last executing test programs: 3.34315125s ago: executing program 0 (id=1844): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000640)=@framed={{}, [@printk={@lld, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x9b}}, @call={0x85, 0x0, 0x0, 0x7d}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r0, 0x0, 0x10, 0x10, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) 3.010104391s ago: executing program 0 (id=1851): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000640)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000756c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b702000000000000850000009b000000850000002300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r0, 0x0, 0x10, 0x10, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) 2.639406766s ago: executing program 0 (id=1853): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_DELETE(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)={0x18, 0x2, 0x1, 0x3, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x4}]}, 0x18}}, 0x0) 2.391061368s ago: executing program 2 (id=1857): r0 = socket(0x25, 0x5, 0x0) readv(r0, &(0x7f0000000800)=[{&(0x7f0000000200)=""/146, 0x92}], 0x1) 2.390345418s ago: executing program 0 (id=1858): syz_mount_image$jfs(&(0x7f00000001c0), &(0x7f0000000200)='./file0\x00', 0x8000, &(0x7f0000000300)={[{@usrquota}, {@errors_continue}, {@nodiscard}, {@usrquota}, {@errors_remount}, {@discard}, {@resize_size}, {@nointegrity}, {@errors_continue}, {@gid}, {@uid}, {@noquota}, {@noquota}, {@iocharset={'iocharset', 0x3d, 'default'}}], [{@uid_eq}, {@smackfstransmute={'smackfstransmute', 0x3d, 'noquota'}}, {@uid_eq}, {@permit_directio}, {@dont_appraise}, {@obj_user={'obj_user', 0x3d, '\xf3&&[\']$,A'}}]}, 0x1, 0x61ac, &(0x7f00000065c0)="$eJzs3UtvHWf9B/DfnJsv+TeNuqj6jxBy23AppbmWECjQZAELNixQtihR6lYRKaAkoLSKiCtvWPAiQEgsEWLJihfQBVt2vAAi2UigrjpofJ7HGU/OybHr+ozt+XwkZ+Z3nhmfZ/I9cy6emfMEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA//MGPLxQRceNX6YZTEf8X/YhexFJVr0TE0sqpvPwgIl6KreZ4MSKGCxHV+lv/PB/xZkR8fDLdFrF2cZf9+P6f//GHn5z40d//NDz337/c7781bbkHD377n78+2s8WAwAAQPeUZVkW6WP+6fT5vtd2pwCAuciv/2WSb1er1Wq1Wn386rpyskf1IiLW6utU7xkcjgeAI2YtPmm7C7RI/p02iIgTbXcCONSKtjvAgdjYfHirSPkW9deDlXF7PhdkR/5rxdZ6ef1J01ma55jM6/G1Hv14YUp/lubUh8Mk599r5n9j3D5Kyx10/vMyLf/R+NKnzsn595v5Nxyf/HsT8++qnP9gT/n35Q8AAAAAAIdY/vv/qZaP/y7sf1N25VnHf1fm1AcAAAAAAAAA+Lztd/y/bY3x//J5AMb/AwAAgPZVn9Urvzv55LZp38VW3X69iHiusTzQMelimeW2+wEAAAAAAAAAAAAAXTIYn8N7vYgYRsRzy8tlWVY/dc16r/a7/lHX9e2HLmv7SR4AAMY+Ptm4lr+IWIyI6+m7/obLy8tlubi0XC6XSwv5/exoYbFcqn2uzdPqtoXRLt4QD0Zl9csWa+vVzfq8PKu9+fuq+xqV/V10bD5aDBwAImL8arThFemYKcvno+13ORwNT+3/xdSvAOOIsP+zG20/TgEAAICDV5ZlWaSv8z6djvn32u4UADAX+fW/eVxArVar1Wr18avryske1YuIWKuvU71nMBw/ABwxa/FJ212gRfLvtEFEvNR2J4BDzQVBx9PG5sNbRcq3qL8epPHd87kgO/JfK7bWy+tPms7SPMdkXo+v9ejHC1P68+Kc+nCY5Px7zfxvjNtHabmDzn9epuVfbeepFvrTto3Na4Mq234z/4bjk39vYv5dlff/wZ7y7+86/ytT7lf+AAAAAABwcPLf/08dquO/o8+6OTM96/jvyoHdKwAAAAAAAAAcrI3Nh7fyda/5+P8XJizn+s/jKedfyL+Tcv69Rv5fbSzXr80/vvYk/39vPrz1x/v/+v883W3+C3mmSI+sIj0iinRPxSBN97N1T1sf9kfVPQ2LXn+Qzvkph+/G7bgTq3F+x7K99P/xpP3Cjvaqp8Ot9rI/br+4o32w3Z7Xv7SjfZjOdCqXcvvZuBU/jzvxzlZ71bYwY/sXZ7SXM9pz/n37fyfl/Ae1nyr/5dReNKaVxx/1ntrv69NJ93P19hd/c/7gN2em9ehvb1tdtX2vtNCfrf+TE6P45b3Vu2cf3Lx//+6FSJMdt16MNPmc5fyH6Wf7+f/VcXt+3q/vr48/Gu05/8NiPQZT83+1Nl9t72tz7lsbcv6j9JPzfye1T97/j3L+0/f/11voDwAAAAAAAAAAAAAAADxLWZZbl4he7UVcTtf/tHVtJgAwX1dj/PpfJvn2edX9Od+fWn3E6+KQ9Weu9afl4eqPWn0U67pysrfrRUT8rb5O9Z7h15N+GQBwmH0aEf9suxO0Rv4dlr/vr5qeabszwFzd++DDn968c2f17r22ewIAAAAAAAAAfFZ5/M+V2vjPZ8qyfNRYbsf4r9diZb/jfw7yzPYAo1MGqu7vfZueZb036vdqw42/HNPG/x5uzz1r/O/BjPsbzmgfzWhfmNG+OKN94oUeNTn/l2vjnZ+JiNON4de7MP5rc8z7Lsj5v1J7PFf5f6WxXD3/8vdHOf/ejvzP3X//F+fuffDhG7ffv/ne6nurP7t04cL5S5cvX7ly5dy7t++snh//22KPD1bOP4997TzQbsn558zl3y05/y+lWv7dkvP/cqrl3y05//x+T/7dkvPPn33k3y05/9dSLf9uyfl/LdXy75ac/+upln+35Py/nmr5d0vO/41Uy79bcv5nUy3/bsn5n0v1LvNfOuh+MR8bmw+3jrDnI1z2/27J+38+s0H+3ZLzv5hq+XdLzv9SquXfLTn/N1Mt/27J+X8j1fLvlpz/5VTLv1ty/t9Mtfy7Jed/JdXy75ac/7dSLf9uyfl/O9Xy75ac/1upln+35Py/k2r5d0vO/7upln+35Py/l2r5d0vO/+1Uy79bnnz/vxkzZszkmbafmQAAAAAAAAAAAACApnmcTtz2NgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwP3bgQAAAAAAAyP+1EaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwAwcCAAAAAED+r41QVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVhb17jZHrrO8HfmZvXjshMRDyd/I3sHaMMc4mu77EF1oXE64NtxIIhV6wXe/aLPiG1y6BRrJRoETCqKiibXjRFhBq86bCqnhBq4DyArWqVIm0leANoqrEi6gKKCBVaivIVnPmeZ6dmT07s+sd2zPnfD5S/PPOnplz5swzs/td57sDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADTb8qbZz9WyLKv/l/+xMcturf99/cTG/LLX3+wjBAAAANbql/mfL9yeLji8gis1bfOPr/reNxcWFhayDw7/yeiXFhbSJyaybHRdluWfi67+x4dqzdsEj2fjtaGmj4e67H64y+dHunx+tMvnx7p8fl2Xz493+fySE7DE+sbPY/Ib25b/dWPjlGZ3ZKP557YVXOvx2rqhofiznFwtv87C6IlsLjuVzWbTLds3tq3l2z+9pb6vt2dxX0NN+9pcXyE/e+x4PIZaOMfbWva1eJvRT96YTfz8Z48d/6sLz99VNLuehpbbaxznjq314/xMuKRxrLVsXTon8TiHmo5zc8FjMtxynLX8evW/tx/nCys8zuHFw7yh2h/z8Wwo//uz+Xkaaf6xXjpPm8Nl/31PlmWXFw+7fZsl+8qGsg0tlwwtPj7jjRVZv436UnpZNrKqdbplBeu0Pme2ta7T9udEfPy3hOuNLHMMzQ/TTz491vS4/2LhWtZpVL/Xyz1X2tdgr58r/bIG47p4Nr/TTxSuwW3h/j+2ffk1WLh2CtZgut9Na3BrtzU4NDacH3N6EGr5dRbX4K6W7YfzPdXy+dz2zmtw6sLpc1Pzn/zUfXOnj52cPTl7Zs+uXdN79u07cODA1Im5U7PTjT+v8Wz3vw3ZUHoObA3nLj4HXtu2bfNSXfjq2JLX32t9Ho53eB5ubNu218/DkfY7V7sxT8ila7rx3Hh//aSPXxnKlnmO5Y/PzrU/D9P9bnoejjQ9Dwu/phQ8D0dW8Dysb3Nu58q+Zxlp+q/oGJb/WrC2NbixaQ22fz/SvgZ7/f1Iv6zB8bAufrhz+a8Fm8PxPjG52u9HhpeswXR3w2tP/ZL0/f74gXwUrcu765+4ZSy7OD97/v5Hj124cH5XFsYN8fKmtdK+Xjc03adsyXodWvV6PTz3qifuLrh8YzhX4/fV/xhf9rGqb7P3/s6PVf7Vrfh8tly6Owujx270+Sz6al4/n2NZ9uXvfvrhbz/25Tctez7refMzU2v/Xjzl0qbX39FlXn9j7n+xsb90U48Pj440nr/D6eyMtrwetz5UI/lrVy3f9wtTK3s9Hg3/3ejX4zs6vB5vatu216/Ho+13Lr4e17r9tGNt2h/P8bBOTk13fj2ub7Np92rX5EjH1+N7wqyF8/+6kBRSLmpaO8ut27SvkZHRcL9G4h5a1+melu1HQzar7+up3de2Tnfc07it4XTvFt2odTrRtm2v12n62ddy67TW7adv16b98RwP6+KOPZ3XaX2bZ/au/bVzffxr02vnWLc1ODo8Vj/m0bQI89f7bGF9XIP3Z8ezs9mpbCb/7Fi+nmr5viYfWNkaHAv/3ejXyk0d1uCOtm17vQbT17Hl1l5tZOmd74H2x3M8rIsnH+i8BuvbvHn/atbgQtfvXXeES9I2Td+7bmn6AXann3nd3XaartdaGQnH+d39nX82W9/m1IHV5szO5+necMktBeep/fm73HNqJlvpeaqt+TlVP87nDyx/nurHU9/mSwdXuJ4OZ1l26eMP5j/vDf++8rcXv//Nln93Kfo3nUsff/CnLznxD6s5fgAG34uNsaHxta7pX6ZW8u//AAAAwECIuX8ozET+BwAAgNKIuT/+X+GJ/A8AAAClEXP/SJhJRfL/pjc/P/fipSw18xeC+Pl0Gh5qbBc7rtPh44mFRfXLH/z67H/9/aWV7Xsoy7JfPPQHhdtveigeV8NEOM6rb2m9fIlv3reifR995FLab3N//Svh9uP9WekyKKrgTmdZ9vTtX8j3M/GhK/l85qGj+Xz48hOP17d54WDj43j9517e2P7PQ/n38IljLdd/LpyHH4c5/Y7i8xGv940rr9u8/wOL+4vXq229Lb/bT364cbvx9+R88fHG9vE8L3f83/78U9+ob//oa4qP/9JQ8fE/FW7362H+zysb2zc/BvWP4/U+G44/7i9e7/6vfafw+K9+rrH9ubc2tjsaZtz/jvDxtrc+P9d8vh6tHWu5X9nbGtvF/U9//4/yz8fbi7fffvzjR660nI/29fHMvzZuZ6pt+3h53E/0d237r99O8/qM+3/qD4+2nOdu+7/68HOvrN9u+/7vbdvu3Md35vtfvL3W39j0F5/9QuH+4vEc/ptzLffn8HvD8zjs/8kPh/UYPv+/Vxu31/7bFY6+t/X1J27/lY2XWu5P9PafN/Z/9Q0n87lufP2GW259yW2XX10/d1n27LrG7XXb/8m/PNty/F+9s3E+4udjR799/8uJ+z//ickzZ+cvzs2ks/rY7fnvznln43ji8d4eXlvbPz5y9sJHZs9PTE9MZ9lEeX+F3jX7Wpg/bYzLq73+zkfC43n3nz29Yfu/fD5e/oP3Ny6/8o7G163Xhu2+GC7fGB6/te7/yS135s/v2jONj1t67D2wedt/HljRhuH+t39fENf7uVd8JD8P9c/lXzfi83qNx/+jmcbtfCuc14Xwm5m33rm4v+bt4+9GuPK+xvN9zecvvMzFx/Wvw+P9rh83bj8eV7y/Pwrfx3xnU+vrXVwf37o01H77+W/xuBxeT7LLjc/HreL5vvLCnYWHF38PSXb5rvzjP063c9eq7uZy5j85P3Vq7szFR6cuzM5fmJr/5KeOnD578cyFI/nv8jzy0W7XX3x92pC/Ps3M7tub5a9WZxvjOrvZx3/ukeMz+6e3z8yeOHbxxIVHzs2eP3l8fv747Mz89mMnTsx+otv152YO7dp9cM/+3ZMn52YOHTh4cM/BybkzZ+uH0TioLvZNf2zyzPkj+VXmD+09uOuBB/ZOT54+OzN7aP/09OTFbtfPvzZN1q/9+5PnZ08duzB3enZyfu5Ts4d2Hdy3b3fX3wZ4+tyJ+Ymp8xfPTF2cnz0/1bgvExfyi+tf+7pdn3Ka//fG97Ptao1fxJe959596fez1n3908veVGOTtl8g+nz4XTT/9NJzB1byccz9o2EmFcn/AAAAUAUx94+Fmcj/AAAAUBox968LM5H/AQAAoDRi7h8PM6lI/i9d/3/TpRXtX/9f/7/5fOn/V6z//75+6/83Xi/0/3tD/78z/f8u9P+vpT8/Fv+i/6//r/9Pu37r/8fcvz7LKpn/AQAAoApi7t8QZiL/AwAAQGnE3H9LmMmq8v/CrT0+LAAAAKCHYu6/NcykIv/+r/+v/6//r/+v/1+8f/3/waT/35n+fxf6/1NZtd7//3Ivj1//X/+fpfqt/x9z/0vCTCqS/wEAAKAKYu6/LcxE/gcAAIDSiLn/9jAT+R8AAABKI+b+jWEmFcn/+v/6//r/+v/6/8X71/8fTPr/nen/d6H/f1PfP3/Qj1//X/+fpfqt/x9z/0vDTCqS/wEAAKAKYu5/WZiJ/A8AAAD9Z+TarhZz/8vDTJbk/2vcAQAAAHDTxdx/R9ZWBK/Iv//r/+v/6//r/+v/F+9/5f3/4Uz/v3/o/3em/9+F/r/+v/6//j891W/9/zz3Z+PZK8JMKpL/AQAAoApi7r8zzET+BwAAgNKIuf//hZnI/wAAAFAaMfdvCjOpSP7X/9f/1//X/9f/L96/9/8fTPr/nen/d6H/r/9f/v7/6x9e5vr6/1wP/db/j7n/rjCTiuR/AAAAqIKY++8OM5H/AQAAoDRi7v//YSbyPwAAAJRGzP2bw0wqkv/1//X/9f/1//X/i/ev/z+Y9P870//vQv9f/7/8/f9l6f9zPfRb/z/m/leGmVQk/wMAAEAVxNz/qjAT+R8AAABKI+b+V4eZyP8AAABQGjH3T4SZVCT/6//r/+v/6//r/xfv//r3/9els6r/3zv6/53p/3eh/6//r/+v/09P9Vv/P+b+LWEmFcn/AAAAUAUx928NM5H/AQAAoE+tW/U1Yu6/J8xE/gcAAIDSiLl/W5hJRfK//r/+v/6//r/+f/H+vf//YNL/70z/vwv9f/1//X/9f3qq3/r/Mfe/JsykIvkfAAAAqiDm/u1hJvI/AAAAlEbM/a8NM5H/AQAAoDRi7t8RZlKR/K//r/+v/6//r/9fvH/9/8Gk/9+Z/n8X+v/6//r/+v/0VL/1/2Puf12YSUXyPwAAAFRBzP07w0zkfwAAACiNmPvvDTOR/wEAAKA0Yu6fDDOpSP7X/9f/1//X/9f/L96//v9g0v/vTP+/C/1//X/9f/1/eqrf+v8x998XZlKR/A8AAABVEHP//WEm8j8AAACURsz9U2Em8j8AAACURsz902EmFcn/+v/6//r/+v+r6v+/evF29f8b9P/7i/5/Z8v3/9sOVf9f/1///yb1/0f1/ymVfuv/x9y/K8ykIvkfAAAAqiDm/t1hJvI/AAAAlEbM/XvCTOR/AAAAKI2Y+/eGmVQk/+v/6/9Xsv//A/1/7/+v/19W+v+d9f79/+Nd1P/X/9f/9/7/+v8s1W/9/5j7HwgzqUj+BwAAgCqIuX9fmIn8DwAAAKURc//+MBP5HwAAAEoj5v4DYSYVyf/6//r/lez/e/9//X/9/9LS/++s9/1/7/+v/79I/1//X/+fdv3W/4+5/2CYSUXyPwAAAFRBzP2vDzOR/wEAAKA0Yu7/lTAT+R8AAAAGz2jxxTH3/2qYSUXyv/6//r/+v/6//n/x/vX/B5P+f2f6/12suP//b5n+/1L6//r/+v+067f+f8z9h8JMKpL/AQAAoApi7v+1MBP5HwAAAEoj5v43hJnI/wAAAFAaMfcfDjOpSP7X/9f/1//X/9f/L97/Tez/H870/6+Z/n9n+v9deP9//X/9f/1/eqrf+v8x978xzKQi+R8AAACqIOb+B8NM5H8AAAAojZj73xRmIv8DAABAacTc/+Ywkyrk//rd1f/X/9f/1//X/y/cv/f/H0z6/53p/3eh/6//r/+v/09P9Vv/P+b+t4SZVCH/AwAAwECaWPU1Yu5/a5iJ/A8AAAClEXP/28JM5H8AAAAojZj73x5mUpH87/3/9f/1//X/9f+L96//P5jW2L9fqGWZ/n+m/6//r/+v/6//T2/0W/8/5v5fDzOpSP4HAACAKoi5/6EwE/kfAAAASiPm/neEmcj/AAAAUBox978zzKQi+V//X/9f/1//X/+/eP/6/4PJ+/93NmD9/1/eFi7X/2/Q/+/v4x+s/v/Cuvbr6/9zPfRb/z/m/neFmVQk/wMAAEAVxNz/7jAT+R8AAABKI+b+94SZyP8AAABQGjH3/0aYSUXyv/5//TgW28v6//r/+QX6//r/+v8DS/+/swHr/3v//zb6//19/IPV/1+qW/9/fZfr6/9TpN/6/zH3vzfMpCL5HwAAAKog5v6Hw0zkfwAAACiNmPvfF2Yi/wMAAEBpxNz//jCTiuR//X/v/6//r/+v/1+8f/3/waT/35n+fxf6//r/+v/e/5+e6rf+f8z9j4SZVCT/AwAAQBXE3P+BMBP5HwAAAEoj5v7fDDOR/wEAAKA0Yu7/YJhJRfK//v+g9P8n9P/1//X/2+6P/r/+fxH9/870/7vQ/9f/1//X/6en+q3/H3P/h8JMKpL/AQAAoApi7v+tMBP5HwAAAEoj5v7fDjOR/wEAAKA0Yu7/nTCTiuR//f9B6f97//9M/1//v+3+6P/r/xe5cf3/+Mqj/6//X9r+f31X+v9l7/+PLv5V/5/rod/6/zH3/26YSUXyPwAAAFRBzP0fDjOR/wEAAGAgFP0/2e1i7j8SZiL/AwAAQGnE3H80zKQi+V//X/9f/79P+/9/uvWff/i9dx/dpf+v/6//vyo39P3/60/+a37///WFl+r/6//3Uf/f+/9Xof/fRP+f66Hf+v8x9x8LM6lI/gcAAIAqiLn/98JM5H8AAAAojZj7j4eZyP8AAABQGjH3z4SZVCT/6//r/+v/92n/f4Df/z+ejwHo/w/f+P7/8Nr7//FFV/+/0A3t/39gsSfu/f9X2/8fK7xU/1//f5CPX/9f/5+l+q3/H3P/bJhJRfI/AAAAVEHI/UMnGnPxE/I/AAAAlEbM/SfDTOR/AAAAKI2Y+z8SZlKR/K//r/+v/6//7/3/i/fv/f8Hk/5/Z/3T/y+m/6//P8jHr/+v/89S/db/j7l/LsykIvkfAAAAqiDm/o+Gmcj/AAAAUBox938szET+BwAAgNKIuf9UmElF8r/+v/6//r/+v/5/8f71/weT/n9n+v9d6P/r/+v/6//TU/3W/4+5/3SYSUXyPwAAAFRBzP1nwkzkfwD+j707a7asPus4fhoburt4AV54470vgYvmWl+AF3hhFVpleSEq4qyA84jzPKDirGgCCSETmSfIRELmkHmeQ8hEUtUp+jzP02dYZ+1zuvfuXvv/fD43jx44rC11hPzS/a0FAMAwcvffFrfY/wAAADCM3P0/Gbc02f/6f/3/Cfv/O85sS/9/Xv9/1PP1//r/ken/5+n/V9D/6//1//p/1mpp/X/u/p+KW5rsfwAAAOggd/9Pxy32PwAAAAwjd//tcYv9DwAAAMPI3f8zcUuT/X+g/z+107P/z4xX/+/9//p//b/+f8td3f7/7mf/ybeR/v/W+P9z/f/u1/X/u/T/y/78+n/9P4ctrf/P3X9H3NJk/wMAAEAHuft/Nm6x/wEAAGAYuft/Lm6x/wEAAGAYuft/Pm5psv+9/9/7//X/+n/9//Tz9f/byfv/53Xq/29/4safeOqh73n4JM/fVP9/+tJfX/+/Qdf68+v/9f8ctrT+P3f/L8QtTfY/AAAAdJC7/xfjFvsfAAAAhpG7/5fiFvsfAAAAhpG7/5fjlib7X/+v/9f/6//1/9PP1/9vJ/3/vE79/+U83/v/9f8rP/+Zo79f/6//57Cl9f+5+38lbmmy/wEAAKCD3P2/GrfY/wAAADCM3P13xi32PwAAAAwjd/9dcUuT/a//1//r//X/+v/p5+v/t5P+f57+fwX9v/7f+//1/6zV0vr/3P13xy1N9j8AAAB0kLv/1+IW+x8AAACGkbv/1+MW+x8AAACGkbv/N+KWJvtf/6//1//r//X/08/X/28n/f88/f8K+v8r7eev1//r//X/7HXC/v+ZmX9sr6X/z93/m3FLk/0PAAAAHeTu/624xf4HAACAYeTu/+24xf4HAACAYeTu/524pcn+1//r//X/+n/9//Tz9f/bSf8/bzH9/6nTk1/W/299/+/9//p//T/7LO39/7n7fzduabL/AQAAoIPc/b8Xt9j/AAAAMIzc/b8ft9j/AAAAMIzc/X8QtzTZ/5vs/w82vAfp//X/+v9R+v8b9n29Q///8J7Pp/9fFv3/vMX0/0fQ/+v/t/nz6//1/xy2tP4/d/8fxi1N9j8AAAB0kLv/nrjF/gcAAIBh5O7/o7jF/gcAAIBh5O7/47ilyf6f7v8v/XHv/z8e/f/+z6//n/75WFf/n3/FTff/z9ri9//f7P3/Pen/5+n/V9D/6//1/0f1/+dWfb/+nylL6/9z9/9J3NJk/wMAAEAHufv/NG6x/wEAAGAYufv/LG6x/wEAAGAYufv/PG5psv83+f7/VfT/+v9m/X9l7eO9/3+/hfT/G33//85V7/9P6/+PSf8/T/+/gv5f/6//9/5/1mpp/X/u/r+IW5rsfwAAAOggd/9fxi32PwAAAGyHvb934OBvKA25+/8qbrH/AQAAYBi7u7/q3Ut/oMn+1//r//X/2/f+f/3/rl79v/f/H5f+f57+fwX9/yb6+dOD9f/3HvX9S+j/79T/szD7+v9HLn39WvX/f33xu87u/E3c0mT/AwAAQAe5+/82brH/AQAAYBi5+/8ubrH/AQAAYBi5+/8+bmmy/zfe/587+tn6f/2//l//r//X/6/bQP3/xR8R/f/u1/X/u7a0//f+f+//1/83tq//3+Na9f+5+/8hbmmy/wEAAKCD3P3/GLfY/wAAADCM3P33xi32PwAAAAwjd/8/xS1N9r/3/+v/9f/6f/3/9PP1/9tpoP7/Iv3/7tf1/7v0/8v+/Pp//T+HLa3/z93/z3FLk/0PAAAAHeTu/5e4xf4HAACAYeTuvy9usf8BAABgGLn7/zVuabL/9f+b7f/z6/p//f+O/v84/f/N+n/9/5Vq2/+fmvo30WFH9P+P/dhdP7D/K336//1/4/T/+n/9v/6ftVpE/3/h0n+6zN3/b3FLk/0PAAAAgzgz9wdz9/973GL/AwAAwDBy9/9H3GL/AwAAwDBy9/9n3NJk/+v/vf9f/6//X1D/7/3/+v8r1rb/Pybv/19B/6//1//r/1mrRfT/e/733P3/Fbc02f8AAADQQe7+/45b7H8AAAAYRu7+/4lb7H8AAAAYRu7+/41bmux//b/+X/+v/9f/Tz9f/7+d9P/z9P8r6P/1//p//T9rtbT+P3f//XFLk/0PAAAAHeTu/7+4xf4HAACAYeTu//+4xf4HAACAYeTuf07c0mT/6//1//p//b/+f/r5+v/tpP+fp//f2dl5YOYDTPX/F87o//X/+n/9P5dpaf1/7v7nxi1N9j8AAAB0kLv/gbjF/gcAAIBh5O5/MG6x/wEAAGAYufufF7c02f/6f/2//l//r/+ffr7+fzvp/+fp/1cY/f3/K34i9/bzT995y3n9v/5f/8+VWlr/n7v/+XFLk/0PAAAAHeTufyhusf8BAABgGLn7XxC32P8AAAAwjNz9D8ctTfa//l//r//X/+v/p5+v/99Om+v/d/T/Lfr/Gy6eYfv/Fa51P3+VPv/5TX1+/b/+n8OW1v/n7n9h3NJk/wMAAEAHuftfFLfY/wAAADCM3P0vjlvsfwAAABhG7v6XxC1N9r/+X/+v/9f/6/+nn6//307e/z9P/7/C6O//X6FJ/7+xz6//1/9z2NL6/9z9L41bmux/AAAA6CB3/yNxi/0PAAAAw8jd/7K4xf4HAACAYeTuf3nc0mT/r+j/L/0N0f/P0v/v//z6/+mfD/2//v9A/392R/+/dvr/efr/FfT/Y/b/1+0M1P+fO/L7r27/f/bQ9+v/mbK0/j93/yvilib7HwAAADrI3f/KuMX+BwAAgGHk7n9V3GL/AwAAwDBy9786bmmy/73/X/+v/9f/6/+nn+/9/9tJ/z9P/7+C/n/M/t/7/73/n2tmaf1/7v7XxC1N9j8AAAB0kLv/tXGL/Q8AAABbYvVvu8vd/7q4xf4HAACAYeTuf33c0mT/6//1//p//b/+f/r5+v/tpP+fp/9fQf+v/9f/6/9Zq6X1/7n73xC3NNn/AAAA0EHu/kfjFvsfAAAAhpG7/7G4xf4HAACAYeTuf2Pc0mT/6//1//r/7ez/z+r/9f/6/0lL6f9vuun7H9f/z33++26d+qr+X/+/zZ9f/6//57CN9f/xDSft/3P3vyluabL/AQAAoIPc/W+OW+x/AAAAWLzzx/zzcve/JW6x/wEAAGAYufvfGrc02f+H+//rd3YL1V1T/X80avr/PfT/+z+//n/658P7//X/+v/NW0r/7/3/l/f59f/6/23+/Cfq/7/38Pfr/xnR0t7/n7v/8bilyf4HAACADnL3vy1usf8BAABgGLn73x632P8AAAAwjNz9T8QtTfa/9//r//X/+n/9//Tz9f/bSf8/T/+/gv5f/+/9/7f9yHfp/1mfpfX/ufvfEbccY/hdt/pPAQAAABYgd/8745bp/T/1y7wAAADAwuXuf1fc0uT3/wMAAEAHufvfHbc02f/6f/2//l//r/+ffr7+fzvp/+fp/1fQ/+v/9f/e/89aLa3/z93/nrilyf4HAACADnL3vzdusf8BAABgGLn73xe32P8AAAAwjNz9749bmux//b/+f/z+/4f1/weer//X/49M/5//Rp+m/19B/6//1//r/1mrpfX/ufufjFua7H8AAADoIHf/B+IW+x8AAACGkbv/g3GL/Q8AAADDyN3/obilyf7X//fq/0/tdOz/vf9f/6//70T/P0//v4L+X/+v/9f/s1ZL6/9z9384bmmy/wEAAGBb/eD3/fiTx/1zc/d/JG6x/wEAAGAYufs/GrfY/wAAADCM3P0fi1ua7H/9f6/+v+f7//X/+n/9fyf6/3n6/xX0//p//b/+n7VaWv+fu//jccue4Xf6xP9XAgAAAEuSu/8TcUuTX/8HAACADnL3fzJuObT/Lxzzd7UDAAAAS5O7/1NxS5Nf/9f/L7z/39H/6//1//p//f9J6P/nXWH/f+GU/l//P0P/r//X/3PQ0vr/3P2fjlua7H8AAAAY1L7/RiF3/2fiFvsfAAAAhpG7/7Nxi/0PAAAAw8jd/7m4pcn+1/8vvP+/rPf/n6v/Sf/fvP+/5+zk8/X/+v+R6f/nef//Cvp//f+G+/8fmnmxuP6fES2t/8/d//m4pcn+BwAAgA5y938hbpnb/2c2/akAAACAdcrd/8W4xa//AwAAwDBy938pbmmy//X/I/b/3v+v/59//jj9/3ffeNejt/zog/fr/7nkavb/+bOg/9f/6/936f+9/1//z0FL6/9z9385bmmy/wEAAKCD3P1PxS32PwAAAAwjd/9X4hb7HwAAAIaRu//puKXJ/tf/6//1/9vY/2dT3L3/9/5//f9h3v8/T/+/gv5f/6//1/+zVkvr/3P3fzVuabL/AQAAoIPc/V+LW+x/AAAAGEbu/q/HLfY/AAAADCN3/zfilib7X/+v/9f/L7X/P+X9/0H/r/8/Cf3/PP3/Cvp//b/+X//PWi2t/8/d/824pcn+BwAAgA5y9z8Tt9j/AAAAMIzc/d+KW+x/AAAAGEbu/m/HLU32v/5f/7+O/n/nwOfX/0//fKzv/f/6/x39v/7/CPr/efr/FfT/+n/9v/6ftVpa/5+7/zsBAAD//wkKcjU=") statfs(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)=""/248) 2.255205001s ago: executing program 1 (id=1860): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)=ANY=[@ANYBLOB="4800000010001ffc25bd70000000000000000000", @ANYRES32=0x0, @ANYBLOB="00000000000000002800128008000100677470001c00028008000600", @ANYRES32, @ANYBLOB="08002d88", @ANYRES32, @ANYBLOB="08000300010003"], 0x48}}, 0x0) 2.171962119s ago: executing program 2 (id=1873): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000000)=@setlink={0x3c, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @veth={{0x9}, {0x4, 0x2, 0x0, 0x1, @void}}}, @IFLA_MASTER={0x8, 0x3a}]}, 0x3c}}, 0x0) 2.035545151s ago: executing program 1 (id=1863): r0 = syz_open_dev$video(&(0x7f0000000040), 0x3f9, 0x141842) ioctl$VIDIOC_DQEVENT(r0, 0x80885659, 0x0) 1.956067389s ago: executing program 2 (id=1864): r0 = socket$inet(0x2, 0x3, 0x8) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000001a40)=@raw={'raw\x00', 0x8, 0x3, 0x310, 0x0, 0xe138, 0x198, 0x0, 0x198, 0x278, 0x358, 0x358, 0x278, 0x358, 0x3, 0x0, {[{{@ip={@broadcast, @loopback, 0x0, 0x0, 'netdevsim0\x00', 'veth0_to_bond\x00'}, 0x0, 0x130, 0x198, 0x0, {}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'fsm\x00', "0d0004000000050000000404fff0cf81dfd28c89544e14cd3e01dd24289831867846c88621039b284c3ff45c42995560a99952bed40cf5a8c1df6cdbdb7e2378d5afd35f4c16827f55b3af494e39e8fb330200000000000032b6a99a8d87298e88a94cb519f5c17631af916a0002000000000000000000000000000000000049", 0x4}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'snmp_trap\x00', 'syz0\x00'}}}, {{@uncond, 0x0, 0x98, 0xe0, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'syz0\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x370) 1.83933442s ago: executing program 1 (id=1878): syz_mount_image$iso9660(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', 0x0, &(0x7f00000000c0)={[{@map_acorn}, {@nocompress}, {@map_off}, {@mode={'mode', 0x3d, 0xff}}, {@iocharset={'iocharset', 0x3d, 'macceltic'}}, {@check_relaxed}, {@iocharset={'iocharset', 0x3d, 'none'}}, {@map_off}, {@map_normal}, {@mode}, {@utf8}, {@check_relaxed}, {@cruft}]}, 0x3, 0x3ec, &(0x7f0000000c40)="$eJzs3M9O3EYcwPExf5otlVCkqIEQDpOmB3rIxjZl0SqHyvXOLpN4bWvsjeBUoQIRCqRVk0oNp3ChrdQ+RK59iD5LXyDqI7Tyn02BBTaFZZdE34+EZtb+eeY31mpGazQWAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAWH7Dth1LBDrsrMrT+Q0Ttc84323vsyPFGf0KYWV/olIRs8Wh2Rv/nf60aGSm+DQjKnl5fe+Tm9cf3JgY615/RkJD8fzl3tP1nZ3NH0adyKX768SjLRXqJNJtr6WkTiJZr9Xs+yvNRDZ1oJK1JFVt6RvlpZGRC/4X0qnXF6WqrkWdsNXwAtU9uHzPte2afFiNlWeSKLz/sJr4KzoIdNjKY7LTWcxy9kV8pFOZKq8t5db2zuZiv9SzIOddgtx+Qa7tuo7juk5tqb60bNsTPQfsY0RPxOi/tBitwU7gwAX8U67/AAAAAADgw2Xlz9iz3/+T+XN4SzR1oOxRpwUAAAAAAAYo/8//TFZMZrVZYfH7HwAAAACAD80vx/bYVcTxPXav4mvWn38LYyat/Xj1c2vXy+K83fHiuvHjLabNOWu6bCQvahPlJ1/NW7eKoFvd6DdlsdUvD2sACYjfxFwRM7dRlBvdM0UvU00dqKofBQ8c4XnTY6laTX98tv2TyIf/a9ietsTW9s5m9dvvdjbyXPazVvZ3yw0UPfsozsjlxdt9jyePeDJ/EFP2O1X0ax8e/1hx+dj/6PNA3C5ibk8V5dTR8VeyPp3qaaMvs3AuOPIDMV/EzC/czYq7Cydk4fbLwj2cxbnuxTtksdgvi8ULZgEAo7J1aBWqlMeOrv896+45ZrnhrO4H4k4Rc2cun1gn5k6Y0e1+M7p9wdXtj553IJy2xmb9/n5sVX2dXfD61H6TwLWyWzj+Yvd7cfP5y71727vrTzafbD5z3cWa/aVtL7liMh9GWbD2AABOoMwbayr92TJGx9849brjpStKmsh/JI1utJTUYaqMv+KFLSVjE6WRHwVZ5bFuqEQmnTiOTCqbkZFxlOjV/M0vsnz1S6LaXphqP4kD5SVK+lGYen4qGzrxZdz5OtDJijL5xUmsfN3UvpfqKJRJ1DG+qkqZKHUoUDdUmOqmzqqhjI1ue2ZNPo6CTlvJhkp8o+M0Khrs9qXDZmTaebPVUd9sAACuiLdvsLvEyqjHCAAAjjr3Kv3RJSUEAAAAAAAAAAAAAAAAAAAAAAB6DGP/33ArX12NNJ6ul3f41cUbHL8Kw3mfKtfKe3/k1MflwYH2NS6uyJAHXhnRhARgaP4NAAD//44EmQk=") bpf$OBJ_GET_MAP(0x7, &(0x7f0000000040)=@generic={&(0x7f0000000000)='./file0\x00'}, 0x18) 1.705892662s ago: executing program 2 (id=1880): r0 = socket$inet_dccp(0x2, 0x6, 0x0) getsockopt$inet_int(r0, 0x10d, 0xec, &(0x7f0000000000), &(0x7f0000000080)=0x4) 1.643234287s ago: executing program 1 (id=1869): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="3800000002030300000000000000000000000000080003400000000008000100010000000800044000000000090002000000000002"], 0x38}}, 0x0) 1.51253312s ago: executing program 1 (id=1870): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x1b, &(0x7f00000000c0)={@remote, 0x10}, 0x20) 1.51233741s ago: executing program 2 (id=1871): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000940)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000000)="d8000000100081046881f782db44b904021d080b01000000e8fe55a11800150006001418000000120800040043000000a80016000a0001400600d4c140e99d5a57dfcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a98516277ce06bbace8004cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f1aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4ed92d2f52eb233dcb9ef3d93452a", 0xd8}], 0x1}, 0x0) 1.457626815s ago: executing program 1 (id=1872): setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x268, 0x1b8, 0xc8, 0x8, 0x0, 0x5803, 0x280, 0x2e8, 0x2e8, 0x280, 0x2e8, 0x3, 0x0, {[{{@uncond, 0x0, 0xa8, 0xd0, 0x0, {0x0, 0x2000000000000}}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@mcast2, @empty, [], [], 'nicvf0\x00'}, 0x0, 0xa8, 0xc8}, @unspec=@NOTRACK={0x20}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x2c8) syz_usb_connect(0x3, 0x4f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000a6ff0540cdabeecdb9050000000109023d0c020000000009049c00030103510009200a00000000000009050313000000000003270103"], 0x0) 1.297635199s ago: executing program 0 (id=1874): mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f0000000180)='./bus\x00', &(0x7f0000000400), 0x0, &(0x7f0000000300)={[{@volatile}, {@index_on}]}) 1.207819058s ago: executing program 2 (id=1875): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000200)=ANY=[@ANYBLOB="1201000074020440fd07010099090000000109021b0001000000000904"], 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) 1.029793484s ago: executing program 0 (id=1879): r0 = syz_mount_image$ocfs2(&(0x7f0000004740), &(0x7f0000004780)='./file0\x00', 0x100000a, &(0x7f0000000440)={[{@journal_async_commit}, {@heartbeat_none}, {@grpquota}, {@inode64}, {@dir_resv_level={'dir_resv_level', 0x3d, 0x3}}, {@localflocks}]}, 0x0, 0x4703, &(0x7f0000004800)="$eJzs212IXFcBB/BzJ6vZpMl2P9ImafoxSQQXLcumT9X6ENeqjabNh7bVVFlnN9vN6uzMujujBYPUIIiCoARBxQ+qQulLLYiBvtQiFPxAWoVSUbS+iBSq4INBG+jKzNybnXtntneyk7S0/f2gnb3n3nPumf3vPXfOPZNCrHZqYaW4sFIsVYrV2ftXbil+rlquL86FwqvktT4/vbkSOcn+tXPkfR/4yD23hPCHY1/70Orq6mpoGA5dHWj7+fy/T8+2vyYKmTqNdru31vLH+iMv/fwtr3REnhMhhB0d/WrYFEL42C9C2BxCGInLRuPXLSGEbSGEKITw6G/+9ePBfrrQ5uy9Lzx37MzhfWemHn/smQvzR9c9MArhu+XdN88vvrh/023Pv+MynR4AAF7RB48fufvo5IHwZBSGzg10fl7fGb8mn4/vfNun7np4YG3/Kr3Z9CqGCgAAABlr8//h6OUu63XJylqyJPjEAyfufipa229i+/p26K4jt79/8kC8/ht17L81Lvrnezc111Cz677Z9d+RTP3u679r53n4q8/+svLWjfc/6V9y3uEQFSZS24XCxEQIx6Za27uirYVydaX2zvur9crJjZ/3jSKdf3b1fm1Bv9f8RzPV89b/d3/i8z/bMtDPOxgL2b/axnax80+ZLtL5rz+W/+RLUU/5j2Xq5eV/x9Pbz/9qcz/vIHtGLkU6/9aFuK/9gGJrAGjk/82B/Px3ZNrPy//7U+cePbGB7/80xpnhqNHXwdQI8HJcvs5XmMhI598KIjV0xr/I9a7//2XyvybTfl7+d1b/8bu/9XH/X2/8H5/qp803j3T+rSCKqSPWrv+RQv71f22m/bz8f3vqz89+sq97dWf+jf6Pu//3JJ1/fCNOD57N32Sv4//OTPt5+e8au++hhQ30+8Nb4n4ORWGs7Vun5xq3sKG19ermlKaxe2kDJ3kTSOff+q2lLp2h1kvz+h/OH/93ZdrPy/+hPV9/z+m+vv/bffyfNP73JJ3/lmbZpeT/Uib/3Zn28/L/4em//+W+yzz+N7YPyr8n6fy3duxfe/5T6Gn+d12mft7zn32jTz3y1z7m/0n/kvMmz3+S5xDjUev5D92l879q3eN6vf/vydTLu/6/9Z/nn97fz/gfDXoC0Id0/ttahV0mgL3mf32m/bz8v3DPlz/+pw3M/5qf+AaT/Nvm/5tb5UeN/z1J57+9VZj6x1APNv/fvP9Hnbn/N5P/DZn28/K/cGhi4CuX+f7f6P94l0fZdErnP7TucY38f9/D/f/GTL28/L+496cv3tzX5/8QJs31Nyyd/9XrHte8/gfz878pUy8v/+9849dPPNhH/9/eR12y+bfu9anLKf5s3uv8v5hpPy//H42fP7v/Csz/bnX/70k6/9aq+aXkn53/7820n5f/9478YHngCjz/uUP+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGzIavw6HqDCR2i4UJiZCGIu3d4Wt0Uzp5PRMuTr7mZUQdsTlxTAazZerM6Xy9EKlenJuulQuV2dDuCbevyMMRivlam16sbR07cW2tkSn5krLtZm5Ui2EsDMuvz5sT9qaWagtlpaaxyZ1ropKn61Xa6WJ+srccth9sXxbUj6/XK0vXXexrasL1eWlU6XK9MmF5XdPTk5Ohj0X+zwSzT1Qm6vUWr1t7W3USeoOR21vprn7hrbzfbpaX66Uys3yG9vqlKuzpXJbnZvazldbrldmS7W56XJ1Pjlfsa1u23tr7t4b7xsPI6n3l9TNOhi/3n7o+EePHz7Qsb8YpfOu1BfnJrd3/5sAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4I3rydve9e0QwkBrqxBCOJj8EMX/pZy994Xnjp05vO/M1OOPPXNh/mi3YwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4PztwIAAAAAAA5P/aCFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVXYuZ+XKro4DsBnxve+FkgpbYRcBoaI6E7Cgn4RSeU1smWb1kGtEjIoCgwjWhYEQVC7qCBoFVT+BVELl62qTS1aGERQMTqTlzvCDS90zHkeGM4Mc++ZLwzcO3M+hwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALB+nN2x2JW1l3ZtXtq6+0PozM/9H0IYTZb3P+/tCD0hhK9fZk6HVdpCT1P/bybnxstXTX7v7R9/eH00WXv9xXeL63aHJB1qON6ZpOnQ0Nr736juDD6bHkxCSGMXQhQLY0/O1EIIHbELIYqfH+cvZr/v/8UuhCj6P9ztyu5/LXYhRLF196e+Wv6MR/Wcr18YbPzvb/UI3sYjOuvQ25NX3qVuauW9zN//k3zzPlgNsyeOvH8euwiimZ2bOhq7BgAA4O861yL/D1uW9+9fTkJPdzn3/9aU//c29b96/r/i3vYbYzNthRDbSmOT2fHwvnb63PhODVy9/bpmvKeq5P/VJv+vNvl/tcn/q03+X23yfzKv5P+V9PjmnsUXsYsgGvk/AABUz6HjE1P14ZHs5X/Tj85yXt+Xt/U8T39wa3rgUcO4kfzw33b42MSBg8Mj+X0vDwiurP+QLp39ns/3aG4Lk03zLlqt/9D7dGH+Wmf5E/U/nL9R1Fdc1/oPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAvdueehkEwCsPod1sRtdGqaMLCT4IPNDAiACnMaEAHEwZgIAQUMJBzlnuTZ3kBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA5/tXeV18f2mM9Foj0lR22bV/jqfZz9y3w/I+e9y4FQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADZ24EAGAAAAQJi/dR7tBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4KkAAAD//8Oayzs=") fchown(r0, 0xee00, 0x0) 820.554543ms ago: executing program 3 (id=1882): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000100)={0x64, 0x2, 0x6, 0x101, 0x0, 0xf0ffff, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8}, @IPSET_ATTR_BUCKETSIZE={0x5, 0x15, 0x9}]}, @IPSET_ATTR_TYPENAME={0x15, 0x3, 'hash:ip,port,net\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}]}, 0x64}}, 0x0) 753.9101ms ago: executing program 4 (id=1883): r0 = syz_open_dev$video4linux(&(0x7f0000000040), 0xaa7, 0x0) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc0585604, &(0x7f0000000000)) 750.02575ms ago: executing program 3 (id=1894): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x1b, &(0x7f00000000c0)={@remote, 0x10}, 0x20) 651.083219ms ago: executing program 4 (id=1884): r0 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000640)='/proc/asound/card2/oss_mixer\x00', 0x0, 0x0) preadv(r0, &(0x7f0000003e80)=[{&(0x7f0000002cc0)=""/165, 0xa5}], 0x1, 0x8e4, 0x3) 601.148743ms ago: executing program 3 (id=1885): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=@ipv6_getaddrlabel={0x30, 0x4a, 0x1, 0x0, 0x0, {0xa, 0x0, 0x80}, [@IFAL_ADDRESS={0x14, 0x1, @ipv4={'\x00', '\xff\xff', @local}}]}, 0x30}}, 0x0) 476.545596ms ago: executing program 3 (id=1887): r0 = openat$vimc0(0xffffffffffffff9c, &(0x7f0000003280), 0x2, 0x0) ioctl$VIDIOC_ENUM_FRAMESIZES(r0, 0xc02c564a, &(0x7f00000032c0)={0x0, 0x59565955}) 476.339395ms ago: executing program 4 (id=1888): prlimit64(0x0, 0x7, &(0x7f0000000080), 0x0) memfd_secret(0x0) 357.102017ms ago: executing program 4 (id=1889): r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x38, 0x1403, 0x1, 0x70bd2d, 0x25dfdbfd, "", [{{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'veth0_vlan\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4048086}, 0x4) 251.257057ms ago: executing program 3 (id=1890): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000070000000900010073797a30000000004c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a3000000000080005400000000d08000640ffffff00080003"], 0xec}}, 0x0) 155.116945ms ago: executing program 4 (id=1891): r0 = io_uring_setup(0x78bc, &(0x7f00000000c0)) io_uring_register$IORING_REGISTER_PBUF_RING(r0, 0x17, &(0x7f0000004d00)={0x0, 0x0, 0x0, 0x2}, 0x1) 253.53µs ago: executing program 4 (id=1892): r0 = socket(0xa, 0x1, 0x0) setsockopt$IP_VS_SO_SET_FLUSH(r0, 0x0, 0x485, 0x0, 0x0) 0s ago: executing program 3 (id=1893): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000480)=@newlink={0x3c, 0x10, 0x403, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}]}, 0x3c}, 0x1, 0xba01}, 0x0) kernel console output (not intermixed with test programs): m 0 to 256 [ 90.715191][ T4383] exfat: Deprecated parameter 'namecase' [ 90.734582][ T4383] exfat: Deprecated parameter 'utf8' [ 90.739984][ T4383] exfat: Deprecated parameter 'namecase' [ 90.799213][ T4383] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d) [ 90.870050][ T4391] mmap: syz.2.297 (4391): VmData 37466112 exceed data ulimit 0. Update limits or use boot option ignore_rlimit_data. [ 91.527947][ T4405] xt_TCPMSS: Only works on TCP SYN packets [ 91.621333][ T4403] loop0: detected capacity change from 0 to 4096 [ 91.670066][ T4403] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 91.780842][ T4403] ntfs3: loop0: ntfs_set_state r=3 failed, -22. [ 91.797919][ T4403] ntfs3: loop0: ino=1e, "file1" attr_set_size [ 91.872667][ T32] ntfs3: loop0: ntfs3_write_inode r=3 failed, -22. [ 91.886914][ T4385] loop3: detected capacity change from 0 to 32768 [ 91.893620][ T3649] ntfs3: loop0: ntfs_set_state r=3 failed, -22. [ 91.901662][ T3649] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 91.924534][ T3649] ntfs3: loop0: ntfs_set_state r=3 failed, -22. [ 91.947891][ T32] ntfs3: loop0: ntfs3_write_inode r=3 failed, -22. [ 91.975588][ T3649] ntfs3: loop0: ntfs_evict_inode r=3 failed, -22. [ 92.358353][ T4419] loop2: detected capacity change from 0 to 4096 [ 92.392816][ T4419] ntfs3: loop2: Different NTFS' sector size (4096) and media sector size (512) [ 92.445296][ T3695] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 92.472730][ T4419] ntfs3: loop2: ino=1e, "file1" attr_set_size [ 92.513921][ T4419] ntfs3: loop2: Mark volume as dirty due to NTFS errors [ 92.559217][ T4419] ntfs3: loop2: ntfs_set_state r=3 failed, -22. [ 92.679726][ T3655] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 92.690465][ T3655] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 92.701021][ T32] ntfs3: loop2: ntfs3_write_inode r=3 failed, -22. [ 92.701126][ T3655] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 92.719961][ T3640] ntfs3: loop2: ntfs_evict_inode r=3 failed, -22. [ 92.741371][ T3655] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 92.749425][ T3655] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 92.762870][ T3655] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 92.813760][ T3695] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 93.131544][ T3695] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 93.252222][ T3695] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 93.428646][ T4424] chnl_net:caif_netlink_parms(): no params data found [ 93.448788][ T4442] block device autoloading is deprecated and will be removed. [ 94.084806][ T4424] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.092062][ T4424] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.179740][ T4424] device bridge_slave_0 entered promiscuous mode [ 94.226262][ T4424] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.264989][ T4424] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.323681][ T4424] device bridge_slave_1 entered promiscuous mode [ 94.366797][ T4468] (unnamed net_device) (uninitialized): option arp_interval: invalid value (18446744073709551614) [ 94.384581][ T4468] (unnamed net_device) (uninitialized): option arp_interval: allowed values 0 - 2147483647 [ 94.638832][ T4424] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 94.723746][ T4424] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 94.798951][ T4502] loop0: detected capacity change from 0 to 8 [ 94.824656][ T3655] Bluetooth: hci1: command tx timeout [ 94.846644][ T4502] MTD: Attempt to mount non-MTD device "/dev/loop0" [ 94.953255][ T4502] cramfs: bad data blocksize 4294966936 [ 94.967600][ T4502] cramfs: bad data blocksize 524460 [ 94.987463][ T4506] netlink: 'syz.4.347': attribute type 24 has an invalid length. [ 95.004507][ T4502] cramfs: bad data blocksize 4294966936 [ 95.012167][ T26] audit: type=1800 audit(1727460164.561:2): pid=4502 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.345" name="file2" dev="loop0" ino=348 res=0 errno=0 [ 95.129611][ T4424] team0: Port device team_slave_0 added [ 95.139637][ T4424] team0: Port device team_slave_1 added [ 95.297119][ T4424] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 95.322405][ T4424] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 95.454501][ T4424] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 95.612018][ T4424] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 95.622891][ T4424] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 95.648545][ T4526] loop4: detected capacity change from 0 to 2048 [ 95.725833][ T4526] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 95.729670][ T4424] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 95.853385][ T4536] loop3: detected capacity change from 0 to 1764 [ 96.024485][ T4536] iso9660: Corrupted directory entry in block 2 of inode 1920 [ 96.157742][ T4546] loop2: detected capacity change from 0 to 128 [ 96.208716][ T4546] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 96.241474][ T4546] ext4 filesystem being mounted at /65/mnt supports timestamps until 2038 (0x7fffffff) [ 96.465381][ T4424] device hsr_slave_0 entered promiscuous mode [ 96.486206][ T3640] EXT4-fs (loop2): unmounting filesystem. [ 96.496180][ T4424] device hsr_slave_1 entered promiscuous mode [ 96.538256][ T4424] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 96.572787][ T4424] Cannot create hsr debugfs directory [ 96.905011][ T3655] Bluetooth: hci1: command tx timeout [ 97.118719][ T3695] device hsr_slave_0 left promiscuous mode [ 97.158552][ T3695] device hsr_slave_1 left promiscuous mode [ 97.204033][ T3695] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 97.211761][ T3695] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 97.275069][ T3695] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 97.282553][ T3695] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 97.318733][ T3695] device bridge_slave_1 left promiscuous mode [ 97.340120][ T3695] bridge0: port 2(bridge_slave_1) entered disabled state [ 97.364297][ T4591] befs: (nbd0): No write support. Marking filesystem read-only [ 97.377068][ T3695] device bridge_slave_0 left promiscuous mode [ 97.404238][ T3695] bridge0: port 1(bridge_slave_0) entered disabled state [ 97.430939][ T52] block nbd0: Attempted send on invalid socket [ 97.437854][ T52] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 97.519618][ T3695] device veth1_macvtap left promiscuous mode [ 97.526348][ T3695] device veth0_macvtap left promiscuous mode [ 97.532505][ T3695] device veth1_vlan left promiscuous mode [ 97.539559][ T3695] device veth0_vlan left promiscuous mode [ 98.605199][ T4625] xt_CT: You must specify a L4 protocol and not use inversions on it [ 98.636414][ T3695] team0 (unregistering): Port device team_slave_1 removed [ 98.701384][ T3695] team0 (unregistering): Port device team_slave_0 removed [ 98.766112][ T3695] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 98.820230][ T3695] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 98.994568][ T3655] Bluetooth: hci1: command tx timeout [ 99.019579][ T4635] loop0: detected capacity change from 0 to 256 [ 99.032212][ T4635] exfat: Deprecated parameter 'utf8' [ 99.037718][ T4635] exfat: Deprecated parameter 'namecase' [ 99.082224][ T4635] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x1806556a, utbl_chksum : 0xe619d30d) [ 99.522649][ T4643] loop0: detected capacity change from 0 to 64 [ 99.666359][ T3695] bond0 (unregistering): Released all slaves [ 99.780102][ T4599] netlink: 'syz.3.384': attribute type 30 has an invalid length. [ 99.824677][ T4609] netlink: 'syz.4.387': attribute type 7 has an invalid length. [ 99.832425][ T4609] netlink: 'syz.4.387': attribute type 8 has an invalid length. [ 99.929236][ T4649] netlink: 'syz.0.407': attribute type 2 has an invalid length. [ 100.432254][ T4667] program syz.2.416 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 100.722792][ T4677] netlink: 24 bytes leftover after parsing attributes in process `syz.3.419'. [ 100.923982][ T4678] loop2: detected capacity change from 0 to 4096 [ 100.979194][ T4688] loop4: detected capacity change from 0 to 256 [ 101.017910][ T4678] ntfs: (device loop2): check_mft_mirror(): $MFT and $MFTMirr (record 1) do not match. Run ntfsfix or chkdsk. [ 101.057930][ T4678] ntfs: (device loop2): load_system_files(): $MFTMirr does not match $MFT. Mounting read-only. Run ntfsfix and/or chkdsk. [ 101.071323][ T3655] Bluetooth: hci1: command tx timeout [ 101.095664][ T4678] ntfs: (device loop2): ntfs_read_locked_inode(): First extent of $DATA attribute has non zero lowest_vcn. [ 101.156900][ T4678] ntfs: (device loop2): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0xa as bad. Run chkdsk. [ 101.165977][ T4424] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 101.219708][ T4424] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 101.227345][ T14] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 101.251337][ T4678] ntfs: (device loop2): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 101.254092][ T4424] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 101.299067][ T4678] ntfs: volume version 3.1. [ 101.307157][ T4424] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 101.320987][ T4678] ntfs: (device loop2): ntfs_check_logfile(): Did not find any restart pages in $LogFile and it was not empty. [ 101.359089][ T4678] ntfs: (device loop2): load_system_files(): Failed to load $LogFile. Will not be able to remount read-write. Mount in Windows. [ 101.419903][ T4678] ntfs: (device loop2): ntfs_lookup_inode_by_name(): Index entry out of bounds in directory inode 0x5. [ 101.451023][ T4678] ntfs: (device loop2): check_windows_hibernation_status(): Failed to find inode number for hiberfil.sys. [ 101.468879][ T4678] ntfs: (device loop2): load_system_files(): Failed to determine if Windows is hibernated. Will not be able to remount read-write. Run chkdsk. [ 101.586357][ T4424] 8021q: adding VLAN 0 to HW filter on device bond0 [ 101.629675][ T4525] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 101.637169][ T14] usb 1-1: config 1 has an invalid interface number: 65 but max is 1 [ 101.656375][ T14] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 101.677542][ T4525] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 101.687127][ T14] usb 1-1: config 1 has 3 interfaces, different from the descriptor's value: 2 [ 101.726743][ T14] usb 1-1: config 1 has no interface number 2 [ 101.739320][ T4424] 8021q: adding VLAN 0 to HW filter on device team0 [ 101.768797][ T14] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 101.794240][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 101.794675][ T14] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 101.823357][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 101.854161][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 101.855717][ T14] usb 1-1: config 1 interface 1 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 101.861382][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 101.918108][ T14] usb 1-1: config 1 interface 1 has no altsetting 0 [ 101.973983][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 102.010641][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 102.036681][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 102.063624][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 102.070882][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 102.135195][ T14] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 102.144881][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 102.154896][ T14] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=131 [ 102.184527][ T14] usb 1-1: Product: syz [ 102.189712][ T14] usb 1-1: Manufacturer: syz [ 102.199055][ T14] usb 1-1: SerialNumber: syz [ 102.214941][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 102.250692][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 102.268348][ T14] cdc_ncm 1-1:1.65: CDC Union missing and no IAD found [ 102.272806][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 102.286004][ T14] cdc_ncm 1-1:1.65: bind() failure [ 102.295601][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 102.323954][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 102.378319][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 102.404768][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 102.408433][ T4692] loop3: detected capacity change from 0 to 32768 [ 102.447568][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 102.465823][ T4692] gfs2: fsid=statfs_quantum: Trying to join cluster "lock_nolock", "statfs_quantum" [ 102.473168][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 102.489350][ T4692] gfs2: fsid=statfs_quantum: Now mounting FS (format 1801)... [ 102.540237][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 102.552784][ T4692] gfs2: fsid=statfs_quantum.s: journal 0 mapped with 18 extents in 1ms [ 102.570591][ T4424] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 102.715433][ T14] usb 1-1: USB disconnect, device number 3 [ 102.792615][ T4701] loop4: detected capacity change from 0 to 32768 [ 102.852170][ T4701] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 scanned by syz.4.428 (4701) [ 102.894245][ T4692] gfs2: fsid=statfs_quantum.s: first mount done, others may mount [ 102.935026][ T4701] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 102.964882][ T4701] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [ 103.037380][ T4701] BTRFS info (device loop4): using free space tree [ 103.179831][ T4738] loop2: detected capacity change from 0 to 1764 [ 103.267694][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 103.294805][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 103.310314][ T4424] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 103.374765][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 103.469831][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 103.495449][ T4701] BTRFS info (device loop4): enabling ssd optimizations [ 103.554880][ T4525] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 103.570013][ T4753] loop0: detected capacity change from 0 to 256 [ 103.595863][ T4525] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 103.617873][ T4424] device veth0_vlan entered promiscuous mode [ 103.633534][ T4525] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 103.644062][ T4753] exFAT-fs (loop0): failed to load upcase table (idx : 0x00017f3e, chksum : 0x0b83170a, utbl_chksum : 0xe619d30d) [ 103.685639][ T4525] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 103.701052][ T4424] device veth1_vlan entered promiscuous mode [ 103.740465][ T3652] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 103.753568][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 103.811416][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 103.895059][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 103.955436][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 103.978220][ T4760] loop2: detected capacity change from 0 to 1024 [ 103.997487][ T4424] device veth0_macvtap entered promiscuous mode [ 104.034087][ T4760] EXT4-fs: Ignoring removed orlov option [ 104.054161][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 104.066226][ T4760] EXT4-fs: Ignoring removed nomblk_io_submit option [ 104.092433][ T4424] device veth1_macvtap entered promiscuous mode [ 104.145395][ T4760] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a80ec018, mo2=0002] [ 104.167315][ T4760] System zones: 0-1, 3-36 [ 104.173329][ T4424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 104.189573][ T4760] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 104.211677][ T4424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 104.245875][ T4424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 104.267645][ T4424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 104.277804][ T4424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 104.288572][ T4424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 104.298887][ T4424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 104.309662][ T4424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 104.329074][ T4424] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 104.342351][ T4525] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 104.385445][ T3640] EXT4-fs (loop2): unmounting filesystem. [ 104.385600][ T4525] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 104.477725][ T4424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 104.504147][ T4774] loop3: detected capacity change from 0 to 2048 [ 104.515056][ T4424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 104.544446][ T4424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 104.576792][ T4424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 104.600345][ T4774] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 104.626170][ T4424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 104.672809][ T4424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 104.713953][ T4424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 104.734533][ T4424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 104.756203][ T4424] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 104.907896][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 104.955359][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 104.969052][ T4424] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.002056][ T4789] loop3: detected capacity change from 0 to 8 [ 105.008474][ T4424] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.031002][ T4424] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.092777][ T4424] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.329659][ T11] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 105.493290][ T11] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 105.535228][ T32] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 105.543529][ T32] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 105.583269][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 105.691898][ T11] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 105.717195][ T4804] netlink: 20 bytes leftover after parsing attributes in process `syz.4.455'. [ 105.745911][ T32] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 105.754209][ T32] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 105.840088][ T11] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 105.903487][ T3695] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 106.650193][ T3655] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 106.668316][ T3655] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 106.685880][ T3655] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 106.698808][ T3655] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 106.708637][ T3655] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 106.723109][ T3655] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 106.757207][ T4829] loop1: detected capacity change from 0 to 4096 [ 106.787377][ T4829] ntfs3: loop1: Different NTFS' sector size (2048) and media sector size (512) [ 106.865408][ T4829] ntfs3: loop1: Mark volume as dirty due to NTFS errors [ 107.158222][ T4424] ntfs3: loop1: ntfs_evict_inode r=5 failed, -22. [ 107.391662][ T4860] netlink: 'syz.4.474': attribute type 1 has an invalid length. [ 107.422808][ T4861] IPv6: Can't replace route, no match found [ 108.148437][ T4833] chnl_net:caif_netlink_parms(): no params data found [ 108.618478][ T11] device hsr_slave_0 left promiscuous mode [ 108.625742][ T11] device hsr_slave_1 left promiscuous mode [ 108.632331][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 108.640536][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 108.660156][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 108.694057][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 108.744835][ T3655] Bluetooth: hci3: command tx timeout [ 108.761333][ T11] device bridge_slave_1 left promiscuous mode [ 108.785010][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 108.860504][ T11] device bridge_slave_0 left promiscuous mode [ 108.869199][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 109.058964][ T11] device veth1_macvtap left promiscuous mode [ 109.104864][ T11] device veth0_macvtap left promiscuous mode [ 109.111093][ T11] device veth1_vlan left promiscuous mode [ 109.174738][ T11] device veth0_vlan left promiscuous mode [ 109.248055][ T4869] loop4: detected capacity change from 0 to 40427 [ 109.287612][ T4869] F2FS-fs (loop4): invalid crc value [ 109.349758][ T4869] F2FS-fs (loop4): Found nat_bits in checkpoint [ 109.414686][ T4251] usb 4-1: new full-speed USB device number 3 using dummy_hcd [ 109.547960][ T4869] F2FS-fs (loop4): Cannot turn on quotas: -2 on 0 [ 109.580427][ T4869] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4 [ 109.647703][ T11] bond1 (unregistering): Released all slaves [ 109.774697][ T4251] usb 4-1: config index 0 descriptor too short (expected 156, got 27) [ 109.786199][ T4251] usb 4-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 109.814472][ T4251] usb 4-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 10 [ 109.844636][ T4251] usb 4-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 109.878425][ T4251] usb 4-1: config 0 interface 0 has no altsetting 0 [ 110.062029][ T4251] usb 4-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 110.092212][ T4251] usb 4-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 110.132694][ T4251] usb 4-1: Product: syz [ 110.144628][ T4251] usb 4-1: Manufacturer: syz [ 110.149290][ T4251] usb 4-1: SerialNumber: syz [ 110.176304][ T4251] usb 4-1: config 0 descriptor?? [ 110.216280][ T4251] ldusb 4-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 110.256285][ T4251] ldusb 4-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 110.473092][ T7] usb 4-1: USB disconnect, device number 3 [ 110.502682][ T7] ldusb 4-1:0.0: LD USB Device #0 now disconnected [ 110.570966][ T4960] --map-set only usable from mangle table [ 110.762623][ T4969] futex_wake_op: syz.4.507 tries to shift op by 32; fix this program [ 110.824711][ T3655] Bluetooth: hci3: command tx timeout [ 111.088175][ T4979] netlink: 16 bytes leftover after parsing attributes in process `syz.3.510'. [ 111.272340][ T4983] loop3: detected capacity change from 0 to 1024 [ 111.423438][ T11] team0 (unregistering): Port device team_slave_1 removed [ 111.484346][ T11] team0 (unregistering): Port device team_slave_0 removed [ 111.575456][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 111.642594][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 112.176246][ T11] bond0 (unregistering): Released all slaves [ 112.347475][ T4833] bridge0: port 1(bridge_slave_0) entered blocking state [ 112.364677][ T4833] bridge0: port 1(bridge_slave_0) entered disabled state [ 112.382218][ T4833] device bridge_slave_0 entered promiscuous mode [ 112.457993][ T4833] bridge0: port 2(bridge_slave_1) entered blocking state [ 112.476916][ T4833] bridge0: port 2(bridge_slave_1) entered disabled state [ 112.533540][ T4833] device bridge_slave_1 entered promiscuous mode [ 112.770411][ T4833] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 112.819776][ T4833] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 112.904526][ T3655] Bluetooth: hci3: command tx timeout [ 113.027447][ T4833] team0: Port device team_slave_0 added [ 113.051513][ T5019] netlink: 'syz.2.525': attribute type 10 has an invalid length. [ 113.070101][ T4833] team0: Port device team_slave_1 added [ 113.271968][ T4833] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 113.294459][ T4833] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 113.381371][ T4833] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 113.401411][ T4833] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 113.411084][ T4833] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 113.484296][ T4833] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 113.495512][ T5036] netlink: 60 bytes leftover after parsing attributes in process `syz.4.532'. [ 113.524974][ T5036] netlink: 16 bytes leftover after parsing attributes in process `syz.4.532'. [ 113.541853][ T5036] netlink: 16 bytes leftover after parsing attributes in process `syz.4.532'. [ 113.731808][ T4833] device hsr_slave_0 entered promiscuous mode [ 113.762645][ T4833] device hsr_slave_1 entered promiscuous mode [ 113.819521][ T5045] netlink: 16 bytes leftover after parsing attributes in process `syz.3.537'. [ 113.844545][ T5045] netlink: 57 bytes leftover after parsing attributes in process `syz.3.537'. [ 113.913272][ T5050] loop2: detected capacity change from 0 to 8 [ 114.481185][ T5068] netlink: 'syz.1.546': attribute type 1 has an invalid length. [ 114.721127][ T5079] loop1: detected capacity change from 0 to 8 [ 114.984826][ T3655] Bluetooth: hci3: command tx timeout [ 115.368967][ T4833] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 115.450947][ T4833] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 115.488632][ T4833] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 115.557744][ T4833] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 115.797656][ T5114] loop3: detected capacity change from 0 to 128 [ 115.924561][ T4833] 8021q: adding VLAN 0 to HW filter on device bond0 [ 115.946468][ T5120] loop4: detected capacity change from 0 to 256 [ 115.994156][ T4833] 8021q: adding VLAN 0 to HW filter on device team0 [ 116.044108][ T5120] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x1aabf3fb, utbl_chksum : 0xe619d30d) [ 116.070710][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 116.095445][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 116.167416][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 116.182816][ T5126] 9pnet_fd: p9_fd_create_tcp (5126): problem connecting socket to 127.0.0.1 [ 116.222078][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 116.265570][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 116.272728][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 116.324084][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 116.360790][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 116.382144][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 116.389374][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 116.407019][ T5134] loop2: detected capacity change from 0 to 256 [ 116.432465][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 116.481523][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 116.517745][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 116.549990][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 116.584286][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 116.624500][ T4246] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 116.641234][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 116.687465][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 116.739142][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 116.772736][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 116.810791][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 116.829695][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 116.860950][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 116.874589][ T4246] usb 2-1: Using ep0 maxpacket: 8 [ 116.886890][ T4833] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 117.004918][ T4246] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 117.044506][ T4246] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 8 [ 117.074509][ T4246] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 117.111369][ T4246] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0 [ 117.190399][ T5161] usb usb8: usbfs: process 5161 (syz.3.582) did not claim interface 0 before use [ 117.190480][ T5162] netlink: 64 bytes leftover after parsing attributes in process `syz.4.583'. [ 117.224822][ T4246] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40 [ 117.244639][ T4246] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 117.252784][ T4246] usb 2-1: SerialNumber: syz [ 117.303011][ T5168] xt_l2tp: invalid flags combination: 8 [ 117.325109][ T5132] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 117.345693][ T4246] cdc_ether: probe of 2-1:1.0 failed with error -22 [ 117.364873][ T4246] usb-storage 2-1:1.0: USB Mass Storage device detected [ 117.440888][ T4246] usb-storage 2-1:1.0: Quirks match for vid 0525 pid a4a5: 10000 [ 117.469555][ T4246] scsi host1: usb-storage 2-1:1.0 [ 117.564360][ T26] kauditd_printk_skb: 6 callbacks suppressed [ 117.578270][ T26] audit: type=1326 audit(1727460187.111:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5179 comm="syz.4.588" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc8637dff9 code=0x7ffc0000 [ 117.713308][ T26] audit: type=1326 audit(1727460187.121:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5179 comm="syz.4.588" exe="/root/syz-executor" sig=0 arch=c000003e syscall=192 compat=0 ip=0x7efc8637dff9 code=0x7ffc0000 [ 117.743562][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 117.785852][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 117.817757][ T26] audit: type=1326 audit(1727460187.121:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5179 comm="syz.4.588" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc8637dff9 code=0x7ffc0000 [ 117.862964][ T4833] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 117.924814][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 117.954277][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 118.078768][ T4525] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 118.101848][ T4525] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 118.132616][ T4525] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 118.157043][ T4525] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 118.166692][ T4833] device veth0_vlan entered promiscuous mode [ 118.252589][ T4833] device veth1_vlan entered promiscuous mode [ 118.386306][ T5207] loop3: detected capacity change from 0 to 512 [ 118.390504][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 118.422360][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 118.450927][ T4833] device veth0_macvtap entered promiscuous mode [ 118.481300][ T4833] device veth1_macvtap entered promiscuous mode [ 118.507974][ T5207] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 118.539052][ T5207] ext4 filesystem being mounted at /150/file0 supports timestamps until 2038 (0x7fffffff) [ 118.589482][ T4833] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 118.654442][ T4833] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 118.685055][ T4833] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 118.705917][ T4833] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 118.750747][ T4833] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 118.767441][ T4833] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 118.777864][ T4833] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 118.789240][ T4833] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 118.808630][ T5175] usb 2-1: reset high-speed USB device number 2 using dummy_hcd [ 118.812845][ T4833] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 118.848523][ T3638] EXT4-fs (loop3): unmounting filesystem. [ 118.881182][ T4833] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 118.941512][ T4833] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 118.965201][ T4833] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 119.017190][ T5231] netlink: 20 bytes leftover after parsing attributes in process `syz.4.603'. [ 119.028790][ T4833] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 119.049201][ T4833] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 119.070182][ T5231] netlink: 20 bytes leftover after parsing attributes in process `syz.4.603'. [ 119.095547][ T4833] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 119.124547][ T4833] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 119.161116][ T4833] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 119.185664][ T4833] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 119.210470][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 119.240032][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 119.289362][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 119.303631][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 119.320651][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 119.367196][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 119.391136][ T4833] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 119.442153][ T4833] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 119.461442][ T4833] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 119.504537][ T4833] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 119.572040][ T5248] netlink: 140 bytes leftover after parsing attributes in process `syz.4.612'. [ 119.665681][ T3685] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 119.719348][ T7] usb 2-1: USB disconnect, device number 2 [ 119.747041][ T47] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.784948][ T47] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.849384][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 119.862371][ T4525] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.875457][ T4525] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.903315][ T4408] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 119.914922][ T3685] usb 3-1: Using ep0 maxpacket: 16 [ 119.974656][ T4246] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 120.056023][ T3685] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid wMaxPacketSize 0 [ 120.159565][ T5266] AppArmor: change_hat: Invalid input '0' [ 120.234618][ T4246] usb 4-1: Using ep0 maxpacket: 16 [ 120.234816][ T3685] usb 3-1: New USB device found, idVendor=18d1, idProduct=1eaf, bcdDevice= 7.79 [ 120.281819][ T3685] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 120.310628][ T3685] usb 3-1: Product: syz [ 120.320429][ T3685] usb 3-1: Manufacturer: syz [ 120.329462][ T3685] usb 3-1: SerialNumber: syz [ 120.356703][ T3685] usb 3-1: config 0 descriptor?? [ 120.373428][ T4246] usb 4-1: config 0 has an invalid interface number: 214 but max is 0 [ 120.382768][ T5269] loop0: detected capacity change from 0 to 1764 [ 120.395271][ T4246] usb 4-1: config 0 has no interface number 0 [ 120.408941][ T4246] usb 4-1: config 0 interface 214 altsetting 0 endpoint 0x83 has invalid maxpacket 1023, setting to 64 [ 120.586676][ T4246] usb 4-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5 [ 120.606179][ T4246] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 120.626422][ T4246] usb 4-1: Product: syz [ 120.630652][ T4246] usb 4-1: Manufacturer: syz [ 120.642555][ T3685] usb 3-1: Unknown endpoint type found, address 0x06 [ 120.654268][ T4246] usb 4-1: SerialNumber: syz [ 120.656934][ T3685] usb 3-1: Not enough endpoints found in device, aborting! [ 120.671684][ T4246] usb 4-1: config 0 descriptor?? [ 120.855044][ T3685] usb 3-1: USB disconnect, device number 4 [ 121.164840][ T4246] usbtouchscreen: probe of 4-1:0.214 failed with error -71 [ 121.181684][ T4246] usb 4-1: USB disconnect, device number 4 [ 121.560229][ T5310] netlink: zone id is out of range [ 121.574868][ T5310] netlink: zone id is out of range [ 121.594102][ T5310] netlink: zone id is out of range [ 121.603859][ T5310] netlink: zone id is out of range [ 121.609881][ T5310] netlink: zone id is out of range [ 121.617131][ T5310] netlink: zone id is out of range [ 121.623817][ T5310] netlink: zone id is out of range [ 121.640178][ T5310] netlink: zone id is out of range [ 121.648185][ T5310] netlink: zone id is out of range [ 121.653595][ T5310] netlink: zone id is out of range [ 122.003139][ T5316] loop4: detected capacity change from 0 to 8192 [ 122.055792][ T5316] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 122.172012][ T5316] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000001) [ 122.212286][ T5316] FAT-fs (loop4): Filesystem has been set read-only [ 122.329019][ T5298] loop0: detected capacity change from 0 to 32768 [ 122.351697][ T5298] gfs2: fsid=statfs_quantum: Trying to join cluster "lock_nolock", "statfs_quantum" [ 122.430570][ T5298] gfs2: fsid=statfs_quantum: Now mounting FS (format 1801)... [ 122.496107][ T5298] gfs2: fsid=statfs_quantum.s: journal 0 mapped with 18 extents in 0ms [ 122.686291][ T5338] netlink: 8 bytes leftover after parsing attributes in process `syz.3.655'. [ 122.734630][ T5338] netlink: 16 bytes leftover after parsing attributes in process `syz.3.655'. [ 122.834804][ T5298] gfs2: fsid=statfs_quantum.s: first mount done, others may mount [ 122.849046][ T5314] loop1: detected capacity change from 0 to 32768 [ 122.917577][ T5314] ialloc: diAlloc returned -5! [ 123.173630][ T5350] loop2: detected capacity change from 0 to 256 [ 123.181699][ T5346] loop4: detected capacity change from 0 to 4096 [ 123.292697][ T5346] NILFS (loop4): invalid segment: Checksum error in segment payload [ 123.322565][ T5346] NILFS (loop4): trying rollback from an earlier position [ 123.333288][ T5350] FAT-fs (loop2): Directory bread(block 64) failed [ 123.364509][ T5350] FAT-fs (loop2): Directory bread(block 65) failed [ 123.372412][ T5350] FAT-fs (loop2): Directory bread(block 66) failed [ 123.389570][ T5346] NILFS (loop4): recovery complete [ 123.408148][ T5350] FAT-fs (loop2): Directory bread(block 67) failed [ 123.435793][ T5356] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 123.445158][ T5350] FAT-fs (loop2): Directory bread(block 68) failed [ 123.452902][ T5350] FAT-fs (loop2): Directory bread(block 69) failed [ 123.514575][ T5350] FAT-fs (loop2): Directory bread(block 70) failed [ 123.541569][ T5350] FAT-fs (loop2): Directory bread(block 71) failed [ 123.570716][ T5359] loop1: detected capacity change from 0 to 16 [ 123.576550][ T5350] FAT-fs (loop2): Directory bread(block 72) failed [ 123.583517][ T5350] FAT-fs (loop2): Directory bread(block 73) failed [ 123.639276][ T5359] erofs: (device loop1): mounted with root inode @ nid 36. [ 123.838537][ T5366] netlink: 16 bytes leftover after parsing attributes in process `syz.0.668'. [ 124.118250][ T5379] loop2: detected capacity change from 0 to 64 [ 124.187458][ T5379] Trying to free block not in datazone [ 124.224228][ T5379] Trying to free block not in datazone [ 124.245811][ T5379] Trying to free block not in datazone [ 124.264800][ T5379] Trying to free block not in datazone [ 124.290664][ T5379] minix_free_block (loop2:6): bit already cleared [ 124.330336][ T5379] Trying to free block not in datazone [ 124.364508][ T5379] Trying to free block not in datazone [ 124.635202][ T5400] netlink: 'syz.2.682': attribute type 10 has an invalid length. [ 124.717801][ T5400] team0: Port device dummy0 added [ 124.785341][ T5407] wlan0 speed is unknown, defaulting to 1000 [ 124.835896][ T5407] wlan0 speed is unknown, defaulting to 1000 [ 124.853601][ T5407] wlan0 speed is unknown, defaulting to 1000 [ 124.944668][ T5407] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 125.009223][ T5407] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 125.167557][ T5407] wlan0 speed is unknown, defaulting to 1000 [ 125.238769][ T5407] wlan0 speed is unknown, defaulting to 1000 [ 125.296245][ T5407] wlan0 speed is unknown, defaulting to 1000 [ 125.303473][ T5407] wlan0 speed is unknown, defaulting to 1000 [ 125.371438][ T5407] wlan0 speed is unknown, defaulting to 1000 [ 125.425291][ T26] audit: type=1326 audit(1727460194.981:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5428 comm="syz.0.697" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa51417dff9 code=0x7ffc0000 [ 125.532456][ T26] audit: type=1326 audit(1727460195.001:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5428 comm="syz.0.697" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa51417dff9 code=0x7ffc0000 [ 125.623530][ T26] audit: type=1326 audit(1727460195.001:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5428 comm="syz.0.697" exe="/root/syz-executor" sig=0 arch=c000003e syscall=121 compat=0 ip=0x7fa51417dff9 code=0x7ffc0000 [ 125.680358][ T26] audit: type=1326 audit(1727460195.001:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5428 comm="syz.0.697" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa51417dff9 code=0x7ffc0000 [ 125.754935][ T26] audit: type=1326 audit(1727460195.001:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5428 comm="syz.0.697" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa51417dff9 code=0x7ffc0000 [ 125.804577][ T7] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 125.862239][ T5445] netlink: 4 bytes leftover after parsing attributes in process `syz.3.705'. [ 125.884840][ T5449] syz.0.706 uses obsolete (PF_INET,SOCK_PACKET) [ 126.048653][ T7] usb 2-1: Using ep0 maxpacket: 16 [ 126.144683][ T3691] usb 3-1: new full-speed USB device number 5 using dummy_hcd [ 126.195817][ T5461] loop3: detected capacity change from 0 to 1024 [ 126.253695][ T5461] hfsplus: bad catalog entry type [ 126.294073][ T5465] loop4: detected capacity change from 0 to 8 [ 126.351201][ T7] usb 2-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 126.363761][ T7] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 126.377216][ T5465] SQUASHFS error: zlib decompression failed, data probably corrupt [ 126.378455][ T7] usb 2-1: Product: syz [ 126.390917][ T56] hfsplus: b-tree write err: -5, ino 4 [ 126.394094][ T7] usb 2-1: Manufacturer: syz [ 126.402264][ T7] usb 2-1: SerialNumber: syz [ 126.407075][ T5465] SQUASHFS error: Failed to read block 0x4e8: -5 [ 126.414084][ T26] audit: type=1800 audit(1727460195.961:11): pid=5465 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.714" name="file1" dev="loop4" ino=5 res=0 errno=0 [ 126.436278][ T7] r8152-cfgselector 2-1: config 0 descriptor?? [ 126.567110][ T3691] usb 3-1: config index 0 descriptor too short (expected 156, got 27) [ 126.587086][ T3691] usb 3-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 126.603310][ T3691] usb 3-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 10 [ 126.614933][ T3691] usb 3-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 126.628828][ T3691] usb 3-1: config 0 interface 0 has no altsetting 0 [ 126.735828][ T5477] 9pnet_fd: p9_fd_create_tcp (5477): problem connecting socket to 127.0.0.1 [ 126.814816][ T3691] usb 3-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 126.844545][ T3691] usb 3-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 126.869619][ T3691] usb 3-1: Product: syz [ 126.873891][ T3691] usb 3-1: Manufacturer: syz [ 126.892248][ T3691] usb 3-1: SerialNumber: syz [ 126.905548][ T3691] usb 3-1: config 0 descriptor?? [ 126.934986][ T7] r8152-cfgselector 2-1: Unknown version 0x0000 [ 126.944748][ T7] r8152-cfgselector 2-1: bad CDC descriptors [ 126.966319][ T3691] ldusb 3-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 126.994845][ T7] r8152-cfgselector 2-1: Unknown version 0x0000 [ 127.002270][ T3691] ldusb 3-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 127.020028][ T7] r8152-cfgselector 2-1: USB disconnect, device number 3 [ 127.241209][ T4763] usb 3-1: USB disconnect, device number 5 [ 127.255212][ T4763] ldusb 3-1:0.0: LD USB Device #0 now disconnected [ 127.590734][ T5502] netlink: 36 bytes leftover after parsing attributes in process `syz.0.732'. [ 128.004870][ T5516] loop2: detected capacity change from 0 to 764 [ 128.033751][ T5521] netlink: 128 bytes leftover after parsing attributes in process `syz.1.742'. [ 128.047651][ T5516] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 128.069058][ T5521] netlink: 20 bytes leftover after parsing attributes in process `syz.1.742'. [ 128.075177][ T5479] loop4: detected capacity change from 0 to 32768 [ 128.101039][ T5516] Symlink component flag not implemented [ 128.114637][ T5521] netlink: 20 bytes leftover after parsing attributes in process `syz.1.742'. [ 128.128302][ T5479] gfs2: fsid=statfs_quantum: Trying to join cluster "lock_nolock", "statfs_quantum" [ 128.133981][ T5516] Symlink component flag not implemented [ 128.160539][ T5516] Symlink component flag not implemented (128) [ 128.164948][ T5479] gfs2: fsid=statfs_quantum: Now mounting FS (format 1801)... [ 128.204665][ T5516] Symlink component flag not implemented (97) [ 128.230715][ T5479] gfs2: fsid=statfs_quantum.s: journal 0 mapped with 18 extents in 0ms [ 128.518959][ T5479] gfs2: fsid=statfs_quantum.s: first mount done, others may mount [ 128.824847][ T7] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 128.867333][ T5546] AppArmor: change_hat: Invalid input '' [ 129.049578][ T5555] loop3: detected capacity change from 0 to 256 [ 129.084584][ T7] usb 1-1: Using ep0 maxpacket: 16 [ 129.154547][ T26] audit: type=1326 audit(2000000000.550:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5557 comm="syz.1.760" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d6a37dff9 code=0x7ffc0000 [ 129.225906][ T7] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16 [ 129.233656][ T26] audit: type=1326 audit(2000000000.560:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5557 comm="syz.1.760" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f5d6a37ff17 code=0x7ffc0000 [ 129.270558][ T7] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64 [ 129.303912][ T26] audit: type=1326 audit(2000000000.560:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5557 comm="syz.1.760" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7f5d6a37fe8c code=0x7ffc0000 [ 129.410879][ T26] audit: type=1326 audit(2000000000.560:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5557 comm="syz.1.760" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7f5d6a37fdc4 code=0x7ffc0000 [ 129.473483][ T5570] x_tables: unsorted entry at hook 3 [ 129.510374][ T7] usb 1-1: New USB device found, idVendor=1189, idProduct=0893, bcdDevice=f4.95 [ 129.530167][ T7] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 129.555757][ T7] usb 1-1: Product: syz [ 129.569795][ T7] usb 1-1: Manufacturer: syz [ 129.600151][ T7] usb 1-1: SerialNumber: syz [ 129.622612][ T7] usb 1-1: config 0 descriptor?? [ 129.654758][ T5535] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 129.662696][ T5535] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 129.722455][ T5580] loop3: detected capacity change from 0 to 512 [ 129.826127][ T5580] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 129.859565][ T5580] ext4 filesystem being mounted at /194/file1 supports timestamps until 2038 (0x7fffffff) [ 129.909811][ T5535] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 129.910858][ T5590] loop4: detected capacity change from 0 to 256 [ 129.921142][ T5535] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 129.961470][ T5580] EXT4-fs error (device loop3): ext4_xattr_inode_iget:404: comm syz.3.771: inode #1792: comm syz.3.771: iget: illegal inode # [ 130.009907][ T5580] EXT4-fs error (device loop3): ext4_xattr_inode_iget:409: comm syz.3.771: error while reading EA inode 1792 err=-117 [ 130.034276][ T5590] FAT-fs (loop4): Directory bread(block 64) failed [ 130.051780][ T5590] FAT-fs (loop4): Directory bread(block 65) failed [ 130.062316][ T5580] EXT4-fs error (device loop3): ext4_xattr_inode_iget:404: comm syz.3.771: inode #1792: comm syz.3.771: iget: illegal inode # [ 130.084815][ T5590] FAT-fs (loop4): Directory bread(block 66) failed [ 130.098174][ T5590] FAT-fs (loop4): Directory bread(block 67) failed [ 130.105022][ T5580] EXT4-fs error (device loop3): ext4_xattr_inode_iget:409: comm syz.3.771: error while reading EA inode 1792 err=-117 [ 130.127832][ T5590] FAT-fs (loop4): Directory bread(block 68) failed [ 130.167279][ T5590] FAT-fs (loop4): Directory bread(block 69) failed [ 130.174853][ T7] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 130.195276][ T7] asix: probe of 1-1:0.0 failed with error -71 [ 130.202622][ T5590] FAT-fs (loop4): Directory bread(block 70) failed [ 130.226296][ T5590] FAT-fs (loop4): Directory bread(block 71) failed [ 130.234894][ T7] usb 1-1: USB disconnect, device number 4 [ 130.240543][ T5590] FAT-fs (loop4): Directory bread(block 72) failed [ 130.249700][ T5590] FAT-fs (loop4): Directory bread(block 73) failed [ 130.298524][ T3638] EXT4-fs (loop3): unmounting filesystem. [ 130.727050][ T5615] netlink: 404 bytes leftover after parsing attributes in process `syz.4.785'. [ 130.777047][ T5615] netlink: 28 bytes leftover after parsing attributes in process `syz.4.785'. [ 130.805226][ T5615] netlink: 28 bytes leftover after parsing attributes in process `syz.4.785'. [ 130.831668][ T5619] netlink: 68 bytes leftover after parsing attributes in process `syz.0.788'. [ 130.840789][ T5615] netlink: 20 bytes leftover after parsing attributes in process `syz.4.785'. [ 131.423543][ T5644] netlink: 'syz.4.800': attribute type 22 has an invalid length. [ 131.492245][ T5647] netlink: 'syz.3.801': attribute type 10 has an invalid length. [ 131.570527][ T5650] loop0: detected capacity change from 0 to 8 [ 131.586229][ T5647] team0: Port device dummy0 added [ 131.883265][ T5664] loop1: detected capacity change from 0 to 512 [ 131.966552][ T5664] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 131.984783][ T5664] ext4 filesystem being mounted at /70/bus supports timestamps until 2038 (0x7fffffff) [ 132.242973][ T4424] EXT4-fs (loop1): unmounting filesystem. [ 132.385982][ T26] kauditd_printk_skb: 3 callbacks suppressed [ 132.385998][ T26] audit: type=1326 audit(2000000003.790:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5682 comm="syz.3.819" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f181f57dff9 code=0x0 [ 132.457340][ T5689] netlink: 'syz.4.820': attribute type 10 has an invalid length. [ 132.648627][ T7] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 132.715624][ T5689] team0: Port device dummy0 added [ 132.828768][ T1271] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.835354][ T1271] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.902067][ T5703] loop4: detected capacity change from 0 to 1024 [ 132.915118][ T7] usb 2-1: Using ep0 maxpacket: 8 [ 132.988034][ T5708] netlink: 12 bytes leftover after parsing attributes in process `syz.3.831'. [ 133.058108][ T7] usb 2-1: config 0 has an invalid interface number: 6 but max is 2 [ 133.078193][ T7] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 133.103897][ T7] usb 2-1: config 0 has 2 interfaces, different from the descriptor's value: 3 [ 133.153551][ T7] usb 2-1: config 0 has no interface number 1 [ 133.165022][ T7] usb 2-1: New USB device found, idVendor=05c6, idProduct=9205, bcdDevice=29.ac [ 133.191149][ T7] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 133.230809][ T5716] siw: device registration error -23 [ 133.234909][ T7] usb 2-1: config 0 descriptor?? [ 133.276036][ T7] usb 2-1: unknown number of interfaces: 2 [ 133.482371][ T7] usb 2-1: USB disconnect, device number 4 [ 133.494673][ T3689] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 133.549007][ T5726] loop4: detected capacity change from 0 to 4096 [ 133.568368][ T5724] loop2: detected capacity change from 0 to 4096 [ 133.579304][ T5724] ntfs3: loop2: Different NTFS' sector size (4096) and media sector size (512) [ 133.652255][ T5724] ntfs3: loop2: Mark volume as dirty due to NTFS errors [ 133.764460][ T3689] usb 4-1: Using ep0 maxpacket: 32 [ 133.884868][ T3689] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 133.912169][ T3689] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 133.939452][ T3689] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 133.958159][ T3689] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 133.999781][ T3689] usb 4-1: config 0 descriptor?? [ 134.080096][ T3689] hub 4-1:0.0: USB hub found [ 134.145708][ T5743] loop1: detected capacity change from 0 to 64 [ 134.294629][ T3689] hub 4-1:0.0: config failed, hub has too many ports! (err -19) [ 134.330734][ T5748] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 134.399765][ T5748] x_tables: ip6_tables: esp match: only valid for protocol 50 [ 134.594732][ T3689] usbhid 4-1:0.0: can't add hid device: -71 [ 134.600960][ T3689] usbhid: probe of 4-1:0.0 failed with error -71 [ 134.650653][ T5756] loop2: detected capacity change from 0 to 4096 [ 134.665503][ T3689] usb 4-1: USB disconnect, device number 5 [ 134.693122][ T5756] ntfs3: loop2: Different NTFS' sector size (4096) and media sector size (512) [ 134.794868][ T5758] loop4: detected capacity change from 0 to 8192 [ 134.835323][ T5758] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 134.854738][ T5758] REISERFS (device loop4): found reiserfs format "3.6" with non-standard journal [ 134.864083][ T5758] REISERFS (device loop4): using ordered data mode [ 134.922515][ T5758] reiserfs: using flush barriers [ 134.966675][ T5758] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 134.995346][ T5758] REISERFS (device loop4): checking transaction log (loop4) [ 135.366302][ T5758] REISERFS (device loop4): Using tea hash to sort names [ 135.409152][ T5758] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage. [ 135.410960][ T5786] loop1: detected capacity change from 0 to 764 [ 135.533727][ T5786] Symlink component flag not implemented [ 135.542978][ T5786] Symlink component flag not implemented [ 135.562370][ T5786] Symlink component flag not implemented (129) [ 135.579588][ T5792] netlink: 'syz.2.872': attribute type 10 has an invalid length. [ 135.599960][ T5786] Symlink component flag not implemented (6) [ 135.664816][ T5792] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 135.696529][ T5792] team0: Port device batadv0 added [ 135.713871][ T5796] tmpfs: Bad value for 'mpol' [ 136.293643][ T5818] x_tables: ip_tables: TCPOPTSTRIP target: only valid in mangle table, not raw [ 136.979021][ T5850] netlink: 48 bytes leftover after parsing attributes in process `syz.2.899'. [ 137.101527][ T5854] loop1: detected capacity change from 0 to 256 [ 137.172841][ T5854] exFAT-fs (loop1): failed to load upcase table (idx : 0x00011f3f, chksum : 0x96b62a4c, utbl_chksum : 0xe619d30d) [ 137.235367][ T5854] exFAT-fs (loop1): error, exfat_zeroed_cluster: out of range(sect:224 len:8) [ 137.285269][ T5854] exFAT-fs (loop1): Filesystem has been set read-only [ 137.442761][ T5864] loop3: detected capacity change from 0 to 512 [ 137.516246][ T5864] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 137.554924][ T5864] ext4 filesystem being mounted at /217/file0 supports timestamps until 2038 (0x7fffffff) [ 137.704189][ T3638] EXT4-fs (loop3): unmounting filesystem. [ 137.799883][ T5875] loop1: detected capacity change from 0 to 4096 [ 138.025468][ T5875] ntfs: (device loop1): parse_options(): NLS character set iso not found. Using previous one cp950. [ 138.084189][ T5875] ntfs: volume version 3.1. [ 138.379077][ T5838] loop4: detected capacity change from 0 to 32768 [ 138.456880][ T5838] gfs2: fsid=_dev_net_tun: Trying to join cluster "lock_nolock", "_dev_net_tun" [ 138.496466][ T5838] gfs2: fsid=_dev_net_tun: Now mounting FS (format 1801)... [ 138.543448][ T5838] gfs2: fsid=_dev_net_tun.0: journal 0 mapped with 16 extents in 0ms [ 138.565398][ T7] gfs2: fsid=_dev_net_tun.0: jid=0, already locked for use [ 138.607395][ T7] gfs2: fsid=_dev_net_tun.0: jid=0: Looking at journal... [ 138.813394][ T7] gfs2: fsid=_dev_net_tun.0: jid=0: Journal head lookup took 205ms [ 138.849660][ T7] gfs2: fsid=_dev_net_tun.0: jid=0: Done [ 138.867092][ T5838] gfs2: fsid=_dev_net_tun.0: first mount done, others may mount [ 138.997813][ T5873] loop0: detected capacity change from 0 to 32768 [ 139.074578][ T5873] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz.0.911 (5873) [ 139.187196][ T5908] loop2: detected capacity change from 0 to 8 [ 139.195017][ T5873] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 139.226196][ T5873] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 139.277468][ T5873] BTRFS info (device loop0): using free space tree [ 139.394639][ T7] usb 4-1: new full-speed USB device number 6 using dummy_hcd [ 139.604526][ T5873] BTRFS info (device loop0): enabling ssd optimizations [ 139.775034][ T4833] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 139.804723][ T7] usb 4-1: config 4 has an invalid interface number: 231 but max is 0 [ 139.812965][ T7] usb 4-1: config 4 has no interface number 0 [ 139.928062][ T5944] bond0: option active_slave: mode dependency failed, not supported in mode balance-rr(0) [ 140.054673][ T7] usb 4-1: New USB device found, idVendor=13d3, idProduct=3224, bcdDevice=cb.0d [ 140.077960][ T7] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 140.120268][ T7] usb 4-1: Product: syz [ 140.138887][ T7] usb 4-1: Manufacturer: syz [ 140.163928][ T7] usb 4-1: SerialNumber: syz [ 140.180642][ T5950] loop0: detected capacity change from 0 to 16 [ 140.225407][ T5950] MTD: Attempt to mount non-MTD device "/dev/loop0" [ 140.227042][ T7] dvb-usb: found a 'DigitalNow TinyUSB 2 DVB-t Receiver' in warm state. [ 140.464814][ T7] vp7045: USB control message 'out' went wrong. [ 140.468120][ T5962] xt_TCPMSS: Only works on TCP SYN packets [ 140.471520][ T7] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter) [ 140.471558][ T7] dvb-usb: DigitalNow TinyUSB 2 DVB-t Receiver error while loading driver (-19) [ 140.484264][ T7] usb 4-1: USB disconnect, device number 6 [ 140.728216][ T5967] loop1: detected capacity change from 0 to 2048 [ 140.788985][ T5967] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 140.848078][ T5974] usb usb9: usbfs: process 5974 (syz.4.951) did not claim interface 0 before use [ 141.074710][ T3685] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 141.444703][ T3685] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 141.464253][ T3685] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 141.500511][ T3685] usb 3-1: config 0 descriptor?? [ 141.764575][ T3685] ath6kl: Failed to submit usb control message: -71 [ 141.771561][ T3685] ath6kl: unable to send the bmi data to the device: -71 [ 141.806892][ T3685] ath6kl: Unable to send get target info: -71 [ 141.847743][ T3685] ath6kl: Failed to init ath6kl core: -71 [ 141.922857][ T6023] loop1: detected capacity change from 0 to 256 [ 141.958136][ T3685] ath6kl_usb: probe of 3-1:0.0 failed with error -71 [ 141.978616][ T3685] usb 3-1: USB disconnect, device number 6 [ 142.041877][ T6023] FAT-fs (loop1): Directory bread(block 64) failed [ 142.060542][ T6023] FAT-fs (loop1): Directory bread(block 65) failed [ 142.088291][ T6023] FAT-fs (loop1): Directory bread(block 66) failed [ 142.097610][ T6023] FAT-fs (loop1): Directory bread(block 67) failed [ 142.121807][ T6023] FAT-fs (loop1): Directory bread(block 68) failed [ 142.139252][ T6023] FAT-fs (loop1): Directory bread(block 69) failed [ 142.174650][ T6023] FAT-fs (loop1): Directory bread(block 70) failed [ 142.181337][ T6023] FAT-fs (loop1): Directory bread(block 71) failed [ 142.211124][ T6023] FAT-fs (loop1): Directory bread(block 72) failed [ 142.224208][ T6023] FAT-fs (loop1): Directory bread(block 73) failed [ 142.533358][ T6037] loop3: detected capacity change from 0 to 4096 [ 142.575316][ T6037] ntfs3: loop3: Different NTFS' sector size (2048) and media sector size (512) [ 142.642279][ T6041] 9pnet: Could not find request transport: 0x0000000000000003 [ 142.784692][ T34] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 142.953799][ T6053] block device autoloading is deprecated and will be removed. [ 142.955233][ T6058] loop2: detected capacity change from 0 to 512 [ 143.016410][ T6058] EXT4-fs: Ignoring removed bh option [ 143.029100][ T34] usb 2-1: Using ep0 maxpacket: 16 [ 143.092979][ T6058] Quota error (device loop2): find_tree_dqentry: Cycle in quota tree detected: block 1 index 0 [ 143.117913][ T6058] Quota error (device loop2): qtree_read_dquot: Can't read quota structure for id 0 [ 143.140726][ T6058] EXT4-fs error (device loop2): ext4_acquire_dquot:6800: comm syz.2.990: Failed to acquire dquot type 0 [ 143.156153][ T34] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid wMaxPacketSize 0 [ 143.196206][ T6058] EXT4-fs (loop2): Remounting filesystem read-only [ 143.213340][ T6058] EXT4-fs (loop2): 1 orphan inode deleted [ 143.250205][ T6058] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 143.272411][ T6058] ext4 filesystem being mounted at /201/file1 supports timestamps until 2038 (0x7fffffff) [ 143.314593][ T3685] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 143.334744][ T34] usb 2-1: New USB device found, idVendor=18d1, idProduct=1eaf, bcdDevice= 7.79 [ 143.360624][ T34] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 143.375961][ T34] usb 2-1: Product: syz [ 143.380259][ T34] usb 2-1: Manufacturer: syz [ 143.386193][ T34] usb 2-1: SerialNumber: syz [ 143.392532][ T34] usb 2-1: config 0 descriptor?? [ 143.533015][ T3640] EXT4-fs (loop2): unmounting filesystem. [ 143.584668][ T3685] usb 1-1: Using ep0 maxpacket: 32 [ 143.666271][ T34] usb 2-1: Unknown endpoint type found, address 0x06 [ 143.673064][ T34] usb 2-1: Not enough endpoints found in device, aborting! [ 143.736610][ T3685] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 175 [ 143.863913][ T6090] loop3: detected capacity change from 0 to 4096 [ 143.880402][ T6090] ntfs3: loop3: Different NTFS' sector size (4096) and media sector size (512) [ 143.908022][ T34] usb 2-1: USB disconnect, device number 5 [ 143.950681][ T3685] usb 1-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=58.16 [ 143.961034][ T3685] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 143.991400][ T3685] usb 1-1: Product: syz [ 144.011471][ T3685] usb 1-1: Manufacturer: syz [ 144.027234][ T3685] usb 1-1: SerialNumber: syz [ 144.042845][ T6093] tmpfs: Bad value for 'mpol' [ 144.048867][ T3685] usb 1-1: config 0 descriptor?? [ 144.074979][ T6060] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 144.084627][ T3691] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 144.126781][ T3685] usb 1-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 144.266404][ T6102] netlink: 'syz.4.1009': attribute type 30 has an invalid length. [ 144.308773][ T3685] usb 1-1: USB disconnect, device number 5 [ 144.329749][ T32] usb 1-1: Failed to submit usb control message: -71 [ 144.344795][ T32] usb 1-1: unable to send the bmi data to the device: -71 [ 144.345535][ T3691] usb 3-1: Using ep0 maxpacket: 8 [ 144.351949][ T32] usb 1-1: unable to get target info from device [ 144.352004][ T32] usb 1-1: could not get target info (-71) [ 144.369886][ T32] usb 1-1: could not probe fw (-71) [ 144.514818][ T3691] usb 3-1: config 1 interface 0 altsetting 6 endpoint 0x82 has invalid wMaxPacketSize 0 [ 144.543407][ T3691] usb 3-1: config 1 interface 0 altsetting 6 bulk endpoint 0x82 has invalid maxpacket 0 [ 144.589750][ T3691] usb 3-1: config 1 interface 0 altsetting 6 bulk endpoint 0x3 has invalid maxpacket 16 [ 144.602661][ T3691] usb 3-1: config 1 interface 0 has no altsetting 0 [ 144.794743][ T3691] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 144.803857][ T3691] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 144.863746][ T3691] usb 3-1: Product: syz [ 144.880087][ T3691] usb 3-1: Manufacturer: syz [ 144.910311][ T3691] usb 3-1: SerialNumber: syz [ 144.958891][ T6091] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 144.996631][ T6120] siw: device registration error -23 [ 145.191086][ T26] audit: type=1400 audit(2000000016.590:20): apparmor="DENIED" operation="change_profile" info="label not found" error=-2 profile="unconfined" name=3A21D01A0B978D2F2F262D2A83D1 pid=6128 comm="syz.0.1022" [ 145.275271][ T3691] cdc_ether: probe of 3-1:1.0 failed with error -22 [ 145.320367][ T3691] usb 3-1: USB disconnect, device number 7 [ 146.515755][ T6191] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1053'. [ 146.562770][ T6191] netdevsim netdevsim0 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0 [ 146.604488][ T3720] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 146.613875][ T6191] netdevsim netdevsim0 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0 [ 146.648445][ T6191] netdevsim netdevsim0 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0 [ 146.674744][ T6191] netdevsim netdevsim0 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0 [ 146.854509][ T3720] usb 4-1: Using ep0 maxpacket: 8 [ 146.974663][ T3720] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 147.014724][ T3720] usb 4-1: New USB device found, idVendor=05ac, idProduct=8501, bcdDevice=20.9d [ 147.023835][ T3720] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 147.103685][ T3720] usb 4-1: config 0 descriptor?? [ 147.244788][ T34] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 147.368733][ T3720] usb 4-1: USB disconnect, device number 7 [ 147.403450][ T6228] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1072'. [ 147.413485][ T6228] netlink: 'syz.1.1072': attribute type 1 has an invalid length. [ 147.442762][ T6228] netlink: 'syz.1.1072': attribute type 2 has an invalid length. [ 147.451588][ T6228] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1072'. [ 147.614863][ T34] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 147.638167][ T34] usb 5-1: New USB device found, idVendor=0eb1, idProduct=7007, bcdDevice= 2.09 [ 147.663315][ T34] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 147.673825][ T34] usb 5-1: config 0 descriptor?? [ 147.717192][ T34] go7007: probe of 5-1:0.0 failed with error -12 [ 147.737358][ T6240] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1078'. [ 147.746986][ T6240] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1078'. [ 147.977401][ T34] usb 5-1: USB disconnect, device number 4 [ 148.054745][ T6251] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1083'. [ 148.252184][ T6261] No such timeout policy "syz0" [ 148.356136][ T6267] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1091'. [ 148.388054][ T6265] loop1: detected capacity change from 0 to 1764 [ 148.466633][ T6265] iso9660: Corrupted directory entry in block 2 of inode 1920 [ 148.675882][ T6279] program syz.4.1097 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 149.013597][ T6294] cgroup: none used incorrectly [ 149.023094][ T6295] netlink: 256 bytes leftover after parsing attributes in process `syz.0.1104'. [ 149.116061][ T6297] loop3: detected capacity change from 0 to 512 [ 149.163142][ T6297] EXT4-fs: Ignoring removed mblk_io_submit option [ 149.219892][ T6297] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem [ 149.339878][ T6297] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=b002c118, mo2=0002] [ 149.384992][ T6297] System zones: 1-12 [ 149.413915][ T6291] infiniband syz2: set active [ 149.419083][ T6291] infiniband syz2: added veth0_vlan [ 149.458877][ T6297] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2186: inode #15: comm syz.3.1106: corrupted in-inode xattr [ 149.496397][ T6297] EXT4-fs error (device loop3): ext4_orphan_get:1401: comm syz.3.1106: couldn't read orphan inode 15 (err -117) [ 149.512402][ T6315] loop0: detected capacity change from 0 to 64 [ 149.542318][ T6291] RDS/IB: syz2: added [ 149.560613][ T6297] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 149.583380][ T6291] smc: adding ib device syz2 with port count 1 [ 149.600864][ T6315] syz.0.1113: attempt to access beyond end of device [ 149.600864][ T6315] loop0: rw=0, sector=8192, nr_sectors = 2 limit=64 [ 149.633453][ T6291] smc: ib device syz2 port 1 has pnetid [ 149.731376][ T3638] EXT4-fs (loop3): unmounting filesystem. [ 149.871232][ T6323] loop0: detected capacity change from 0 to 8 [ 149.954156][ T6323] SQUASHFS error: lzo decompression failed, data probably corrupt [ 149.979333][ T6323] SQUASHFS error: Failed to read block 0x1c0: -5 [ 150.022768][ T6323] SQUASHFS error: Unable to read metadata cache entry [1be] [ 150.541913][ T6344] loop3: detected capacity change from 0 to 16 [ 150.588639][ T6344] erofs: (device loop3): mounted with root inode @ nid 36. [ 151.048153][ T6324] loop4: detected capacity change from 0 to 32768 [ 152.606986][ T6410] loop4: detected capacity change from 0 to 16 [ 152.673018][ T6410] erofs: (device loop4): mounted with root inode @ nid 36. [ 152.729670][ T6410] erofs: (device loop4): z_erofs_extent_lookback: bogus lookback distance @ nid 36 [ 152.783617][ T6410] erofs: (device loop4): z_erofs_lz4_decompress_mem: failed to decompress -5 in[46, 4050] out[1851] [ 152.796396][ T6410] erofs: (device loop4): z_erofs_read_folio: failed to read, err [-117] [ 152.862915][ T6366] loop3: detected capacity change from 0 to 32768 [ 152.901354][ T6366] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 152.934368][ T6366] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 152.982899][ T6366] gfs2: fsid=syz:syz.0: journal 0 mapped with 16 extents in 0ms [ 153.029876][ T3720] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 153.040563][ T3720] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 153.210698][ T3720] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 170ms [ 153.229837][ T6427] tc_dump_action: action bad kind [ 153.235223][ T3720] gfs2: fsid=syz:syz.0: jid=0: Done [ 153.253027][ T6366] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 153.388574][ T6435] netlink: 80 bytes leftover after parsing attributes in process `syz.4.1167'. [ 153.672022][ T6444] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1172'. [ 153.854489][ T3691] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 154.050462][ T6462] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1181'. [ 154.217058][ T6467] netlink: 3316 bytes leftover after parsing attributes in process `syz.2.1184'. [ 154.239181][ T6467] netlink: 1659 bytes leftover after parsing attributes in process `syz.2.1184'. [ 154.254683][ T3691] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 154.273106][ T3691] usb 4-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice= 9.99 [ 154.295636][ T3691] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 154.324532][ T34] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 154.328587][ T3691] usb 4-1: config 0 descriptor?? [ 154.684664][ T34] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 154.694440][ T34] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 154.717782][ T34] usb 1-1: config 0 descriptor?? [ 154.749363][ T6481] overlayfs: bad mount option "redirect_dir=off:/" [ 154.769588][ T3691] snd-usb-audio: probe of 4-1:0.0 failed with error -2 [ 154.785765][ T34] cp210x 1-1:0.0: cp210x converter detected [ 154.827032][ T6461] loop4: detected capacity change from 0 to 32768 [ 154.842685][ T3691] usb 4-1: USB disconnect, device number 8 [ 154.890918][ T6461] ERROR: (device loop4): dtSearch: stack overrun! [ 154.890918][ T6461] [ 154.940644][ T6461] ERROR: (device loop4): remounting filesystem as read-only [ 154.964027][ T6461] btstack dump: [ 154.969405][ T6461] bn = 0, index = 0 [ 154.979828][ T6461] bn = 0, index = 0 [ 154.983723][ T6461] bn = 0, index = 0 [ 155.000597][ T6461] bn = 0, index = 0 [ 155.009662][ T34] usb 1-1: cp210x converter now attached to ttyUSB0 [ 155.022142][ T6461] bn = 0, index = 0 [ 155.028400][ T6461] bn = 0, index = 0 [ 155.032250][ T6461] bn = 0, index = 0 [ 155.041403][ T6461] bn = 0, index = 0 [ 155.045508][ T6461] jfs_lookup: dtSearch returned -5 [ 155.213362][ T34] usb 1-1: USB disconnect, device number 6 [ 155.214673][ T3685] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 155.244831][ T3720] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 155.246269][ T34] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 155.265620][ T6491] netlink: 'syz.4.1196': attribute type 1 has an invalid length. [ 155.275317][ T34] cp210x 1-1:0.0: device disconnected [ 155.293084][ T6491] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1196'. [ 155.353394][ T6493] vim2m vim2m.0: Fourcc format (0x42474752) invalid. [ 155.533469][ T6499] 9pnet_fd: Insufficient options for proto=fd [ 155.614994][ T3720] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0 [ 155.804823][ T3685] usb 2-1: New USB device found, idVendor=04fc, idProduct=504a, bcdDevice=43.02 [ 155.813932][ T3685] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 155.822469][ T3720] usb 3-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99 [ 155.845087][ T3720] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 155.853142][ T3720] usb 3-1: Product: syz [ 155.857978][ T3685] usb 2-1: Product: syz [ 155.862191][ T3685] usb 2-1: Manufacturer: syz [ 155.884545][ T3720] usb 3-1: Manufacturer: syz [ 155.889219][ T3720] usb 3-1: SerialNumber: syz [ 155.916166][ T3685] usb 2-1: SerialNumber: syz [ 155.934164][ T3720] usb 3-1: config 0 descriptor?? [ 155.940165][ T3685] usb 2-1: config 0 descriptor?? [ 156.010976][ T3685] gspca_main: sunplus-2.14.0 probing 04fc:504a [ 156.067891][ T6520] x_tables: unsorted entry at hook 3 [ 156.234588][ T154] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 156.251061][ T3720] snd-usb-audio: probe of 3-1:0.0 failed with error -2 [ 156.307478][ T3730] udevd[3730]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 156.433574][ T3691] usb 3-1: USB disconnect, device number 8 [ 156.441240][ T3685] gspca_sunplus: reg_w_riv err -71 [ 156.453774][ T3685] sunplus: probe of 2-1:0.0 failed with error -71 [ 156.472472][ T3685] usb 2-1: USB disconnect, device number 6 [ 156.604605][ T154] usb 5-1: New USB device found, idVendor=077b, idProduct=2226, bcdDevice=ca.8b [ 156.623922][ T154] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 156.659793][ T154] usb 5-1: config 0 descriptor?? [ 156.668643][ T6543] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1222'. [ 156.919857][ T6554] overlayfs: option "index=on" is useless in a non-upper mount, ignore [ 156.928813][ T6554] overlayfs: option "volatile" is meaningless in a non-upper mount, ignoring it. [ 156.938881][ T6554] overlayfs: missing 'lowerdir' [ 157.135077][ T154] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 157.162626][ T154] asix: probe of 5-1:0.0 failed with error -71 [ 157.197474][ T154] usb 5-1: USB disconnect, device number 5 [ 157.428217][ T6573] netlink: 'syz.3.1237': attribute type 6 has an invalid length. [ 157.830234][ T6594] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1246'. [ 157.925407][ T3690] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 158.284933][ T3690] usb 3-1: config index 0 descriptor too short (expected 3133, got 61) [ 158.327197][ T3690] usb 3-1: config 0 has an invalid interface number: 156 but max is 1 [ 158.364468][ T3690] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 158.383012][ T3690] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 158.411011][ T3690] usb 3-1: config 0 has no interface number 0 [ 158.438192][ T3690] usb 3-1: config 0 interface 156 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7 [ 158.473321][ T3690] usb 3-1: config 0 interface 156 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 158.504535][ T3690] usb 3-1: config 0 interface 156 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 158.561355][ T3690] usb 3-1: New USB device found, idVendor=abcd, idProduct=cdee, bcdDevice= 5.b9 [ 158.594500][ T3690] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 158.627451][ T3690] usb 3-1: config 0 descriptor?? [ 158.690629][ T3690] gspca_main: spca561-2.14.0 probing abcd:cdee [ 158.814045][ T6638] loop4: detected capacity change from 0 to 256 [ 158.814150][ T6636] loop1: detected capacity change from 0 to 128 [ 158.877249][ T6638] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 158.946422][ T6638] exFAT-fs (loop4): error, invalid access to FAT free cluster (entry 0x00000008) [ 158.964695][ T3690] spca561: probe of 3-1:0.156 failed with error -22 [ 158.972300][ T3690] usb 3-1: MIDIStreaming interface descriptor not found [ 159.010831][ T6638] exFAT-fs (loop4): Filesystem has been set read-only [ 159.056593][ T3690] usb 3-1: USB disconnect, device number 9 [ 159.157530][ T5351] udevd[5351]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.156/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 159.321369][ T3655] Bluetooth: to_multiplier 42238 > 3200 [ 159.698787][ T6671] loop0: detected capacity change from 0 to 2048 [ 159.721132][ T6671] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 159.773007][ T6671] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 159.835619][ T6671] UDF-fs: unknown compression code (0) [ 160.140023][ T6687] loop0: detected capacity change from 0 to 512 [ 160.267685][ T6687] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 160.267826][ T6687] ext4 filesystem being mounted at /152/file0 supports timestamps until 2038 (0x7fffffff) [ 160.464974][ T4833] EXT4-fs (loop0): unmounting filesystem. [ 160.729391][ T6713] netlink: 14 bytes leftover after parsing attributes in process `syz.1.1304'. [ 160.795298][ T6716] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1305'. [ 161.023715][ T6728] loop0: detected capacity change from 0 to 128 [ 161.114788][ T6728] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256 [ 161.384457][ T3655] Bluetooth: hci4: command tx timeout [ 161.488629][ T6747] netlink: 404 bytes leftover after parsing attributes in process `syz.0.1320'. [ 161.509074][ T6747] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1320'. [ 161.554660][ T6747] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1320'. [ 161.590346][ T6747] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1320'. [ 161.843483][ T6759] ieee802154 phy0 wpan0: encryption failed: -22 [ 162.527891][ T6795] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1345'. [ 163.068820][ T6820] loop4: detected capacity change from 0 to 64 [ 163.551381][ T6835] x_tables: ip6_tables: esp match: only valid for protocol 50 [ 163.589076][ T26] audit: type=1326 audit(2000000034.990:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6836 comm="syz.4.1364" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7efc8637dff9 code=0x0 [ 163.661816][ T6841] loop0: detected capacity change from 0 to 256 [ 163.710037][ T6843] loop2: detected capacity change from 0 to 1024 [ 163.734062][ T6841] FAT-fs (loop0): Directory bread(block 64) failed [ 163.758880][ T6841] FAT-fs (loop0): Directory bread(block 65) failed [ 163.803000][ T6841] FAT-fs (loop0): Directory bread(block 66) failed [ 163.828368][ T6841] FAT-fs (loop0): Directory bread(block 67) failed [ 163.844674][ T6841] FAT-fs (loop0): Directory bread(block 68) failed [ 163.851266][ T6841] FAT-fs (loop0): Directory bread(block 69) failed [ 163.900193][ T6841] FAT-fs (loop0): Directory bread(block 70) failed [ 163.912255][ T6841] FAT-fs (loop0): Directory bread(block 71) failed [ 163.919761][ T6841] FAT-fs (loop0): Directory bread(block 72) failed [ 163.927116][ T6841] FAT-fs (loop0): Directory bread(block 73) failed [ 163.944113][ T6850] loop2: detected capacity change from 0 to 8 [ 164.161870][ T6856] loop1: detected capacity change from 0 to 16 [ 164.239455][ T6856] erofs: (device loop1): mounted with root inode @ nid 36. [ 164.500442][ T6860] loop4: detected capacity change from 0 to 4096 [ 164.539581][ T6860] ntfs3: loop4: Different NTFS' sector size (4096) and media sector size (512) [ 164.613522][ T6860] ntfs3: loop4: Mark volume as dirty due to NTFS errors [ 164.643972][ T6860] ntfs3: loop4: Failed to load $Extend. [ 164.866376][ T6882] net_ratelimit: 2 callbacks suppressed [ 164.866395][ T6882] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 165.162969][ T6892] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 165.297894][ T6886] loop3: detected capacity change from 0 to 8192 [ 165.347370][ T6886] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 165.465770][ T6886] REISERFS (device loop3): found reiserfs format "3.6" with non-standard journal [ 165.482099][ T6907] netlink: 'syz.1.1402': attribute type 1 has an invalid length. [ 165.498318][ T6907] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1402'. [ 165.513178][ T6886] REISERFS (device loop3): using ordered data mode [ 165.550885][ T6886] reiserfs: using flush barriers [ 165.600004][ T6886] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 165.672434][ T6886] REISERFS (device loop3): checking transaction log (loop3) [ 165.709124][ T6909] loop2: detected capacity change from 0 to 4096 [ 165.732309][ T6909] ntfs3: loop2: Different NTFS' sector size (4096) and media sector size (512) [ 165.854296][ T6909] ntfs3: loop2: failed to convert "c46c" to default [ 166.012872][ T6886] REISERFS (device loop3): Using tea hash to sort names [ 166.053310][ T6886] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage. [ 166.224802][ T3691] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 166.294489][ T3690] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 166.482318][ T3691] usb 5-1: Using ep0 maxpacket: 8 [ 166.544701][ T3690] usb 2-1: Using ep0 maxpacket: 16 [ 166.605686][ T3691] usb 5-1: config 0 has an invalid interface number: 6 but max is 2 [ 166.624102][ T3691] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 166.665152][ T3690] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16 [ 166.666163][ T3691] usb 5-1: config 0 has 2 interfaces, different from the descriptor's value: 3 [ 166.683095][ T3690] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64 [ 166.698236][ T6947] loop0: detected capacity change from 0 to 764 [ 166.712156][ T3691] usb 5-1: config 0 has no interface number 1 [ 166.722492][ T3691] usb 5-1: New USB device found, idVendor=05c6, idProduct=9205, bcdDevice=29.ac [ 166.733484][ T3691] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 166.748425][ T6947] Symlink component flag not implemented [ 166.759513][ T3691] usb 5-1: config 0 descriptor?? [ 166.764796][ T6947] Symlink component flag not implemented [ 166.770523][ T6947] Symlink component flag not implemented (129) [ 166.777310][ T6947] Symlink component flag not implemented (6) [ 166.816042][ T3691] usb 5-1: unknown number of interfaces: 2 [ 166.855735][ T3690] usb 2-1: New USB device found, idVendor=1189, idProduct=0893, bcdDevice=f4.95 [ 166.877419][ T3690] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 166.903413][ T3690] usb 2-1: Product: syz [ 166.918176][ T3690] usb 2-1: Manufacturer: syz [ 166.922843][ T3690] usb 2-1: SerialNumber: syz [ 166.976376][ T3690] usb 2-1: config 0 descriptor?? [ 167.004825][ T6925] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 167.013211][ T6925] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 167.116415][ T3720] usb 5-1: USB disconnect, device number 6 [ 167.250263][ T6925] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 167.271515][ T6969] tmpfs: Bad value for 'mpol' [ 167.285544][ T6925] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 167.524849][ T3690] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 167.543289][ T3690] asix: probe of 2-1:0.0 failed with error -71 [ 167.591367][ T3690] usb 2-1: USB disconnect, device number 7 [ 167.797719][ T6991] x_tables: ip_tables: TCPOPTSTRIP target: only valid in mangle table, not raw [ 167.889128][ T6993] loop3: detected capacity change from 0 to 256 [ 167.935458][ T6993] exfat: Deprecated parameter 'utf8' [ 167.950850][ T6993] exfat: Deprecated parameter 'namecase' [ 167.957754][ T6993] exfat: Deprecated parameter 'namecase' [ 167.985899][ T6993] exFAT-fs (loop3): failed to load upcase table (idx : 0x00011f41, chksum : 0xf6e84b2e, utbl_chksum : 0xe619d30d) [ 168.218892][ T7005] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1448'. [ 168.261755][ T7005] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1448'. [ 168.433593][ T7014] netlink: 'syz.2.1454': attribute type 10 has an invalid length. [ 168.451262][ T7014] team0: Device lo is loopback device. Loopback devices can't be added as a team port [ 168.490020][ T7014] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 168.744653][ T4251] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 168.811663][ T7028] loop4: detected capacity change from 0 to 512 [ 168.851960][ T7023] loop2: detected capacity change from 0 to 4096 [ 168.869707][ T7028] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 168.893675][ T7028] ext4 filesystem being mounted at /287/file0 supports timestamps until 2038 (0x7fffffff) [ 169.124653][ T4251] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 18 [ 169.139286][ T3652] EXT4-fs (loop4): unmounting filesystem. [ 169.229031][ T7003] loop0: detected capacity change from 0 to 32768 [ 169.324925][ T4251] usb 2-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99 [ 169.334081][ T4251] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 169.365859][ T4251] usb 2-1: Product: syz [ 169.370076][ T4251] usb 2-1: Manufacturer: syz [ 169.409315][ T4251] usb 2-1: SerialNumber: syz [ 169.430626][ T4251] usb 2-1: config 0 descriptor?? [ 169.474797][ T7017] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 169.714087][ T7054] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1472'. [ 169.809941][ T4251] usb 2-1: USB disconnect, device number 8 [ 169.870177][ T3776] udevd[3776]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 170.585449][ T7046] loop3: detected capacity change from 0 to 32768 [ 170.732635][ T7046] XFS (loop3): Mounting V5 Filesystem [ 170.997474][ T7046] XFS (loop3): Ending clean mount [ 171.017944][ T7108] xt_TCPMSS: Only works on TCP SYN packets [ 171.078560][ T7046] XFS (loop3): Quotacheck needed: Please wait. [ 171.194599][ T3685] usb 3-1: new full-speed USB device number 10 using dummy_hcd [ 171.213243][ T7046] XFS (loop3): Quotacheck: Done. [ 171.272225][ T7111] loop0: detected capacity change from 0 to 4096 [ 171.280225][ T7111] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 171.385117][ T3638] XFS (loop3): Unmounting Filesystem [ 171.574896][ T3685] usb 3-1: config 4 has an invalid interface number: 231 but max is 0 [ 171.593869][ T3685] usb 3-1: config 4 has no interface number 0 [ 171.765950][ T3685] usb 3-1: New USB device found, idVendor=13d3, idProduct=3224, bcdDevice=cb.0d [ 171.796783][ T3685] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 171.820844][ T3685] usb 3-1: Product: syz [ 171.844468][ T3685] usb 3-1: Manufacturer: syz [ 171.852462][ T3685] usb 3-1: SerialNumber: syz [ 171.916970][ T3685] dvb-usb: found a 'DigitalNow TinyUSB 2 DVB-t Receiver' in warm state. [ 172.134512][ T3685] vp7045: USB control message 'out' went wrong. [ 172.151044][ T3685] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter) [ 172.173661][ T7146] loop4: detected capacity change from 0 to 136 [ 172.192442][ T3685] dvb-usb: DigitalNow TinyUSB 2 DVB-t Receiver error while loading driver (-19) [ 172.238520][ T3685] usb 3-1: USB disconnect, device number 10 [ 172.330067][ T7144] loop3: detected capacity change from 0 to 4096 [ 172.378587][ T7144] ntfs3: loop3: Different NTFS' sector size (4096) and media sector size (512) [ 172.429012][ T7144] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 172.529952][ T7156] usb usb9: usbfs: process 7156 (syz.1.1517) did not claim interface 0 before use [ 172.533094][ T7157] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1518'. [ 172.581881][ T7157] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1518'. [ 172.625233][ T7157] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1518'. [ 172.891978][ T7166] block device autoloading is deprecated and will be removed. [ 173.243902][ T7183] netlink: 'syz.2.1530': attribute type 9 has an invalid length. [ 173.434093][ T7182] loop4: detected capacity change from 0 to 4096 [ 173.481399][ T7182] ntfs3: loop4: Different NTFS' sector size (4096) and media sector size (512) [ 173.544678][ T7182] ntfs3: loop4: Mark volume as dirty due to NTFS errors [ 173.663950][ T7191] loop2: detected capacity change from 0 to 4096 [ 173.714212][ T7191] ntfs3: loop2: Different NTFS' sector size (2048) and media sector size (512) [ 173.950445][ T7203] loop1: detected capacity change from 0 to 16 [ 173.995037][ T7203] MTD: Attempt to mount non-MTD device "/dev/loop1" [ 174.263756][ T7216] loop0: detected capacity change from 0 to 8 [ 174.366493][ T7216] SQUASHFS error: Failed to read block 0x6e6: -5 [ 174.382528][ T7188] loop3: detected capacity change from 0 to 32768 [ 174.384545][ T7216] SQUASHFS error: Unable to read metadata cache entry [6e4] [ 174.454917][ T7216] SQUASHFS error: Unable to read directory block [631:26] [ 174.483302][ T7219] loop4: detected capacity change from 0 to 2048 [ 174.512047][ T7219] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 174.553644][ T7188] ocfs2: Mounting device (7,3) on (node local, slot 0) with writeback data mode. [ 174.744696][ T7233] netlink: 'syz.2.1554': attribute type 10 has an invalid length. [ 174.802462][ T7233] team0: Port device vlan0 added [ 174.933889][ T7238] loop4: detected capacity change from 0 to 1024 [ 175.027536][ T7238] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 175.086574][ T7238] tmpfs: Bad value for 'mpol' [ 175.111533][ T3638] ocfs2: Unmounting device (7,3) on (node local) [ 175.280775][ T7239] loop0: detected capacity change from 0 to 4096 [ 175.293922][ T7239] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 175.382561][ T7239] ntfs3: loop0: Inode r=19 is not in use! [ 175.400310][ T7239] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 175.444588][ T154] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 175.506812][ T7249] loop4: detected capacity change from 0 to 256 [ 175.567478][ T7249] exFAT-fs (loop4): failed to load upcase table (idx : 0x00011f3f, chksum : 0x96b62a4c, utbl_chksum : 0xe619d30d) [ 175.616106][ T7249] exFAT-fs (loop4): error, exfat_zeroed_cluster: out of range(sect:224 len:8) [ 175.652512][ T7249] exFAT-fs (loop4): Filesystem has been set read-only [ 175.694504][ T154] usb 2-1: Using ep0 maxpacket: 32 [ 175.814747][ T154] usb 2-1: New USB device found, idVendor=0458, idProduct=7006, bcdDevice=69.91 [ 175.834528][ T154] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 175.860391][ T154] usb 2-1: config 0 descriptor?? [ 175.921216][ T154] gspca_main: sunplus-2.14.0 probing 0458:7006 [ 176.062310][ T7268] loop2: detected capacity change from 0 to 256 [ 176.195432][ T7268] FAT-fs (loop2): Directory bread(block 64) failed [ 176.207796][ T7268] FAT-fs (loop2): Directory bread(block 65) failed [ 176.217913][ T7268] FAT-fs (loop2): Directory bread(block 66) failed [ 176.225115][ T7268] FAT-fs (loop2): Directory bread(block 67) failed [ 176.255904][ T7268] FAT-fs (loop2): Directory bread(block 68) failed [ 176.272826][ T7268] FAT-fs (loop2): Directory bread(block 69) failed [ 176.299308][ T7268] FAT-fs (loop2): Directory bread(block 70) failed [ 176.330088][ T7268] FAT-fs (loop2): Directory bread(block 71) failed [ 176.345570][ T7268] FAT-fs (loop2): Directory bread(block 72) failed [ 176.351623][ T154] gspca_sunplus: reg_w_riv err -71 [ 176.365215][ T154] sunplus: probe of 2-1:0.0 failed with error -71 [ 176.376666][ T7268] FAT-fs (loop2): Directory bread(block 73) failed [ 176.389864][ T154] usb 2-1: USB disconnect, device number 9 [ 176.442710][ T7274] loop4: detected capacity change from 0 to 4096 [ 176.476891][ T7274] ntfs3: loop4: Different NTFS' sector size (4096) and media sector size (512) [ 176.755722][ T7285] netlink: 'syz.2.1579': attribute type 30 has an invalid length. [ 177.167030][ T7303] loop1: detected capacity change from 0 to 512 [ 177.177775][ T7303] EXT4-fs: Ignoring removed bh option [ 177.257546][ T7303] Quota error (device loop1): find_tree_dqentry: Cycle in quota tree detected: block 1 index 0 [ 177.344726][ T7303] Quota error (device loop1): qtree_read_dquot: Can't read quota structure for id 0 [ 177.354177][ T7303] EXT4-fs error (device loop1): ext4_acquire_dquot:6800: comm syz.1.1587: Failed to acquire dquot type 0 [ 177.363657][ T7320] tmpfs: Bad value for 'mpol' [ 177.510280][ T7303] EXT4-fs (loop1): Remounting filesystem read-only [ 177.517223][ T7303] EXT4-fs (loop1): 1 orphan inode deleted [ 177.522998][ T7303] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 177.553163][ T7303] ext4 filesystem being mounted at /228/file1 supports timestamps until 2038 (0x7fffffff) [ 177.677045][ T7330] 9pnet: Could not find request transport: 0x0000000000000003 [ 177.821308][ T4424] EXT4-fs (loop1): unmounting filesystem. [ 177.844675][ T154] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 177.960249][ T26] audit: type=1400 audit(2000000049.360:22): apparmor="DENIED" operation="change_profile" info="label not found" error=-2 profile="unconfined" name=3A21D01A0B978D2F2F262D2A83D1 pid=7342 comm="syz.1.1605" [ 178.215129][ T154] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 178.231672][ T154] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 178.256629][ T154] usb 4-1: config 0 descriptor?? [ 178.534566][ T154] ath6kl: Failed to submit usb control message: -71 [ 178.541263][ T154] ath6kl: unable to send the bmi data to the device: -71 [ 178.575026][ T154] ath6kl: Unable to send get target info: -71 [ 178.613176][ T154] ath6kl: Failed to init ath6kl core: -71 [ 178.622950][ T7371] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1615'. [ 178.691064][ T7371] netdevsim netdevsim2 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0 [ 178.712591][ T7371] netdevsim netdevsim2 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0 [ 178.742328][ T7371] netdevsim netdevsim2 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0 [ 178.764669][ T7371] netdevsim netdevsim2 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0 [ 178.803386][ T154] ath6kl_usb: probe of 4-1:0.0 failed with error -71 [ 178.826990][ T154] usb 4-1: USB disconnect, device number 9 [ 178.948370][ T7380] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1624'. [ 179.189785][ T7388] loop2: detected capacity change from 0 to 256 [ 179.263746][ T7388] exFAT-fs (loop2): failed to load upcase table (idx : 0x00011f3f, chksum : 0x96b62a4c, utbl_chksum : 0xe619d30d) [ 179.339950][ T7388] exFAT-fs (loop2): error, exfat_zeroed_cluster: out of range(sect:224 len:8) [ 179.369284][ T7388] exFAT-fs (loop2): Filesystem has been set read-only [ 179.415019][ T7394] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1631'. [ 179.423937][ T7394] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1631'. [ 179.654236][ T7351] loop1: detected capacity change from 0 to 32768 [ 179.680170][ T7351] gfs2: fsid=_dev_net_tun: Trying to join cluster "lock_nolock", "_dev_net_tun" [ 179.726867][ T7351] gfs2: fsid=_dev_net_tun: Now mounting FS (format 1801)... [ 179.770533][ T7351] gfs2: fsid=_dev_net_tun.0: journal 0 mapped with 16 extents in 0ms [ 179.825907][ T3691] gfs2: fsid=_dev_net_tun.0: jid=0, already locked for use [ 179.834788][ T3691] gfs2: fsid=_dev_net_tun.0: jid=0: Looking at journal... [ 179.942336][ T3691] gfs2: fsid=_dev_net_tun.0: jid=0: Journal head lookup took 107ms [ 179.976967][ T3691] gfs2: fsid=_dev_net_tun.0: jid=0: Done [ 179.984817][ T7351] gfs2: fsid=_dev_net_tun.0: first mount done, others may mount [ 180.007496][ T34] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 180.089925][ T7386] loop4: detected capacity change from 0 to 32768 [ 180.117068][ T7386] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 scanned by syz.4.1628 (7386) [ 180.206535][ T7412] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1639'. [ 180.234577][ T7386] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 180.253790][ T7386] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [ 180.273119][ T7386] BTRFS info (device loop4): using free space tree [ 180.284698][ T34] usb 1-1: Using ep0 maxpacket: 8 [ 180.404813][ T34] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 180.453388][ T34] usb 1-1: New USB device found, idVendor=05ac, idProduct=8501, bcdDevice=20.9d [ 180.495615][ T34] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 180.505762][ T34] usb 1-1: config 0 descriptor?? [ 180.607322][ T7438] No such timeout policy "syz0" [ 180.654974][ T7386] BTRFS info (device loop4): enabling ssd optimizations [ 180.762287][ T154] usb 1-1: USB disconnect, device number 7 [ 180.780163][ T3652] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 180.899714][ T3730] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 9 /dev/loop4 scanned by udevd (3730) [ 180.968526][ T7448] loop3: detected capacity change from 0 to 1764 [ 181.034011][ T7448] iso9660: Corrupted directory entry in block 2 of inode 1920 [ 181.604938][ T7475] program syz.3.1658 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 181.617150][ T7479] loop4: detected capacity change from 0 to 8 [ 181.699804][ T7479] SQUASHFS error: lzo decompression failed, data probably corrupt [ 181.724777][ T7479] SQUASHFS error: Failed to read block 0x1c0: -5 [ 181.752022][ T7479] SQUASHFS error: Unable to read metadata cache entry [1be] [ 182.556578][ T7519] netlink: 'syz.1.1682': attribute type 1 has an invalid length. [ 182.573706][ T7519] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1682'. [ 182.675231][ T7525] cgroup: none used incorrectly [ 183.136412][ T7543] loop3: detected capacity change from 0 to 16 [ 183.211708][ T7550] netlink: 256 bytes leftover after parsing attributes in process `syz.4.1696'. [ 183.246810][ T7543] erofs: (device loop3): mounted with root inode @ nid 36. [ 183.310258][ T7543] erofs: (device loop3): z_erofs_extent_lookback: bogus lookback distance @ nid 36 [ 183.349310][ T7543] erofs: (device loop3): z_erofs_lz4_decompress_mem: failed to decompress -5 in[46, 4050] out[1851] [ 183.382556][ T7543] erofs: (device loop3): z_erofs_read_folio: failed to read, err [-117] [ 183.614677][ T7567] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1705'. [ 183.702979][ T7567] netlink: 'syz.3.1705': attribute type 1 has an invalid length. [ 183.712289][ T7567] netlink: 'syz.3.1705': attribute type 2 has an invalid length. [ 183.720767][ T7567] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1705'. [ 184.053874][ T7565] loop0: detected capacity change from 0 to 32768 [ 184.064226][ T7565] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 184.072741][ T7565] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 184.089150][ T7565] gfs2: fsid=syz:syz.0: journal 0 mapped with 16 extents in 0ms [ 184.102072][ T7456] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 184.109644][ T7456] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 184.149079][ T7456] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 39ms [ 184.159186][ T7456] gfs2: fsid=syz:syz.0: jid=0: Done [ 184.164862][ T7565] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 184.324980][ T7576] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1709'. [ 184.503520][ T7583] tc_dump_action: action bad kind [ 184.708306][ T7590] netlink: 3316 bytes leftover after parsing attributes in process `syz.3.1716'. [ 184.755700][ T7590] netlink: 1659 bytes leftover after parsing attributes in process `syz.3.1716'. [ 185.267978][ T7609] loop2: detected capacity change from 0 to 4096 [ 185.395168][ T7609] ntfs: (device loop2): parse_options(): NLS character set iso not found. Using previous one cp950. [ 185.463673][ T7624] vim2m vim2m.0: Fourcc format (0x42474752) invalid. [ 185.497816][ T7609] ntfs: volume version 3.1. [ 185.996836][ T7642] overlayfs: bad mount option "redirect_dir=off:/" [ 186.104553][ T3658] Bluetooth: hci4: command 0x0406 tx timeout [ 186.104849][ T3655] Bluetooth: hci0: command 0x0406 tx timeout [ 186.110747][ T3658] Bluetooth: hci2: command 0x0406 tx timeout [ 186.154146][ T7652] 9pnet_fd: Insufficient options for proto=fd [ 186.337501][ T7454] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 186.462246][ T7660] loop2: detected capacity change from 0 to 64 [ 186.523785][ T7660] syz.2.1751: attempt to access beyond end of device [ 186.523785][ T7660] loop2: rw=0, sector=8192, nr_sectors = 2 limit=64 [ 186.594425][ T7454] usb 5-1: Using ep0 maxpacket: 8 [ 186.724805][ T7454] usb 5-1: config 1 interface 0 altsetting 6 endpoint 0x82 has invalid wMaxPacketSize 0 [ 186.755656][ T7454] usb 5-1: config 1 interface 0 altsetting 6 bulk endpoint 0x82 has invalid maxpacket 0 [ 186.784592][ T7454] usb 5-1: config 1 interface 0 altsetting 6 bulk endpoint 0x3 has invalid maxpacket 16 [ 186.835152][ T7454] usb 5-1: config 1 interface 0 has no altsetting 0 [ 187.007839][ T7454] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 187.032310][ T7454] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 187.061442][ T7454] usb 5-1: Product: syz [ 187.066854][ T7454] usb 5-1: Manufacturer: syz [ 187.080622][ T7454] usb 5-1: SerialNumber: syz [ 187.124912][ T7648] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 187.134690][ T7457] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 187.304884][ T4251] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 187.354618][ T3689] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 187.445355][ T7454] cdc_ether: probe of 5-1:1.0 failed with error -22 [ 187.455361][ T7454] usb 5-1: USB disconnect, device number 7 [ 187.614783][ T3689] usb 3-1: Using ep0 maxpacket: 32 [ 187.664672][ T4251] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 187.677874][ T4251] usb 1-1: New USB device found, idVendor=0eb1, idProduct=7007, bcdDevice= 2.09 [ 187.687038][ T4251] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 187.698153][ T4251] usb 1-1: config 0 descriptor?? [ 187.705126][ T7457] usb 4-1: New USB device found, idVendor=04fc, idProduct=504a, bcdDevice=43.02 [ 187.714564][ T7457] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 187.722911][ T7457] usb 4-1: Product: syz [ 187.727859][ T7457] usb 4-1: Manufacturer: syz [ 187.732485][ T7457] usb 4-1: SerialNumber: syz [ 187.737130][ T4251] go7007: probe of 1-1:0.0 failed with error -12 [ 187.753640][ T7457] usb 4-1: config 0 descriptor?? [ 187.758955][ T3689] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 175 [ 187.817317][ T7457] gspca_main: sunplus-2.14.0 probing 04fc:504a [ 187.954690][ T3689] usb 3-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=58.16 [ 187.982302][ T3689] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 187.999898][ T3689] usb 3-1: Product: syz [ 188.014637][ T3689] usb 3-1: Manufacturer: syz [ 188.019312][ T3689] usb 3-1: SerialNumber: syz [ 188.028559][ T7456] usb 1-1: USB disconnect, device number 8 [ 188.042518][ T3689] usb 3-1: config 0 descriptor?? [ 188.078730][ T7680] raw-gadget.3 gadget.2: fail, usb_ep_enable returned -22 [ 188.111337][ T3689] usb 3-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 188.274714][ T7457] gspca_sunplus: reg_w_riv err -71 [ 188.280480][ T7457] sunplus: probe of 4-1:0.0 failed with error -71 [ 188.319944][ T7457] usb 4-1: USB disconnect, device number 10 [ 188.332891][ T7456] usb 3-1: USB disconnect, device number 11 [ 188.341338][ T11] usb 3-1: Failed to submit usb control message: -71 [ 188.369051][ T11] usb 3-1: unable to send the bmi data to the device: -71 [ 188.398979][ T11] usb 3-1: unable to get target info from device [ 188.407767][ T11] usb 3-1: could not get target info (-71) [ 188.413868][ T11] usb 3-1: could not probe fw (-71) [ 188.995168][ T7723] loop4: detected capacity change from 0 to 16 [ 189.023473][ T7723] erofs: (device loop4): mounted with root inode @ nid 36. [ 189.025289][ T7725] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1781'. [ 189.248303][ T7733] netlink: 'syz.2.1783': attribute type 6 has an invalid length. [ 189.468506][ T7456] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 189.492842][ T7715] loop1: detected capacity change from 0 to 32768 [ 189.504827][ T7457] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 189.533275][ T7715] ERROR: (device loop1): dtSearch: stack overrun! [ 189.533275][ T7715] [ 189.543467][ T7715] ERROR: (device loop1): remounting filesystem as read-only [ 189.551752][ T7715] btstack dump: [ 189.576264][ T7715] bn = 0, index = 0 [ 189.580151][ T7715] bn = 0, index = 0 [ 189.591722][ T7715] bn = 0, index = 0 [ 189.599085][ T7715] bn = 0, index = 0 [ 189.603092][ T7715] bn = 0, index = 0 [ 189.613255][ T7715] bn = 0, index = 0 [ 189.618167][ T7715] bn = 0, index = 0 [ 189.623455][ T7741] loop0: detected capacity change from 0 to 512 [ 189.630301][ T7715] bn = 0, index = 0 [ 189.634297][ T7715] jfs_lookup: dtSearch returned -5 [ 189.655399][ T7741] EXT4-fs: Ignoring removed mblk_io_submit option [ 189.673310][ T7741] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem [ 189.708022][ T7741] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=b002c118, mo2=0002] [ 189.764733][ T7741] System zones: 1-12 [ 189.802158][ T7741] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2186: inode #15: comm syz.0.1800: corrupted in-inode xattr [ 189.848903][ T7749] rdma_rxe: rxe_register_device failed with error -23 [ 189.856364][ T7749] rdma_rxe: failed to add veth0_vlan [ 189.861551][ T7741] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz.0.1800: couldn't read orphan inode 15 (err -117) [ 189.874727][ T7457] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 189.885381][ T7456] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 189.904747][ T7456] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 189.917770][ T7457] usb 5-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice= 9.99 [ 189.918428][ T7741] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 189.937777][ T7457] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 189.947002][ T7456] usb 4-1: config 0 descriptor?? [ 189.991287][ T7457] usb 5-1: config 0 descriptor?? [ 189.997691][ T7456] cp210x 4-1:0.0: cp210x converter detected [ 190.019222][ T7753] netlink: 3316 bytes leftover after parsing attributes in process `syz.1.1790'. [ 190.039007][ T7753] netlink: 1659 bytes leftover after parsing attributes in process `syz.1.1790'. [ 190.066959][ T4833] EXT4-fs (loop0): unmounting filesystem. [ 190.223449][ T7456] usb 4-1: cp210x converter now attached to ttyUSB0 [ 190.243638][ T7759] loop1: detected capacity change from 0 to 512 [ 190.262816][ T7759] EXT4-fs: Ignoring removed mblk_io_submit option [ 190.271968][ T7759] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem [ 190.311016][ T7759] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=b002c118, mo2=0002] [ 190.319763][ T7759] System zones: 1-12 [ 190.326268][ T7759] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2186: inode #15: comm syz.1.1808: corrupted in-inode xattr [ 190.339859][ T7457] snd-usb-audio: probe of 5-1:0.0 failed with error -2 [ 190.350921][ T7759] EXT4-fs error (device loop1): ext4_orphan_get:1401: comm syz.1.1808: couldn't read orphan inode 15 (err -117) [ 190.368987][ T3730] udevd[3730]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 190.385673][ T7759] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 190.432552][ T7457] usb 4-1: USB disconnect, device number 11 [ 190.447544][ T7457] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 190.465068][ T4424] EXT4-fs (loop1): unmounting filesystem. [ 190.473275][ T7457] cp210x 4-1:0.0: device disconnected [ 190.536435][ T7456] usb 5-1: USB disconnect, device number 8 [ 190.772324][ T7776] netlink: 80 bytes leftover after parsing attributes in process `syz.0.1804'. [ 190.965125][ T7455] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 191.174154][ T7792] loop2: detected capacity change from 0 to 512 [ 191.195259][ T7792] EXT4-fs: Ignoring removed mblk_io_submit option [ 191.234559][ T7792] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem [ 191.268878][ T7792] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=b002c118, mo2=0002] [ 191.288280][ T7792] System zones: 1-12 [ 191.301266][ T7792] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2186: inode #15: comm syz.2.1813: corrupted in-inode xattr [ 191.316969][ T7792] EXT4-fs error (device loop2): ext4_orphan_get:1401: comm syz.2.1813: couldn't read orphan inode 15 (err -117) [ 191.354734][ T7455] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0 [ 191.375044][ T7792] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 191.507066][ T3640] EXT4-fs (loop2): unmounting filesystem. [ 191.516768][ T7806] loop3: detected capacity change from 0 to 2048 [ 191.565864][ T7455] usb 2-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99 [ 191.571595][ T7806] UDF-fs: error (device loop3): udf_process_sequence: Primary Volume Descriptor not found! [ 191.589746][ T7455] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 191.624107][ T7455] usb 2-1: Product: syz [ 191.634239][ T7455] usb 2-1: Manufacturer: syz [ 191.645831][ T7806] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 191.648769][ T7455] usb 2-1: SerialNumber: syz [ 191.671771][ T7813] loop2: detected capacity change from 0 to 512 [ 191.684301][ T7455] usb 2-1: config 0 descriptor?? [ 191.712726][ T7806] UDF-fs: unknown compression code (0) [ 191.755237][ T7813] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 191.821258][ T7813] ext4 filesystem being mounted at /366/file0 supports timestamps until 2038 (0x7fffffff) [ 191.989188][ T7455] snd-usb-audio: probe of 2-1:0.0 failed with error -2 [ 192.246586][ T7455] usb 2-1: USB disconnect, device number 10 [ 192.271275][ T3640] EXT4-fs (loop2): unmounting filesystem. [ 192.293429][ T3730] udevd[3730]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 192.634487][ T7456] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 192.873298][ T7840] loop3: detected capacity change from 0 to 32768 [ 192.894495][ T7456] usb 5-1: Using ep0 maxpacket: 16 [ 192.954810][ T7457] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 193.025702][ T7456] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16 [ 193.036002][ T7456] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64 [ 193.214719][ T7456] usb 5-1: New USB device found, idVendor=1189, idProduct=0893, bcdDevice=f4.95 [ 193.223978][ T7456] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 193.232117][ T7456] usb 5-1: Product: syz [ 193.236437][ T7456] usb 5-1: Manufacturer: syz [ 193.241051][ T7456] usb 5-1: SerialNumber: syz [ 193.249888][ T7456] usb 5-1: config 0 descriptor?? [ 193.277716][ T7833] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 193.285105][ T7833] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 193.344800][ T7457] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 193.353996][ T7457] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 193.364502][ T7457] usb 1-1: config 0 descriptor?? [ 193.500131][ T7833] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 193.511612][ T7833] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 193.634848][ T7457] ath6kl: Failed to submit usb control message: -71 [ 193.641522][ T7457] ath6kl: unable to send the bmi data to the device: -71 [ 193.648872][ T7457] ath6kl: Unable to send get target info: -71 [ 193.656136][ T7457] ath6kl: Failed to init ath6kl core: -71 [ 193.678547][ T7457] ath6kl_usb: probe of 1-1:0.0 failed with error -71 [ 193.692932][ T7457] usb 1-1: USB disconnect, device number 9 [ 193.744599][ T7456] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 193.755624][ T7456] asix: probe of 5-1:0.0 failed with error -71 [ 193.765178][ T7456] usb 5-1: USB disconnect, device number 9 [ 194.269642][ T1271] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.276054][ T1271] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.330550][ T7851] loop2: detected capacity change from 0 to 16 [ 194.390703][ T7851] erofs: (device loop2): mounted with root inode @ nid 36. [ 194.432837][ T7856] loop4: detected capacity change from 0 to 512 [ 194.446557][ T7856] EXT4-fs: Ignoring removed mblk_io_submit option [ 194.484533][ T7856] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem [ 194.541137][ T7856] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=b002c118, mo2=0002] [ 194.559441][ T7856] System zones: 1-12 [ 194.570450][ T7861] loop3: detected capacity change from 0 to 256 [ 194.570709][ T7856] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2186: inode #15: comm syz.4.1839: corrupted in-inode xattr [ 194.609033][ T7856] EXT4-fs error (device loop4): ext4_orphan_get:1401: comm syz.4.1839: couldn't read orphan inode 15 (err -117) [ 194.621269][ T7861] exFAT-fs (loop3): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 194.647717][ T7856] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 194.675891][ T7865] loop1: detected capacity change from 0 to 512 [ 194.721308][ T7865] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 194.745327][ T7861] exFAT-fs (loop3): error, invalid access to FAT free cluster (entry 0x00000008) [ 194.785313][ T7861] exFAT-fs (loop3): Filesystem has been set read-only [ 194.794871][ T7865] ext4 filesystem being mounted at /269/file0 supports timestamps until 2038 (0x7fffffff) [ 194.959855][ T3652] EXT4-fs (loop4): unmounting filesystem. [ 194.990372][ T4424] EXT4-fs (loop1): unmounting filesystem. [ 195.509011][ T7893] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1859'. [ 195.628012][ T7895] netlink: 'syz.1.1860': attribute type 6 has an invalid length. [ 195.707522][ T7457] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 196.010196][ T7907] loop1: detected capacity change from 0 to 136 [ 196.098465][ T7457] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 196.130795][ T7457] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 196.152308][ T7457] usb 5-1: config 0 descriptor?? [ 196.159736][ T7913] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1868'. [ 196.192962][ T7913] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1868'. [ 196.373675][ T7920] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 196.408574][ T7892] loop0: detected capacity change from 0 to 32768 [ 196.434532][ T7457] ath6kl: Failed to submit usb control message: -71 [ 196.444538][ T7457] ath6kl: unable to send the bmi data to the device: -71 [ 196.461935][ T7457] ath6kl: Unable to send get target info: -71 [ 196.472076][ T7457] ath6kl: Failed to init ath6kl core: -71 [ 196.614143][ T7457] ath6kl_usb: probe of 5-1:0.0 failed with error -71 [ 196.620957][ T7926] overlayfs: option "index=on" is useless in a non-upper mount, ignore [ 196.621000][ T7926] overlayfs: option "volatile" is meaningless in a non-upper mount, ignoring it. [ 196.621011][ T7926] overlayfs: missing 'lowerdir' [ 196.655039][ T7457] usb 5-1: USB disconnect, device number 10 [ 196.734676][ T3689] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 196.974689][ T7455] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 197.144671][ T3689] usb 2-1: config index 0 descriptor too short (expected 3133, got 61) [ 197.153005][ T3689] usb 2-1: config 0 has an invalid interface number: 156 but max is 1 [ 197.191387][ T3689] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 197.231135][ T3689] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 197.260161][ T3689] usb 2-1: config 0 has no interface number 0 [ 197.276697][ T3689] usb 2-1: config 0 interface 156 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7 [ 197.304788][ T3689] usb 2-1: config 0 interface 156 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 197.335013][ T3689] usb 2-1: config 0 interface 156 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 197.368857][ T3689] usb 2-1: New USB device found, idVendor=abcd, idProduct=cdee, bcdDevice= 5.b9 [ 197.388513][ T3689] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 197.404727][ T7455] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 197.427675][ T3689] usb 2-1: config 0 descriptor?? [ 197.432846][ T7455] usb 3-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice= 9.99 [ 197.441543][ T7934] loop0: detected capacity change from 0 to 32768 [ 197.452569][ T7455] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 197.477216][ T7455] usb 3-1: config 0 descriptor?? [ 197.490052][ T7934] (syz.0.1879,7934,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 197.495341][ T7952] rdma_rxe: rxe_register_device failed with error -23 [ 197.513859][ T3689] gspca_main: spca561-2.14.0 probing abcd:cdee [ 197.540938][ T7934] (syz.0.1879,7934,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 197.555258][ T7952] rdma_rxe: failed to add veth0_vlan [ 197.594224][ T7934] JBD2: Ignoring recovery information on journal [ 197.663933][ T7934] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 197.723767][ T7934] [ 197.726158][ T7934] ====================================================== [ 197.733204][ T7934] WARNING: possible circular locking dependency detected [ 197.740247][ T7934] 6.1.111-syzkaller #0 Not tainted [ 197.745386][ T7934] ------------------------------------------------------ [ 197.752428][ T7934] syz.0.1879/7934 is trying to acquire lock: [ 197.758431][ T7934] ffff888057b35108 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#4){+.+.}-{3:3}, at: ocfs2_reserve_suballoc_bits+0x182/0x5190 [ 197.771728][ T7934] [ 197.771728][ T7934] but task is already holding lock: [ 197.779115][ T7934] ffff888057bdc2c8 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#7){+.+.}-{3:3}, at: ocfs2_reserve_local_alloc_bits+0x127/0x29d0 [ 197.792636][ T7934] [ 197.792636][ T7934] which lock already depends on the new lock. [ 197.792636][ T7934] [ 197.803042][ T7934] [ 197.803042][ T7934] the existing dependency chain (in reverse order) is: [ 197.812053][ T7934] [ 197.812053][ T7934] -> #8 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#7){+.+.}-{3:3}: [ 197.822592][ T7934] lock_acquire+0x1f8/0x5a0 [ 197.827638][ T7934] down_write+0x36/0x60 [ 197.832323][ T7934] ocfs2_reserve_local_alloc_bits+0x127/0x29d0 [ 197.839016][ T7934] ocfs2_reserve_clusters_with_limit+0x1b4/0xb50 [ 197.845870][ T7934] ocfs2_lock_allocators+0x306/0x620 [ 197.851772][ T7934] ocfs2_extend_allocation+0x4e5/0x1d00 [ 197.857871][ T7934] ocfs2_extend_no_holes+0x1f2/0x490 [ 197.863684][ T7934] ocfs2_acquire_dquot+0x60a/0xb60 [ 197.869331][ T7934] dqget+0x762/0xe90 [ 197.873764][ T7934] ocfs2_setattr+0xf12/0x1f80 [ 197.878966][ T7934] notify_change+0xce3/0xfc0 [ 197.884090][ T7934] chown_common+0x5aa/0x900 [ 197.889123][ T7934] ksys_fchown+0xde/0x150 [ 197.894023][ T7934] __x64_sys_fchown+0x76/0x80 [ 197.899232][ T7934] do_syscall_64+0x3b/0xb0 [ 197.904179][ T7934] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 197.910605][ T7934] [ 197.910605][ T7934] -> #7 (&ocfs2_quota_ip_alloc_sem_key){++++}-{3:3}: [ 197.919481][ T7934] lock_acquire+0x1f8/0x5a0 [ 197.924515][ T7934] down_write+0x36/0x60 [ 197.929219][ T7934] ocfs2_lock_global_qf+0x221/0x2a0 [ 197.934947][ T7934] ocfs2_acquire_dquot+0x2ad/0xb60 [ 197.940588][ T7934] dqget+0x762/0xe90 [ 197.945009][ T7934] ocfs2_setattr+0xf12/0x1f80 [ 197.950318][ T7934] notify_change+0xce3/0xfc0 [ 197.955457][ T7934] chown_common+0x5aa/0x900 [ 197.960782][ T7934] ksys_fchown+0xde/0x150 [ 197.965656][ T7934] __x64_sys_fchown+0x76/0x80 [ 197.970863][ T7934] do_syscall_64+0x3b/0xb0 [ 197.975812][ T7934] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 197.982250][ T7934] [ 197.982250][ T7934] -> #6 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#6){+.+.}-{3:3}: [ 197.992793][ T7934] lock_acquire+0x1f8/0x5a0 [ 197.997858][ T7934] down_write+0x36/0x60 [ 198.002539][ T7934] ocfs2_lock_global_qf+0x202/0x2a0 [ 198.008267][ T7934] ocfs2_acquire_dquot+0x2ad/0xb60 [ 198.013943][ T7934] dqget+0x762/0xe90 [ 198.018368][ T7934] ocfs2_setattr+0xf12/0x1f80 [ 198.023574][ T7934] notify_change+0xce3/0xfc0 [ 198.028872][ T7934] chown_common+0x5aa/0x900 [ 198.033904][ T7934] ksys_fchown+0xde/0x150 [ 198.038784][ T7934] __x64_sys_fchown+0x76/0x80 [ 198.043990][ T7934] do_syscall_64+0x3b/0xb0 [ 198.048939][ T7934] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 198.055386][ T7934] [ 198.055386][ T7934] -> #5 (&dquot->dq_lock){+.+.}-{3:3}: [ 198.063038][ T7934] lock_acquire+0x1f8/0x5a0 [ 198.068081][ T7934] __mutex_lock+0x132/0xd80 [ 198.073104][ T7934] dquot_commit+0x57/0x510 [ 198.078048][ T7934] ext4_write_dquot+0x1fd/0x360 [ 198.083429][ T7934] mark_all_dquot_dirty+0xf7/0x400 [ 198.089073][ T7934] __dquot_free_space+0x956/0xe70 [ 198.094627][ T7934] ext4_free_blocks+0x1fb8/0x3020 [ 198.100172][ T7934] ext4_ext_remove_space+0x22bb/0x4f30 [ 198.106171][ T7934] ext4_ext_truncate+0x201/0x360 [ 198.111638][ T7934] ext4_truncate+0xa1d/0x1290 [ 198.116840][ T7934] ext4_evict_inode+0xb68/0x1150 [ 198.122389][ T7934] evict+0x529/0x930 [ 198.126816][ T7934] do_unlinkat+0x509/0x820 [ 198.131762][ T7934] __x64_sys_unlink+0x45/0x50 [ 198.136966][ T7934] do_syscall_64+0x3b/0xb0 [ 198.141911][ T7934] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 198.148334][ T7934] [ 198.148334][ T7934] -> #4 (&ei->i_data_sem){++++}-{3:3}: [ 198.155988][ T7934] lock_acquire+0x1f8/0x5a0 [ 198.161061][ T7934] down_write+0x36/0x60 [ 198.165934][ T7934] ext4_truncate+0x999/0x1290 [ 198.171176][ T7934] ext4_setattr+0x10f5/0x1a00 [ 198.176382][ T7934] notify_change+0xce3/0xfc0 [ 198.181513][ T7934] do_truncate+0x21c/0x300 [ 198.186457][ T7934] do_sys_ftruncate+0x2e2/0x380 [ 198.191835][ T7934] do_syscall_64+0x3b/0xb0 [ 198.196785][ T7934] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 198.203208][ T7934] [ 198.203208][ T7934] -> #3 (jbd2_handle){++++}-{0:0}: [ 198.210508][ T7934] lock_acquire+0x1f8/0x5a0 [ 198.215541][ T7934] start_this_handle+0x1f71/0x21b0 [ 198.221180][ T7934] jbd2__journal_start+0x2d1/0x5c0 [ 198.226817][ T7934] jbd2_journal_start+0x25/0x30 [ 198.232194][ T7934] ocfs2_start_trans+0x3c0/0x6f0 [ 198.237657][ T7934] ocfs2_mknod+0x1638/0x2e20 [ 198.242776][ T7934] ocfs2_create+0x1c0/0x4e0 [ 198.247807][ T7934] path_openat+0x12f1/0x2e60 [ 198.252923][ T7934] do_filp_open+0x230/0x480 [ 198.257951][ T7934] do_sys_openat2+0x13b/0x4f0 [ 198.263161][ T7934] __x64_sys_openat+0x243/0x290 [ 198.268540][ T7934] do_syscall_64+0x3b/0xb0 [ 198.273507][ T7934] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 198.280016][ T7934] [ 198.280016][ T7934] -> #2 (&journal->j_trans_barrier){.+.+}-{3:3}: [ 198.288532][ T7934] lock_acquire+0x1f8/0x5a0 [ 198.293567][ T7934] down_read+0xad/0xa30 [ 198.298262][ T7934] ocfs2_start_trans+0x3b5/0x6f0 [ 198.303727][ T7934] ocfs2_mknod+0x1638/0x2e20 [ 198.308846][ T7934] ocfs2_create+0x1c0/0x4e0 [ 198.313875][ T7934] path_openat+0x12f1/0x2e60 [ 198.318991][ T7934] do_filp_open+0x230/0x480 [ 198.324018][ T7934] do_sys_openat2+0x13b/0x4f0 [ 198.329225][ T7934] __x64_sys_openat+0x243/0x290 [ 198.334607][ T7934] do_syscall_64+0x3b/0xb0 [ 198.339553][ T7934] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 198.345973][ T7934] [ 198.345973][ T7934] -> #1 (sb_internal#5){.+.+}-{0:0}: [ 198.353452][ T7934] lock_acquire+0x1f8/0x5a0 [ 198.358482][ T7934] ocfs2_start_trans+0x2b0/0x6f0 [ 198.363963][ T7934] ocfs2_mknod+0x1638/0x2e20 [ 198.369085][ T7934] ocfs2_create+0x1c0/0x4e0 [ 198.374118][ T7934] path_openat+0x12f1/0x2e60 [ 198.379236][ T7934] do_filp_open+0x230/0x480 [ 198.384283][ T7934] do_sys_openat2+0x13b/0x4f0 [ 198.389490][ T7934] __x64_sys_openat+0x243/0x290 [ 198.394871][ T7934] do_syscall_64+0x3b/0xb0 [ 198.399818][ T7934] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 198.406241][ T7934] [ 198.406241][ T7934] -> #0 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#4){+.+.}-{3:3}: [ 198.416783][ T7934] validate_chain+0x1661/0x5950 [ 198.422176][ T7934] __lock_acquire+0x125b/0x1f80 [ 198.427730][ T7934] lock_acquire+0x1f8/0x5a0 [ 198.432764][ T7934] down_write+0x36/0x60 [ 198.437441][ T7934] ocfs2_reserve_suballoc_bits+0x182/0x5190 [ 198.443879][ T7934] ocfs2_reserve_cluster_bitmap_bits+0xc1/0x1d0 [ 198.450646][ T7934] ocfs2_reserve_local_alloc_bits+0x98c/0x29d0 [ 198.457355][ T7934] ocfs2_reserve_clusters_with_limit+0x1b4/0xb50 [ 198.464272][ T7934] ocfs2_lock_allocators+0x306/0x620 [ 198.470083][ T7934] ocfs2_extend_allocation+0x4e5/0x1d00 [ 198.476154][ T7934] ocfs2_extend_no_holes+0x1f2/0x490 [ 198.481963][ T7934] ocfs2_acquire_dquot+0x60a/0xb60 [ 198.487603][ T7934] dqget+0x762/0xe90 [ 198.492028][ T7934] ocfs2_setattr+0xf12/0x1f80 [ 198.497229][ T7934] notify_change+0xce3/0xfc0 [ 198.502354][ T7934] chown_common+0x5aa/0x900 [ 198.507387][ T7934] ksys_fchown+0xde/0x150 [ 198.512244][ T7934] __x64_sys_fchown+0x76/0x80 [ 198.517454][ T7934] do_syscall_64+0x3b/0xb0 [ 198.522401][ T7934] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 198.528824][ T7934] [ 198.528824][ T7934] other info that might help us debug this: [ 198.528824][ T7934] [ 198.539049][ T7934] Chain exists of: [ 198.539049][ T7934] &ocfs2_sysfile_lock_key[args->fi_sysfile_type]#4 --> &ocfs2_quota_ip_alloc_sem_key --> &ocfs2_sysfile_lock_key[args->fi_sysfile_type]#7 [ 198.539049][ T7934] [ 198.559052][ T7934] Possible unsafe locking scenario: [ 198.559052][ T7934] [ 198.566494][ T7934] CPU0 CPU1 [ 198.571854][ T7934] ---- ---- [ 198.577210][ T7934] lock(&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#7); [ 198.584499][ T7934] lock(&ocfs2_quota_ip_alloc_sem_key); [ 198.592649][ T7934] lock(&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#7); [ 198.602470][ T7934] lock(&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#4); [ 198.609761][ T7934] [ 198.609761][ T7934] *** DEADLOCK *** [ 198.609761][ T7934] [ 198.617898][ T7934] 6 locks held by syz.0.1879/7934: [ 198.623004][ T7934] #0: ffff88806326c460 (sb_writers#35){.+.+}-{0:0}, at: mnt_want_write_file+0x5a/0x1f0 [ 198.632855][ T7934] #1: ffff888057b309c8 (&type->i_mutex_dir_key#25){+.+.}-{3:3}, at: chown_common+0x3e5/0x900 [ 198.643143][ T7934] #2: ffff8880716be0a8 (&dquot->dq_lock){+.+.}-{3:3}, at: ocfs2_acquire_dquot+0x2a0/0xb60 [ 198.653165][ T7934] #3: ffff888057b35f48 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#6){+.+.}-{3:3}, at: ocfs2_lock_global_qf+0x202/0x2a0 [ 198.666236][ T7934] #4: ffff888057b35be0 (&ocfs2_quota_ip_alloc_sem_key){++++}-{3:3}, at: ocfs2_lock_global_qf+0x221/0x2a0 [ 198.677581][ T7934] #5: ffff888057bdc2c8 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#7){+.+.}-{3:3}, at: ocfs2_reserve_local_alloc_bits+0x127/0x29d0 [ 198.691525][ T7934] [ 198.691525][ T7934] stack backtrace: [ 198.697431][ T7934] CPU: 1 PID: 7934 Comm: syz.0.1879 Not tainted 6.1.111-syzkaller #0 [ 198.705502][ T7934] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 198.715570][ T7934] Call Trace: [ 198.718862][ T7934] [ 198.721797][ T7934] dump_stack_lvl+0x1e3/0x2cb [ 198.726491][ T7934] ? nf_tcp_handle_invalid+0x642/0x642 [ 198.732055][ T7934] ? print_circular_bug+0x12b/0x1a0 [ 198.737256][ T7934] check_noncircular+0x2fa/0x3b0 [ 198.742198][ T7934] ? add_chain_block+0x850/0x850 [ 198.747140][ T7934] ? lockdep_lock+0x11f/0x2a0 [ 198.751831][ T7934] ? 0xffffffffa00038c0 [ 198.755996][ T7934] ? mark_lock+0x9a/0x340 [ 198.760339][ T7934] ? _find_first_zero_bit+0xd0/0x100 [ 198.765656][ T7934] validate_chain+0x1661/0x5950 [ 198.770521][ T7934] ? reacquire_held_locks+0x660/0x660 [ 198.775901][ T7934] ? ocfs2_get_system_file_inode+0x1e0/0x7b0 [ 198.781976][ T7934] ? look_up_lock_class+0x77/0x140 [ 198.787095][ T7934] ? register_lock_class+0x100/0x990 [ 198.792395][ T7934] ? is_dynamic_key+0x260/0x260 [ 198.797256][ T7934] ? mark_lock+0x9a/0x340 [ 198.801598][ T7934] __lock_acquire+0x125b/0x1f80 [ 198.806467][ T7934] lock_acquire+0x1f8/0x5a0 [ 198.811005][ T7934] ? ocfs2_reserve_suballoc_bits+0x182/0x5190 [ 198.817105][ T7934] ? read_lock_is_recursive+0x10/0x10 [ 198.822492][ T7934] ? __might_sleep+0xb0/0xb0 [ 198.827097][ T7934] down_write+0x36/0x60 [ 198.831255][ T7934] ? ocfs2_reserve_suballoc_bits+0x182/0x5190 [ 198.837334][ T7934] ocfs2_reserve_suballoc_bits+0x182/0x5190 [ 198.843250][ T7934] ? mark_lock+0x9a/0x340 [ 198.847594][ T7934] ? ocfs2_block_group_search+0x530/0x530 [ 198.853324][ T7934] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 198.859343][ T7934] ? print_irqtrace_events+0x210/0x210 [ 198.864814][ T7934] ? do_raw_spin_unlock+0x137/0x8a0 [ 198.870013][ T7934] ? _raw_spin_unlock_irqrestore+0x8b/0x130 [ 198.875912][ T7934] ? lockdep_hardirqs_on+0x94/0x130 [ 198.881115][ T7934] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 198.887017][ T7934] ? _raw_spin_unlock+0x40/0x40 [ 198.891872][ T7934] ? stack_trace_save+0x113/0x1c0 [ 198.896906][ T7934] ? stack_trace_snprint+0xe0/0xe0 [ 198.902026][ T7934] ? __stack_depot_save+0x3f5/0x470 [ 198.907232][ T7934] ? kasan_set_track+0x60/0x70 [ 198.912006][ T7934] ? kasan_set_track+0x4b/0x70 [ 198.916799][ T7934] ? __kasan_kmalloc+0x97/0xb0 [ 198.921757][ T7934] ? ocfs2_reserve_local_alloc_bits+0x91f/0x29d0 [ 198.928123][ T7934] ? ocfs2_reserve_clusters_with_limit+0x1b4/0xb50 [ 198.934655][ T7934] ? ocfs2_lock_allocators+0x306/0x620 [ 198.940148][ T7934] ? ocfs2_extend_allocation+0x4e5/0x1d00 [ 198.945872][ T7934] ? ocfs2_extend_no_holes+0x1f2/0x490 [ 198.951335][ T7934] ? ocfs2_acquire_dquot+0x60a/0xb60 [ 198.956631][ T7934] ? dqget+0x762/0xe90 [ 198.960737][ T7934] ? ocfs2_setattr+0xf12/0x1f80 [ 198.965608][ T7934] ? notify_change+0xce3/0xfc0 [ 198.970393][ T7934] ? chown_common+0x5aa/0x900 [ 198.975111][ T7934] ? ksys_fchown+0xde/0x150 [ 198.979643][ T7934] ? __x64_sys_fchown+0x76/0x80 [ 198.984525][ T7934] ? do_syscall_64+0x3b/0xb0 [ 198.989142][ T7934] ? entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 198.995258][ T7934] ocfs2_reserve_cluster_bitmap_bits+0xc1/0x1d0 [ 199.001539][ T7934] ? ocfs2_reserve_new_inode+0xde0/0xde0 [ 199.007199][ T7934] ocfs2_reserve_local_alloc_bits+0x98c/0x29d0 [ 199.013367][ T7934] ? _raw_spin_unlock_irqrestore+0x8b/0x130 [ 199.019271][ T7934] ? stack_trace_save+0x113/0x1c0 [ 199.024307][ T7934] ? mark_lock+0x9a/0x340 [ 199.028657][ T7934] ? __lock_acquire+0x125b/0x1f80 [ 199.033695][ T7934] ? ocfs2_complete_local_alloc_recovery+0x620/0x620 [ 199.040391][ T7934] ? ocfs2_alloc_should_use_local+0x162/0x380 [ 199.046475][ T7934] ? __lock_acquire+0x1f80/0x1f80 [ 199.051511][ T7934] ? do_raw_spin_lock+0x14a/0x370 [ 199.056547][ T7934] ? do_raw_spin_unlock+0x137/0x8a0 [ 199.061775][ T7934] ? ocfs2_alloc_should_use_local+0x162/0x380 [ 199.067861][ T7934] ocfs2_reserve_clusters_with_limit+0x1b4/0xb50 [ 199.074200][ T7934] ? ocfs2_reserve_clusters+0x30/0x30 [ 199.079591][ T7934] ? rcu_is_watching+0x11/0xb0 [ 199.084360][ T7934] ? ocfs2_num_free_extents+0x398/0x740 [ 199.089907][ T7934] ? ocfs2_validate_extent_block+0x670/0x670 [ 199.095895][ T7934] ? ocfs2_read_blocks_sync+0xcd0/0xcd0 [ 199.101450][ T7934] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 199.107360][ T7934] ? _raw_spin_unlock+0x40/0x40 [ 199.112221][ T7934] ? stack_trace_save+0x113/0x1c0 [ 199.117270][ T7934] ocfs2_lock_allocators+0x306/0x620 [ 199.122593][ T7934] ? _ocfs2_clear_bit+0x30/0x30 [ 199.127722][ T7934] ? ocfs2_read_inode_block+0x148/0x1d0 [ 199.133276][ T7934] ? ocfs2_read_inode_block_full+0x1e0/0x1e0 [ 199.139265][ T7934] ? kasan_save_free_info+0x27/0x40 [ 199.144477][ T7934] ? ____kasan_slab_free+0xd6/0x120 [ 199.149676][ T7934] ? __kmem_cache_free+0x25c/0x3c0 [ 199.154794][ T7934] ? qtree_read_dquot+0x546/0x7f0 [ 199.159855][ T7934] ocfs2_extend_allocation+0x4e5/0x1d00 [ 199.165414][ T7934] ? mark_lock+0x9a/0x340 [ 199.169758][ T7934] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 199.175771][ T7934] ? ocfs2_extend_no_holes+0x490/0x490 [ 199.181237][ T7934] ? print_irqtrace_events+0x210/0x210 [ 199.186716][ T7934] ? mark_lock+0x9a/0x340 [ 199.191058][ T7934] ? __lock_acquire+0x125b/0x1f80 [ 199.196098][ T7934] ? ocfs2_allocate_extend_trans+0x6b0/0x6b0 [ 199.202142][ T7934] ? ocfs2_qinfo_unlock+0xa8/0x140 [ 199.207259][ T7934] ocfs2_extend_no_holes+0x1f2/0x490 [ 199.212552][ T7934] ? ocfs2_zero_extend+0x2e90/0x2e90 [ 199.217848][ T7934] ? _raw_spin_unlock+0x24/0x40 [ 199.222702][ T7934] ? ocfs2_qinfo_unlock+0x11d/0x140 [ 199.227904][ T7934] ocfs2_acquire_dquot+0x60a/0xb60 [ 199.233026][ T7934] ? dqget+0xca6/0xe90 [ 199.237107][ T7934] ? ocfs2_destroy_dquot+0x40/0x40 [ 199.242236][ T7934] dqget+0x762/0xe90 [ 199.246141][ T7934] ocfs2_setattr+0xf12/0x1f80 [ 199.250831][ T7934] ? ocfs2_extend_allocation+0x1d00/0x1d00 [ 199.256642][ T7934] ? seqcount_lockdep_reader_access+0x1d3/0x220 [ 199.262900][ T7934] ? ktime_get_coarse_real_ts64+0x107/0x120 [ 199.268808][ T7934] ? current_time+0x1ba/0x300 [ 199.273495][ T7934] ? atime_needs_update+0x7b0/0x7b0 [ 199.278700][ T7934] ? common_perm_cond+0x31b/0x3f0 [ 199.283732][ T7934] ? bpf_lsm_inode_setattr+0x5/0x10 [ 199.288931][ T7934] ? ocfs2_extend_allocation+0x1d00/0x1d00 [ 199.294743][ T7934] notify_change+0xce3/0xfc0 [ 199.299361][ T7934] chown_common+0x5aa/0x900 [ 199.303875][ T7934] ? __ia32_sys_chmod+0x180/0x180 [ 199.308908][ T7934] ? rcu_read_lock_any_held+0xb3/0x160 [ 199.314386][ T7934] ? __mnt_want_write+0x222/0x2a0 [ 199.319418][ T7934] ksys_fchown+0xde/0x150 [ 199.323762][ T7934] __x64_sys_fchown+0x76/0x80 [ 199.328453][ T7934] do_syscall_64+0x3b/0xb0 [ 199.332880][ T7934] ? clear_bhb_loop+0x45/0xa0 [ 199.337569][ T7934] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 199.343473][ T7934] RIP: 0033:0x7fa51417dff9 [ 199.347896][ T7934] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 199.367522][ T7934] RSP: 002b:00007fa514f23038 EFLAGS: 00000246 ORIG_RAX: 000000000000005d [ 199.375948][ T7934] RAX: ffffffffffffffda RBX: 00007fa514335f80 RCX: 00007fa51417dff9 [ 199.383927][ T7934] RDX: 0000000000000000 RSI: 000000000000ee00 RDI: 0000000000000003 [ 199.391933][ T7934] RBP: 00007fa5141f0296 R08: 0000000000000000 R09: 0000000000000000 [ 199.399918][ T7934] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 199.408022][ T7934] R13: 0000000000000000 R14: 00007fa514335f80 R15: 00007ffedfec0428 [ 199.416005][ T7934] [ 199.474619][ T7455] snd-usb-audio: probe of 3-1:0.0 failed with error -2 [ 199.484609][ T3689] spca561: probe of 2-1:0.156 failed with error -22 [ 199.492082][ T3689] usb 2-1: MIDIStreaming interface descriptor not found [ 199.566393][ T4833] ocfs2: Unmounting device (7,0) on (node local) [ 199.574812][ T3689] usb 2-1: USB disconnect, device number 11 [ 199.675291][ T154] usb 3-1: USB disconnect, device number 12