)={0x0, 0x0, 0x10100}, &(0x7f0000000140), &(0x7f0000000240)=0x0) syz_io_uring_setup(0x1868, &(0x7f00000003c0), &(0x7f0000000040)=0x0, &(0x7f00000000c0)) r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000001c0)=@IORING_OP_RENAMEAT={0x23, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, {0x0, r3}}) io_uring_enter(r0, 0x184c, 0x0, 0x0, 0x0, 0x0) 1.246420614s ago: executing program 4 (id=1063): r0 = syz_open_dev$vim2m(&(0x7f00000001c0), 0x7fff, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f00000000c0)={0x2, 0x1, 0x1}) ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f0000000000)=0x1) ioctl$vim2m_VIDIOC_DQBUF(r0, 0xc0585611, &(0x7f0000000200)=@overlay={0x0, 0x1, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "12848098"}}) read$FUSE(r0, &(0x7f0000003800)={0x2020}, 0x2020) 1.202240351s ago: executing program 3 (id=1064): r0 = socket$inet6(0xa, 0x3, 0x87) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000100)={{{@in=@broadcast, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@empty, 0x0, 0x33}, 0x0, @in6=@mcast2, 0x0, 0x0, 0x0, 0x3}}, 0xe8) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(r1, &(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000000041}, 0xc) connect$inet6(r0, &(0x7f00000000c0), 0x1c) 1.051749464s ago: executing program 1 (id=1065): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f00000000c0)='syzkaller\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='contention_end\x00', r0}, 0x10) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r1, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="4f00030007"], 0xd) 950.179885ms ago: executing program 3 (id=1066): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = epoll_create1(0x0) epoll_pwait2(r0, &(0x7f0000000100)=[{}], 0x1, 0x0, 0x0, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x21}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) 831.88023ms ago: executing program 2 (id=1067): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f0000000b80)={[{@nombcache}, {@abort}, {@dioread_lock}, {@norecovery}, {@discard}, {@lazytime}, {@noload}, {@usrquota}, {@noauto_da_alloc}]}, 0xfe, 0x558, &(0x7f0000000c00)="$eJzs3U1rG0cfAPD/ynbenOeJAyG0PRRDDk1JI8d2X1LoIT2WNjTQ3lNhb0ywHAVLDrEbaHJoLr2UUCilgdIP0HuPoV+gnyLQBkIJpj30orLyylFsyZZtpVaq3w82mdldaXY0+x/PaCQUwMAaz/4pRLwcEV8nEcdajg1HfnB87bzVJ7dmsi2Jev2TP5JI8n3N85P8/9E881JE/PJlxJnC5nKryyvzpXI5XczzE7WF6xPV5ZWzVxdKc+lcem1qevr8W9NT777zds/q+vqlv777+MEH5786tfrtT4+O30viQhzNj7XWYw9ut2bGYzx/TUbiwoYTJ3tQWD9J9vsC2JWhPM5HIusDjsVQHvXAf98XEVEHBlQi/mFANccBzbl9j+bBL4zH769NgDbXf3jtvZE41JgbHVlNnpkZZfPdsR6Un5Xx8+/372Vb9O59CIBt3b4TEeeGhzf3f0ne/+3euS7O2VjGDvu/+g4vCWjxIBv/vNFu/FNYH/9Em/HPaJvY3Y3t47/wqAfFdJSN/95rO/5dX7QaG8pz/2uM+UaSK1fLada3/T8iTsfIwSy/1XrO+dWHHfup1vFftmXlN8eC+XU8Gj747GNmS7XSXurc6vGdiFfajn+T9fZP2rR/9npc6rKMk+n9Vzsd277+z1f9x4jX2rb/0xWtZOv1yYnG/TDRvCs2+/PuyV87lb/f9c/a/8jW9R9LWtdrqzsv44dDf6edju32/j+QfNpIH8j33SzVaouTEQeSjzbvn3r62Ga+eX5W/9Ontu7/2t3/hyPisy7rf/fE3Y6n9kP7z+6o/XeeePjh5993Kr+79n+zkTqd7+mm/+v2Avfy2gEAAAAAAEC/KUTE0UgKxfV0oVAsrn2+40QcKZQr1dqZK5Wla7PR+K7sWIwUmivdoy2fh5jMPw/bzE9tyE9HxPGI+GbocCNfnKmUZ/e78gAAAAAAAAAAAAAAAAAAANAnRjt8/z/z29B+Xx3w3PnJbxhc28Z/L37pCehL/v7D4BL/MLjEPwwu8Q+DS/zD4BL/MLjEPwwu8Q8AAAAAAAAAAAAAAAAAAAAAAAAAAAA9denixWyrrz65NZPlZ28sL81XbpydTavzxYWlmeJMZfF6ca5SmSunxZnKwnbPV65Urk9OxdLNiVparU1Ul1cuL1SWrtUuX10ozaWX05F/pVYAAAAAAAAAAAAAAAAAAADwYqkur8yXyuV0UUJiV4nh/rgMibVEM7D3/IT72y8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQKt/AgAA//+jgjYy") r0 = open(&(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$EXT4_IOC_GROUP_ADD(r0, 0xc0185879, &(0x7f0000000680)={0x0, 0x200002000001, 0x0, 0x0, 0x0, 0x0, 0x2401}) r1 = open(&(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$EXT4_IOC_GROUP_ADD(r1, 0xc0185879, &(0x7f0000000680)={0x0, 0x200002000001, 0x0, 0x0, 0x0, 0x0, 0x2401}) 108.777439ms ago: executing program 4 (id=1068): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000402609333340000000000109022400010000000009040000010301000009210000000122010009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f00000011c0)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB="000002"], 0x0, 0x0, 0x0, 0x0}, 0x0) write$char_usb(0xffffffffffffffff, 0x0, 0x0) 0s ago: executing program 3 (id=1069): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) bind$alg(0xffffffffffffffff, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'digest_null\x00'}, 0x58) bind$packet(r0, &(0x7f0000000040)={0x10, 0x0, 0x0, 0x1, 0x0, 0x6, @random="b6c1c02b5fbb"}, 0x14) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0xfffffe98, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="8400000000010104000000000000000002000000240001801400018008000100ac1414bb08000200ac0314bb0c0002800500010000000000240002801400018008000100ac1414aa08000200ac1414000c0002800500010000000000080007400000000010001700000000000000000000000000100016"], 0x84}}, 0x0) kernel console output (not intermixed with test programs): 896][ T5222] NILFS (loop5): discard dirty block: blocknr=38, size=1024 [ 109.156383][ T5222] NILFS (loop5): discard dirty page: offset=0, ino=5 [ 109.169976][ T5222] NILFS (loop5): discard dirty block: blocknr=41, size=1024 [ 109.194556][ T5222] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 109.271369][ T5222] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 109.280254][ T5222] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 109.331770][ T5222] NILFS (loop5): discard dirty page: offset=0, ino=4 [ 109.338567][ T5222] NILFS (loop5): discard dirty block: blocknr=40, size=1024 [ 109.389475][ T5824] loop1: detected capacity change from 0 to 128 [ 109.395996][ T5222] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 109.412090][ T5822] veth1_macvtap: left promiscuous mode [ 109.426803][ T5222] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 109.456524][ T5824] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 109.471085][ T5222] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 109.508329][ T5824] ext4 filesystem being mounted at /44/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 109.558864][ T5795] loop3: detected capacity change from 0 to 32768 [ 109.630027][ T5824] fscrypt (loop1, inode 12): Direct key flag not allowed with different contents and filenames modes [ 109.715883][ T5795] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 109.866980][ T5224] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 110.016375][ T5795] XFS (loop3): Ending clean mount [ 110.379794][ T5225] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 111.330493][ T5883] loop4: detected capacity change from 0 to 2048 [ 111.400569][ T5883] UDF-fs: error (device loop4): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 111.473850][ T5883] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 111.587231][ T29] audit: type=1800 audit(1723989140.443:2): pid=5883 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.193" name="file1" dev="loop4" ino=1346 res=0 errno=0 [ 111.649051][ T5893] loop3: detected capacity change from 0 to 16 [ 111.695755][ T5893] erofs: (device loop3): mounted with root inode @ nid 36. [ 111.761439][ T5893] erofs: (device loop3): erofs_find_target_block: corrupted dir block 0 @ nid 36 [ 112.247461][ T5901] loop3: detected capacity change from 0 to 2048 [ 112.333508][ T5906] netlink: 72 bytes leftover after parsing attributes in process `syz.4.202'. [ 112.412970][ T5901] EXT4-fs error (device loop3): ext4_orphan_get:1417: comm syz.3.200: bad orphan inode 8192 [ 112.496193][ T5901] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 112.544302][ T5901] process 'syz.3.200' launched './file1' with NULL argv: empty string added [ 112.716664][ T5225] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 112.732606][ T5913] loop1: detected capacity change from 0 to 128 [ 113.014196][ T5920] loop3: detected capacity change from 0 to 256 [ 113.107365][ T5926] netlink: 20 bytes leftover after parsing attributes in process `syz.5.208'. [ 113.602181][ T5945] loop4: detected capacity change from 0 to 128 [ 113.793600][ T5948] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 114.450109][ T5969] netlink: 'syz.3.230': attribute type 1 has an invalid length. [ 114.500488][ T5969] netlink: 9324 bytes leftover after parsing attributes in process `syz.3.230'. [ 114.562150][ T5969] netlink: 'syz.3.230': attribute type 1 has an invalid length. [ 114.601952][ T5969] netlink: 16 bytes leftover after parsing attributes in process `syz.3.230'. [ 114.866959][ T5978] loop4: detected capacity change from 0 to 256 [ 114.869315][ T47] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 114.941931][ T5978] exFAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 114.996140][ T5978] exFAT-fs (loop4): Medium has reported failures. Some data may be lost. [ 115.144528][ T5978] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 115.151769][ T47] usb 3-1: Using ep0 maxpacket: 16 [ 115.211945][ T47] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 115.264447][ T47] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 115.281718][ T47] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 115.300475][ T47] usb 3-1: Product: syz [ 115.319403][ T47] usb 3-1: Manufacturer: syz [ 115.361654][ T47] usb 3-1: SerialNumber: syz [ 115.383939][ T47] usb 3-1: config 0 descriptor?? [ 115.428901][ T47] em28xx 3-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 115.461343][ T47] em28xx 3-1:0.0: DVB interface 0 found: bulk [ 115.502009][ T5988] loop3: detected capacity change from 0 to 128 [ 115.535765][ T5989] loop0: detected capacity change from 0 to 512 [ 115.576329][ T5988] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 115.604109][ T5988] ext4 filesystem being mounted at /33/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 115.649309][ T5989] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2240: inode #15: comm syz.0.238: corrupted in-inode xattr: invalid ea_ino [ 115.729531][ T5966] loop5: detected capacity change from 0 to 32768 [ 115.742262][ T5989] EXT4-fs error (device loop0): ext4_orphan_get:1396: comm syz.0.238: couldn't read orphan inode 15 (err -117) [ 115.807619][ T5989] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 115.818189][ T5966] XFS (loop5): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 115.903634][ T5225] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 116.042767][ T5231] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 116.092877][ T47] em28xx 3-1:0.0: unknown em28xx chip ID (63) [ 116.094634][ T5966] XFS (loop5): Ending clean mount [ 116.290542][ T6014] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 116.404773][ T47] em28xx 3-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 116.437149][ T5222] XFS (loop5): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 116.451418][ T47] em28xx 3-1:0.0: board has no eeprom [ 116.561456][ T47] em28xx 3-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 116.593243][ T47] em28xx 3-1:0.0: dvb set to bulk mode. [ 116.603435][ T2629] em28xx 3-1:0.0: Binding DVB extension [ 116.702946][ T47] usb 3-1: USB disconnect, device number 3 [ 116.762811][ T47] em28xx 3-1:0.0: Disconnecting em28xx [ 116.921505][ T2629] em28xx 3-1:0.0: Registering input extension [ 116.928840][ T47] em28xx 3-1:0.0: Closing input extension [ 117.122623][ T47] em28xx 3-1:0.0: Freeing device [ 117.634203][ T6042] loop3: detected capacity change from 0 to 256 [ 117.799535][ T6036] loop5: detected capacity change from 0 to 32768 [ 117.806790][ T6036] btrfs: Deprecated parameter 'usebackuproot' [ 117.812950][ T6036] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 117.826549][ T6036] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.249 (6036) [ 117.863040][ T6036] BTRFS info (device loop5): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 117.873262][ T6036] BTRFS info (device loop5): using blake2b (blake2b-256-generic) checksum algorithm [ 117.882754][ T6036] BTRFS info (device loop5): disk space caching is enabled [ 117.889969][ T6036] BTRFS warning (device loop5): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 118.067829][ T65] BTRFS warning (device loop5): checksum verify failed on logical 5337088 mirror 1 wanted 0x324c5e2d0cac2dc8f61cbfdfc8cd69d9816061b1498b9e1bff7d10a59610160b found 0xab36da95f7d629ca8cc302fd0fd3c25f2e0c358a27b6cae5b3699304a6c15a5c level 0 [ 118.237628][ T6036] BTRFS error (device loop5): failed to load root extent [ 118.244871][ T6036] BTRFS warning (device loop5): try to load backup roots slot 1 [ 118.415153][ T6036] BTRFS info (device loop5 state M): disabling free space tree [ 118.423961][ T6036] BTRFS info (device loop5 state M): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 118.434843][ T6036] BTRFS info (device loop5 state M): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 118.477819][ T6036] BTRFS info (device loop5 state M): use compression, level 0 [ 118.602226][ T5222] BTRFS info (device loop5): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 119.026927][ T6082] sp0: Synchronizing with TNC [ 119.132135][ T6079] [U] è [ 119.169348][ T6084] loop5: detected capacity change from 0 to 1024 [ 119.232417][ T6084] EXT4-fs: Ignoring removed i_version option [ 119.261518][ T25] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 119.366535][ T6084] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 119.494247][ T25] usb 2-1: config index 0 descriptor too short (expected 4114, got 18) [ 119.552006][ T25] usb 2-1: New USB device found, idVendor=066b, idProduct=20f9, bcdDevice=ff.94 [ 119.571440][ T25] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 119.579460][ T25] usb 2-1: Product: syz [ 119.591360][ T25] usb 2-1: Manufacturer: syz [ 119.602251][ T25] usb 2-1: SerialNumber: syz [ 119.618306][ T25] usb 2-1: config 0 descriptor?? [ 119.743314][ T5222] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 119.845784][ T6059] loop2: detected capacity change from 0 to 32768 [ 119.845995][ T6066] loop0: detected capacity change from 0 to 32768 [ 119.914210][ T6059] [ 119.914210][ T6059] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 119.914210][ T6059] [ 119.988449][ T2629] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 120.055822][ T6059] read_mapping_page failed! [ 120.060684][ T6059] ERROR: (device loop2): txCommit: [ 120.060684][ T6059] [ 120.098955][ T6059] jfs_unlink: dtDelete returned -116 [ 120.108779][ T6059] jfs_unlink: dtDelete returned -116 [ 120.236436][ T2629] usb 4-1: Using ep0 maxpacket: 16 [ 120.237030][ T1110] [ 120.237030][ T1110] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 120.237030][ T1110] [ 120.247954][ T2629] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 120.271575][ T1110] [ 120.271575][ T1110] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 120.271575][ T1110] [ 120.288397][ T2629] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 120.302637][ T111] [ 120.302637][ T111] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 120.302637][ T111] [ 120.326495][ T2629] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 120.326569][ T1110] [ 120.326569][ T1110] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 120.326569][ T1110] [ 120.349332][ T2629] usb 4-1: New USB device found, idVendor=054c, idProduct=03d5, bcdDevice= 0.00 [ 120.375964][ T2629] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 120.387998][ T2629] usb 4-1: config 0 descriptor?? [ 120.399843][ T1110] [ 120.399843][ T1110] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 120.399843][ T1110] [ 120.412139][ T5221] [ 120.412139][ T5221] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 120.412139][ T5221] [ 120.430360][ T112] [ 120.430360][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 120.430360][ T112] [ 120.443451][ T5221] [ 120.443451][ T5221] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 120.443451][ T5221] [ 120.525189][ T25] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 120.561388][ T25] asix 2-1:0.0 (unnamed net_device) (uninitialized): Error reading PHY_ID register: ffffffb9 [ 120.561600][ T9] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 120.617519][ T25] asix 2-1:0.0: probe with driver asix failed with error -71 [ 120.658674][ T25] usb 2-1: USB disconnect, device number 2 [ 120.811620][ T9] usb 6-1: Using ep0 maxpacket: 8 [ 120.835076][ T9] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 120.871401][ T9] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 120.905582][ T2629] input: HID 054c:03d5 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:054C:03D5.0002/input/input7 [ 120.911078][ T9] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 120.967575][ T9] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 121.003424][ T2629] sony 0003:054C:03D5.0002: input,hidraw0: USB HID v0.00 Joystick [HID 054c:03d5] on usb-dummy_hcd.3-1/input0 [ 121.041975][ T9] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 121.076507][ T2629] usb 4-1: USB disconnect, device number 2 [ 121.093297][ T6100] netlink: 'syz.2.277': attribute type 5 has an invalid length. [ 121.101405][ T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 121.129454][ T6100] netlink: 8 bytes leftover after parsing attributes in process `syz.2.277'. [ 121.153567][ T6092] loop4: detected capacity change from 0 to 40427 [ 121.223958][ T6092] F2FS-fs (loop4): Wrong NAT boundary, start(2560) end(462336) blocks(1024) [ 121.262485][ T6092] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 121.361943][ T9] usb 6-1: GET_CAPABILITIES returned 0 [ 121.382241][ T6092] F2FS-fs (loop4): Found nat_bits in checkpoint [ 121.391776][ T9] usbtmc 6-1:16.0: can't read capabilities [ 121.563661][ T6092] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 121.586121][ T6092] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 121.654593][ T29] audit: type=1800 audit(1723989150.513:3): pid=6092 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.273" name="file0" dev="loop4" ino=10 res=0 errno=0 [ 121.673055][ T6092] syz.4.273: attempt to access beyond end of device [ 121.673055][ T6092] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 121.698316][ T2629] usb 6-1: USB disconnect, device number 3 [ 121.796975][ T5223] syz-executor: attempt to access beyond end of device [ 121.796975][ T5223] loop4: rw=2049, sector=45104, nr_sectors = 8 limit=40427 [ 121.844643][ T5223] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 122.028584][ T9] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 122.264496][ T9] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 122.293168][ T6103] loop0: detected capacity change from 0 to 32768 [ 122.295206][ T9] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 122.323209][ T6103] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.278 (6103) [ 122.365904][ T9] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 122.415979][ T6103] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 122.423238][ T9] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 122.436287][ T6122] loop1: detected capacity change from 0 to 1024 [ 122.448506][ T6125] loop3: detected capacity change from 0 to 256 [ 122.461938][ T6103] BTRFS info (device loop0): using sha256 (sha256-ni) checksum algorithm [ 122.491049][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 122.493510][ T6103] BTRFS info (device loop0): using free-space-tree [ 122.528749][ T6125] MINIX-fs: mounting file system with errors, running fsck is recommended [ 122.560413][ T9] usb 3-1: Product: syz [ 122.575064][ T9] usb 3-1: Manufacturer: syz [ 122.579681][ T9] usb 3-1: SerialNumber: syz [ 122.585417][ T3013] hfsplus: b-tree write err: -5, ino 4 [ 122.643614][ T9] usb 3-1: selecting invalid altsetting 1 [ 122.809905][ T6103] BTRFS info (device loop0): rebuilding free space tree [ 122.860687][ T9] cdc_ncm 3-1:1.0: failed GET_NTB_PARAMETERS [ 122.883926][ T9] cdc_ncm 3-1:1.0: bind() failure [ 122.963891][ T9] usb 3-1: USB disconnect, device number 4 [ 122.972158][ T5310] hfsplus: b-tree write err: -5, ino 4 [ 123.132598][ T6147] netlink: 20 bytes leftover after parsing attributes in process `syz.5.292'. [ 123.210710][ T6147] ip6tnl1: entered promiscuous mode [ 123.216200][ T6147] ip6tnl1: entered allmulticast mode [ 123.440695][ T5231] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 123.982890][ T6167] binder: 6165:6167 ioctl c018620c 200005c0 returned -1 [ 124.389128][ T6174] netlink: 16 bytes leftover after parsing attributes in process `syz.3.302'. [ 124.425015][ T6174] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 124.633150][ T6164] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 124.639417][ T6164] Bluetooth: hci0: Error when powering off device on rfkill (-4) [ 124.815675][ T6164] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 124.837328][ T6187] loop2: detected capacity change from 0 to 4096 [ 124.843950][ T6164] Bluetooth: hci3: Error when powering off device on rfkill (-4) [ 124.886436][ T6187] ntfs3: loop2: Different NTFS sector size (2048) and media sector size (512). [ 124.909788][ T6194] loop4: detected capacity change from 0 to 256 [ 124.932351][ T6187] ntfs3: loop2: Mark volume as dirty due to NTFS errors [ 124.943826][ T6164] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 124.957554][ T6164] Bluetooth: hci1: Error when powering off device on rfkill (-4) [ 125.066181][ T6164] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 125.088119][ T6164] Bluetooth: hci2: Error when powering off device on rfkill (-4) [ 125.133451][ T47] usb 4-1: new full-speed USB device number 3 using dummy_hcd [ 125.159781][ T6164] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 125.187571][ T6164] Bluetooth: hci4: Error when powering off device on rfkill (-4) [ 125.323359][ T6164] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 125.361944][ T6164] Bluetooth: hci5: Error when powering off device on rfkill (-4) [ 125.394418][ T47] usb 4-1: New USB device found, idVendor=0b05, idProduct=173f, bcdDevice=9d.6b [ 125.428807][ T47] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 125.469796][ T47] usb 4-1: Product: syz [ 125.503492][ T47] usb 4-1: Manufacturer: syz [ 125.508519][ T6200] loop0: detected capacity change from 0 to 4096 [ 125.528221][ T47] usb 4-1: SerialNumber: syz [ 125.551396][ T6200] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [ 125.603538][ T47] usb 4-1: config 0 descriptor?? [ 125.682889][ T6200] ntfs3: loop0: Failed to initialize $Extend/$ObjId. [ 126.094732][ T47] dvb-usb: found a 'ASUS My Cinema U3100 Mini DVBT Tuner' in warm state. [ 126.167243][ T47] dvb-usb: will use the device's hardware PID filter (table count: 32). [ 126.221955][ T47] dvbdev: DVB: registering new adapter (ASUS My Cinema U3100 Mini DVBT Tuner) [ 126.262320][ T47] usb 4-1: media controller created [ 126.296786][ T6215] loop2: detected capacity change from 0 to 4096 [ 126.299345][ T47] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 126.326350][ T6215] ntfs3: loop2: Different NTFS sector size (4096) and media sector size (512). [ 126.387103][ T6224] nftables ruleset with unbound set [ 126.506518][ T47] DVB: Unable to find symbol dib7000p_attach() [ 126.560223][ T47] dvb-usb: no frontend was attached by 'ASUS My Cinema U3100 Mini DVBT Tuner' [ 126.577679][ T6228] overlayfs: failed to clone upperpath [ 126.600131][ T6215] ntfs3: loop2: ino=3, ntfs_set_state failed, -22. [ 126.609699][ T6215] ntfs3: loop2: ino=1e, "file1" attr_set_size [ 126.701401][ T1114] ntfs3: loop2: ino=3, ntfs3_write_inode failed, -22. [ 126.708698][ T5221] ntfs3: loop2: ino=3, ntfs_set_state failed, -22. [ 126.744702][ T5221] ntfs3: loop2: Mark volume as dirty due to NTFS errors [ 126.772583][ T47] rc_core: IR keymap rc-dib0700-rc5 not found [ 126.772643][ T5221] ntfs3: loop2: ino=3, ntfs_set_state failed, -22. [ 126.792323][ T47] Registered IR keymap rc-empty [ 126.824541][ T47] dvb-usb: could not initialize remote control. [ 126.839260][ T5310] ntfs3: loop2: ino=3, ntfs3_write_inode failed, -22. [ 126.863054][ T47] dvb-usb: ASUS My Cinema U3100 Mini DVBT Tuner successfully initialized and connected. [ 127.148178][ T47] usb 4-1: USB disconnect, device number 3 [ 127.233151][ T47] dvb-usb: ASUS My Cinema U3100 Mini DVBT Tuner successfully deinitialized and disconnected. [ 127.291048][ T6241] loop0: detected capacity change from 0 to 4096 [ 127.447810][ T6250] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 128.043279][ T6258] loop1: detected capacity change from 0 to 32768 [ 128.050521][ T6258] btrfs: Deprecated parameter 'usebackuproot' [ 128.056667][ T6258] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 128.118964][ T6258] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.327 (6258) [ 128.144723][ T6258] BTRFS info (device loop1): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 128.155047][ T6258] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [ 128.164513][ T6258] BTRFS info (device loop1): disk space caching is enabled [ 128.166583][ T6263] loop4: detected capacity change from 0 to 512 [ 128.171993][ T6258] BTRFS warning (device loop1): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 128.207173][ T6267] syz.3.331 uses obsolete (PF_INET,SOCK_PACKET) [ 128.299924][ T6263] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 128.334670][ T6263] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 128.435910][ T12] BTRFS warning (device loop1): checksum verify failed on logical 5337088 mirror 1 wanted 0x324c5e2d0cac2dc8f61cbfdfc8cd69d9816061b1498b9e1bff7d10a59610160b found 0xab36da95f7d629ca8cc302fd0fd3c25f2e0c358a27b6cae5b3699304a6c15a5c level 0 [ 128.440906][ T6263] EXT4-fs (loop4): 1 truncate cleaned up [ 128.491716][ T6258] BTRFS error (device loop1): failed to load root extent [ 128.498824][ T6258] BTRFS warning (device loop1): try to load backup roots slot 1 [ 128.612800][ T6263] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 128.637548][ T6258] BTRFS info (device loop1 state M): disabling free space tree [ 128.645438][ T6258] BTRFS info (device loop1 state M): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 128.656150][ T6258] BTRFS info (device loop1 state M): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 128.703836][ T6258] BTRFS info (device loop1 state M): use compression, level 0 [ 128.835191][ T6263] EXT4-fs error (device loop4): swap_inode_boot_loader:384: inode #5: comm syz.4.330: iget: bad extra_isize 46 (inode size 256) [ 128.882166][ T5224] BTRFS info (device loop1): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 128.994690][ T6301] syz.3.335 uses old SIOCAX25GETINFO [ 129.044476][ T6307] bridge0: port 1(bridge_slave_0) entered blocking state [ 129.052168][ T6307] bridge0: port 1(bridge_slave_0) entered forwarding state [ 129.175396][ T5223] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 129.184626][ T25] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 129.406403][ T25] usb 6-1: Using ep0 maxpacket: 16 [ 129.457538][ T25] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 129.511431][ T25] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 129.571360][ T25] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 129.625034][ T25] usb 6-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 129.691341][ T25] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 129.751122][ T25] usb 6-1: config 0 descriptor?? [ 130.198535][ T25] microsoft 0003:045E:07DA.0003: unknown main item tag 0x0 [ 130.241457][ T25] microsoft 0003:045E:07DA.0003: unknown main item tag 0x0 [ 130.248750][ T25] microsoft 0003:045E:07DA.0003: unknown main item tag 0x0 [ 130.279007][ T25] microsoft 0003:045E:07DA.0003: unknown main item tag 0x0 [ 130.297054][ T6340] macsec1: entered promiscuous mode [ 130.309848][ T25] microsoft 0003:045E:07DA.0003: unknown main item tag 0x0 [ 130.326614][ T6340] macvlan0: entered promiscuous mode [ 130.327871][ T6343] loop2: detected capacity change from 0 to 1024 [ 130.338860][ T25] microsoft 0003:045E:07DA.0003: unbalanced collection at end of report description [ 130.352641][ T6340] macvlan0: left promiscuous mode [ 130.374481][ T25] microsoft 0003:045E:07DA.0003: parse failed [ 130.413264][ T25] microsoft 0003:045E:07DA.0003: probe with driver microsoft failed with error -22 [ 130.466242][ T25] usb 6-1: USB disconnect, device number 4 [ 130.489799][ T6346] loop3: detected capacity change from 0 to 1024 [ 130.500772][ T6341] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 130.615531][ T6341] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 130.752527][ T11] hfsplus: b-tree write err: -5, ino 4 [ 131.039221][ T5225] hfsplus: bad catalog entry type [ 131.133747][ T6324] loop1: detected capacity change from 0 to 32768 [ 131.163004][ T6324] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.345 (6324) [ 131.240457][ T6324] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 131.306212][ T6324] BTRFS info (device loop1): using sha256 (sha256-ni) checksum algorithm [ 131.359225][ T6324] BTRFS info (device loop1): using free-space-tree [ 131.971931][ T5224] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 131.994098][ T5310] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 132.024899][ T29] audit: type=1326 audit(1723989160.883:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6401 comm="syz.0.369" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd6dbd79e79 code=0x0 [ 132.254795][ T5310] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 132.347653][ T1261] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.357178][ T1261] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.466991][ T5310] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 132.676193][ T5310] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 133.239695][ T6425] loop2: detected capacity change from 0 to 1024 [ 133.284079][ T5310] bridge_slave_1: left allmulticast mode [ 133.290018][ T5310] bridge_slave_1: left promiscuous mode [ 133.327539][ T6425] EXT4-fs: Ignoring removed oldalloc option [ 133.348805][ T5310] bridge0: port 2(bridge_slave_1) entered disabled state [ 133.424004][ T5310] bridge_slave_0: left allmulticast mode [ 133.442401][ T6425] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 133.448660][ T5310] bridge_slave_0: left promiscuous mode [ 133.520444][ T5310] bridge0: port 1(bridge_slave_0) entered disabled state [ 133.739946][ T6400] loop4: detected capacity change from 0 to 40427 [ 133.750672][ T5221] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 133.797624][ T6400] F2FS-fs (loop4): Insane cp_payload (553648128 >= 504) [ 133.821450][ T6400] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 133.864275][ T6400] F2FS-fs (loop4): inline encryption not supported [ 133.902429][ T6400] F2FS-fs (loop4): Image doesn't support compression [ 133.909623][ T55] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 133.922296][ T55] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 133.939821][ T55] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 133.965235][ T55] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 133.974611][ T6400] F2FS-fs (loop4): invalid crc value [ 133.980272][ T55] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 133.988524][ T55] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 134.060937][ T5238] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 134.062181][ T6400] F2FS-fs (loop4): Found nat_bits in checkpoint [ 134.096515][ T5238] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 134.107475][ T5238] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 134.121853][ T5238] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 134.130104][ T5238] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 134.143194][ T5238] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 134.223058][ T6451] netlink: 209844 bytes leftover after parsing attributes in process `syz.2.383'. [ 134.254620][ T6400] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 134.261924][ T6400] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 134.437111][ T6400] syz.4.368: attempt to access beyond end of device [ 134.437111][ T6400] loop4: rw=2049, sector=53248, nr_sectors = 8 limit=40427 [ 134.483665][ T6400] syz.4.368: attempt to access beyond end of device [ 134.483665][ T6400] loop4: rw=2049, sector=53288, nr_sectors = 24 limit=40427 [ 134.537676][ T6400] syz.4.368: attempt to access beyond end of device [ 134.537676][ T6400] loop4: rw=2049, sector=53344, nr_sectors = 16 limit=40427 [ 134.552422][ T6400] syz.4.368: attempt to access beyond end of device [ 134.552422][ T6400] loop4: rw=2049, sector=53392, nr_sectors = 24 limit=40427 [ 134.603358][ T6400] syz.4.368: attempt to access beyond end of device [ 134.603358][ T6400] loop4: rw=2049, sector=53440, nr_sectors = 24 limit=40427 [ 134.649079][ T6400] syz.4.368: attempt to access beyond end of device [ 134.649079][ T6400] loop4: rw=2049, sector=53496, nr_sectors = 24 limit=40427 [ 134.836082][ T6431] loop1: detected capacity change from 0 to 32768 [ 134.850107][ T5223] syz-executor: attempt to access beyond end of device [ 134.850107][ T5223] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 134.912428][ T5223] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 134.949721][ T5310] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 135.019985][ T5310] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 135.054080][ T5310] bond0 (unregistering): Released all slaves [ 135.121203][ T6443] bridge0: port 3(vlan0) entered blocking state [ 135.152130][ T6443] bridge0: port 3(vlan0) entered disabled state [ 135.158553][ T6443] vlan0: entered allmulticast mode [ 135.191912][ T6443] veth0_vlan: entered allmulticast mode [ 135.203828][ T6443] vlan0: entered promiscuous mode [ 135.235470][ T6443] bridge0: port 3(vlan0) entered blocking state [ 135.241960][ T6443] bridge0: port 3(vlan0) entered forwarding state [ 135.288790][ T6443] A link change request failed with some changes committed already. Interface vlan0 may have been left with an inconsistent configuration, please check. [ 135.755475][ T6466] loop5: detected capacity change from 0 to 8192 [ 136.086069][ T6478] loop1: detected capacity change from 0 to 8 [ 136.100198][ T6478] MTD: Attempt to mount non-MTD device "/dev/loop1" [ 136.261597][ T55] Bluetooth: hci3: command tx timeout [ 136.351988][ T5310] hsr_slave_0: left promiscuous mode [ 136.448962][ T5310] hsr_slave_1: left promiscuous mode [ 136.504709][ T5310] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 136.530262][ T5310] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 136.593232][ T5310] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 136.627416][ T5310] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 136.742549][ T5310] veth1_macvtap: left promiscuous mode [ 136.766724][ T5310] veth0_macvtap: left promiscuous mode [ 136.791169][ T5310] veth1_vlan: left promiscuous mode [ 136.811769][ T5310] veth0_vlan: left promiscuous mode [ 136.914840][ T6469] loop0: detected capacity change from 0 to 32768 [ 136.965339][ T6469] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 137.155480][ T6469] XFS (loop0): Ending clean mount [ 137.186346][ T6469] XFS (loop0): Quotacheck needed: Please wait. [ 137.298140][ T6469] XFS (loop0): Quotacheck: Done. [ 137.457052][ T5231] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 137.462928][ T6502] loop2: detected capacity change from 0 to 32768 [ 137.494246][ T6502] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.394 (6502) [ 137.535398][ T6502] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 137.590580][ T6502] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 137.641429][ T6502] BTRFS info (device loop2): using free-space-tree [ 137.745726][ T6518] CUSE: unknown device info "À" [ 137.750712][ T6518] CUSE: zero length info key specified [ 138.204436][ T5221] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 138.347639][ T55] Bluetooth: hci3: command tx timeout [ 138.455412][ T2629] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 138.473078][ T5310] team0 (unregistering): Port device team_slave_1 removed [ 138.579131][ T5310] team0 (unregistering): Port device team_slave_0 removed [ 138.667448][ T2629] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 138.698967][ T2629] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 138.719157][ T2629] usb 5-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 138.738664][ T2629] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 138.762206][ T2629] usb 5-1: config 0 descriptor?? [ 139.206031][ T2629] cp2112 0003:10C4:EA90.0004: unknown main item tag 0x0 [ 139.241651][ T2629] cp2112 0003:10C4:EA90.0004: unknown main item tag 0x0 [ 139.250759][ T6544] loop0: detected capacity change from 0 to 40427 [ 139.270935][ T2629] cp2112 0003:10C4:EA90.0004: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.4-1/input0 [ 139.287735][ T6544] F2FS-fs (loop0): Invalid Fs Meta Ino: node(0) meta(2) root(0) [ 139.296937][ T6544] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 139.335723][ T6544] F2FS-fs (loop0): invalid crc value [ 139.400627][ T6544] F2FS-fs (loop0): Found nat_bits in checkpoint [ 139.409342][ T2629] cp2112 0003:10C4:EA90.0004: Part Number: 0x82 Device Version: 0xFE [ 139.563708][ T6544] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 139.575424][ T6544] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4 [ 139.623203][ T2629] cp2112 0003:10C4:EA90.0004: error requesting SMBus config [ 139.650938][ T2629] cp2112 0003:10C4:EA90.0004: probe with driver cp2112 failed with error -71 [ 139.682057][ T2629] usb 5-1: USB disconnect, device number 3 [ 139.707273][ T5231] syz-executor: attempt to access beyond end of device [ 139.707273][ T5231] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 139.730078][ T5231] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 140.286258][ T6444] chnl_net:caif_netlink_parms(): no params data found [ 140.317889][ T2629] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 140.423482][ T55] Bluetooth: hci3: command tx timeout [ 140.531681][ T2629] usb 2-1: Using ep0 maxpacket: 16 [ 140.570727][ T2629] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 140.621657][ T2629] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 140.672724][ T2629] usb 2-1: New USB device found, idVendor=1b1c, idProduct=1b02, bcdDevice= 0.00 [ 140.728111][ T2629] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 140.802974][ T2629] usb 2-1: config 0 descriptor?? [ 141.013398][ T6444] bridge0: port 1(bridge_slave_0) entered blocking state [ 141.020653][ T6444] bridge0: port 1(bridge_slave_0) entered disabled state [ 141.048903][ T6444] bridge_slave_0: entered allmulticast mode [ 141.092587][ T6444] bridge_slave_0: entered promiscuous mode [ 141.129795][ T6444] bridge0: port 2(bridge_slave_1) entered blocking state [ 141.163069][ T6444] bridge0: port 2(bridge_slave_1) entered disabled state [ 141.182336][ T6444] bridge_slave_1: entered allmulticast mode [ 141.190529][ T6444] bridge_slave_1: entered promiscuous mode [ 141.307611][ T2629] corsair 0003:1B1C:1B02.0005: unknown main item tag 0x0 [ 141.344245][ T2629] corsair 0003:1B1C:1B02.0005: hidraw0: USB HID v0.00 Device [HID 1b1c:1b02] on usb-dummy_hcd.1-1/input0 [ 141.357482][ T6591] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 141.496867][ T2629] corsair 0003:1B1C:1B02.0005: Read invalid backlight brightness: db. [ 141.550122][ T6444] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 141.607982][ T6444] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 141.769874][ T9] usb 2-1: USB disconnect, device number 3 [ 141.824607][ T6444] team0: Port device team_slave_0 added [ 141.847717][ T6444] team0: Port device team_slave_1 added [ 141.876718][ T6605] loop0: detected capacity change from 0 to 2048 [ 141.938847][ T6605] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024) [ 142.002966][ T6608] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 142.008146][ T6605] syz.0.417: attempt to access beyond end of device [ 142.008146][ T6605] loop0: rw=524288, sector=33554430, nr_sectors = 2 limit=2048 [ 142.094774][ T6605] capability: warning: `syz.0.417' uses 32-bit capabilities (legacy support in use) [ 142.109155][ T6611] loop2: detected capacity change from 0 to 164 [ 142.140183][ T6444] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 142.165271][ T6444] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 142.208399][ T6611] rock: corrupted directory entry. extent=41, offset=65536, size=8 [ 142.237129][ T6444] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 142.276365][ T6611] rock: corrupted directory entry. extent=41, offset=65536, size=8 [ 142.293005][ T6444] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 142.299965][ T6444] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 142.326055][ C0] vkms_vblank_simulate: vblank timer overrun [ 142.396116][ T6444] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 142.501783][ T55] Bluetooth: hci3: command tx timeout [ 142.854599][ T6444] hsr_slave_0: entered promiscuous mode [ 142.880688][ T6444] hsr_slave_1: entered promiscuous mode [ 142.891834][ T47] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 142.908669][ T6444] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 142.939213][ T6444] Cannot create hsr debugfs directory [ 143.121375][ T47] usb 3-1: Using ep0 maxpacket: 8 [ 143.144176][ T47] usb 3-1: config 0 has an invalid interface number: 52 but max is 0 [ 143.180158][ T47] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 143.231060][ T47] usb 3-1: config 0 has no interface number 0 [ 143.251443][ T47] usb 3-1: config 0 interface 52 altsetting 1 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 143.325063][ T47] usb 3-1: config 0 interface 52 altsetting 1 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 143.366625][ T47] usb 3-1: config 0 interface 52 altsetting 1 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 143.411227][ T47] usb 3-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 143.491417][ T47] usb 3-1: config 0 interface 52 has no altsetting 0 [ 143.498162][ T47] usb 3-1: New USB device found, idVendor=06cb, idProduct=0007, bcdDevice= 8.00 [ 143.528853][ T47] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 143.595700][ T47] usb 3-1: config 0 descriptor?? [ 143.835033][ T47] input: USB Synaptics Device 06cb:0007 (Stick) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.52/input/input9 [ 144.191941][ T25] usb 3-1: USB disconnect, device number 5 [ 144.197805][ C1] synaptics_usb 3-1:0.52: synusb_irq - usb_submit_urb failed with result: -19 [ 144.273674][ T4658] synaptics_usb 3-1:0.52: synusb_open - usb_submit_urb failed, error: -19 [ 144.454266][ T6660] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 145.207111][ T6677] loop5: detected capacity change from 0 to 4096 [ 145.284546][ T6686] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 145.298115][ T6680] netlink: 20 bytes leftover after parsing attributes in process `syz.1.443'. [ 145.718669][ T6444] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 145.798153][ T6444] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 145.854996][ T6444] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 145.946453][ T6444] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 146.510472][ T6444] 8021q: adding VLAN 0 to HW filter on device bond0 [ 146.904087][ T6444] 8021q: adding VLAN 0 to HW filter on device team0 [ 146.980366][ T3013] bridge0: port 1(bridge_slave_0) entered blocking state [ 146.987598][ T3013] bridge0: port 1(bridge_slave_0) entered forwarding state [ 147.040665][ T6724] loop4: detected capacity change from 0 to 2048 [ 147.081001][ T1110] bridge0: port 2(bridge_slave_1) entered blocking state [ 147.088184][ T1110] bridge0: port 2(bridge_slave_1) entered forwarding state [ 147.129063][ T6724] UDF-fs: error (device loop4): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 147.164924][ T6724] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 147.613571][ T6737] netlink: 8 bytes leftover after parsing attributes in process `syz.1.463'. [ 147.961858][ T5332] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 148.195911][ T5332] usb 1-1: Using ep0 maxpacket: 16 [ 148.201467][ T8] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 148.208005][ T5332] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 148.210689][ T6444] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 148.241807][ T5332] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 148.300399][ T5332] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 148.322748][ T9] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 148.343890][ T5332] usb 1-1: New USB device found, idVendor=054c, idProduct=03d5, bcdDevice= 0.00 [ 148.376477][ T5332] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 148.408493][ T5332] usb 1-1: config 0 descriptor?? [ 148.413462][ T8] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0xC has an invalid bInterval 0, changing to 7 [ 148.413500][ T8] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0xC has invalid wMaxPacketSize 0 [ 148.413528][ T8] usb 6-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 148.418669][ T8] usb 6-1: New USB device found, idVendor=18ef, idProduct=e030, bcdDevice=c7.b9 [ 148.469082][ T6444] veth0_vlan: entered promiscuous mode [ 148.518519][ T6444] veth1_vlan: entered promiscuous mode [ 148.542231][ T8] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 148.557828][ T8] usb 6-1: Product: syz [ 148.562861][ T9] usb 3-1: Using ep0 maxpacket: 8 [ 148.580895][ T9] usb 3-1: New USB device found, idVendor=0458, idProduct=7003, bcdDevice=7a.1a [ 148.600882][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 148.614336][ T8] usb 6-1: Manufacturer: syz [ 148.618953][ T8] usb 6-1: SerialNumber: syz [ 148.640868][ T9] usb 3-1: Product: syz [ 148.646924][ T9] usb 3-1: Manufacturer: syz [ 148.671156][ T8] usb 6-1: config 0 descriptor?? [ 148.690980][ T6444] veth0_macvtap: entered promiscuous mode [ 148.702223][ T9] usb 3-1: SerialNumber: syz [ 148.711783][ T8] cp210x 6-1:0.0: cp210x converter detected [ 148.729907][ T9] usb 3-1: config 0 descriptor?? [ 148.753481][ T9] gspca_main: sn9c2028-2.14.0 probing 0458:7003 [ 148.764167][ T6444] veth1_macvtap: entered promiscuous mode [ 148.894504][ T6444] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 148.941009][ T8] cp210x 6-1:0.0: failed to get vendor val 0x370b size 1: -71 [ 148.958877][ T9] gspca_sn9c2028: read1 error -32 [ 148.964045][ T6444] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 148.987028][ T8] cp210x 6-1:0.0: querying part number failed [ 148.994212][ T9] gspca_sn9c2028: read1 error -32 [ 148.995523][ T5332] input: HID 054c:03d5 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:054C:03D5.0006/input/input10 [ 149.001355][ T6444] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 149.032370][ T8] usb 6-1: cp210x converter now attached to ttyUSB0 [ 149.054396][ T8] usb 6-1: USB disconnect, device number 5 [ 149.070230][ T6444] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 149.119242][ T6777] loop1: detected capacity change from 0 to 16 [ 149.121505][ T6444] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 149.136294][ T8] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 149.146978][ T6777] erofs: (device loop1): mounted with root inode @ nid 36. [ 149.168118][ T8] cp210x 6-1:0.0: device disconnected [ 149.191459][ T6444] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 149.223330][ T6777] erofs: (device loop1): z_erofs_read_folio: read error -117 @ 16 of nid 36 [ 149.245189][ T6444] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 149.275139][ T25] usb 3-1: USB disconnect, device number 6 [ 149.281217][ T5332] sony 0003:054C:03D5.0006: input,hidraw0: USB HID v0.00 Joystick [HID 054c:03d5] on usb-dummy_hcd.0-1/input0 [ 149.303969][ T6777] erofs: (device loop1): erofs_readdir: fail to readdir of logical block 16 of nid 36 [ 149.321605][ T6444] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 149.367464][ T6444] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 149.391880][ T6444] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 149.422797][ T5332] usb 1-1: USB disconnect, device number 4 [ 149.502220][ T6444] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 149.573123][ T5349] udevd[5349]: failed to send result of seq 12152 to main daemon: Connection refused [ 149.636840][ T6444] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 149.638822][ T5595] udevd[5595]: failed to send result of seq 12138 to main daemon: Transport endpoint is not connected [ 149.704470][ T6444] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 149.737418][ T6444] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 149.756134][ T6444] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 149.772695][ T6444] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 149.811493][ T6444] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 149.831422][ T6444] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 149.851466][ T6444] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 149.870055][ T6444] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 149.890365][ T6444] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 149.949133][ T6444] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 149.975191][ T6444] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 150.004262][ T6444] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 150.030805][ T6444] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 150.065342][ T6444] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 150.348520][ T65] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 150.391335][ T65] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 150.468613][ T6812] program syz.0.486 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 150.511846][ T25] IPVS: starting estimator thread 0... [ 150.517986][ T1114] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 150.519857][ T6813] IPVS: sh: SCTP 172.20.20.187:0 - no destination available [ 150.580729][ T1114] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 150.621587][ T6815] IPVS: using max 16 ests per chain, 38400 per kthread [ 151.628583][ T6852] loop4: detected capacity change from 0 to 128 [ 151.644598][ T6808] loop5: detected capacity change from 0 to 32768 [ 151.663197][ T6808] XFS: ikeep mount option is deprecated. [ 151.684435][ T6808] XFS: noikeep mount option is deprecated. [ 151.705258][ T6852] VFS: Found a Xenix FS (block size = 512) on device loop4 [ 151.739838][ T6852] sysv_free_block: trying to free block not in datazone [ 151.771085][ T6808] XFS (loop5): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 151.821927][ T6866] sysv_count_free_blocks: free block count was -2041545929, correcting to 9 [ 151.845490][ T25] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 151.959151][ T6808] XFS (loop5): Ending clean mount [ 151.991721][ T6866] sysv_count_free_inodes: unable to read inode table [ 152.001886][ T6808] XFS (loop5): Quotacheck needed: Please wait. [ 152.084721][ T25] usb 3-1: Using ep0 maxpacket: 8 [ 152.121468][ T6808] XFS (loop5): Quotacheck: Done. [ 152.128975][ T25] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 152.145365][ T25] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 152.158344][ T25] usb 3-1: New USB device found, idVendor=05ac, idProduct=9219, bcdDevice=61.da [ 152.168640][ T5223] sysv_free_inode: inode 0,1,2 or nonexistent inode [ 152.183948][ T25] usb 3-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 152.219739][ T25] usb 3-1: Manufacturer: syz [ 152.250172][ T25] usb 3-1: config 0 descriptor?? [ 152.286538][ T25] appledisplay 3-1:0.0: Submitting URB failed [ 152.321557][ T25] appledisplay 3-1:0.0: probe with driver appledisplay failed with error -5 [ 152.340196][ T6835] loop3: detected capacity change from 0 to 32768 [ 152.424432][ T6879] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 152.442058][ T6835] ERROR: (device loop3): jfs_readdir: DT_GETPAGE: dtree page corrupt [ 152.442058][ T6835] [ 152.465996][ T5222] XFS (loop5): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 152.531474][ T6835] ERROR: (device loop3): remounting filesystem as read-only [ 152.540824][ T47] usb 3-1: USB disconnect, device number 7 [ 153.582042][ T6914] netlink: 'syz.2.513': attribute type 2 has an invalid length. [ 153.695389][ T6913] loop4: detected capacity change from 0 to 4096 [ 153.809492][ T6922] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 154.087462][ T6933] capability: warning: `syz.5.523' uses deprecated v2 capabilities in a way that may be insecure [ 154.561467][ T47] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 154.699591][ T6952] loop3: detected capacity change from 0 to 4096 [ 154.730749][ T6952] ntfs3: loop3: Different NTFS sector size (4096) and media sector size (512). [ 154.750094][ T29] audit: type=1326 audit(1723989183.603:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6953 comm="syz.4.531" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64d2379e79 code=0x7ffc0000 [ 154.772243][ C1] vkms_vblank_simulate: vblank timer overrun [ 154.852080][ T29] audit: type=1326 audit(1723989183.603:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6953 comm="syz.4.531" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64d2379e79 code=0x7ffc0000 [ 154.855243][ T6952] ntfs3: loop3: Failed to initialize $Extend/$Reparse. [ 154.874335][ C1] vkms_vblank_simulate: vblank timer overrun [ 154.874644][ T47] usb 1-1: device descriptor read/all, error -71 [ 154.940704][ T29] audit: type=1326 audit(1723989183.613:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6953 comm="syz.4.531" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f64d2379e79 code=0x7ffc0000 [ 155.004976][ T29] audit: type=1326 audit(1723989183.623:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6953 comm="syz.4.531" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64d2379e79 code=0x7ffc0000 [ 155.026982][ C1] vkms_vblank_simulate: vblank timer overrun [ 155.059340][ T6924] loop2: detected capacity change from 0 to 32768 [ 155.085043][ T6924] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.518 (6924) [ 155.095954][ T29] audit: type=1326 audit(1723989183.623:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6953 comm="syz.4.531" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64d2379e79 code=0x7ffc0000 [ 155.147963][ T6924] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 155.159015][ T29] audit: type=1326 audit(1723989183.623:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6953 comm="syz.4.531" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f64d2379e79 code=0x7ffc0000 [ 155.195361][ T6924] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 155.221818][ T6924] BTRFS info (device loop2): using free-space-tree [ 155.223772][ T29] audit: type=1326 audit(1723989183.633:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6953 comm="syz.4.531" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64d2379e79 code=0x7ffc0000 [ 155.339739][ T29] audit: type=1326 audit(1723989183.673:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6953 comm="syz.4.531" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f64d2370e27 code=0x7ffc0000 [ 155.471692][ T29] audit: type=1326 audit(1723989183.673:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6953 comm="syz.4.531" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f64d23157e9 code=0x7ffc0000 [ 155.530327][ T29] audit: type=1326 audit(1723989183.673:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6953 comm="syz.4.531" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f64d2370e27 code=0x7ffc0000 [ 155.810158][ T5221] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 155.859423][ T6982] loop5: detected capacity change from 0 to 2048 [ 155.922415][ T6982] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 156.037846][ T6982] overlayfs: upper fs needs to support d_type. [ 156.129163][ T6982] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 156.170749][ T6982] overlayfs: failed to set xattr on upper [ 156.210140][ T6982] overlayfs: ...falling back to redirect_dir=nofollow. [ 156.241344][ T6982] overlayfs: ...falling back to index=off. [ 156.260209][ T6982] overlayfs: ...falling back to uuid=null. [ 156.291600][ T47] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 156.433577][ T5222] UDF-fs: error (device loop5): udf_read_inode: (ino 1317) failed !bh [ 156.454354][ T5222] UDF-fs: error (device loop5): udf_read_inode: (ino 1317) failed !bh [ 156.491576][ T47] usb 1-1: Using ep0 maxpacket: 32 [ 156.503716][ T47] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 36 [ 156.556393][ T47] usb 1-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c [ 156.580015][ T47] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 156.621345][ T47] usb 1-1: Product: syz [ 156.628175][ T47] usb 1-1: Manufacturer: syz [ 156.651392][ T47] usb 1-1: SerialNumber: syz [ 156.671929][ T47] usb 1-1: config 0 descriptor?? [ 156.677788][ T6984] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 156.722792][ T47] hub 1-1:0.0: bad descriptor, ignoring hub [ 156.728732][ T47] hub 1-1:0.0: probe with driver hub failed with error -5 [ 156.769923][ T47] input: syz syz as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input11 [ 157.012896][ T6984] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 157.072690][ T7006] loop1: detected capacity change from 0 to 512 [ 157.121618][ T6984] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 157.147446][ T7006] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 157.191024][ T47] usb 1-1: USB disconnect, device number 7 [ 157.191082][ C1] usbtouchscreen 1-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19 [ 157.196331][ T11] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 157.283397][ T7006] EXT4-fs (loop1): 1 truncate cleaned up [ 157.337536][ T7009] loop4: detected capacity change from 0 to 1024 [ 157.346030][ T7006] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 157.570447][ T11] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 157.627232][ T12] hfsplus: b-tree write err: -5, ino 4 [ 157.726851][ T7006] EXT4-fs: Can't set or change test_dummy_encryption on remount [ 157.894619][ T11] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 157.965957][ T5224] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 158.207555][ T11] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 158.303044][ T7029] loop2: detected capacity change from 0 to 8 [ 158.466356][ T7032] loop1: detected capacity change from 0 to 256 [ 158.550999][ T7032] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 158.602781][ T11] bridge_slave_1: left allmulticast mode [ 158.608630][ T11] bridge_slave_1: left promiscuous mode [ 158.625094][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 158.662841][ T11] bridge_slave_0: left allmulticast mode [ 158.670322][ T7038] netlink: 209852 bytes leftover after parsing attributes in process `syz.4.565'. [ 158.693670][ T11] bridge_slave_0: left promiscuous mode [ 158.699851][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 158.708234][ T7039] loop2: detected capacity change from 0 to 16 [ 158.716183][ T7038] openvswitch: netlink: IP tunnel attribute has 3048 unknown bytes. [ 158.725165][ T7039] MTD: Attempt to mount non-MTD device "/dev/loop2" [ 158.881377][ T5238] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 158.896842][ T5238] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 158.917062][ T5238] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 158.974958][ T5238] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 158.992297][ T5238] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 158.999775][ T5238] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 159.456215][ T7035] loop0: detected capacity change from 0 to 32768 [ 159.481187][ T7035] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.563 (7035) [ 159.521497][ T7035] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 159.545806][ T7035] BTRFS info (device loop0): using sha256 (sha256-ni) checksum algorithm [ 159.575234][ T7035] BTRFS info (device loop0): using free-space-tree [ 159.830424][ T29] kauditd_printk_skb: 58 callbacks suppressed [ 159.830446][ T29] audit: type=1800 audit(1723989188.683:73): pid=7035 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.563" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 160.008401][ T5231] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 160.045828][ T7073] misc userio: The device must be registered before sending interrupts [ 160.516111][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 160.556918][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 160.586833][ T11] bond0 (unregistering): Released all slaves [ 160.654053][ T7079] netlink: 4 bytes leftover after parsing attributes in process `syz.0.574'. [ 160.830406][ T7066] loop1: detected capacity change from 0 to 40427 [ 160.834752][ T7081] loop2: detected capacity change from 0 to 512 [ 160.873490][ T7066] F2FS-fs (loop1): Small segment_count (9 < 1 * 24) [ 160.892642][ T7081] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 160.901553][ T7066] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 160.949424][ T7066] F2FS-fs (loop1): Found nat_bits in checkpoint [ 160.957986][ T7081] EXT4-fs (loop2): 1 truncate cleaned up [ 160.973339][ T7083] netlink: 28 bytes leftover after parsing attributes in process `syz.4.577'. [ 160.979480][ T7081] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 161.061605][ T5238] Bluetooth: hci0: command tx timeout [ 161.181390][ T7066] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 161.188465][ T7066] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 161.239365][ T7095] ALSA: mixer_oss: invalid index -1404626105 [ 161.265859][ T29] audit: type=1800 audit(1723989190.123:74): pid=7066 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.571" name="file2" dev="loop1" ino=10 res=0 errno=0 [ 161.277376][ T7066] syz.1.571: attempt to access beyond end of device [ 161.277376][ T7066] loop1: rw=0, sector=53328, nr_sectors = 8 limit=40427 [ 161.339311][ T5221] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 161.355701][ T7066] syz.1.571: attempt to access beyond end of device [ 161.355701][ T7066] loop1: rw=0, sector=53328, nr_sectors = 8 limit=40427 [ 161.384426][ T7066] syz.1.571: attempt to access beyond end of device [ 161.384426][ T7066] loop1: rw=0, sector=53328, nr_sectors = 8 limit=40427 [ 161.405265][ T11] hsr_slave_0: left promiscuous mode [ 161.453020][ T7099] syz.1.571: attempt to access beyond end of device [ 161.453020][ T7099] loop1: rw=2049, sector=53336, nr_sectors = 8 limit=40427 [ 161.487090][ T11] hsr_slave_1: left promiscuous mode [ 161.504900][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 161.540390][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 161.571385][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 161.591480][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 161.648451][ T5224] syz-executor: attempt to access beyond end of device [ 161.648451][ T5224] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 161.671825][ T5224] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 161.698038][ T11] veth1_macvtap: left promiscuous mode [ 161.713548][ T11] veth0_macvtap: left promiscuous mode [ 161.731806][ T11] veth1_vlan: left promiscuous mode [ 161.757771][ T11] veth0_vlan: left promiscuous mode [ 163.141733][ T5238] Bluetooth: hci0: command tx timeout [ 163.653716][ T11] team0 (unregistering): Port device team_slave_1 removed [ 163.793648][ T11] team0 (unregistering): Port device team_slave_0 removed [ 163.823403][ T7125] vcan0: tx drop: invalid sa for name 0x0000000000000002 [ 164.760279][ T7135] loop0: detected capacity change from 0 to 8 [ 164.780990][ T7135] MTD: Attempt to mount non-MTD device "/dev/loop0" [ 164.926207][ T7122] netlink: 8 bytes leftover after parsing attributes in process `syz.2.591'. [ 164.942236][ T7122] bataNâDþ­2þ¨_0: renamed from lo (while UP) [ 164.953572][ T7137] loop0: detected capacity change from 0 to 1024 [ 164.983189][ T7137] EXT4-fs: Ignoring removed i_version option [ 165.002792][ T7137] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 165.093213][ T7137] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 165.128556][ T7041] chnl_net:caif_netlink_parms(): no params data found [ 165.170538][ T7144] loop1: detected capacity change from 0 to 128 [ 165.221398][ T5238] Bluetooth: hci0: command tx timeout [ 165.225657][ T7144] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256 [ 165.366424][ T5231] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 165.406471][ T7144] UDF-fs: error (device loop1): udf_bitmap_new_block: bitmap for partition 0 corrupted (block 264 marked as free, partition length is 40) [ 165.483546][ T7041] bridge0: port 1(bridge_slave_0) entered blocking state [ 165.525858][ T7041] bridge0: port 1(bridge_slave_0) entered disabled state [ 165.558524][ T7041] bridge_slave_0: entered allmulticast mode [ 165.582341][ T7041] bridge_slave_0: entered promiscuous mode [ 165.623732][ T7041] bridge0: port 2(bridge_slave_1) entered blocking state [ 165.662524][ T7041] bridge0: port 2(bridge_slave_1) entered disabled state [ 165.709979][ T7041] bridge_slave_1: entered allmulticast mode [ 165.743230][ T7041] bridge_slave_1: entered promiscuous mode [ 165.796434][ T7159] loop1: detected capacity change from 0 to 256 [ 165.960128][ T7041] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 165.989302][ T7162] netlink: 8 bytes leftover after parsing attributes in process `syz.0.607'. [ 166.162231][ T7041] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 166.445062][ T7041] team0: Port device team_slave_0 added [ 166.454079][ T55] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 166.466013][ T55] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 166.466224][ T7168] bond0: option mode: unable to set because the bond device has slaves [ 166.481816][ T55] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 166.494192][ T55] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 166.513644][ T55] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 166.521064][ T55] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 166.670272][ T7179] loop4: detected capacity change from 0 to 512 [ 166.756007][ T7179] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 166.761282][ T7041] team0: Port device team_slave_1 added [ 166.769529][ T7179] ext4 filesystem being mounted at /114/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 166.870350][ T5223] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 167.076752][ T1110] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 167.118870][ T7190] tap0: tun_chr_ioctl cmd 2147767521 [ 167.128360][ T7198] syz.0.621: attempt to access beyond end of device [ 167.128360][ T7198] loop0: rw=0, sector=2, nr_sectors = 2 limit=0 [ 167.138793][ T7041] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 167.149256][ T7198] syz.0.621: attempt to access beyond end of device [ 167.149256][ T7198] loop0: rw=0, sector=16, nr_sectors = 2 limit=0 [ 167.165390][ T7041] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 167.197699][ T7041] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 167.216510][ T7041] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 167.229257][ T7041] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 167.264381][ T7041] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 167.287507][ T937] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 167.301942][ T5238] Bluetooth: hci0: command tx timeout [ 167.350000][ T7202] loop0: detected capacity change from 0 to 736 [ 167.365327][ T1110] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 167.503551][ T937] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 167.519812][ T937] usb 3-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 167.522672][ T7206] MTD: Attempt to mount non-MTD device "./file0" [ 167.536296][ T937] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 167.542632][ T7206] syz.0.625: attempt to access beyond end of device [ 167.542632][ T7206] loop0: rw=0, sector=0, nr_sectors = 2 limit=0 [ 167.574030][ T937] usb 3-1: config 0 descriptor?? [ 167.585466][ T7208] bpf: Bad value for 'uid' [ 167.601620][ T5332] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 167.638321][ T1110] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 167.695899][ T7041] hsr_slave_0: entered promiscuous mode [ 167.731809][ T7041] hsr_slave_1: entered promiscuous mode [ 167.745606][ T7041] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 167.761690][ T7041] Cannot create hsr debugfs directory [ 167.801500][ T5332] usb 5-1: Using ep0 maxpacket: 16 [ 167.816176][ T5332] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 167.841515][ T5332] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 167.858532][ T5332] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 167.886138][ T1110] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 167.911510][ T5332] usb 5-1: New USB device found, idVendor=045e, idProduct=9994, bcdDevice=fc.3c [ 167.951703][ T5332] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 167.988881][ T5332] usb 5-1: config 0 descriptor?? [ 168.005263][ T937] keytouch 0003:0926:3333.0007: fixing up Keytouch IEC report descriptor [ 168.029724][ T937] input: HID 0926:3333 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:0926:3333.0007/input/input12 [ 168.207256][ T937] keytouch 0003:0926:3333.0007: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.2-1/input0 [ 168.438418][ T5332] hid-multitouch 0003:045E:9994.0008: unknown main item tag 0x2 [ 168.521649][ T5332] hid-multitouch 0003:045E:9994.0008: unknown main item tag 0x0 [ 168.567801][ T937] usb 3-1: USB disconnect, device number 8 [ 168.573851][ T5332] hid-multitouch 0003:045E:9994.0008: unknown main item tag 0x0 [ 168.573882][ T5332] hid-multitouch 0003:045E:9994.0008: unknown main item tag 0x0 [ 168.591017][ T5238] Bluetooth: hci3: command tx timeout [ 168.605622][ T5332] hid-multitouch 0003:045E:9994.0008: unknown main item tag 0x0 [ 168.616058][ T5332] hid-multitouch 0003:045E:9994.0008: unknown main item tag 0x0 [ 168.631450][ T5332] hid-multitouch 0003:045E:9994.0008: unknown main item tag 0x0 [ 168.640309][ T5332] hid-multitouch 0003:045E:9994.0008: unknown main item tag 0x0 [ 168.648899][ T5332] hid-multitouch 0003:045E:9994.0008: unknown main item tag 0x0 [ 168.656916][ T5332] hid-multitouch 0003:045E:9994.0008: unknown main item tag 0x0 [ 168.664762][ T5332] hid-multitouch 0003:045E:9994.0008: unknown main item tag 0x0 [ 168.696924][ T5332] hid-multitouch 0003:045E:9994.0008: hidraw1: USB HID v0.00 Device [HID 045e:9994] on usb-dummy_hcd.4-1/input0 [ 168.723202][ T5332] usb 5-1: USB disconnect, device number 4 [ 168.789410][ T7171] chnl_net:caif_netlink_parms(): no params data found [ 168.966482][ T1110] bridge_slave_1: left allmulticast mode [ 168.991974][ T1110] bridge_slave_1: left promiscuous mode [ 169.001638][ T1110] bridge0: port 2(bridge_slave_1) entered disabled state [ 169.033538][ T1110] bridge_slave_0: left allmulticast mode [ 169.039207][ T1110] bridge_slave_0: left promiscuous mode [ 169.053463][ T7221] loop1: detected capacity change from 0 to 4096 [ 169.056147][ T1110] bridge0: port 1(bridge_slave_0) entered disabled state [ 169.062282][ T7221] ntfs3: loop1: Different NTFS sector size (1024) and media sector size (512). [ 169.963287][ T1110] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 170.012015][ T1110] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 170.050408][ T1110] bond0 (unregistering): Released all slaves [ 170.155215][ T7232] loop1: detected capacity change from 0 to 40427 [ 170.180887][ T7232] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 170.191778][ T7232] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 170.238383][ T7249] loop0: detected capacity change from 0 to 4096 [ 170.244870][ T7232] F2FS-fs (loop1): invalid crc value [ 170.263662][ T7252] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 170.281607][ T7232] F2FS-fs (loop1): Found nat_bits in checkpoint [ 170.458498][ T7232] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 170.470230][ T7259] loop4: detected capacity change from 0 to 512 [ 170.477036][ T7232] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 170.488481][ T7249] syz.0.642 (7249) used greatest stack depth: 18520 bytes left [ 170.492079][ T7259] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 170.573878][ T7259] EXT4-fs (loop4): 1 orphan inode deleted [ 170.579643][ T7259] EXT4-fs (loop4): 1 truncate cleaned up [ 170.586988][ T7259] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 170.621161][ T7259] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 170.649317][ T7259] EXT4-fs (loop4): Remounting filesystem read-only [ 170.671998][ T5238] Bluetooth: hci3: command tx timeout [ 170.687711][ T29] audit: type=1804 audit(1723989199.503:75): pid=7232 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.634" name="/newroot/136/bus/bus" dev="loop1" ino=455 res=1 errno=0 [ 170.727564][ T5223] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 170.804090][ T7171] bridge0: port 1(bridge_slave_0) entered blocking state [ 170.808036][ T29] audit: type=1326 audit(1723989199.663:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7264 comm="syz.2.646" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f680a379e79 code=0x0 [ 170.811236][ T7171] bridge0: port 1(bridge_slave_0) entered disabled state [ 170.880554][ T3013] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 170.895969][ T7171] bridge_slave_0: entered allmulticast mode [ 170.918238][ T7171] bridge_slave_0: entered promiscuous mode [ 170.924577][ T3013] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 171.087776][ T7171] bridge0: port 2(bridge_slave_1) entered blocking state [ 171.101986][ T7171] bridge0: port 2(bridge_slave_1) entered disabled state [ 171.112655][ T7171] bridge_slave_1: entered allmulticast mode [ 171.128656][ T7171] bridge_slave_1: entered promiscuous mode [ 171.290963][ T1110] hsr_slave_0: left promiscuous mode [ 171.330654][ T1110] hsr_slave_1: left promiscuous mode [ 171.339129][ T1110] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 171.363190][ T1110] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 171.392160][ T937] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 171.403177][ T1110] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 171.416078][ T1110] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 171.471194][ T1110] veth1_macvtap: left promiscuous mode [ 171.476959][ T1110] veth0_macvtap: left promiscuous mode [ 171.489923][ T1110] veth1_vlan: left promiscuous mode [ 171.496983][ T7267] loop4: detected capacity change from 0 to 32768 [ 171.503711][ T1110] veth0_vlan: left promiscuous mode [ 171.552970][ T7267] XFS (loop4): Mounting V5 Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd [ 171.594657][ T937] usb 1-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47 [ 171.642180][ T937] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 171.677428][ T7267] XFS (loop4): Ending clean mount [ 171.692379][ T937] usb 1-1: config 0 descriptor?? [ 171.733831][ T937] gspca_main: STV06xx-2.14.0 probing 046d:0870 [ 171.905887][ T5223] XFS (loop4): Unmounting Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd [ 172.534014][ T937] usb 1-1: USB disconnect, device number 8 [ 172.711009][ T1110] team0 (unregistering): Port device team_slave_1 removed [ 172.741704][ T5238] Bluetooth: hci3: command tx timeout [ 172.768905][ T1110] team0 (unregistering): Port device team_slave_0 removed [ 173.264733][ T7304] loop0: detected capacity change from 0 to 256 [ 173.324554][ T7171] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 173.346674][ T7171] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 173.412126][ T7298] netlink: 24 bytes leftover after parsing attributes in process `syz.1.656'. [ 173.425044][ T7298] Zero length message leads to an empty skb [ 173.614505][ T7171] team0: Port device team_slave_0 added [ 173.643589][ T7311] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.662'. [ 173.657458][ T7171] team0: Port device team_slave_1 added [ 173.770081][ T7312] loop1: detected capacity change from 0 to 4096 [ 173.884262][ T7171] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 173.913179][ T7171] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 173.971364][ T7171] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 174.003849][ T7171] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 174.010816][ T7171] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 174.036716][ C1] vkms_vblank_simulate: vblank timer overrun [ 174.056866][ T7171] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 174.275455][ T7329] delete_channel: no stack [ 174.324904][ T7041] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 174.377806][ T7171] hsr_slave_0: entered promiscuous mode [ 174.415951][ T7171] hsr_slave_1: entered promiscuous mode [ 174.448986][ T7171] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 174.474198][ T7171] Cannot create hsr debugfs directory [ 174.495652][ T7041] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 174.650771][ T7041] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 174.675168][ T7041] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 174.821484][ T5238] Bluetooth: hci3: command tx timeout [ 175.214127][ T5287] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 175.269908][ T7354] netlink: 'syz.0.683': attribute type 3 has an invalid length. [ 175.444785][ T5287] usb 2-1: Using ep0 maxpacket: 32 [ 175.458515][ T5287] usb 2-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 175.472486][ T7041] 8021q: adding VLAN 0 to HW filter on device bond0 [ 175.488132][ T5287] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 175.522498][ T5287] usb 2-1: config 0 descriptor?? [ 175.548431][ T5287] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 175.654685][ T7041] 8021q: adding VLAN 0 to HW filter on device team0 [ 175.705243][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 175.712554][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 175.848072][ T1110] bridge0: port 2(bridge_slave_1) entered blocking state [ 175.855295][ T1110] bridge0: port 2(bridge_slave_1) entered forwarding state [ 175.965835][ T7362] netpci0: tun_chr_ioctl cmd 1074025677 [ 175.986013][ T7362] netpci0: linktype set to 804 [ 176.167387][ T7171] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 176.215568][ T7171] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 176.226856][ T7368] netlink: 8 bytes leftover after parsing attributes in process `syz.0.688'. [ 176.270375][ T7171] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 176.289367][ T7171] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 176.387674][ T5287] gspca_nw80x: reg_r err -71 [ 176.398624][ T5287] nw80x 2-1:0.0: probe with driver nw80x failed with error -71 [ 176.432732][ T5287] usb 2-1: USB disconnect, device number 4 [ 176.733986][ T7041] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 176.792143][ T7385] binder: 7384:7385 ioctl 40046205 0 returned -22 [ 176.812316][ T7171] 8021q: adding VLAN 0 to HW filter on device bond0 [ 176.887642][ T7171] 8021q: adding VLAN 0 to HW filter on device team0 [ 176.937195][ T7392] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 177.021111][ T3013] bridge0: port 1(bridge_slave_0) entered blocking state [ 177.028324][ T3013] bridge0: port 1(bridge_slave_0) entered forwarding state [ 177.059927][ T7398] loop0: detected capacity change from 0 to 128 [ 177.081643][ T3013] bridge0: port 2(bridge_slave_1) entered blocking state [ 177.088829][ T3013] bridge0: port 2(bridge_slave_1) entered forwarding state [ 177.166264][ T7398] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 177.196464][ T7398] ext4 filesystem being mounted at /140/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 177.245434][ T7405] can0: slcan on ttyS3. [ 177.362857][ T7405] can0 (unregistered): slcan off ttyS3. [ 177.496263][ T5231] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 177.706063][ T7419] loop0: detected capacity change from 0 to 2048 [ 177.729504][ T7419] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 177.779799][ T7419] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 177.798929][ T7171] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 177.905052][ T7041] veth0_vlan: entered promiscuous mode [ 177.966836][ T7041] veth1_vlan: entered promiscuous mode [ 178.023467][ T7171] veth0_vlan: entered promiscuous mode [ 178.069487][ T7171] veth1_vlan: entered promiscuous mode [ 178.138190][ T7041] veth0_macvtap: entered promiscuous mode [ 178.158483][ T7436] netlink: 'syz.0.710': attribute type 1 has an invalid length. [ 178.170471][ T7436] netlink: 9352 bytes leftover after parsing attributes in process `syz.0.710'. [ 178.175817][ T7041] veth1_macvtap: entered promiscuous mode [ 178.186928][ T7436] netlink: 'syz.0.710': attribute type 1 has an invalid length. [ 178.229315][ T7436] netlink: 12 bytes leftover after parsing attributes in process `syz.0.710'. [ 178.280314][ T7171] veth0_macvtap: entered promiscuous mode [ 178.309258][ T7041] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 178.345367][ T7041] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 178.367885][ T7041] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 178.394530][ T7041] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 178.395997][ T7041] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 178.396020][ T7041] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 178.396035][ T7041] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 178.396053][ T7041] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 178.398324][ T7041] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 178.440534][ T7171] veth1_macvtap: entered promiscuous mode [ 178.458655][ T7041] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 178.458679][ T7041] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 178.458694][ T7041] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 178.458713][ T7041] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 178.458726][ T7041] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 178.458745][ T7041] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 178.458759][ T7041] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 178.458777][ T7041] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 178.460849][ T7041] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 178.509847][ T7041] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 178.509895][ T7041] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 178.509933][ T7041] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 178.509970][ T7041] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 178.524724][ T7171] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 178.524749][ T7171] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 178.524764][ T7171] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 178.524782][ T7171] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 178.524795][ T7171] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 178.524813][ T7171] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 178.524828][ T7171] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 178.524846][ T7171] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 178.524864][ T7171] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 178.524882][ T7171] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 178.535538][ T7171] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 178.582492][ T7171] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 178.852454][ T7171] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 178.862353][ T7171] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 178.872920][ T7171] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 178.886803][ T7171] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 178.897280][ T7171] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 178.929756][ T7171] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 178.950695][ T7171] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 178.972634][ C1] vxcan0: j1939_xtp_rx_abort_one: 0xffff888051c9a000: 0x00000: (2) System resources were needed for another task so this connection managed session was terminated. [ 178.990611][ T7171] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 179.021391][ T7171] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 179.033816][ T7171] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 179.040761][ T7450] netlink: 105120 bytes leftover after parsing attributes in process `syz.2.718'. [ 179.107158][ T7171] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 179.140950][ T7171] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 179.159469][ T7171] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 179.191533][ T7171] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 179.362629][ T7468] loop4: detected capacity change from 0 to 256 [ 179.387049][ T7468] exfat: Deprecated parameter 'utf8' [ 179.409179][ T7468] exfat: Deprecated parameter 'namecase' [ 179.431016][ T7468] exfat: Deprecated parameter 'namecase' [ 179.445070][ T7468] exfat: Deprecated parameter 'utf8' [ 179.450613][ T65] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 179.469407][ T65] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 179.514943][ T7468] exFAT-fs (loop4): failed to load upcase table (idx : 0x00012153, chksum : 0xc3dffc2e, utbl_chksum : 0xe619d30d) [ 179.548792][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 179.568438][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 179.658136][ T3013] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 179.686745][ T3013] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 179.746946][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 179.784627][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 179.880969][ T7472] loop2: detected capacity change from 0 to 2048 [ 179.940934][ T7460] orangefs_mount: mount request failed with -4 [ 179.998317][ T7472] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 180.298512][ T5221] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 180.306161][ T7488] loop1: detected capacity change from 0 to 256 [ 180.371989][ T7488] exfat: Deprecated parameter 'utf8' [ 180.391941][ T7488] exfat: Deprecated parameter 'namecase' [ 180.418055][ T7466] loop0: detected capacity change from 0 to 32768 [ 180.428266][ T7488] exfat: Deprecated parameter 'utf8' [ 180.458948][ T7466] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.725 (7466) [ 180.494904][ T7488] exFAT-fs (loop1): failed to load upcase table (idx : 0x00012153, chksum : 0xc3dffc2e, utbl_chksum : 0xe619d30d) [ 180.509185][ T7492] trusted_key: syz.5.735 sent an empty control message without MSG_MORE. [ 180.538784][ T7466] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 180.571505][ T7466] BTRFS info (device loop0): using sha256 (sha256-ni) checksum algorithm [ 180.603501][ T7466] BTRFS info (device loop0): using free-space-tree [ 180.681796][ T9] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 180.895054][ T9] usb 5-1: Using ep0 maxpacket: 8 [ 180.905022][ T9] usb 5-1: config 179 has an invalid interface number: 65 but max is 0 [ 180.921767][ T9] usb 5-1: config 179 has no interface number 0 [ 180.928062][ T9] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 180.959254][ T9] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 180.978693][ T9] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 181.019580][ T9] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 181.044518][ T9] usb 5-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 181.075678][ T9] usb 5-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 181.092784][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 181.093003][ T5231] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 181.124645][ T7490] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 181.242775][ T8] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 181.459549][ T9] input: Generic X-Box pad as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:179.65/input/input13 [ 181.504854][ T8] usb 2-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 181.521518][ T8] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 181.541111][ T8] usb 2-1: Product: syz [ 181.563409][ T8] usb 2-1: Manufacturer: syz [ 181.568119][ T8] usb 2-1: SerialNumber: syz [ 181.613257][ T8] usb 2-1: config 0 descriptor?? [ 181.633875][ T9] usb 5-1: USB disconnect, device number 5 [ 181.639723][ C0] xpad 5-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 181.639772][ C0] xpad 5-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 181.682611][ T9] xpad 5-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 181.941946][ T9] usb 2-1: USB disconnect, device number 5 [ 182.599173][ T7557] netlink: 148 bytes leftover after parsing attributes in process `syz.4.756'. [ 183.064956][ T7548] loop3: detected capacity change from 0 to 40427 [ 183.099988][ T7548] F2FS-fs (loop3): Insane cp_payload (553648128 >= 504) [ 183.130761][ T7548] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 183.132509][ T7576] loop5: detected capacity change from 0 to 128 [ 183.161439][ T7548] F2FS-fs (loop3): inline encryption not supported [ 183.167985][ T7548] F2FS-fs (loop3): Image doesn't support compression [ 183.181796][ T7576] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (39871!=39978) [ 183.230472][ T7548] F2FS-fs (loop3): invalid crc value [ 183.240187][ T7576] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 ro without journal. Quota mode: none. [ 183.318970][ T7548] F2FS-fs (loop3): Found nat_bits in checkpoint [ 183.341243][ T7576] EXT4-fs (loop5): ext4_remount: Checksum for group 0 failed (39871!=39978) [ 183.390894][ T7590] loop1: detected capacity change from 0 to 512 [ 183.425987][ T7590] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 183.440331][ T7041] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 183.479863][ T7590] EXT4-fs (loop1): 1 truncate cleaned up [ 183.493336][ T7590] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 183.568602][ T7548] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 183.621818][ T7548] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 183.836964][ T5224] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 183.902622][ T7171] syz-executor: attempt to access beyond end of device [ 183.902622][ T7171] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 183.942286][ T7171] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 184.007398][ T937] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 184.244203][ T7611] netlink: 8 bytes leftover after parsing attributes in process `syz.4.780'. [ 184.255787][ T937] usb 6-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 184.284304][ T937] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 184.330654][ T937] usb 6-1: Product: syz [ 184.368624][ T937] usb 6-1: Manufacturer: syz [ 184.381545][ T937] usb 6-1: SerialNumber: syz [ 184.402675][ T937] usb 6-1: config 0 descriptor?? [ 184.456312][ T7613] loop0: detected capacity change from 0 to 128 [ 184.683365][ T8] usb 6-1: USB disconnect, device number 6 [ 185.168947][ T7603] loop1: detected capacity change from 0 to 32768 [ 185.457470][ T7629] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 185.754957][ T8] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 185.949245][ T7640] netlink: 6 bytes leftover after parsing attributes in process `syz.4.792'. [ 185.971609][ T8] usb 4-1: Using ep0 maxpacket: 8 [ 185.979844][ T7642] loop0: detected capacity change from 0 to 128 [ 185.993058][ T8] usb 4-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 186.011722][ T8] usb 4-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 186.027295][ T8] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 186.039945][ T8] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 186.060467][ T8] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 186.076388][ T8] usb 4-1: Product: syz [ 186.084426][ T8] usb 4-1: Manufacturer: syz [ 186.097318][ T8] usb 4-1: SerialNumber: syz [ 186.252113][ T7651] sctp: [Deprecated]: syz.4.796 (pid 7651) Use of int in maxseg socket option. [ 186.252113][ T7651] Use struct sctp_assoc_value instead [ 186.341593][ T25] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 186.447739][ T7655] netlink: 8 bytes leftover after parsing attributes in process `syz.4.798'. [ 186.457716][ T7655] netlink: 48 bytes leftover after parsing attributes in process `syz.4.798'. [ 186.484227][ T7655] vlan2: entered allmulticast mode [ 186.489666][ T7655] team0: entered allmulticast mode [ 186.495443][ T7655] team_slave_0: entered allmulticast mode [ 186.502098][ T7655] team_slave_1: entered allmulticast mode [ 186.563427][ T25] usb 2-1: New USB device found, idVendor=2770, idProduct=9052, bcdDevice=15.f5 [ 186.591450][ T25] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 186.631382][ T25] usb 2-1: Product: syz [ 186.638379][ T25] usb 2-1: Manufacturer: syz [ 186.650367][ T25] usb 2-1: SerialNumber: syz [ 186.665391][ T25] usb 2-1: config 0 descriptor?? [ 186.682358][ T25] gspca_main: sq905c-2.14.0 probing 2770:9052 [ 186.690641][ T7657] netlink: 44 bytes leftover after parsing attributes in process `syz.4.799'. [ 186.744241][ T8] usb 4-1: 0:2 : does not exist [ 186.768692][ T7659] loop5: detected capacity change from 0 to 16 [ 186.814185][ T7659] erofs: (device loop5): mounted with root inode @ nid 36. [ 186.958696][ T5287] usb 4-1: USB disconnect, device number 4 [ 187.521661][ T5228] usb 2-1: USB disconnect, device number 6 [ 188.190380][ T7701] loop4: detected capacity change from 0 to 4096 [ 188.262178][ T7701] ntfs3: loop4: Different NTFS sector size (4096) and media sector size (512). [ 188.458071][ T7720] netlink: 12 bytes leftover after parsing attributes in process `syz.1.827'. [ 188.485232][ T7701] ntfs3: loop4: failed to convert "c46c" to iso8859-2 [ 188.791602][ T25] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 188.819287][ T7729] netlink: 'syz.0.834': attribute type 7 has an invalid length. [ 188.852968][ T7729] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.834'. [ 188.887622][ T7731] loop4: detected capacity change from 0 to 2048 [ 188.898582][ T7729] netlink: 'syz.0.834': attribute type 3 has an invalid length. [ 188.912410][ T7729] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.834'. [ 188.953407][ T7731] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 188.984116][ T25] usb 4-1: config 0 interface 0 altsetting 144 endpoint 0x81 has invalid wMaxPacketSize 0 [ 188.995868][ T25] usb 4-1: config 0 interface 0 has no altsetting 0 [ 189.002617][ T25] usb 4-1: New USB device found, idVendor=056a, idProduct=032b, bcdDevice= 0.00 [ 189.013746][ T7704] loop2: detected capacity change from 0 to 32768 [ 189.032308][ T25] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 189.052239][ T25] usb 4-1: config 0 descriptor?? [ 189.057925][ T7704] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.822 (7704) [ 189.111538][ T7704] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 189.128360][ T7704] BTRFS info (device loop2): using sha256 (sha256-ni) checksum algorithm [ 189.151942][ T7704] BTRFS info (device loop2): using free-space-tree [ 189.486086][ T5221] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 189.489551][ T25] wacom 0003:056A:032B.0009: unknown main item tag 0x0 [ 189.551739][ T25] wacom 0003:056A:032B.0009: hidraw0: USB HID v0.00 Device [HID 056a:032b] on usb-dummy_hcd.3-1/input0 [ 189.611425][ T5332] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 189.698652][ T5228] usb 4-1: USB disconnect, device number 5 [ 189.827747][ T5332] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 189.838176][ T5332] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 189.864209][ T5332] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 189.923062][ T5332] usb 5-1: config 0 descriptor?? [ 189.964180][ T5332] pwc: Askey VC010 type 2 USB webcam detected. [ 189.982823][ T7767] netlink: 12 bytes leftover after parsing attributes in process `syz.1.845'. [ 190.022819][ T55] Bluetooth: hci3: command 0x0405 tx timeout [ 190.092194][ T7769] netlink: 8 bytes leftover after parsing attributes in process `syz.2.843'. [ 190.353269][ T5332] pwc: recv_control_msg error -32 req 02 val 2b00 [ 190.581173][ T5332] pwc: recv_control_msg error -71 req 02 val 2c00 [ 190.602938][ T7761] loop0: detected capacity change from 0 to 32768 [ 190.620614][ T5332] pwc: recv_control_msg error -71 req 04 val 1000 [ 190.633710][ T5332] pwc: recv_control_msg error -71 req 04 val 1300 [ 190.646968][ T5332] pwc: recv_control_msg error -71 req 04 val 1400 [ 190.686801][ T5332] pwc: recv_control_msg error -71 req 02 val 2000 [ 190.698775][ T7761] XFS (loop0): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 190.724554][ T5332] pwc: recv_control_msg error -71 req 02 val 2100 [ 190.748691][ T5332] pwc: recv_control_msg error -71 req 04 val 1500 [ 190.785861][ T5332] pwc: recv_control_msg error -71 req 02 val 2500 [ 190.824462][ T5332] pwc: recv_control_msg error -71 req 02 val 2400 [ 190.875059][ T5332] pwc: recv_control_msg error -71 req 02 val 2600 [ 190.911040][ T5332] pwc: recv_control_msg error -71 req 02 val 2900 [ 190.920998][ T7761] XFS (loop0): Ending clean mount [ 190.943588][ T5332] pwc: recv_control_msg error -71 req 02 val 2800 [ 190.956051][ T7761] XFS (loop0): Quotacheck needed: Please wait. [ 190.982039][ T5332] pwc: recv_control_msg error -71 req 04 val 1100 [ 191.011513][ T5332] pwc: recv_control_msg error -71 req 04 val 1200 [ 191.033542][ T5332] pwc: Registered as video71. [ 191.040167][ T5332] input: PWC snapshot button as /devices/platform/dummy_hcd.4/usb5/5-1/input/input17 [ 191.111682][ T5332] usb 5-1: USB disconnect, device number 6 [ 191.138199][ T7761] XFS (loop0): Quotacheck: Done. [ 191.347839][ T5231] XFS (loop0): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 191.445934][ T25] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 191.624597][ T7825] program syz.4.869 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 191.673769][ T25] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 191.691367][ T25] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 191.728943][ T25] usb 2-1: config 0 descriptor?? [ 191.755866][ T25] cp210x 2-1:0.0: cp210x converter detected [ 192.172670][ T25] cp210x 2-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 192.207934][ T25] usb 2-1: cp210x converter now attached to ttyUSB0 [ 192.418898][ T25] usb 2-1: USB disconnect, device number 7 [ 192.450166][ T25] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 192.494532][ T25] cp210x 2-1:0.0: device disconnected [ 192.555009][ T7853] netlink: 68 bytes leftover after parsing attributes in process `syz.0.882'. [ 192.719683][ T7862] use of bytesused == 0 is deprecated and will be removed in the future, [ 192.729082][ T7862] use the actual size instead. [ 192.793005][ T7861] ceph: missing cluster fsid [ 192.797631][ T7861] ceph: separator ':' missing in source [ 192.933875][ T5287] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 193.141355][ T5287] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 193.165950][ T5287] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 193.215047][ T5287] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 193.245223][ T5287] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 193.271598][ T5287] usb 5-1: SerialNumber: syz [ 193.345756][ T7880] loop2: detected capacity change from 0 to 256 [ 193.386501][ T7882] netlink: 136 bytes leftover after parsing attributes in process `syz.1.895'. [ 193.396244][ T7882] netlink: 89 bytes leftover after parsing attributes in process `syz.1.895'. [ 193.505664][ T5287] usb 5-1: 0:2 : does not exist [ 193.543653][ T7888] netlink: 'syz.0.898': attribute type 1 has an invalid length. [ 193.566002][ T5287] usb 5-1: USB disconnect, device number 7 [ 193.790824][ T1261] ieee802154 phy0 wpan0: encryption failed: -22 [ 193.797379][ T1261] ieee802154 phy1 wpan1: encryption failed: -22 [ 193.953851][ T7908] A link change request failed with some changes committed already. Interface sit0 may have been left with an inconsistent configuration, please check. [ 194.219270][ T7918] A link change request failed with some changes committed already. Interface batadv0 may have been left with an inconsistent configuration, please check. [ 194.264992][ T7921] netlink: 8 bytes leftover after parsing attributes in process `syz.0.913'. [ 194.370089][ T7926] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 194.566861][ T7933] netlink: 8 bytes leftover after parsing attributes in process `syz.5.920'. [ 194.655531][ T7938] loop3: detected capacity change from 0 to 128 [ 194.680415][ T7938] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 194.717522][ T7938] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 194.810576][ T7939] loop1: detected capacity change from 0 to 4096 [ 194.827091][ T7945] loop0: detected capacity change from 0 to 64 [ 194.833909][ T7939] ntfs3: loop1: Different NTFS sector size (4096) and media sector size (512). [ 194.881485][ T5332] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 194.918115][ T1114] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 194.919083][ T7944] loop5: detected capacity change from 0 to 4096 [ 194.934945][ T29] audit: type=1800 audit(1723989223.793:77): pid=7945 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.937" name="bus" dev="loop0" ino=9 res=0 errno=0 [ 195.009886][ T7951] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 195.024343][ T7939] ntfs3: loop1: Mark volume as dirty due to NTFS errors [ 195.072088][ T5332] usb 5-1: Using ep0 maxpacket: 8 [ 195.083458][ T5332] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 195.121646][ T5332] usb 5-1: New USB device found, idVendor=05ac, idProduct=8501, bcdDevice=20.9d [ 195.130705][ T5332] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 195.181868][ T5332] usb 5-1: config 0 descriptor?? [ 195.209121][ T7955] cannot load conntrack support for proto=3 [ 195.216898][ T7944] syz.5.925 (7944) used greatest stack depth: 18336 bytes left [ 195.405702][ T5287] usb 5-1: USB disconnect, device number 8 [ 196.228155][ T8006] openvswitch: netlink: Missing key (keys=40, expected=2000) [ 196.382931][ T8012] tap0: tun_chr_ioctl cmd 1074025673 [ 196.388233][ T8014] ptrace attach of "./syz-executor exec"[5223] was attempted by "./syz-executor exec"[8014] [ 196.436304][ T8016] loop3: detected capacity change from 0 to 128 [ 196.477539][ T8016] EXT4-fs (loop3): Test dummy encryption mode enabled [ 196.503094][ T8016] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 196.522593][ T8016] ext4 filesystem being mounted at /32/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 196.673472][ T8031] loop1: detected capacity change from 0 to 1024 [ 196.686311][ T8031] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 196.714113][ T8031] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 196.804201][ T5224] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 196.812277][ T29] audit: type=1326 audit(1723989225.663:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8034 comm="syz.2.963" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f680a379e79 code=0x0 [ 196.835060][ C1] vkms_vblank_simulate: vblank timer overrun [ 196.837571][ T8] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 196.870476][ T29] audit: type=1326 audit(1723989225.723:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8034 comm="syz.2.963" exe="/root/syz-executor" sig=31 arch=c000003e syscall=436 compat=0 ip=0x7f680a379e79 code=0x0 [ 196.896965][ T8016] fscrypt: AES-256-CBC-CTS using implementation "cts-cbc-aes-aesni" [ 197.031840][ T8] usb 5-1: Using ep0 maxpacket: 16 [ 197.039362][ T8] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 197.071807][ T8] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 197.085921][ T8] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 197.103227][ T8] usb 5-1: Product: syz [ 197.105760][ T7171] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 197.107503][ T8] usb 5-1: Manufacturer: syz [ 197.123246][ T8] usb 5-1: SerialNumber: syz [ 197.137697][ T8] usb 5-1: config 0 descriptor?? [ 197.162800][ T8] em28xx 5-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 197.179749][ T8] em28xx 5-1:0.0: DVB interface 0 found: bulk [ 197.230319][ T8042] netlink: 277 bytes leftover after parsing attributes in process `syz.0.966'. [ 197.379046][ T8044] loop1: detected capacity change from 0 to 4096 [ 197.402899][ T8044] ntfs3: loop1: Different NTFS sector size (2048) and media sector size (512). [ 197.483333][ T8044] ntfs3: loop1: Failed to initialize $Extend/$ObjId. [ 197.770293][ T8] em28xx 5-1:0.0: chip ID is em2710/2820 [ 198.057353][ T8] em28xx 5-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 198.082993][ T8] em28xx 5-1:0.0: board has no eeprom [ 198.146875][ T8046] loop3: detected capacity change from 0 to 32768 [ 198.181705][ T8] em28xx 5-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 198.219008][ T8] em28xx 5-1:0.0: dvb set to bulk mode. [ 198.226267][ T5228] em28xx 5-1:0.0: Binding DVB extension [ 198.245302][ T8] usb 5-1: USB disconnect, device number 9 [ 198.266299][ T8] em28xx 5-1:0.0: Disconnecting em28xx [ 198.369084][ T5228] em28xx 5-1:0.0: Registering input extension [ 198.389672][ T8] em28xx 5-1:0.0: Closing input extension [ 198.424688][ T8] em28xx 5-1:0.0: Freeing device [ 198.611428][ T5287] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 198.831093][ T8063] loop4: detected capacity change from 0 to 256 [ 198.833599][ T5287] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 198.862120][ T5287] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 198.869033][ T8063] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 198.893466][ T5287] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 198.941411][ T5287] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 198.976353][ T5287] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 199.012410][ T5287] usb 2-1: config 0 descriptor?? [ 199.113487][ T8053] loop0: detected capacity change from 0 to 32768 [ 199.443806][ T5287] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0 [ 199.467466][ T5287] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0 [ 199.491201][ T5287] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0 [ 199.507491][ T5287] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0 [ 199.522607][ T5287] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0 [ 199.530213][ T5287] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0 [ 199.537928][ T5287] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0 [ 199.571618][ T5287] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0 [ 199.593678][ T5287] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0 [ 199.610105][ T5287] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0 [ 199.619119][ T5287] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0 [ 199.639483][ T5287] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0 [ 199.648570][ T5287] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0 [ 199.660952][ T5287] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0 [ 199.674962][ T5287] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0 [ 199.688022][ T5287] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0 [ 199.696212][ T5287] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0 [ 199.715877][ T5287] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0 [ 199.728941][ T5287] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0 [ 199.752654][ T5287] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0 [ 199.771467][ T5287] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0 [ 199.805087][ T5287] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0 [ 199.825491][ T5287] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0 [ 199.836939][ T5287] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0 [ 199.851055][ T5287] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0 [ 199.865775][ T5287] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0 [ 199.876043][ T5287] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0 [ 199.884983][ T5287] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0 [ 199.892746][ T5287] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0 [ 199.900340][ T5287] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0 [ 199.907950][ T5287] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0 [ 199.924487][ T5287] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0 [ 199.947798][ T5287] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0 [ 199.968125][ T5287] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0 [ 199.979954][ T5287] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0 [ 199.990584][ T5287] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0 [ 200.002918][ T5287] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0 [ 200.054272][ T5287] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0 [ 200.057756][ T8084] Bluetooth: MGMT ver 1.23 [ 200.086417][ T5287] plantronics 0003:047F:FFFF.000A: No inputs registered, leaving [ 200.134951][ T5287] plantronics 0003:047F:FFFF.000A: hiddev0,hidraw0: USB HID v0.00 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 200.201530][ T5287] usb 2-1: USB disconnect, device number 8 [ 200.884788][ T8109] loop1: detected capacity change from 0 to 2048 [ 201.011144][ T8109] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 201.036627][ T8109] ext4 filesystem being mounted at /197/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 201.067262][ T8109] fs-verity: sha512 using implementation "sha512-avx2" [ 201.153703][ T8121] loop0: detected capacity change from 0 to 512 [ 201.181989][ T8121] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 201.192223][ T8125] ALSA: mixer_oss: invalid OSS volume '' [ 201.197899][ T8125] ALSA: mixer_oss: invalid OSS volume '' [ 201.224671][ T8125] ALSA: mixer_oss: invalid OSS volume 'L' [ 201.244492][ T5224] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 201.269568][ T8121] EXT4-fs (loop0): 1 truncate cleaned up [ 201.313073][ T8121] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 201.380255][ T8133] loop1: detected capacity change from 0 to 64 [ 201.422498][ T8133] overlayfs: only single ':' or double '::' sequences of unescaped colons in lowerdir mount option allowed. [ 201.503746][ T5231] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 201.609607][ T8135] loop4: detected capacity change from 0 to 512 [ 201.621464][ T5287] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 201.663616][ T8135] Quota error (device loop4): do_check_range: Getting dqdh_entries 1536 out of range 0-14 [ 201.665533][ T8141] loop0: detected capacity change from 0 to 512 [ 201.691630][ T8135] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 201.712578][ T8135] EXT4-fs error (device loop4): ext4_acquire_dquot:6848: comm syz.4.1007: Failed to acquire dquot type 1 [ 201.731507][ T8141] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 201.750269][ T8135] EXT4-fs (loop4): 1 truncate cleaned up [ 201.758332][ T8135] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 201.772755][ T8135] ext4 filesystem being mounted at /197/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 201.792587][ T8141] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a00ec01c, mo2=0002] [ 201.811527][ T8141] System zones: 1-12 [ 201.824684][ T8141] EXT4-fs (loop0): 1 truncate cleaned up [ 201.832541][ T8141] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 201.845138][ T5287] usb 3-1: Using ep0 maxpacket: 32 [ 201.855014][ T5287] usb 3-1: New USB device found, idVendor=14aa, idProduct=0226, bcdDevice=b8.19 [ 201.866813][ T5287] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 201.881405][ T5287] usb 3-1: Product: syz [ 201.889714][ T5287] usb 3-1: Manufacturer: syz [ 201.894412][ T5287] usb 3-1: SerialNumber: syz [ 201.902393][ T5287] usb 3-1: config 0 descriptor?? [ 201.923767][ T5287] dvb-usb: found a 'WideView WT-220U PenType Receiver (Typhoon/Freecom)' in warm state. [ 201.941898][ T5287] dvb-usb: bulk message failed: -22 (2/0) [ 201.951323][ T5287] dvb-usb: will use the device's hardware PID filter (table count: 15). [ 201.967857][ T8147] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1010'. [ 201.978763][ T5287] dvbdev: DVB: registering new adapter (WideView WT-220U PenType Receiver (Typhoon/Freecom)) [ 202.001920][ T5287] usb 3-1: media controller created [ 202.017230][ T5231] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 202.017654][ T5223] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 202.029119][ T5287] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 202.095593][ T5287] usb 3-1: DVB: registering adapter 1 frontend 0 (WideView USB DVB-T)... [ 202.153802][ T5287] dvbdev: dvb_create_media_entity: media entity 'WideView USB DVB-T' registered. [ 202.351447][ T5287] rc_core: IR keymap rc-dtt200u not found [ 202.357223][ T5287] Registered IR keymap rc-empty [ 202.403199][ T5287] rc rc0: WideView WT-220U PenType Receiver (Typhoon/Freecom) as /devices/platform/dummy_hcd.2/usb3/3-1/rc/rc0 [ 202.443834][ T5287] input: WideView WT-220U PenType Receiver (Typhoon/Freecom) as /devices/platform/dummy_hcd.2/usb3/3-1/rc/rc0/input19 [ 202.487991][ T5287] dvb-usb: schedule remote query interval to 300 msecs. [ 202.508118][ T5287] dvb-usb: WideView WT-220U PenType Receiver (Typhoon/Freecom) successfully initialized and connected. [ 202.543628][ T5287] usb 3-1: USB disconnect, device number 9 [ 202.631236][ T5287] dvb-usb: WideView WT-220U PenType Receiver (Typh successfully deinitialized and disconnected. [ 203.237629][ T8189] loop3: detected capacity change from 0 to 128 [ 203.246543][ T8191] loop2: detected capacity change from 0 to 128 [ 203.284537][ T8191] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 203.585780][ T8171] loop0: detected capacity change from 0 to 32768 [ 203.642547][ T5287] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 203.660860][ T8173] loop4: detected capacity change from 0 to 32768 [ 203.662964][ T8171] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 203.699250][ T8173] XFS (loop4): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 203.754502][ T8217] loop3: detected capacity change from 0 to 128 [ 203.765692][ T8173] XFS (loop4): Ending clean mount [ 203.798785][ T8173] XFS (loop4): Quotacheck needed: Please wait. [ 203.843654][ T5287] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 203.855414][ T5287] usb 2-1: New USB device found, idVendor=046d, idProduct=08c1, bcdDevice=ee.8d [ 203.857857][ T8171] XFS (loop0): Ending clean mount [ 203.871379][ T5287] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 203.884126][ T5287] usb 2-1: config 0 descriptor?? [ 203.904229][ T8173] XFS (loop4): Quotacheck: Done. [ 204.147709][ T5231] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 204.166549][ T25] usb 2-1: USB disconnect, device number 9 [ 204.190983][ T5223] XFS (loop4): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 204.582830][ T8226] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1041'. [ 205.181541][ T8] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 205.262531][ T8245] syzkaller1: entered promiscuous mode [ 205.268032][ T8245] syzkaller1: entered allmulticast mode [ 205.387519][ T8] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 205.421517][ T8] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 205.441946][ T8] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 205.497545][ T8] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 205.521158][ T8] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 205.531059][ T8] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 205.554052][ T8] usb 4-1: config 0 descriptor?? [ 205.578628][ T8236] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 205.759143][ T8234] loop4: detected capacity change from 0 to 32768 [ 206.019733][ T8] plantronics 0003:047F:FFFF.000B: unknown main item tag 0xd [ 206.059382][ T8] plantronics 0003:047F:FFFF.000B: No inputs registered, leaving [ 206.124560][ T8] plantronics 0003:047F:FFFF.000B: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 206.425903][ T8] usb 4-1: USB disconnect, device number 6 [ 206.612472][ T8285] netlink: 116 bytes leftover after parsing attributes in process `syz.4.1051'. [ 206.902642][ T8288] team0: Port device virt_wifi0 added [ 207.670099][ T8263] loop2: detected capacity change from 0 to 32768 [ 311.511295][ C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 311.518273][ C0] rcu: 1-...!: (1 GPs behind) idle=eaa4/1/0x4000000000000000 softirq=19798/19799 fqs=112 [ 311.529663][ C0] rcu: (detected by 0, t=10502 jiffies, g=27501, q=991 ncpus=2) [ 311.537385][ C0] Sending NMI from CPU 0 to CPUs 1: [ 311.542597][ C1] NMI backtrace for cpu 1 [ 311.542609][ C1] CPU: 1 UID: 0 PID: 8249 Comm: syz-executor Not tainted 6.11.0-rc3-syzkaller-00338-gc3f2d783a459 #0 [ 311.542634][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 311.542648][ C1] RIP: 0010:__lock_acquire+0xf44/0x2040 [ 311.542686][ C1] Code: 00 8b 1b 81 e3 ff 1f 00 00 48 89 d8 48 c1 e8 06 48 8d 3c c5 40 18 73 93 be 08 00 00 00 e8 84 eb 8a 00 48 0f a3 1d 8c 34 03 12 <0f> 83 69 02 00 00 48 69 c3 c8 00 00 00 48 8d 98 40 77 41 93 48 bf [ 311.542705][ C1] RSP: 0018:ffffc90000a18a70 EFLAGS: 00000057 [ 311.542730][ C1] RAX: 0000000000000001 RBX: 0000000000000021 RCX: ffffffff816fe3ac [ 311.542746][ C1] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff93731840 [ 311.542761][ C1] RBP: 3ab6d40026a7fe15 R08: ffffffff93731847 R09: 1ffffffff26e6308 [ 311.542778][ C1] R10: dffffc0000000000 R11: fffffbfff26e6309 R12: 0000000000000001 [ 311.542794][ C1] R13: ffff8880223c46d8 R14: 1ffff110044788e5 R15: ffff8880223c4728 [ 311.542814][ C1] FS: 000055557e8ac500(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000 [ 311.542834][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 311.542850][ C1] CR2: 0000000020000200 CR3: 000000005a6ae000 CR4: 0000000000350ef0 [ 311.542867][ C1] Call Trace: [ 311.542876][ C1] [ 311.542885][ C1] ? nmi_cpu_backtrace+0x3c2/0x4d0 [ 311.542914][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 311.542948][ C1] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 311.542989][ C1] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 311.543019][ C1] ? nmi_handle+0x151/0x5a0 [ 311.543041][ C1] ? nmi_handle+0x2a/0x5a0 [ 311.543064][ C1] ? __lock_acquire+0xf44/0x2040 [ 311.543096][ C1] ? default_do_nmi+0x63/0x160 [ 311.543125][ C1] ? exc_nmi+0x123/0x1f0 [ 311.543152][ C1] ? end_repeat_nmi+0xf/0x53 [ 311.543186][ C1] ? __lock_acquire+0xf3c/0x2040 [ 311.543218][ C1] ? __lock_acquire+0xf44/0x2040 [ 311.543250][ C1] ? __lock_acquire+0xf44/0x2040 [ 311.543283][ C1] ? __lock_acquire+0xf44/0x2040 [ 311.543315][ C1] [ 311.543322][ C1] [ 311.543343][ C1] lock_acquire+0x1ed/0x550 [ 311.543373][ C1] ? __hrtimer_run_queues+0x670/0xd50 [ 311.543400][ C1] ? advance_sched+0xa02/0xca0 [ 311.543428][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 311.543463][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 311.543494][ C1] ? do_raw_spin_unlock+0x13c/0x8b0 [ 311.543521][ C1] ? taprio_set_budgets+0x32c/0x370 [ 311.543547][ C1] ? advance_sched+0xa02/0xca0 [ 311.543570][ C1] ? advance_sched+0xa02/0xca0 [ 311.543598][ C1] _raw_spin_lock_irq+0xd3/0x120 [ 311.543630][ C1] ? __hrtimer_run_queues+0x670/0xd50 [ 311.543655][ C1] ? __pfx__raw_spin_lock_irq+0x10/0x10 [ 311.543695][ C1] __hrtimer_run_queues+0x670/0xd50 [ 311.543724][ C1] ? ktime_get_update_offsets_now+0x3c/0x250 [ 311.543768][ C1] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 311.543794][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 311.543824][ C1] ? ktime_get_update_offsets_now+0x22d/0x250 [ 311.543861][ C1] hrtimer_interrupt+0x396/0x990 [ 311.543902][ C1] __sysvec_apic_timer_interrupt+0x112/0x3f0 [ 311.543941][ C1] sysvec_apic_timer_interrupt+0xa1/0xc0 [ 311.543975][ C1] [ 311.543982][ C1] [ 311.543990][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 311.544019][ C1] RIP: 0010:__page_table_check_zero+0x105/0x350 [ 311.544057][ C1] Code: 49 c7 c5 40 69 f9 94 49 c1 ed 03 eb 0a 4c 03 25 c1 62 f3 12 49 ff c7 83 7c 24 04 3f 0f 87 e6 00 00 00 e8 5e 84 8d ff 4c 89 fd <44> 89 f1 48 d3 ed 31 ff 48 89 ee e8 2b 89 8d ff 48 85 ed 0f 85 e3 [ 311.544075][ C1] RSP: 0018:ffffc900049f7800 EFLAGS: 00000293 [ 311.544093][ C1] RAX: ffffffff82060692 RBX: dffffc0000000000 RCX: ffff8880223c3c00 [ 311.544111][ C1] RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffff88801919bbcc [ 311.544125][ C1] RBP: 0000000000000001 R08: ffff88801919bbcf R09: 1ffff11003233779 [ 311.544142][ C1] R10: dffffc0000000000 R11: ffffed100323377a R12: ffff88801919bbd0 [ 311.544159][ C1] R13: 1ffffffff29f2d28 R14: 0000000000000000 R15: 0000000000000001 [ 311.544179][ C1] ? __page_table_check_zero+0x102/0x350 [ 311.544224][ C1] post_alloc_hook+0x206/0x230 [ 311.544257][ C1] get_page_from_freelist+0x2e4c/0x2f10 [ 311.544301][ C1] ? __alloc_pages_noprof+0x166/0x6c0 [ 311.544345][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 311.544379][ C1] ? prepare_alloc_pages+0x369/0x5d0 [ 311.544417][ C1] __alloc_pages_noprof+0x256/0x6c0 [ 311.544454][ C1] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 311.544487][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 311.544522][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 311.544554][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 311.544585][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 311.544620][ C1] alloc_pages_mpol_noprof+0x3e8/0x680 [ 311.544661][ C1] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 311.544696][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 311.544732][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 311.544764][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 311.544794][ C1] ? alloc_pages_noprof+0xef/0x170 [ 311.544831][ C1] __vmalloc_node_range_noprof+0xa40/0x1400 [ 311.544875][ C1] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 311.544907][ C1] vmalloc_user_noprof+0x74/0x80 [ 311.544930][ C1] ? kcov_ioctl+0x59/0x640 [ 311.544961][ C1] kcov_ioctl+0x59/0x640 [ 311.544993][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 311.545023][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 311.545052][ C1] ? security_file_ioctl+0x87/0xb0 [ 311.545077][ C1] ? __pfx_kcov_ioctl+0x10/0x10 [ 311.545110][ C1] __se_sys_ioctl+0xfe/0x170 [ 311.545140][ C1] do_syscall_64+0xf3/0x230 [ 311.545167][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 311.545193][ C1] RIP: 0033:0x7f9775579a7b [ 311.545212][ C1] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00 [ 311.545230][ C1] RSP: 002b:00007fff261fdfe0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 311.545252][ C1] RAX: ffffffffffffffda RBX: 0000000000100000 RCX: 00007f9775579a7b [ 311.545267][ C1] RDX: 0000000000100000 RSI: ffffffff80086301 RDI: 00000000000000d7 [ 311.545283][ C1] RBP: 00007f9775715f40 R08: 00000000000000da R09: 0000000000000000 [ 311.545297][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 311.545311][ C1] R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000000 [ 311.545336][ C1] [ 311.545589][ C0] rcu: rcu_preempt kthread starved for 10278 jiffies! g27501 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0 [ 312.181650][ C0] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 312.191622][ C0] rcu: RCU grace-period kthread stack dump: [ 312.197505][ C0] task:rcu_preempt state:R running task stack:25560 pid:17 tgid:17 ppid:2 flags:0x00004000 [ 312.209255][ C0] Call Trace: [ 312.212537][ C0] [ 312.215484][ C0] __schedule+0x1800/0x4a60 [ 312.220032][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 312.225689][ C0] ? __pfx___schedule+0x10/0x10 [ 312.230566][ C0] ? __pfx_lock_release+0x10/0x10 [ 312.235606][ C0] ? __asan_memset+0x23/0x50 [ 312.240216][ C0] ? __pfx_lockdep_init_map_type+0x10/0x10 [ 312.246040][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 312.252388][ C0] ? schedule+0x90/0x320 [ 312.256648][ C0] schedule+0x14b/0x320 [ 312.260826][ C0] schedule_timeout+0x1be/0x310 [ 312.265694][ C0] ? __pfx_schedule_timeout+0x10/0x10 [ 312.271081][ C0] ? __pfx_process_timeout+0x10/0x10 [ 312.276393][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 312.282039][ C0] ? prepare_to_swait_event+0x32e/0x350 [ 312.287607][ C0] rcu_gp_fqs_loop+0x2df/0x1330 [ 312.292473][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 312.297709][ C0] ? __pfx_rcu_implicit_dynticks_qs+0x10/0x10 [ 312.303795][ C0] ? __pfx_rcu_gp_fqs_loop+0x10/0x10 [ 312.309094][ C0] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 312.315012][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 312.320660][ C0] ? finish_swait+0xd4/0x1e0 [ 312.325269][ C0] rcu_gp_kthread+0xa7/0x3b0 [ 312.329877][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 312.335089][ C0] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 312.341005][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 312.346656][ C0] ? __kthread_parkme+0x169/0x1d0 [ 312.351701][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 312.356913][ C0] kthread+0x2f2/0x390 [ 312.361004][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 312.366214][ C0] ? __pfx_kthread+0x10/0x10 [ 312.370826][ C0] ret_from_fork+0x4d/0x80 [ 312.375263][ C0] ? __pfx_kthread+0x10/0x10 [ 312.379875][ C0] ret_from_fork_asm+0x1a/0x30 [ 312.384677][ C0] [ 312.387696][ C0] rcu: Stack dump where RCU GP kthread last ran: [ 312.394027][ C0] CPU: 0 UID: 0 PID: 5228 Comm: kworker/0:4 Not tainted 6.11.0-rc3-syzkaller-00338-gc3f2d783a459 #0 [ 312.404790][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 312.414851][ C0] Workqueue: events once_deferred [ 312.419901][ C0] RIP: 0010:smp_call_function_many_cond+0x1865/0x29d0 [ 312.426673][ C0] Code: 89 e6 83 e6 01 31 ff e8 39 15 0c 00 41 83 e4 01 49 bc 00 00 00 00 00 fc ff df 75 07 e8 e4 10 0c 00 eb 38 f3 90 42 0f b6 04 23 <84> c0 75 11 41 f7 45 00 01 00 00 00 74 1e e8 c8 10 0c 00 eb e4 44 [ 312.446284][ C0] RSP: 0018:ffffc9000311f7c0 EFLAGS: 00000293 [ 312.452358][ C0] RAX: 0000000000000000 RBX: 1ffff110172688f1 RCX: ffff88802fbc5a00 [ 312.460336][ C0] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 312.468310][ C0] RBP: ffffc9000311f9a0 R08: ffffffff818779f7 R09: 1ffffffff26e6308 [ 312.476374][ C0] R10: dffffc0000000000 R11: fffffbfff26e6309 R12: dffffc0000000000 [ 312.484350][ C0] R13: ffff8880b9344788 R14: ffff8880b923fb40 R15: 0000000000000001 [ 312.492330][ C0] FS: 0000000000000000(0000) GS:ffff8880b9200000(0000) knlGS:0000000000000000 [ 312.501263][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 312.507847][ C0] CR2: 0000001b3321eff8 CR3: 000000000e734000 CR4: 0000000000350ef0 [ 312.515823][ C0] Call Trace: [ 312.519155][ C0] [ 312.522004][ C0] ? rcu_check_gp_kthread_starvation+0x278/0x310 [ 312.528360][ C0] ? print_other_cpu_stall+0x1470/0x15a0 [ 312.534006][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 312.539657][ C0] ? __lock_acquire+0x137a/0x2040 [ 312.544720][ C0] ? __pfx_print_other_cpu_stall+0x10/0x10 [ 312.550559][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 312.556213][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 312.561859][ C0] ? kvm_check_and_clear_guest_paused+0x6a/0xd0 [ 312.568118][ C0] ? rcu_sched_clock_irq+0xa2c/0x10d0 [ 312.573510][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 312.579169][ C0] ? __pfx_rcu_sched_clock_irq+0x10/0x10 [ 312.584822][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 312.590557][ C0] ? hrtimer_run_queues+0x16c/0x460 [ 312.595767][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 312.601411][ C0] ? acct_account_cputime+0x207/0x210 [ 312.606807][ C0] ? update_process_times+0x1ce/0x230 [ 312.612199][ C0] ? tick_nohz_handler+0x37c/0x500 [ 312.617327][ C0] ? __pfx_tick_nohz_handler+0x10/0x10 [ 312.622801][ C0] ? __hrtimer_run_queues+0x553/0xd50 [ 312.628183][ C0] ? ktime_get_update_offsets_now+0x3c/0x250 [ 312.634229][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 312.639977][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 312.645634][ C0] ? ktime_get_update_offsets_now+0x22d/0x250 [ 312.651728][ C0] ? hrtimer_interrupt+0x396/0x990 [ 312.656966][ C0] ? __sysvec_apic_timer_interrupt+0x112/0x3f0 [ 312.663145][ C0] ? sysvec_apic_timer_interrupt+0xa1/0xc0 [ 312.668974][ C0] [ 312.671909][ C0] [ 312.674844][ C0] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 312.681027][ C0] ? smp_call_function_many_cond+0x1847/0x29d0 [ 312.687195][ C0] ? smp_call_function_many_cond+0x1865/0x29d0 [ 312.693367][ C0] ? nf_ct_get_id+0x6e/0x1a0 [ 312.697995][ C0] ? __pfx_do_sync_core+0x10/0x10 [ 312.703033][ C0] ? nf_ct_get_id+0x6e/0x1a0 [ 312.707654][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 312.713311][ C0] ? __pfx_smp_call_function_many_cond+0x10/0x10 [ 312.719649][ C0] ? __pfx___might_resched+0x10/0x10 [ 312.724956][ C0] ? __pfx___mutex_trylock_common+0x10/0x10 [ 312.730861][ C0] ? __pfx_do_sync_core+0x10/0x10 [ 312.735901][ C0] on_each_cpu_cond_mask+0x3f/0x80 [ 312.741029][ C0] text_poke_bp_batch+0x352/0xb30 [ 312.746079][ C0] ? arch_jump_label_transform_apply+0x17/0x30 [ 312.752248][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 312.757292][ C0] ? __pfx_text_poke_bp_batch+0x10/0x10 [ 312.762859][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 312.768507][ C0] ? arch_jump_label_transform_queue+0x9b/0x100 [ 312.774767][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 312.780416][ C0] ? __jump_label_update+0x379/0x3a0 [ 312.785732][ C0] text_poke_finish+0x30/0x50 [ 312.790422][ C0] arch_jump_label_transform_apply+0x1c/0x30 [ 312.796449][ C0] static_key_disable_cpuslocked+0xd2/0x1c0 [ 312.802369][ C0] static_key_disable+0x1a/0x20 [ 312.807238][ C0] once_deferred+0x70/0xb0 [ 312.811678][ C0] ? process_scheduled_works+0x945/0x1830 [ 312.817413][ C0] process_scheduled_works+0xa2e/0x1830 [ 312.823021][ C0] ? __pfx_process_scheduled_works+0x10/0x10 [ 312.829033][ C0] ? assign_work+0x364/0x3d0 [ 312.833646][ C0] worker_thread+0x86d/0xd40 [ 312.838265][ C0] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 312.844183][ C0] ? __kthread_parkme+0x169/0x1d0 [ 312.849234][ C0] ? __pfx_worker_thread+0x10/0x10 [ 312.854362][ C0] kthread+0x2f2/0x390 [ 312.858455][ C0] ? __pfx_worker_thread+0x10/0x10 [ 312.863586][ C0] ? __pfx_kthread+0x10/0x10 [ 312.868199][ C0] ret_from_fork+0x4d/0x80 [ 312.872637][ C0] ? __pfx_kthread+0x10/0x10 [ 312.877248][ C0] ret_from_fork_asm+0x1a/0x30 [ 312.882051][ C0]