last executing test programs: 3.26670048s ago: executing program 2 (id=700): openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) pipe(&(0x7f00000001c0)) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000940)={0xffffffffffffffff}) pipe(&(0x7f0000000380)) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) write(r0, 0x0, 0x0) 2.714289509s ago: executing program 3 (id=705): syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0xc000, &(0x7f0000000380), 0x2, 0x24d, &(0x7f0000000440)="$eJzs3T9oJFUcB/DvzO4ac7fIqY0g/gER0UA4O8HmbBQO5DhEBBVORGyUixAT7LJWNhZaq6SyCWJntJQ0wUYRrKKmiI2gwcJgocXK7iQSNytqNtk5Mp8PTGYm89783rDzfbvN7AZorAtJLiVpJZlL0klSHG5wb7Vc2N9dnd28lvT7T/1SDNtV+5WDfueT9JI8kmSjLPJKO1lef27nt60nHnh7qXP/h+vPzk71Ivft7mw/uffBlbc+ufzw8lff/HSlyKV0/3ZdJ68Y8792kdx2GsVuEEW77hHwX1x94+NvB7m/Pcl9w/x3UqZ68d5ZvGmjk4fe/6e+7/789Z3THCtw8vr9zuA9sNcHGqdM0k1Rzieptstyfr76DP9d61z56sLi63MvLyxdf6numQo4Kd1k+/HPZj49P5L/H1tV/oGza5D/p6+ufT/Y3muNHOzP1DMo4HTdVa0G+Z97YeXBjMs/cKbJPzSX/ENzyT80l/xDc8k/NJf8wxnWOdjojT0s/9Bc8g/NJf/QXIfzDwA0S3+m7ieQgbrUPf8AAAAAAAAAAAAAAAAAAABHrc5uXjtYplXzi/eS3ceStMfVbw1/jzi5efj33K/FoNlfiqrbRJ6/Z8ITTOijmp++vuWHeut/eXe99VeuJ703k1xst4/ef8X+/Xd8t/7L8c6LExb4n4qR/UefmW79UX+s1Vv/8lby+WD+uThu/ilzx3A9fv7pHv6K5WN67fcJTwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDU/BkAAP//d4lu0g==") mkdir(&(0x7f00000020c0)='./file0\x00', 0x0) r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r0, 0x800c6613, &(0x7f0000000140)=@v1={0x0, @aes128, 0x0, @desc3}) chdir(&(0x7f0000000000)='./file0\x00') creat(&(0x7f0000000e00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) 2.396995493s ago: executing program 3 (id=707): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000040)="440f20c0350c000000440f22c00f01f80f01b88113f6d164400f210966470f2115b9800000c00f32350008000067640f01c9c4a1c5594cf6280f2186c4a15de1ec66b818000f00d0", 0x48}], 0x1, 0x4f, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2.314102055s ago: executing program 2 (id=709): setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0) r0 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) ioctl$SIOCGSTAMPNS(r0, 0x8907, 0x0) r1 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) sendmsg$802154_raw(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)="711f664eb50cd5279c17da770c65", 0xe}, 0x1, 0x0, 0x0, 0x8885}, 0x24044054) recvmmsg(r0, &(0x7f0000000000)=[{{0x0, 0x0, 0x0}}], 0x1, 0x120, 0x0) 2.111959168s ago: executing program 2 (id=711): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], 0x0, 0x4, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000181100"/20, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000208500000004"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r0}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x3, &(0x7f0000000000)=@framed, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 1.96179169s ago: executing program 2 (id=712): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) syz_open_dev$MSR(&(0x7f0000000280), 0xa, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_type(r0, &(0x7f00000001c0), 0x2, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) write$cgroup_type(r1, &(0x7f0000000280), 0x9) 1.893687271s ago: executing program 1 (id=713): r0 = socket(0x40000000015, 0x5, 0x0) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$SO_RDS_TRANSPORT(r0, 0x114, 0x8, &(0x7f00000008c0)=0x2, 0x4) bind$inet(r0, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57) sendmsg$xdp(r0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0) ioctl$SIOCPNGETOBJECT(r0, 0x89e0, &(0x7f0000000280)=0x7fff) 1.831717672s ago: executing program 2 (id=714): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18060000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f0000000080)='sys_enter\x00', r0}, 0x10) creat(&(0x7f00000000c0)='./file0\x00', 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000008da4b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1, 0x0, 0x4}, 0x18) statfs(&(0x7f00000001c0)='./file0\x00', 0x0) 1.779119833s ago: executing program 3 (id=715): r0 = syz_io_uring_setup(0xd2, &(0x7f0000000480)={0x0, 0x6299, 0x80, 0x0, 0x334}, &(0x7f00000002c0)=0x0, &(0x7f0000000080)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000000200)=[{0x30, 0x0, 0x0, 0x4}]}, 0x10) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_MADVISE={0x19, 0x7b, 0x0, 0x0, 0x0, &(0x7f0000011000/0x4000)=nil, 0x4000, 0xc}) io_uring_enter(r0, 0x47bc, 0x0, 0x0, 0x0, 0x0) 1.712147374s ago: executing program 1 (id=717): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYBLOB="340000001c00070cfffffffffddbdf2507000000", @ANYRES32=r1, @ANYBLOB="0200640b0a000200aaaaaaaaaabb00000c000e80"], 0x34}, 0x1, 0x0, 0x0, 0x40000}, 0x0) r2 = socket(0x10, 0x3, 0x0) sendmsg$TIPC_NL_LINK_SET(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000002b00)=ANY=[], 0x50}}, 0x40008014) sendmmsg(r2, &(0x7f0000000000), 0x4000000000001f2, 0x0) 1.541427927s ago: executing program 1 (id=719): syz_open_dev$admmidi(&(0x7f0000000140), 0x20, 0x0) r0 = syz_io_uring_setup(0x186, &(0x7f0000000080)={0x0, 0x341a, 0x13100, 0x0, 0xfffffffd}, &(0x7f0000000180)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') io_uring_enter(r0, 0x2def, 0x0, 0x0, 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0x1e4011, 0x0) 1.532956537s ago: executing program 2 (id=720): syz_mount_image$ocfs2(&(0x7f00000026c0), &(0x7f0000004780)='./file0\x00', 0x200000, &(0x7f0000000340)=ANY=[@ANYBLOB="6a6f75726e616c5f6173796e635f636f6d6d69742c636f686572656e63793d66756c6c2c6572726f72733d636f6e74696e75652c6865617274626561743d6e6f6e652c6572726f72733d636f6e74696e75652c6e6f696e74722c67727071756f74612c001796fa694353e3807803df5ea6fd4d6e6a2613d336eb62b863dcd89e37b45f8bd04199a14c48b3e553e035ab300ba3c60c27682a8ab5656969d829535c0862f6e3a35f15fe4d50c0d5c74631344625d6224c436474bb101ff47a14c51e342ca291c09c35d9d31b06b6b86cb9dccae387b5f1e7c5e1d445d52845a3fa4c77234ea9d37c8a277c85e69a85cc6ffeb225bebbca91b569b80ee303c9a21c58db5d96fb87f1713e0e9b896e37becae2e7a978259a0847e9fb08dcb8b9f84f616463da2507db1b3489769e99"], 0x1, 0x4703, &(0x7f0000004800)="$eJzs212IXFcBB/BzZ1ezmybb/UibpOnHJBFctCybPlXrQ1yrNpo2H9pWU2Wd3Ww3q7M76+6MFgxSgyAKghIEFT+oCqUvtSAG+lKLUPADaRVKRdH6IlKogg8GbaArM3Nvdu6d2d7JTtLS9veDdvaee8+5Z/a/99w590wKseqphdXiwmqxtFSszN6/ekvxc5VybXEuFF4lr/X56c6VyEn2r50j7/vAR+65JYQ/HPvah9bW1tZC3XDo6EDLz+f/fXq29TVRyNSpt9u5taY/1h556edveaUj8pwIIexo61ddXwjhY78IYUsIYSQuG41fB0MI20IIUQjh0d/868cDvXShxdl7X3ju2JnD+85MPf7YMxfmj254YBTCd8u7b55ffHF/323Pv+MynR4AAF7RB48fufvo5IHwZBSGzvW3f17fGb8mn4/vfNun7nq4f33/Gt3pexVDBQAAgIz1+f9w9HKH9bpkZS1ZEnzigRN3PxWt7zexfX07dNeR298/eSBe/43a9t8aF/3zvX2NNdTsum92/XckU7/z+u/6eR7+6rO/XHrr5vuf9C8573CIChOp7UJhYiKEY1PN7V3R1kK5slp95/2V2tLJzZ/3jSKdf3b1fn1Bv9v8RzPV89b/d3/i8z8b7O/lHYyF7F9tfbvY/qdMB+n8Nx7Lf/KlqKv8xzL18vK/4+nt53+1pZd3kD0jlyKdf/NC3Nd6QLE5ANTz/2Z/fv47Mu3n5f/9qXOPntjE93/q48xwVO/rQGoEeDku3+ArTGSk828GkRo641/kRtf//zL5X5NpPy//Oyv/+N3ferj/bzT+j0/10uabRzr/ZhDF1BHr1/9IIf/6vzbTfl7+vz3152c/2dO9uj3/ev/H3f+7ks4/vhGnB8/Gb7Lb8X9npv28/HeN3ffQwib6/eHBuJ9DURhr+dbpufotbGh9vboxpanvXt7ESd4E0vk3f2upS2eo+dK4/ofzx/9dmfbz8n9oz9ffc7qn7/92Hv8njf9dSec/2Ci7lPxfyuS/O9N+Xv4/PP33v9x3mcf/+vZB+Xclnf/Wtv3rz38KXc3/rsvUz3v+s2/0qUf+2sP8P+lfct7k+U/yHGI8aj7/obN0/ldteFy39/89mXp51/+3/vP80/t7Gf+jAU8AepDOf1uzsMMEsNv8r8+0n5f/F+758sf/tIn5X+MT30CSf8v8f0uz/Kjxvyvp/Lc3C1P/GOrBxv8b9/+oPff/ZvK/IdN+Xv4XDk30f+Uy3//r/R/v8Cibdun8hzY8rp7/77u4/9+YqZeX/xf3/vTFm3v6/B/CpLn+pqXzv3rD4xrX/0B+/jdl6uXl/51v/PqJB3vo/9t7qEs2/+a9PnU5xZ/Nu53/FzPt5+X/o/HzZ/dfgfnfre7/XUnn31w1v5T8s/P/vZn28/L/3pEfrPRfgec/d8gfAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgU0bj1+EQFSZS24XCxEQIY/H2rrA1mimdnJ4pV2Y/sxrCjri8GEaj+XJlplSeXliqnJybLpXLldkQron37wgD0Wq5Up1eLC1fe7GtwejUXGmlOjNXqoYQdsbl14ftSVszC9XF0nLj2KTOVVHps7VKtTRRW51bCbsvlm9LyudXKrXl6y62dXWhsrJ8qrQ0fXJh5d2Tk5OTYc/FPo9Ecw9U55aqzd4299brJHWHo5Y309h9Q8v5Pl2prSyVyo3yG1vqlCuzpXJLnZtazlddqS3Nlqpz0+XKfHK+YkvdlvfW2L033jceRlLvL6mbdTB+vf3Q8Y8eP3ygbX8xSue9VFucm9ze+W8CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgDeuJ29717dDCH3NrUII4WDyQxT/l3L23heeO3bm8L4zU48/9syF+aOdjgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg/+zAgQAAAAAAkP9rI1RVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVh535equjiOACfGd/7WiCltBFyGRgiojsJC/pFJJXXyJZtWge1SsigKDCMaFkQBEHtooKgVVD5F0QtXLaqNrVoYRBBxehMXu4IN7zQMed5YDgzzL1nvjBw78z5HA4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMD6cXbHYlfWXtq1eWnr7g+hMz/3fwhhNFne/7y3I/SEEL5+mTkdVmkLPU39v5mcGy9fNfm9t3/84fXRZO31F98trtsdknSo4XhnkqZDQ2vvf6O6M/hsejAJIY1dCFEsjD05UwshdMQuhCh+fpy/mP2+/xe7EKLo/3C3K7v/tdiFEMXW3Z/6avkzHtVzvn5hsPG/v9UjeBuP6KxDb09eeZe6qZX3Mn//T/LN+2A1zJ448v557CKIZnZu6mjsGgAAgL/rXIv8P2xZ3r9/OQk93eXc/1tT/t/b1P/q+f+Ke9tvjM20FUJsK41NZsfD+9rpc+M7NXD19uua8Z6qkv9Xm/y/2uT/1Sb/rzb5f7XJ/8m8kv9X0uObexZfxC6CaOT/AABQPYeOT0zVh0eyl/9NPzrLeX1f3tbzPP3BremBRw3jRvLDf9vhYxMHDg6P5Pe9PCC4sv5DunT2ez7fo7ktTDbNu2i1/kPv04X5a53lT9T/cP5GUV9xXes/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC/2J17GgbBKAyj321F1EarogkLPwk+0MCIAKQwowEdTBiAgRBQwEDOWe5NnuUFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnu9f5XXx/aUx0muNSFPZZdf+OZ5mP3PfDsv77HHjVgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANjYgQMZAAAAAGH+1nm0HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgKcCAAD//wTsyzo=") open(0x0, 0x64042, 0x169) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.stat\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) ftruncate(r0, 0xc17a) openat(0xffffffffffffff9c, &(0x7f0000000300)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x68042, 0xe) 1.525196737s ago: executing program 3 (id=721): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x38, &(0x7f0000000000)=0x7ffd, 0x4) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) setsockopt$inet6_IPV6_DSTOPTS(r0, 0x29, 0x3b, &(0x7f0000000080)=ANY=[], 0x8) recvmmsg(r0, &(0x7f0000000040), 0x400000000000284, 0x2, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x20000000, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) 1.398677239s ago: executing program 0 (id=722): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="480000001400e998692f7000fddbdf25020800cb", @ANYRES32=r2, @ANYBLOB="08000a0004000000080008004803000008000900b5fdffff08000200ffffffff"], 0x48}, 0x1, 0x0, 0x0, 0x4010}, 0x90) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[], 0x70}, 0x1, 0x0, 0x0, 0x4000}, 0x0) getsockopt$IP_VS_SO_GET_INFO(r0, 0x0, 0x481, &(0x7f0000000100), &(0x7f0000000180)=0xc) 1.32320601s ago: executing program 3 (id=723): r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000100)=0x80000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000140)={@hyper}) ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r0, 0x7a8, &(0x7f00000001c0)={{@host}, @host, 0x0, 0x2000000, 0x2449, 0xfffffffffffffffd}) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f00000000c0)=0xb0000) ioctl$IOCTL_VMCI_QUEUEPAIR_SETVA(r0, 0x7a4, &(0x7f0000000380)={{@host}, 0x8199, 0x800000000000000, 0x1}) 1.239139221s ago: executing program 1 (id=724): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(aes-aesni)\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) sendmmsg$inet6(r1, &(0x7f0000003b80)=[{{0x0, 0xd, &(0x7f00000003c0)=[{&(0x7f00000000c0)="e6", 0x2}], 0x1}, 0xff03}, {{0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000000440)='&', 0x23fff}], 0x7d}}], 0x4000070, 0x8000) syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), r1) 1.112916413s ago: executing program 0 (id=725): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cgroup.stat\x00', 0x26e1, 0x0) r1 = socket$kcm(0x2, 0x200000000000001, 0x0) sendmsg$inet(r1, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @local}, 0x10, 0x0}, 0x30004081) setsockopt$sock_attach_bpf(r1, 0x1, 0x3e, &(0x7f0000000500)=r0, 0x4) sendmsg$kcm(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000015c0)=[{&(0x7f0000000180)='2', 0x1}], 0x1}, 0x4040810) close(r1) 1.086481123s ago: executing program 3 (id=726): syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000040)='./file1\x00', 0x8c0, &(0x7f0000000680)=ANY=[@ANYBLOB="61636c2c6865617274626561743d6e6f6e652c6e6f757365725f78617474722c636f686572656e63793d66756c6c2c646174613d77726974656261636b2c6c6f63616c616c6c6f633d30303030303030303030303030303030303030312c61636c2c6e6f61636c2c6c6f63616c616c6c6f633d30303030303030303030303030303030303030302c00a89f6b8d5800aa954e6c8735dcd52921ce08462fb4ce7c1600883251443ac332f4d17b77d29867e4321610936dbc5963e9fb59a032c92e32ebffc3b739951e866d52bff6bd63136a656222062a8eea0cf97480bc8ac6c0e8a2aa38ffa8fa758cd54b9ef39a7f536d7b85173a83c34d78e210ecf4d040817bbe989e9eb015acb84bb90577b8b405a48292eeca69f5275cb7b7027d4bf643bd69b034c0221a30"], 0x1, 0x442d, &(0x7f0000004480)="$eJzs3c9PHGUfAPBnBvoW+rZ9oW8PfZM3cRObaNQQ6EmliZTSUmixptrGeNkusG3RhW1gMR56wFsTTyYejIdGE2+cGg5e65/gxWM9N9GDFxOTRszuzgIz7IaVsGDr53NgmOc3fGeefeYw+8SJyp25pdzcUq6wkCvP3Fo6k/u4XFqeL4Z4nzTt/9D+9U97OnGdHPS190929fzFd2+cCeH72R+frK+vr4eq7tDU0Jbff/v13szWY0OcqVNtt3lre+WDEMLJbeOq6gohvP9dCFEI4VySNpoce0MIx0I978a9z27m9mg0Dx8Xz+afTt1fGz49ufpgrfXfHoXwVel/r92e//nFruGfXtmj7gEAAAAAAAAAAAAAAAAAeMaNX7t6/Z3BofAoCt2r0fb3dceTY6v3Y9f3zAsh9HX+7wUAAAAAAAAAAAAAAAAAAIC/o833/3PRiSbv/48lx5EW9dff6vwY6ZyJt6+OXRgcSvZ/j7blv54k/XKuK/Q32fc9u//7uUz95vu/b+9ntxrja/TbF6J4IHUexwMDIXyTbPx+KjoSl8pLlVdvlZcXZvdsGM+sdPzru/enopNs6N9u/Ecz7Xd+////bruaquc39+4Se66l49/Vsty3n0Ztxf98pt5+xJ/dS8e/u5bWu7XASH0CqMb/8+6d4z+Wab9T8T8eQshF1bHmUjNAdQ1TTW+1XiEtHf9DtbTU1Jn8I1vd/79n4n8h0/5Bzf8r2Q8imkrH/1+1tJ5Uic37vz/e+f6/mGn/IOJfHf+Kz/+2pON/uJ7YnSpS+0+2O/+PZ9rvVPyvx8k4j0epK2A1qqe3+r460tLx79mWv/n8F7e1/ruUqb9fz3+NfhvPf43p/+Wo/vxHc+n497Ys1+79P5Gp1+n5f6S2/mO30vE/UktLr53rX8rZbvwnM+13Kv61VUlPI/6b88kfh+vpX1v/tSUd/3/XE+OtJVZqP2vrv2jn9f/lTPsHsf6rjn8l7myvz4t0/I+2LFeN/w9tfP5fydTrfPxDGLTW37V0/I+1LFe7/3t2jv9Upl6n4/9SJxsHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeAaMJse+EMUDqfM4HhgI4XxyfiociaYLs/npUnnmo6UQxpL0XDgR3S6Vpwul/NxCebaYL5RK5ZkQLiT5J0NPtFQqV/LzhbsXN9rqje4UC4uV6WKhEkIYT9L/H4412pqeq8wX7oYQLm3k/ScuL969U1jIz84tvjk4ODgYJjbG0B8VP6kUFyr13uu5IUxu1O2Ltgyuln15YyxHow/Ly4sLhVIt/cqWOqXyTKG0pc5UkvdF6I8qi8sLM4VKMV8q3270d5BGkuPYxLX3rl0Z2pZ/M6ofR/d3WAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD8RY+G3/gyhNBdP4tDCCONX6Jm5R8+Lp7NP526vzZ8enL1wdqTVuUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgT3bgQAAAAAAAyP+1EaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwS8coDQRRGIDfjIXaeQyrZbezXVFEC1cET6DH8DB6FC/hHVKkSJsiBJJZCJtd2Capvq95MD8z78E8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYJ6n9+7jrW4iUlxtLiP+vv4Xh/lLqT/34/cvzjAjp/P82j081k3593SU35WjZZt36Xr1/Rkjtfc72JPhPu31fa4n55rat6n5+r43kXIVEW3Jb1POVTXvLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAtO3AgAAAAAADk/9oIVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVdiBYwEAAAAAYf7WUfRtAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPwKAAD//+UFHyA=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./bus\x00', 0x40942, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.usage_percpu\x00', 0x275a, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000200), 0xfea7) copy_file_range(r1, &(0x7f00000001c0)=0x2000, r0, 0x0, 0xffffffffa003e45c, 0x700000000000000) 962.177525ms ago: executing program 1 (id=727): unshare(0x26000400) r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000080)=[{&(0x7f00000004c0)='|', 0x1}], 0x1, 0x0) 888.983777ms ago: executing program 0 (id=728): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'geneve0\x00', 0x0}) splice(r0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)=0x6, 0x1, 0x0) sendto$packet(r0, &(0x7f0000000180)="0b03f6ff78ff64000200475400f6a13bb1000000080086dd4803", 0x100a6, 0x0, &(0x7f0000000140)={0x11, 0x88a8, r2}, 0x14) 783.151928ms ago: executing program 0 (id=729): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10) r1 = getpid() capset(&(0x7f0000000080)={0x20080522}, &(0x7f00000000c0)={0x200000, 0x200000, 0x28}) r2 = syz_pidfd_open(r1, 0x0) setns(r2, 0x24020000) 590.625571ms ago: executing program 0 (id=730): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendmmsg$inet(r0, &(0x7f0000001700)=[{{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f00000009c0)='8', 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000001d80)="4706970663f3f7af2db76191c83b9772d01298d0b00b30289f75ca24f322329072a6416c040a3e89b911cd7e224d42326a8c9b61b1190e375e83fa97c359b052a4b59a0f7ac9003c32a19b479dae807378b4a550e6e2d92d4d6657dceb710ef001a08b5071f7cfe2e7ff11257d6aae2ab3f48a753208eae0339c9f648306b4e8ab5bfcec01e4b05d08a0d453b12c1849a234f4599d6374b909cd37a73a6d3f9afe51d22ef4df5f7ce6ed8588c819c9ed0c300e7f930825badf01e6da952c440e3991d99134cd6348357fa39790c9c607205e89924d642c64d4fe2b60746234f3392637a257a43615f0838702d772d641a3f9e0860f7b59c87838e837f051a8144a54d3a6eb8fc225d95f173ff470dd6d3185b2c32699e535b3fdc76dcdb1f45404448e0afed0ff6ddb55f3c3fe55960ec690a78d437bd5556bda115667061622923ec3f9e71ec3e531961c988e0b5a78d900834a11612bdf93a140e2afdf23c80644550f76d0e8218ca0e755dff4a0885b25bad7540a18a9d93612aca74cde840c2a53ae4eb3217327b8e9802cd70cbc5bcc0ecca20a2557fc8ec6664b7e1c53e265a1bfb4b9557eff5342b0ab8b8faa21aea953525fd021b7d16c9d46ad5427db9e78c38a11922add7ad9033887179ad68b933820deb794b9d3a19326d4aacb8d0404e25dd6b4bcfe69af5ae97a8c195cac87c723378daf1e8393dd3288feddd074d5f9ec5ac7d526406ba34ef57aaec2660a2a365a2ce00a80cb317086f5674d25d37cc5397b8e81206a738dea8b5079c92fe97966bb5094b4b41823856aa284816a8213ded79f33e3dc98df9fa9b8a89f77ecabf360f8ba21a2943f7183a17e7106e73d09115997f532081e4751f3da9e14051ba6f8889657c4db781185122f9d91bfe29394d1baa7b535faea7f4910a78b05c75dea7ff6224facdadc29b071f6dc8995a24758f997d56414cbf1950888b688a28de7a2e457302e22ba7c904badfe1b4b2141b721c8f7ea07f4d8071b6613abcb74f2c5c67cde5d0aec70c3f5d277951cd13bc0358e2653c03f1e4c00825ea246d18fbd893611eac729158a6a2fdb7ca682b3739da30c5cf7fc760a0ddef368011115a7d70d1a01cf9203b33f9cf83ff79aa2625fad175cfa368d15c5d6b720e0f29d4f8dad80dfd6c1ddc577b06b878daf7bacd31bb68c8bfac70d9b650879fe6ca650d81c1acde987b3f30c7c45627b6d183958d16096041cdeb52630342c80223ec4575e62ffba129b563868a913d51a14d4dd891bc2300e204ba3d62ad53bb7e8ffacccfe1c3b100c1187d4a173248a431c1613badeb7345503b0f441edeac181dbf9397a85433893f7d95d972d588bae7442ccac0f23c243d8b50684532663cb1aee33759e37e679e4326f14625eece81a7eb0fd0b3416a8cc90039e199f4228374efbf471d1dd9201b2a141135c9b508f11cce6bc7656d4363914832ddb77a46a450941530a4b2351a986a27e7a933bf221b0115289e72cd93fd2d5181dae2e5c3501413e31a5021a1acab914f795ae9cb93d07695962db3a72ff778fbe1b5f9a3067f9e91589d79882705ef4d4c542cd9043bf68c26435765a16a67cbda84e23b92403d11cfa832cdafaadf966fbb1c0e5c1d2f0e94563141f67522279916ba98892a13f479bb0a5cc0d593db312561ce28864ddbbe4c8b5b0ffc04c668483fd3db8a7fa4f3bd5d475b7db7ef7fc1a18d02b4298cc952b6e96ee62b2d4511345cb06a72520a8d5727547c667e6ba3486c2a3686f88b72f8a8cbe75dcc0496cde3ccd5cd7e75ec619c36c8d34bc", 0x505}], 0x1}}], 0x2, 0x0) 416.916414ms ago: executing program 0 (id=731): syz_usb_connect(0x3, 0x36, 0x0, 0x0) r0 = syz_io_uring_setup(0x10e, &(0x7f0000000140)={0x0, 0x334e, 0x10, 0x3, 0x801}, &(0x7f00000003c0)=0x0, &(0x7f0000000300)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, &(0x7f0000000040)='./file0/file0\x00', 0x60, 0x185100}) openat$vimc1(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) io_uring_enter(r0, 0x7277, 0x0, 0x0, 0x0, 0x0) 0s ago: executing program 1 (id=732): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001480), 0x42002, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x20000023896) ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.37' (ED25519) to the list of known hosts. [ 81.733318][ T5760] cgroup: Unknown subsys name 'net' [ 81.877026][ T5760] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 83.598307][ T5760] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 85.669082][ T5774] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 85.671418][ T5776] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 85.686055][ T5776] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 85.686055][ T5774] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 85.689375][ T5776] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 85.709184][ T5781] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 85.710970][ T5776] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 85.726530][ T5781] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 85.734191][ T5776] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 85.743537][ T5781] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 85.753739][ T5781] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 85.761229][ T5776] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 85.768728][ T5781] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 85.773348][ T5783] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 85.777048][ T5781] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 85.784631][ T5783] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 85.791901][ T5776] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 85.798091][ T5783] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 85.804885][ T5781] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 85.819199][ T5776] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 85.820182][ T5783] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 85.826758][ T5776] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 85.835296][ T5783] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 85.849761][ T5786] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 86.439580][ T5771] chnl_net:caif_netlink_parms(): no params data found [ 86.557183][ T5777] chnl_net:caif_netlink_parms(): no params data found [ 86.586747][ T5780] chnl_net:caif_netlink_parms(): no params data found [ 86.638050][ T5770] chnl_net:caif_netlink_parms(): no params data found [ 86.666004][ T5771] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.673266][ T5771] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.680889][ T5771] bridge_slave_0: entered allmulticast mode [ 86.688535][ T5771] bridge_slave_0: entered promiscuous mode [ 86.698714][ T5771] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.706897][ T5771] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.714688][ T5771] bridge_slave_1: entered allmulticast mode [ 86.722537][ T5771] bridge_slave_1: entered promiscuous mode [ 86.847711][ T5771] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.893868][ T5771] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 86.997538][ T5780] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.005652][ T5780] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.014815][ T5780] bridge_slave_0: entered allmulticast mode [ 87.023558][ T5780] bridge_slave_0: entered promiscuous mode [ 87.032157][ T5777] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.040675][ T5777] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.048845][ T5777] bridge_slave_0: entered allmulticast mode [ 87.056635][ T5777] bridge_slave_0: entered promiscuous mode [ 87.086073][ T5771] team0: Port device team_slave_0 added [ 87.094328][ T5780] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.102225][ T5780] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.110049][ T5780] bridge_slave_1: entered allmulticast mode [ 87.119343][ T5780] bridge_slave_1: entered promiscuous mode [ 87.157775][ T5777] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.165489][ T5777] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.173362][ T5777] bridge_slave_1: entered allmulticast mode [ 87.186839][ T5777] bridge_slave_1: entered promiscuous mode [ 87.218321][ T5770] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.231219][ T5770] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.239389][ T5770] bridge_slave_0: entered allmulticast mode [ 87.252594][ T5770] bridge_slave_0: entered promiscuous mode [ 87.264255][ T5770] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.277313][ T5770] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.284633][ T5770] bridge_slave_1: entered allmulticast mode [ 87.294946][ T5770] bridge_slave_1: entered promiscuous mode [ 87.307205][ T5771] team0: Port device team_slave_1 added [ 87.442265][ T5771] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.450253][ T5771] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.492641][ T5771] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.509570][ T5780] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.541859][ T5777] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.568845][ T5771] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.576546][ T5771] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.604846][ T5771] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 87.626550][ T5780] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.656197][ T5777] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.669569][ T5770] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.721660][ T5780] team0: Port device team_slave_0 added [ 87.730855][ T5770] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.777205][ T5780] team0: Port device team_slave_1 added [ 87.827080][ T5771] hsr_slave_0: entered promiscuous mode [ 87.833872][ T5771] hsr_slave_1: entered promiscuous mode [ 87.872930][ T5777] team0: Port device team_slave_0 added [ 87.882254][ T5777] team0: Port device team_slave_1 added [ 87.890431][ T5780] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.897934][ T5780] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.926654][ T5783] Bluetooth: hci2: command tx timeout [ 87.932638][ T5780] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.937404][ T5774] Bluetooth: hci1: command tx timeout [ 87.947380][ T5780] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.950382][ T5783] Bluetooth: hci0: command tx timeout [ 87.958998][ T5780] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.964810][ T5786] Bluetooth: hci3: command tx timeout [ 87.997507][ T5780] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.014278][ T5770] team0: Port device team_slave_0 added [ 88.025478][ T5770] team0: Port device team_slave_1 added [ 88.128775][ T5777] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 88.136470][ T5777] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.163840][ T5777] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.177215][ T5777] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.184308][ T5777] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.210956][ T5777] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.246900][ T5770] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 88.254468][ T5770] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.284442][ T5770] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.301963][ T5770] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.309800][ T5770] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.341539][ T5770] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.422651][ T5777] hsr_slave_0: entered promiscuous mode [ 88.429892][ T5777] hsr_slave_1: entered promiscuous mode [ 88.437262][ T5777] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 88.445418][ T5777] Cannot create hsr debugfs directory [ 88.514095][ T5780] hsr_slave_0: entered promiscuous mode [ 88.521338][ T5780] hsr_slave_1: entered promiscuous mode [ 88.528165][ T5780] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 88.538634][ T5780] Cannot create hsr debugfs directory [ 88.564457][ T5770] hsr_slave_0: entered promiscuous mode [ 88.571280][ T5770] hsr_slave_1: entered promiscuous mode [ 88.578222][ T5770] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 88.586028][ T5770] Cannot create hsr debugfs directory [ 89.007826][ T5771] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 89.024279][ T5771] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 89.039073][ T5771] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 89.049880][ T5771] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 89.143472][ T5777] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 89.162992][ T5777] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 89.177697][ T5777] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 89.193225][ T5777] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 89.289270][ T5780] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 89.300871][ T5780] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 89.312640][ T5780] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 89.325119][ T5780] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 89.423171][ T5770] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 89.461512][ T5770] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 89.473675][ T5770] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 89.493899][ T5770] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 89.523598][ T5771] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.595475][ T5771] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.635707][ T2960] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.645241][ T2960] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.668341][ T5777] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.696452][ T2960] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.703858][ T2960] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.793303][ T5777] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.843074][ T60] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.850942][ T60] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.862220][ T60] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.869562][ T60] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.961627][ T5780] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.989480][ T5770] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.998481][ T5786] Bluetooth: hci2: command tx timeout [ 90.007321][ T5786] Bluetooth: hci0: command tx timeout [ 90.012937][ T5786] Bluetooth: hci1: command tx timeout [ 90.044739][ T5770] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.075394][ T1094] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.082944][ T1094] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.086076][ T5786] Bluetooth: hci3: command tx timeout [ 90.133348][ T5780] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.149941][ T5777] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 90.161645][ T5777] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 90.179668][ T60] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.187439][ T60] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.230781][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.238032][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.323358][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.330668][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.465482][ T5771] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.630727][ T5771] veth0_vlan: entered promiscuous mode [ 90.679260][ T5771] veth1_vlan: entered promiscuous mode [ 90.805858][ T5771] veth0_macvtap: entered promiscuous mode [ 90.855191][ T5777] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.874535][ T5771] veth1_macvtap: entered promiscuous mode [ 90.942966][ T5771] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 90.972826][ T5770] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.992307][ T5771] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.048250][ T5771] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.058570][ T5771] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.068404][ T5771] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.077929][ T5771] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.093500][ T5777] veth0_vlan: entered promiscuous mode [ 91.140453][ T5777] veth1_vlan: entered promiscuous mode [ 91.233703][ T5780] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 91.336846][ T5777] veth0_macvtap: entered promiscuous mode [ 91.368060][ T5770] veth0_vlan: entered promiscuous mode [ 91.393722][ T2932] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.412109][ T2932] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.419374][ T5777] veth1_macvtap: entered promiscuous mode [ 91.479758][ T5780] veth0_vlan: entered promiscuous mode [ 91.491263][ T5770] veth1_vlan: entered promiscuous mode [ 91.509207][ T1094] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.519470][ T5777] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.530506][ T5777] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.536019][ T1094] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.546486][ T5777] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.577496][ T5777] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.591265][ T5777] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.604545][ T5777] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.620019][ T5780] veth1_vlan: entered promiscuous mode [ 91.639509][ T5777] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.659505][ T5777] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.668955][ T5777] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.679333][ T5777] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.849902][ T5780] veth0_macvtap: entered promiscuous mode [ 91.901080][ T5780] veth1_macvtap: entered promiscuous mode [ 91.923001][ T5770] veth0_macvtap: entered promiscuous mode [ 91.964958][ T5770] veth1_macvtap: entered promiscuous mode [ 92.024096][ T1094] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.053764][ T1094] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.076785][ T5786] Bluetooth: hci0: command tx timeout [ 92.076806][ T5783] Bluetooth: hci1: command tx timeout [ 92.076845][ T5783] Bluetooth: hci2: command tx timeout [ 92.120567][ T5780] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 92.139683][ T5780] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.156789][ T5783] Bluetooth: hci3: command tx timeout [ 92.170606][ T5780] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 92.206134][ T5780] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.251208][ T9] cfg80211: failed to load regulatory.db [ 92.254234][ T5780] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 92.345624][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 92.362169][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.380855][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 92.393589][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.406510][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 92.420746][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.435038][ T5770] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 92.455740][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.462556][ T5780] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 92.476021][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.494431][ T5780] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.506228][ T5780] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 92.520391][ T5780] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.539249][ T5780] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 92.610085][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 92.624683][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.648750][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 92.668692][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.685714][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 92.708935][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.731185][ T5770] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 92.755434][ T5780] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.785911][ T5780] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.795233][ T5780] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.821379][ T5780] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.860023][ T5770] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.880162][ T27] audit: type=1326 audit(1750251165.491:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5848 comm="syz.2.7" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39f9d8e929 code=0x7ffc0000 [ 92.883628][ T5770] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.919519][ T27] audit: type=1326 audit(1750251165.491:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5848 comm="syz.2.7" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39f9d8e929 code=0x7ffc0000 [ 92.947501][ T27] audit: type=1326 audit(1750251165.531:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5848 comm="syz.2.7" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f39f9d8e929 code=0x7ffc0000 [ 92.961413][ T5770] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.979318][ T27] audit: type=1326 audit(1750251165.531:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5848 comm="syz.2.7" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39f9d8e929 code=0x7ffc0000 [ 93.004877][ T5770] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.014509][ T27] audit: type=1326 audit(1750251165.531:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5848 comm="syz.2.7" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f39f9d8e929 code=0x7ffc0000 [ 93.043500][ T27] audit: type=1326 audit(1750251165.531:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5848 comm="syz.2.7" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39f9d8e929 code=0x7ffc0000 [ 93.101191][ T27] audit: type=1326 audit(1750251165.531:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5848 comm="syz.2.7" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39f9d8e929 code=0x7ffc0000 [ 93.235954][ T27] audit: type=1326 audit(1750251165.531:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5848 comm="syz.2.7" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f39f9d8e929 code=0x7ffc0000 [ 93.272812][ T27] audit: type=1326 audit(1750251165.531:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5848 comm="syz.2.7" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39f9d8e929 code=0x7ffc0000 [ 93.313013][ T27] audit: type=1326 audit(1750251165.531:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5848 comm="syz.2.7" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39f9d8e929 code=0x7ffc0000 [ 93.411725][ T2960] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.442811][ T2960] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.608398][ T1094] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.630248][ T1094] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.642689][ T39] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.678061][ T39] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.791204][ T1094] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.846049][ T1094] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.010045][ T5859] netlink: 104 bytes leftover after parsing attributes in process `syz.1.10'. [ 94.156297][ T5783] Bluetooth: hci2: command tx timeout [ 94.161862][ T5774] Bluetooth: hci0: command tx timeout [ 94.164659][ T5786] Bluetooth: hci1: command tx timeout [ 94.246563][ T5786] Bluetooth: hci3: command tx timeout [ 94.545460][ T5873] syz.0.15[5873]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 94.710844][ T5873] loop0: detected capacity change from 0 to 4096 [ 94.938735][ T5880] loop1: detected capacity change from 0 to 256 [ 94.958094][ T5880] ======================================================= [ 94.958094][ T5880] WARNING: The mand mount option has been deprecated and [ 94.958094][ T5880] and is ignored by this kernel. Remove the mand [ 94.958094][ T5880] option from the mount to silence this warning. [ 94.958094][ T5880] ======================================================= [ 95.284807][ T5885] TCP: tcp_parse_options: Illegal window scaling value 236 > 14 received [ 96.262999][ T5894] loop0: detected capacity change from 0 to 32768 [ 96.278987][ T5894] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz.0.22 (5894) [ 96.336703][ T5894] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 96.367025][ T28] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 96.389157][ T5894] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 96.407723][ T5894] BTRFS info (device loop0): using free space tree [ 96.575680][ T5894] BTRFS info (device loop0): enabling ssd optimizations [ 96.591293][ T5894] BTRFS info (device loop0): auto enabling async discard [ 96.600950][ T28] usb 4-1: Using ep0 maxpacket: 8 [ 96.637645][ T28] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 96.666362][ T28] usb 4-1: New USB device found, idVendor=1345, idProduct=3008, bcdDevice= 0.00 [ 96.722970][ T28] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 96.772577][ T28] usb 4-1: config 0 descriptor?? [ 97.063726][ T5908] loop2: detected capacity change from 0 to 40427 [ 97.146246][ T5908] F2FS-fs (loop2): Insane cp_payload (553648128 >= 504) [ 97.186591][ T5908] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 97.237092][ T5908] F2FS-fs (loop2): build fault injection attr: rate: 17008, type: 0x7ffff [ 97.291474][ T5908] F2FS-fs (loop2): build fault injection attr: rate: 0, type: 0x1f8 [ 97.294036][ T5770] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 97.334472][ T5908] F2FS-fs (loop2): invalid crc value [ 97.371477][ T5908] F2FS-fs (loop2): Found nat_bits in checkpoint [ 97.434605][ T28] sony 0003:1345:3008.0001: hiddev0,hidraw0: USB HID v80.07 Device [HID 1345:3008] on usb-dummy_hcd.3-1/input0 [ 97.494403][ T28] sony 0003:1345:3008.0001: failed to claim input [ 97.778591][ T5908] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 97.876761][ T5908] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 98.142921][ T5908] syz.2.30: attempt to access beyond end of device [ 98.142921][ T5908] loop2: rw=2049, sector=45096, nr_sectors = 136 limit=40427 [ 98.222749][ T5942] syz.2.30: attempt to access beyond end of device [ 98.222749][ T5942] loop2: rw=34817, sector=77824, nr_sectors = 8 limit=40427 [ 98.352757][ T5771] syz-executor: attempt to access beyond end of device [ 98.352757][ T5771] loop2: rw=2049, sector=45232, nr_sectors = 8 limit=40427 [ 98.397576][ T5771] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 98.769451][ T5949] @: renamed from vlan0 (while UP) [ 98.880346][ T5952] loop0: detected capacity change from 0 to 256 [ 99.522218][ T5786] Bluetooth: hci2: ISO packet for unknown connection handle 0 [ 99.587029][ T23] usb 4-1: USB disconnect, device number 2 [ 99.711899][ T5966] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 100.284328][ T5983] netlink: 'syz.0.54': attribute type 1 has an invalid length. [ 100.295931][ T5983] netlink: 168864 bytes leftover after parsing attributes in process `syz.0.54'. [ 100.595457][ T5989] loop0: detected capacity change from 0 to 2048 [ 100.671324][ T5989] UDF-fs: warning (device loop0): udf_load_vrs: No anchor found [ 100.695582][ T5989] UDF-fs: Scanning with blocksize 512 failed [ 100.770408][ T5989] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 100.977325][ T27] kauditd_printk_skb: 8 callbacks suppressed [ 100.977341][ T27] audit: type=1800 audit(1750251173.581:20): pid=5989 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.56" name="bus" dev="loop0" ino=830 res=0 errno=0 [ 101.575934][ T28] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 101.765343][ T28] usb 4-1: Using ep0 maxpacket: 16 [ 101.778557][ T28] usb 4-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config [ 101.806387][ T28] usb 4-1: config 7 interface 0 altsetting 5 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 101.841079][ T28] usb 4-1: config 7 interface 0 altsetting 5 endpoint 0x81 has invalid wMaxPacketSize 0 [ 101.863164][ T28] usb 4-1: config 7 interface 0 altsetting 5 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 101.905941][ T28] usb 4-1: config 7 interface 0 has no altsetting 0 [ 101.933489][ T28] usb 4-1: New USB device found, idVendor=0458, idProduct=5010, bcdDevice= 0.00 [ 101.964277][ T28] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 102.002573][ T5997] loop2: detected capacity change from 0 to 40427 [ 102.042619][ T5997] F2FS-fs (loop2): invalid crc value [ 102.103565][ T5997] F2FS-fs (loop2): Found nat_bits in checkpoint [ 102.292188][ T5997] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4 [ 102.450203][ T5997] syz.2.59: attempt to access beyond end of device [ 102.450203][ T5997] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 102.493595][ T5997] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 102.524452][ T28] input: HID 0458:5010 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:7.0/0003:0458:5010.0002/input/input5 [ 102.714063][ T28] kye 0003:0458:5010.0002: input,hiddev0,hidraw0: USB HID v2.00 Device [HID 0458:5010] on usb-dummy_hcd.3-1/input0 [ 102.813331][ T28] usb 4-1: USB disconnect, device number 3 [ 102.954505][ T6008] loop0: detected capacity change from 0 to 40427 [ 103.040637][ T6008] F2FS-fs (loop0): invalid crc value [ 103.053820][ T6019] fido_id[6019]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory [ 103.091640][ T6008] F2FS-fs (loop0): Found nat_bits in checkpoint [ 103.092735][ T6014] loop1: detected capacity change from 0 to 32768 [ 103.152141][ T6014] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 scanned by syz.1.67 (6014) [ 103.188993][ T6014] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 103.249485][ T6014] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 103.295970][ T6014] BTRFS info (device loop1): enabling auto defrag [ 103.313177][ T6008] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 103.338709][ T6014] BTRFS info (device loop1): doing ref verification [ 103.361390][ T6014] BTRFS info (device loop1): use no compression [ 103.369815][ T6014] BTRFS info (device loop1): force clearing of disk cache [ 103.388510][ T6014] BTRFS info (device loop1): setting nodatacow, compression disabled [ 103.407414][ T6014] BTRFS info (device loop1): disabling free space tree [ 103.805130][ T6014] BTRFS info (device loop1): enabling ssd optimizations [ 103.819454][ T6040] loop3: detected capacity change from 0 to 1024 [ 103.826846][ T6014] BTRFS info (device loop1): auto enabling async discard [ 103.866228][ T5770] syz-executor: attempt to access beyond end of device [ 103.866228][ T5770] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 103.884871][ T6014] BTRFS info (device loop1): rebuilding free space tree [ 103.894713][ T5770] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 103.973640][ T6040] Quota error (device loop3): do_check_range: Getting block 64 out of range 1-5 [ 104.016166][ T6040] Quota error (device loop3): qtree_read_dquot: Can't read quota structure for id 0 [ 104.036976][ T6014] BTRFS info (device loop1): disabling free space tree [ 104.044522][ T6014] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 104.064130][ T6040] EXT4-fs error (device loop3): ext4_acquire_dquot:6938: comm syz.3.69: Failed to acquire dquot type 0 [ 104.085443][ T6014] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 104.188254][ T6040] EXT4-fs error (device loop3): mb_free_blocks:1943: group 0, inode 13: block 144:freeing already freed block (bit 9); block bitmap corrupt. [ 104.214584][ T6040] EXT4-fs error (device loop3): ext4_do_update_inode:5224: inode #13: comm syz.3.69: corrupted inode contents [ 104.234309][ T6040] EXT4-fs error (device loop3): ext4_dirty_inode:6100: inode #13: comm syz.3.69: mark_inode_dirty error [ 104.260316][ T6040] EXT4-fs error (device loop3): ext4_do_update_inode:5224: inode #13: comm syz.3.69: corrupted inode contents [ 104.279290][ T6040] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #13: comm syz.3.69: mark_inode_dirty error [ 104.309211][ T6040] EXT4-fs error (device loop3): ext4_do_update_inode:5224: inode #13: comm syz.3.69: corrupted inode contents [ 104.353003][ T6040] EXT4-fs error (device loop3) in ext4_orphan_del:305: Corrupt filesystem [ 104.386999][ T6040] EXT4-fs error (device loop3): ext4_do_update_inode:5224: inode #13: comm syz.3.69: corrupted inode contents [ 104.419192][ T6040] EXT4-fs error (device loop3): ext4_truncate:4283: inode #13: comm syz.3.69: mark_inode_dirty error [ 104.424628][ T27] audit: type=1800 audit(1750251177.031:21): pid=6014 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.67" name="file1" dev="loop1" ino=260 res=0 errno=0 [ 104.499965][ T6040] EXT4-fs error (device loop3) in ext4_process_orphan:347: Corrupt filesystem [ 104.569484][ T6040] EXT4-fs (loop3): 1 truncate cleaned up [ 104.616488][ T6040] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 104.835180][ T6040] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 ro. [ 104.979548][ T5777] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 104.992203][ T6040] EXT4-fs (loop3): warning: mounting fs with errors, running e2fsck is recommended [ 105.016809][ T6040] Quota error (device loop3): do_check_range: Getting block 64 out of range 1-5 [ 105.071827][ T6040] Quota error (device loop3): qtree_read_dquot: Can't read quota structure for id 0 [ 105.126906][ T6040] EXT4-fs error (device loop3): ext4_acquire_dquot:6938: comm syz.3.69: Failed to acquire dquot type 0 [ 105.208764][ T6040] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 r/w. [ 105.488318][ T5780] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 105.616212][ T28] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 105.717903][ T6052] loop2: detected capacity change from 0 to 32768 [ 105.783084][ T6052] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 scanned by syz.2.71 (6052) [ 105.836765][ T28] usb 2-1: Using ep0 maxpacket: 8 [ 105.848832][ T28] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 105.862594][ T6052] BTRFS info (device loop2): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 105.888024][ T28] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 105.907315][ T6052] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 105.923787][ T28] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 105.943918][ T6052] BTRFS info (device loop2): enabling auto defrag [ 105.957451][ T28] usb 2-1: config 0 descriptor?? [ 105.975156][ T6052] BTRFS info (device loop2): doing ref verification [ 105.995442][ T6052] BTRFS info (device loop2): use no compression [ 106.030926][ T6052] BTRFS info (device loop2): force clearing of disk cache [ 106.049813][ T6052] BTRFS info (device loop2): setting nodatacow, compression disabled [ 106.072696][ T6052] BTRFS info (device loop2): disabling free space tree [ 106.236435][ T28] iowarrior 2-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 106.300807][ T6057] loop0: detected capacity change from 0 to 32768 [ 106.306097][ T6052] BTRFS info (device loop2): enabling ssd optimizations [ 106.343134][ T6052] BTRFS info (device loop2): auto enabling async discard [ 106.371321][ T6057] (syz.0.70,6057,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 106.395443][ T6052] BTRFS info (device loop2): rebuilding free space tree [ 106.406790][ T6057] (syz.0.70,6057,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 106.452598][ T6052] BTRFS info (device loop2): disabling free space tree [ 106.468714][ T6052] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 106.520499][ T6052] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 106.584147][ T6057] JBD2: Ignoring recovery information on journal [ 106.945445][ T8] usb 2-1: USB disconnect, device number 2 [ 107.077263][ T6057] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 107.635905][ T6057] (syz.0.70,6057,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0x98842a5e, computed 0xe74db1cd. Applying ECC. [ 109.636305][ T5771] BTRFS info (device loop2): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 109.674256][ T5770] ocfs2: Unmounting device (7,0) on (node local) [ 110.168497][ T6096] loop1: detected capacity change from 0 to 1024 [ 110.718091][ T6111] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 110.979995][ T6119] netlink: 'syz.2.89': attribute type 39 has an invalid length. [ 111.044173][ T6121] serio: Serial port ttyS3 [ 111.562871][ T6135] loop2: detected capacity change from 0 to 128 [ 111.607160][ T6135] EXT4-fs: Ignoring removed nobh option [ 111.677886][ T6135] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 111.697825][ T6135] ext4 filesystem being mounted at /24/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 111.747285][ T6136] loop0: detected capacity change from 0 to 4096 [ 111.852950][ T5771] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 111.945959][ T28] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 112.157193][ T28] usb 2-1: Using ep0 maxpacket: 16 [ 112.167848][ T28] usb 2-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config [ 112.199230][ T28] usb 2-1: config 7 interface 0 altsetting 5 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 112.251343][ T28] usb 2-1: config 7 interface 0 altsetting 5 endpoint 0x81 has invalid wMaxPacketSize 0 [ 112.282104][ T28] usb 2-1: config 7 interface 0 altsetting 5 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 112.317137][ T6149] netlink: 'syz.2.102': attribute type 4 has an invalid length. [ 112.324778][ T28] usb 2-1: config 7 interface 0 has no altsetting 0 [ 112.357445][ T28] usb 2-1: New USB device found, idVendor=0458, idProduct=5010, bcdDevice= 0.00 [ 112.386190][ T28] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 112.918773][ T28] input: HID 0458:5010 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:7.0/0003:0458:5010.0003/input/input6 [ 113.081310][ T28] kye 0003:0458:5010.0003: input,hiddev0,hidraw0: USB HID v2.00 Device [HID 0458:5010] on usb-dummy_hcd.1-1/input0 [ 113.090094][ T6163] loop2: detected capacity change from 0 to 1024 [ 113.100975][ T6163] Quota error (device loop2): do_check_range: Getting block 64 out of range 1-5 [ 113.101075][ T6163] Quota error (device loop2): qtree_read_dquot: Can't read quota structure for id 0 [ 113.101097][ T6163] EXT4-fs error (device loop2): ext4_acquire_dquot:6938: comm syz.2.109: Failed to acquire dquot type 0 [ 113.102790][ T6163] EXT4-fs error (device loop2): mb_free_blocks:1943: group 0, inode 13: block 144:freeing already freed block (bit 9); block bitmap corrupt. [ 113.103811][ T6163] EXT4-fs error (device loop2): ext4_do_update_inode:5224: inode #13: comm syz.2.109: corrupted inode contents [ 113.104298][ T6163] EXT4-fs error (device loop2): ext4_dirty_inode:6100: inode #13: comm syz.2.109: mark_inode_dirty error [ 113.104708][ T6163] EXT4-fs error (device loop2): ext4_do_update_inode:5224: inode #13: comm syz.2.109: corrupted inode contents [ 113.105062][ T6163] EXT4-fs error (device loop2): __ext4_ext_dirty:202: inode #13: comm syz.2.109: mark_inode_dirty error [ 113.105470][ T6163] EXT4-fs error (device loop2): ext4_do_update_inode:5224: inode #13: comm syz.2.109: corrupted inode contents [ 113.110182][ T6163] EXT4-fs error (device loop2) in ext4_orphan_del:305: Corrupt filesystem [ 113.131471][ T6163] EXT4-fs error (device loop2): ext4_do_update_inode:5224: inode #13: comm syz.2.109: corrupted inode contents [ 113.131917][ T6163] EXT4-fs error (device loop2): ext4_truncate:4283: inode #13: comm syz.2.109: mark_inode_dirty error [ 113.132331][ T6163] EXT4-fs error (device loop2) in ext4_process_orphan:347: Corrupt filesystem [ 113.175999][ T28] usb 2-1: USB disconnect, device number 3 [ 113.193671][ T6163] EXT4-fs (loop2): 1 truncate cleaned up [ 113.195213][ T6163] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 113.405207][ T6163] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000. [ 113.473730][ T6167] fido_id[6167]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/2-1/report_descriptor': No such file or directory [ 113.531104][ T5771] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 113.820210][ T6175] smc: net device bond0 applied user defined pnetid SYZ0 [ 113.931247][ T6175] smc: net device bond0 erased user defined pnetid SYZ0 [ 114.003226][ T6177] loop2: detected capacity change from 0 to 1024 [ 114.257106][ T2960] hfsplus: b-tree write err: -5, ino 4 [ 114.329943][ T6184] vivid-002: disconnect [ 114.357759][ T6183] vivid-002: reconnect [ 114.863567][ T28] Process accounting resumed [ 115.275407][ T6206] loop3: detected capacity change from 0 to 1024 [ 115.317128][ T6206] EXT4-fs: Ignoring removed oldalloc option [ 115.323142][ T6206] EXT4-fs: Ignoring removed bh option [ 115.360726][ T6206] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 115.431435][ T6206] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 115.657763][ T6214] loop0: detected capacity change from 0 to 2048 [ 115.767422][ T6214] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 115.780432][ T6225] netlink: 'syz.1.133': attribute type 1 has an invalid length. [ 115.860282][ T6225] 8021q: adding VLAN 0 to HW filter on device bond1 [ 115.951463][ T5780] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 116.051588][ T6227] bond1: (slave geneve2): making interface the new active one [ 116.104394][ T6227] bond1: (slave geneve2): Enslaving as an active interface with an up link [ 116.362749][ T6227] syz.1.133 (6227) used greatest stack depth: 19856 bytes left [ 116.396559][ T5770] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 116.906021][ T5821] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 122.105946][ T5821] usb 1-1: device descriptor read/64, error -110 [ 122.487597][ T6264] netlink: 8 bytes leftover after parsing attributes in process `syz.0.145'. [ 122.515993][ T6264] Zero length message leads to an empty skb [ 122.656184][ C1] Unknown status report in ack skb [ 122.673537][ T6272] netlink: 4 bytes leftover after parsing attributes in process `syz.0.147'. [ 122.872887][ T27] audit: type=1107 audit(1750251195.481:22): pid=6275 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='Ù' [ 123.147286][ T6281] loop2: detected capacity change from 0 to 4096 [ 123.466198][ T27] audit: type=1800 audit(1750251196.071:23): pid=6281 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.151" name="file1" dev="loop2" ino=33 res=0 errno=0 [ 123.937333][ T6300] loop2: detected capacity change from 0 to 512 [ 123.955125][ T6300] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 123.976342][ T5821] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 123.983662][ T6300] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 124.030383][ T6300] EXT4-fs (loop2): 1 truncate cleaned up [ 124.053183][ T6300] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 124.203879][ T5821] usb 1-1: New USB device found, idVendor=0b95, idProduct=772b, bcdDevice=a2.4c [ 124.217178][ T5821] usb 1-1: New USB device strings: Mfr=24, Product=2, SerialNumber=3 [ 124.226114][ T5821] usb 1-1: Product: syz [ 124.230871][ T5821] usb 1-1: Manufacturer: syz [ 124.239093][ T5821] usb 1-1: SerialNumber: syz [ 124.251121][ T5771] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 124.267126][ T5821] usb 1-1: config 0 descriptor?? [ 124.548165][ T5821] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -61 [ 124.601713][ T5821] asix: probe of 1-1:0.0 failed with error -61 [ 125.203021][ T6315] loop0: detected capacity change from 0 to 1024 [ 125.243508][ T6319] loop3: detected capacity change from 0 to 128 [ 125.276988][ T6315] EXT4-fs (loop0): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 125.343107][ T6319] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256 [ 125.370576][ T6315] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869) [ 125.460412][ T6315] JBD2: no valid journal superblock found [ 125.491809][ T6319] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 125.504774][ T6315] EXT4-fs (loop0): Could not load journal inode [ 125.715809][ C1] sched: RT throttling activated [ 126.296566][ T6326] loop2: detected capacity change from 0 to 16 [ 126.424876][ T6326] erofs: (device loop2): mounted with root inode @ nid 36. [ 126.547505][ T6326] erofs: (device loop2): z_erofs_fill_inode_lazy: invalid tail-packing pclustersize 0 [ 126.597480][ T6326] erofs: (device loop2): z_erofs_readahead: readahead error at folio 2 @ nid 89 [ 126.655536][ T6326] erofs: (device loop2): z_erofs_fill_inode_lazy: invalid tail-packing pclustersize 0 [ 126.711519][ T6326] erofs: (device loop2): z_erofs_readahead: readahead error at folio 1 @ nid 89 [ 126.743470][ T6326] erofs: (device loop2): z_erofs_fill_inode_lazy: invalid tail-packing pclustersize 0 [ 126.779866][ T6326] erofs: (device loop2): z_erofs_readahead: readahead error at folio 0 @ nid 89 [ 126.802459][ T6326] erofs: (device loop2): z_erofs_fill_inode_lazy: invalid tail-packing pclustersize 0 [ 126.819665][ T6326] erofs: (device loop2): z_erofs_fill_inode_lazy: invalid tail-packing pclustersize 0 [ 126.832434][ T6326] erofs: (device loop2): z_erofs_read_folio: read error -117 @ 0 of nid 89 [ 126.845976][ T27] audit: type=1800 audit(1750251199.461:24): pid=6326 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.171" name="file2" dev="loop2" ino=89 res=0 errno=0 [ 127.313987][ T5821] usb 1-1: USB disconnect, device number 4 [ 127.399923][ T6310] loop1: detected capacity change from 0 to 262144 [ 127.420230][ T6310] BTRFS: device fsid 7e32c2af-f87a-45a1-bcba-64dea7c56a53 devid 1 transid 8 /dev/loop1 scanned by syz.1.162 (6310) [ 127.444892][ T6310] BTRFS info (device loop1): first mount of filesystem 7e32c2af-f87a-45a1-bcba-64dea7c56a53 [ 127.455452][ T6310] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm [ 127.465279][ T6310] BTRFS info (device loop1): using free space tree [ 127.549653][ T6349] loop0: detected capacity change from 0 to 2048 [ 127.564971][ T6349] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024) [ 127.630912][ T6349] syz.0.176: attempt to access beyond end of device [ 127.630912][ T6349] loop0: rw=524288, sector=33554430, nr_sectors = 2 limit=2048 [ 127.659593][ T6356] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 127.685357][ T6310] BTRFS info (device loop1): enabling ssd optimizations [ 127.694564][ T6310] BTRFS info (device loop1): auto enabling async discard [ 127.768135][ T5777] BTRFS info (device loop1): last unmount of filesystem 7e32c2af-f87a-45a1-bcba-64dea7c56a53 [ 127.880761][ T6349] NILFS (loop0): bad btree node (ino=16, blocknr=15): level = 93, flags = 0x6, nchildren = 9 [ 127.898351][ T6349] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 127.923520][ T6349] Remounting filesystem read-only [ 127.930692][ T6349] NILFS (loop0): bad btree node (ino=16, blocknr=15): level = 93, flags = 0x6, nchildren = 9 [ 127.941381][ T6361] NILFS (loop0): mounting fs with errors [ 127.943351][ T6349] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 128.026636][ T6349] Remounting filesystem read-only [ 128.037536][ T6349] NILFS (loop0): bad btree node (ino=16, blocknr=15): level = 93, flags = 0x6, nchildren = 9 [ 128.049760][ T6349] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 128.062093][ T6349] NILFS (loop0): bad btree node (ino=16, blocknr=15): level = 93, flags = 0x6, nchildren = 9 [ 128.073394][ T6349] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 128.109453][ T6349] NILFS (loop0): bad btree node (ino=16, blocknr=15): level = 93, flags = 0x6, nchildren = 9 [ 128.122494][ T6349] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 128.137438][ T6349] NILFS (loop0): bad btree node (ino=16, blocknr=15): level = 93, flags = 0x6, nchildren = 9 [ 128.151929][ T6349] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 128.166596][ T6349] NILFS (loop0): bad btree node (ino=16, blocknr=15): level = 93, flags = 0x6, nchildren = 9 [ 128.179023][ T6349] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 128.190917][ T6349] NILFS (loop0): bad btree node (ino=16, blocknr=15): level = 93, flags = 0x6, nchildren = 9 [ 128.203649][ T6349] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 128.214864][ T6349] NILFS (loop0): bad btree node (ino=16, blocknr=15): level = 93, flags = 0x6, nchildren = 9 [ 128.226171][ T6349] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 128.234410][ T6363] loop2: detected capacity change from 0 to 256 [ 128.244504][ T5779] BTRFS: device fsid 7e32c2af-f87a-45a1-bcba-64dea7c56a53 devid 1 transid 9 /dev/loop1 scanned by udevd (5779) [ 128.268057][ T6349] NILFS (loop0): bad btree node (ino=16, blocknr=15): level = 93, flags = 0x6, nchildren = 9 [ 128.280515][ T6349] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 128.303928][ T6349] NILFS (loop0): bad btree node (ino=16, blocknr=15): level = 93, flags = 0x6, nchildren = 9 [ 128.318886][ T6349] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 128.346685][ T6349] NILFS (loop0): bad btree node (ino=16, blocknr=15): level = 93, flags = 0x6, nchildren = 9 [ 128.357440][ T6349] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 128.377890][ T6349] NILFS (loop0): bad btree node (ino=16, blocknr=15): level = 93, flags = 0x6, nchildren = 9 [ 128.388348][ T6349] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 128.401645][ T6349] NILFS (loop0): bad btree node (ino=16, blocknr=15): level = 93, flags = 0x6, nchildren = 9 [ 128.414018][ T6349] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 128.427063][ T6349] NILFS (loop0): bad btree node (ino=16, blocknr=15): level = 93, flags = 0x6, nchildren = 9 [ 128.438549][ T6349] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 128.457166][ T6349] NILFS (loop0): bad btree node (ino=16, blocknr=15): level = 93, flags = 0x6, nchildren = 9 [ 128.468847][ T6349] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 128.494064][ T27] audit: type=1800 audit(1750251201.091:25): pid=6349 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.176" name="file2" dev="loop0" ino=16 res=0 errno=0 [ 128.552427][ T6349] syz.0.176 (6349) used greatest stack depth: 18992 bytes left [ 130.272512][ T6374] loop1: detected capacity change from 0 to 32768 [ 130.297174][ T6374] XFS: attr2 mount option is deprecated. [ 130.419736][ T6374] XFS (loop1): DAX unsupported by block device. Turning off DAX. [ 130.463181][ T6395] netlink: 'syz.0.191': attribute type 12 has an invalid length. [ 130.480886][ T6374] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 130.573224][ T6400] loop3: detected capacity change from 0 to 256 [ 130.630067][ T6400] exFAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 130.692996][ T6400] exFAT-fs (loop3): Medium has reported failures. Some data may be lost. [ 130.729041][ T6374] XFS (loop1): Ending clean mount [ 130.780536][ T6400] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000ff98, chksum : 0xc64c1d22, utbl_chksum : 0xe619d30d) [ 130.809429][ T6374] XFS (loop1): Quotacheck needed: Please wait. [ 130.974711][ T6374] XFS (loop1): Quotacheck: Done. [ 131.281831][ T27] audit: type=1804 audit(1750251203.891:26): pid=6374 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.183" name="/newroot/44/file0/file1" dev="loop1" ino=4422 res=1 errno=0 [ 131.676875][ T5777] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 131.908147][ T6417] loop3: detected capacity change from 0 to 512 [ 132.020206][ T6417] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 132.116109][ T6417] ext4 filesystem being mounted at /55/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 132.466751][ T5780] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 132.612515][ T6408] loop0: detected capacity change from 0 to 32768 [ 132.693498][ T6408] (syz.0.195,6408,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 132.778889][ T6408] (syz.0.195,6408,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 132.979309][ T6408] JBD2: Ignoring recovery information on journal [ 133.180451][ T6408] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 133.207493][ T1280] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.217258][ T1280] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.243998][ T6445] netlink: 12 bytes leftover after parsing attributes in process `syz.1.206'. [ 133.362795][ T6450] loop2: detected capacity change from 0 to 128 [ 133.442190][ T6450] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 133.510923][ T6455] netlink: 'syz.3.210': attribute type 4 has an invalid length. [ 133.559634][ T6450] ext4 filesystem being mounted at /61/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 133.642298][ T6457] syzkaller0: refused to change device tx_queue_len [ 133.758313][ T5771] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 133.865339][ T6456] syz.0.195 (6456) used greatest stack depth: 17200 bytes left [ 134.026888][ T5770] ocfs2: Unmounting device (7,0) on (node local) [ 134.236690][ T8] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 134.287623][ T6471] syz.3.217[6471] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 134.287904][ T6471] syz.3.217[6471] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 134.446694][ T6476] syz.3.219 uses obsolete (PF_INET,SOCK_PACKET) [ 134.465948][ T8] usb 2-1: Using ep0 maxpacket: 8 [ 134.486824][ T8] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 134.505071][ T8] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 134.519087][ T8] usb 2-1: Product: syz [ 134.523625][ T8] usb 2-1: Manufacturer: syz [ 134.530530][ T8] usb 2-1: SerialNumber: syz [ 134.554547][ T8] usb 2-1: config 0 descriptor?? [ 134.806360][ T8] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 135.425064][ T8] dvb_usb_rtl28xxu: probe of 2-1:0.0 failed with error -32 [ 135.454349][ T8] usb 2-1: USB disconnect, device number 4 [ 136.372055][ T6522] loop1: detected capacity change from 0 to 2048 [ 136.423271][ T6522] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024) [ 136.495582][ T6526] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 136.530052][ T6023] udevd[6023]: incorrect nilfs2 checksum on /dev/loop1 [ 136.784319][ T2960] bond0: (slave bond_slave_0): interface is now down [ 136.798010][ T6534] netlink: 'syz.2.241': attribute type 10 has an invalid length. [ 136.819416][ T2960] bond0: (slave bond_slave_1): interface is now down [ 136.833312][ T6536] loop0: detected capacity change from 0 to 128 [ 136.841519][ T6534] syz_tun: entered promiscuous mode [ 136.857223][ T2932] bond0: (slave bond_slave_0): interface is now down [ 136.882245][ T2932] bond0: (slave bond_slave_1): interface is now down [ 136.905316][ T6536] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 136.937086][ T12] bond0: (slave bond_slave_0): interface is now down [ 136.944207][ T12] bond0: (slave bond_slave_1): interface is now down [ 136.970296][ T6534] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 136.981881][ T6536] ext4 filesystem being mounted at /51/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 137.016367][ T12] bond0: (slave syz_tun): interface is now down [ 137.058785][ T12] bond0: now running without any active interface! [ 137.134589][ T6536] syz.0.242 (pid 6536) is setting deprecated v1 encryption policy; recommend upgrading to v2. [ 137.281241][ T5770] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 137.563606][ T6552] loop1: detected capacity change from 0 to 512 [ 137.587142][ T6552] EXT4-fs: Ignoring removed nomblk_io_submit option [ 137.615704][ T6552] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 137.653967][ T6552] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 137.697352][ T6552] EXT4-fs warning (device loop1): ext4_expand_extra_isize_ea:2867: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 137.734717][ T6555] loop7: detected capacity change from 0 to 16384 [ 137.794990][ T6552] EXT4-fs (loop1): 1 truncate cleaned up [ 137.827856][ T6552] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 137.919289][ T6532] loop3: detected capacity change from 0 to 40427 [ 137.948331][ T6532] F2FS-fs (loop3): build fault injection attr: rate: 690, type: 0x7ffff [ 137.989815][ T6532] F2FS-fs (loop3): Image doesn't support compression [ 138.014171][ T6532] F2FS-fs (loop3): heap/no_heap options were deprecated [ 138.054563][ T6532] F2FS-fs (loop3): Image doesn't support compression [ 138.079736][ T5777] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 138.127195][ T6532] F2FS-fs (loop3): invalid crc value [ 138.221610][ T6532] F2FS-fs (loop3): Found nat_bits in checkpoint [ 138.253820][ T6562] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 138.361661][ T6532] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 138.424233][ T6532] F2FS-fs (loop3): inject kvmalloc in f2fs_kvmalloc of f2fs_collapse_range+0x24a/0x390 [ 138.539236][ T5780] syz-executor: attempt to access beyond end of device [ 138.539236][ T5780] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 138.605966][ T5780] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 138.795588][ T6576] loop1: detected capacity change from 0 to 256 [ 138.864974][ T6576] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x89cb6648, utbl_chksum : 0xe619d30d) [ 140.014075][ T6608] loop2: detected capacity change from 0 to 1764 [ 140.440916][ T6615] input: syz1 as /devices/virtual/input/input7 [ 140.971475][ T6630] loop2: detected capacity change from 0 to 512 [ 140.993603][ T6630] EXT4-fs: Ignoring removed oldalloc option [ 141.007767][ T6630] EXT4-fs: inline encryption not supported [ 141.025539][ T6630] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -2 [ 141.037512][ T6630] EXT4-fs (loop2): 1 truncate cleaned up [ 141.044212][ T6630] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 141.297875][ T5771] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 141.507375][ T6641] loop2: detected capacity change from 0 to 16 [ 141.546365][ T6641] erofs: (device loop2): mounted with root inode @ nid 36. [ 141.905391][ T6635] loop1: detected capacity change from 0 to 32768 [ 141.967856][ T6648] loop2: detected capacity change from 0 to 2048 [ 142.074608][ T6635] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 142.081326][ T6648] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 142.234131][ T6635] XFS (loop1): Ending clean mount [ 142.251419][ T5771] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 142.288640][ T6635] XFS (loop1): Quotacheck needed: Please wait. [ 142.292581][ T5821] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 142.427816][ T6635] XFS (loop1): Quotacheck: Done. [ 142.502880][ T5821] usb 1-1: config 0 has no interfaces? [ 142.537548][ T5821] usb 1-1: New USB device found, idVendor=0fc5, idProduct=b080, bcdDevice= 0.00 [ 142.566040][ T5821] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 142.603316][ T5821] usb 1-1: config 0 descriptor?? [ 142.774859][ T5777] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 143.260457][ T6668] loop2: detected capacity change from 0 to 4096 [ 143.304632][ T6668] ntfs3: loop2: It is recommened to use chkdsk. [ 143.325422][ T6668] ntfs3: loop2: try to read out of volume at offset 0x3fffffc0c00 [ 143.348554][ T6668] ntfs3: loop2: try to read out of volume at offset 0x3fffffc0c00 [ 143.367158][ T6668] ntfs3: loop2: try to read out of volume at offset 0x3fffffc0c00 [ 143.377338][ T6668] ntfs3: loop2: try to read out of volume at offset 0x3fffffc0c00 [ 143.385732][ T6668] ntfs3: loop2: try to read out of volume at offset 0x3fffffc1c00 [ 143.427225][ T6668] ntfs3: loop2: try to read out of volume at offset 0x3fffffc2c00 [ 143.446408][ T6668] ntfs3: loop2: try to read out of volume at offset 0x3fffffc4c00 [ 143.475592][ T6668] ntfs3: loop2: try to read out of volume at offset 0x3fffffc8c00 [ 143.502705][ T6668] ntfs3: loop2: try to read out of volume at offset 0x3fffffd0c00 [ 143.849596][ T6676] netlink: 'syz.3.289': attribute type 1 has an invalid length. [ 143.939541][ T6676] bond1: entered promiscuous mode [ 143.940252][ T28] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 143.945613][ T6676] 8021q: adding VLAN 0 to HW filter on device bond1 [ 143.993988][ T6680] bond1: (slave bridge1): making interface the new active one [ 144.002725][ T6680] bridge1: entered promiscuous mode [ 144.009623][ T6680] bond1: (slave bridge1): Enslaving as an active interface with an up link [ 144.145934][ T28] usb 2-1: Using ep0 maxpacket: 32 [ 144.152103][ T6683] netlink: 8 bytes leftover after parsing attributes in process `syz.2.291'. [ 144.168676][ T28] usb 2-1: config 0 has no interfaces? [ 144.179130][ T28] usb 2-1: New USB device found, idVendor=05ef, idProduct=020a, bcdDevice=91.36 [ 144.201925][ T28] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 144.226099][ T28] usb 2-1: Product: syz [ 144.230741][ T28] usb 2-1: Manufacturer: syz [ 144.243031][ T28] usb 2-1: SerialNumber: syz [ 144.267037][ T28] usb 2-1: config 0 descriptor?? [ 144.327644][ T6685] loop3: detected capacity change from 0 to 2048 [ 144.395508][ T6685] Alternate GPT is invalid, using primary GPT. [ 144.410673][ T6685] loop3: p1 p2 p3 [ 144.575444][ T6672] netlink: 16 bytes leftover after parsing attributes in process `syz.1.287'. [ 144.613632][ T6672] netlink: 8 bytes leftover after parsing attributes in process `syz.1.287'. [ 144.654242][ T6672] netlink: 16 bytes leftover after parsing attributes in process `syz.1.287'. [ 144.696453][ T28] usb 2-1: USB disconnect, device number 5 [ 144.743235][ T6697] netlink: 12 bytes leftover after parsing attributes in process `syz.3.294'. [ 144.790522][ T6697] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 144.801151][ T6697] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 144.810266][ T6697] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 144.819239][ T6697] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 144.843578][ T5772] udevd[5772]: inotify_add_watch(7, /dev/loop3p2, 10) failed: No such file or directory [ 144.858452][ T5788] udevd[5788]: inotify_add_watch(7, /dev/loop3p3, 10) failed: No such file or directory [ 144.878856][ T6697] netdevsim netdevsim3 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 144.888469][ T6023] udevd[6023]: inotify_add_watch(7, /dev/loop3p1, 10) failed: No such file or directory [ 144.888475][ T6697] netdevsim netdevsim3 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 144.908533][ T6697] netdevsim netdevsim3 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 144.917641][ T6697] netdevsim netdevsim3 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 145.101014][ T8] usb 1-1: USB disconnect, device number 5 [ 145.138813][ T6701] netlink: 12 bytes leftover after parsing attributes in process `syz.2.295'. [ 145.357211][ T6707] netlink: 'syz.2.298': attribute type 10 has an invalid length. [ 145.427597][ T6709] loop1: detected capacity change from 0 to 1024 [ 145.465038][ T6709] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 145.502611][ T6707] bond0: (slave wlan1): Enslaving as an active interface with a down link [ 145.538970][ T27] audit: type=1800 audit(1750251218.151:27): pid=6709 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.299" name="file2" dev="loop1" ino=16 res=0 errno=0 [ 145.610033][ T6706] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 145.644050][ T5777] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 146.241161][ T6732] loop2: detected capacity change from 0 to 512 [ 146.280468][ T6732] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 146.329798][ T28] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 146.340890][ T6732] ext4 filesystem being mounted at /89/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 146.441811][ T27] audit: type=1800 audit(1750251219.051:28): pid=6732 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.307" name="bus" dev="loop2" ino=18 res=0 errno=0 [ 146.521579][ T5771] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 146.542849][ T28] usb 4-1: Using ep0 maxpacket: 32 [ 146.558850][ T28] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 146.575147][ T28] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 146.591840][ T28] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 146.601505][ T28] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 146.620339][ T28] usb 4-1: config 0 descriptor?? [ 146.645051][ T28] hub 4-1:0.0: USB hub found [ 146.732501][ T6736] loop2: detected capacity change from 0 to 256 [ 146.886975][ T28] hub 4-1:0.0: 1 port detected [ 147.122869][ T6742] loop1: detected capacity change from 0 to 64 [ 147.567403][ T28] hub 4-1:0.0: activate --> -90 [ 147.693104][ T6751] loop1: detected capacity change from 0 to 512 [ 147.716469][ T6751] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 147.765588][ T6751] EXT4-fs warning (device loop1): ext4_multi_mount_protect:318: fsck is running on the filesystem [ 147.778512][ T3372] usb 4-1: USB disconnect, device number 4 [ 147.805573][ T6751] EXT4-fs warning (device loop1): ext4_multi_mount_protect:318: MMP failure info: last update time: 1669132786, last update node: dvyukov-desk.muc.corp.google.com, last update device: loop4 [ 148.563785][ T27] audit: type=1326 audit(1750251221.171:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6764 comm="syz.3.321" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f85f7b8e929 code=0x7ffc0000 [ 148.595148][ T27] audit: type=1326 audit(1750251221.201:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6764 comm="syz.3.321" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f85f7b8e929 code=0x7ffc0000 [ 148.619522][ T27] audit: type=1326 audit(1750251221.201:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6764 comm="syz.3.321" exe="/root/syz-executor" sig=0 arch=c000003e syscall=207 compat=0 ip=0x7f85f7b8e929 code=0x7ffc0000 [ 148.700648][ T27] audit: type=1326 audit(1750251221.311:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6764 comm="syz.3.321" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f85f7b8e929 code=0x7ffc0000 [ 148.778435][ T27] audit: type=1326 audit(1750251221.311:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6764 comm="syz.3.321" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f85f7b8e929 code=0x7ffc0000 [ 149.285252][ T6783] loop3: detected capacity change from 0 to 512 [ 149.324841][ T6783] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 149.422127][ T6783] EXT4-fs (loop3): 1 truncate cleaned up [ 149.441531][ T6783] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 149.567822][ T6783] EXT4-fs error (device loop3): ext4_get_verity_descriptor_location:298: inode #15: comm syz.3.328: verity file has no extents [ 149.628349][ T6783] fs-verity (loop3, inode 15): Error -117 getting verity descriptor size [ 149.809592][ T5780] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 150.253803][ T6802] loop0: detected capacity change from 0 to 512 [ 150.269535][ T6802] EXT4-fs: Ignoring removed i_version option [ 150.323979][ T6802] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=e000c018, mo2=0002] [ 150.376052][ T6802] System zones: 0-2, 18-18, 34-35 [ 150.408875][ T6802] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 150.496260][ T6802] ext4 filesystem being mounted at /78/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 150.670784][ T5770] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 151.165921][ T6824] bond0: entered promiscuous mode [ 151.179474][ T6824] bond_slave_0: entered promiscuous mode [ 151.195176][ T6824] bond_slave_1: entered promiscuous mode [ 151.289700][ T6826] Driver unsupported XDP return value 0 on prog (id 69) dev N/A, expect packet loss! [ 151.359635][ T6807] loop2: detected capacity change from 0 to 32768 [ 151.399252][ T6807] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 151.443189][ T0] NOHZ tick-stop error: local softirq work is pending, handler #10!!! [ 151.454463][ T0] NOHZ tick-stop error: local softirq work is pending, handler #10!!! [ 151.464125][ T0] NOHZ tick-stop error: local softirq work is pending, handler #10!!! [ 151.494184][ T0] NOHZ tick-stop error: local softirq work is pending, handler #10!!! [ 151.513898][ T0] NOHZ tick-stop error: local softirq work is pending, handler #10!!! [ 151.749817][ T6807] XFS (loop2): Ending clean mount [ 151.779490][ T6807] XFS (loop2): Quotacheck needed: Please wait. [ 151.916601][ T6807] XFS (loop2): Quotacheck: Done. [ 152.217208][ T5771] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 152.236640][ T5820] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 152.462384][ T5820] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 152.495501][ T5820] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 152.522414][ T5820] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 152.570320][ T5820] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 152.604118][ T5820] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 152.628065][ T5820] usb 4-1: config 0 descriptor?? [ 152.786602][ T0] NOHZ tick-stop error: local softirq work is pending, handler #300!!! [ 152.796508][ T0] NOHZ tick-stop error: local softirq work is pending, handler #300!!! [ 152.845828][ T0] NOHZ tick-stop error: local softirq work is pending, handler #82!!! [ 153.225833][ T0] NOHZ tick-stop error: local softirq work is pending, handler #82!!! [ 153.265829][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 153.428906][ T6853] loop1: detected capacity change from 0 to 65536 [ 153.468213][ T6853] XFS (loop1): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 153.495499][ T6853] XFS (loop1): Ending clean mount [ 153.566978][ T5821] XFS (loop1): Metadata CRC error detected at xfs_agf_read_verify+0x191/0x250, xfs_agf block 0x1 [ 153.592126][ T5821] XFS (loop1): Unmount and run xfs_repair [ 153.653601][ T5820] plantronics 0003:047F:FFFF.0004: unknown main item tag 0xd [ 153.671998][ T5821] XFS (loop1): First 128 bytes of corrupted metadata buffer: [ 153.708629][ T5821] 00000000: 58 41 47 46 00 00 00 01 00 00 00 00 00 00 40 00 XAGF..........@. [ 153.720801][ T5820] plantronics 0003:047F:FFFF.0004: No inputs registered, leaving [ 153.752236][ T5821] 00000010: 00 00 00 02 00 00 00 03 00 00 00 00 00 00 00 01 ................ [ 153.756224][ T6868] loop0: detected capacity change from 0 to 128 [ 153.791554][ T5820] plantronics 0003:047F:FFFF.0004: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 153.816050][ T5821] 00000020: 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 04 ................ [ 153.825203][ T5821] 00000030: 00 00 00 04 00 00 3f ca 00 00 3f c7 00 00 00 00 ......?...?..... [ 153.871919][ T5821] 00000040: 9b 73 48 e5 2f a0 41 a5 95 26 c5 3a 67 8b 01 f3 .sH./.A..&.:g... [ 153.910291][ T5821] 00000050: 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 ................ [ 153.913675][ T6871] syz.0.355: attempt to access beyond end of device [ 153.913675][ T6871] loop0: rw=2049, sector=145, nr_sectors = 16 limit=128 [ 153.938793][ T5821] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 153.956180][ T5821] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 154.033049][ T6853] XFS (loop1): metadata I/O error in "xfs_read_agf+0x27e/0x590" at daddr 0x1 len 1 error 74 [ 154.054598][ T6853] XFS (loop1): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0x182e/0x1e00 (fs/xfs/libxfs/xfs_defer.c:598). Shutting down filesystem. [ 154.071695][ T6853] XFS (loop1): Please unmount the filesystem and rectify the problem(s) [ 154.134179][ T5777] XFS (loop1): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 154.152558][ T3372] usb 4-1: USB disconnect, device number 5 [ 154.708362][ T5820] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 154.906920][ T5820] usb 2-1: Using ep0 maxpacket: 32 [ 154.932095][ T5820] usb 2-1: config 0 interface 0 has no altsetting 0 [ 154.943628][ T5820] usb 2-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 154.953981][ T5820] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 154.967358][ T5820] usb 2-1: Product: syz [ 154.971775][ T5820] usb 2-1: Manufacturer: syz [ 154.977088][ T5820] usb 2-1: SerialNumber: syz [ 154.986701][ T5820] usb 2-1: config 0 descriptor?? [ 155.277375][ T5820] gs_usb 2-1:0.0: Couldn't send data format (err=-71) [ 155.284474][ T5820] gs_usb: probe of 2-1:0.0 failed with error -71 [ 155.318273][ T6893] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 155.348510][ T5820] usb 2-1: USB disconnect, device number 6 [ 155.573595][ T6897] netlink: 12 bytes leftover after parsing attributes in process `syz.0.366'. [ 155.587921][ T6897] netlink: 'syz.0.366': attribute type 15 has an invalid length. [ 155.611082][ T6897] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 155.616185][ T28] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 155.620524][ T6897] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 155.637803][ T6897] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 155.648123][ T6897] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 155.668106][ T6897] vxlan0: entered promiscuous mode [ 155.838966][ T28] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 155.850971][ T28] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 155.884704][ T28] usb 3-1: New USB device found, idVendor=2006, idProduct=0118, bcdDevice= 0.00 [ 155.905875][ T28] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 155.926606][ T28] usb 3-1: config 0 descriptor?? [ 156.121968][ T6904] loop3: detected capacity change from 0 to 128 [ 156.414113][ T28] hkems 0003:2006:0118.0005: unknown main item tag 0xe [ 156.423163][ T28] hkems 0003:2006:0118.0005: item fetching failed at offset 4/7 [ 156.432971][ T28] hkems 0003:2006:0118.0005: parse failed [ 156.439662][ T28] hkems: probe of 0003:2006:0118.0005 failed with error -22 [ 156.599625][ T6914] loop3: detected capacity change from 0 to 128 [ 156.678961][ T5820] usb 3-1: USB disconnect, device number 2 [ 156.978513][ T6922] binder: 6921:6922 ioctl 4018620d 0 returned -22 [ 157.233825][ T6930] loop3: detected capacity change from 0 to 512 [ 157.276501][ T6930] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 157.374588][ T6930] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a802e11c, mo2=0002] [ 157.428784][ T6930] System zones: 1-12 [ 157.433337][ T6930] EXT4-fs (loop3): orphan cleanup on readonly fs [ 157.502608][ T6930] EXT4-fs error (device loop3): ext4_validate_block_bitmap:439: comm syz.3.381: bg 0: block 361: padding at end of block bitmap is not set [ 157.529960][ T6930] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6642: Corrupt filesystem [ 157.539667][ T6930] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #11: comm syz.3.381: invalid indirect mapped block 12 (level 1) [ 157.560010][ T6930] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #11: comm syz.3.381: invalid indirect mapped block 2 (level 2) [ 157.575391][ T6930] EXT4-fs (loop3): 1 truncate cleaned up [ 157.584210][ T6930] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none. [ 157.693081][ T6942] loop1: detected capacity change from 0 to 1024 [ 157.724325][ T6942] EXT4-fs: Ignoring removed nobh option [ 157.731263][ T5780] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000007. [ 157.758751][ T6942] EXT4-fs: Ignoring removed bh option [ 157.800399][ T6942] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 157.883737][ T6942] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 157.980657][ T6942] EXT4-fs (loop1): shut down requested (0) [ 158.152644][ T5777] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 158.618109][ T5815] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 158.840059][ T5815] usb 4-1: New USB device found, idVendor=1645, idProduct=0008, bcdDevice=cf.36 [ 158.862567][ T5815] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 158.900158][ T5815] usb 4-1: config 0 descriptor?? [ 159.147242][ T5815] kaweth 4-1:0.0: Firmware present in device. [ 159.327460][ T5815] kaweth 4-1:0.0: Statistics collection: 0 [ 159.335308][ T5815] kaweth 4-1:0.0: Multicast filter limit: 0 [ 159.365976][ T5815] kaweth 4-1:0.0: MTU: 0 [ 159.376382][ T5815] kaweth 4-1:0.0: Read MAC address 00:00:00:00:00:00 [ 159.983369][ T5815] kaweth 4-1:0.0: kaweth interface created at eth1 [ 160.190147][ T3372] usb 4-1: USB disconnect, device number 6 [ 161.168884][ T7021] loop3: detected capacity change from 0 to 2048 [ 161.258902][ T7021] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 161.289321][ T7028] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 161.377465][ T27] audit: type=1804 audit(1750251233.981:34): pid=7021 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.410" name="/newroot/103/file0/bus" dev="loop3" ino=18 res=1 errno=0 [ 161.521835][ T5780] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 162.631510][ T7076] Invalid ELF header len 16 [ 163.096078][ T5820] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 163.309610][ T5820] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 163.326123][ T5820] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 163.342234][ T5820] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 163.352251][ T5820] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 163.364320][ T5820] usb 1-1: config 0 descriptor?? [ 163.452998][ T7088] warning: `syz.3.431' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 163.652850][ T7092] netlink: 240 bytes leftover after parsing attributes in process `syz.3.432'. [ 163.806655][ T5820] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 163.814371][ T5820] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 163.830165][ T5820] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 163.858219][ T5820] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 163.873329][ T5820] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 163.895326][ T5820] plantronics 0003:047F:FFFF.0006: No inputs registered, leaving [ 163.908708][ T7098] loop2: detected capacity change from 0 to 512 [ 163.931449][ T5820] plantronics 0003:047F:FFFF.0006: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 164.009508][ T7098] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 164.045725][ T5820] usb 1-1: USB disconnect, device number 6 [ 164.104919][ T7104] fido_id[7104]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/1-1/report_descriptor': No such file or directory [ 164.111125][ T7098] ext4 filesystem being mounted at /112/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 164.334747][ T5771] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 164.751308][ T7112] loop3: detected capacity change from 0 to 32768 [ 164.767428][ T7112] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop3 scanned by syz.3.440 (7112) [ 164.822356][ T7112] BTRFS info (device loop3): first mount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6 [ 164.856403][ T7112] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 164.870022][ T7112] BTRFS info (device loop3): using free space tree [ 164.968859][ T7112] BTRFS info (device loop3): enabling ssd optimizations [ 164.993090][ T7112] BTRFS info (device loop3): auto enabling async discard [ 165.496033][ T968] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 165.604926][ T5780] BTRFS info (device loop3): last unmount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6 [ 165.701905][ T968] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 165.727328][ T968] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 165.742727][ T968] usb 2-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32 [ 165.787112][ T968] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 165.821509][ T968] usb 2-1: Product: syz [ 165.832653][ T968] usb 2-1: Manufacturer: syz [ 165.840947][ T968] usb 2-1: SerialNumber: syz [ 165.873566][ T968] usb 2-1: config 0 descriptor?? [ 165.886906][ T7134] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 165.897244][ T7134] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 165.945928][ T5820] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 166.127699][ T7134] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 166.135077][ T7134] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 166.158870][ T5820] usb 1-1: Using ep0 maxpacket: 16 [ 166.172266][ T5820] usb 1-1: config 0 has an invalid interface number: 105 but max is 0 [ 166.191139][ T5820] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 166.223931][ T5820] usb 1-1: config 0 has no interface number 0 [ 166.244951][ T5820] usb 1-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28 [ 166.264974][ T5820] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 166.279531][ T5820] usb 1-1: Product: syz [ 166.284456][ T5820] usb 1-1: Manufacturer: syz [ 166.289983][ T5820] usb 1-1: SerialNumber: syz [ 166.300439][ T5820] usb 1-1: config 0 descriptor?? [ 166.311476][ T5820] usb 1-1: Found UVC 0.00 device syz (046d:08f3) [ 166.321929][ T5820] usb 1-1: No valid video chain found. [ 166.569333][ T5820] usb 1-1: USB disconnect, device number 7 [ 166.596109][ T968] dm9601: No valid MAC address in EEPROM, using 00:00:00:00:00:00 [ 166.902737][ T7162] loop2: detected capacity change from 0 to 256 [ 167.010433][ T968] dm9601 2-1:0.0 (unnamed net_device) (uninitialized): Error reading chip ID [ 167.176031][ T7164] @: renamed from vlan0 (while UP) [ 167.272864][ T5815] usb 2-1: USB disconnect, device number 7 [ 167.899881][ T7186] TCP: tcp_parse_options: Illegal window scaling value 236 > 14 received [ 167.995060][ T7188] bridge0: port 2(bridge_slave_1) entered disabled state [ 168.023666][ T7191] loop2: detected capacity change from 0 to 256 [ 168.035379][ T27] audit: type=1326 audit(1750251240.641:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7189 comm="syz.1.474" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7722b8e929 code=0x7ffc0000 [ 168.063839][ T27] audit: type=1326 audit(1750251240.641:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7189 comm="syz.1.474" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7722b8e929 code=0x7ffc0000 [ 168.088172][ T27] audit: type=1326 audit(1750251240.651:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7189 comm="syz.1.474" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7722b8e929 code=0x7ffc0000 [ 168.172790][ T27] audit: type=1326 audit(1750251240.651:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7189 comm="syz.1.474" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7722b8e929 code=0x7ffc0000 [ 168.196625][ T27] audit: type=1326 audit(1750251240.651:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7189 comm="syz.1.474" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7722b8e929 code=0x7ffc0000 [ 168.220184][ T27] audit: type=1326 audit(1750251240.651:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7189 comm="syz.1.474" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7722b8e929 code=0x7ffc0000 [ 168.244158][ T27] audit: type=1326 audit(1750251240.651:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7189 comm="syz.1.474" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7722b8e929 code=0x7ffc0000 [ 168.267771][ T27] audit: type=1326 audit(1750251240.661:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7189 comm="syz.1.474" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7722b8e929 code=0x7ffc0000 [ 168.291315][ T27] audit: type=1326 audit(1750251240.661:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7189 comm="syz.1.474" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7722b8e929 code=0x7ffc0000 [ 168.319851][ T27] audit: type=1326 audit(1750251240.661:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7189 comm="syz.1.474" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7722b8e929 code=0x7ffc0000 [ 169.210337][ T7225] kvm: apic: phys broadcast and lowest prio [ 169.326745][ T5815] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 169.519191][ T5815] usb 4-1: config 0 has an invalid interface number: 255 but max is 0 [ 169.534154][ T5815] usb 4-1: config 0 has no interface number 0 [ 169.540940][ T5815] usb 4-1: too many endpoints for config 0 interface 255 altsetting 255: 255, using maximum allowed: 30 [ 169.552894][ T5815] usb 4-1: config 0 interface 255 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 255 [ 169.567789][ T5815] usb 4-1: config 0 interface 255 has no altsetting 0 [ 169.575434][ T5815] usb 4-1: New USB device found, idVendor=0bda, idProduct=0177, bcdDevice=7d.0b [ 169.585564][ T5815] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 169.606319][ T5815] usb 4-1: config 0 descriptor?? [ 169.614604][ T5815] ums-realtek 4-1:0.255: USB Mass Storage device detected [ 169.838194][ T5820] usb 4-1: USB disconnect, device number 7 [ 170.138027][ T7247] loop2: detected capacity change from 0 to 2048 [ 170.153660][ T7247] UDF-fs: bad mount option "ÿàˆî­Ê©Ô yzééËÆVŽäu5\¾Aùý†sDÂ|47 ëýHCXÊß›|7˜ÚÁ»ý•JÓß#”þ’1–RÞ!KÞ" or missing value [ 170.752159][ T7253] loop0: detected capacity change from 0 to 32768 [ 170.778303][ T7253] XFS (loop0): Mounting V5 Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a [ 170.878403][ T7253] XFS (loop0): Ending clean mount [ 171.174312][ T7249] loop1: detected capacity change from 0 to 32768 [ 171.361706][ T7253] syz.0.494 (7253): drop_caches: 2 [ 171.470146][ T5770] XFS (loop0): Unmounting Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a [ 171.483870][ T7249] XFS (loop1): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 171.673214][ T7249] XFS (loop1): Ending clean mount [ 171.774383][ T5815] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 171.884602][ T5777] XFS (loop1): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 172.007797][ T5815] usb 4-1: Using ep0 maxpacket: 32 [ 172.031756][ T5815] usb 4-1: config 0 has no interfaces? [ 172.038343][ T5815] usb 4-1: New USB device found, idVendor=046d, idProduct=c29c, bcdDevice= 0.00 [ 172.061543][ T5815] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 172.088078][ T5815] usb 4-1: config 0 descriptor?? [ 172.122207][ T3372] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 172.353063][ T3372] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 172.370331][ T23] usb 4-1: USB disconnect, device number 8 [ 172.386175][ T3372] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 172.403918][ T3372] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 172.418174][ T3372] usb 3-1: config 0 descriptor?? [ 172.441836][ T3372] pwc: Askey VC010 type 2 USB webcam detected. [ 172.707762][ T28] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 172.835709][ T3372] pwc: recv_control_msg error -32 req 02 val 2b00 [ 172.846903][ T3372] pwc: recv_control_msg error -32 req 02 val 2700 [ 172.858139][ T3372] pwc: recv_control_msg error -32 req 02 val 2c00 [ 172.866138][ T5815] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 172.906097][ T28] usb 2-1: Using ep0 maxpacket: 16 [ 172.923740][ T28] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 172.954480][ T28] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 172.967535][ T28] usb 2-1: New USB device found, idVendor=6161, idProduct=4d15, bcdDevice= 0.00 [ 172.978721][ T28] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 173.001841][ T28] usb 2-1: config 0 descriptor?? [ 173.089368][ T3372] pwc: recv_control_msg error -71 req 04 val 1300 [ 173.103446][ T5815] usb 1-1: Using ep0 maxpacket: 32 [ 173.111964][ T5815] usb 1-1: config index 0 descriptor too short (expected 164, got 36) [ 173.121805][ T3372] pwc: recv_control_msg error -71 req 04 val 1400 [ 173.129166][ T5815] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 173.142375][ T3372] pwc: recv_control_msg error -71 req 02 val 2000 [ 173.149854][ T5815] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 173.162654][ T3372] pwc: recv_control_msg error -71 req 02 val 2100 [ 173.172964][ T5815] usb 1-1: New USB device found, idVendor=046d, idProduct=c29c, bcdDevice= 0.00 [ 173.173191][ T3372] pwc: recv_control_msg error -71 req 04 val 1500 [ 173.192057][ T5815] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 173.205619][ T5815] usb 1-1: config 0 descriptor?? [ 173.212527][ T3372] pwc: recv_control_msg error -71 req 02 val 2500 [ 173.236080][ T3372] pwc: recv_control_msg error -71 req 02 val 2400 [ 173.239974][ T7298] netlink: 28 bytes leftover after parsing attributes in process `syz.3.506'. [ 173.250675][ T3372] pwc: recv_control_msg error -71 req 02 val 2600 [ 173.263713][ T3372] pwc: recv_control_msg error -71 req 02 val 2900 [ 173.272410][ T3372] pwc: recv_control_msg error -71 req 02 val 2800 [ 173.281174][ T3372] pwc: recv_control_msg error -71 req 04 val 1100 [ 173.288715][ T3372] pwc: recv_control_msg error -71 req 04 val 1200 [ 173.316564][ T3372] pwc: Registered as video103. [ 173.346341][ T3372] input: PWC snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/input/input10 [ 173.436469][ T3372] usb 3-1: USB disconnect, device number 3 [ 173.653163][ T5815] logitech 0003:046D:C29C.0008: unknown main item tag 0xe [ 173.700331][ T5815] logitech 0003:046D:C29C.0008: hidraw0: USB HID v0.00 Device [HID 046d:c29c] on usb-dummy_hcd.0-1/input0 [ 173.725205][ T7303] loop3: detected capacity change from 0 to 164 [ 173.768912][ T7303] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 173.831651][ T7303] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 174.065901][ T28] letsketch 0003:6161:4D15.0007: Device info: á‘” [ 174.316305][ T28] usb 2-1: Max retries (5) exceeded reading string descriptor 201 [ 174.347957][ T28] letsketch: probe of 0003:6161:4D15.0007 failed with error -71 [ 174.384347][ T28] usb 2-1: USB disconnect, device number 8 [ 175.627475][ T5815] logitech 0003:046D:C29C.0008: no inputs found [ 175.644272][ T7334] loop3: detected capacity change from 0 to 1024 [ 175.678306][ T5815] usb 1-1: USB disconnect, device number 8 [ 175.726581][ T968] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 175.938565][ T968] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 175.953442][ T968] usb 3-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 175.970043][ T968] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 175.987084][ T968] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 176.005455][ T968] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 176.026970][ T968] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 176.042834][ T968] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 176.051548][ T968] usb 3-1: Product: syz [ 176.061618][ T968] usb 3-1: Manufacturer: syz [ 176.072648][ T968] cdc_wdm 3-1:1.0: skipping garbage [ 176.101123][ T7345] netlink: 'syz.0.526': attribute type 4 has an invalid length. [ 176.112315][ T968] cdc_wdm 3-1:1.0: skipping garbage [ 176.139470][ T968] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device [ 176.149001][ T968] cdc_wdm 3-1:1.0: Unknown control protocol [ 176.175978][ T28] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 176.299976][ T968] usb 3-1: USB disconnect, device number 4 [ 176.374975][ T7349] ALSA: seq fatal error: cannot create timer (-16) [ 176.386081][ T28] usb 4-1: Using ep0 maxpacket: 8 [ 176.398171][ T28] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 176.416979][ T28] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 176.438963][ T28] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 176.450782][ T28] usb 4-1: config 0 descriptor?? [ 176.680813][ T28] iowarrior 4-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 176.803654][ T7355] loop0: detected capacity change from 0 to 1024 [ 176.949891][ T1094] hfsplus: b-tree write err: -5, ino 4 [ 176.995933][ T968] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 177.198198][ T968] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 177.220189][ T968] usb 3-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 177.264685][ T968] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 177.284953][ T5840] usb 4-1: USB disconnect, device number 9 [ 177.292875][ T968] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 177.333980][ T968] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 177.368598][ T968] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 177.388394][ T968] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 177.405875][ T968] usb 3-1: Product: syz [ 177.410358][ T968] usb 3-1: Manufacturer: syz [ 177.430846][ T968] cdc_wdm 3-1:1.0: skipping garbage [ 177.436584][ T968] cdc_wdm 3-1:1.0: skipping garbage [ 177.446914][ T968] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device [ 177.453705][ T968] cdc_wdm 3-1:1.0: Unknown control protocol [ 177.481190][ T7365] loop1: detected capacity change from 0 to 4096 [ 177.688266][ T968] usb 3-1: USB disconnect, device number 5 [ 178.065356][ T7374] smc: net device bond0 applied user defined pnetid SYZ0 [ 178.074862][ T7374] smc: net device bond0 erased user defined pnetid SYZ0 [ 178.094826][ T7377] serio: Serial port ttyS3 [ 178.400804][ T968] Process accounting resumed [ 178.636545][ T3372] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 178.689458][ T7396] vivid-003: disconnect [ 178.699095][ T7395] vivid-003: reconnect [ 178.876162][ T3372] usb 3-1: Using ep0 maxpacket: 16 [ 178.888850][ T3372] usb 3-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config [ 178.899273][ T3372] usb 3-1: config 7 interface 0 altsetting 5 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 178.924410][ T3372] usb 3-1: config 7 interface 0 altsetting 5 endpoint 0x81 has invalid wMaxPacketSize 0 [ 178.940837][ T3372] usb 3-1: config 7 interface 0 altsetting 5 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 178.960329][ T3372] usb 3-1: config 7 interface 0 has no altsetting 0 [ 178.970221][ T3372] usb 3-1: New USB device found, idVendor=0458, idProduct=5010, bcdDevice= 0.00 [ 178.983797][ T3372] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 179.054029][ T7408] loop1: detected capacity change from 0 to 1024 [ 179.063880][ T7408] EXT4-fs: Ignoring removed oldalloc option [ 179.109657][ T7408] EXT4-fs: Ignoring removed bh option [ 179.122338][ T7408] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 179.185278][ T7408] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 179.213188][ T7412] netlink: 'syz.3.556': attribute type 39 has an invalid length. [ 179.368459][ T5777] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 179.424618][ T3372] input: HID 0458:5010 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:7.0/0003:0458:5010.0009/input/input11 [ 179.530943][ T3372] kye 0003:0458:5010.0009: input,hiddev0,hidraw0: USB HID v2.00 Device [HID 0458:5010] on usb-dummy_hcd.2-1/input0 [ 179.901781][ T7416] kvm: MWAIT instruction emulated as NOP! [ 180.143261][ T7426] netlink: 'syz.3.560': attribute type 1 has an invalid length. [ 180.203996][ T7426] 8021q: adding VLAN 0 to HW filter on device bond2 [ 180.271861][ T7428] bond2: (slave geneve2): making interface the new active one [ 180.303692][ T7428] bond2: (slave geneve2): Enslaving as an active interface with an up link [ 180.493725][ C1] kye 0003:0458:5010.0009: usb_submit_urb(ctrl) failed: -1 [ 180.545008][ T7435] loop3: detected capacity change from 0 to 2048 [ 180.620152][ T7435] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 180.841579][ T5780] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 180.972599][ T7446] loop3: detected capacity change from 0 to 128 [ 180.984117][ T7446] EXT4-fs: Ignoring removed nobh option [ 181.017884][ T7446] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 181.077180][ T7446] ext4 filesystem being mounted at /145/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 181.300610][ T5780] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 181.386425][ T3372] usb 3-1: USB disconnect, device number 6 [ 185.381173][ T7474] loop3: detected capacity change from 0 to 32768 [ 185.407002][ T7474] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 scanned by syz.3.572 (7474) [ 185.470860][ T7474] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 185.526907][ T7474] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 185.566693][ T7474] BTRFS info (device loop3): enabling auto defrag [ 185.593723][ T7474] BTRFS info (device loop3): doing ref verification [ 185.618209][ T7474] BTRFS info (device loop3): use no compression [ 185.665620][ T5820] IPVS: starting estimator thread 0... [ 185.665947][ T7474] BTRFS info (device loop3): force clearing of disk cache [ 185.728234][ T7474] BTRFS info (device loop3): setting nodatacow, compression disabled [ 185.764611][ T7474] BTRFS info (device loop3): disabling free space tree [ 185.776192][ T7490] IPVS: using max 19 ests per chain, 45600 per kthread [ 186.002579][ T7474] BTRFS info (device loop3): enabling ssd optimizations [ 186.067096][ T7474] BTRFS info (device loop3): auto enabling async discard [ 186.092452][ T7513] process 'syz.0.591' launched './file2' with NULL argv: empty string added [ 186.122330][ T7474] BTRFS info (device loop3): rebuilding free space tree [ 186.203150][ T7474] BTRFS info (device loop3): disabling free space tree [ 186.243538][ T7474] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 186.275297][ T7474] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 186.635222][ T5780] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 186.861091][ C0] Unknown status report in ack skb [ 187.306229][ T7534] netlink: 4 bytes leftover after parsing attributes in process `syz.2.589'. [ 187.562732][ T27] kauditd_printk_skb: 6 callbacks suppressed [ 187.562747][ T27] audit: type=1107 audit(1750251260.171:51): pid=7538 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='Ù' [ 187.639784][ T7541] loop2: detected capacity change from 0 to 2048 [ 187.697373][ T7541] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 188.108211][ T7555] loop1: detected capacity change from 0 to 1024 [ 188.118797][ T7555] EXT4-fs: Ignoring removed nobh option [ 188.137613][ T7555] EXT4-fs: Ignoring removed bh option [ 188.166671][ T7555] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 188.279125][ T7555] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 188.458259][ T7562] loop3: detected capacity change from 0 to 4096 [ 188.472529][ T7555] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:4036: comm syz.1.600: Allocating blocks 257-513 which overlap fs metadata [ 188.590508][ T7555] EXT4-fs error (device loop1): mb_free_blocks:1943: group 0, inode 15: block 161:freeing already freed block (bit 10); block bitmap corrupt. [ 188.609830][ T7555] EXT4-fs (loop1): pa ffff888076d170e8: logic 16, phys. 129, len 3 [ 188.619316][ T7555] EXT4-fs error (device loop1): ext4_mb_release_inode_pa:5377: group 0, free 3, pa_free 2 [ 188.643734][ T27] audit: type=1800 audit(1750251261.251:52): pid=7562 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.601" name="file1" dev="loop3" ino=33 res=0 errno=0 [ 188.708015][ T5777] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 189.892395][ T7590] overlayfs: overlay with incompat feature 'volatile' cannot be mounted [ 190.302056][ T7598] syz_tun: entered allmulticast mode [ 190.602101][ T7588] loop3: detected capacity change from 0 to 32768 [ 190.617468][ T7588] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 scanned by syz.3.610 (7588) [ 190.653677][ T7588] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 190.698269][ T7588] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 190.727019][ T7588] BTRFS info (device loop3): setting nodatacow, compression disabled [ 190.761295][ T7588] BTRFS info (device loop3): setting datacow [ 190.778061][ T7588] BTRFS info (device loop3): doing ref verification [ 190.795091][ T7588] BTRFS info (device loop3): force clearing of disk cache [ 190.815266][ T7588] BTRFS info (device loop3): turning off barriers [ 190.839414][ T7588] BTRFS info (device loop3): enabling ssd optimizations [ 190.856224][ T7588] BTRFS info (device loop3): using spread ssd allocation scheme [ 190.874825][ T7588] BTRFS info (device loop3): using free space tree [ 191.158145][ T7588] BTRFS info (device loop3): rebuilding free space tree [ 191.694683][ T7604] loop2: detected capacity change from 0 to 32768 [ 191.743729][ T5780] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 191.777001][ T7604] XFS: ikeep mount option is deprecated. [ 191.832818][ T7603] loop0: detected capacity change from 0 to 40427 [ 191.859188][ T7603] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 191.867887][ T7604] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 191.921098][ T7603] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 192.061478][ T7603] F2FS-fs (loop0): Found nat_bits in checkpoint [ 192.224201][ T7603] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 192.271811][ T7603] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 192.306435][ T7604] XFS (loop2): Ending clean mount [ 192.793990][ T5771] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 192.904508][ T27] audit: type=1804 audit(1750251265.511:53): pid=7603 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.620" name="/newroot/162/bus/bus" dev="loop0" ino=10 res=1 errno=0 [ 193.637361][ T7670] netlink: 12 bytes leftover after parsing attributes in process `syz.2.635'. [ 194.040301][ T7674] netlink: 24 bytes leftover after parsing attributes in process `syz.2.636'. [ 194.406616][ T7681] syz.0.638[7681] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 194.406859][ T7681] syz.0.638[7681] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 194.640655][ T1280] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.661360][ T1280] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.855526][ T7679] loop2: detected capacity change from 0 to 32768 [ 194.901263][ T7679] JBD2: Ignoring recovery information on journal [ 194.990291][ T7679] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 195.787132][ T5771] ocfs2: Unmounting device (7,2) on (node local) [ 196.121114][ T7701] netlink: 12 bytes leftover after parsing attributes in process `syz.1.645'. [ 196.152865][ T7701] netlink: 12 bytes leftover after parsing attributes in process `syz.1.645'. [ 197.044522][ T7719] loop2: detected capacity change from 0 to 8192 [ 197.104247][ T7719] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 197.120763][ T7719] REISERFS (device loop2): found reiserfs format "3.5" with non-standard journal [ 197.132085][ T7719] REISERFS (device loop2): using ordered data mode [ 197.140259][ T7719] reiserfs: using flush barriers [ 197.155697][ T7719] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 197.176775][ T7719] REISERFS (device loop2): checking transaction log (loop2) [ 197.203728][ T7719] REISERFS (device loop2): Using r5 hash to sort names [ 197.218696][ T7719] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage. [ 197.333096][ T7722] netlink: 'syz.1.654': attribute type 4 has an invalid length. [ 197.468634][ T7711] loop3: detected capacity change from 0 to 32768 [ 197.499140][ T7711] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 scanned by syz.3.649 (7711) [ 197.588197][ T7711] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 197.616366][ T7711] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 197.654884][ T7711] BTRFS info (device loop3): use zlib compression, level 3 [ 197.707593][ T7711] BTRFS info (device loop3): turning on sync discard [ 197.714650][ T7711] BTRFS info (device loop3): doing ref verification [ 197.777346][ T7711] BTRFS info (device loop3): disabling tree log [ 197.784641][ T7711] BTRFS info (device loop3): enabling tree log [ 197.856391][ T7711] BTRFS info (device loop3): enabling ssd optimizations [ 197.863959][ T7711] BTRFS info (device loop3): using spread ssd allocation scheme [ 197.911872][ T7711] BTRFS info (device loop3): not using ssd optimizations [ 197.935875][ T7711] BTRFS info (device loop3): not using spread ssd allocation scheme [ 197.944052][ T7711] BTRFS info (device loop3): using free space tree [ 198.494653][ T27] audit: type=1800 audit(1750251271.101:54): pid=7711 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.649" name="bus" dev="loop3" ino=263 res=0 errno=0 [ 198.534890][ T7754] netlink: 'syz.2.661': attribute type 12 has an invalid length. [ 199.113322][ T5780] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 199.396476][ T7764] loop2: detected capacity change from 0 to 512 [ 199.630189][ T7764] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 199.670952][ T7764] ext4 filesystem being mounted at /170/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 199.903075][ T7778] loop1: detected capacity change from 0 to 256 [ 199.953320][ T7778] exFAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 199.974338][ T7778] exFAT-fs (loop1): Medium has reported failures. Some data may be lost. [ 200.001824][ T7778] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000ff98, chksum : 0xc64c1d22, utbl_chksum : 0xe619d30d) [ 200.032194][ T5771] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 200.602631][ T7790] netlink: 12 bytes leftover after parsing attributes in process `syz.2.675'. [ 200.665899][ T5840] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 200.769635][ T7775] loop0: detected capacity change from 0 to 32768 [ 200.780384][ T7775] XFS: attr2 mount option is deprecated. [ 200.842097][ T7775] XFS (loop0): DAX unsupported by block device. Turning off DAX. [ 200.856207][ T5840] usb 4-1: Using ep0 maxpacket: 32 [ 200.865316][ T7775] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 200.888862][ T5840] usb 4-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb [ 200.898768][ T5840] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 200.912182][ T5840] usb 4-1: Product: syz [ 200.917930][ T5840] usb 4-1: Manufacturer: syz [ 200.922971][ T5840] usb 4-1: SerialNumber: syz [ 200.969779][ T5840] usb 4-1: config 0 descriptor?? [ 200.998689][ T7775] XFS (loop0): Ending clean mount [ 201.016616][ T5840] gspca_main: ov534_9-2.14.0 probing 05a9:1550 [ 201.033259][ T7775] XFS (loop0): Quotacheck needed: Please wait. [ 201.152325][ T7775] XFS (loop0): Quotacheck: Done. [ 201.281731][ T27] audit: type=1804 audit(1750251273.891:55): pid=7775 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.668" name="/newroot/174/file0/file1" dev="loop0" ino=4422 res=1 errno=0 [ 201.441163][ T5770] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 201.829616][ T7812] loop0: detected capacity change from 0 to 16 [ 201.844089][ T7812] erofs: (device loop0): mounted with root inode @ nid 36. [ 201.870632][ T7812] erofs: (device loop0): z_erofs_fill_inode_lazy: invalid tail-packing pclustersize 0 [ 201.880496][ T7812] erofs: (device loop0): z_erofs_readahead: readahead error at folio 2 @ nid 89 [ 201.890817][ T7812] erofs: (device loop0): z_erofs_fill_inode_lazy: invalid tail-packing pclustersize 0 [ 201.903203][ T7812] erofs: (device loop0): z_erofs_readahead: readahead error at folio 1 @ nid 89 [ 201.914759][ T7812] erofs: (device loop0): z_erofs_fill_inode_lazy: invalid tail-packing pclustersize 0 [ 201.930104][ T7812] erofs: (device loop0): z_erofs_readahead: readahead error at folio 0 @ nid 89 [ 201.941998][ T7812] erofs: (device loop0): z_erofs_fill_inode_lazy: invalid tail-packing pclustersize 0 [ 201.952585][ T7812] erofs: (device loop0): z_erofs_fill_inode_lazy: invalid tail-packing pclustersize 0 [ 201.963767][ T7812] erofs: (device loop0): z_erofs_read_folio: read error -117 @ 0 of nid 89 [ 201.973012][ T27] audit: type=1800 audit(1750251274.581:56): pid=7812 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.681" name="file2" dev="loop0" ino=89 res=0 errno=0 [ 202.240525][ T5840] gspca_ov534_9: reg_w failed -71 [ 202.636398][ T5840] gspca_ov534_9: Unknown sensor 0000 [ 202.636498][ T5840] ov534_9: probe of 4-1:0.0 failed with error -22 [ 202.676583][ T5840] usb 4-1: USB disconnect, device number 10 [ 202.926126][ T968] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 203.133187][ T968] usb 2-1: New USB device found, idVendor=0b95, idProduct=772b, bcdDevice=a2.4c [ 203.144457][ T968] usb 2-1: New USB device strings: Mfr=24, Product=2, SerialNumber=3 [ 203.159396][ T968] usb 2-1: Product: syz [ 203.163795][ T968] usb 2-1: Manufacturer: syz [ 203.170150][ T968] usb 2-1: SerialNumber: syz [ 203.181348][ T968] usb 2-1: config 0 descriptor?? [ 203.413540][ T968] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -61 [ 203.430009][ T968] asix: probe of 2-1:0.0 failed with error -61 [ 204.013142][ T7841] loop1: detected capacity change from 0 to 1024 [ 204.040138][ T7841] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 204.070097][ T7841] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869) [ 204.117656][ T7841] JBD2: no valid journal superblock found [ 204.132893][ T7841] EXT4-fs (loop1): Could not load journal inode [ 204.765854][ T28] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 204.933486][ T7838] loop2: detected capacity change from 0 to 262144 [ 204.946707][ T7838] BTRFS error: device /dev/loop2 already registered with a higher generation, found 8 expect 9 [ 205.046684][ T28] usb 1-1: Using ep0 maxpacket: 8 [ 205.060100][ T28] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 205.076078][ T28] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 205.105831][ T28] usb 1-1: Product: syz [ 205.110105][ T28] usb 1-1: Manufacturer: syz [ 205.114747][ T28] usb 1-1: SerialNumber: syz [ 205.141498][ T5772] BTRFS error: device /dev/loop2 already registered with a higher generation, found 8 expect 9 [ 205.148165][ T28] usb 1-1: config 0 descriptor?? [ 205.178603][ T7845] loop3: detected capacity change from 0 to 2048 [ 205.210478][ T7845] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024) [ 205.261589][ T5788] udevd[5788]: incorrect nilfs2 checksum on /dev/loop3 [ 205.277593][ T7848] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 205.393862][ T28] usb 1-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 206.007102][ T28] dvb_usb_rtl28xxu: probe of 1-1:0.0 failed with error -32 [ 206.035531][ T28] usb 1-1: USB disconnect, device number 9 [ 206.334504][ T5840] usb 2-1: USB disconnect, device number 9 [ 206.855525][ T7876] loop3: detected capacity change from 0 to 128 [ 206.894377][ T7876] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 206.919234][ T7876] ext4 filesystem being mounted at /166/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 206.930485][ T1094] bond0: (slave bond_slave_0): interface is now down [ 206.935215][ T7880] netlink: 'syz.0.706': attribute type 10 has an invalid length. [ 206.956381][ T1094] bond0: (slave bond_slave_1): interface is now down [ 206.969543][ T7880] syz_tun: entered promiscuous mode [ 206.986281][ T2932] bond0: (slave bond_slave_0): interface is now down [ 206.995031][ T7880] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 207.002191][ T2932] bond0: (slave bond_slave_1): interface is now down [ 207.041689][ T2932] bond0: (slave syz_tun): interface is now down [ 207.053699][ T2932] bond0: now running without any active interface! [ 207.080533][ T5780] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 207.484553][ T7889] syzkaller0: refused to change device tx_queue_len [ 207.859943][ T7907] netlink: 8 bytes leftover after parsing attributes in process `syz.1.717'. [ 207.870890][ T7905] syz.2.714[7905] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 207.871116][ T7905] syz.2.714[7905] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 208.176196][ T7916] netlink: 16 bytes leftover after parsing attributes in process `syz.0.722'. [ 208.248065][ T7918] netlink: 16 bytes leftover after parsing attributes in process `syz.0.722'. [ 208.789832][ T7909] loop2: detected capacity change from 0 to 32768 [ 208.822953][ T7909] (syz.2.720,7909,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 208.853381][ T7909] (syz.2.720,7909,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 208.888007][ T7909] JBD2: Ignoring recovery information on journal [ 208.978533][ T7909] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 209.258821][ T7926] loop3: detected capacity change from 0 to 32768 [ 209.327672][ T7926] ocfs2: Mounting device (7,3) on (node local, slot 0) with writeback data mode. [ 209.454626][ T7926] [ 209.457119][ T7926] ====================================================== [ 209.464361][ T7926] WARNING: possible circular locking dependency detected [ 209.471431][ T7926] 6.6.93-syzkaller #0 Not tainted [ 209.476492][ T7926] ------------------------------------------------------ [ 209.483548][ T7926] syz.3.726/7926 is trying to acquire lock: [ 209.489485][ T7926] ffff88805cfdcda0 (&oi->ip_alloc_sem){+.+.}-{3:3}, at: ocfs2_try_remove_refcount_tree+0xb7/0x320 [ 209.500181][ T7926] [ 209.500181][ T7926] but task is already holding lock: [ 209.507586][ T7926] ffff88805cfdce38 (&oi->ip_xattr_sem){++++}-{3:3}, at: ocfs2_try_remove_refcount_tree+0xa5/0x320 [ 209.518280][ T7926] [ 209.518280][ T7926] which lock already depends on the new lock. [ 209.518280][ T7926] [ 209.528732][ T7926] [ 209.528732][ T7926] the existing dependency chain (in reverse order) is: [ 209.537792][ T7926] [ 209.537792][ T7926] -> #4 (&oi->ip_xattr_sem){++++}-{3:3}: [ 209.545664][ T7926] down_read+0x46/0x2e0 [ 209.550409][ T7926] ocfs2_init_acl+0x2fa/0x720 [ 209.555728][ T7926] ocfs2_mknod+0x12e5/0x20f0 [ 209.560884][ T7926] ocfs2_create+0x196/0x410 [ 209.566056][ T7926] path_openat+0x1277/0x3190 [ 209.571199][ T7926] do_filp_open+0x1c5/0x3d0 [ 209.576234][ T7926] do_sys_openat2+0x12c/0x1c0 [ 209.581445][ T7926] __x64_sys_openat+0x139/0x160 [ 209.586832][ T7926] do_syscall_64+0x55/0xb0 [ 209.591896][ T7926] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 209.598341][ T7926] [ 209.598341][ T7926] -> #3 (jbd2_handle){++++}-{0:0}: [ 209.605699][ T7926] start_this_handle+0x1e9d/0x20c0 [ 209.611379][ T7926] jbd2__journal_start+0x2bb/0x5b0 [ 209.617053][ T7926] jbd2_journal_start+0x2a/0x40 [ 209.622437][ T7926] ocfs2_start_trans+0x376/0x6c0 [ 209.627906][ T7926] ocfs2_modify_bh+0xe9/0x470 [ 209.633112][ T7926] ocfs2_local_read_info+0x13fd/0x1770 [ 209.639132][ T7926] dquot_load_quota_sb+0x757/0xb80 [ 209.644791][ T7926] dquot_load_quota_inode+0x2dc/0x5d0 [ 209.650706][ T7926] ocfs2_enable_quotas+0x1c7/0x440 [ 209.656466][ T7926] ocfs2_fill_super+0x3f6d/0x4d90 [ 209.662040][ T7926] mount_bdev+0x22b/0x2d0 [ 209.666909][ T7926] legacy_get_tree+0xea/0x180 [ 209.672143][ T7926] vfs_get_tree+0x8c/0x280 [ 209.677102][ T7926] do_new_mount+0x24b/0xa40 [ 209.682166][ T7926] __se_sys_mount+0x2da/0x3c0 [ 209.687481][ T7926] do_syscall_64+0x55/0xb0 [ 209.692442][ T7926] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 209.698919][ T7926] [ 209.698919][ T7926] -> #2 (&journal->j_trans_barrier){.+.+}-{3:3}: [ 209.707500][ T7926] down_read+0x46/0x2e0 [ 209.712281][ T7926] ocfs2_start_trans+0x36a/0x6c0 [ 209.717792][ T7926] ocfs2_modify_bh+0xe9/0x470 [ 209.723042][ T7926] ocfs2_local_read_info+0x13fd/0x1770 [ 209.729091][ T7926] dquot_load_quota_sb+0x757/0xb80 [ 209.734773][ T7926] dquot_load_quota_inode+0x2dc/0x5d0 [ 209.740713][ T7926] ocfs2_enable_quotas+0x1c7/0x440 [ 209.746402][ T7926] ocfs2_fill_super+0x3f6d/0x4d90 [ 209.751993][ T7926] mount_bdev+0x22b/0x2d0 [ 209.756970][ T7926] legacy_get_tree+0xea/0x180 [ 209.762198][ T7926] vfs_get_tree+0x8c/0x280 [ 209.767166][ T7926] do_new_mount+0x24b/0xa40 [ 209.772483][ T7926] __se_sys_mount+0x2da/0x3c0 [ 209.777819][ T7926] do_syscall_64+0x55/0xb0 [ 209.782783][ T7926] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 209.789230][ T7926] [ 209.789230][ T7926] -> #1 (sb_internal#4){.+.+}-{0:0}: [ 209.796749][ T7926] ocfs2_start_trans+0x26b/0x6c0 [ 209.802241][ T7926] ocfs2_truncate_file+0x611/0x13a0 [ 209.808005][ T7926] ocfs2_setattr+0x150d/0x1b20 [ 209.813313][ T7926] notify_change+0xb0d/0xe10 [ 209.818443][ T7926] do_truncate+0x19b/0x220 [ 209.823416][ T7926] path_openat+0x298c/0x3190 [ 209.828545][ T7926] do_filp_open+0x1c5/0x3d0 [ 209.833591][ T7926] do_sys_openat2+0x12c/0x1c0 [ 209.838807][ T7926] __x64_sys_openat+0x139/0x160 [ 209.844379][ T7926] do_syscall_64+0x55/0xb0 [ 209.849523][ T7926] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 209.855980][ T7926] [ 209.855980][ T7926] -> #0 (&oi->ip_alloc_sem){+.+.}-{3:3}: [ 209.863824][ T7926] __lock_acquire+0x2ddb/0x7c80 [ 209.869573][ T7926] lock_acquire+0x197/0x410 [ 209.874612][ T7926] down_write+0x97/0x1f0 [ 209.879392][ T7926] ocfs2_try_remove_refcount_tree+0xb7/0x320 [ 209.885937][ T7926] ocfs2_truncate_file+0xd84/0x13a0 [ 209.891703][ T7926] ocfs2_setattr+0x150d/0x1b20 [ 209.897112][ T7926] notify_change+0xb0d/0xe10 [ 209.902261][ T7926] do_truncate+0x19b/0x220 [ 209.907230][ T7926] path_openat+0x298c/0x3190 [ 209.912815][ T7926] do_filp_open+0x1c5/0x3d0 [ 209.917886][ T7926] do_sys_openat2+0x12c/0x1c0 [ 209.923112][ T7926] __x64_sys_openat+0x139/0x160 [ 209.928596][ T7926] do_syscall_64+0x55/0xb0 [ 209.933559][ T7926] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 209.940032][ T7926] [ 209.940032][ T7926] other info that might help us debug this: [ 209.940032][ T7926] [ 209.950279][ T7926] Chain exists of: [ 209.950279][ T7926] &oi->ip_alloc_sem --> jbd2_handle --> &oi->ip_xattr_sem [ 209.950279][ T7926] [ 209.963346][ T7926] Possible unsafe locking scenario: [ 209.963346][ T7926] [ 209.970810][ T7926] CPU0 CPU1 [ 209.976193][ T7926] ---- ---- [ 209.981565][ T7926] lock(&oi->ip_xattr_sem); [ 209.986174][ T7926] lock(jbd2_handle); [ 209.992778][ T7926] lock(&oi->ip_xattr_sem); [ 209.999943][ T7926] lock(&oi->ip_alloc_sem); [ 210.004579][ T7926] [ 210.004579][ T7926] *** DEADLOCK *** [ 210.004579][ T7926] [ 210.012761][ T7926] 3 locks held by syz.3.726/7926: [ 210.017844][ T7926] #0: ffff88801bf06418 (sb_writers#25){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90 [ 210.027149][ T7926] #1: ffff88805cfdd118 (&sb->s_type->i_mutex_key#32){+.+.}-{3:3}, at: do_truncate+0x187/0x220 [ 210.037600][ T7926] #2: ffff88805cfdce38 (&oi->ip_xattr_sem){++++}-{3:3}, at: ocfs2_try_remove_refcount_tree+0xa5/0x320 [ 210.048742][ T7926] [ 210.048742][ T7926] stack backtrace: [ 210.054673][ T7926] CPU: 0 PID: 7926 Comm: syz.3.726 Not tainted 6.6.93-syzkaller #0 [ 210.062665][ T7926] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 210.072836][ T7926] Call Trace: [ 210.076328][ T7926] [ 210.079326][ T7926] dump_stack_lvl+0x16c/0x230 [ 210.084058][ T7926] ? load_image+0x3b0/0x3b0 [ 210.088605][ T7926] ? show_regs_print_info+0x20/0x20 [ 210.093902][ T7926] ? print_circular_bug+0x12b/0x1a0 [ 210.099148][ T7926] check_noncircular+0x2bd/0x3c0 [ 210.104142][ T7926] ? print_deadlock_bug+0x5d0/0x5d0 [ 210.109390][ T7926] ? lockdep_lock+0xe0/0x220 [ 210.114029][ T7926] ? lockdep_unlock+0x137/0x2d0 [ 210.118924][ T7926] ? _find_first_zero_bit+0xd3/0x100 [ 210.124257][ T7926] __lock_acquire+0x2ddb/0x7c80 [ 210.129268][ T7926] ? verify_lock_unused+0x140/0x140 [ 210.134530][ T7926] lock_acquire+0x197/0x410 [ 210.139083][ T7926] ? ocfs2_try_remove_refcount_tree+0xb7/0x320 [ 210.145316][ T7926] ? __might_sleep+0xe0/0xe0 [ 210.149966][ T7926] ? read_lock_is_recursive+0x20/0x20 [ 210.155408][ T7926] down_write+0x97/0x1f0 [ 210.159709][ T7926] ? ocfs2_try_remove_refcount_tree+0xb7/0x320 [ 210.165925][ T7926] ? down_read_killable+0x340/0x340 [ 210.171180][ T7926] ? ocfs2_truncate_file+0xcaa/0x13a0 [ 210.176783][ T7926] ? __lock_acquire+0x7c80/0x7c80 [ 210.181845][ T7926] ocfs2_try_remove_refcount_tree+0xb7/0x320 [ 210.187865][ T7926] ? ocfs2_remove_refcount_tree+0xd50/0xd50 [ 210.193798][ T7926] ? up_write+0x1c3/0x410 [ 210.198167][ T7926] ocfs2_truncate_file+0xd84/0x13a0 [ 210.203444][ T7926] ? ocfs2_inode_lock_tracker+0x3ec/0x660 [ 210.209325][ T7926] ? ocfs2_simple_size_update+0x470/0x470 [ 210.215102][ T7926] ? do_raw_spin_unlock+0x121/0x230 [ 210.220462][ T7926] ? _raw_spin_unlock+0x28/0x40 [ 210.225384][ T7926] ? ocfs2_inode_lock_tracker+0x3ec/0x660 [ 210.231252][ T7926] ? ocfs2_inode_lock_atime+0x4e0/0x4e0 [ 210.236867][ T7926] ? ocfs2_rw_lock+0x138/0x240 [ 210.241946][ T7926] ? dquot_initialize+0x20/0x20 [ 210.246866][ T7926] ? ocfs2_create_new_inode_locks+0x640/0x640 [ 210.253063][ T7926] ? setattr_prepare+0x1e6/0xac0 [ 210.258037][ T7926] ? inode_newsize_ok+0x116/0x1b0 [ 210.263110][ T7926] ocfs2_setattr+0x150d/0x1b20 [ 210.267963][ T7926] ? ocfs2_extend_allocation+0x1760/0x1760 [ 210.274250][ T7926] ? ktime_get_coarse_real_ts64+0x3a/0x120 [ 210.280091][ T7926] ? seqcount_lockdep_reader_access+0x176/0x1c0 [ 210.286373][ T7926] ? ktime_get_coarse_real_ts64+0x110/0x120 [ 210.292376][ T7926] ? current_time+0x18e/0x270 [ 210.297075][ T7926] ? inode_set_ctime_current+0x2d0/0x2d0 [ 210.302895][ T7926] ? evm_inode_setattr+0x94/0x6a0 [ 210.307935][ T7926] ? bpf_lsm_inode_setattr+0x9/0x10 [ 210.313141][ T7926] ? try_break_deleg+0x79/0x120 [ 210.318214][ T7926] ? ocfs2_extend_allocation+0x1760/0x1760 [ 210.324051][ T7926] notify_change+0xb0d/0xe10 [ 210.328705][ T7926] do_truncate+0x19b/0x220 [ 210.333167][ T7926] ? put_page_bootmem+0x2c0/0x2c0 [ 210.338205][ T7926] ? apparmor_file_truncate+0x23f/0x2d0 [ 210.343776][ T7926] ? ima_bprm_check+0x1f0/0x1f0 [ 210.348651][ T7926] path_openat+0x298c/0x3190 [ 210.353269][ T7926] ? do_filp_open+0x3d0/0x3d0 [ 210.357970][ T7926] do_filp_open+0x1c5/0x3d0 [ 210.362496][ T7926] ? vfs_tmpfile+0x490/0x490 [ 210.367102][ T7926] ? _raw_spin_unlock+0x28/0x40 [ 210.371963][ T7926] ? alloc_fd+0x58f/0x630 [ 210.376395][ T7926] do_sys_openat2+0x12c/0x1c0 [ 210.381104][ T7926] ? do_sys_open+0xe0/0xe0 [ 210.385556][ T7926] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 210.391674][ T7926] ? lock_chain_count+0x20/0x20 [ 210.396569][ T7926] __x64_sys_openat+0x139/0x160 [ 210.401508][ T7926] do_syscall_64+0x55/0xb0 [ 210.405946][ T7926] ? clear_bhb_loop+0x40/0x90 [ 210.410635][ T7926] ? clear_bhb_loop+0x40/0x90 [ 210.415332][ T7926] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 210.421294][ T7926] RIP: 0033:0x7f85f7b8e929 [ 210.425760][ T7926] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 210.445580][ T7926] RSP: 002b:00007f85f8a98038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 210.454455][ T7926] RAX: ffffffffffffffda RBX: 00007f85f7db5fa0 RCX: 00007f85f7b8e929 [ 210.462541][ T7926] RDX: 000000000000275a RSI: 0000200000000140 RDI: ffffffffffffff9c [ 210.470623][ T7926] RBP: 00007f85f7c10b39 R08: 0000000000000000 R09: 0000000000000000 [ 210.478878][ T7926] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 210.486883][ T7926] R13: 0000000000000000 R14: 00007f85f7db5fa0 R15: 00007fff7f312b48 [ 210.494885][ T7926] [ 210.524568][ T5771] ocfs2: Unmounting device (7,2) on (node local) [ 210.538780][ T5780] ocfs2: Unmounting device (7,3) on (node local) [ 212.556969][ T5778] Bluetooth: hci2: command 0x0406 tx timeout [ 212.557430][ T5088] Bluetooth: hci1: command 0x0406 tx timeout [ 212.563045][ T5778] Bluetooth: hci0: command 0x0406 tx timeout [ 212.565812][ T5786] Bluetooth: hci3: command 0x0406 tx timeout