last executing test programs: 9.643764983s ago: executing program 4 (id=1108): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0) userfaultfd(0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r3, 0x400448e1, &(0x7f0000000380)) 8.650719302s ago: executing program 4 (id=1110): socket$unix(0x1, 0x5, 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000100)={0x0, 0x0, 0x20}, 0xc) r1 = syz_io_uring_setup(0x2ddd, &(0x7f00000006c0)={0x0, 0x0, 0x10100}, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0x5e2, &(0x7f0000000080), &(0x7f0000000340)=0x0, &(0x7f0000000380)) syz_io_uring_submit(r3, r2, &(0x7f00000001c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x4}) io_uring_enter(r1, 0x381b, 0x0, 0x0, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6}]}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0) sendto$inet6(r0, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) 8.32989993s ago: executing program 1 (id=1111): bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000140)='xprtrdma_op_connect\x00'}, 0x10) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000020000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) futex(&(0x7f0000004000), 0x5, 0x0, 0x0, &(0x7f0000004000), 0x82020000) r5 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f00000004c0)={@flat=@weak_binder, @flat=@weak_binder={0x77622a85, 0x0, 0x2}, @flat=@binder={0x73622a85, 0x0, 0x200000000000000}}, &(0x7f0000000200)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) 8.053623258s ago: executing program 2 (id=1114): r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0) r2 = eventfd(0x0) ioctl$VHOST_SET_VRING_BASE(r1, 0x4008af12, &(0x7f0000000080)={0x1, 0x7f}) ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000540)={0x0, 0x0, 0x0, &(0x7f00000002c0)=""/138, 0x0}) ioctl$VHOST_SET_LOG_FD(r1, 0x4004af07, &(0x7f0000000240)=r2) ioctl$VHOST_SET_VRING_KICK(r1, 0x4008af20, &(0x7f0000000500)={0x1, r2}) ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74}) ioctl$VHOST_SET_VRING_ERR(r1, 0x4008af22, &(0x7f0000000140)={0x1, r2}) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000940)) ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000000)=0x20000) 7.73241217s ago: executing program 4 (id=1116): bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) r5 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f00000004c0)={@flat=@weak_binder, @flat=@weak_binder={0x77622a85, 0x0, 0x2}, @flat=@binder={0x73622a85, 0x0, 0x200000000000000}}, &(0x7f0000000200)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) 7.377357986s ago: executing program 1 (id=1117): close(0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b7"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r4, r1, 0x25, 0x0, @val=@tcx}, 0x40) syz_emit_ethernet(0xfdef, &(0x7f0000000040)=ANY=[], 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000004000000018110000", @ANYRES32, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) connect$inet(r0, &(0x7f0000000080)={0x2, 0x4e22, @local}, 0x10) r5 = open(&(0x7f0000000040)='./bus\x00', 0x1451c2, 0x0) ftruncate(r5, 0x2007ffb) sendfile(r5, r5, 0x0, 0x800000009) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000407b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0xfff, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x3f, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000000000020000000000000000018190000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000024"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000040)='sched_switch\x00', r7}, 0x10) lseek(r5, 0x0, 0x3) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000e7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r8 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0xb, 0x7, 0x10001, 0x8, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r9}, 0x10) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000040)) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480), 0x4) mremap(&(0x7f0000097000/0x2000)=nil, 0x2000, 0x400000, 0x3, &(0x7f0000bff000/0x400000)=nil) madvise(&(0x7f00000d9000/0x2000)=nil, 0x2000, 0x14) 7.07667032s ago: executing program 2 (id=1118): socket$netlink(0x10, 0x3, 0x0) writev(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0x40) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000000)=ANY=[@ANYBLOB="e00000027fa80a0101"], 0x57) 6.861577668s ago: executing program 2 (id=1120): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0) userfaultfd(0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r3, 0x400448e1, &(0x7f0000000380)) 6.413796615s ago: executing program 1 (id=1121): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSLCKTRMIOS(r0, 0x5457, 0x0) 6.226086076s ago: executing program 1 (id=1122): syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0x3000c00, &(0x7f00000002c0)=ANY=[], 0x1, 0x678, &(0x7f00000010c0)="$eJzs3c1vHGcdB/DvrteON5TUTZM2RZUSNeJFtUjsWC6YCwEh5EOFqnLgbCUOsbJJi+0it0LU5fXaQ/6AcvCNExL3SOXCBW69+lgJgYR6wYjDop2dXW/sXb/EitduP59o9nlmnpnn+T2/ndnZXSvaAF9Y85OpPUol85Ovr7XWNzdmGpsbM/c79SRnklSTWrtI5T/NZvPj5GbaS15qbSy7qwwa5+HS3JuffLb5aXutVi7F/tW9jjuY9XLJlSQjZfnkXT3e3639+hvfr89Kd4athF3tJA6GbTRJs/DPh+0tP/vrM92WHvV+R+975gOnQKV939xlIjlbXuit9wHtu2L7nn2qrQ87AAAAADgGz25lK2s5N+w4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4DQpf/+/Ui7VdjmaK6l0fv9/rGxLWT9ZLh9u90dPKw4AAAAAAAAAOKozB9/18la2spZz3Q3/Lv7m3+7hQvH4pbyTlSxmOdeyloWsZjXLmU4y0dPR2NrC6urydF7Z98gbfY+8ccA51Q8+NwAAAAAAAAD4AvlV5nv+/g8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACdAJRlpF8VyoVOfSLWWZDzJWGu/9eTvnfpp9mjYAQAAAMAxeHYrW1nLuc56s1J85n+h+Nw/nnfyIKtZymoaWczt4ruA9qf+6ubGTGNzY+Z+a9nd7/f+dagwih7T/u6h/8iXij3quZOlYsu13MpbaeR2qsWRLZc68fSP64NWTJXvlg4Y2e2ybM38w7Lc5f1DTXaQwV+mvN1v40SRkdFuRqZ6Yntu70wc8tnZOdJ0qt1gL+wYaccknijnZ8uyNZ/fDcr5setE35uJyz2hvbB3zpOv//mPP7nbeHDv7p2VyZMxpf2tl+VIWTaLx/ruc2Km5zp88fOYiYGmikxc7K7P54f5cSZzJW9kOUv5eRaymsVcyQ+K2kJ5Pld6LvkBmbr52Nob+0UyVl6r7SfrcDG9Uhx7Lkv5Ud7K7SzmteLfjUznW5nNbOZ6nuGLB3ilrQ646ptf7hv81W+UlXqS35flydDK63M9ee19zZ0o2nq3bGfp/NHuR7U+odS+UlZaY/y6LE+GnZmY7snE83tn4g/Fy8pK48G95bsL2ze70b2GO/9hWWldR789MXeJlOfL+e4T+PjZ0Wp7vm/bdNF2odtW3dV2sdvWvlLXB16pY+V7uN093SjaXuzbNlO0Xepp6/d+C4AT7+yrZ8fq/6j/rf5R/Tf1u/XXx79/5ttnXh7L6F9Gv1ObGvla9eXKn/JRfrn9+R8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHhyK+++d2+h0Vhc3lFpNpvvD2g6zZXOz5kd46AvPZMMa8pjSdpb/tdsG1bm/9tsNsstlRNxJuxZKVJ1Js2nPlYtSb+my71bPhjK+TPkFybgqbu+ev/t6yvvvvfNpfvNkcWfLj6Ym52dm5qbfW3m+p2lxuJU+3HYUQJPw/ZNf9iRAAAAAAAAAAAAAAd1kP8P8NVXy50n2sXufepJBvczePTxY5kjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcLrNT6b2KJVMT12baq1vbsw0Wkunvr1nLUk1SeUXSeXj5GbaSyZ6uqsMGufh0tybn3y2+el2X7XO/tW9jjuY9XLJlSQjZdlRP2J/t3b0d3iV7gxbCbvaSVwyfqRu4aj+HwAA//8sFQQa") seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000003c0)={0x0, 0x0}) close(0xffffffffffffffff) ftruncate(0xffffffffffffffff, 0x0) setsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0x1, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0) mknodat$loop(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', 0x0, 0x1) rmdir(&(0x7f0000000280)='./file0\x00') 5.843833563s ago: executing program 2 (id=1123): unshare(0x4020400) unshare(0x800) ioctl$VIDIOC_G_CTRL(0xffffffffffffffff, 0xc008561c, &(0x7f00000001c0)) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = syz_usb_connect(0x0, 0x3f, &(0x7f0000000040)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f00020000000905050200067e001009058b1e20"], 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000680)={0x84, &(0x7f0000000300)=ANY=[@ANYRESOCT, @ANYRESHEX=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$EVIOCGMASK(r1, 0x40045b17, 0x0) socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x200000000000011, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'bridge0\x00'}) bind$packet(r2, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x14) getsockname$packet(r2, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB="3800000055000100000000000000000007008209", @ANYRESDEC, @ANYBLOB=' \x00', @ANYRES32, @ANYBLOB="00001000e000030000010001000000000000000008"], 0x38}}, 0x0) fcntl$getown(0xffffffffffffffff, 0x9) r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r3, &(0x7f0000000540)=[{&(0x7f0000002700)=""/102386, 0x18ff2}], 0x1, 0x0, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000200), r3) sendmsg$ETHTOOL_MSG_DEBUG_SET(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000100)=ANY=[@ANYBLOB="8c000000", @ANYRES16=r5, @ANYBLOB="0100000000000000000008000000600002800400010050000400000000000000075fdb09160a2f13e95b453b086b3a29fd4843a2857676ba6b6a5e1cd724af0d18fd7d91824f52133b19656e6c613071e74ee40949bc22b2ed7cf5eb132f480d02cf92c7eb0f080002004d02000018000180140002006970766c616e31"], 0x8c}}, 0x0) userfaultfd(0x1) process_vm_writev(0x0, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, 0x0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo/3\x00') r6 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000003c0)='/sys/power/pm_print_times', 0x343f1fee219394c3, 0x180) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(r6, 0x80045301, &(0x7f00000000c0)) read$FUSE(0xffffffffffffffff, &(0x7f0000002280)={0x2020}, 0x48) 5.673627237s ago: executing program 4 (id=1125): r0 = socket$inet(0x2, 0x0, 0x0) sendmmsg$inet_sctp(r0, &(0x7f0000000840)=[{&(0x7f0000000000)=@in={0x2, 0x0, @remote}, 0x10, &(0x7f00000007c0)=[{&(0x7f0000000240)="d2", 0x1}], 0x1, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000000084000000000000000000ff"], 0x18}], 0x1, 0x0) 4.713570158s ago: executing program 3 (id=1128): r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0) r2 = eventfd(0x0) ioctl$VHOST_SET_VRING_BASE(r1, 0x4008af12, &(0x7f0000000080)={0x1, 0x7f}) ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000540)={0x0, 0x0, 0x0, &(0x7f00000002c0)=""/138, 0x0}) ioctl$VHOST_SET_LOG_FD(r1, 0x4004af07, &(0x7f0000000240)=r2) ioctl$VHOST_SET_VRING_KICK(r1, 0x4008af20, &(0x7f0000000500)={0x1, r2}) ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74}) ioctl$VHOST_SET_VRING_ERR(r1, 0x4008af22, &(0x7f0000000140)={0x1, r2}) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000940)) ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000000)=0x20000) 4.706696241s ago: executing program 4 (id=1129): syz_usb_connect(0x0, 0x24, &(0x7f0000000140)={{0x12, 0x1, 0x0, 0xb5, 0x40, 0x33, 0x40, 0x1a86, 0x7522, 0x3536, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xe4, 0xd6, 0x24}}]}}]}}, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) epoll_create(0x0) syz_open_dev$dri(0x0, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x8, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="850000006100000054000000000000009500000000000000b4a8b1541206000000e9c79077fa15ba36eca61299de54cf77c9062430bc068829afff36b31fa7e35ce95d04"], &(0x7f0000281ffc)='GPL\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r1, 0x2000000, 0xe40, 0x0, &(0x7f0000000240)="5cdd3086ddff0066b3c9bbac88a8862c00dffd0013dd00000000000000008100f5df86dd", 0x0, 0x15d, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 4.521637401s ago: executing program 0 (id=1131): r0 = socket$l2tp6(0xa, 0x2, 0x73) setsockopt$inet6_mtu(r0, 0x29, 0x17, &(0x7f0000000140)=0x2, 0x4) sendmmsg$inet6(r0, &(0x7f0000001400)=[{{&(0x7f00000003c0)={0xa, 0x0, 0x0, @remote}, 0x1c, 0x0}}], 0x1, 0x0) 4.46511534s ago: executing program 0 (id=1132): r0 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7c, 0x0, &(0x7f00000000c0)) 4.348153573s ago: executing program 0 (id=1133): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0) userfaultfd(0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x0, &(0x7f0000000200)=0x4) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r3, 0x400448e1, &(0x7f0000000380)) 3.289349106s ago: executing program 0 (id=1134): r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000140)=0x200000000) write$vhost_msg_v2(r0, &(0x7f0000000080)={0x2, 0x0, {&(0x7f0000000a00)=""/4096, 0x1000, 0x0, 0x0, 0x2}}, 0x48) write$vhost_msg_v2(r0, &(0x7f00000003c0)={0x2, 0x0, {0x0, 0x0, 0x0, 0x0, 0x3}}, 0x48) 3.123912543s ago: executing program 3 (id=1135): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee6, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x12, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) mount(0x0, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = inotify_init1(0x0) fcntl$setown(r3, 0x8, 0xffffffffffffffff) fcntl$getownex(r3, 0x10, &(0x7f0000000380)) syz_genetlink_get_family_id$nl802154(0x0, 0xffffffffffffffff) fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000100)='c:::\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) 2.989622523s ago: executing program 0 (id=1136): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x7c}}, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_usb_connect$cdc_ecm(0x0, 0x4d, &(0x7f0000000140)=ANY=[@ANYBLOB="12011003020000080900a1c24000010203010902"], 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = dup(r2) ioctl$KVM_SET_MSRS(r3, 0x4048aecb, &(0x7f0000000200)=ANY=[@ANYRES32=r0]) 1.946300512s ago: executing program 3 (id=1137): syz_mount_image$ext4(&(0x7f00000002c0)='ext4\x00', &(0x7f0000000300)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x10, &(0x7f0000000680), 0xfe, 0x244, &(0x7f0000000400)="$eJzs3T9oJFUcB/DvzO565m6RUxtB/AMiooFwdoJNbBQCEoKIoEJExEZJhJhgl1jZWGitksomiJ3RUtIEG0WwipoiNoIGC4OFFiu7k0hMVqNu3Dkynw9MZibz3vzesPN9u83sBmisq0mmk7SSTCbpJCmON7i7Wq4e7q5PbM8nvd4TPxWDdtV+5ajflSRrSR5KslUWeamdrGw+s/fLzmP3vbncuff9zacnxnqRh/b3dh8/eG/2jY9mHlz54qsfZotMp/un6zp/xZD/tYvklv+j2HWiaNc9Av6Judc+/Lqf+1uT3DPIfydlqhfvraUbtjp54N2/6vv2j1/ePs6xAuev1+v03wPXekDjlEm6KcqpJNV2WU5NVZ/hv2ldLl9eXHp18sXF5YUX6p6pgPPSTXYf/eTSx1dO5P/7VpV/4OLq5//JuY1v+9sHrbpHA4zFHdWqn//J51bvj/xD48g/NJf8Q3PJPzSX/ENzyT80l/zDBdb5+8PyD80l/9Bc8g/NdTz/AECz9C7V/QQyUJe65x8AAAAAAAAAAAAAAAAAAOC09Ynt+aNlXDU/eyfZfyRJe1j91uD3iJMbB38v/1z0m/2hqLqN5Nm7RjzBiD6o+enrm76rt/7nd9Zbf3UhWXs9ybV2+/T9Vxzef//dzWcc7zw/YoF/qTix//BT461/0m8b9daf2Uk+7c8/14bNP2VuG6yHzz/ds79i+Uyv/DriCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABib3wMAAP//+kBtTA==") r0 = open(&(0x7f00000000c0)='./bus\x00', 0x1a12fe, 0x0) r1 = creat(&(0x7f0000000100)='./bus\x00', 0x0) ftruncate(r1, 0x1f) r2 = open(&(0x7f0000000100)='./bus\x00', 0x141042, 0x0) fallocate(r2, 0x0, 0x0, 0x10000) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$EXT4_IOC_PRECACHE_EXTENTS(0xffffffffffffffff, 0x6612) fallocate(r0, 0x8, 0x0, 0x7000) 1.831373574s ago: executing program 2 (id=1138): socket$unix(0x1, 0x5, 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000100)={0x0, 0x0, 0x20}, 0xc) r1 = syz_io_uring_setup(0x2ddd, &(0x7f00000006c0)={0x0, 0x0, 0x10100}, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0x5e2, &(0x7f0000000080), &(0x7f0000000340)=0x0, &(0x7f0000000380)) syz_io_uring_submit(r3, r2, &(0x7f00000001c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x4}) io_uring_enter(r1, 0x381b, 0x0, 0x0, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6}]}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0) sendto$inet6(r0, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) 1.677488693s ago: executing program 1 (id=1139): r0 = socket$inet(0x2, 0x0, 0x0) sendmmsg$inet_sctp(r0, &(0x7f0000000840)=[{&(0x7f0000000000)=@in={0x2, 0x0, @remote}, 0x10, &(0x7f00000007c0)=[{&(0x7f0000000240)="d2", 0x1}], 0x1, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000000084000000000000000000ff"], 0x18}], 0x1, 0x0) 1.430903427s ago: executing program 4 (id=1140): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) r1 = socket$qrtr(0x2a, 0x2, 0x0) bind$qrtr(r1, &(0x7f0000000040)={0x2a, 0x1, 0x2}, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a4a000000160a22020000000000000000020000000900020073797a30000000000900010073797a30000000002c00038008000140000000000800024000000000180003801400010073797a5f74756e000000000000000000140000001100010000000000000000000000000a"], 0x80}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$smc(&(0x7f00000001c0), 0xffffffffffffffff) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x10000, 0x0, 0x4}, 0x48) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="04080600c80000"], 0x7) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="0308c800"], 0x6) syz_emit_vhci(&(0x7f0000000380)=ANY=[@ANYBLOB="0402550600000000000007070ab165300e00ffffffffffff090607360a8e080000000000000007700a00691e0300ffffffffffff05d305e77791ff07000000000000fcd2dfbb189cf25905f25e1308ff07ffffffffffff00fc0d699cf70200"], 0x58) syz_emit_vhci(&(0x7f0000000100)=@HCI_VENDOR_PKT={0xff, 0x80}, 0x2) syz_open_dev$usbmon(&(0x7f0000000280), 0x0, 0x0) prlimit64(0x0, 0xc, &(0x7f0000000240)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x10000) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r3, 0xaf01, 0x0) r4 = eventfd(0x0) ioctl$VHOST_SET_VRING_ERR(r3, 0x4008af22, &(0x7f0000000000)={0x0, r4}) ioctl$VHOST_SET_MEM_TABLE(r3, 0x4008af03, &(0x7f0000000040)) ioctl$VHOST_SET_FEATURES(r3, 0x4008af00, &(0x7f0000000080)=0x200000000) r5 = dup2(r3, r3) ioctl$VHOST_VSOCK_SET_RUNNING(r5, 0x4004af61, &(0x7f0000000040)=0x1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0) 1.379226743s ago: executing program 3 (id=1141): r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000002180)='/sys/power/sync_on_suspend', 0xa82, 0x0) write$binfmt_misc(r0, &(0x7f0000000880)=ANY=[], 0x2000088e) 1.160165607s ago: executing program 1 (id=1142): socket$igmp6(0xa, 0x3, 0x2) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket$l2tp(0x2, 0x2, 0x73) socket$kcm(0x10, 0x2, 0x4) process_vm_readv(0x0, 0x0, 0x0, &(0x7f0000008640), 0x0, 0x0) r1 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_G_TUNER(r1, 0xc054561d, &(0x7f00000000c0)={0x0, "54c4d5c8a353e40ca958013763c56c995609ad28acab1eb969fa5a376eabb28c"}) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50) setsockopt$packet_fanout_data(0xffffffffffffffff, 0x107, 0x16, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x0, 0x4, 0x0, 0x0, 0x0, 0x9d, &(0x7f00000004c0)=""/157, 0x0, 0x0, '\x00', 0x0, 0x38}, 0x90) eventfd(0xcf) ioctl$VHOST_SET_LOG_FD(0xffffffffffffffff, 0x4004af07, 0x0) ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, 0x0) ioctl$VHOST_SET_MEM_TABLE(0xffffffffffffffff, 0x4008af03, &(0x7f0000000580)) ioctl$VHOST_VSOCK_SET_RUNNING(0xffffffffffffffff, 0x4004af61, &(0x7f0000000000)=0x20000) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000001280)=ANY=[@ANYBLOB="3400000010000104000009040000000000000000", @ANYRES32, @ANYBLOB="7700000000000004140012000c0001"], 0x34}}, 0x0) socket(0x10, 0x803, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) syz_mount_image$xfs(&(0x7f000000d4c0), &(0x7f0000000000)='./file0\x00', 0x4090, &(0x7f0000000600), 0x1, 0xd58d, &(0x7f0000027f80)="$eJzs3QtsleX9wPG3lFZq1PxNTPRvYoYgojhFWhWZCrQ4WAWLyJQKAyTSFRGvEAduURZDNjWLGJdtxkXHZnSbZMsuKNuSDWcAwagwDYwsgTGNl6mAceMyDV3OrbSH0tgHn6dDPp+Enr7v6e9pOd8+77EmhzaPndyQZX2zgsVZufrvrt+0/rVxP1g+4c8nPjjnll8Vzo4eXby7f/H29OLtgCy/WP7uPoVTNdlvV/TJHfTpuO6xNTUVJ2TZScXD0nrDCzd3rit9XFuZ4un/K92fX7Qi/+b+wp92NfnPc23lrI7rFD664uC/6FGquX7c2NIj2KFbZfHuigP35W/7Fv6MWp9lo9Zmh/z+6FW5r3PxSY99fGVvfyFHgub6cY1l/UcXO1cU92P/8j14NCr/Pm/92aYtxYewossL5xGiuX7shKybfTxy1vzL2wrXzaosy6qzLDsmy7J+vd2DT0d9Q11D7ppfOi5mL+3/xV19X8zY++EbWZYdX3yeGFF6LgCOLPUNdWO62P/V3e3/0Y1P/Mv+hyNfY31DXW6vl+3/ft3t/9dWDjuh+LP/8MLU/t79SwAAAAAAXZq/6K6bZs2b13KHd7zjHe+0v9PbVyYgtgObvre/EiC1FP850dt/RwAAADjaNTbVv19Z0elUZceD015qyd9esKd5zn2rlqws3RbvHt/Fkp1e59/W1tZ2347q0utjjyl7vWy/8uHc+nOPG7K0eNi//PUHVfmzVdn1X71xXsv5uU81sCpbmDsYllv3zKpsae6gNncwuCr7ae6gLn9Qk63KHZx3w63zZudOnBX4iH22NDYtzio7Fcs6fTd07D/3uEk/Kt12s2Rptfw/KpHrv2LFgifL7is5RP/29U//H/z3BT5TetZ/enPptpslD9r/t//6L/Vd3Xfo/u3rD9A/ri6u/50alV/3y67//btYsn3+mYWtM3P9H51xbGn/9/0k1/8O6w8s759fvP36n1vqjNL1P/fcMuiwHoyjUGPTN9/vbv9337/vqcUP69Nhtn21sRM3Lcr1X7fwe8uLp6p62P+M7vZ/Rf+Drif0UGPTsray/d+D/tngLpZsb7K0etqJuf7brz57aof7etJ/UHn/oQtuvm3o/EV3nXvjzbNaW1pbbqmrHXHhxRfUjqgdMTR/SSi8PbwH5ShyePs/O7ZspiLLBrXPv/v2hsty/S9c/dGa4ql+Pex/Zrf7//rOXysdDOiTVVdnC2ctWHDHsMLb0mFt4W3hw7ro34Pn/4GlH6JqircVWXZK+/w9H//uqlz/feueXFY8Vd3D/oO761994PMS6DD3/+yymU79T3vqkadz/adPaLiieKqnz/9ndbv/F9v/h6uxqex/+HzKcv1bdr64MHD8bD//xZWi/8i2tScGjg/RP64U/ffsev6iwPFz9I8rRf9vb9v2fOD45/WPK0X/+g1/eyNw/Fz940rR/9RVm78TOH6e/nGl6P/qK6/+PHB8qP5xpejfuu/R/w8cP1//uFL0/8Xux0cGjg/TP64U/f/95sNTAsdr9Y8rRf9L3/n+bYHjdfrHlaL/mDUPLAkcv0D/uFL0v3/dgz8OHL9Q/7hS9N+45d4XA8cv0j+uFP1P2fSt9wLHh+sfV4r+Wz+Yckbg+MX6x5Wi/8n7J4d+ihH6x5Wi/4QdM+cGjn9B/7hS9F+yfVro7+K8RP+4UvT/z8vjVgaOX6p/XCn61z035vHA8cv0jytF/zkbJ+4OHB+pf1wp+i/bOn5j4Pgo/eNK0f+FfX+6O3B8tP5xpehfsfsP1wWO1+sfV4r+U998NvQFmQ36x5Wi/8Pv/ObkwPEx+seVov97a375j8Dxy/WPK0X/QeueXh04/kX940rR/+4tTy0PHB+rf1wp+j+76ScPBI6P0z+uFP1v/2D+mMDxL+kfV4r+K/d/bXbgeKP+caXo//qOrx8fOH6F/nGl6D9k+z1DAsfH6x9Xiv7XvHzDtsDxCfrHlaL/D59r3Rs4fqX+caXov3bjTQ8FjjfpH1eK/idsvfWZwPGJ+seVov/v3x5cFTh+lf5xpeg//62BAwLHJ+kfV4r+Z+0Z2tXvCfkkrtY/rhT9t+89J/S3yU/WP64U/R/bPPyRwPEv6x9Xiv5T/lr3x8Dxa/SPK0X/414YtTlw/Fr940rRf/XaS3YFjk/RP64U/Sv//u7FgePN+seVov/6nTs/Fzh+nf5xpej/UNvrdwaOT9U/rhT9m3e9NSlwfJr+caXoP3jbR08Ejn9F/7hS9N+xoe3ewPHp+seVov+KVR/+M3B8hv5xpej/jVf2vBQ4PlN/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+yw4cCAAAAAAA+b82QlVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVRV24EAAAAAAAMj/tRGqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsAMHAgAAAABA/q+NUFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYVdOwG7bS4Y97+fYzzmKUnJPM8zmc4hU8YMJRooQiFJQoNDqZAoFGUMESpkVpIUjkSFJkNFpaQ0mTn/64ydjlv1/t7+r3Lf93U9e+2113rW+e7vZ333s3VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVfVCbIeNtl1/MJh6wt6oZx0fefzoO0ffvvGJF2x+3ezH7LHPReNfHTFiwuEFxkzRYNzFxh0eNv6U4YNLzh42dmfY5NedYfjwoVkGQ3PxqA545J8Me7aJT8ZddGjcw5HjfyY1fOzDwVcvs+0/uZa6HUZuvNGEGRyazG2qCYeHJs7uhO3U439We3QwWO3awXPeH89/d1181hbP9xj+G9ph5MabTuE/mOA8zn3K9W1tyvv8fSNG7/u8wv2b2mHkRpuPtX6udXzHbQ8NHzP+c32awWAw7WAwmG4wGEz/fHvUv6eR66+8/tjP/In749VHTfxCQJ/vQ0PbnP76CX9fVx8Mho+Y+Legqv67Grn+yhvA+p920nFY//Pf9+jmrf+q//42Hbn+yoPJvuePf3XU9BOP0/q/6ZQrVnn+RlxVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVz0fPPHTVNYPBYGgwGAwbDJ4aTHg++XYwZsyYMWP3L7z2ttuet4H+ZzQ08vjRd46+feMTL9j8utmP2WOfi/42S/+1/fe/g/rfNNZ/+vMWGAz22f75Hko9D7X+3eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvLX9wzD111zYR7YNhg8NRgwvNRE7czLXPd0RNOXfSeU68/bMrfH/va9P/no37eGhp5/Og7R9++8YkXbH7d7Mfssc9FL4DV89//Dup/0zj/PYfGr+XBYDDbnoPBYMuR22y3xGAwOOz6U+9ZaDDp2Bpjj601x1SDqcb96hLjHhd9jgsvMPl2hknXuHDc9Tcdc8ZUQ1MMYrKuOPzaI/bY4dFVptwu/tzvY9jEJ7PvNO2xY8aMGfN3L07ouT6rJl5/4nuZcp1PGPsSY8e+/P5777v8uw46eNk9995l9912322flVdac9U1VllpzZXWXP6te+612wrjH59jzsbPysL/ypxNO+WcPTRy8jmb8r0915wt8I/nbNwV37T7gZdNnLOp/4dztvA/nrMF9pw41gWmGew8bmrG/pOLTDM4cOzOitNN9rdlnrHnrj3HsMHg2L+90bHPppt0Dw6NGnvODhttu/7fRjrqWWN71uf0uEaMmGKaF5ywXWj82x4x2bQOH1xy6bCxO383zTMMHz40y2Aw14Tdiddbc/xm3+0nnjdmiia8PNvkEz9+5oeOHP8zqeFjH+5d+uJ1J7/OcxD8Oxo3imn/h7/0LK81hiZN1NCEnwnnjPcaufGmf1vmIyY+TD3htdXHmkw5Z//OnjXeBYZNuq9pvJuOXH/lsS9PMf+TlgLdX5s9dsKoCffW6uN/65n/ZxT+7Nh83ONzrecFptj+o8+Oqf729G+v7nbLfFN+dmz23EP8u3UxcY6mm+Kk5/rsOHapmd42+WfTc3x2bD527NMMJv/sGPvPLjzxs2Ps2BebZnDs2J2Vxu4sPs3g3LE7K4/bGT64duzOcm95x167Do37e/Ws+2CJoUkT8Bz37UZT3LfDJpu+ocnmb2jC/Tz1YLDe6MFgvRvofT33dHJ03077D8Y7cv2VNxg7xinu20nLG8YzdNyYG+ceDAYzT3hfa04c+/9LNN6p//F414fxTv0Pxjs4esvTpv03j3fSOht3r034mF7iOX7n79bZbM9aZ4dONdnK+Fe/1+wK549/Ps+kq51/0jnzTZyjaaa47j/7Gz3xvZD/xO98kzc0ajD0j+bmub6H/d3czPKP5+Zf/f6yxIQvGMP/wdxsfeVTh0ycmyn/lv2zuVn8OeZm8u/DkzftYDD87+dm6sGGY7/RTJibxf6VuZnp33PfzADnj3++6KSX1rntgQcnzg3MBf7338TrL/Y/nJuhnSfdN4uMO7bQsMG00w4O3GX//fdbcfzjxN2Vxj/+4zW4yL8yl9P/e+Zy3gmfOsOePTmTXjrozq02+n9dg4v8T+dygcGwif+by55TLpZ/X/33v7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7innnoqmsm3APDBoOnBuOfD03YDkbdffLSa4zdDgaDaS4/+cCNn+/xPs8NjTx+9J2jb9/4xAs2v272Y/bY56IXwOr5738H9b9pnP+eQ4PBhPU9256DwWDLkdtst8RgMNj4wJMvHzaYdGyescfWnmPYYHDs0N9dYLpJ5wyNGnvODhttu/5gMPWEM0Y96x991joa14gREw4vMGG74ITtQoNxFxt3eNj4l4YPLrl02NidYZNfd4bhw4dmGQzmmrA78Xqrj98ccNPE88ZM0YSXZ5t4fNikmRk6cvzPpIaPfZhztlPPnvw6//Js/x818bN6z2H/9NTWv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+Yt75qGrrplwDwwbDJ4ajH8+NGrCdnDmTu8cPuEWmWbpMbde/3yP93luaOTxo+8cffvGJ16w+XWzH7PHPhe9AFbPf/87qP9N4/z3HBoMJqzv2fYcDAZbjtxmuyUGg8H1t45Zethg0rF5xh5be45hg8GxQ393gekmnTM0auw5O2y07fqDwdQTzhj1rH/0WetoXCNGTDi8wITtghO2Cw3GXWzc4WHjXxo+uOTSYWN3hk1+3RmGDx+aZTCYa8LuxOutPn5zwE0TzxszRRNenm3i8WGTZmboyPE/kxo+9mHZm3fce/Lr/Muz/X/UxM/qPYf901Nb/+7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5S/umYeuumbCPTBsMHhqMP75sAnboVHLP3zhkmO3Y/fvn+aoE5/v8T7PDY08fvSdo2/f+MQLNr9u9mP22OeiF8Dq+e9/B/W/aaz/9OctMBjss/3zPZR6Hmr9u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7hnHrrqmglPh/3t1WGjui+woZHHj75z9O0bn3jB5tfNfswe+1z0fA/of9tz+B+aP2bxPyx/zOL/wfwxi/+H8scs/ofnj1n8P5w/ZvH/SP6Yxf+j+WMW/yPyxyz+R+aPWfyPyh+z+H8sf8zif3T+mMX/4/ljFv9j8scs/sfmj1n8P5E/ZvH/ZP6Yxf+4/DGL//H5Yxb/E/LHLP6fyh+z+H86f8zif2L+mMX/pPwxi/9n8scs/p/NH7P4n5w/ZvE/JX/M4n9q/pjF/7T8MYv/6fljFv8z8scs/p/LH7P4n5k/ZvE/K3/M4n92/pjF//P5Yxb/c/LHLP7n5o9Z/L+QP2bxPy9/zOJ/fv6Yxf+C/DGL/xfzxyz+X8ofs/h/OX/M4n9h/pjF/6L8MYv/xfljFv+v5I9Z/C/JH7P4X5o/ZvG/LH/M4n95/pjF/4r8MYv/lfljFv+r8scs/lfnj1n8v5o/ZvH/Wv6Yxf+a/DGL/9fzxyz+1+aPWfy/kT9m8b8uf8zi/838MYv/9fljFv9v5Y9Z/L+dP2bxvyF/zOJ/Y/6Yxf+m/DGL/+j8MYv/zfljFv/v5I9Z/G/JH7P4fzd/zOJ/a/6Yxf+2/DGL//fyxyz+388fs/j/IH/M4n97/pjF/478MYv/nfljFv8f5o9Z/H+UP2bx/3H+mMX/J/ljFv+f5o9Z/O/KH7P4350/ZvG/J3/M4n9v/pjF/2f5Yxb/n+ePWfx/kT9m8b8vf8zif3/+mMX/l/ljFv9f5Y9Z/H+dP2bxfyB/zOL/m/wxi/9v88cs/g/mj1n8f5c/ZvF/KH/M4v/7/DGL/x/yxyz+D+ePWfz/mD9m8f9T/pjF/8/5Yxb/v+SPWfz/mj9m8X8kf8zi/2j+mMX/sfwxi//j+WMW/yfyxyz+T+aPWfyfyh+z+D+dP2bxfyZ/zOI/Jn9M4j/VIH/M4j+UP2bxH5Y/ZvGfKn/M4j91/pjFf5r8MYv/tPljFv/p8scs/tPnj1n8h+ePWfxnyB+z+M+YP2bxnyl/zOI/c/6YxX+W/DGL/6z5Yxb/2fLHLP6z549Z/OfIH7P4z5k/ZvGfK3/M4v+i/DGL/9z5Yxb/F+ePWfznyR+z+L8kf8ziP2/+mMX/pfljFv+X5Y9Z/OfLH7P4vzx/zOI/f/6YxX+B/DGL/4L5Yxb/hfLHLP4L549Z/BfJH7P4L5o/ZvFfLH/M4r94/pjFf4n8MYv/kvljFv+l8scs/kvnj1n8l8kfs/gvmz9m8V8uf8ziv3z+mMV/hfwxi/+K+WMW/5Xyxyz+K+ePWfxXyR+z+K+aP2bxXy1/zOK/ev6YxX+N/DGL/5r5Yxb/V+SPWfzXyh+z+K+dP2bxXyd/zOK/bv6YxX+9/DGL/4j8MYv/yPwxi//6+WMW/w3yxyz+r8wfs/hvmD9m8d8of8ziv3H+mMV/k/wxi/+m+WMW/1flj1n8N8sfs/hvnj9m8d8if8ziv2X+mMV/q/wxi//W+WMW/1fnj1n8t8kfs/hvmz9m8d8uf8ziv33+mMX/NfljFv/X5o9Z/HfIH7P4vy5/zOK/Y/6YxX+n/DGL/+vzxyz+b8gfs/i/MX/M4v+m/DGL/875Yxb/XfLHLP5vzh+z+L8lf8ziv2v+mMV/t/wxi/9b88cs/rvnj1n898gfs/jvmT9m8X9b/pjF/+35Yxb/vfLHLP57549Z/PfJH7P4vyN/zOK/b/6Yxf+d+WMW//3yxyz+78ofs/jvnz9m8X93/pjF/4D8MYv/e/LHLP4H5o9Z/A/KH7P4H5w/9sL3n2bsw1TvzR974fuPa6r35Y9Z/N+fP2bx/0D+mMX/kPwxi/+o/DGL/6H5Yxb/w/LHLP4fzB+z+H8of8zif3j+mMX/w/ljFv+P5I9Z/D+aP2bxPyJ/zOJ/ZP6Yxf+o/DGL/8fyxyz+R+ePWfw/nj9m8T8mf8zif2z+mMX/E/ljFv9P5o9Z/I/LH7P4H58/ZvE/IX/M4v+p/DGL/6fzxyz+J+aPWfxPyh+z+H8mf8zi/9n8MYv/yfljFv9T8scs/qfmj1n8T8sfs/ifnj9m8T8jf8zi/7n8MYv/mfljFv+z8scs/mfnj1n8P58/ZvE/J3/M4n9u/pjF/wv5Yxb/8/LHLP7n549Z/C/IH7P4fzF/zOL/pfwxi/+X88cs/hfmj1n8L8ofs/hfnD9m8f9K/pjF/5L8MYv/pfljFv/L8scs/pfnj1n8r8gfs/hfmT9m8b8qf8zif3X+mMX/q/ljFv+v5Y9Z/K/JH7P4fz1/zOJ/bf6Yxf8b+WMW/+vyxyz+38wfs/hfnz9m8f9W/pjF/9v5Yxb/G/LHLP435o9Z/G/KH7P4j84fs/jfnD9m8f9O/pjF/5b8MYv/d/PHLP635o9Z/G/LH7P4fy9/zOL//fwxi/8P8scs/rfnj1n878gfs/jfmT9m8f9h/pjF/0f5Yxb/H+ePWfx/kj9m8f9p/pjF/678MYv/3fljFv978scs/vfmj1n8f5Y/ZvH/ef6Yxf8X+WMW//vyxyz+9+ePWfx/mT9m8f9V/pjF/9f5Yxb/B/LHLP6/yR+z+P82f8zi/2D+mMX/d/ljFv+H8scs/r/PH7P4/yF/zOL/cP6Yxf+P+WMW/z/lj1n8/5w/ZvH/S/6Yxf+v+WMW/0fyxyz+j+aPWfwfyx+z+D+eP2bxfyJ/zOL/ZP6Yxf+p/DGL/9P5Yxb/Z/LHLP5j8sck/lMP8scs/kP5Yxb/YfljFv+p8scs/lPnj1n8p8kfs/hPmz9m8Z8uf8ziP33+mMV/eP6YxX+G/DGL/4z5Yxb/mfLHLP4z549Z/GfJH7P4z5o/ZvGfLX/M4j97/pjFf478MYv/nPljFv+58scs/i/KH7P4z50/ZvF/cf6YxX+e/DGL/0vyxyz+8+aPWfxfmj9m8X9Z/pjFf778MYv/y/PHLP7z549Z/BfIH7P4L5g/ZvFfKH/M4r9w/pjFf5H8MYv/ovljFv/F8scs/ovnj1n8l8gfs/gvmT9m8V8qf8ziv3T+mMV/mfwxi/+y+WMW/+Xyxyz+y+ePWfxXyB+z+K+YP2bxXyl/zOK/cv6YxX+V/DGL/6r5Yxb/1fLHLP6r549Z/NfIH7P4r5k/ZvF/Rf6YxX+t/DGL/9r5Yxb/dfLHLP7r5o9Z/NfLH7P4j8gfs/iPzB+z+K+fP2bx3yB/zOL/yvwxi/+G+WMW/43yxyz+G+ePWfw3yR+z+G+aP2bxf1X+mMV/s/wxi//m+WMW/y3yxyz+W+aPWfy3yh+z+G+dP2bxf3X+mMV/m/wxi/+2+WMW/+3yxyz+2+ePWfxfkz9m8X9t/pjFf4f8MYv/6/LHLP475o9Z/HfKH7P4vz5/zOL/hvwxi/8b88cs/m/KH7P475w/ZvHfJX/M4v/m/DGL/1vyxyz+u+aPWfx3yx+z+L81f8ziv3v+mMV/j/wxi/+e+WMW/7flj1n8354/ZvHfK3/M4r93/pjFf5/8MYv/O/LHLP775o9Z/N+ZP2bx3y9/zOL/rvwxi//++WMW/3fnj1n8D8gfs/i/J3/M4n9g/pjF/6D8MYv/wfljFv/35o9Z/N+XP2bxf3/+mMX/A/ljFv9D8scs/qPyxyz+h+aPWfwPyx+z+H8wf8zi/6H8MYv/4fljFv8P549Z/D+SP2bx/2j+mMX/iPwxi/+R+WMW/6Pyxyz+H8sfs/gfnT9m8f94/pjF/5j8MYv/sfljFv9P5I9Z/D+ZP2bxPy5/zOJ/fP6Yxf+E/DGL/6fyxyz+n84fs/ifmD9m8T8pf8zi/5n8MYv/Z/PHLP4n549Z/E/JH7P4n5o/ZvE/LX/M4n96/pjF/4z8MYv/5/LHLP5n5o9Z/M/KH7P4n50/ZvH/fP6Yxf+c/DGL/7n5Yxb/L+SPWfzPyx+z+J+fP2bxvyB/zOL/xfwxi/+X8scs/l/OH7P4X5g/ZvG/KH/M4n9x/pjF/yv5Yxb/S/LHLP6X5o9Z/C/LH7P4X54/ZvG/In/M4n9l/pjF/6r8MYv/1fljFv+v5o9Z/L+WP2bxvyZ/zOL/9fwxi/+1+WMW/2/kj1n8r8sfs/h/M3/M4n99/pjF/1v5Yxb/b+ePWfxvyB+z+N+YP2bxvyl/zOI/On/M4n9z/pjF/zv5Yxb/W/LHLP7fzR+z+N+aP2bxvy1/zOL/vfwxi//388cs/j/IH7P4354/ZvG/I3/M4n9n/pjF/4f5Yxb/H+WPWfx/nD9m8f9J/pjF/6f5Yxb/u/LHLP53549Z/O/JH7P435s/ZvH/Wf6Yxf/n+WMW/1/kj1n878sfs/jfnz9m8f9l/pjF/1f5Yxb/X+ePWfwfyB+z+P8mf8zi/9v8MYv/g/ljFv/f5Y9Z/B/KH7P4/z5/zOL/h/wxi//D+WMW/z/mj1n8/5Q/ZvH/c/6Yxf8v+WMW/7/mj1n8H8kfs/g/mj9m8X8sf8zi/3j+mMX/ifwxi/+T+WMW/6fyxyz+T+ePWfyfyR+z+I/JH5P4TzPIH7P4D+WPWfyH5Y9Z/KfKH7P4T50/ZvGfJn/M4j9t/pjFf7r8MYv/9PljFv/h+WMW/xnyxyz+M+aPWfxnyh+z+M+cP2bxnyV/zOI/a/6YxX+2/DGL/+z5Yxb/OfLHLP5z5o9Z/OfKH7P4vyh/zOI/d/6Yxf/F+WMW/3nyxyz+L8kfs/jPmz9m8X9p/pjF/2X5Yxb/+fLHLP4vzx+z+M+fP2bxXyB/zOK/YP6YxX+h/DGL/8L5Yxb/RfLHLP6L5o9Z/BfLH7P4L54/ZvFfIn/M4r9k/pjFf6n8MYv/0vljFv9l8scs/svmj1n8l8sfs/gvnz9m8V8hf8ziv2L+mMV/pfwxi//K+WMW/1Xyxyz+q+aPWfxXyx+z+K+eP2bxXyN/zOK/Zv6Yxf8V+WMW/7Xyxyz+a+ePWfzXyR+z+K+bP2bxXy9/zOI/In/M4j8yf8ziv37+mMV/g/wxi/8r88cs/hvmj1n8N8ofs/hvnD9m8d8kf8ziv2n+mMX/VfljFv/N8scs/pvnj1n8t8gfs/hvmT9m8d8qf8ziv3X+mMX/1fljFv9t8scs/tvmj1n8t8sfs/hvnz9m8X9N/pjF/7X5Yxb/HfLHLP6vyx+z+O+YP2bx3yl/zOL/+vwxi/8b8scs/m/MH7P4vyl/zOK/c/6YxX+X/DGL/5vzxyz+b8kfs/jvmj9m8d8tf8zi/9b8MYv/7vljFv898scs/nvmj1n835Y/ZvF/e/6YxX+v/DGL/975Yxb/ffLHLP7vyB+z+O+bP2bxf2f+mMV/v/wxi/+78scs/vvnj1n8350/ZvE/IH/M4v+e/DGL/4H5Yxb/g/LHLP4H549Z/N+bP2bxf1/+mMX//fljFv8P5I9Z/A/JH7P4j8ofs/gfmj9m8T8sf8zi/8H8MYv/h/LHLP6H549Z/D+cP2bx/0j+mMX/o/ljFv8j8scs/kfmj1n8j8ofs/h/LH/M4n90/pjF/+P5Yxb/Y/LHLP7H5o9Z/D+RP2bx/2T+mMX/uPwxi//x+WMW/xPyxyz+n8ofs/h/On/M4n9i/pjF/6T8MYv/Z/LHLP6fzR+z+J+cP2bxPyV/zOJ/av6Yxf+0/DGL/+n5Yxb/M/LHLP6fyx+z+J+ZP2bxPyt/zOJ/dv6Yxf/z+WMW/3Pyxyz+5+aPWfy/kD9m8T8vf8zif37+mMX/gvwxi/8X88cs/l/KH7P4fzl/zOJ/Yf6Yxf+i/DGL/8X5Yxb/r+SPWfwvyR+z+F+aP2bxvyx/zOJ/ef6Yxf+K/DGL/5X5Yxb/q/LHLP5X549Z/L+aP2bx/1r+mMX/mvwxi//X88cs/tfmj1n8v5E/ZvG/Ln/M4v/N/DGL//X5Yxb/b+WPWfy/nT9m8b8hf8zif2P+mMX/pvwxi//o/DGL/835Yxb/7+SPWfxvyR+z+H83f8zif2v+mMX/tvwxi//38scs/t/PH7P4/yB/zOJ/e/6Yxf+O/DGL/535Yxb/H+aPWfx/lD9m8f9x/pjF/yf5Yxb/n+aPWfzvyh+z+N+dP2bxvyd/zOJ/b/6Yxf9n+WMW/5/nj1n8f5E/ZvG/L3/M4n9//pjF/5f5Yxb/X+WPWfx/nT9m8X8gf8zi/5v8MYv/b/PHLP4P5o9Z/H+XP2bxfyh/zOL/+/wxi/8f8scs/g/nj1n8/5g/ZvH/U/6Yxf/P+WMW/7/kj1n8/5o/ZvF/JH/M4v9o/pjF/7H8MYv/4/ljFv8n8scs/k/mj1n8n8ofs/g/nT9m8X8mf8ziPyZ/TOI/7SB/zOI/lD9m8R+WP2bxnyp/zOI/df6YxX+a/DGL/7T5Yxb/6fLHLP7T549Z/Ifnj1n8Z8gfs/jPmD9m8Z8pf8ziP3P+mMV/lvwxi/+s+WMW/9nyxyz+s+ePWfznyB+z+M+ZP2bxnyt/zOL/ovwxi//c+WMW/xfnj1n858kfs/i/JH/M4j9v/pjF/6X5Yxb/l+WPWfznyx+z+L88f8ziP3/+mMV/gfwxi/+C+WMW/4Xyxyz+C+ePWfwXyR+z+C+aP2bxXyx/zOK/eP6YxX+J/DGL/5L5Yxb/pfLHLP5L549Z/JfJH7P4L5s/ZvFfLn/M4r98/pjFf4X8MYv/ivljFv+V8scs/ivnj1n8V8kfs/ivmj9m8V8tf8ziv3r+mMV/jfwxi/+a+WMW/1fkj1n818ofs/ivnT9m8V8nf8ziv27+mMV/vfwxi/+I/DGL/8j8MYv/+vljFv8N8scs/q/MH7P4b5g/ZvHfKH/M4r9x/pjFf5P8MYv/pvljFv9X5Y9Z/DfLH7P4b54/ZvHfIn/M4r9l/pjFf6v8MYv/1vljFv9X549Z/LfJH7P4b5s/ZvHfLn/M4r99/pjF/zX5Yxb/1+aPWfx3yB+z+L8uf8ziv2P+mMV/p/wxi//r88cs/m/IH7P4vzF/zOL/pvwxi//O+WMW/13yxyz+b84fs/i/JX/M4r9r/pjFf7f8MYv/W/PHLP67549Z/PfIH7P475k/ZvF/W/6Yxf/t+WMW/73yxyz+e+ePWfz3yR+z+L8jf8ziv2/+mMX/nfljFv/98scs/u/KH7P4758/ZvF/d/6Yxf+A/DGL/3vyxyz+B+aPWfwPyh+z+B+cP2bxf2/+mMX/ffljFv/3549Z/D+QP2bxPyR/zOI/Kn/M4n9o/pjF/7D8MYv/B/PHLP4fyh+z+B+eP2bx/3D+mMX/I/ljFv+P5o9Z/I/IH7P4H5k/ZvE/Kn/M4v+x/DGL/9H5Yxb/j+ePWfyPyR+z+B+bP2bx/0T+mMX/k/ljFv/j8scs/sfnj1n8T8gfs/h/Kn/M4v/p/DGL/4n5Yxb/k/LHLP6fyR+z+H82f8zif3L+mMX/lPwxi/+p+WMW/9Pyxyz+p+ePWfzPyB+z+H8uf8zif2b+mMX/rPwxi//Z+WMW/8/nj1n8z8kfs/ifmz9m8f9C/pjF/7z8MYv/+fljFv8L8scs/l/MH7P4fyl/zOL/5fwxi/+FSv/5/+kZFv+LlP7/PIv/xfljFv+v5I9Z/C/JH7P4X5o/ZvG/LH/M4n95/pjF/4r8MYv/lfljFv+r8scs/lfnj1n8v5o/ZvH/Wv6Yxf+a/DGL/9fzxyz+1+aPWfy/kT9m8b8uf8zi/838MYv/9fljFv9v5Y9Z/L+dP2bxvyF/zOJ/Y/6Yxf+m/DGL/+j8MYv/zfljFv/v5I9Z/G/JH7P4fzd/zOJ/a/6Yxf+2/DGL//fyxyz+388fs/j/IH/M4n97/pjF/478MYv/nfljFv8f5o9Z/H+UP2bx/3H+mMX/J/ljFv+f5o9Z/O/KH7P4350/ZvG/J3/M4n9v/pjF/2f5Yxb/n+ePWfx/kT9m8b8vf8zif3/+mMX/l/ljFv9f5Y9Z/H+dP2bxfyB/zOL/m/wxi/9v88cs/g/mj1n8f5c/ZvF/KP9JTTfZc4v/7/PHLP5/yB+z+D+cP2bx/2P+mMX/T/ljFv8/549Z/P+SP2bx/2v+mMX/kfwxi/+j+WMW/8fyxyz+j+ePWfyfyB+z+D+ZP2bxfyp/zOL/dP6Yxf+Z/DGL/5j8MYn/uP/LU/7PzuI/lD9m8R+WP2bxnyp/zOI/df6YxX+a/DGL/7T5Yxb/6fLHLP7T549Z/Ifnj1n8Z8gfs/jPmD9m8Z8pf8ziP3P+mMV/lvwxi/+s+WMW/9nyxyz+s+ePWfznyB+z+M+ZP2bxnyt/zOL/ovwxi//c+WMW/xfnj1n858kfs/i/JH/M4j9v/pjF/6X5Yxb/l+WPWfznyx+z+L88f8ziP3/+mMV/gfwxi/+C+WMW/4Xyxyz+C+ePWfwXyR+z+C+aP2bxXyx/zOK/eP6YxX+J/DGL/5L5Yxb/pfLHLP5L549Z/JfJH7P4L5s/ZvFfLn/M4r98/pjFf4X8MYv/ivljFv+V8scs/ivnj1n8V8kfs/ivmj9m8V8tf8ziv3r+mMV/jfwxi/+a+WMW/1fkj1n818ofs/ivnT9m8V8nf8ziv27+mMV/vfwxi/+I/DGL/8j8MYv/+vljFv8N8scs/q/MH7P4b5g/ZvHfKH/M4r9x/pjFf5N/4r/e/9/j+g/N4r9p6x+z+L8qf8ziv1n+mMV/8/wxi/8W+WMW/y3zx16Y/iPGPZ3cf6v8sRem//gm9986f8zi/+r8MYv/NvljFv9t88cs/tvlj1n8t88fs/i/Jn/M4v/a/DGL/w75Yxb/1+WPWfx3zB+z+O+UP2bxf33+mMX/DfljFv835o9Z/N+UP2bx3zl/zOK/S/6Yxf/N+WMW/7fkj1n8d80fs/jvlj9m8X9r/pjFf/f8MYv/HvljFv8988cs/m/LH7P4vz1/zOK/V/6YxX/v/DGL/z75Yxb/d+SPWfz3zR+z+L8zf8ziv1/+mMX/XfljFv/988cs/u/OH7P4H5A/ZvF/T/6Yxf/A/DGL/0H5Yxb/g/PHLP7vzR+z+L8vf8zi//78MYv/B/LHLP6H5I9Z/Eflj1n8D80fs/gflj9m8f9g/pjF/0P5Yxb/w/PHLP4fzh+z+H8kf8zi/9H8MYv/EfljFv8j88cs/kflj1n8P5Y/ZvE/On/M4v/x/DGL/zH5Yxb/Y/PHLP6fyB+z+H8yf8zif1z+mMX/+Pwxi/8J+WMW/0/lj1n8P50/ZvE/MX/M4n9S/pjF/zP5Yxb/z+aPWfxPzh+z+J+SP2bxPzV/zOJ/Wv6Yxf/0/DGL/xn5Yxb/z+WPWfzPzB+z+J+VP2bxPzt/zOL/+fwxi/85+WMW/3Pzxyz+X8gfs/iflz9m8T8/f8zif0H+mMX/i/ljFv8v5Y9Z/L+cP2bxvzB/zOJ/Uf6Yxf/i/DGL/1fyxyz+l+SPWfwvzR+z+F+WP2bxvzx/zOJ/Rf6Yxf/K/DGL/1X5Yxb/q/PHLP5fzR+z+H8tf8zif03+2NDITRT+X88fs6z/a/PHLP7fyB+z+F+XP2bx/2b+mMX/+vwxi/+38scs/t/OH7P435A/ZvG/MX/M4n9T/pjFf3T+mMX/5vwxi/938scs/rfkj1n8v5s/ZvG/NX/M4n9b/pjF/3v5Yxb/7+ePWfx/kD9m8b89f8zif0f+mMX/zvwxi/8P88cs/j/KH7P4/zh/zOL/k/wxi/9P88cs/nflj1n8784fs/jfkz9m8b83f8zi/7P8MYv/z/PHLP6/yB+z+N+XP2bxvz9/zOL/y/wxi/+v8scs/r/OH7P4P5A/ZvH/Tf6Yxf+3+WMW/wfzxyz+v8sfs/g/lD9m8f99/pjF/w/5Yxb/h/PHLP5/zB+z+P8pf8zi/+f8MYv/X/LHLP5/zR+z+D+SP2bxfzR/zOL/WP6Yxf/x/DGL/xP5Yxb/J/PHLP5P5Y9Z/J/OH7P4P5M/ZvEfkz8m8Z9+kD9m8R/KH7P4D8sfs/hPlT9m8Z86f8ziP03+mMV/2vwxi/90+WMW/+nzxyz+w/PHLP4z5I9Z/GfMH7P4z5Q/ZvGfOX/M4j9L/pjFf9b8MYv/bPljFv/Z88cs/nPkj1n858wfs/jPlT9m8X9R/pjFf+78MYv/i/PHLP7z5I9Z/F+SP2bxnzd/zOL/0vwxi//L8scs/vPlj1n8X54/ZvGfP3/M4r9A/pjFf8H8MYv/QvljFv+F88cs/ovkj1n8F80fs/gvlj9m8V88f8ziv0T+mMV/yfwxi/9S+WMW/6Xzxyz+y+SPWfyXzR+z+C+XP2bxXz5/zOK/Qv6YxX/F/DGL/0r5Yxb/lfPHLP6r5I9Z/FfNH7P4r5Y/ZvFfPX/M4r9G/pjFf838MYv/K/LHLP5r5Y9Z/NfOH7P4r5M/ZvFfN3/M4r9e/pjFf0T+mMV/ZP6YxX/9/DGL/wb5Yxb/V+aPWfw3zB+z+G+UP2bx3zh/zOK/Sf6YxX/T/DGL/6vyxyz+m+WPWfw3zx+z+G+RP2bx3zJ/zOK/Vf6YxX/r/DGL/6vzxyz+2+SPWfy3zR+z+G+XP2bx3z5/zOL/mvwxi/9r88cs/jvkj1n8X5c/ZvHfMX/M4r9T/pjF//X5Yxb/N+SPWfzfmD9m8X9T/pjFf+f8MYv/LvljFv83549Z/N+SP2bx3zV/zOK/W/6Yxf+t+WMW/93zxyz+e+SPWfz3zB+z+L8tf8zi//b8MYv/XvljFv+988cs/vvkj1n835E/ZvHfN3/M4v/O/DGL/375Yxb/d+WPWfz3zx+z+L87f8zif0D+mMX/PfljFv8D88cs/gflj1n8D84fs/i/N3/M4v++/DGL//vzxyz+H8gfs/gfkj9m8R+VP2bxPzR/zOJ/WP6Yxf+D+WMW/w/lj1n8D88fs/h/OH/M4v+R/DGL/0fzxyz+R+SPWfyPzB+z+B+VP2bx/1j+mMX/6Pwxi//H88cs/sfkj1n8j80fs/h/In/M4v/J/DGL/3H5Yxb/4/PHLP4n5I9Z/D+VP2bx/3T+mMX/xPwxi/9J+WMW/8/kj1n8P5s/ZvE/OX/M4n9K/pjF/9T8MYv/afljFv/T88cs/mfkj1n8P5c/ZvE/M3/M4n9W/pjF/+z8MYv/5/PHLP7n5I9Z/M/NH7P4fyF/zOJ/Xv6Yxf/8/DGL/wX5Yxb/L+aPWfy/lD9m8f9y/pjF/8L8MYv/RfljFv+L88cs/l/JH7P4X5I/ZvG/NH/M4n9Z/pjF//L8MYv/FfljFv8r88cs/lflj1n8r84fs/h/NX/M4v+1/DGL/zX5Yxb/r+ePWfyvzR+z+H8jf8zif13+mMX/m/ljFv/r88cs/t/KH7P4fzt/zOJ/Q/6Yxf/G/DGL/035Yxb/0fljFv+b88cs/t/JH7P435I/ZvH/bv6Yxf/W/DGL/235Yxb/7+WPWfy/nz9m8f9B/pjF//b8MYv/HfljFv8788cs/j/MH7P4/yh/zOL/4/wxi/9P8scs/j/NH7P435U/ZvG/O3/M4n9P/pjF/978MYv/z/LHLP4/zx+z+P8if8zif1/+mMX//vwxi/8v88cs/r/KH7P4/zp/zOL/QP6Yxf83+WMW/9/mj1n8H8wfs/j/Ln/M4v9Q/pjF//f5Yxb/P+SPWfwfzh+z+P8xf8zi/6f8MYv/n/PHLP5/yR+z+P81f8zi/0j+mMX/0fwxi/9j+WMW/8fzxyz+T+SPWfyfzB+z+D+VP2bxfzp/zOL/TP6YxX9M/pjEf/ggf8ziP5Q/ZvEflj9m8Z8qf8ziP3X+mMV/mvwxi/+0+WMW/+nyxyz+0+ePWfyH549Z/GfIH7P4z5g/ZvGfKX/M4j9z/pjFf5b8MYv/rPljFv/Z8scs/rPnj1n858gfs/jPmT9m8Z8rf8zi/6L8MYv/3PljFv8X549Z/OfJH7P4vyR/zOI/b/6Yxf+l+WMW/5flj1n858sfs/i/PH/M4j9//pjFf4H8MYv/gvljFv+F8scs/gvnj1n8F8kfs/gvmj9m8V8sf8ziv3j+mMV/ifwxi/+S+WMW/6Xyxyz+S+ePWfyXyR+z+C+bP2bxXy5/zOK/fP6YxX+F/DGL/4r5Yxb/lfLHLP4r549Z/FfJH7P4r5o/ZvFfLX/M4r96/pjFf438MYv/mvljFv9X5I9Z/NfKH7P4r50/ZvFfJ3/M4r9u/pjFf738MYv/iPwxi//I/DGL//r5Yxb/DfLHLP6vzB+z+G+YP2bx3yh/zOK/cf6YxX+T/DGL/6b5Yxb/V+WPWfw3yx+z+G+eP2bx3yJ/zOK/Zf6YxX+r/DGL/9b5Yxb/V+ePWfy3yR+z+G+bP2bx3y5/zOK/ff6Yxf81+WMW/9fmj1n8d8gfs/i/Ln/M4r9j/pjFf6f8MYv/6/PHLP5vyB+z+L8xf8zi/6b8MYv/zvljFv9d8scs/m/OH7P4vyV/zOK/a/6YxX+3/DGL/1vzxyz+u+ePWfz3yB+z+O+ZP2bxf1v+mMX/7fljFv+98scs/nvnj1n898kfs/i/I3/M4r9v/pjF/535Yxb//fLHLP7vyh+z+O+fP2bxf3f+mMX/gPwxi/978scs/gfmj1n8D8ofs/gfnD9m8X9v/pjF/335Yxb/9+ePWfw/kD9m8T8kf8ziPyp/zOJ/aP6Yxf+w/DGL/wfzxyz+H8ofs/gfnj9m8f9w/pjF/yP5Yxb/j+aPWfyPyB+z+B+ZP2bxPyp/zOL/sfwxi//R+WMW/4/nj1n8j8kfs/gfmz9m8f9E/pjF/5P5Yxb/4/LHLP7H549Z/E/IH7P4fyp/zOL/6fwxi/+J+WMW/5Pyxyz+n8kfs/h/Nn/M4n9y/pjF/5T8MYv/qfljFv/T8scs/qfnj1n8z8gfs/h/Ln/M4n9m/pjF/6z8MYv/2fljFv/P549Z/M/JH7P4n5s/ZvH/Qv6Yxf+8/DGL//n5Yxb/C/4l/0P+/xvXf2gW/y+2/jGL/5fyxyz+X84fs/hfmD9m8b8of8zif3H+mMX/K/ljFv9L8scs/pfmj1n8L8sfs/hfnj9m8b8if8zif2X+mMX/qvwxi//V+WMW/6/mj1n8v5Y/ZvG/Jn/M4v/1/DGL/7X5Yxb/b+SPWfyvyx+z+H8zf8zif33+mMX/W/ljFv9v549Z/G/IH7P435g/ZvG/KX/M4j86f8zif3P+mMX/O/ljFv9b8scs/t/NH7P435o/ZvG/LX/M4v+9/DGL//fzxyz+P8gfs/jfnj9m8b8jf8zif2f+mMX/h/ljFv8f5Y9Z/H+cP2bx/0n+mMX/p/ljFv+78scs/nfnj1n878kfs/jfmz9m8f9Z/pjF/+f5Yxb/X+SPWfzvyx+z+N+fP2bx/2X+mMX/V/ljFv9f549Z/B/IH7P4/yZ/zOL/2/wxi/+D+WMW/9/lj1n8H8ofs/j/Pn/M4v+H/DGL/8P5Yxb/P+aPWfz/lD9m8f9z/pjF/y/5Yxb/v+aPWfwfyR+z+D+aP2bxfyx/zOL/eP6Yxf+J/DGL/5P5Yxb/p/LHLP5P549Z/J/JH7P4j8kfk/jPMMgfs/gP5Y9Z/Iflj1n8p8ofs/hPnT9m8Z8mf8ziP23+mMV/uvwxi//0+WMW/+H5Yxb/GfLHLP4z5o9Z/GfKH7P4z5w/ZvGfJX/M4j9r/pjFf7b8MYv/7PljFv858scs/nPmj1n858ofs/i/KH/M4j93/pjF/8X5Yxb/efLHLP4vyR+z+M+bP2bxf2n+mMX/ZfljFv/58scs/i/PH7P4z58/ZvFfIH/M4r9g/pjFf6H8MYv/wvljFv9F8scs/ovmj1n8F8sfs/gvnj9m8V8if8ziv2T+mMV/qfwxi//S+WMW/2Xyxyz+y+aPWfyXyx+z+C+fP2bxXyF/zOK/Yv6YxX+l/DGL/8r5Yxb/VfLHLP6r5o9Z/FfLH7P4r54/ZvFfI3/M4r9m/pjF/xX5Yxb/tfLHLP5r549Z/NfJH7P4r5s/ZvFfL3/M4j8if8ziPzJ/zOK/fv6YxX+D/DGL/yvzxyz+G+aPWfw3yh+z+G+cP2bx3yR/zOK/af6Yxf9V+WMW/83yxyz+m+ePWfy3yB+z+G+ZP2bx3yp/zOK/df6Yxf/V+WMW/23yxyz+2+aPWfy3yx+z+G+fP2bxf03+mMX/tfljFv8d8scs/q/LH7P475g/ZvHfKX/M4v/6/DGL/xvyxyz+b8wfs/i/KX/M4r9z/pjFf5f8MYv/m/PHLP5vyR+z+O+aP2bx3y1/zOL/1vwxi//u+WMW/z3yxyz+e+aPWfzflj9m8X97/pjFf6/8MYv/3vljFv998scs/u/IH7P475s/ZvF/Z/6YxX+//DGL/7vyxyz+++ePWfzfnT9m8T8gf8zi/578MYv/gfljFv+D8scs/gfnj1n835s/ZvF/X/6Yxf/9+WMW/w/kj1n8D8kfs/iPyh+z+B+aP2bxPyx/zOL/wfwxi/+H8scs/ofnj1n8P5w/ZvH/SP6Yxf+j+WMW/yPyxyz+R+aPWfyPyh+z+H8sf8zif3T+mMX/4/ljFv9j8scs/sfmj1n8P5E/ZvH/ZP6Yxf+4/DGL//H5Yxb/E/LHLP6fyh+z+H86f8zif2L+mMX/pPwxi/9n8scs/p/NH7P4n5w/ZvE/JX/M4n9q/pjF/7T8MYv/6fljFv8z8scs/p/LH7P4n5k/ZvE/K3/M4n92/pjF//P5Yxb/c/LHLP7n5o9Z/L+QP2bxPy9/zOJ/fv6Yxf+C/DGL/xfzxyz+X8ofs/h/OX/M4n9h/pjF/6L8MYv/xfljFv+v5I9Z/C/JH7P4X5o/ZvG/LH/M4n95/pjF/4r8MYv/lfljFv+r8scs/lfnj1n8v5o/ZvH/Wv6Yxf+a/DGL/9fzxyz+1+aPWfy/kT9m8b8uf8zi/838MYv/9fljFv9v5Y9Z/L+dP2bxvyF/zOJ/Y/6Yxf+m/DGL/+j8MYv/zfljFv/v5I9Z/G/JH7P4fzd/zOJ/a/6Yxf+2/DGL//fyxyz+388fs/j/IH/M4n97/pjF/478MYv/nfljFv8f5o9Z/H+UP2bx/3H+mMX/J/ljFv+f5o9Z/O/KH7P4350/ZvG/J3/M4n9v/pjF/2f5Yxb/n+ePWfx/kT9m8b8vf8zif3/+mMX/l/ljL0z/Wad8dYZf5Y+9MP3HN/n6/3X+mMX/gfwxi/9v8scs/r/NH7P4P5g/ZvH/Xf6Yxf+h/DGL/+/zxyz+f8gfs/g/nD9m8f9j/pjF/0/5Yxb/P+ePWfz/kj9m8f9r/pjF/5H8MYv/o/ljFv/H8scs/o/nj1n8n8gfs/g/mT9m8X8qf8zi/3T+mMX/mfwxi/+Y/DGJ/4yD/DGL/1D+mMV/WP6YxX+q/DGL/9T5Yxb/afLHLP7T5o9Z/KfLH7P4T58/ZvEfnj9m8Z8hf8ziP2P+mMV/pvwxi//M+WMW/1nyxyz+s+aPWfxnyx+z+M+eP2bxnyN/zOI/Z/6YxX+u/DGL/4vyxyz+c+ePWfxfnD9m8Z8nf8zi/5L8MYv/vPljFv+X5o9Z/F+WP2bxny9/zOL/8vwxi//8+WMW/wXyxyz+C+aPWfwXyh+z+C+cP2bxXyR/zOK/aP6YxX+x/DGL/+L5Yxb/JfLHLP5L5o9Z/JfKH7P4L50/ZvFfJn/M4r9s/pjFf7n8MYv/8vljFv8V8scs/ivmj1n8V8ofs/ivnD9m8V8lf8ziv2r+mMV/tfwxi//q+WMW/zXyxyz+a+aPWfxfkT9m8V8rf8ziv3b+mMV/nfwxi/+6+WMW//Xyxyz+I/LHLP4j88cs/uvnj1n8N8h/MGbMmDFTvmbxf2X+mMV/w/wxi/9G+WMW/43zxyz+m+SPWfw3zR+z+L8qf8ziv1n+mMV/8/wxi/8W+WMW/y3zxyz+W+WPWfy3zh+z+L86f8ziv03+mMV/2/wxi/92+WMW/+3zxyz+r8kfs/i/Nn/M4r9D/pjF/3X5Yxb/HfPHLP475Y9Z/F+fP2bxf0P+mMX/jfljFv835Y9Z/HfOH7P475I/ZvF/c/6Yxf8t+WMW/13zxyz+u+WPWfzfmj9m8d89f8ziv0f+mMV/z/wxi//b8scs/m/PH7P475U/ZvHfO3/M4r9P/pjF/x35Yxb/ffPHLP7vzB+z+O+XP2bxf1f+mMV///wxi/+788cs/gfkj1n835M/ZvE/MH/M4n9Q/pjF/+D8MYv/e/PHLP7vyx+z+L8/f8zi/4H8MYv/IfljFv9R+WMW/0Pzxyz+h+WPWfw/mD9m8f9Q/pjF//D8MYv/h/PHLP4fyR+z+H80f8zif0T+mMX/yPwxi/9R+WMW/4/lj1n8j84fs/h/PH/M4n9M/pjF/9j8MYv/J/LHLP6fzB+z+B+XP2bxPz5/zOJ/Qv6Yxf9T+WMW/0/nj1n8T8wfs/iflD9m8f9M/pjF/7P5Yxb/k/PHLP6n5I9Z/E/NH7P4n5Y/ZvE/PX/M4n9G/pjF/3P5Yxb/M/PHLP5n5Y9Z/M/OH7P4fz5/zOJ/Tv6Yxf/c/DGL/xfyxyz+5+WPWfzPzx+z+F+QP2bx/2L+mMX/S/ljFv8v549Z/C/MH7P4X5Q/ZvG/OH/M4v+V/DGL/yX5Yxb/S/PHLP6X5Y9Z/C/PH7P4X5E/ZvG/Mn/M4n9V/pjF/+r8MYv/V/PHLP5fyx+z+F+TP2bx/3r+mMX/2vwxi/838scs/tflj1n8v5k/ZvG/Pn/M4v+t/DGL/7fzxyz+N+SPWfxvzB+z+N+UP2bxH50/ZvG/OX/M4v+d/DGL/y35Yxb/7+aPWfxvzR+z+N+WP2bx/57Zf7/nPmTx/77Z/x9k8f9B/pjF//b8MYv/HfljFv8788cs/j/MH7P4/yh/zOL/4/wxi/9P8scs/j/NH7P435U/ZvG/O3/M4n9P/pjF/978MYv/z/LHLP4/zx+z+P8if8zif1/+mMX//vwxi/8v88cs/r/KH7P4/zp/zOL/QP6Yxf83+WMW/9/mj1n8H8wfs/j/Ln/M4v9Q/pjF//f5Yxb/P+SPWfwfzh+z+P8xf8zi/6f8MYv/n8c+zvY8jek/OIv/X1r/mMX/r/ljFv9H8scs/o/mj1n8H8sfs/g/nj9m8X8if8zi/2T+mMX/qfwxi//T+WMW/2fyxyz+Y/LHJP4zDfLHLP5Df/PfYoPnZWD/mVn8h7X+MYv/VPljFv+p88cs/tPkj1n8p80fs/hPlz9m8Z8+f8ziPzx/zOI/Q/6YxX/G/DGL/0z5Yxb/mfPHLP6z5I9Z/GfNH7P4z5Y/ZvGfPX/M4j9H/pjFf878MYv/XPljFv8X5Y9Z/OfOH7P4vzh/zOI/T/6Yxf8l+WMW/3nzxyz+L80fs/i/LH/M4j9f/pjF/+X5Yxb/+fPHLP4L5I9Z/BfMH7P4L5Q/ZvFfOH/M4r9I/pjFf9H8MYv/YvljFv/F88cs/kvkj1n8l8wfs/gvlT9m8V86f8ziv0z+mMV/2fwxi/9y+WMW/+Xzxyz+K+SPWfxXzB+z+K+UP2bxXzl/zOK/Sv6YxX/V/DGL/2r5Yxb/1fPHLP5r5I9Z/NfMH7P4vyJ/zOK/Vv6YxX/t/DGL/zr5Yxb/dfPHLP7r5Y9Z/Efkj1n8R+aPWfzXzx+z+G+QP2bxf2X+mMV/w/wxi/9G+WMW/43zxyz+m+SPWfw3zR+z+L8qf8ziv1n+mMV/8/wxi/8W+WMW/y3zxyz+W+WPWfy3zh+z+L86f8ziv03+mMV/2/wxi/92+WMW/+3zxyz+r8kfs/i/Nn/M4r9D/pjF/3X5Yxb/HfPHLP475Y9Z/F+fP2bxf0P+mMX/jfljFv835Y9Z/HfOH7P475I/ZvF/c/6Yxf8t+WMW/13zxyz+u+WPWfzfmj9m8d89f8ziv0f+mMV/z/wxi//b8scs/m/PH7P475U/ZvHfO3/M4r9P/pjF/x35Yxb/ffPHLP7vzB+z+O+XP2bxf1f+mMV///wxi/+788cs/gfkj1n835M/ZvE/MH/M4n9Q/pjF/+D8MYv/e/PHLP7vyx+z+L8/f8zi/4H8MYv/IfljFv9R+WMW/0Pzxyz+h+WPWfw/mD9m8f9Q/pjF//D8MYv/h/PHLP4fyR+z+H80f8zif0T+mMX/yPwxi/9R+WMW/4/lj1n8j84fs/h/PH/M4n9M/pjF/9j8MYv/J/LHLP6fzB+z+B+XP2bxPz5/zOJ/Qv6Yxf9T+WMW/0/nj1n8T8wfs/iflD9m8f9M/pjF/7P5Yxb/k/PHLP6n5I9Z/E/NH7P4n5Y/ZvE/PX/M4n9G/pjF/3P5Yxb/M/PHLP5n5Y9Z/M/OH7P4fz5/zOJ/Tv6Yxf/c/DGL/xfyxyz+5+WPWfzPzx+z+F+QP2bx/2L+mMX/S/ljFv8v549Z/C/MH7P4X5Q/ZvG/OH/M4v+V/DGL/yX5Yxb/S/PHLP6X5Y9Z/C/PH7P4X5E/ZvG/Mn/M4n9V/pjF/+r8MYv/V/PHLP5fyx+z+F+TP2bx/3r+mMX/2vwxi/838scs/tflj1n8v5k/ZvG/Pn/M4v+t/DGL/7fzxyz+N+SPWfxvzB+z+N+UP2bxH50/ZvG/OX/M4v+d/DGL/y35Yxb/7+aPWfxvzR+z+N+WP2bx/17+mMX/+/ljFv8f5I9Z/G/PH7P435E/ZvG/M3/M4v/D/DGL/4/yxyz+P84fs/j/JH/M4v/T/DGL/135Yxb/u/PHLP735I9Z/O/NH7P4/yx/zOL/8/wxi/8v8scs/vflj1n8788fs/j/Mn/M4v+r/DGL/6/zxyz+D+SPWfx/kz9m8f9t/pjF/8H8MYv/7/Kf1NOTPbf4P5Q/ZvH/ff6Yxf8P+WMW/4fzxyz+f8wfs/j/KX/M4v/n/DGL/1/yxyz+f80fs/g/kj9m8X80f8zi/1j+mMX/8fwxi/8T+WMW/yfzxyz+T+WPWfyfzh+z+D+TP2bxH5M/JvGfeZA/ZvEfyh+z+A/LH7P4T5U/ZvGfOn/M4j9N/pjFf9r8MYv/dPljFv/p88cs/sPzxyz+M+SPWfxnzB+z+M+UP/aC8x/+t6eT+8+cP/aC83+O9T9L/pjFf9b8MYv/bPljFv/Z88cs/nPkj1n858wfs/jPlT9m8X9R/pjFf+78MYv/i/PHLP7z5I9Z/F+SP2bxnzd/zOL/0vwxi//L8scs/vPlj1n8X54/ZvGfP3/M4r9A/pjFf8H8MYv/QvljFv+F88cs/ovkj1n8F80fs/gvlj9m8V88f8ziv0T+mMV/yfwxi/9S+WMW/6Xzxyz+y+SPWfyXzR+z+C+XP2bxXz5/zOK/Qv6YxX/F/DGL/0r5Yxb/lfPHLP6r5I9Z/FfNH7P4r5Y/ZvFfPX/M4r9G/pjFf83n8p/p/2hc/6FZ/F/R+scs/mvlj1n8184fs/ivkz9m8V83f8ziv17+mMV/RP6YxX9k/pjFf/38MYv/BvljFv9X5o9Z/DfMH7P4b5Q/ZvHfOH/M4r9J/pjFf9P8MYv/q/LHLP6b5Y9Z/DfPH7P4b5E/ZvHfMn/M4r9V/pjFf+v8MYv/q/PHLP7b5I9Z/LfNH7P4b5c/ZvHfPn/M4v+a/DGL/2vzxyz+O+SPWfxflz9m8d8xf8ziv1P+mMX/9fljFv835I9Z/N+YP2bxf1P+mMV/5/wxi/8u+WMW/zfnj1n835I/ZvHfNX/M4r9b/pjF/635Yxb/3fPHLP575I9Z/PfMH7P4vy1/zOL/9vwxi/9e+WMW/73zxyz+++SPWfzfkT9m8d83f8zi/878MYv/fvljFv935Y9Z/PfPH7P4vzt/zOJ/QP6Yxf89+WMW/wPzxyz+B+WPWfwPzh+z+L83f8zi/778MYv/+/PHLP4fyB+z+B+SP2bxH5U/ZvE/NH/M4n9Y/pjF/4P5Yxb/D+WPWfwPzx+z+H84f8zi/5H8MYv/R/PHLP5H5I9Z/I/MH7P4H5U/ZvH/WP6Yxf/o/DGL/8fzxyz+x+SPWfyPzR+z+H8if8zi/8n8MYv/cfljFv/j88cs/ifkj1n8P5U/ZvH/dP6Yxf/E/DGL/0n5Yxb/z+SPWfw/mz9m8T85f8zif0r+mMX/1Pwxi/9p+WMW/9Pzxyz+Z+SPWfw/lz9m8T8zf8zif1b+mMX/7Pwxi//n88cs/ufkj1n8z80fs/h/IX/M4n9e/pjF//z8MYv/BfljFv8v5o9Z/L+UP2bx/3L+mMX/wvwxi/9F+WMW/4vzxyz+X8kfs/hfkj9m8b80f8zif1n+mMX/8vwxi/8V+WMW/yvzxyz+V+WPWfyvzh+z+H81f8zi/7X8MYv/NfljFv+v549Z/K/NH7P4fyN/zOJ/Xf6Yxf+b+WMW/+vzxyz+38ofs/h/O3/M4n9D/pjF/8b8MYv/TfljFv/R+WMW/5vzxyz+38kfs/jfkj9m8f9u/pjF/9b8MYv/bfljFv/v5Y9Z/L+fP2bx/0H+mMX/9vwxi/8d+WMW/zvzxyz+P8wfs/j/KH/M4v/j/DGL/0/yxyz+P80fs/jflT9m8b87f8zif0/+mMX/3vwxi//P8scs/j/PH7P4/yJ/zOJ/X/6Yxf/+/DGL/y/zxyz+v8ofs/j/On/M4v9A/pjF/zf5Yxb/3+aPWfwfzB+z+P8uf8zi/1D+mMX/9/ljFv8/5I9Z/B/OH7P4/zF/zOL/p/wxi/+f88cs/n/JH7P4/zV/zOL/SP6Yxf/R/DGL/2P5Yxb/x/PHLP5P5I9Z/J/MH7P4P5U/ZvF/On/M4v9M/pjFf0z+mMR/lkH+mMV/KH/M4j8sf8ziP1X+mMV/6vwxi/80U/gP/78e139oFv9pW/+YxX+6/DGL//T5Yxb/4fljFv8Z8scs/jPmj1n8Z8ofs/jPnD9m8Z8lf8ziP2v+mMV/tvwxi//s+WMW/znyxyz+c+aPWfznyh+z+L8of8ziP3f+mMX/xfljFv958scs/i/JH7P4z5s/ZvF/af6Yxf9l+WMW//nyxyz+L88fs/jPnz9m8V8gf8ziv2D+mMV/ofwxi//C+WMW/0Xyxyz+i+aPWfwXyx+z+C+eP2bxXyJ/zOK/ZP6YxX+p/DGL/9L5Yxb/ZfLHLP7L5o9Z/JfLH7P4L58/ZvFfIX/M4r9i/pjFf6X8MYv/yvljFv9V8scs/qvmj1n8V8sfs/ivnj9m8V8jf8ziv2b+mMX/FfljFv+18scs/mvnj1n818kfs/ivmz9m8V8vf8ziPyJ/zOI/Mn/M4r9+/pjFf4P8MYv/K/PHLP4b5o9Z/DfKH7P4b5w/ZvHfJH/M4r9p/pjF/1X5Yxb/zfLHLP6b549Z/LfIH7P4b5k/ZvHfKn/M4r91/pjF/9X5Yxb/bfLHLP7b5o9Z/LfLH7P4b58/ZvF/Tf6Yxf+1+WMW/x3yxyz+r8sfs/jvmD9m8d8pf8zi//r8MYv/G/LHLP5vzB+z+L8pf8ziv3P+mMV/l/wxi/+b88cs/m/JH7P475o/ZvHfLX/M4v/W/DGL/+75Yxb/PfLHLP575o9Z/N+WP2bxf3v+mMV/r/wxi//e+WMW/33yxyz+78gfs/jvmz9m8X9n/pjFf7/8MYv/u/LHLP77549Z/N+dP2bxPyB/zOL/nvwxi/+B+WMW/4Pyxyz+B+ePWfzfmz9m8X9f/pjF//35Yxb/D+SPWfwPyR+z+I/KH7P4H5o/ZvE/LH/M4v/B/DGL/4fyxyz+h+ePWfw/nD9m8f9I/pjF/6P5Yxb/I/LHLP5H5o9Z/I/KH7P4fyx/zOJ/dP6Yxf/j+WMW/2Pyxyz+x+aPWfw/kT9m8f9k/pjF/7j8MYv/8fljFv8T8scs/p/KH7P4fzp/zOJ/Yv6Yxf+k/DGL/2fyxyz+n80fs/ifnD9m8T8lf8zif2r+mMX/tPwxi//p+WMW/zPyxyz+n8sfs/ifmT9m8T8rf8zif3b+mMX/8/ljFv9z8scs/ufmj1n8v5A/ZvE/L3/M4n9+/pjF/4L8MYv/F/PHLP5fyh+z+H85f8zif2H+mMX/ovwxi//F+WMW/6/kj1n8L8kfs/hfmj9m8b8sf8zif3n+mMX/ivwxi/+V+WMW/6vyxyz+V+ePWfy/mj9m8f9a/pjF/5r8MYv/1/PHLP7X5o9Z/L+RP2bxvy5/zOL/zfwxi//1+WMW/2/lj1n8v50/ZvG/IX/M4n9j/pjF/6b8MYv/6Pwxi//N+WMW/+/kj1n8b8kfs/h/N3/M4n9r/pjF/7b8MYv/9/LHLP7fzx+z+P8gf8zif3v+mMX/jvwxi/+d+WMW/x/mj1n8f5Q/ZvH/cf6Yxf8n+WMW/5/mj1n878ofs/jfnT9m8b8nf8zif2/+mMX/Z/ljFv+f549Z/H+RP2bxvy9/zOJ/f/6Yxf+X+WMW/1/lj1n8f50/ZvF/IH/M4v+b/DGL/2/zxyz+D07yP+b5Gdd/aBb/37X+MYv/Q/ljFv/f549Z/P+QP2bxfzh/zOL/x/wxi/+f8scs/n/OH7P4/yV/zOL/1/wxi/8j+WMW/0fzxyz+j+WPWfwfzx+z+D+RP2bxfzJ/zOL/VP6Yxf/p/DGL/zP5Yxb/MfljEv9ZB/ljFv+h/DGL/7D8MYv/VPljFv+p88cs/tPkj1n8p80fs/hPlz9m8Z8+f8ziPzx/zOI/Q/6YxX/G/DGL/0z5Yxb/mfPHLP6z5I9Z/GfNH7P4z5Y/ZvGfPX/M4j9H/pjFf878MYv/XPljFv8X5Y9Z/OfOH7P4vzh/zOI/T/6Yxf8l+WMW/3nzxyz+L80fs/i/LH/M4j9f/pjF/+X5Yxb/+fPHLP4L5I9Z/BfMH7P4L5Q/ZvFfOH/M4r9I/pjFf9H8MYv/YvljFv/F88cs/kvkj1n8l8wfs/gvlT9m8V86f8ziv0z+mMV/2fwxi/9y+WMW/+Xzxyz+K+SPWfxXzB+z+K+UP2bxXzl/zOK/Sv6YxX/V/DGL/2r5Yxb/1fPHLP5r5I9Z/NfMH7P4vyJ/zOK/Vv6YxX/t/DGL/zr5Yxb/dfPHLP7r5Y9Z/Efkj1n8R+aPWfzXzx+z+G+QP2bxf2X+mMV/w/wxi/9G+WMW/43zxyz+m+SPWfw3zR+z+L8qf8ziv1n+mMV/8/wxi/8W+WMW/y3zxyz+W+WPWfy3zh+z+L86f8ziv03+mMV/2/wxi/92+WMW/+3zxyz+r8kfs/i/Nn/M4r9D/pjF/3X5Yxb/HfPHLP475Y9Z/P8/9umhBxRDi8Los3Gfbdu2bba9tm3Wtm3btm3btm7djjpossdN073WLzg5X/ZA/aOW/oP0j1r6D9Y/auk/RP+opf9Q/aOW/sP0j1r6D9c/auk/Qv+opf9I/aOW/qP0j1r6j9Y/auk/Rv+opf9Y/aOW/uP0j1r6j9c/auk/Qf+opf9E/aOW/pP0j1r6T9Y/auk/Rf+opf9U/aOW/tP0j1r6T9c/auk/Q/+opf9M/aOW/rP0j1r6z9Y/auk/R/+opf9c/aOW/vP0j1r6z9c/aum/QP+opf9C/aOW/ov0j1r6L9Y/aum/RP+opf/y+kct/VfQP2rpv6L+UUv/lfSPWvqvrH/U0n8V/aOW/qvqH7X0X03/qKX/6vpHLf3X0D9q6b+m/lFL/7X0j1r6r61/1NJ/Hf2jlv7r6h+19F9P/6il//r6Ry39N9A/aum/of5RS/+N9I9a+m+sf9TSf5PQf+mLeddLVEv/Te0/aum/mf5RS//N9Y9a+m+hf9TSf0v9o5b+W+kftfTfWv+opf82+kct/bfVP2rpv53+UUv/7fWPWvrvoH/U0n9H/aOW/jvpH7X031n/qKX/LvpHLf131T9q6b+b/lFL/931j1r676F/1NJ/T/2jlv576R+19N9b/6il/z76Ry3999U/aum/n/5RS//99Y9a+h+gf9TS/0D9o5b+B+kftfQ/WP+opf8h+kct/Q/VP2rpf5j+UUv/w/WPWvofoX/U0v9I/aOW/kfpH7X0P1r/qKX/MfpHLf2P1T9q6X+c/lFL/+P1j1r6n6B/1NL/RP2jlv4n6R+19D9Z/6il/yn6Ry39T9U/aul/mv5RS//T9Y9a+p+hf9TS/0z9o5b+Z+kftfQ/W/+opf85+kct/c/VP2rpf57+UUv/8/WPWvpfoH/U0v9C/aOW/hfpH7X0v1j/qKX/JfpHLf0v1T9q6X+Z/lFL/8v1j1r6X6F/1NL/Sv2jlv5X6R+19L9a/6il/zX6Ry39r9U/aul/nf5RS//r9Y9a+t+gf9TS/0b9o5b+N+kftfS/Wf+opf8t+kct/W/VP2rpf5v+UUv/2/WPWvrfoX/U0v9O/aOW/nfpH7X0v1v/qKX/PfpHLf3v1T9q6X+f/lFL//v1j1r6P6B/1NL/Qf2jlv4P6R+19H9Y/6il/yP6Ry39H9U/aum/VP+opf9j+kct/R/XP2rp/4T+UUv/J/WPWvo/pX/U0v9p/aOW/s/oH7X0f1b/qKT/gFfoH7X0f6X+UUv/V+kftfR/tf5RS//X6B+19H+t/lFL/9fpH7X0f73+UUv/N+gftfR/o/5RS/836R+19H+z/lFL/7foH7X0f6v+UUv/t+kftfR/u/5RS/8B+kct/d+hf9TS/536Ry3936V/1NL/3fpHLf3fo3/U0v+9+kct/d+nf9TS//36Ry39P6B/1NL/g/pHLf0/pP8LHvK8lv4f1j9q6f8R/aOW/h/VP2rp/zH9o5b+H9c/aun/Cf2jlv6f1D9q6f8p/aOW/p/WP2rp/xn9o5b+n9U/aun/Of2jlv6f1z9q6f8F/aOW/l/UP2rp/yX9o5b+X9Y/aun/Ff2jlv5f1T9q6f81/aOW/l/XP2rp/w39o5b+39Q/aun/Lf2jlv7f1j9q6f8d/aOW/t/VP2rp/z39o5b+39c/aun/A/2jlv4/1D9q6f8j/aOW/j/WP2rp/xP9o5b+P9U/aun/M/2jlv4/1z9q6f8L/aOW/r/UP2rp/yv9o5b+v9Y/aun/G/2jlv6/1T9q6f87/aOW/r/XP2rp/wf9o5b+f9Q/aun/J/2jlv5/1j9q6f8X/aOW/n/VP2rp/zf9o5b+f9c/aun/D/2jlv7/1D9q6f8v/aOW/v/WP2rp/x/9o5b+/9U/aun/P/2jlv7/1z9q6b+M/lFL/2X1j1r6L6d/1NJ/oP5RS/9B+kct/QfrH7X0H6J/1NJ/qP5RS/9h+kct/YfrH7X0H6F/1NJ/pP5RS/9R+kct/UfrH7X0H6N/1NJ/rP5RS/9x+kct/cfrH7X0n6B/1NJ/ov5RS/9J+kct/SfrH7X0n6J/1NJ/qv5RS/9p+kct/afrH7X0n6F/1NJ/pv5RS/9Z+kct/WfrH7X0n6N/1NJ/rv5RS/95+kct/efrH7X0X6B/1NJ/of5RS/9F+kct/RfrH7X0X6J/9LLrDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwHDtwIAAAAAAA5P/aCFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVXYgQMBAAAAACD/10aoqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwg4cCwAAAAAI87fOomsDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB+BQAA//+1Iplt") 1.073377789s ago: executing program 3 (id=1143): socketpair$unix(0x1, 0x2, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xa, &(0x7f00000000c0), 0x4) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10) shmget$private(0x0, 0x4000, 0x0, &(0x7f0000000000/0x4000)=nil) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x4000010, 0xffffffffffffffff, 0x0) r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) write$uinput_user_dev(r4, 0x0, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0) open$dir(&(0x7f0000000080)='./file0\x00', 0x2042, 0x0) r5 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8802, 0x0) r6 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/sys/net/ipv4/vs/sync_retries\x00', 0x2, 0x0) splice(r6, 0x0, r5, 0x0, 0x8000001202, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0x13f}}, 0x20) 166.659165ms ago: executing program 3 (id=1144): socket$caif_stream(0x25, 0x1, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000380)=0x4000000fffd) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) socket$tipc(0x1e, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.throttle.io_serviced\x00', 0x275a, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000200)='smaps\x00') socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000a00)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c0000011000900000000000", @ANYRESHEX=r0, @ANYBLOB="00000000000000001c0012800b0001006d616373656300000c00028005000600"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000a40)=ANY=[@ANYBLOB="7000000010000104000000000400000000000000", @ANYRES32=r4, @ANYBLOB], 0x70}}, 0x0) r5 = memfd_secret(0x0) ftruncate(r5, 0x4) sendmsg$nl_route(r2, &(0x7f0000001280)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000180)={&(0x7f0000001200)=ANY=[@ANYBLOB="58000000200001002dbd7000fddbdf250a1400d305000001040001001400030069cb0d00006c3000000000000000000014000200fc02000000000000000000000000000114000200ff010000000000000000000000005701"], 0x58}, 0x1, 0x0, 0x0, 0x4000014}, 0x20040080) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x9, 0x13, r5, 0x0) syz_io_uring_submit(r6, 0x0, 0x0) set_mempolicy(0x3, &(0x7f0000000040)=0xfffffffffffffffb, 0x5) mbind(&(0x7f0000ffa000/0x6000)=nil, 0x6000, 0x0, 0x0, 0x0, 0x3) socket$nl_route(0x10, 0x3, 0x0) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_int(r7, 0x29, 0x19, &(0x7f0000002740), &(0x7f0000002780)=0x4) r8 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_INTERFACE(r8, 0x0, 0x0) r9 = syz_open_procfs(0x0, &(0x7f0000000480)='net/icmp6\x00') preadv(r9, &(0x7f0000000280)=[{&(0x7f0000000080)=""/77, 0x4d}], 0x1, 0xa3, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000012c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) 111.916788ms ago: executing program 2 (id=1145): r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0) r2 = eventfd(0x0) ioctl$VHOST_SET_VRING_BASE(r1, 0x4008af12, &(0x7f0000000080)={0x1, 0x7f}) ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000540)={0x0, 0x0, 0x0, &(0x7f00000002c0)=""/138, 0x0}) ioctl$VHOST_SET_LOG_FD(r1, 0x4004af07, &(0x7f0000000240)=r2) ioctl$VHOST_SET_VRING_KICK(r1, 0x4008af20, &(0x7f0000000500)={0x1, r2}) ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74}) ioctl$VHOST_SET_VRING_ERR(r1, 0x4008af22, &(0x7f0000000140)={0x1, r2}) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000940)) ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000000)=0x20000) 0s ago: executing program 0 (id=1146): bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x2c) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x6, 0x1b, &(0x7f0000001800)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7020000000000008500000017000000180100002020690000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000006000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000700)={r1, r3, 0x25, 0x0, @val=@perf_event}, 0x40) syz_emit_ethernet(0x10d3, &(0x7f0000004000)=ANY=[], 0x0) kernel console output (not intermixed with test programs): .932625][ T8414] netlink: 197276 bytes leftover after parsing attributes in process `syz.0.742'. [ 274.873996][ T8429] netlink: 'syz.1.745': attribute type 12 has an invalid length. [ 274.881808][ T8429] netlink: 197276 bytes leftover after parsing attributes in process `syz.1.745'. [ 274.931178][ T5092] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 275.136594][ T8437] loop1: detected capacity change from 0 to 512 [ 275.176426][ T8437] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 275.213828][ T8437] EXT4-fs (loop1): warning: checktime reached, running e2fsck is recommended [ 275.214376][ T8439] netlink: 256 bytes leftover after parsing attributes in process `syz.3.743'. [ 275.265071][ T8437] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c01c, mo2=0002] [ 275.281442][ T8437] System zones: 0-2, 18-18, 34-34 [ 275.300537][ T8437] EXT4-fs error (device loop1): ext4_orphan_get:1420: comm syz.1.748: bad orphan inode 15 [ 275.313826][ T8437] ext4_test_bit(bit=14, block=18) = 1 [ 275.372865][ T8437] is_bad_inode(inode)=0 [ 275.385549][ T8437] NEXT_ORPHAN(inode)=2264924160 [ 275.406856][ T5146] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 275.417317][ T8437] max_ino=32 [ 275.420544][ T8437] i_nlink=0 [ 275.423714][ T8437] EXT4-fs warning (device loop1): ext4_update_dynamic_rev:1137: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 275.481016][ T8437] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.748: bg 0: block 80: padding at end of block bitmap is not set [ 275.516082][ T8437] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6551: Corrupt filesystem [ 275.531473][ T8437] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 275.769090][ T5146] usb 1-1: device descriptor read/64, error -71 [ 277.240299][ T5110] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 277.586880][ T5146] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 277.788138][ T29] audit: type=1326 audit(1720374862.578:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8460 comm="syz.3.754" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8151d75bd9 code=0x0 [ 277.811850][ T5146] usb 1-1: device descriptor read/64, error -71 [ 277.971107][ T5146] usb usb1-port1: attempt power cycle [ 278.499115][ T8460] dccp_close: ABORT with 32 bytes unread [ 278.508226][ T8453] loop1: detected capacity change from 0 to 32768 [ 278.625792][ T29] audit: type=1326 audit(1720374863.428:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8475 comm="syz.3.757" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8151d75bd9 code=0x7ffc0000 [ 278.726893][ T5146] usb 1-1: new full-speed USB device number 17 using dummy_hcd [ 278.793923][ T29] audit: type=1326 audit(1720374863.428:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8475 comm="syz.3.757" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8151d75bd9 code=0x7ffc0000 [ 278.836604][ T5146] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 278.848900][ T5146] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 278.861251][ T5146] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 576, setting to 64 [ 278.878945][ T5146] usb 1-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22 [ 278.894254][ T5146] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 279.017039][ T29] audit: type=1326 audit(1720374863.428:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8475 comm="syz.3.757" exe="/root/syz-executor" sig=0 arch=c000003e syscall=85 compat=0 ip=0x7f8151d75bd9 code=0x7ffc0000 [ 279.040778][ T5146] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 279.047150][ T29] audit: type=1326 audit(1720374863.468:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8475 comm="syz.3.757" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8151d75bd9 code=0x7ffc0000 [ 279.053305][ T5146] usb 1-1: SerialNumber: syz [ 279.092351][ T8482] netlink: 'syz.4.758': attribute type 12 has an invalid length. [ 279.100351][ T8482] netlink: 197276 bytes leftover after parsing attributes in process `syz.4.758'. [ 279.169120][ T29] audit: type=1326 audit(1720374863.468:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8475 comm="syz.3.757" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8151d75bd9 code=0x7ffc0000 [ 279.172598][ T8466] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 279.213871][ T8466] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 279.247814][ T5146] cdc_acm 1-1:1.0: Control and data interfaces are not separated! [ 279.259142][ T29] audit: type=1326 audit(1720374863.468:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8475 comm="syz.3.757" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7f8151d75bd9 code=0x7ffc0000 [ 279.392330][ T29] audit: type=1326 audit(1720374863.468:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8475 comm="syz.3.757" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8151d75bd9 code=0x7ffc0000 [ 279.436085][ T8488] loop2: detected capacity change from 0 to 512 [ 279.524674][ T8488] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended [ 279.610994][ T29] audit: type=1326 audit(1720374863.468:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8475 comm="syz.3.757" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8151d75bd9 code=0x7ffc0000 [ 279.686079][ T8488] EXT4-fs (loop2): warning: checktime reached, running e2fsck is recommended [ 279.716207][ T8466] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 279.752150][ T8488] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c01c, mo2=0002] [ 279.760815][ T8466] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 279.778443][ T29] audit: type=1326 audit(1720374863.468:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8475 comm="syz.3.757" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f8151d75bd9 code=0x7ffc0000 [ 280.556484][ T5108] Bluetooth: hci3: command 0x0406 tx timeout [ 280.566126][ T8488] System zones: 0-2, 18-18, 34-34 [ 280.625207][ T8488] EXT4-fs error (device loop2): ext4_orphan_get:1420: comm syz.2.760: bad orphan inode 15 [ 280.640673][ T29] audit: type=1326 audit(1720374863.468:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8475 comm="syz.3.757" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8151d75bd9 code=0x7ffc0000 [ 280.697484][ T8488] ext4_test_bit(bit=14, block=18) = 1 [ 280.722631][ T8488] is_bad_inode(inode)=0 [ 280.738591][ T5146] cdc_acm 1-1:1.0: ttyACM0: USB ACM device [ 280.800789][ T8488] NEXT_ORPHAN(inode)=2264924160 [ 280.816360][ T5146] usb 1-1: USB disconnect, device number 17 [ 280.827782][ T8488] max_ino=32 [ 280.831016][ T8488] i_nlink=0 [ 280.846627][ T8488] EXT4-fs warning (device loop2): ext4_update_dynamic_rev:1137: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 280.894148][ T8488] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.760: bg 0: block 80: padding at end of block bitmap is not set [ 280.944909][ T5108] Bluetooth: hci4: Ignoring HCI_Connection_Complete for existing connection [ 280.959300][ T8488] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6551: Corrupt filesystem [ 280.980032][ T8488] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 281.176889][ T25] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 281.632485][ T5145] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 282.073494][ T5145] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 282.115769][ T25] usb 4-1: New USB device found, idVendor=1d50, idProduct=606f, bcdDevice=14.d4 [ 282.126294][ T5092] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 282.129678][ T25] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 282.143381][ T5145] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 282.143433][ T5145] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 282.143456][ T5145] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 282.151992][ T8506] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 282.181313][ T25] usb 4-1: config 0 descriptor?? [ 282.700087][ T5145] usb 5-1: USB disconnect, device number 21 [ 282.891126][ T25] gs_usb 4-1:0.0: Configuring for 1 interfaces [ 282.906214][ T11] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 283.102787][ T11] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 283.690113][ T11] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 284.011449][ T25] gs_usb 4-1:0.0: Couldn't get bit timing const for channel 0 (-ETIMEDOUT) [ 284.044665][ T25] gs_usb 4-1:0.0: probe with driver gs_usb failed with error -110 [ 284.084187][ T11] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 284.283355][ T8537] loop1: detected capacity change from 0 to 2048 [ 284.302105][ T5100] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 284.314036][ T5100] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 284.323272][ T5100] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 284.367034][ T5100] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 284.379261][ T5100] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 284.387423][ T5100] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 284.546965][ T11] bridge_slave_1: left allmulticast mode [ 284.552642][ T11] bridge_slave_1: left promiscuous mode [ 284.587148][ T8544] netlink: 'syz.4.773': attribute type 12 has an invalid length. [ 284.594942][ T8544] netlink: 197276 bytes leftover after parsing attributes in process `syz.4.773'. [ 284.625751][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 284.653470][ T8537] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 284.680713][ T11] bridge_slave_0: left allmulticast mode [ 284.688422][ T11] bridge_slave_0: left promiscuous mode [ 284.703467][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 284.948373][ T8550] EXT4-fs error (device loop1): ext4_lookup:1810: inode #15: comm syz.1.772: iget: bad extended attribute block 4294967296 [ 285.054060][ T5100] Bluetooth: hci4: command 0x0406 tx timeout [ 285.450785][ T930] usb 4-1: USB disconnect, device number 25 [ 285.665799][ T8555] loop3: detected capacity change from 0 to 2048 [ 285.697703][ T8555] udf: Unknown parameter 'filecet' [ 286.002638][ T8548] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm ext4lazyinit: bg 0: block 241: padding at end of block bitmap is not set [ 286.567556][ T5108] Bluetooth: hci2: command tx timeout [ 286.657334][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 286.672367][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 286.686226][ T11] bond0 (unregistering): Released all slaves [ 286.852957][ T8560] Process accounting resumed [ 286.874608][ T5110] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 287.354040][ T8573] netlink: 'syz.2.780': attribute type 1 has an invalid length. [ 287.951108][ T8581] loop4: detected capacity change from 0 to 4096 [ 288.363803][ T8614] ieee802154 phy0 wpan0: encryption failed: -22 [ 288.370330][ T8614] FAULT_INJECTION: forcing a failure. [ 288.370330][ T8614] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 288.384654][ T8614] CPU: 0 UID: 0 PID: 8614 Comm: syz.1.783 Not tainted 6.10.0-rc6-next-20240703-syzkaller #0 [ 288.394747][ T8614] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 288.404813][ T8614] Call Trace: [ 288.408111][ T8614] [ 288.411050][ T8614] dump_stack_lvl+0x241/0x360 [ 288.415756][ T8614] ? __pfx_dump_stack_lvl+0x10/0x10 [ 288.420971][ T8614] ? __pfx__printk+0x10/0x10 [ 288.425583][ T8614] ? __pfx_lock_release+0x10/0x10 [ 288.430637][ T8614] should_fail_ex+0x3b0/0x4e0 [ 288.435342][ T8614] _copy_from_user+0x2f/0xe0 [ 288.439951][ T8614] copy_msghdr_from_user+0xae/0x680 [ 288.445173][ T8614] ? __pfx___might_resched+0x10/0x10 [ 288.450477][ T8614] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 288.456306][ T8614] ? __might_fault+0xaa/0x120 [ 288.461004][ T8614] __sys_sendmmsg+0x374/0x740 [ 288.465702][ T8614] ? __pfx___sys_sendmmsg+0x10/0x10 [ 288.470947][ T8614] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 288.476862][ T8614] ? ksys_write+0x23e/0x2c0 [ 288.481376][ T8614] ? __pfx_lock_release+0x10/0x10 [ 288.486425][ T8614] ? vfs_write+0x7c4/0xc90 [ 288.490852][ T8614] ? __mutex_unlock_slowpath+0x21d/0x750 [ 288.496496][ T8614] ? __pfx_vfs_write+0x10/0x10 [ 288.501292][ T8614] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 288.507377][ T8614] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 288.513715][ T8614] ? do_syscall_64+0x100/0x230 [ 288.518488][ T8614] __x64_sys_sendmmsg+0xa0/0xb0 [ 288.523357][ T8614] do_syscall_64+0xf3/0x230 [ 288.527870][ T8614] ? clear_bhb_loop+0x35/0x90 [ 288.532561][ T8614] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 288.538464][ T8614] RIP: 0033:0x7f0aeab75bd9 [ 288.542885][ T8614] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 288.562503][ T8614] RSP: 002b:00007f0aeb897048 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 288.570935][ T8614] RAX: ffffffffffffffda RBX: 00007f0aead04110 RCX: 00007f0aeab75bd9 [ 288.578921][ T8614] RDX: 00000000fffffdef RSI: 0000000020001a40 RDI: 0000000000000004 [ 288.586910][ T8614] RBP: 00007f0aeb8970a0 R08: 0000000000000000 R09: 0000000000000000 [ 288.594887][ T8614] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 288.602866][ T8614] R13: 000000000000006e R14: 00007f0aead04110 R15: 00007ffde7a70e88 [ 288.610860][ T8614] [ 288.613924][ C0] vkms_vblank_simulate: vblank timer overrun [ 288.656839][ T5108] Bluetooth: hci2: command tx timeout [ 289.348678][ T8539] chnl_net:caif_netlink_parms(): no params data found [ 289.438907][ T8615] input: syz0 as /devices/virtual/input/input16 [ 289.638640][ T8621] loop1: detected capacity change from 0 to 512 [ 289.710362][ T8625] netlink: 'syz.2.787': attribute type 12 has an invalid length. [ 289.718199][ T8625] netlink: 197276 bytes leftover after parsing attributes in process `syz.2.787'. [ 289.880811][ T8621] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 289.899497][ T8621] EXT4-fs (loop1): orphan cleanup on readonly fs [ 289.920069][ T8621] __quota_error: 13 callbacks suppressed [ 289.920081][ T8621] Quota error (device loop1): dq_insert_tree: Quota tree root isn't allocated! [ 289.960687][ T8621] Quota error (device loop1): qtree_write_dquot: Error -5 occurred while creating quota [ 289.982400][ T8621] EXT4-fs error (device loop1): ext4_acquire_dquot:6862: comm syz.1.786: Failed to acquire dquot type 1 [ 290.055293][ T8621] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.786: bg 0: block 40: padding at end of block bitmap is not set [ 290.091900][ T8621] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6551: Corrupt filesystem [ 290.124161][ T8621] EXT4-fs (loop1): 1 truncate cleaned up [ 290.143594][ T8621] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 290.162645][ T8581] (unnamed net_device) (uninitialized): option packets_per_slave: mode dependency failed, not supported in mode balance-xor(2) [ 290.205636][ T5110] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 290.677486][ T8642] netlink: 'syz.2.790': attribute type 1 has an invalid length. [ 290.726962][ T5108] Bluetooth: hci2: command tx timeout [ 290.877739][ T8539] bridge0: port 1(bridge_slave_0) entered blocking state [ 290.885324][ T8539] bridge0: port 1(bridge_slave_0) entered disabled state [ 290.903262][ T8539] bridge_slave_0: entered allmulticast mode [ 290.921174][ T8539] bridge_slave_0: entered promiscuous mode [ 291.056854][ T930] usb 2-1: new high-speed USB device number 27 using dummy_hcd [ 291.088485][ T8539] bridge0: port 2(bridge_slave_1) entered blocking state [ 291.095657][ T8539] bridge0: port 2(bridge_slave_1) entered disabled state [ 291.126147][ T8661] loop4: detected capacity change from 0 to 1024 [ 291.130715][ T8539] bridge_slave_1: entered allmulticast mode [ 291.151315][ T8660] loop2: detected capacity change from 0 to 2048 [ 291.178073][ T8539] bridge_slave_1: entered promiscuous mode [ 291.255264][ T8661] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 291.322271][ T930] usb 2-1: config 0 has no interfaces? [ 291.336851][ T930] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 291.357066][ T930] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 291.365666][ T8660] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 291.425529][ T29] audit: type=1800 audit(1720374876.228:90): pid=8661 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.791" name="bus" dev="loop4" ino=18 res=0 errno=0 [ 291.468139][ T930] usb 2-1: config 0 descriptor?? [ 291.578183][ T11] hsr_slave_0: left promiscuous mode [ 291.584532][ T11] hsr_slave_1: left promiscuous mode [ 291.618442][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 291.641456][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 291.674481][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 291.829303][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 291.896881][ T11] veth1_macvtap: left promiscuous mode [ 291.909893][ T11] veth0_macvtap: left promiscuous mode [ 291.984876][ T11] veth1_vlan: left promiscuous mode [ 292.001544][ T11] veth0_vlan: left promiscuous mode [ 292.242810][ T8653] loop3: detected capacity change from 0 to 40427 [ 292.352541][ T8653] F2FS-fs (loop3): Found nat_bits in checkpoint [ 292.482553][ T8653] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 292.667224][ T8683] FAULT_INJECTION: forcing a failure. [ 292.667224][ T8683] name failslab, interval 1, probability 0, space 0, times 0 [ 292.686919][ T29] audit: type=1804 audit(1720374877.458:91): pid=8681 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.789" name="/newroot/162/file2/cgroup.controllers" dev="loop3" ino=10 res=1 errno=0 [ 292.718014][ T8683] CPU: 0 UID: 0 PID: 8683 Comm: syz.2.794 Not tainted 6.10.0-rc6-next-20240703-syzkaller #0 [ 292.728095][ T8683] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 292.738152][ T8683] Call Trace: [ 292.741438][ T8683] [ 292.744353][ T8683] dump_stack_lvl+0x241/0x360 [ 292.749027][ T8683] ? __pfx_dump_stack_lvl+0x10/0x10 [ 292.754209][ T8683] ? __pfx__printk+0x10/0x10 [ 292.758785][ T8683] ? __pfx___might_resched+0x10/0x10 [ 292.764056][ T8683] should_fail_ex+0x3b0/0x4e0 [ 292.768726][ T8683] ? __d_alloc+0x31/0x700 [ 292.773040][ T8683] should_failslab+0x9/0x20 [ 292.777538][ T8683] kmem_cache_alloc_lru_noprof+0x71/0x2b0 [ 292.783247][ T8683] __d_alloc+0x31/0x700 [ 292.787390][ T8683] d_alloc_pseudo+0x1f/0xb0 [ 292.791880][ T8683] alloc_file_pseudo+0x123/0x290 [ 292.796803][ T8683] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 292.802245][ T8683] ? shmem_get_inode+0xabb/0xd50 [ 292.807174][ T8683] __shmem_file_setup+0x237/0x2c0 [ 292.812181][ T8683] __se_sys_memfd_create+0x36b/0x850 [ 292.817452][ T8683] do_syscall_64+0xf3/0x230 [ 292.821935][ T8683] ? clear_bhb_loop+0x35/0x90 [ 292.826610][ T8683] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 292.832492][ T8683] RIP: 0033:0x7f1d5c975bd9 [ 292.836914][ T8683] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 292.856504][ T8683] RSP: 002b:00007f1d5d688e28 EFLAGS: 00000206 ORIG_RAX: 000000000000013f [ 292.864923][ T8683] RAX: ffffffffffffffda RBX: 0000000000009e11 RCX: 00007f1d5c975bd9 [ 292.872881][ T8683] RDX: 00007f1d5d688f00 RSI: 0000000000000000 RDI: 00007f1d5c9e3d24 [ 292.880843][ T8683] RBP: 000000002001da80 R08: 00007f1d5d688bc7 R09: 00007f1d5d688e50 [ 292.888801][ T8683] R10: 000000000000000a R11: 0000000000000206 R12: 0000000020000000 [ 292.896763][ T8683] R13: 00007f1d5d688f00 R14: 00007f1d5d688ec0 R15: 00000000200000c0 [ 292.904731][ T8683] [ 292.907828][ C0] vkms_vblank_simulate: vblank timer overrun [ 292.935765][ T5108] Bluetooth: hci2: command tx timeout [ 292.955410][ T8681] syz.3.789: attempt to access beyond end of device [ 292.955410][ T8681] loop3: rw=2049, sector=45096, nr_sectors = 128 limit=40427 [ 293.192242][ T8685] loop2: detected capacity change from 0 to 2048 [ 293.237423][ T8685] udf: Unknown parameter 'filecet' [ 293.593575][ T11] team0 (unregistering): Port device team_slave_1 removed [ 293.640562][ T11] team0 (unregistering): Port device team_slave_0 removed [ 294.040930][ T8661] netlink: 9 bytes leftover after parsing attributes in process `syz.4.791'. [ 294.052368][ T8661] gretap0: entered promiscuous mode [ 294.077076][ T8539] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 294.086242][ T8667] netlink: 5 bytes leftover after parsing attributes in process `syz.4.791'. [ 294.104085][ T8667] 0ªX¹¦D: renamed from gretap0 [ 294.112722][ T8667] 0ªX¹¦D: left promiscuous mode [ 294.117718][ T8667] 0ªX¹¦D: entered allmulticast mode [ 294.124963][ T8667] A link change request failed with some changes committed already. Interface 30ªX¹¦D may have been left with an inconsistent configuration, please check. [ 294.158203][ T8539] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 294.183496][ T8685] Process accounting resumed [ 294.234115][ T7024] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 294.375867][ T8689] loop4: detected capacity change from 0 to 512 [ 294.391349][ T8539] team0: Port device team_slave_0 added [ 294.432491][ T8539] team0: Port device team_slave_1 added [ 294.542537][ T8689] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 294.560838][ T5094] syz-executor: attempt to access beyond end of device [ 294.560838][ T5094] loop3: rw=2049, sector=45224, nr_sectors = 8 limit=40427 [ 294.606414][ T8689] ext4 filesystem being mounted at /47/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 294.625404][ T8696] loop2: detected capacity change from 0 to 512 [ 294.633330][ T5094] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 294.643583][ T8539] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 294.656914][ T29] audit: type=1800 audit(1720374879.458:92): pid=8689 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.797" name="file1" dev="loop4" ino=15 res=0 errno=0 [ 294.687585][ T8696] EXT4-fs: Ignoring removed nomblk_io_submit option [ 294.834573][ T8539] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 294.861810][ T29] audit: type=1800 audit(1720374879.468:93): pid=8689 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.797" name="file2" dev="loop4" ino=16 res=0 errno=0 [ 294.989227][ T8701] EXT4-fs error (device loop4): ext4_readdir:260: inode #12: block 32: comm syz.4.797: path /47/bus/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 295.357419][ T8696] EXT4-fs: old and new quota format mixing [ 295.385866][ T7024] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 295.397021][ T8539] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 295.467954][ T5148] usb 2-1: USB disconnect, device number 27 [ 295.514994][ T8696] loop2: detected capacity change from 0 to 4096 [ 295.572251][ T8705] loop1: detected capacity change from 0 to 512 [ 295.587412][ T8539] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 295.594387][ T8539] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 295.634080][ T8705] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 295.680361][ T8709] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 295.708116][ T8705] EXT4-fs (loop1): warning: checktime reached, running e2fsck is recommended [ 295.733307][ T8705] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c01c, mo2=0002] [ 295.744785][ T29] audit: type=1800 audit(1720374880.538:94): pid=8696 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.798" name="file1" dev="loop2" ino=15 res=0 errno=0 [ 295.765036][ C0] vkms_vblank_simulate: vblank timer overrun [ 295.787463][ T8539] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 295.802948][ T8705] System zones: 0-2, 18-18, 34-34 [ 295.809626][ T8705] EXT4-fs error (device loop1): ext4_orphan_get:1420: comm syz.1.801: bad orphan inode 15 [ 295.825472][ T8705] ext4_test_bit(bit=14, block=18) = 1 [ 295.871320][ T8705] is_bad_inode(inode)=0 [ 295.884282][ T8705] NEXT_ORPHAN(inode)=2264924160 [ 295.900818][ T8705] max_ino=32 [ 295.904059][ T8705] i_nlink=0 [ 295.922479][ T8705] EXT4-fs warning (device loop1): ext4_update_dynamic_rev:1137: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 296.030951][ T8705] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.801: bg 0: block 80: padding at end of block bitmap is not set [ 296.071272][ T8539] hsr_slave_0: entered promiscuous mode [ 296.103961][ T8705] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6551: Corrupt filesystem [ 296.104107][ T8539] hsr_slave_1: entered promiscuous mode [ 296.131880][ T8705] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 296.196960][ T8539] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 296.204596][ T8539] Cannot create hsr debugfs directory [ 296.412507][ T8724] loop3: detected capacity change from 0 to 256 [ 297.225805][ T8729] loop2: detected capacity change from 0 to 2048 [ 297.329659][ T8729] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 297.508096][ T5110] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 297.569826][ T8717] loop4: detected capacity change from 0 to 32768 [ 297.591537][ T8717] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.802 (8717) [ 297.672201][ T8717] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 297.728726][ T8717] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [ 297.807519][ T8717] BTRFS info (device loop4): using free-space-tree [ 297.846398][ T8740] loop2: detected capacity change from 0 to 2048 [ 297.860668][ T8740] udf: Unknown parameter 'filecet' [ 297.978168][ T8740] Process accounting resumed [ 298.311181][ T8774] loop3: detected capacity change from 0 to 512 [ 298.386623][ T8774] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 298.441549][ T7024] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 298.468673][ T8774] EXT4-fs (loop3): warning: checktime reached, running e2fsck is recommended [ 298.529126][ T8774] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c01c, mo2=0002] [ 298.552843][ T8774] System zones: 0-2, 18-18, 34-34 [ 298.564564][ T8774] EXT4-fs error (device loop3): ext4_orphan_get:1420: comm syz.3.808: bad orphan inode 15 [ 298.593175][ T8774] ext4_test_bit(bit=14, block=18) = 1 [ 298.625761][ T8774] is_bad_inode(inode)=0 [ 298.633570][ T8774] NEXT_ORPHAN(inode)=2264924160 [ 298.653572][ T8774] max_ino=32 [ 298.661150][ T8774] i_nlink=0 [ 298.671395][ T8774] EXT4-fs warning (device loop3): ext4_update_dynamic_rev:1137: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 298.743094][ T8774] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.808: bg 0: block 80: padding at end of block bitmap is not set [ 298.826087][ T8774] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6551: Corrupt filesystem [ 298.880021][ T8774] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 299.196898][ T8] usb 2-1: new high-speed USB device number 28 using dummy_hcd [ 300.157255][ T8] usb 2-1: Using ep0 maxpacket: 16 [ 300.163504][ T5094] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 300.177136][ T8] usb 2-1: New USB device found, idVendor=2770, idProduct=9050, bcdDevice=11.97 [ 300.201206][ T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 300.230814][ T8] usb 2-1: config 0 descriptor?? [ 300.261089][ T8] gspca_main: sq905c-2.14.0 probing 2770:9050 [ 300.276134][ T8539] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 300.326460][ T8539] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 300.353221][ T8539] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 300.372924][ T8789] loop3: detected capacity change from 0 to 2048 [ 300.406276][ T8539] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 300.447293][ T8791] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 300.567498][ T8789] loop3: detected capacity change from 2048 to 0 [ 300.608530][ T8772] loop2: detected capacity change from 0 to 32768 [ 300.614416][ T8789] syz.3.811: attempt to access beyond end of device [ 300.614416][ T8789] loop3: rw=0, sector=66, nr_sectors = 2 limit=0 [ 300.628980][ T8772] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 0 transid 8 /dev/loop2 (7:2) scanned by syz.2.807 (8772) [ 300.697137][ T8789] NILFS (loop3): I/O error reading b-tree node block (ino=16, blocknr=15) [ 300.725281][ T8789] NILFS (loop3): error -5 truncating bmap (ino=16) [ 300.759343][ T8772] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 300.781379][ T8793] netlink: 12 bytes leftover after parsing attributes in process `syz.1.810'. [ 300.797965][ T8772] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 300.807374][ T8772] BTRFS error (device loop2): superblock checksum mismatch [ 300.840310][ T8772] BTRFS error (device loop2): open_ctree failed [ 300.845314][ T8793] tipc: Started in network mode [ 300.868815][ T8793] tipc: Node identity , cluster identity 8 [ 300.907232][ T8539] 8021q: adding VLAN 0 to HW filter on device bond0 [ 300.994759][ T8] gspca_sq905c: sq905c_read: usb_control_msg failed (-110) [ 300.997602][ T8539] 8021q: adding VLAN 0 to HW filter on device team0 [ 301.020465][ T8] sq905c 2-1:0.0: Reading version command failed [ 301.059662][ T8] sq905c 2-1:0.0: probe with driver sq905c failed with error -110 [ 301.125327][ T5148] bridge0: port 1(bridge_slave_0) entered blocking state [ 301.132688][ T5148] bridge0: port 1(bridge_slave_0) entered forwarding state [ 301.241511][ T5148] bridge0: port 2(bridge_slave_1) entered blocking state [ 301.248642][ T5148] bridge0: port 2(bridge_slave_1) entered forwarding state [ 301.260186][ T5094] syz-executor: attempt to access beyond end of device [ 301.260186][ T5094] loop3: rw=0, sector=92, nr_sectors = 2 limit=0 [ 301.301530][ T5094] NILFS (loop3): I/O error reading meta-data file (ino=3, block-offset=130) [ 301.345376][ T5094] syz-executor: attempt to access beyond end of device [ 301.345376][ T5094] loop3: rw=0, sector=92, nr_sectors = 2 limit=0 [ 301.414046][ T5094] NILFS (loop3): I/O error reading meta-data file (ino=3, block-offset=130) [ 301.451077][ T5094] NILFS error (device loop3): nilfs_readdir: bad page in #12 [ 301.477626][ T5094] syz-executor: attempt to access beyond end of device [ 301.477626][ T5094] loop3: rw=395265, sector=2040, nr_sectors = 2 limit=0 [ 301.558516][ T5094] buffer_io_error: 25 callbacks suppressed [ 301.558637][ T5094] Buffer I/O error on dev loop3, logical block 1020, lost sync page write [ 301.619617][ T5094] NILFS (loop3): unable to write superblock: err=-5 [ 301.646037][ T5094] syz-executor: attempt to access beyond end of device [ 301.646037][ T5094] loop3: rw=395265, sector=2, nr_sectors = 2 limit=0 [ 301.728927][ T5094] Buffer I/O error on dev loop3, logical block 1, lost sync page write [ 301.760626][ T5094] NILFS (loop3): unable to write superblock: err=-5 [ 301.806951][ T5094] Remounting filesystem read-only [ 301.852721][ T5094] NILFS (loop3): disposed unprocessed dirty file(s) when detaching log writer [ 301.893404][ T5094] NILFS (loop3): discard dirty page: offset=0, ino=2 [ 301.931879][ T5094] NILFS (loop3): discard dirty block: blocknr=18, size=1024 [ 301.991271][ T5094] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 302.021262][ T8] usb 2-1: USB disconnect, device number 28 [ 302.057781][ T5094] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 302.084866][ T8539] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 302.106035][ T5094] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 302.134305][ T5094] NILFS (loop3): discard dirty page: offset=0, ino=6 [ 302.293073][ T5094] NILFS (loop3): discard dirty block: blocknr=35, size=1024 [ 302.346903][ T5094] NILFS (loop3): discard dirty block: blocknr=36, size=1024 [ 302.357155][ T5094] NILFS (loop3): discard dirty block: blocknr=37, size=1024 [ 302.363562][ T8817] loop1: detected capacity change from 0 to 2048 [ 302.364454][ T5094] NILFS (loop3): discard dirty block: blocknr=38, size=1024 [ 302.387782][ T5094] NILFS (loop3): discard dirty page: offset=4096, ino=6 [ 302.394840][ T5094] NILFS (loop3): discard dirty block: blocknr=39, size=1024 [ 302.403929][ T5094] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 302.416993][ T5094] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 302.425959][ T5094] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 302.466635][ T8817] NILFS (loop1): invalid segment: Checksum error in segment payload [ 302.468203][ T8539] veth0_vlan: entered promiscuous mode [ 302.514597][ T8817] NILFS (loop1): trying rollback from an earlier position [ 302.553398][ T8539] veth1_vlan: entered promiscuous mode [ 302.647099][ T8817] NILFS (loop1): recovery complete [ 302.666475][ T8824] netlink: 'syz.3.812': attribute type 29 has an invalid length. [ 302.674941][ T8823] loop4: detected capacity change from 0 to 512 [ 302.693601][ T8825] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 302.725872][ T8539] veth0_macvtap: entered promiscuous mode [ 302.740779][ T8823] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 302.828895][ T8824] netlink: 'syz.3.812': attribute type 29 has an invalid length. [ 302.871560][ T8823] EXT4-fs (loop4): warning: checktime reached, running e2fsck is recommended [ 302.912702][ T8823] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c01c, mo2=0002] [ 302.930871][ T8539] veth1_macvtap: entered promiscuous mode [ 302.946955][ T8823] System zones: 0-2, 18-18, 34-34 [ 302.959458][ T8823] EXT4-fs error (device loop4): ext4_orphan_get:1420: comm syz.4.815: bad orphan inode 15 [ 302.967484][ T8831] netlink: 28 bytes leftover after parsing attributes in process `syz.1.814'. [ 303.018801][ T8823] ext4_test_bit(bit=14, block=18) = 1 [ 303.035157][ T8823] is_bad_inode(inode)=0 [ 303.070834][ T8539] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 303.083754][ T8823] NEXT_ORPHAN(inode)=2264924160 [ 303.100328][ T8823] max_ino=32 [ 303.115701][ T8823] i_nlink=0 [ 303.129002][ T8539] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 303.143563][ T8823] EXT4-fs warning (device loop4): ext4_update_dynamic_rev:1137: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 303.193136][ T8539] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 303.239411][ T8823] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.815: bg 0: block 80: padding at end of block bitmap is not set [ 303.260314][ T8539] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 303.304844][ T8539] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 303.326887][ T8823] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6551: Corrupt filesystem [ 303.366863][ T8539] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 303.383300][ T8823] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 303.406986][ T8539] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 303.440472][ T8539] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 303.500788][ T8539] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 303.644886][ T8539] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 303.727968][ T8539] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 303.800967][ T8539] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 304.337285][ T8539] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 304.420475][ T8844] loop1: detected capacity change from 0 to 2048 [ 304.446762][ T8539] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 304.478139][ T8844] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 304.510210][ T8539] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 304.558103][ T8539] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 304.606916][ T8539] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 304.636684][ T8539] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 304.658184][ T7024] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 304.662875][ T8539] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 304.676203][ T8539] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 304.688032][ T8539] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 304.699729][ T8539] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 305.102057][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 305.145398][ T8859] loop4: detected capacity change from 0 to 2048 [ 305.146834][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 305.158022][ T8859] udf: Unknown parameter 'filecet' [ 305.238072][ T8] usb 2-1: new high-speed USB device number 29 using dummy_hcd [ 305.247486][ T51] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 305.287748][ T51] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 305.449185][ T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 305.450950][ T8858] Process accounting resumed [ 305.477303][ T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 305.493224][ T8] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 305.506534][ T8] usb 2-1: New USB device found, idVendor=18d1, idProduct=5030, bcdDevice= 0.00 [ 305.515860][ T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 305.528616][ T8] usb 2-1: config 0 descriptor?? [ 305.540888][ T8] usbhid 2-1:0.0: can't add hid device: -22 [ 305.547152][ T8] usbhid 2-1:0.0: probe with driver usbhid failed with error -22 [ 305.648748][ T8877] FAULT_INJECTION: forcing a failure. [ 305.648748][ T8877] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 305.764482][ T8877] CPU: 0 UID: 0 PID: 8877 Comm: syz.2.821 Not tainted 6.10.0-rc6-next-20240703-syzkaller #0 [ 305.774567][ T8877] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 305.784610][ T8877] Call Trace: [ 305.787878][ T8877] [ 305.790797][ T8877] dump_stack_lvl+0x241/0x360 [ 305.795464][ T8877] ? __pfx_dump_stack_lvl+0x10/0x10 [ 305.800650][ T8877] ? __pfx__printk+0x10/0x10 [ 305.805249][ T8877] ? __pfx_lock_release+0x10/0x10 [ 305.810260][ T8877] ? vfs_write+0x7c4/0xc90 [ 305.814658][ T8877] should_fail_ex+0x3b0/0x4e0 [ 305.819335][ T8877] _copy_from_user+0x2f/0xe0 [ 305.823912][ T8877] __sys_bpf+0x1a4/0x810 [ 305.828141][ T8877] ? __pfx___sys_bpf+0x10/0x10 [ 305.832895][ T8877] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 305.838862][ T8877] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 305.845171][ T8877] ? do_syscall_64+0x100/0x230 [ 305.849917][ T8877] __x64_sys_bpf+0x7c/0x90 [ 305.854316][ T8877] do_syscall_64+0xf3/0x230 [ 305.858800][ T8877] ? clear_bhb_loop+0x35/0x90 [ 305.863463][ T8877] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 305.869352][ T8877] RIP: 0033:0x7f1d5c975bd9 [ 305.873781][ T8877] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 305.893405][ T8877] RSP: 002b:00007f1d5d689048 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 305.901839][ T8877] RAX: ffffffffffffffda RBX: 00007f1d5cb03f60 RCX: 00007f1d5c975bd9 [ 305.909825][ T8877] RDX: 0000000000000048 RSI: 00000000200017c0 RDI: 0000000000000005 [ 305.917822][ T8877] RBP: 00007f1d5d6890a0 R08: 0000000000000000 R09: 0000000000000000 [ 305.925800][ T8877] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 305.933779][ T8877] R13: 000000000000000b R14: 00007f1d5cb03f60 R15: 00007fff230f48c8 [ 305.941763][ T8877] [ 306.046058][ T8882] kvm: pic: non byte read [ 306.084116][ T8885] ip6gretap0 speed is unknown, defaulting to 1000 [ 306.097644][ T8885] ip6gretap0 speed is unknown, defaulting to 1000 [ 306.109570][ T8888] netlink: 209844 bytes leftover after parsing attributes in process `syz.4.820'. [ 306.110958][ T8885] ip6gretap0 speed is unknown, defaulting to 1000 [ 306.163655][ T8884] loop1: detected capacity change from 0 to 1024 [ 306.607451][ T8885] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 306.721712][ T8885] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 306.795952][ T8893] loop0: detected capacity change from 0 to 1024 [ 306.829185][ T8884] loop1: detected capacity change from 0 to 512 [ 306.864504][ T8884] EXT4-fs: quotafile must be on filesystem root [ 306.866826][ T8] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 306.960107][ T8893] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 307.059095][ T8] usb 3-1: Using ep0 maxpacket: 16 [ 307.085977][ T8] usb 3-1: New USB device found, idVendor=2770, idProduct=9050, bcdDevice=11.97 [ 307.097041][ T8884] loop1: detected capacity change from 0 to 16 [ 307.191644][ T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 307.200388][ T8884] erofs: (device loop1): mounted with root inode @ nid 36. [ 307.237064][ T8] usb 3-1: config 0 descriptor?? [ 307.246549][ T8] gspca_main: sq905c-2.14.0 probing 2770:9050 [ 307.751313][ T8915] netlink: 12 bytes leftover after parsing attributes in process `syz.2.824'. [ 307.773897][ T8915] tipc: Started in network mode [ 307.779214][ T8915] tipc: Node identity , cluster identity 8 [ 307.797864][ T8885] ip6gretap0 speed is unknown, defaulting to 1000 [ 307.868402][ T8885] ip6gretap0 speed is unknown, defaulting to 1000 [ 307.876046][ T8885] ip6gretap0 speed is unknown, defaulting to 1000 [ 307.917261][ T8917] loop0: detected capacity change from 0 to 512 [ 307.963741][ T8917] EXT4-fs: Mount option(s) incompatible with ext2 [ 307.970873][ T8] gspca_sq905c: sq905c_read: usb_control_msg failed (-110) [ 307.970902][ T8] sq905c 3-1:0.0: Reading version command failed [ 307.970968][ T8] sq905c 3-1:0.0: probe with driver sq905c failed with error -110 [ 308.092701][ T8885] ip6gretap0 speed is unknown, defaulting to 1000 [ 308.291535][ T8885] ip6gretap0 speed is unknown, defaulting to 1000 [ 308.439124][ T8926] loop0: detected capacity change from 0 to 512 [ 308.458510][ T928] usb 2-1: USB disconnect, device number 29 [ 308.480569][ T8926] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended [ 308.606980][ T8926] EXT4-fs (loop0): warning: checktime reached, running e2fsck is recommended [ 308.660230][ T8926] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c01c, mo2=0002] [ 308.708316][ T8926] System zones: 0-2, 18-18, 34-34 [ 308.777176][ T8926] EXT4-fs error (device loop0): ext4_orphan_get:1420: comm syz.0.827: bad orphan inode 15 [ 308.845637][ T8926] ext4_test_bit(bit=14, block=18) = 1 [ 308.868159][ T8926] is_bad_inode(inode)=0 [ 308.887561][ T8926] NEXT_ORPHAN(inode)=2264924160 [ 308.893398][ T8926] max_ino=32 [ 308.897871][ T8926] i_nlink=0 [ 308.921720][ T8926] EXT4-fs warning (device loop0): ext4_update_dynamic_rev:1137: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 308.984912][ T8926] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.827: bg 0: block 80: padding at end of block bitmap is not set [ 309.062666][ T8926] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6551: Corrupt filesystem [ 309.115578][ T8926] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 309.301583][ T8939] loop4: detected capacity change from 0 to 2048 [ 309.308094][ T8] usb 2-1: new high-speed USB device number 30 using dummy_hcd [ 309.377690][ T5100] Bluetooth: hci0: command 0x080f tx timeout [ 309.987066][ T8939] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 310.008353][ T928] usb 3-1: USB disconnect, device number 20 [ 310.012403][ T8539] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 310.136820][ T8] usb 2-1: Using ep0 maxpacket: 32 [ 310.148404][ T8] usb 2-1: config 1 has an invalid descriptor of length 122, skipping remainder of the config [ 310.218378][ T8] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 310.254213][ T8] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 310.280272][ T8948] ip6gretap0 speed is unknown, defaulting to 1000 [ 310.318311][ T8] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 310.343299][ T8] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 310.375026][ T8] usb 2-1: Product: syz [ 310.392970][ T8] usb 2-1: Manufacturer: syz [ 310.417869][ T8] usb 2-1: SerialNumber: syz [ 310.445798][ T8954] loop0: detected capacity change from 0 to 2048 [ 310.511636][ T8954] udf: Unknown parameter 'filecet' [ 310.658286][ T8] cdc_ncm 2-1:1.0: CDC Union missing and no IAD found [ 310.673673][ T8958] netlink: 'syz.4.832': attribute type 12 has an invalid length. [ 310.681513][ T8958] netlink: 197276 bytes leftover after parsing attributes in process `syz.4.832'. [ 310.729727][ T8965] wg2: entered promiscuous mode [ 310.736684][ T8] cdc_ncm 2-1:1.0: bind() failure [ 310.760754][ T8965] wg2: entered allmulticast mode [ 310.786892][ T8] usb 2-1: USB disconnect, device number 30 [ 310.999819][ T8954] Process accounting resumed [ 311.282359][ T8980] kvm: pic: non byte read [ 311.312688][ T8981] loop3: detected capacity change from 0 to 512 [ 311.355126][ T8988] loop2: detected capacity change from 0 to 512 [ 311.401173][ T8981] EXT4-fs: Ignoring removed nomblk_io_submit option [ 311.433374][ T8988] EXT4-fs: Mount option(s) incompatible with ext2 [ 311.600376][ T8981] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 311.744021][ T5110] syz-executor (5110) used greatest stack depth: 17976 bytes left [ 312.305433][ T8981] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 312.380257][ T8981] ext4 filesystem being mounted at /172/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 312.424882][ T9003] loop4: detected capacity change from 0 to 512 [ 312.479636][ T9003] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 312.501306][ T8981] EXT4-fs error (device loop3): ext4_xattr_block_get:596: inode #15: comm syz.3.834: corrupted xattr block 19: invalid ea_ino [ 312.515486][ T9003] EXT4-fs (loop4): warning: checktime reached, running e2fsck is recommended [ 312.555449][ T9003] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c01c, mo2=0002] [ 312.590837][ T9003] System zones: 0-2, 18-18, 34-34 [ 312.614977][ T9003] EXT4-fs error (device loop4): ext4_orphan_get:1420: comm syz.4.840: bad orphan inode 15 [ 312.630843][ T9008] siw: device registration error -23 [ 312.675141][ T9003] ext4_test_bit(bit=14, block=18) = 1 [ 312.711411][ T9003] is_bad_inode(inode)=0 [ 312.715598][ T9003] NEXT_ORPHAN(inode)=2264924160 [ 312.738282][ T9003] max_ino=32 [ 312.741365][ T2845] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 312.741494][ T9003] i_nlink=0 [ 312.741556][ T9003] EXT4-fs warning (device loop4): ext4_update_dynamic_rev:1137: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 312.846070][ T9003] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.840: bg 0: block 80: padding at end of block bitmap is not set [ 312.927301][ T9003] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6551: Corrupt filesystem [ 312.984403][ T9003] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 312.992465][ T9008] netlink: 209844 bytes leftover after parsing attributes in process `syz.2.839'. [ 313.073630][ T5094] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 313.109094][ T2845] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 313.150131][ T5100] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 313.162771][ T5100] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 313.172404][ T5100] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 313.187978][ T5100] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 313.197721][ T5100] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 313.205274][ T5100] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 313.444900][ T8987] loop0: detected capacity change from 0 to 32768 [ 314.468138][ T8987] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.836 (8987) [ 314.701242][ T2845] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 314.702628][ T7024] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 314.760800][ T9016] ip6gretap0 speed is unknown, defaulting to 1000 [ 314.923081][ T5204] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 314.953994][ T2845] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 314.967706][ T9027] loop4: detected capacity change from 0 to 2048 [ 315.023417][ T9027] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 315.116911][ T5204] usb 4-1: Using ep0 maxpacket: 16 [ 315.130746][ T5204] usb 4-1: New USB device found, idVendor=2770, idProduct=9050, bcdDevice=11.97 [ 315.159817][ T5204] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 315.260119][ T5204] usb 4-1: config 0 descriptor?? [ 315.287047][ T5108] Bluetooth: hci4: command tx timeout [ 315.288826][ T5204] gspca_main: sq905c-2.14.0 probing 2770:9050 [ 315.732486][ T9029] loop0: detected capacity change from 0 to 32768 [ 315.772923][ T9029] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.843 (9029) [ 315.838627][ T9029] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 315.887209][ T9029] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 315.926500][ T9037] netlink: 12 bytes leftover after parsing attributes in process `syz.3.841'. [ 315.964501][ T9037] tipc: Started in network mode [ 315.973574][ T9037] tipc: Node identity , cluster identity 8 [ 315.984835][ T5204] gspca_sq905c: sq905c_read: usb_control_msg failed (-110) [ 315.993879][ T2845] bridge_slave_1: left allmulticast mode [ 316.000141][ T9029] BTRFS info (device loop0): using free-space-tree [ 316.007327][ T2845] bridge_slave_1: left promiscuous mode [ 316.014357][ T5204] sq905c 4-1:0.0: Reading version command failed [ 316.051349][ T2845] bridge0: port 2(bridge_slave_1) entered disabled state [ 316.066791][ T5204] sq905c 4-1:0.0: probe with driver sq905c failed with error -110 [ 316.103915][ T2845] bridge_slave_0: left allmulticast mode [ 316.139583][ T2845] bridge_slave_0: left promiscuous mode [ 316.156185][ T2845] bridge0: port 1(bridge_slave_0) entered disabled state [ 316.865639][ T8539] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 317.103003][ T9058] loop2: detected capacity change from 0 to 2048 [ 317.132809][ T9058] udf: Unknown parameter 'filecet' [ 317.373093][ T5108] Bluetooth: hci4: command tx timeout [ 317.541386][ T1243] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.547780][ T1243] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.661914][ T8] usb 4-1: USB disconnect, device number 26 [ 317.745177][ T29] audit: type=1326 audit(1720374902.548:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9064 comm="syz.3.847" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8151d75bd9 code=0x0 [ 317.894300][ T2845] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 317.914649][ T2845] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 317.924959][ T2845] bond0 (unregistering): Released all slaves [ 318.002668][ T9016] chnl_net:caif_netlink_parms(): no params data found [ 318.010777][ T9058] Process accounting resumed [ 318.280459][ T9074] loop4: detected capacity change from 0 to 512 [ 318.316955][ T9074] EXT4-fs: Mount option(s) incompatible with ext2 [ 318.458569][ T9084] FAULT_INJECTION: forcing a failure. [ 318.458569][ T9084] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 318.505938][ T9084] CPU: 1 UID: 0 PID: 9084 Comm: syz.2.851 Not tainted 6.10.0-rc6-next-20240703-syzkaller #0 [ 318.516064][ T9084] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 318.526140][ T9084] Call Trace: [ 318.529419][ T9084] [ 318.532343][ T9084] dump_stack_lvl+0x241/0x360 [ 318.537026][ T9084] ? __pfx_dump_stack_lvl+0x10/0x10 [ 318.542234][ T9084] ? __pfx__printk+0x10/0x10 [ 318.546824][ T9084] ? __pfx_lock_release+0x10/0x10 [ 318.551854][ T9084] should_fail_ex+0x3b0/0x4e0 [ 318.556533][ T9084] _copy_from_iter+0x1f6/0x1960 [ 318.561377][ T9084] ? __virt_addr_valid+0x183/0x530 [ 318.566483][ T9084] ? __pfx_lock_release+0x10/0x10 [ 318.571511][ T9084] ? __pfx__copy_from_iter+0x10/0x10 [ 318.576790][ T9084] ? __virt_addr_valid+0x183/0x530 [ 318.581909][ T9084] ? __virt_addr_valid+0x183/0x530 [ 318.587024][ T9084] ? __virt_addr_valid+0x45f/0x530 [ 318.592144][ T9084] ? __check_object_size+0x49c/0x900 [ 318.597429][ T9084] rawv6_send_hdrinc+0x8c9/0x1890 [ 318.602487][ T9084] ? __pfx_rawv6_send_hdrinc+0x10/0x10 [ 318.607960][ T9084] ? ip6_dst_hoplimit+0x95/0x340 [ 318.612902][ T9084] rawv6_sendmsg+0x1962/0x23c0 [ 318.617691][ T9084] ? __pfx_rawv6_sendmsg+0x10/0x10 [ 318.622814][ T9084] ? aa_sk_perm+0x967/0xab0 [ 318.627324][ T9084] ? inet_sendmsg+0x330/0x390 [ 318.631998][ T9084] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 318.637296][ T9084] ? security_socket_sendmsg+0x87/0xb0 [ 318.642773][ T9084] __sock_sendmsg+0x1a6/0x270 [ 318.647717][ T9084] sock_write_iter+0x2dd/0x400 [ 318.652485][ T9084] ? __pfx_sock_write_iter+0x10/0x10 [ 318.657776][ T9084] ? bpf_lsm_file_permission+0x9/0x10 [ 318.663138][ T9084] ? security_file_permission+0x7f/0xa0 [ 318.668688][ T9084] vfs_write+0xa72/0xc90 [ 318.672924][ T9084] ? __pfx_sock_write_iter+0x10/0x10 [ 318.678202][ T9084] ? __pfx_vfs_write+0x10/0x10 [ 318.682969][ T9084] ksys_write+0x1a0/0x2c0 [ 318.687295][ T9084] ? __pfx_ksys_write+0x10/0x10 [ 318.692137][ T9084] ? do_syscall_64+0x100/0x230 [ 318.696897][ T9084] ? do_syscall_64+0xb6/0x230 [ 318.701565][ T9084] do_syscall_64+0xf3/0x230 [ 318.706058][ T9084] ? clear_bhb_loop+0x35/0x90 [ 318.710730][ T9084] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 318.716615][ T9084] RIP: 0033:0x7f1d5c975bd9 [ 318.721019][ T9084] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 318.740617][ T9084] RSP: 002b:00007f1d5d689048 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 318.749028][ T9084] RAX: ffffffffffffffda RBX: 00007f1d5cb03f60 RCX: 00007f1d5c975bd9 [ 318.756991][ T9084] RDX: 0000000000000046 RSI: 0000000020000040 RDI: 0000000000000003 [ 318.764949][ T9084] RBP: 00007f1d5d6890a0 R08: 0000000000000000 R09: 0000000000000000 [ 318.772908][ T9084] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 318.780865][ T9084] R13: 000000000000000b R14: 00007f1d5cb03f60 R15: 00007fff230f48c8 [ 318.788845][ T9084] [ 318.932618][ T9016] bridge0: port 1(bridge_slave_0) entered blocking state [ 318.980770][ T9016] bridge0: port 1(bridge_slave_0) entered disabled state [ 319.017076][ T9016] bridge_slave_0: entered allmulticast mode [ 319.068725][ T9093] loop4: detected capacity change from 0 to 128 [ 319.084652][ T9016] bridge_slave_0: entered promiscuous mode [ 319.089288][ T9094] loop3: detected capacity change from 0 to 512 [ 319.113391][ T9094] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 319.169712][ T9093] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 319.182243][ T9094] EXT4-fs (loop3): warning: checktime reached, running e2fsck is recommended [ 319.210737][ T9093] ext4 filesystem being mounted at /61/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 319.273045][ T9094] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c01c, mo2=0002] [ 319.312738][ T9094] System zones: 0-2, 18-18, 34-34 [ 319.362136][ T9094] EXT4-fs error (device loop3): ext4_orphan_get:1420: comm syz.3.852: bad orphan inode 15 [ 319.387860][ T9016] bridge0: port 2(bridge_slave_1) entered blocking state [ 319.396056][ T9016] bridge0: port 2(bridge_slave_1) entered disabled state [ 319.399168][ T9094] ext4_test_bit(bit=14, block=18) = 1 [ 319.416075][ T9104] loop0: detected capacity change from 0 to 2048 [ 319.433038][ T9016] bridge_slave_1: entered allmulticast mode [ 319.438108][ T9094] is_bad_inode(inode)=0 [ 319.452892][ T5108] Bluetooth: hci4: command tx timeout [ 319.459128][ T9016] bridge_slave_1: entered promiscuous mode [ 319.466931][ T9094] NEXT_ORPHAN(inode)=2264924160 [ 319.471798][ T9094] max_ino=32 [ 319.474975][ T9094] i_nlink=0 [ 319.496050][ T9104] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 319.518864][ T9094] EXT4-fs warning (device loop3): ext4_update_dynamic_rev:1137: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 319.619149][ T9094] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.852: bg 0: block 80: padding at end of block bitmap is not set [ 319.681216][ T9094] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6551: Corrupt filesystem [ 319.740532][ T9094] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 319.741985][ T9016] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 320.490810][ T5094] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 320.616920][ T9016] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 320.857290][ T9016] team0: Port device team_slave_0 added [ 320.889275][ T2845] hsr_slave_0: left promiscuous mode [ 320.906246][ T2845] hsr_slave_1: left promiscuous mode [ 320.911710][ T5204] usb 4-1: new high-speed USB device number 27 using dummy_hcd [ 320.930707][ T2845] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 320.936101][ T9124] loop0: detected capacity change from 0 to 2048 [ 320.947214][ T2845] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 320.968235][ T2845] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 320.973364][ T9124] udf: Unknown parameter 'filecet' [ 321.000094][ T2845] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 321.090065][ T2845] veth1_macvtap: left promiscuous mode [ 321.104642][ T2845] veth0_macvtap: left promiscuous mode [ 321.110733][ T2845] veth1_vlan: left promiscuous mode [ 321.116847][ T5204] usb 4-1: Using ep0 maxpacket: 16 [ 321.119981][ T2845] veth0_vlan: left promiscuous mode [ 321.123841][ T5204] usb 4-1: New USB device found, idVendor=2770, idProduct=9050, bcdDevice=11.97 [ 321.136663][ T5204] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 321.165135][ T5204] usb 4-1: config 0 descriptor?? [ 321.177745][ T5204] gspca_main: sq905c-2.14.0 probing 2770:9050 [ 321.243403][ T9105] loop2: detected capacity change from 0 to 32768 [ 321.280535][ T9105] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.855 (9105) [ 321.342672][ T9105] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 321.386072][ T9105] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 321.412820][ T9105] BTRFS info (device loop2): using free-space-tree [ 321.527106][ T5108] Bluetooth: hci4: command tx timeout [ 321.887191][ T5204] gspca_sq905c: sq905c_read: usb_control_msg failed (-110) [ 322.307001][ T5204] sq905c 4-1:0.0: Reading version command failed [ 322.320837][ T5204] sq905c 4-1:0.0: probe with driver sq905c failed with error -110 [ 322.801279][ T7024] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 323.291328][ T2845] team0 (unregistering): Port device team_slave_1 removed [ 323.361958][ T2845] team0 (unregistering): Port device team_slave_0 removed [ 323.929135][ T9016] team0: Port device team_slave_1 added [ 323.935047][ T9141] netlink: 12 bytes leftover after parsing attributes in process `syz.3.857'. [ 323.944413][ T9141] tipc: Started in network mode [ 323.953724][ T9141] tipc: Node identity , cluster identity 8 [ 323.958576][ T9124] Process accounting resumed [ 324.077533][ T25] usb 4-1: USB disconnect, device number 27 [ 324.141180][ T5092] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 324.239216][ T9016] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 324.271501][ T9016] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 324.297478][ C0] vkms_vblank_simulate: vblank timer overrun [ 324.340593][ T9016] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 324.346356][ T9016] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 324.346377][ T9016] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 324.346402][ T9016] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 324.659411][ T9016] hsr_slave_0: entered promiscuous mode [ 324.691834][ T9016] hsr_slave_1: entered promiscuous mode [ 324.732245][ T9016] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 324.768410][ T9016] Cannot create hsr debugfs directory [ 325.416467][ T9182] loop0: detected capacity change from 0 to 512 [ 325.538822][ T9182] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended [ 325.549889][ T9183] loop4: detected capacity change from 0 to 2048 [ 325.581128][ T9182] EXT4-fs (loop0): warning: checktime reached, running e2fsck is recommended [ 325.584604][ T9183] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 325.607178][ T9186] loop2: detected capacity change from 0 to 512 [ 325.622576][ T9182] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c01c, mo2=0002] [ 325.634351][ T9182] System zones: 0-2, 18-18, 34-34 [ 325.708420][ T9182] EXT4-fs error (device loop0): ext4_orphan_get:1420: comm syz.0.867: bad orphan inode 15 [ 325.737496][ T9186] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 325.768681][ T9182] ext4_test_bit(bit=14, block=18) = 1 [ 325.791557][ T9182] is_bad_inode(inode)=0 [ 325.795761][ T9182] NEXT_ORPHAN(inode)=2264924160 [ 325.826982][ T9186] ext4 filesystem being mounted at /193/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 325.863994][ T9182] max_ino=32 [ 325.871807][ T9182] i_nlink=0 [ 325.919156][ T9182] EXT4-fs warning (device loop0): ext4_update_dynamic_rev:1137: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 325.963572][ T29] audit: type=1800 audit(1720374910.748:96): pid=9186 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.868" name="file1" dev="loop2" ino=15 res=0 errno=0 [ 326.147026][ T9182] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.867: bg 0: block 80: padding at end of block bitmap is not set [ 326.168253][ T9182] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6551: Corrupt filesystem [ 326.190192][ T29] audit: type=1800 audit(1720374910.758:97): pid=9186 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.868" name="file2" dev="loop2" ino=16 res=0 errno=0 [ 326.191566][ T9182] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 326.333367][ T9208] EXT4-fs error (device loop2): ext4_readdir:260: inode #12: block 32: comm syz.2.868: path /193/bus/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 326.682951][ T9206] loop4: detected capacity change from 0 to 2048 [ 326.703099][ T9206] udf: Unknown parameter 'filecet' [ 326.703364][ T5092] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 326.844731][ T9210] loop3: detected capacity change from 0 to 128 [ 326.972661][ T9210] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 326.977656][ T9206] Process accounting resumed [ 327.039821][ T9210] ext4 filesystem being mounted at /180/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 327.402809][ T5208] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 327.560310][ T9209] delete_channel: no stack [ 327.684946][ T8539] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 327.706935][ T5208] usb 5-1: Using ep0 maxpacket: 16 [ 327.717953][ T5094] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 327.737778][ T5208] usb 5-1: New USB device found, idVendor=2770, idProduct=9050, bcdDevice=11.97 [ 327.776994][ T5208] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 327.823717][ T5208] usb 5-1: config 0 descriptor?? [ 327.854390][ T5208] gspca_main: sq905c-2.14.0 probing 2770:9050 [ 328.178388][ T9016] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 328.200790][ T9016] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 328.223975][ T9016] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 328.249525][ T9016] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 328.360784][ T9225] netlink: 12 bytes leftover after parsing attributes in process `syz.4.873'. [ 328.369840][ T9225] tipc: Started in network mode [ 328.374777][ T9225] tipc: Node identity , cluster identity 8 [ 328.569730][ T5208] gspca_sq905c: sq905c_read: usb_control_msg failed (-110) [ 328.595501][ T9016] 8021q: adding VLAN 0 to HW filter on device bond0 [ 328.600183][ T9218] loop2: detected capacity change from 0 to 32768 [ 328.608830][ T5208] sq905c 5-1:0.0: Reading version command failed [ 328.621857][ T5208] sq905c 5-1:0.0: probe with driver sq905c failed with error -110 [ 328.634680][ T9218] XFS: ikeep mount option is deprecated. [ 328.720175][ T9218] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 328.792734][ T9016] 8021q: adding VLAN 0 to HW filter on device team0 [ 328.805446][ T5208] bridge0: port 1(bridge_slave_0) entered blocking state [ 328.813679][ T5208] bridge0: port 1(bridge_slave_0) entered forwarding state [ 328.843774][ T9238] loop0: detected capacity change from 0 to 128 [ 328.887709][ T9238] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 328.907495][ T5099] bridge0: port 2(bridge_slave_1) entered blocking state [ 328.914669][ T5099] bridge0: port 2(bridge_slave_1) entered forwarding state [ 328.934960][ T9238] ext4 filesystem being mounted at /15/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 329.162679][ T9221] loop3: detected capacity change from 0 to 32768 [ 329.811641][ T9221] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.875 (9221) [ 329.827573][ T9218] XFS (loop2): Ending clean mount [ 329.835977][ T8539] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 329.862802][ T9016] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 329.893859][ T9218] XFS (loop2): Quotacheck needed: Please wait. [ 329.929965][ T9221] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 330.060750][ T5208] usb 5-1: USB disconnect, device number 22 [ 330.076996][ T9221] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 330.085754][ T9221] BTRFS info (device loop3): using free-space-tree [ 330.162966][ T9218] XFS (loop2): Quotacheck: Done. [ 330.312011][ T29] audit: type=1800 audit(1720374915.118:98): pid=9218 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.871" name="bus" dev="loop2" ino=9290 res=0 errno=0 [ 330.475326][ T9016] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 331.294933][ T9016] veth0_vlan: entered promiscuous mode [ 331.307860][ T5094] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 331.309701][ T9016] veth1_vlan: entered promiscuous mode [ 331.440415][ T9016] veth0_macvtap: entered promiscuous mode [ 331.480280][ T9016] veth1_macvtap: entered promiscuous mode [ 331.609967][ T9016] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 331.646634][ T9293] loop0: detected capacity change from 0 to 2048 [ 331.664436][ T9016] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 331.692921][ T9293] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 331.708297][ T9016] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 331.759914][ T9016] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 331.798537][ T9016] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 331.826745][ T9016] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 331.842495][ T9016] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 331.876789][ T9016] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 331.903622][ T9016] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 331.935519][ T9299] loop3: detected capacity change from 0 to 256 [ 331.977253][ T9016] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 331.987657][ T5092] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 331.999362][ T9016] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 332.057031][ T9016] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 332.067985][ T9016] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 332.078659][ T9016] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 332.095674][ T9016] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 332.107466][ T9016] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 332.144564][ T9016] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 332.185553][ T9016] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 332.228417][ T9262] loop4: detected capacity change from 0 to 32768 [ 332.361279][ T9262] XFS (loop4): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 332.460840][ T9262] XFS (loop4): Ending clean mount [ 332.733828][ T9016] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 332.743249][ T9016] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 332.752179][ T9016] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 332.760996][ T9016] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 332.866942][ T928] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 333.007207][ T7024] XFS (loop4): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 333.196931][ T928] usb 1-1: Using ep0 maxpacket: 16 [ 333.234244][ T928] usb 1-1: New USB device found, idVendor=2770, idProduct=9050, bcdDevice=11.97 [ 333.294154][ T928] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 333.340635][ T51] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 333.374092][ T928] usb 1-1: config 0 descriptor?? [ 333.408358][ T51] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 333.435348][ T928] gspca_main: sq905c-2.14.0 probing 2770:9050 [ 333.586561][ T2825] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 333.627648][ T2825] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 333.653148][ T9327] loop3: detected capacity change from 0 to 512 [ 333.703751][ T9327] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 333.761514][ T9327] EXT4-fs (loop3): warning: checktime reached, running e2fsck is recommended [ 333.822296][ T9331] loop2: detected capacity change from 0 to 512 [ 333.834775][ T9327] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c01c, mo2=0002] [ 333.881777][ T9327] System zones: 0-2, 18-18, 34-34 [ 333.957084][ T9327] EXT4-fs error (device loop3): ext4_orphan_get:1420: comm syz.3.884: bad orphan inode 15 [ 333.959259][ T9331] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 333.980662][ T9327] ext4_test_bit(bit=14, block=18) = 1 [ 333.986064][ T9327] is_bad_inode(inode)=0 [ 333.990476][ T9327] NEXT_ORPHAN(inode)=2264924160 [ 334.005974][ T9327] max_ino=32 [ 334.009416][ T9327] i_nlink=0 [ 334.012590][ T9327] EXT4-fs warning (device loop3): ext4_update_dynamic_rev:1137: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 334.014220][ T9336] loop4: detected capacity change from 0 to 2048 [ 334.046948][ T9331] ext4 filesystem being mounted at /195/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 334.062233][ T9327] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.884: bg 0: block 80: padding at end of block bitmap is not set [ 334.120624][ T9338] netlink: 12 bytes leftover after parsing attributes in process `syz.0.882'. [ 334.121914][ T9336] udf: Unknown parameter 'filecet' [ 334.135046][ T9338] tipc: Started in network mode [ 334.140281][ T9338] tipc: Node identity , cluster identity 8 [ 334.162565][ T9327] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6551: Corrupt filesystem [ 334.173275][ T928] gspca_sq905c: sq905c_read: usb_control_msg failed (-110) [ 334.221706][ T928] sq905c 1-1:0.0: Reading version command failed [ 334.245947][ T29] audit: type=1800 audit(1720374919.038:99): pid=9331 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.881" name="file1" dev="loop2" ino=15 res=0 errno=0 [ 334.252541][ T928] sq905c 1-1:0.0: probe with driver sq905c failed with error -110 [ 334.439259][ T9327] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 334.463097][ T9331] EXT4-fs error (device loop2): ext4_readdir:260: inode #12: block 32: comm syz.2.881: path /195/bus/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 334.806288][ T9346] loop1: detected capacity change from 0 to 128 [ 334.816625][ T9336] Process accounting resumed [ 334.836963][ T29] audit: type=1800 audit(1720374919.098:100): pid=9342 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.881" name="file2" dev="loop2" ino=16 res=0 errno=0 [ 335.434967][ T9346] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 335.482205][ T9346] ext4 filesystem being mounted at /1/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 335.483372][ T5094] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 335.712349][ T9358] loop3: detected capacity change from 0 to 512 [ 335.727286][ T5208] usb 1-1: USB disconnect, device number 18 [ 335.786907][ T9358] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 335.798771][ T9341] delete_channel: no stack [ 335.834463][ T9358] EXT4-fs (loop3): warning: checktime reached, running e2fsck is recommended [ 335.845872][ T9358] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c01c, mo2=0002] [ 335.851575][ T9016] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 335.855281][ T9358] System zones: 0-2, 18-18, 34-34 [ 335.895269][ T9358] EXT4-fs error (device loop3): ext4_orphan_get:1420: comm syz.3.887: bad orphan inode 15 [ 335.935657][ T9358] ext4_test_bit(bit=14, block=18) = 1 [ 335.961555][ T9358] is_bad_inode(inode)=0 [ 335.996008][ T9358] NEXT_ORPHAN(inode)=2264924160 [ 336.001225][ T9358] max_ino=32 [ 336.004457][ T9358] i_nlink=0 [ 336.009269][ T9358] EXT4-fs warning (device loop3): ext4_update_dynamic_rev:1137: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 336.009954][ T9367] FAULT_INJECTION: forcing a failure. [ 336.009954][ T9367] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 336.063127][ T9367] CPU: 1 UID: 0 PID: 9367 Comm: syz.0.890 Not tainted 6.10.0-rc6-next-20240703-syzkaller #0 [ 336.073216][ T9367] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 336.083308][ T9367] Call Trace: [ 336.086576][ T9367] [ 336.089507][ T9367] dump_stack_lvl+0x241/0x360 [ 336.094192][ T9367] ? __pfx_dump_stack_lvl+0x10/0x10 [ 336.099394][ T9367] ? __pfx__printk+0x10/0x10 [ 336.103983][ T9367] ? snprintf+0xda/0x120 [ 336.108218][ T9367] should_fail_ex+0x3b0/0x4e0 [ 336.112895][ T9367] _copy_to_user+0x2f/0xb0 [ 336.117304][ T9367] simple_read_from_buffer+0xca/0x150 [ 336.122677][ T9367] proc_fail_nth_read+0x1e9/0x250 [ 336.127702][ T9367] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 336.133246][ T9367] ? rw_verify_area+0x520/0x6b0 [ 336.138115][ T9367] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 336.143657][ T9367] vfs_read+0x204/0xbc0 [ 336.147807][ T9367] ? __pfx_lock_release+0x10/0x10 [ 336.152825][ T9367] ? __pfx_vfs_read+0x10/0x10 [ 336.157582][ T9367] ? __fget_files+0x29/0x470 [ 336.162160][ T9367] ? __fget_files+0x3f6/0x470 [ 336.166834][ T9367] ksys_read+0x1a0/0x2c0 [ 336.171069][ T9367] ? __pfx_ksys_read+0x10/0x10 [ 336.175816][ T9367] ? do_syscall_64+0x100/0x230 [ 336.180613][ T9367] ? do_syscall_64+0xb6/0x230 [ 336.185276][ T9367] do_syscall_64+0xf3/0x230 [ 336.189765][ T9367] ? clear_bhb_loop+0x35/0x90 [ 336.194444][ T9367] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 336.200348][ T9367] RIP: 0033:0x7f5ffb7746bc [ 336.204751][ T9367] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48 [ 336.224374][ T9367] RSP: 002b:00007f5ffc4ea040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 336.232813][ T9367] RAX: ffffffffffffffda RBX: 00007f5ffb904038 RCX: 00007f5ffb7746bc [ 336.240788][ T9367] RDX: 000000000000000f RSI: 00007f5ffc4ea0b0 RDI: 0000000000000005 [ 336.248759][ T9367] RBP: 00007f5ffc4ea0a0 R08: 0000000000000000 R09: 0000000000000000 [ 336.256730][ T9367] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 336.264711][ T9367] R13: 000000000000006e R14: 00007f5ffb904038 R15: 00007ffceb77ea08 [ 336.272725][ T9367] [ 336.291722][ T9358] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.887: bg 0: block 80: padding at end of block bitmap is not set [ 336.361112][ T9358] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6551: Corrupt filesystem [ 336.373192][ T9358] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 336.441333][ T5092] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 336.468889][ T9369] FAULT_INJECTION: forcing a failure. [ 336.468889][ T9369] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 336.526803][ T9369] CPU: 1 UID: 0 PID: 9369 Comm: syz.4.891 Not tainted 6.10.0-rc6-next-20240703-syzkaller #0 [ 336.536921][ T9369] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 336.546996][ T9369] Call Trace: [ 336.550293][ T9369] [ 336.553235][ T9369] dump_stack_lvl+0x241/0x360 [ 336.557934][ T9369] ? __pfx_dump_stack_lvl+0x10/0x10 [ 336.563149][ T9369] ? __pfx__printk+0x10/0x10 [ 336.567768][ T9369] should_fail_ex+0x3b0/0x4e0 [ 336.572471][ T9369] _copy_from_user+0x2f/0xe0 [ 336.577075][ T9369] __se_sys_memfd_create+0x2a1/0x850 [ 336.582381][ T9369] do_syscall_64+0xf3/0x230 [ 336.586900][ T9369] ? clear_bhb_loop+0x35/0x90 [ 336.591595][ T9369] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 336.597502][ T9369] RIP: 0033:0x7fd0b3575bd9 [ 336.601927][ T9369] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 336.621554][ T9369] RSP: 002b:00007fd0b4272e28 EFLAGS: 00000206 ORIG_RAX: 000000000000013f [ 336.629991][ T9369] RAX: ffffffffffffffda RBX: 0000000000001115 RCX: 00007fd0b3575bd9 [ 336.637973][ T9369] RDX: 00007fd0b4272f00 RSI: 0000000000000000 RDI: 00007fd0b35e3d24 [ 336.645957][ T9369] RBP: 000000002000c1c0 R08: 00007fd0b4272bc7 R09: 00007fd0b4272e50 [ 336.653952][ T9369] R10: 000000000000000a R11: 0000000000000206 R12: 00000000200000c0 [ 336.661947][ T9369] R13: 00007fd0b4272f00 R14: 00007fd0b4272ec0 R15: 0000000020000480 [ 336.669951][ T9369] [ 336.758193][ T9373] loop0: detected capacity change from 0 to 512 [ 337.118893][ T9378] EXT4-fs error (device loop3): ext4_generic_delete_entry:2631: inode #2: block 3: comm syz.3.887: bad entry in directory: inode out of bounds - offset=0, inode=63, rec_len=12, size=4096 fake=1 [ 337.143979][ T9373] EXT4-fs (loop0): blocks per group (255) and clusters per group (8192) inconsistent [ 337.166762][ T9378] EXT4-fs error (device loop3) in ext4_delete_entry:2702: Corrupt filesystem [ 337.400827][ T9380] netlink: 44 bytes leftover after parsing attributes in process `syz.4.894'. [ 337.452490][ T9380] netlink: 43 bytes leftover after parsing attributes in process `syz.4.894'. [ 337.468438][ T9380] netlink: 'syz.4.894': attribute type 5 has an invalid length. [ 337.473247][ T5094] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 337.476158][ T9380] netlink: 43 bytes leftover after parsing attributes in process `syz.4.894'. [ 337.813969][ T9371] loop0: detected capacity change from 0 to 8192 [ 337.861693][ T9371] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 337.887956][ T9371] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 337.947662][ T9371] REISERFS (device loop0): using ordered data mode [ 338.001328][ T9371] reiserfs: using flush barriers [ 338.010712][ T5204] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 338.054107][ T9371] REISERFS warning (device loop0): sh-457 journal_init_dev: journal_init_dev: Cannot open './file0user_xattr': -2 [ 338.071820][ T9371] REISERFS warning (device loop0): sh-462 journal_init: unable to initialize journal device [ 338.163296][ T9371] REISERFS warning (device loop0): sh-2022 reiserfs_fill_super: unable to initialize journal space [ 338.219507][ T5204] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 338.229082][ T5204] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 338.272587][ T5204] usb 4-1: config 0 descriptor?? [ 338.296107][ T5204] cp210x 4-1:0.0: cp210x converter detected [ 338.522074][ T5204] cp210x 4-1:0.0: failed to get vendor val 0x370b size 1: -121 [ 338.551837][ T5204] cp210x 4-1:0.0: querying part number failed [ 338.576652][ T5204] usb 4-1: cp210x converter now attached to ttyUSB0 [ 338.770295][ T9388] netlink: 44 bytes leftover after parsing attributes in process `syz.3.896'. [ 338.797975][ T5142] usb 4-1: USB disconnect, device number 28 [ 338.837709][ T5142] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 338.862933][ T5142] cp210x 4-1:0.0: device disconnected [ 339.457879][ T9409] loop1: detected capacity change from 0 to 32768 [ 339.506992][ T9409] BTRFS: device fsid 3d39d0ba-bdae-447e-827b-b091e1a68885 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.905 (9409) [ 339.555028][ T9409] BTRFS info (device loop1): first mount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885 [ 339.596937][ T9409] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm [ 339.626557][ T9409] BTRFS info (device loop1): using free-space-tree [ 340.061382][ T9445] pimreg: entered allmulticast mode [ 340.098576][ T9445] pimreg: left allmulticast mode [ 340.225562][ T9016] BTRFS info (device loop1): last unmount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885 [ 340.310466][ T9434] loop0: detected capacity change from 0 to 32768 [ 340.320326][ T9434] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.912 (9434) [ 340.354625][ T9434] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 340.385011][ T9434] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 340.428477][ T9434] BTRFS info (device loop0): using free-space-tree [ 340.684954][ T9419] loop2: detected capacity change from 0 to 32768 [ 340.936362][ T8539] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 341.631509][ T9450] loop4: detected capacity change from 0 to 32768 [ 341.657714][ T9450] btrfs: Deprecated parameter 'usebackuproot' [ 341.678136][ T9450] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 341.706816][ T5204] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 341.719506][ T9450] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.917 (9450) [ 341.784295][ T9450] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 341.825331][ T9450] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm [ 341.911200][ T5204] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 341.920647][ T5204] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 341.934555][ T5204] usb 1-1: config 0 descriptor?? [ 341.944701][ T5204] cp210x 1-1:0.0: cp210x converter detected [ 341.992582][ T2816] BTRFS warning (device loop4): checksum verify failed on logical 5332992 mirror 1 wanted 0x0a5e5d25 found 0xb6fb6650 level 0 [ 342.088354][ T9450] BTRFS warning (device loop4): couldn't read tree root [ 342.112434][ T9450] BTRFS warning (device loop4): try to load backup roots slot 1 [ 342.120731][ T2816] BTRFS warning (device loop4): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x7a216cc0 level 0 [ 342.135739][ T9450] BTRFS warning (device loop4): couldn't read tree root [ 342.142891][ T9450] BTRFS warning (device loop4): try to load backup roots slot 2 [ 342.143649][ T5204] cp210x 1-1:0.0: failed to get vendor val 0x370b size 1: -121 [ 342.151565][ T2816] BTRFS error (device loop4): level verify failed on logical 5255168 mirror 1 wanted 0 found 1 [ 342.170934][ T9450] BTRFS warning (device loop4): couldn't read tree root [ 342.187138][ T9450] BTRFS warning (device loop4): try to load backup roots slot 3 [ 342.216806][ T5204] cp210x 1-1:0.0: querying part number failed [ 342.247096][ T5204] usb 1-1: cp210x converter now attached to ttyUSB0 [ 342.277687][ T9450] BTRFS info (device loop4): rebuilding free space tree [ 342.325245][ T9472] loop3: detected capacity change from 0 to 32768 [ 342.359877][ T9472] BTRFS: device fsid 3d39d0ba-bdae-447e-827b-b091e1a68885 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.919 (9472) [ 342.366846][ T9479] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 342.388922][ T9450] BTRFS info (device loop4): disabling free space tree [ 342.407696][ T9474] netlink: 44 bytes leftover after parsing attributes in process `syz.0.920'. [ 342.422491][ T9479] Bluetooth: hci3: Error when powering off device on rfkill (-4) [ 342.424101][ T9450] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 342.436900][ T9472] BTRFS info (device loop3): first mount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885 [ 342.486089][ T9] usb 1-1: USB disconnect, device number 19 [ 342.501739][ T9472] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 342.506577][ T9450] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 342.544812][ T9472] BTRFS info (device loop3): using free-space-tree [ 342.547331][ T9] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 342.580285][ T9] cp210x 1-1:0.0: device disconnected [ 343.040719][ T7024] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 343.272519][ T9479] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 343.292588][ T9479] Bluetooth: hci0: Error when powering off device on rfkill (-4) [ 343.312726][ T9546] pimreg: entered allmulticast mode [ 343.321909][ T5094] BTRFS info (device loop3): last unmount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885 [ 343.376898][ T9543] pimreg: left allmulticast mode [ 343.728309][ T9479] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 343.734267][ T9479] Bluetooth: hci2: Error when powering off device on rfkill (-4) [ 344.303051][ T9479] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 344.344519][ T9479] Bluetooth: hci4: Error when powering off device on rfkill (-4) [ 345.458219][ T9544] loop0: detected capacity change from 0 to 32768 [ 345.468021][ T9544] XFS: noikeep mount option is deprecated. [ 346.258678][ T9594] program syz.4.938 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 346.296902][ T9544] workqueue: Failed to create a rescuer kthread for wq "xfs-blockgc/loop0": -EINTR [ 346.718842][ T9562] loop1: detected capacity change from 0 to 32768 [ 346.749888][ T9562] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.933 (9562) [ 346.828543][ T9562] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 346.875482][ T9562] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 346.914367][ T9562] BTRFS info (device loop1): using free-space-tree [ 346.934442][ T9613] SET target dimension over the limit! [ 346.941832][ T9562] workqueue: Failed to create a rescuer kthread for wq "btrfs-worker": -EINTR [ 346.969725][ T9562] workqueue: Failed to create a rescuer kthread for wq "btrfs-delalloc": -EINTR [ 347.002776][ T9562] workqueue: Failed to create a rescuer kthread for wq "btrfs-flush_delalloc": -EINTR [ 347.040401][ T9562] workqueue: Failed to create a rescuer kthread for wq "btrfs-cache": -EINTR [ 347.127007][ T9562] workqueue: Failed to create a rescuer kthread for wq "btrfs-fixup": -EINTR [ 347.186677][ T9562] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio": -EINTR [ 347.219403][ T9562] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-meta": -EINTR [ 347.234078][ T9624] pimreg: entered allmulticast mode [ 347.246277][ T9562] workqueue: Failed to create a rescuer kthread for wq "btrfs-rmw": -EINTR [ 347.262106][ T9562] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-write": -EINTR [ 347.284993][ T9562] workqueue: Failed to create a rescuer kthread for wq "btrfs-compressed-write": -EINTR [ 347.329436][ T9562] workqueue: Failed to create a rescuer kthread for wq "btrfs-freespace-write": -EINTR [ 347.344100][ T9625] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 [ 347.358080][ T9562] workqueue: Failed to create a rescuer kthread for wq "btrfs-delayed-meta": -EINTR [ 347.363174][ T9624] pimreg: left allmulticast mode [ 347.384689][ T9562] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR [ 347.394696][ T9562] BTRFS error (device loop1): open_ctree failed [ 347.752359][ T9599] loop3: detected capacity change from 0 to 32768 [ 347.800913][ T9599] BTRFS: device fsid 3d39d0ba-bdae-447e-827b-b091e1a68885 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.939 (9599) [ 347.879499][ T9599] BTRFS info (device loop3): first mount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885 [ 348.131948][ T9599] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 348.391718][ T9599] BTRFS info (device loop3): using free-space-tree [ 350.510231][ T5094] BTRFS info (device loop3): last unmount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885 [ 350.776038][ T9687] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 [ 351.872151][ T9714] pimreg: entered allmulticast mode [ 351.895552][ T9714] pimreg: left allmulticast mode [ 352.026352][ T9] usb 1-1: new low-speed USB device number 20 using dummy_hcd [ 352.084578][ T9721] Cannot find del_set index 0 as target [ 352.255237][ T9] usb 1-1: config index 0 descriptor too short (expected 1307, got 27) [ 352.266806][ T9] usb 1-1: config 0 has an invalid interface number: 0 but max is -1 [ 352.307021][ T9] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 0 [ 352.319453][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 is Bulk; changing to Interrupt [ 352.353021][ T9] usb 1-1: string descriptor 0 read error: -22 [ 352.366047][ T9] usb 1-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=c3.de [ 352.402096][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 352.445754][ T9] usb 1-1: config 0 descriptor?? [ 352.462018][ T9699] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 352.472808][ T9] hub 1-1:0.0: bad descriptor, ignoring hub [ 352.492765][ T9] hub 1-1:0.0: probe with driver hub failed with error -5 [ 352.534884][ T9] input: USB Acecad 302 Tablet 0460:0008 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input17 [ 352.684598][ T928] usb 1-1: USB disconnect, device number 20 [ 352.684608][ C1] usb_acecad 1-1:0.0: can't resubmit intr, dummy_hcd.0-1/input0, status -19 [ 353.712709][ T9727] loop3: detected capacity change from 0 to 32768 [ 353.752321][ T9727] BTRFS: device fsid 3d39d0ba-bdae-447e-827b-b091e1a68885 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.964 (9727) [ 353.846771][ T9727] BTRFS info (device loop3): first mount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885 [ 353.920249][ T9727] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 354.128379][ T9727] BTRFS info (device loop3): using free-space-tree [ 354.857558][ T9790] SET target dimension over the limit! [ 355.652277][ T5094] BTRFS info (device loop3): last unmount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885 [ 356.673930][ T9825] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 356.908236][ T9825] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:1) [ 356.957600][ T9825] bridge_slave_0: default FDB implementation only supports local addresses [ 357.112098][ T9832] SET target dimension over the limit! [ 357.497882][ T9849] netlink: 36 bytes leftover after parsing attributes in process `syz.1.993'. [ 357.526899][ T9849] tipc: Started in network mode [ 357.542647][ T9849] tipc: Node identity 6, cluster identity 4711 [ 357.566875][ T9849] tipc: Node number set to 6 [ 358.092558][ T5100] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 358.179435][ T5100] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 358.189422][ T5100] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 358.199061][ T5100] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 358.207740][ T5100] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 358.215363][ T5100] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 358.268253][ T5108] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 358.279904][ T5108] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 358.287575][ T5108] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 358.296339][ T5108] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 358.323391][ T5108] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 358.331376][ T5108] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 359.141836][ T2825] netdevsim netdevsim2 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 359.153974][ T2825] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 359.215264][ T9865] ip6gretap0 speed is unknown, defaulting to 1000 [ 359.224048][ T9835] loop4: detected capacity change from 0 to 32768 [ 359.255207][ T9835] BTRFS: device fsid 3d39d0ba-bdae-447e-827b-b091e1a68885 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.989 (9835) [ 359.334403][ T9835] BTRFS info (device loop4): first mount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885 [ 359.372051][ T9884] netlink: 220 bytes leftover after parsing attributes in process `syz.0.1004'. [ 359.390767][ T2825] netdevsim netdevsim2 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 359.407568][ T9835] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm [ 359.416446][ T9835] BTRFS info (device loop4): using free-space-tree [ 359.424203][ T9884] unsupported nlmsg_type 40 [ 359.439249][ T2825] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 359.630890][ T9911] EXT4-fs warning (device sda1): verify_group_input:137: Cannot add at group 262161 (only 8 groups) [ 359.640652][ T2825] netdevsim netdevsim2 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 359.663477][ T2825] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 359.785288][ T9918] loop1: detected capacity change from 0 to 512 [ 359.836277][ T9918] EXT4-fs: Ignoring removed bh option [ 359.859652][ T9918] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem [ 359.912691][ T2825] netdevsim netdevsim2 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 359.924302][ T2825] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 359.966345][ T9918] EXT4-fs (loop1): 1 truncate cleaned up [ 359.974662][ T9918] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 360.143745][ T7024] BTRFS info (device loop4): last unmount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885 [ 360.418471][ T5108] Bluetooth: hci1: command tx timeout [ 360.835203][ T9016] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 361.102929][ C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 361.219141][ T9865] chnl_net:caif_netlink_parms(): no params data found [ 361.344523][ T2825] bridge_slave_1: left allmulticast mode [ 361.373160][ T2825] bridge_slave_1: left promiscuous mode [ 361.415614][ T2825] bridge0: port 2(bridge_slave_1) entered disabled state [ 361.464013][ T2825] bridge_slave_0: left allmulticast mode [ 361.500224][ T2825] bridge_slave_0: left promiscuous mode [ 361.522778][ T2825] bridge0: port 1(bridge_slave_0) entered disabled state [ 361.601066][ T9954] loop0: detected capacity change from 0 to 1024 [ 361.674635][ T9954] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 361.721159][ T9960] loop1: detected capacity change from 0 to 512 [ 361.803525][ T9960] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 361.839206][ T9960] ext4 filesystem being mounted at /34/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 361.903239][ T9960] Quota error (device loop1): find_tree_dqentry: Cycle in quota tree detected: block 3 index 0 [ 361.965073][ T9960] Quota error (device loop1): qtree_read_dquot: Can't read quota structure for id 0 [ 362.026814][ T9960] EXT4-fs error (device loop1): ext4_acquire_dquot:6862: comm syz.1.1025: Failed to acquire dquot type 0 [ 362.030314][ T8539] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 362.128100][ T9016] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 362.361127][ T9955] loop3: detected capacity change from 0 to 32768 [ 362.373937][ T9955] BTRFS: device fsid 3d39d0ba-bdae-447e-827b-b091e1a68885 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1024 (9955) [ 362.398794][ T9955] BTRFS info (device loop3): first mount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885 [ 362.413358][ T9955] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 362.423070][ T9955] BTRFS info (device loop3): using free-space-tree [ 362.495459][ T5108] Bluetooth: hci1: command tx timeout [ 362.821278][ T5094] BTRFS info (device loop3): last unmount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885 [ 362.990204][ T2825] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 363.022880][ T2825] bond_slave_0: left allmulticast mode [ 363.052101][ T2825] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 363.071665][ T2825] bond_slave_1: left allmulticast mode [ 363.089333][ T2825] bond0 (unregistering): Released all slaves [ 363.398091][T10018] Cannot find del_set index 0 as target [ 363.464648][ C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 363.704836][ T9865] bridge0: port 1(bridge_slave_0) entered blocking state [ 363.741953][ T9865] bridge0: port 1(bridge_slave_0) entered disabled state [ 363.777895][ T9865] bridge_slave_0: entered allmulticast mode [ 363.810305][ T9865] bridge_slave_0: entered promiscuous mode [ 363.920811][ T29] audit: type=1326 audit(1720374948.718:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10041 comm="syz.4.1046" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd0b3575bd9 code=0x0 [ 363.953974][ T9865] bridge0: port 2(bridge_slave_1) entered blocking state [ 363.971517][ T9865] bridge0: port 2(bridge_slave_1) entered disabled state [ 364.000368][ T9865] bridge_slave_1: entered allmulticast mode [ 364.029415][ T9865] bridge_slave_1: entered promiscuous mode [ 364.252184][ T9865] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 364.338653][ T9865] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 364.489142][T10068] netlink: 80 bytes leftover after parsing attributes in process `syz.0.1053'. [ 364.562968][ T9865] team0: Port device team_slave_0 added [ 364.569736][ T5108] Bluetooth: hci1: command tx timeout [ 364.633099][ T9865] team0: Port device team_slave_1 added [ 364.720634][ T9865] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 364.746833][ T9865] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 364.783993][ T9865] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 364.795055][ T5204] usb 2-1: new low-speed USB device number 31 using dummy_hcd [ 364.825110][ T9865] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 364.835467][ T9865] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 364.864006][ T9865] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 364.896237][T10073] loop4: detected capacity change from 0 to 1024 [ 365.109097][ T5204] usb 2-1: config index 0 descriptor too short (expected 1307, got 27) [ 365.126951][ T5204] usb 2-1: config 0 has an invalid interface number: 0 but max is -1 [ 365.145751][ T5204] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 0 [ 365.155412][ T5204] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 is Bulk; changing to Interrupt [ 365.169704][ T5204] usb 2-1: string descriptor 0 read error: -22 [ 365.176003][ T5204] usb 2-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=c3.de [ 365.190998][ T9865] hsr_slave_0: entered promiscuous mode [ 365.218967][ T5204] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 365.230263][ T9865] hsr_slave_1: entered promiscuous mode [ 365.270165][T10076] hfsplus: xattr search failed [ 365.291519][ T5204] usb 2-1: config 0 descriptor?? [ 365.297441][T10070] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 365.298296][ T9865] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 365.317510][ T5204] hub 2-1:0.0: bad descriptor, ignoring hub [ 365.337412][ T9865] Cannot create hsr debugfs directory [ 365.344483][ T5204] hub 2-1:0.0: probe with driver hub failed with error -5 [ 365.363253][ T5204] input: USB Acecad 302 Tablet 0460:0008 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input18 [ 365.368996][ T2825] hsr_slave_0: left promiscuous mode [ 365.403923][ T2825] hsr_slave_1: left promiscuous mode [ 365.447774][ T2825] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 365.469982][ T2825] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 365.499573][ T2825] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 365.516248][ T2825] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 365.559759][ T25] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 365.577960][ T8] usb 2-1: USB disconnect, device number 31 [ 365.629349][ T2825] veth1_macvtap: left promiscuous mode [ 365.634944][ T2825] veth0_macvtap: left promiscuous mode [ 365.662860][ T2825] veth1_vlan: left promiscuous mode [ 365.687080][ T2825] veth0_vlan: left promiscuous mode [ 365.756767][ T25] usb 1-1: Using ep0 maxpacket: 16 [ 365.764164][ T25] usb 1-1: New USB device found, idVendor=2770, idProduct=9050, bcdDevice=11.97 [ 365.782216][ T25] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 365.804010][ T25] usb 1-1: config 0 descriptor?? [ 365.823795][ T25] gspca_main: sq905c-2.14.0 probing 2770:9050 [ 366.418469][ T25] gspca_sq905c: sq905c_read: usb_control_msg failed (-32) [ 366.425617][ T25] sq905c 1-1:0.0: Reading version command failed [ 366.471589][ T25] sq905c 1-1:0.0: probe with driver sq905c failed with error -32 [ 366.576841][ T5099] usb 2-1: new high-speed USB device number 32 using dummy_hcd [ 366.641915][T10078] loop3: detected capacity change from 0 to 32768 [ 366.657802][ T5108] Bluetooth: hci1: command tx timeout [ 366.723496][T10078] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 366.811238][T10078] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 366.818345][ T5099] usb 2-1: Using ep0 maxpacket: 8 [ 366.860633][ T5099] usb 2-1: config 0 has an invalid interface number: 52 but max is 0 [ 366.872880][ T5099] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 366.948839][ T5099] usb 2-1: config 0 has no interface number 0 [ 366.954988][ T5099] usb 2-1: config 0 interface 52 altsetting 1 endpoint 0xFF has an invalid bInterval 0, changing to 7 [ 366.996460][ T5099] usb 2-1: config 0 interface 52 altsetting 1 endpoint 0xFF has invalid maxpacket 59391, setting to 1024 [ 367.086736][ T5099] usb 2-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 367.105037][T10078] gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents in 0ms [ 367.130443][ T5099] usb 2-1: config 0 interface 52 has no altsetting 0 [ 367.158223][ T5099] usb 2-1: New USB device found, idVendor=06cb, idProduct=0007, bcdDevice= 8.00 [ 367.170088][ T25] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 367.180447][ T5099] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 367.189306][ T25] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 367.221212][ T5099] usb 2-1: config 0 descriptor?? [ 367.421109][ T2825] team0 (unregistering): Port device team_slave_1 removed [ 367.442504][T10081] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 367.465574][T10081] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 367.488005][ T5099] input: USB Synaptics Device 06cb:0007 (Stick) as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.52/input/input19 [ 367.560865][ T25] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 371ms [ 367.630544][ T25] gfs2: fsid=syz:syz.0: jid=0: Done [ 367.677670][T10078] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 367.794972][ T2825] team0 (unregistering): Port device team_slave_0 removed [ 367.811548][ T5148] usb 2-1: USB disconnect, device number 32 [ 369.058367][T10082] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1058'. [ 369.078043][T10082] tipc: Started in network mode [ 369.103253][T10082] tipc: Node identity , cluster identity 8 [ 369.201658][ T9] usb 1-1: USB disconnect, device number 21 [ 369.248650][T10102] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1065'. [ 369.755186][T10114] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 [ 369.932669][ T25] usb 1-1: new high-speed USB device number 22 using dummy_hcd [ 370.148654][ T25] usb 1-1: New USB device found, idVendor=59cc, idProduct=980d, bcdDevice=b4.8e [ 370.192322][ T25] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 370.249115][ T25] usb 1-1: config 0 descriptor?? [ 370.268177][ T25] usb-storage 1-1:0.0: USB Mass Storage device detected [ 370.490034][ T25] usb 1-1: USB disconnect, device number 22 [ 372.423380][ T9865] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 372.451856][ T9865] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 372.628708][ T9865] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 372.657148][T10158] Bluetooth: hci0: Opcode 0x080f failed: -22 [ 372.692448][ T9865] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 373.085727][ T9865] 8021q: adding VLAN 0 to HW filter on device bond0 [ 373.128914][ T9865] 8021q: adding VLAN 0 to HW filter on device team0 [ 373.156031][ T928] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 373.196596][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 373.203818][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 373.220778][T10177] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 [ 373.234972][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 373.242167][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 373.253784][ T29] audit: type=1326 audit(1720374958.058:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10181 comm="syz.1.1081" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc2a5f75bd9 code=0x0 [ 373.381040][ T928] usb 1-1: Using ep0 maxpacket: 8 [ 373.447337][ T928] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 1536, setting to 1024 [ 373.478199][ T928] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 373.498376][ T928] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 373.527130][ T928] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 373.577103][ T928] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 373.606512][ T928] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 373.757719][ T9865] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 373.943934][ T928] usb 1-1: GET_CAPABILITIES returned 0 [ 373.953022][ T928] usbtmc 1-1:16.0: can't read capabilities [ 373.989871][ T9865] veth0_vlan: entered promiscuous mode [ 374.003744][ T9865] veth1_vlan: entered promiscuous mode [ 374.105527][ T9865] veth0_macvtap: entered promiscuous mode [ 374.158561][ T9865] veth1_macvtap: entered promiscuous mode [ 374.251239][ T9865] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 374.280942][ T9865] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 374.316812][ T9865] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 374.362938][ T9865] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 374.380906][ T9865] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 374.443514][ T9865] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 374.485067][ T9865] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 374.497022][ T9865] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 374.510630][ T9865] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 374.727752][ T5108] Bluetooth: hci0: command tx timeout [ 374.904952][ T9865] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 375.115402][ T9865] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 375.178674][ T9865] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 375.216156][ T9865] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 375.242304][ T9865] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 375.254516][ T9865] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 375.275351][ T9865] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 375.291847][ T9865] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 375.328547][ T9865] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 375.408369][ T9865] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 375.424518][ T9865] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 375.479565][ T9865] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 375.488759][ T9865] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 375.717123][ T1041] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 375.758043][ T1041] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 376.048978][T10239] Bluetooth: hci0: Opcode 0x080f failed: -22 [ 376.071364][ T1041] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 376.082118][ T5148] usb 1-1: USB disconnect, device number 23 [ 376.131825][ T1041] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 376.626959][ T29] audit: type=1326 audit(1720374961.428:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10255 comm="syz.4.1094" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd0b3575bd9 code=0x0 [ 378.087785][ T5108] Bluetooth: hci0: command tx timeout [ 378.169212][T10284] syz.1.1103 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 378.246946][ T25] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 378.336928][ T5148] usb 1-1: new high-speed USB device number 24 using dummy_hcd [ 378.483794][ T25] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 378.505255][ T25] usb 3-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 378.546201][ T25] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 378.554457][ T5148] usb 1-1: Using ep0 maxpacket: 8 [ 378.573973][ T5148] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 1536, setting to 1024 [ 378.596475][ T25] usb 3-1: config 0 descriptor?? [ 378.602212][ T5148] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 378.634869][ T5148] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 378.654996][ T5148] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 378.685436][ T5148] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 378.735662][ T5148] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 378.978063][ T1243] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.987491][ T1243] ieee802154 phy1 wpan1: encryption failed: -22 [ 378.997121][ T5148] usb 1-1: GET_CAPABILITIES returned 0 [ 379.006817][ T5148] usbtmc 1-1:16.0: can't read capabilities [ 379.094273][ T25] keytouch 0003:0926:3333.0002: fixing up Keytouch IEC report descriptor [ 379.102868][T10308] Bluetooth: hci0: Opcode 0x080f failed: -22 [ 379.135216][ T25] input: HID 0926:3333 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:0926:3333.0002/input/input20 [ 379.318724][ T25] keytouch 0003:0926:3333.0002: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.2-1/input0 [ 379.548313][ T25] usb 3-1: USB disconnect, device number 21 [ 379.748341][ T29] audit: type=1326 audit(1720374964.558:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10316 comm="syz.4.1110" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd0b3575bd9 code=0x0 [ 379.782771][T10295] loop3: detected capacity change from 0 to 40427 [ 379.789132][T10315] ip6gretap0 speed is unknown, defaulting to 1000 [ 380.001869][T10321] futex_wake_op: syz.1.1111 tries to shift op by 32; fix this program [ 380.101193][ T5099] usb 1-1: USB disconnect, device number 24 [ 381.027557][T10339] binder_alloc: 10330: binder_alloc_buf, no vma [ 381.122644][T10340] syz.1.1117[10340] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 381.122802][T10340] syz.1.1117[10340] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 381.139521][ T5108] Bluetooth: hci0: command tx timeout [ 381.252477][T10341] syz.1.1117[10341] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 381.252633][T10341] syz.1.1117[10341] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 381.816038][T10348] Bluetooth: hci0: Opcode 0x080f failed: -22 [ 381.877289][ T5099] usb 1-1: new high-speed USB device number 25 using dummy_hcd [ 382.072290][ T5099] usb 1-1: Using ep0 maxpacket: 8 [ 382.098669][ T5099] usb 1-1: unable to get BOS descriptor or descriptor too short [ 382.138051][ T5099] usb 1-1: unable to read config index 0 descriptor/start: -71 [ 382.155915][ T5099] usb 1-1: can't read configurations, error -71 [ 382.245450][T10355] loop1: detected capacity change from 0 to 1024 [ 382.725683][T10362] input: syz0 as /devices/virtual/input/input21 [ 382.917061][T10364] hfsplus: xattr search failed [ 383.506955][ T5145] usb 3-1: new high-speed USB device number 22 using dummy_hcd [ 383.710904][ T5145] usb 3-1: Using ep0 maxpacket: 8 [ 383.733120][ T5145] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 1536, setting to 1024 [ 383.760099][ T5145] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 383.794226][ T5145] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 383.834725][ T5145] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 383.846904][ T5108] Bluetooth: hci0: command tx timeout [ 383.866784][ T5145] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 383.905604][ T5145] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 383.976820][ T25] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 384.181839][ T25] usb 5-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36 [ 384.204395][ T25] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 384.232492][ T25] usb 5-1: Product: syz [ 384.261297][ T25] usb 5-1: Manufacturer: syz [ 384.265926][ T25] usb 5-1: SerialNumber: syz [ 384.316798][ T5145] usb 3-1: GET_CAPABILITIES returned 0 [ 384.317591][ T25] usb 5-1: config 0 descriptor?? [ 384.331481][ T5145] usbtmc 3-1:16.0: can't read capabilities [ 384.365348][ T25] ch341 5-1:0.0: ch341-uart converter detected [ 384.437851][T10389] Bluetooth: hci0: Opcode 0x080f failed: -22 [ 385.537833][ T25] usb 5-1: failed to receive control message: -110 [ 385.566851][ T25] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -110 [ 386.471204][ T928] usb 3-1: USB disconnect, device number 22 [ 386.486835][ T5108] Bluetooth: hci0: command tx timeout [ 386.559721][T10405] loop3: detected capacity change from 0 to 128 [ 386.644635][T10405] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 386.767300][ T5145] usb 1-1: new high-speed USB device number 27 using dummy_hcd [ 386.772343][ T29] audit: type=1326 audit(1720374971.558:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10406 comm="syz.2.1138" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fecedd75bd9 code=0x0 [ 386.829297][T10405] ext4 filesystem being mounted at /229/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 386.867438][ T25] usb 5-1: USB disconnect, device number 23 [ 386.896933][ T25] ch341 5-1:0.0: device disconnected [ 386.967435][ T5145] usb 1-1: Using ep0 maxpacket: 8 [ 387.000963][ T5094] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 387.029838][ T5145] usb 1-1: unable to get BOS descriptor or descriptor too short [ 387.073964][ T5145] usb 1-1: unable to read config index 0 descriptor/start: -71 [ 387.097202][ T5145] usb 1-1: can't read configurations, error -71 [ 388.416113][T10435] netlink: 80 bytes leftover after parsing attributes in process `syz.3.1144'. [ 388.557219][T10437] Oops: stack segment: 0000 [#1] PREEMPT SMP KASAN PTI [ 388.557238][T10437] CPU: 1 UID: 0 PID: 10437 Comm: syz.0.1146 Not tainted 6.10.0-rc6-next-20240703-syzkaller #0 [ 388.557251][T10437] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 388.557257][T10437] RIP: 0010:bpf_xdp_redirect+0x59/0x1a0 [ 388.557277][T10437] Code: 81 c3 00 18 00 00 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 b5 18 90 f8 48 8b 1b 4c 8d 63 38 4c 89 e5 48 c1 ed 03 <42> 0f b6 44 2d 00 84 c0 0f 85 d0 00 00 00 45 8b 34 24 44 89 f6 83 [ 388.557286][T10437] RSP: 0018:ffffc9000928f6e8 EFLAGS: 00010202 [ 388.557296][T10437] RAX: 1ffff1100fb396c0 RBX: 0000000000000000 RCX: 0000000000040000 [ 388.557304][T10437] RDX: ffffc9001356b000 RSI: 000000000000092a RDI: 000000000000092b [ 388.557311][T10437] RBP: 0000000000000007 R08: ffffffff8faf7a6f R09: 1ffffffff1f5ef4d [ 388.557318][T10437] R10: dffffc0000000000 R11: fffffbfff1f5ef4e R12: 0000000000000038 [ 388.557325][T10437] R13: dffffc0000000000 R14: 1ffff92001251f21 R15: 0000000000000000 [ 388.557332][T10437] FS: 00007f5ffc50b6c0(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000 [ 388.557342][T10437] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 388.557348][T10437] CR2: 0000000020005000 CR3: 000000001f0c0000 CR4: 00000000003506f0 [ 388.557357][T10437] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 388.557364][T10437] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 388.557371][T10437] Call Trace: [ 388.557375][T10437] [ 388.557380][T10437] ? __die_body+0x88/0xe0 [ 388.557395][T10437] ? die+0xcf/0x110 [ 388.557408][T10437] ? do_trap+0x15a/0x3a0 [ 388.557421][T10437] ? do_error_trap+0x1dc/0x2c0 [ 388.557434][T10437] ? __pfx_do_error_trap+0x10/0x10 [ 388.557446][T10437] ? __pfx_lock_release+0x10/0x10 [ 388.557460][T10437] ? rcu_is_watching+0x15/0xb0 [ 388.557475][T10437] ? exc_stack_segment+0x38/0x50 [ 388.557486][T10437] ? asm_exc_stack_segment+0x26/0x30 [ 388.557500][T10437] ? bpf_xdp_redirect+0x59/0x1a0 [ 388.557513][T10437] ? bpf_xdp_redirect+0x25/0x1a0 [ 388.557527][T10437] bpf_prog_667628423f708291+0x51/0x80 [ 388.557536][T10437] bpf_prog_run_generic_xdp+0x679/0x14c0 [ 388.557557][T10437] do_xdp_generic+0x673/0xb90 [ 388.557570][T10437] ? __pfx_do_xdp_generic+0x10/0x10 [ 388.557582][T10437] ? tun_get_user+0x26c8/0x4560 [ 388.557595][T10437] ? tun_get_user+0x26c8/0x4560 [ 388.557605][T10437] tun_get_user+0x2805/0x4560 [ 388.557619][T10437] ? __pfx_tun_get_user+0x10/0x10 [ 388.557630][T10437] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 388.557640][T10437] ? tun_get+0x1e/0x2f0 [ 388.557653][T10437] ? tun_get+0x1e/0x2f0 [ 388.557662][T10437] ? tun_get+0x27d/0x2f0 [ 388.557671][T10437] tun_chr_write_iter+0x113/0x1f0 [ 388.557682][T10437] vfs_write+0xa72/0xc90 [ 388.557692][T10437] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 388.557702][T10437] ? __pfx_vfs_write+0x10/0x10 [ 388.557710][T10437] ? do_futex+0x392/0x560 [ 388.557727][T10437] ksys_write+0x1a0/0x2c0 [ 388.557737][T10437] ? __pfx_ksys_write+0x10/0x10 [ 388.557746][T10437] ? do_syscall_64+0x100/0x230 [ 388.557764][T10437] ? do_syscall_64+0xb6/0x230 [ 388.557773][T10437] do_syscall_64+0xf3/0x230 [ 388.557782][T10437] ? clear_bhb_loop+0x35/0x90 [ 388.557794][T10437] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 388.557811][T10437] RIP: 0033:0x7f5ffb77475f [ 388.557819][T10437] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 29 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 7c 8c 02 00 48 [ 388.557828][T10437] RSP: 002b:00007f5ffc50b010 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 388.557839][T10437] RAX: ffffffffffffffda RBX: 00007f5ffb903f60 RCX: 00007f5ffb77475f [ 388.557847][T10437] RDX: 00000000000010d3 RSI: 0000000020004000 RDI: 00000000000000c8 [ 388.557853][T10437] RBP: 00007f5ffb7e4aa1 R08: 0000000000000000 R09: 0000000000000000 [ 388.557860][T10437] R10: 00000000000010d3 R11: 0000000000000293 R12: 0000000000000000 [ 388.557866][T10437] R13: 000000000000000b R14: 00007f5ffb903f60 R15: 00007ffceb77ea08 [ 388.557877][T10437] [ 388.557881][T10437] Modules linked in: [ 388.557889][T10437] ---[ end trace 0000000000000000 ]--- [ 388.953375][T10437] RIP: 0010:bpf_xdp_redirect+0x59/0x1a0 [ 388.958928][T10437] Code: 81 c3 00 18 00 00 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 b5 18 90 f8 48 8b 1b 4c 8d 63 38 4c 89 e5 48 c1 ed 03 <42> 0f b6 44 2d 00 84 c0 0f 85 d0 00 00 00 45 8b 34 24 44 89 f6 83 [ 388.978615][T10437] RSP: 0018:ffffc9000928f6e8 EFLAGS: 00010202 [ 388.984664][T10437] RAX: 1ffff1100fb396c0 RBX: 0000000000000000 RCX: 0000000000040000 [ 388.992631][T10437] RDX: ffffc9001356b000 RSI: 000000000000092a RDI: 000000000000092b [ 389.000601][T10437] RBP: 0000000000000007 R08: ffffffff8faf7a6f R09: 1ffffffff1f5ef4d [ 389.008566][T10437] R10: dffffc0000000000 R11: fffffbfff1f5ef4e R12: 0000000000000038 [ 389.016554][T10437] R13: dffffc0000000000 R14: 1ffff92001251f21 R15: 0000000000000000 [ 389.024522][T10437] FS: 00007f5ffc50b6c0(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000 [ 389.033537][T10437] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 389.040117][T10437] CR2: 0000000020005000 CR3: 000000001f0c0000 CR4: 00000000003506f0 [ 389.048087][T10437] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 389.056036][T10437] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 389.064040][T10437] Kernel panic - not syncing: Fatal exception in interrupt [ 389.071509][T10437] Kernel Offset: disabled [ 389.075822][T10437] Rebooting in 86400 seconds..