last executing test programs: 2.830350526s ago: executing program 1 (id=14692): r0 = openat$comedi(0xffffff9c, &(0x7f0000000000)='/dev/comedi0\x00', 0x101001, 0x0) ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f0000000080)={'comedi_bond\x00', [0x40000001, 0x7, 0x9, 0x2, 0x2f, 0x0, 0x1, 0x1, 0xffe, 0x1, 0x7, 0x20001, 0x1006, 0x4, 0xffff, 0xffff, 0xffffffa8, 0x7fffffff, 0x1ff, 0x3, 0x3fd, 0x10000, 0x8, 0xe2df, 0x2, 0x8, 0x5, 0x3, 0x7, 0x4, 0x8045]}) 2.59175869s ago: executing program 1 (id=14696): r0 = syz_open_dev$loop(&(0x7f0000000180), 0x3, 0x0) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, 0x0) 2.435614786s ago: executing program 1 (id=14698): openat$vcs(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) pselect6(0x40, &(0x7f0000000000)={0x4, 0x8000000000000001, 0x6e11, 0xfffffffffffffffc, 0x22, 0x100000001, 0xe, 0x9}, &(0x7f0000000080)={0x4, 0x3, 0x0, 0x5, 0x7, 0xe5, 0x4, 0x3}, &(0x7f00000001c0)={0xb, 0x2, 0x1, 0x9, 0x8, 0xffff, 0x9, 0xf}, 0x0, 0x0) 2.268233012s ago: executing program 1 (id=14700): r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000000)={@mcast2={0xff, 0x5}, 0x0, 0x0, 0x2, 0x2, 0x8}, 0x20) 2.234414036s ago: executing program 3 (id=14701): syz_mount_image$jfs(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000000640)=ANY=[@ANYRES16=0x0, @ANYRESDEC, @ANYRES32, @ANYRESOCT, @ANYBLOB="013ced044bdd1d80c6a59bca5c1f9d57c0bf983de420f461a7414616093c243234af9243259143a1df24ac0219d7c378a66c310c8b4a0a5be52831340548247ed220c3c9fbc83337fa0b63b0a54e73ff5f9b6625b0faa1fb755e1af638d96ec92d0802aa01c49d12703c6452c7b0edad1ecfdc926cf6ee88d55c25512d52b43a773f9cd35d70e03d69b2af2ead1c39ef1c55"], 0xfa, 0x621b, &(0x7f0000012cc0)="$eJzs3c1vHGcdB/DfvvolNLV6qEqEkJuWl1KaxEkJgQJtD3Dg0gPKFSVy3SoiBZQElFYWceULB078BSAkjghxRBz6B/TAlRsnTkSykUA9MWi8zxPPbna7No531p7PR3JmfvPMeJ/xd2dfsjP7BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQ3//eD9ZaEXHj52nBSsRnohPRjlgq69WIWFpdyet3I+K52GuOZyOitxBRbr/3z9MRr0bEx2cjdnY318vFlw/Yj+/+8W+/++GZt/76h97F//zpXue1Sevdv/+rf//5wdH2GQAAAJqmKIqild7mn0vv79t1dwoAmIn8/F8kefmpr3/9j7f+Mk/9UavVarV6BnVVMd6DahERW9VtytcMPo4HgBNmKz6puwvUSP6N1o2IM3V3Aphrrbo7wLHY2d1cb6V8W9Xng9VBez4XZCj/rdaj6zsmTacZPcdkVvev7ejEMxP6szSjPsyTnH97NP8bg/Z+Wu+485+VSfn3B5c+NU7OvzOa/4jTk397bP5NlfPvHir/jvwBAAAAAGCO5f//X6n589+Fo+/KgXza57+rM+oDAAAAAAAAADxpRx3/7xHj/wEAAMDcKt+rl35zdn/ZpO9iK5dfb0U8NbI+0DAfDSbLdfcDAAAAAAAAAAAAAJqkOziH93orohcRTy0vF0VR/lSN1od11O1PuqbvPzRZ3Q/yAAAw8PHZkWv5WxGLEXE92nvf9ddbXl4uisWl5WK5WFrIr2f7C4vFUuV9bZ6Wyxb6B3hB3O0X5S9brGxXNe398rT20d9X3la/6BygY09IL/01JzTXFDYAJINnox3PSKdMUTw96cUHDHH8n0IrsVL3/Yr5V/fdFAAAADh+RVEUrTTM37k0vl+77k4BADORn/9HPxc4UB0xvr19yPXVarVarVbPpK4qxntQLSJiq7pN+ZrBcPwAcMJsxSd1d4Eayb/RuhHxXN2dAOZaq+4OcCx2djfXWynfVvX5YHXQns8FGcp/q7W3Xd5+3HSa0XNMZnX/2o5OPDOhP8/OqA/zJOffHs3/xqC9n9Y77vxnZVL+/b1L5pon598ZzX/E6cm/PTb/psr5dw+Vf0f+AAAAAAAwx/L//6/4/DfvMgAAAAAAAACcODu7m+v5utf8+f/nxqzn+s/TKeffOmz+S2le/idazr89kv+XR9brVOYfvrl//P9rd3P99/f++dk8PWj+C3mmle5ZrXSPaKVbanXT9Ch797jtXqdf3lKv1e500zk/Re+duBW3YyMuDa3bTn+P/fa1ofayp72h9stD7d3H2q8MtffS9w4US7n9QqzHT+J2vL3XXrYtTNn/xSntxZT2nH/H438j5fy7lZ8y/+XU3hqZlh5+2H7suK9Ox93OG7c+/8tLx787U21H59G+VZX7d76G/uz9Tc7042d3N+5cuH/z3r07a5EmQ0svR5o8YTn/3t7Pwv7j/wuD9vy4Xz1eH37YP3T+82I7uhPzf6EyX+7vSzPuWx1y/v30k/N/O7WPP/5Pcv6Tj/+Xa+gPAAAAAAAAAAAAAAAAfJqiKPYuEX0jIq6m63/qujYTAJit/PxfJHm5Wq1Wq9Xq01dXFeO9Xi0i4qPqNuVrhl+M+2UAwDz7b0T8ve5OUBv5N1j+vr9y+mLdnQFm6u77H/zo5u3bG3fu1t0TAAAAAAAAAOD/lcf/XK2M//xiRKyMrDc0/uubsXrU8T+7eebRAKNPeKDvCbbb/U67Mtz487E3PveFSeN/n4/Hx//OY+J2qvsxQW9Ke39K+8KU9sWxS/fTGnuhR0XO//nKeOdl/udGhl9vwvivo2PeN0HO/3zl/lzm/6WR9ar5F7+du/y3DrridrSH8r94772fXrz7/gev3Hrv5rsb7278+Mra2qUrV69eu3bt4ju3bm9cGvx7PL2eAzn/PPa180CbJeefM5d/s+T8v5Bq+TdLzv+LqZZ/s+T88+s9+TdLzj+/95F/s+T8X0q1/Jsl5/+VVMu/WXZ2NxfK/F9OtfybJR//X021/Jsl5/9KquXfLDn/C6mWf7Pk/C+m+gD5+3r4UyTnnz/hcvw3S85/LdXyb5ac/+VUy79Zcv5XUi3/Zsn5v5pq+TdLzv9rqZZ/s+T8r6Za/s2S8/96quXfLDn/a6mWf7Pk/L+Ravk3S87/m6mWf7Pk/F9LtfybJef/rVTLv1ly/t9OtfybJef/nVTLv1ly/q+nWv7Nsv/9/2bMmDGTZ+p+ZAIAAAAAAAAAAAAARs3idOK69xEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/7EDBwIAAAAAQP6vjVBVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVWFHTgQAAAAAADyf22EqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqKuzda4xcZ3kH8DN7sdcOIQZCcFIDa8cY4yzZ9SW+0LqYQLgEKAUSCr1gu961s+BbvHZJ0kg2DZRIOCqqqJp+aAsoaiNVFVbFB1qlNB+qXj6R9gP9UlFVQmpUmSigIrUVzVYz531fz8zOzoy94/XZc34/KXl2Z86Z886Z95ydZ9f/OQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAs43vnvlSLcuy+n+N/63LslfVv14zvq5x2ztu9AgBAACApfq/xv9fviXdcKCPlZqW+fs3ffdb8/Pz89knh39v9Kvz8+mO8SwbXZ1ljfuiS//+qVrzMsET2VhtqOn7oR6bH+5x/0iP+0d73L+qx/2re9w/1uP+BTtggTX572MaD7a58eW6fJdmt2ajjfs2d1jridrqoaH4u5yGWmOd+dGj2Wx2PJvJplqWz5etNZZ/bmN9W+/P4raGmra1oT5DfvT4kTiGWtjHm1u2deUxox++Kxv/8Y8eP/InZy/f3qn23A0tj5ePc+um+ji/EG7Jx1rLVqd9Esc51DTODR1ek+GWcdYa69W/bh/ny32Oc/jKMJdV+2s+lg01vn6hsZ9Gmn+tl/bThnDbf9+ZZdmFK8NuX2bBtrKhbG3LLUNXXp+xfEbWH6M+lV6bjVzVPN3Yxzyt1+nNrfO0/ZiIr//GsN7IImNofpl++PlVC173q52nUf1ZL3astM/BQR8rRZmDcV680HjST3acg5vD8398y+JzsOPc6TAH0/NumoObes3BoVXDjTGnF6HWWOfKHNzesvxwY0u1Rn1xS/c5OHn2xOnJuUcfe/vsicPHZo7NnNy5ffvUzt279+7dO3l09vjMVP7/a9zbxbc2G0rHwKaw7+Ix8Na2ZZun6vzXB3ccjnU5Dte1LTvo43Ck/cnVlueAXDin82PjgfpOH7s4lC1yjDVen21LPw7T8246DkeajsOOP1M6HIcjfRyH9WVOb+vvPctI03+dxnC9fhasa5qD7e9H2ufgoN+PFGUOjoV58a/bFv9ZsCGM98mJq30/MrxgDqanG8499VvS+/2xvY3SaV7eUb/jplXZubmZM3c/cvjs2TPbs1CWxeua5kr7fF3b9JyyBfN16Krn64HZNz15R4fb14V9Nfb2+v/GFn2t6svsurv7a9X46dZ5f7bcuiMLZcCWe392+mle35+pl+yyP+vLfGFy6e/FU1/adP4dXeT8G/v+V/LtpYd6Ynh0JD9+h9PeGW05H7e+VCONc1etse2XJ/s7H4+G/5b7fHxrl/Px+rZlB30+Hm1/cvF8XOv1246laX89x8I8OT7V/XxcX2b9jqudkyNdz8d3hloL+/9toVNIfVHT3Fls3qZtjYyMhuc1ErfQOk93tiw/Gnqz+rae3XFt83TrnfljDadnd8VyzdPxtmUHPU/T+WqxeVrr9du3a9P+eo6FeXHrzu7ztL7M87uWfu5cE79sOneu6jUHR4dX1cc8miZhfr6fXxPn4N3ZkexUdjybbty7qjGfao1tTdzT3xxcFf5b7nPl+i5zcGvbsoOeg+nn2GJzrzay8MkPQPvrORbmxdP3dJ+D9WXes2ew7123hlvSMk3vXdt/v7bY77zuaNtN1/N3XvVx/u2e7r+brS9zfO/V9pnd99Nd4ZabOuyn9uN3sWNqOlue/bQ+jPPy3sX3U3089WW+uq/P+XQgy7LzD9/b+H1v+PvKX5z73rda/u7S6W865x++96Wbj/7d1YwfgJXvlbyszX/WNf1lqp+//wMAAAArQuz7h0JN9P8AAABQGrHvj/8qPNH/AwAAQGnEvn8k1KQi/f/691yefeV8lpL580G8P+2G+/PlYsZ1Knw/Pn9F/fZ7n5n5yV+d72/bQ1mW/fT+3+y4/Pr747hy42Gcl+5rvX3hiuf72v6hB68s15xf/1p4/Ph8+p0GnSK4U1mWPXfLU43tjH/qYqM+f/+hRv3YhSefqC/z8r78+7j+i6/Ll//DEP49cPRwy/ovhv3wg1CnPth5f8T1vnnxbRv2fOLK9uJ6tU2vbjztpz+dP278nJyvPJEvH/fzYuP/6y8/+8368o+8pfP4zw91Hv+z4XGfue/ybH3G/c8b8+WbX4P693G9L4bxx+09E9a/+xvf6Tj+S1/Klz/93ny5Q6HG7W8N329+7+XZ5v31SO1wy/PK3pcvF7c/9b3fadwfHy8+fvv4xw5ebNkf7fPj+X/OH2eybfl4e9xO9Jdt268/TvP8jNt/9rcPteznXtu/9LEX31h/3Pbt39W23HDb+u2f2PRHX3yq4/bieA78+emW53Pgo+E4Dtt/+tNhPob7//fSUy3bjQ59tPX8E5f/2rrzLc8nev+P8+1feuexRv2P8Z/8wU2vuvnVF95c33dZ9sLH88frtf1jf3yqZfxfv21b4/WI98eMfvv2FxO3f+ZzEydPzZ2bnW7aq43PzvlQPp7VY2vW1sd7Szi3tn9/8NTZh2bOjE+NT2XZeHk/Qu+afSPUl/Jy4WrX3/ZgeD3v+P3n1m75py/H2//lgfz2ix/Mf269NSz3lXD7uvz1m68tcftPb7ytcXzXns+/b8mxD8CGzf+5t68Fw/Nvf18Q5/vp1z/U2A/1+xo/N+JxvcTxf386f5xvh/06Hz6ZedNtV7bXvHz8bISLH8+P9yXvv3Cai6/rn4bX+8M/yB8/jis+3++H9zHfWd96vovz49vnh9ofv/EpHhfC+SS7kN8fl4r7++LLt3UcXvwckuzC7Y3vfzc9zu1X9TQXM/fo3OTx2ZPnHpk8OzN3dnLu0ccOnjh17uTZg43P8jz4mV7rXzk/rW2cn6Zndu/KptZkWXYqm1qGE9b1GX/9q/7Gf/rBI9N7prZMzxw9fO7o2QdPz5w5dmRu7sjM9NyWw0ePznyu1/qz0/u379i3c8+OiWOz0/v37tu3c9/E7MlT9WHkg+ph99RnJ06eOdhYZW7/rn3b77ln19TEiVPTM/v3TE1NnOu1fuNn00R97d+YODNz/PDZ2RMzE3Ozj83s375v9+4dPT8N8MTpo3Pjk2fOnZw8NzdzZjJ/LuNnGzfXf/b1Wp9ymvu3/P1su1r+QXzZR+7anT6fte6Zzy/6UPkibR8gejl8Fs0/vub03n6+j33/aKhJRfp/AAAAqILY968KNdH/AwAAQGnEvn91qIn+HwAAAEoj9v1joSYV6f/l/+X/+8v/5/cPMv/fKT+fyf8XKv9/+uE8V7rS8/8xPy//Xw03OP+/5O3L/8v/ly//339+fqWPX/5f/p+Fipb/j33/miyrZP8PAAAAVRD7/rWhJvp/AAAAKI3Y998UaqL/BwAAgNKIff+rQk0q0v/L//eV/9/RK3BV/vz/4K//L/8v/78s+f/44sj/V8ZV5+8/8UDLt/L/gfy//L/8v/y//D9LNrroPTcq/x/7/ptDTSrS/wMAAEAVxL7/1aEm+n8AAAAojdj33xJqov8HAACA0oh9/7pQk4r0//L/rv8v/y//X+r8/1Kv/980GPn/lcH1/7uT/+/hmvP/Y/L/KzH/PzrY8Rc7/99z+PL/XBdFu/5/7PtfE2pSkf4fAAAAqiD2/a8NNdH/AwAAQGnEvv91oSb6fwAAACiN2PffGmpSkf5/Kfn/mLmW/5f/l//Pyf/nSpX/73r9//wr+f9ikf/vTv6/B9f/r1b+f8DjL3b+f9DX/x+9r319+X86KVr+P/b9rw81qUj/DwAAAFUQ+/7bQk30/wAAAFAase9/Q6iJ/h8AAABKI/b960NNKtL/u/6//L/8v/y//H/n7ffO/+fk/4tF/r87+f8e5P/l/+X/+8v/d3jzK/9PJ0XL/8e+//ZQk4r0/wAAAFAFse+/I9RE/w8AAAClEfv+nwk10f8DAABAacS+f0OoSUX6f/l/+X/5/2rl/+9aJf8v/19u8v/dyf/3IP8v/y//3+f1/xe6mvz/6l4PRmkULf8f+/43hppUpP8HAACAKoh9/5tCTfT/AAAAUBqx739zqIn+HwAAAEoj9v3joSYV6f/l/8uV//+zv3n6zZn8v/x/j+2XNP8fp4H8f8XJ/3cn/9+D/L/8/wrN/3/gu3ldKfl/qqNo+f/Y928MNalI/w8AAABVEPv+TaEm+n8AAAAojdj33xlqov8HAACA0oh9/+ZQk4r0//L/5cr/R/L/8v/dtl/S/H8i/19t8v8dNB2k8v89yP/L/6/Q/H82sOv/x3e/8v8MRtHy/7Hvf0uoSZfGb7CfxAMAAABcb7Hv3xJqUpG//wMAAEAVxL7/raEm+n8AAAAojdj3bw01qUj/L/8v/y//L/8v/995+/L/K9PKyv+vXnBL0a7/v0r+X/5f/r9i+X/X/2ewipb/j33/20JNKtL/AwAAQBXEvn9bqIn+HwAAAEoj/su7/N+96v8BAACgjGLfPxFqUpH+X/5f/r9K+f+a/L/8v/x/6a2s/P9CRcv/u/6//L/8v/y//D9LUbT8f+z73x5qUpH+HwAAAKog9v13h5ro/wEAAKA0Yt8/GWqi/wcAAIDSiH3/VKhJRfp/+X/5/yrl/13/X/5f/r/85P+7k//vQf6/VPn/LJP/rw9e/p8bqWj5/9j3bw81qUj/DwAAAFUQ+/4doSb6fwAAACiN2PfvDDXR/wMAAEBpxL5/V6hJRfp/+X/5f/l/+X/5/87bl/9fmeT/u5P/70H+f3ny/53eOK2k8S+ikPl/1//nBita/j/2/feEmlSk/wcAAIAqiH3/7lAT/T8AAACURuz794SahP7/Ov3zJAAAAGAZxb5/b6hJRf7+L/9fkvz/b/1Dy7bl/+X/u21/MPn/NfL/ocr/F0tJ8//th8U1k//vQf7/uuXns6GBDPGGjV/+X/6fa1O0/H/s+/eFmlSk/wcAAIAqiH3/O0JN9P8AAABQGrHv/9lQE/0/AAAAlEbs+38u1KQi/b/8f0ny/23k/+X/u23f9f/l/8uspPn/gSlV/n9I/n8l5f/7yc+v9PHL/8v/s9D1z//Hr/rL/8e+f3+oSUX6fwAAAKiC2Pf/fKiJ/h8AAABKI/b97ww10f8DAABAacS+/0CoSUX6/2vI/zfulP9vJf/fOn75/87zo1r5/3dm7YqY/69PHvn/cilw/n+0n+3L/7v+v/z/soy//UfNQMYv/y//z0JFu/5/7PvfFWpSkf4fAAAAqiD2/feGmuj/AQAAoDRi3//uUBP9PwAAAJRG7PvfE2pSkf7f9f/l/+X/5f9d/7/z9uX/V6YC5//7Iv8v/y//v3LHL/8v/89CRcv/x77/vlCTivT/AAAAUAWx739vqIn+HwAAAEoj9v3vCzXR/wMAAEBpxL7//aEmFen/5f/l/+X/5f/l/ztvX/5/ZZL/707+vwf5f/l/+X/5fwaqaPn/2Pd/INSkIv0/AAAAVEHs++8PNdH/AwAAQGnEvv+DoSb6fwAAACiN2Pd/KNSkIv2//L/8v/y//L/8f+fty/+vTPL/3cn/9yD/L/8v/y//z0AVLf8f+/4Ph5pUpP8HAACAKoh9/y+Emuj/AQAAoDRi3/+RUBP9PwAAAJRG7Pt/MdSkIv2//L/8f7Hy//Pnm9eT/5f/zwaV/6+vJP9fCfL/3cn/99Ah/79a/l/+X/5f/p9rVrT8f+z7PxpqUpH+HwAAAKog9v0fCzXR/wMAAEBpxL7/46Em+n8AAAAojdj3PxBqUpH+X/6/kvn/9JSLl/93/f9+8v8jt8j/Z67/L/+/CPn/7uT/e3D9f/l/+X/5fwaqaPn/2Pc/GGpSkf4fAAAAqiD2/Z8INdH/AwAAQGnEvv+XQk30/wAAAFAase//ZKhJRfp/+f9K5v8LfP3/suX/R1rmR5Wu/z/W9HqmeSn/L/+/DOT/u5P/70H+X/6/yPn/MJvXLLK+/D9FVLT8f+z7PxVqUpH+HwAAAKog9v2/HGqi/wcAAIDSiH3/r4Sa6P8BAACgNGLf/6uhJhXp/0uY/7+Qyf/L/xcm/986P6qU/3f9/4Xk/5eH/H938v89yP/L/xc5/9+D/D9FVLT8f+z7fy3UZNHG76X/6uNpAgAAAAUS+/5Ph5pU5O//AAAAUAWx7z8YaqL/BwAAgNKIff+hUJOK9P8lzP8v8fr/8Yqq8v/y/4PO/w/J/8v/y/8vg8Hl/99wc5bJ/8v/y//L/8v/y/+zFEXL/8e+/3CoSUX6fwAAAKiC2Pf/eqiJ/h8AAABKI/b9R0JN9P8AAABQeCMpEdxd7PunQ00q0v/fwPz/aDHz/2W7/n8tPPb1z///VP7f9f8D+f/O5P+Xh+v/dyf/34P8v/y//L/8PwNVtPx/7PtnQk0q0v8DAABAiaVfB8e+/2ioif4fAAAASiP2/cdCTfT/AAAAUBqx738o1KQi/b/r/5c9/+/6/8XM/4+0LC//n5P/l/8fBPn/7uT/e5D/l/+X/5f/Z6CKlv+Pff9sqElF+n8AAACogtj3fybURP8PAAAApRH7/s+Gmuj/AQAAoDRi33881KQi/b/8v/x/1fP/tSy74Pr/8v+dti//vzLJ/3cn/9+D/L/8v/y//D//z959NNl1VX0cPjZWGsFHYOwRQxiZj8CUGVWMTTQ5yCJnMDkHkzE5Y4JNzjlnk3M0JhiqRFlaa0nd9/a5LfVR33P2fp7JwirLfWU3fuv/qn7sSc2t/8/df3Xc0sn+BwAAgB7k7r9f3GL/AwAAQDNy998/brH/AQAAoBm5+x8Qt3Sy//X/+v/e+/9hK+//7/zz9f9n6f/1/1NY6e+vWP/n7RWF79n/3+3u19xH/6//1/+P0v/r//X/7Da3/j93/wPjlk72PwAAAPQgd/+D4hb7HwAAAJqRu//BcYv9DwAAAM3I3X9N3NLJ/tf/6//1/4vo/y/Lv8Yl7/9v1v/r/5fN+//j9P8b6P/1//p//T+Tmlv/n7v/IXFLJ/sfAAAAepC7/6Fxi/0PAAAAzcjd/7C4xf4HAACAZuTuf3jc0sn+1//r//X/i+j/b7vx5FHv/+/69ej/9f/r6P/H6f830P/r//X/+n8mNbf+P3f/I+KWTvY/AAAA9CB3/yPjFvsfAAAAmpG7/1Fxi/0PAAAAzcjd/+i4pZP9r//X/+v/J+z/Tw3DcMn6/0H/v+vXo//X/69z/XDu3wn6/1X6/w029P/DoP8fs+9+fv0vbzmffw/6f/0/q+bW/+fuf0zccs9hOHqxv0gAAABgVnL3PzZu6eT3/wEAAKAHuftPxi32PwAAADQjd/+1cUsn+1//r//X/y/l/X/9v/5f/78f3v8fd/D+/8q7XH3ffvt/7/+P8/7/1P3/Hd8Z+n+WbW79f+7+U3FLJ/sfAAAAepC7/3Fxi/0PAAAAzcjd//i4xf4HAACAZuTuf0Lc0sn+1/+31v/facfPO6//P1O76P/1/xfT/x+pv5L+X/8/f/r/cd7/3+DMv+ZO1B/q//X/3v/X/3Mwc+v/c/c/MW7pZP8DAABAD3L3Pylusf8BAACgGbn7nxy32P8AAADQjNz9T4lbOtn/+v/W+v+dP8/7//r/dV/f+//6/5ZdXH9/Zf3PXOj/Q9f9fwPv/1/kd822+/mD2vbn1//r/1k1t/4/d/9T45ZO9j8AAAD0IHf/0+IW+x8AAACakbv/6XGL/Q8AAADNyN3/jLilk/2v/9f/L6P/z6+g/9f/X/r+P+n/l8n7/+P0/xu00v9fpG3380v//Pp//T+r5tb/5+5/ZtzSyf4HAACAHuTuf1bcYv8DAABAM3L3Pztusf8BAACgGbn7nxO3dLL/9f/6/2X0/97/1/97/1//vz/6/3H6/w30//p//b/+n0nNrf/P3X9d3NLJ/gcAAIAe5O5/btxi/wMAAEAzcvc/L265kP1/ZOpPBQAAAEwpd//z45ZOfv9f/6//1//r//X/67++/n+Z9P/j9P8bdN7/D9fq//X/+n+mNaP+/7yfdXx4QdzSyf4HAACAHuTuf2HcYv8DAABAM3L3vyhusf8BAACgGbn7Xxy3dLL/2+v/jy21/z+T87XV/58YhkH/P3Ta/584759nfV/q//X/h0D/P07/v0Hn/f+2+/mlf379v/6fVTPq/8/8ce7+l8Qtnex/AAAA6EHu/pfGLfY/AAAANCN3/8viFvsfAAAAmpG7/+VxSyf7v73+3/v/w2z6f+//7/7+6Kn/9/7/Kv3/4dD/j9P/b6D/1//r//X/TGpu/X/u/lfETUePXPQvEQAAAJiZ3P2vjFs6+f1/AAAA6EHu/lfFLfY/AAAALNR1Kz+Su//VcUsn+1//P23/f/S8H9P/6/93f3/o//X/+v9Lb1N/v+lvmf4/6P/1//p//b/+nwnMrf/P3f+auKWT/Q8AAAA9yN1/fdxi/wMAAEAzcve/Nm6x/wEAAKAZuftfF7d0sv/1/97/1//r/zf1/+eeQ9X/6//nz/v/4/T/G+j/9f/b7f+PnfuP+n/acAH9/+nTp09e8v4/d//r45ZO9j8AAAD0IHf/G+IW+x8AAACakbv/jXGL/Q8AAADNyN3/prilk/2v/++0/89v9WX1/9cOg/7f+//6f/3/OP3/OP3/Bvp//b/3//X/TGpu7//n7n9z3NLJ/gcAAIAe5O5/S9xi/wMAAEAzcvffELfY/wAAANCM3P1vjVs62f/6/077f+//6//1/4fd/98+6P8PxSL6/xN7f/259/+n9P/6/xHd9f/3useOP9T/6/9ZNbf+P3f/2+KWTvY/AAAA9CB3/9vjFvsfAAAAmpG7/x1xi/0PAAAAzcjd/8646YpO9r/+X/+v/9f/6//Xf/1Dfv//6DAM+v8JLKL/HzH3/n+a9/93/7f8HP2//n/Jn1//r/9n1dz6/9z974pbOtn/AAAA0IPc/e+Om47Z/wAAANCM3P3viVvsfwAAAGhG7v73xi2d7H/9v/5f/6//b77/P7WI/t/7/xPR/4+bR/+/N/2//n/Jn1//r/9n/7bV/+fuf1/c0sn+BwAAgB7k7n9/3GL/AwAAQDNy938gbrH/AQAAoBm5+z8Yt3Sy//X/+v8L6f/zc+r/2+r/j82u/z++46/Xyfv/+v+J6P/H6f830P/r//X/1+n/mdLc3v/P3f+huKWT/Q8AAAA9yN1/Y9z6f93a/wAAANCM3P0fjlvsfwAAAGhG7v6PxC2d7H/9v/7f+//6/+bf/9f/d0X/P07/v4H+X/+v//f+P5OaW/+fu/+jcUsn+x8AAAB6kLv/Y3GL/Q8AAADNyN1/U9xi/wMAAEAzcvffHLd0sv/1//p//b/+X/9/9p+h/r8N+v9xh9P/n9D/6/+rn78s/lug/9f/b/r5tGlu/X/u/o/HLZ3sfwAAAOhB7v5PxC32PwAAADQjd/8n4xb7HwAAABbpijU/lrv/U3FLJ/tf/6//1//r//X/67++/n+ZttL/5zeF/t/7/6Gf/v+uO/5oae//7/6/X/p//T/Tm1v/n7v/03FLJ/sfAAAAepC7/zNxi/0PAAAAzcjd/9m4xf4HAACAZuTu/1zc0sn+1//r//X/+n/9//qvr/9fJu//j9P/b6D/3+r7+Uv//Pp//T+r5tb/5+7/fNzSyf4HAACAHuTu/0LcYv8DAABAM3L3fzFusf8BAACgGWd2f8ZlHe5//b/+X/+v/9f/r//6+v9l0v+P0/9voP/X/+v/9f9Mam79/5fO/Kzjw5fjlk72PwAAAPQgd/9X4hb7HwAAAJqRu/+rcYv9DwAAAM3I3f+1uKWT/b///v/0oP/fm/5/5+efvv8/ffr0Sf2//n/nr+dc/3+L/p+i/x+n/99A/6//1//r/5nU3Pr/3P1fj1s62f8AAADQg9z934hb7H8AAABoRu7+b8Yt9j8AAAA0I3f/t+KWTva/9/9n0P8f1/97/1//P3j/f7X/v/zsv5T1/xdG/z9O/79Bi/3/8f3/8rfdzx/Utj+//l//z6q59f+5+78dt3Sy/wEAAKAHufu/E7fY/wAAANCM3P3fjVvsfwAAAGhG7v7vxS2d7H/9/+H1/3f8vevl/f8Tw/rPr//X/+v/vf9/qen/x+n/N2ix/78A2+7nl/759f/6f1bNrf/P3f/9uGXn8DtyYb9KAAAAYE5y9/8gbunk9/8BAACgB7n7fxi32P8AAADQjNz9P4pbOtn/+v8ZvP/fYP/v/f/13x/6/1n3/5fr/9ug/x+n/99A/6//1/9P1P/nd7P+v3dz6/9z9/84bulk/wMAAEAPcvf/JG6x/wEAAKAZuft/GrfY/wAAANCM3P23xC3n7f91bXcr9P/6f/2//l//v/7r6/+XSf8/br/9/7HhYP1/0v/r//X/vfb/3v/nrLn1/7n7fxa3+P1/AAAAWJwje/x47v6fxy32PwAAADQjd/8v4hb7HwAAAJqRu/+Xccutl2/rIx0q/b/+X/+v/9f/r//6+v9l0v+Pm+X7/zfcVP9R/99E/3+V/r+N/n8Y9P8c3Nz6/9z9v4pb/P4/AAAANCN3/6/jFvsfAAAAmpG7/zdxi/0PAAAAzcjd/9u4pZP9r//X/x+w/z+TZur/z9L/n6X/X0//fzj0/+Nm2f+fR//fRP/v/f9G+n/v/zOFufX/uft/F7d0sv8BAACgB7n7fx+32P8AAADQjNz9f4hb7H8AAABoRu7+P8Ytnez/rfX/8bda/7/4/t/7//p//b/+f1b0/+P0/xvo//X/+n/9P5OaW/+fu/9PcUsn+x8AAAB6kLv/z3GL/Q8AAADNyN3/l7jF/gcAAIBm5O7/a9zSyf73/r/+X/+v/9f/r//6+v9l0v+P0/+vV/+g9P/6f/2//p9Jza3/z93/t7ilk/0PAAAAPcjd//e4xf4HAACAZuTuvzVusf8BAACgGbn7/xG3dLL/9f/6f/2//l//v/7r6/+XSf8/bpv9/73vvPnLev9/6/1/fgT9v/5f/88k5tb/5+6/LW7pZP8DAABAD3L3/zNusf8BAACgGbn7/xW32P8AAADQjNz9/45bOtn/G/r/Y/Un6v9H6f93fn79//rvj4b7/x2Bq/5/Pf3/4dD/j1vO+//x8/X/O3j/f96fX/+v/2fV3Pr/3P3/iVs62f8AAADQg9z9t8ct9j8AAAA0I3f/f+MW+x8AAACakbv/f3FLJ/vf+/9L6v+v0v/r/+fa/++g/19P/3849P/jltP/e/9/Hf3/vD+//l//z6q59f+5+/8fAAD//xdwQx0=") creat(&(0x7f0000000140)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x244) 2.109866759s ago: executing program 1 (id=14703): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000007740)={0x0, 0x0, &(0x7f0000007700)={&(0x7f00000008c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [@NFT_MSG_NEWSET={0x48, 0x9, 0xa, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7}, [@NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_TIMEOUT={0xc, 0xb, 0x1, 0x0, 0x2}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x15}, @NFTA_SET_ID={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xa}}}, 0x70}, 0x1, 0x0, 0x0, 0x10}, 0x20000840) 1.955141744s ago: executing program 1 (id=14705): syz_mount_image$squashfs(&(0x7f0000000240), &(0x7f0000000280)='./file0\x00', 0x0, &(0x7f00000002c0)={[{}]}, 0x1, 0x232, &(0x7f0000000000)="$eJzKKC4sZmdgYPj7sSaZgUGAAQRYGEQYLjAwMrAwMDDIM4KFGD4yQeipUPomlGaDyl+B0r5Q8XYo/de8KiKKgYExU+meGdMB8RRFRgEGHpGvpx4wJDPwxzJYzvNecykoc8pVobdL94PUe4VWbmJgVE/hXzRnwwSnmbxgYxkjo5DNYT4gM4sDZBADA8PkPxH3HrBIMoggmSXK8U/sVMvyVWad9xlmdExLY2A0mMXBwMCgd0R3pp0BbzcT1MziyqrsxJyc1KLiAwyo5k9m3M+kyAhSd+bv1eAHjHYM3bEMjAxyG/zVFn/7I1W5cVN95PSqiJqp3U03l66PY9im//eKidT7iRlh/x8cEtSyyMv/ME9G6fvmhjkfauqemDh2NirP5W+9/Pfd+5ja4gQ1psfiXYVs/AluWjWfnJ3cLB/PTa9u31KsuCArzWXisakX/yYcX8vAMPnCE1t9BgaGDSDnulXOjbnrFi/ItUz9fN2bFwwHoz5PZGBkZGBgYmCYGbZzD7K/yhugkcHAzMDAoMIAUsTCkJaZk2rgwcDIwMzAws6ADGCqmRg4wKr0kvNzUtoZGMFJAKxtOQML3AzDxwys/CDlII7RYwZWuIyxRQPMyHYorQKlPaD0cij9GErLoyUbFrAJ/VCeRgMDAxtDReJ//iJDNgYGhorEkpIiQ4hYSUmREVzMSABuMxPU1rlMqJ47zsQwCkbBKBgFo2AUjIJRMApGwSgYBSMZAAIAAP//kpC1eQ==") syz_usb_connect(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="120100006325a640402000207265970000010902240001000000000904000002214c6a0009050702000000da000905"], 0x0) 1.566760123s ago: executing program 2 (id=14708): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x180, 0x10, 0x1, 0xfffffffd, 0x25dfdbfd, {{@in=@multicast2, @in=@private=0xa010101, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc}, {@in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x0, 0x6c}, @in=@dev={0xac, 0x14, 0x14, 0x18}, {0x0, 0x0, 0x0, 0x8, 0x0, 0x8}, {0x0, 0xfffffffffffffffd, 0x0, 0xbdf}, {0x7fffffff, 0x3, 0xb}, 0x70bd27, 0x3ffc, 0x2, 0x0, 0x0, 0x44}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @algo_crypt={0x48, 0x4, {{'ecb(arc4)\x00'}}}]}, 0x180}}, 0x0) 1.520482637s ago: executing program 0 (id=14709): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000480)=ANY=[@ANYBLOB="1c000000000303"], 0x1c}}, 0x0) 1.408610299s ago: executing program 2 (id=14710): socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000f00)={'dummy0\x00', &(0x7f0000000540)=@ethtool_perm_addr={0x4b, 0x4a, "43720700000000004786b89e6fb2940acfbe4c3f9725f0f2bf568d62c050880594c23d36d68dbac78c2893c6a9798597b201337a179ecc35385efddfd9ec373f0295041c1695fc1a58d9"}}) 1.275910572s ago: executing program 0 (id=14711): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x2e, &(0x7f0000000040)=0x20004, 0x4) 1.250971794s ago: executing program 3 (id=14712): r0 = socket(0x2b, 0x80801, 0x1) getsockname$packet(r0, 0x0, &(0x7f00000003c0)) 1.211154669s ago: executing program 2 (id=14713): sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000580)="d4fa0c511aad03aa5ed217677bc41c027d9c830c439c7f821ddd78b6915cb170e7603acf9e433c2903bb6773f4b0130668a1e5b5e08d21d0b69c28ca3455aed65855c86f3d1e5789d26375a0d85eaf5e92e19c9affcf76e7a94e76556d2b104ebf645747fadc91460f4b3cd4e1a89b51be4a6aa4c65285f988329a8163b69c51b801500a5bacd0463976e2960e", 0x8d}], 0x1}, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000005c0)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x4}, 0x50) 1.068007323s ago: executing program 0 (id=14714): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_GET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000840)={0x50, 0x1, 0x2, 0x101, 0x0, 0x0, {0xa, 0x0, 0xb}, [@CTA_EXPECT_MASTER={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x21}}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x4000044}, 0x4) 1.046445365s ago: executing program 2 (id=14715): r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$mixer_OSS_GETVERSION(r0, 0x80086303, &(0x7f0000000000)) 872.259252ms ago: executing program 0 (id=14716): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000080)={'netdevsim0\x00', &(0x7f0000000000)=@ethtool_sfeatures={0x51, 0x1, [{0xfe}]}}) 812.268519ms ago: executing program 2 (id=14717): capset(&(0x7f0000000380)={0x20080522}, &(0x7f0000000040)={0x200000, 0x40200003, 0x0, 0x6, 0x7}) bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x11, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000ae00000095"], &(0x7f0000001b80)='syzkaller\x00', 0x5, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff9}, 0x94) 783.056331ms ago: executing program 3 (id=14718): r0 = syz_open_dev$vim2m(&(0x7f0000000080), 0x3fe, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000580)={0x1, @pix_mp={0xfffffffc, 0x0, 0x59565955, 0x4, 0x2, [{}, {0x277c, 0x4}, {}, {}, {}, {0xd360}, {0x0, 0xfffffffd}, {0x0, 0x82000}], 0x10}}) 638.301596ms ago: executing program 3 (id=14719): r0 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x0, 0x0) getpeername$packet(r0, 0x0, 0x0) 448.014745ms ago: executing program 0 (id=14720): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="480000001000030531bf72f07502149600000000", @ANYRES32=0x0, @ANYBLOB="0000000000800000280012800b0001006d616373656300001800028005000300100000000c0004"], 0x48}}, 0x0) 429.067747ms ago: executing program 3 (id=14721): capset(&(0x7f0000000080)={0x20080522}, &(0x7f0000000100)={0x0, 0x81, 0x4, 0x18000, 0x0, 0x6}) prctl$PR_SET_SECUREBITS(0x1c, 0x0) 395.97832ms ago: executing program 2 (id=14722): syz_mount_image$ocfs2(&(0x7f0000004740), &(0x7f0000000140)='./file0\x00', 0x100000a, &(0x7f00000002c0)={[{@journal_async_commit}, {@heartbeat_none}, {@usrquota}, {@journal_async_commit}, {@heartbeat_none}, {@inode64}]}, 0x1, 0x4719, &(0x7f0000008f40)="$eJzs222IHGcBB/BnNqe5vF3vJW2Spi+bRPDQclz6xWr9EM+qjabNJdpWU+Xcu1wvp3u3592eFgxSgyAKghIEFV+oCqVfakEM9EstQsEXpFUoFUXrF5FCFfxg0AZ6sjszuZ25vczmNmmx/f2gnZuX55ln97/zzD7zbEqJ+qnZpfLsUrkyX65NPbB0a/mztery3HQovUpe6/NzSe/YFpquSk6yf+0cfe/7P3zvrSH8/thXP7iysrLSTLk/tHWw5e/z/zo91bpMlXJlGvW2ry32h+VHX/7Zmy51RJETIYSda9rVsCmE8NGfh7A5hDCQbBtMlltCCNtDCFEI4bFf//NHvd00ocXZ+158/tiZI/vPjD3x+LMXZsbXPTAK4TvVPbfMzL10YNPtL7ztCp0eAAAu6QPHj94zPnowPBWFvnM9a7+v70qW6ffju97yybsf6Vndv0JsvOAN2fQqBQoAAABtrI7/+6NX2szXpTNr6ZTgkw+euOfpaHW/ge3/t8N3H73jfaMHk/nfaM3+25JN/3jPpuYcan7eNz//O5Ar337+d/U8j3zluV/Mv3nj7U/bl563P0Slkcx6qTQyEsKxsXh9d7S1VK0t1d/+QG15/uTGz/t6kc0/P3u/OqHfaf6DueJF8/97Pv65n27p6eYVDIX8p7axXl77UaaNbP7r9+U//mLUUf5DuXJF+d/5zI7zv9zczSvIn5HLkc0/vhD3tx5QjjuARv7f6CnOf2eu/qL8vzd27rETG/j9T6Of6Y8abe3N9ACvJNvX+QkTOdn84yAyXWfyRq53/f83l/+1ufqL8r+r9vff/rWL+/96/f/wWDd1vnFk84+DKGeOWL3+B0rF1/91ufqL8v/NqT8994mu7tVr82+0f9j9vyPZ/JMbcbbzbL6Tnfb/u3L1F+W/e+j+h2c30O4PbUna2ReFoZZfnZ5r3ML6Vuerm0Oaxu6FDZzkDSCbf/yuZS6dvnjRvP77i/v/3bn6i/J/eO/X3n26q9//tu//R/X/Hcnmv6W57XLyfzmX/55c/UX5/+D03/58/xXu/xvrh+TfkWz+W9fsX33+U+po/Hd9rnzR85/9g08/+pcuxv9p+9Lzps9/0ucQw1H8/If2svlvW/e4Tu//e3Pliq7/b/77hWcOdNP/R72eAHQhm//2eGObAWCn+d+Qq78o/8/f+6WP/XED47/mN77eNP+W8f/mePu4/r8j2fx3xBsz/xjqoeb/m/f/aG3u/8nlf2Ou/qL8Lxwe6fnyFb7/N9o/3OZRNmtl8+9b97hG/r/r4P5/U65cUf5f2PeTl27p6vt/CKPG+huWzf+adY9rXv+9xfnfnCtXlP+3v/6rJx/qov1v7aIs+fzje33mckq+m3c6/i/n6i/K/4fD588euArjv9vc/zuSzT+eNb+c/PPj/325+ovy/+7R7y/2XIXnP3fKHwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYEMGk2V/iEojmfVSaWQkhKFkfXfYGk1WTk5MVmtTn14KYWeyvRwGo5lqbbJSnZidr52cnqhUq7WpEK5N9u8MvdFStVafmKssXHexri3RqenKYn1yulIPIexKtt8QdqR1Tc7W5yoLzWPTMtuiymeWa/XKyPLS9GLYc3H79nT7zGJteeH6i3VdU6otLpyqzE+cnF181+jo6GjYe7HNA9H0g/Xp+Xrc2nhvo0xatj9qeTHN3Te2nO9TteXF+Uq1uf2mljLV2lSl2lLm5pbz1ReX56cq9emJam0mPV+5pWzLa2vu3pfsGw4DmdeXls07lCzvOHz8I8ePHFyzvxxl855fnpse3dH+MwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA69dTt7/zWyGEnnitFEI4lP4RJf9lnL3vxeePnTmy/8zYE48/e2FmvN0xAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/2MHDgQAAAAAgPxfG6GqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqoKO/fzUkUXxwH4zPje1wIppY2Qy8AQEd1JWNAvIqm8RrZs0zqoVUIGRYFhRMuCIAhqFxUErYLKvyBq4bJVtalFC4MIMkZn8npHuuKFRu88DwxnhhnPfGHwzsz5DAcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAjeP8rvmOpL2yZ+vi0tkbQnu67/8QwnC0tP51f1voCiF8/zZ1NqzSZrrq+n83PjOaP2v0Z+3g6OObw9H668/+NjtvZ4jigZrt3VEcDwysv/9Wda//xWR/FEJcdCEUYm7k2blKCKHtL8c08W/JBrfwefZy8vv+X9GFUIjeT/c7kutfKboQCrF975eeSvqMR/lcrF7qr7335+/1K+8MngVay/vT1z7ELmrpvU7f/6N08T5YDtOnjn18WXQRFGZ6ZuJ40TUAAAD/1oUG+X/YtrT+8GoUujrzuf+Puvy/u67/1fP/ZQ923hqZaiqE2JEbm0y2Bw8002frO9N3/e7bivGeslpL/s/mtdBov/y/1OT/5Sb/L7fG+f9KouLWIv8n8Ub+X0pPb++bf1V0ERRG/g8AAOVz5OTYRHVwKHn53/KrPZ/X96RtNc3TH92Z7HtSM24kP9zcjp4YO3R4cCi97vkBweX5H+LFvT/T7z3q28x43XcXjeZ/6H4+N3ujPX9EdY3fb2T1Zec1/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwG92556GQTAKw+h3WxG10apowsJPgg80MCIAKcxoQAcTBmAgBBQwkHOWe5NneQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOD5/lVeF99fGiO91og0lV127Z/jafYz9+2wvM8eN24FAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANnbgQAYAAABAmL91Hu0HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4KgAA///VBcTJ") quotactl$Q_GETNEXTQUOTA(0xffffffff80000900, &(0x7f0000000180)=@loop={'/dev/loop', 0x0}, 0xee00, 0x0) 87.342811ms ago: executing program 0 (id=14723): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0xc, 0xa00, 0x0, 0x101, 0x100}}) 0s ago: executing program 3 (id=14724): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f00000047c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)={0x18, 0x7a, 0x601, 0x70bd2a, 0x0, "", [@typed={0x7, 0x0, 0x0, 0x0, @str='\x00\x00\x00'}]}, 0x18}], 0x1}, 0x0) kernel console output (not intermixed with test programs): 82.122771][ T5531] usb 1-1: unable to get BOS descriptor or descriptor too short [ 1482.132701][ T5531] usb 1-1: config 7 has an invalid interface number: 187 but max is 0 [ 1482.151815][ T5531] usb 1-1: config 7 has no interface number 0 [ 1482.188599][ T5531] usb 1-1: config 7 interface 187 altsetting 6 endpoint 0x3 has invalid wMaxPacketSize 0 [ 1482.209954][ T28] audit: type=1326 audit(2000526159.129:180): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2618 comm="syz.2.12886" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f3bd81c1885 code=0x7ffc0000 [ 1482.219145][ T5531] usb 1-1: config 7 interface 187 altsetting 6 bulk endpoint 0x3 has invalid maxpacket 0 [ 1482.273461][ T5531] usb 1-1: config 7 interface 187 has no altsetting 0 [ 1482.293451][ T5531] usb 1-1: New USB device found, idVendor=18d1, idProduct=1eaf, bcdDevice=5a.bb [ 1482.307844][ T28] audit: type=1326 audit(2000526159.129:181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2618 comm="syz.2.12886" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f3bd81c1885 code=0x7ffc0000 [ 1482.315942][ T5531] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1482.354397][ T5531] usb 1-1: Product: syz [ 1482.359333][ T5531] usb 1-1: Manufacturer: syz [ 1482.399785][ T28] audit: type=1326 audit(2000526159.129:182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2618 comm="syz.2.12886" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f3bd81c1885 code=0x7ffc0000 [ 1482.409667][ T5531] usb 1-1: SerialNumber: syz [ 1482.477138][ T28] audit: type=1326 audit(2000526159.129:183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2618 comm="syz.2.12886" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f3bd81c1885 code=0x7ffc0000 [ 1482.541399][ T28] audit: type=1326 audit(2000526159.129:184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2618 comm="syz.2.12886" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f3bd81c1885 code=0x7ffc0000 [ 1482.609474][ T28] audit: type=1326 audit(2000526159.129:185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2618 comm="syz.2.12886" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f3bd81c1885 code=0x7ffc0000 [ 1482.674853][ T2633] loop3: detected capacity change from 0 to 4096 [ 1482.681686][ T28] audit: type=1326 audit(2000526159.129:186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2618 comm="syz.2.12886" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f3bd81c1885 code=0x7ffc0000 [ 1482.699896][ T5531] usb 1-1: Unknown endpoint type found, address 0x07 [ 1482.750721][ T5531] usb 1-1: Not enough endpoints found in device, aborting! [ 1482.752282][ T2636] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1482.776588][ T28] audit: type=1326 audit(2000526159.129:187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2618 comm="syz.2.12886" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f3bd81c1885 code=0x7ffc0000 [ 1482.858536][ T28] audit: type=1326 audit(2000526159.157:188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2618 comm="syz.2.12886" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f3bd81c1885 code=0x7ffc0000 [ 1482.900632][ T2633] NILFS error (device loop3): nilfs_find_entry: dir 2 size 34359742464 exceeds block count 1 [ 1482.941631][ T2633] Remounting filesystem read-only [ 1482.956941][ T5531] usb 1-1: USB disconnect, device number 83 [ 1483.705786][ T2645] loop3: detected capacity change from 0 to 32768 [ 1483.753972][ T2645] ERROR: (device loop3): diAllocAG: numfree > numinos [ 1483.753972][ T2645] [ 1483.782259][ T2645] ERROR: (device loop3): remounting filesystem as read-only [ 1483.808633][ T2645] ialloc: diAlloc returned -5! [ 1484.075823][ T2672] vlan0: left promiscuous mode [ 1484.122733][ T2672] veth0_vlan: left promiscuous mode [ 1484.628332][ T2696] netlink: 'syz.1.12917': attribute type 21 has an invalid length. [ 1484.668950][ T2696] netlink: 4 bytes leftover after parsing attributes in process `syz.1.12917'. [ 1485.416719][ T2699] loop3: detected capacity change from 0 to 32768 [ 1485.467420][ T2699] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 scanned by syz.3.12919 (2699) [ 1485.521055][ T2730] SET target dimension over the limit! [ 1485.530355][ T2699] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 1485.564814][ T2699] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 1485.619101][ T2699] BTRFS info (device loop3): using free space tree [ 1485.773338][ T2699] BTRFS info (device loop3): enabling ssd optimizations [ 1485.780400][ T2699] BTRFS info (device loop3): auto enabling async discard [ 1486.172988][ T6086] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 1487.167616][ T2800] loop3: detected capacity change from 0 to 4096 [ 1487.278799][ T2800] ntfs: volume version 3.1. [ 1487.564326][ T2825] dlm: plock device version mismatch: kernel (1.2.0), user (1.8192.0) [ 1488.010689][ T2847] netlink: 'syz.3.12972': attribute type 12 has an invalid length. [ 1488.578296][ T2869] xt_TCPMSS: Only works on TCP SYN packets [ 1488.645753][T18302] usb 4-1: new high-speed USB device number 54 using dummy_hcd [ 1488.704703][ T2871] tmpfs: Bad value for 'mpol' [ 1488.731188][ T2873] x_tables: unsorted underflow at hook 2 [ 1488.880886][T18302] usb 4-1: Using ep0 maxpacket: 32 [ 1488.898826][T18302] usb 4-1: New USB device found, idVendor=0ccd, idProduct=0080, bcdDevice=67.fe [ 1488.923916][T18302] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1488.955999][T18302] usb 4-1: Product: syz [ 1488.960242][T18302] usb 4-1: Manufacturer: syz [ 1488.964878][T18302] usb 4-1: SerialNumber: syz [ 1489.010320][T18302] usb 4-1: config 0 descriptor?? [ 1489.127298][ T2850] loop1: detected capacity change from 0 to 40427 [ 1489.149176][ T2850] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 1489.157831][ T2850] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 1489.220953][ T2850] F2FS-fs (loop1): Found nat_bits in checkpoint [ 1489.262677][T18302] snd-usb-6fire 4-1:0.0: unknown device firmware state received from device: [ 1489.321119][ T2891] (null): rxe_set_mtu: Set mtu to 256 [ 1489.326588][T18302] eb 9a 47 80 9b f8 7a f0 [ 1489.327758][ T2891] rdma_rxe: rxe_newlink: failed to add vxcan1 [ 1489.360286][T18302] snd-usb-6fire: probe of 4-1:0.0 failed with error -5 [ 1489.449849][ T2850] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 1489.467884][ T2850] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 1489.505222][T19905] usb 4-1: USB disconnect, device number 54 [ 1489.658060][ T2894] loop0: detected capacity change from 0 to 4096 [ 1489.726081][ T2894] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1489.860846][ T6076] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1490.266940][ T28] kauditd_printk_skb: 67 callbacks suppressed [ 1490.266957][ T28] audit: type=1326 audit(2000526167.098:254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2907 comm="syz.3.12997" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77bc78efc9 code=0x7ffc0000 [ 1490.345509][ T28] audit: type=1326 audit(2000526167.098:255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2907 comm="syz.3.12997" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77bc78efc9 code=0x7ffc0000 [ 1490.410010][ T2911] tmpfs: Bad value for 'mpol' [ 1490.442332][ T28] audit: type=1326 audit(2000526167.126:256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2907 comm="syz.3.12997" exe="/root/syz-executor" sig=0 arch=c000003e syscall=290 compat=0 ip=0x7f77bc78efc9 code=0x7ffc0000 [ 1490.495087][ T28] audit: type=1326 audit(2000526167.126:257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2907 comm="syz.3.12997" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77bc78efc9 code=0x7ffc0000 [ 1490.591302][ T28] audit: type=1326 audit(2000526167.126:258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2907 comm="syz.3.12997" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77bc78efc9 code=0x7ffc0000 [ 1490.970091][ T2905] loop0: detected capacity change from 0 to 32768 [ 1491.079358][ T2905] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 1491.384041][ T2905] XFS (loop0): Ending clean mount [ 1491.392619][ T2905] XFS (loop0): Quotacheck needed: Please wait. [ 1491.476779][ T2905] XFS (loop0): Quotacheck: Done. [ 1491.767687][ T6076] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 1492.020521][ T28] audit: type=1326 audit(2000526168.745:259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2964 comm="syz.1.13021" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa9ff8efc9 code=0x7ffc0000 [ 1492.096158][ T28] audit: type=1326 audit(2000526168.745:260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2964 comm="syz.1.13021" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa9ff8efc9 code=0x7ffc0000 [ 1492.203881][ T28] audit: type=1326 audit(2000526168.745:261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2964 comm="syz.1.13021" exe="/root/syz-executor" sig=0 arch=c000003e syscall=104 compat=0 ip=0x7ffa9ff8efc9 code=0x7ffc0000 [ 1492.289687][ T28] audit: type=1326 audit(2000526168.745:262): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2964 comm="syz.1.13021" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa9ff8efc9 code=0x7ffc0000 [ 1492.350936][ T28] audit: type=1326 audit(2000526168.745:263): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2964 comm="syz.1.13021" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa9ff8efc9 code=0x7ffc0000 [ 1492.372768][ T2972] can0: slcan on ttyS3. [ 1492.539939][ T2970] can0 (unregistered): slcan off ttyS3. [ 1492.757527][ T2990] xt_addrtype: ipv6 does not support BROADCAST matching [ 1493.034611][ T3005] netlink: 8 bytes leftover after parsing attributes in process `syz.3.13037'. [ 1493.044081][ T3005] (unnamed net_device) (uninitialized): option ad_user_port_key: invalid value (1136) [ 1493.055192][ T3005] (unnamed net_device) (uninitialized): option ad_user_port_key: allowed values 0 - 1023 [ 1493.410237][ T3017] netlink: 12 bytes leftover after parsing attributes in process `syz.1.13041'. [ 1493.639730][ T3024] netlink: 28 bytes leftover after parsing attributes in process `syz.1.13044'. [ 1493.839442][ T3030] netlink: 300 bytes leftover after parsing attributes in process `syz.1.13046'. [ 1494.154239][ T3012] loop0: detected capacity change from 0 to 32768 [ 1494.177882][ T3012] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz.0.13039 (3012) [ 1494.213703][ T3012] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 1494.235044][ T3012] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 1494.254207][ T3012] BTRFS info (device loop0): using free space tree [ 1494.408287][ T3012] BTRFS info (device loop0): enabling ssd optimizations [ 1494.430054][ T3012] BTRFS info (device loop0): auto enabling async discard [ 1494.783416][ T6076] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 1495.375939][ T3096] overlayfs: failed to resolve 'smackfsdef=&:': -2 [ 1495.944194][ T3115] loop0: detected capacity change from 0 to 256 [ 1496.026483][ T3115] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 1496.399030][ T3133] (unnamed net_device) (uninitialized): option primary: mode dependency failed, not supported in mode balance-rr(0) [ 1496.778767][ T3152] netlink: 'syz.2.13089': attribute type 1 has an invalid length. [ 1496.802810][ T3152] netlink: 248 bytes leftover after parsing attributes in process `syz.2.13089'. [ 1496.813702][ C1] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 1497.946839][T12696] usb 2-1: new high-speed USB device number 73 using dummy_hcd [ 1498.032256][T18302] usb 3-1: new high-speed USB device number 61 using dummy_hcd [ 1498.164704][T12696] usb 2-1: Using ep0 maxpacket: 8 [ 1498.173277][T12696] usb 2-1: config 0 interface 0 has no altsetting 0 [ 1498.215322][T12696] usb 2-1: New USB device found, idVendor=0e41, idProduct=4142, bcdDevice=d4.6e [ 1498.235200][T12696] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1498.248292][T18302] usb 3-1: config 27 interface 0 altsetting 0 has an invalid endpoint with address 0x98, skipping [ 1498.270204][T12696] usb 2-1: Product: syz [ 1498.274467][T12696] usb 2-1: Manufacturer: syz [ 1498.280427][T18302] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 47025, setting to 1024 [ 1498.299291][T12696] usb 2-1: SerialNumber: syz [ 1498.312144][T18302] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 1024 [ 1498.324095][T12696] usb 2-1: config 0 descriptor?? [ 1498.341986][T18302] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 1498.358819][T12696] snd_usb_toneport 2-1:0.0: Line 6 TonePort UX2 found [ 1498.372445][T18302] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1498.394501][ T3191] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 1498.428326][T18302] usb 3-1: Quirk or no altest; falling back to MIDI 1.0 [ 1498.450946][T18302] usb 3-1: invalid MIDI in EP 0 [ 1498.508031][ T3219] loop3: detected capacity change from 0 to 1764 [ 1498.580906][ T3219] iso9660: Corrupted directory entry in block 14 of inode 1920 [ 1498.596010][T12696] snd_usb_toneport 2-1:0.0: Line 6 TonePort UX2 now disconnected [ 1498.628609][T12696] snd_usb_toneport: probe of 2-1:0.0 failed with error -22 [ 1498.661443][T18302] snd-usb-audio: probe of 3-1:27.0 failed with error -22 [ 1498.702995][T18302] usb 3-1: USB disconnect, device number 61 [ 1498.817108][T12696] usb 2-1: USB disconnect, device number 73 [ 1499.005160][ T6153] usb 4-1: new high-speed USB device number 55 using dummy_hcd [ 1499.207970][ T6153] usb 4-1: Using ep0 maxpacket: 8 [ 1499.221057][ T6153] usb 4-1: config 179 has an invalid interface number: 65 but max is 0 [ 1499.239980][ T6153] usb 4-1: config 179 has no interface number 0 [ 1499.246455][ T6153] usb 4-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9 [ 1499.272795][ T6153] usb 4-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024 [ 1499.291660][ T6153] usb 4-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 52, changing to 9 [ 1499.312103][ T3242] netlink: 20 bytes leftover after parsing attributes in process `syz.0.13134'. [ 1499.321302][ T6153] usb 4-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid maxpacket 8241, setting to 1024 [ 1499.340436][ T6153] usb 4-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 1499.368481][ T6153] usb 4-1: config 179 interface 65 has no altsetting 0 [ 1499.375430][ T6153] usb 4-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00 [ 1499.419173][ T6153] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1499.499696][ T6153] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:179.65/input/input96 [ 1499.582706][ T5143] input input96: unable to receive magic message: -110 [ 1499.659313][ T5143] input input96: unable to receive magic message: -32 [ 1499.727956][ T5143] input input96: unable to receive magic message: -32 [ 1499.837650][ T5143] input input96: unable to receive magic message: -32 [ 1499.900683][ T5143] input input96: unable to receive magic message: -32 [ 1500.009340][ T3261] netlink: 'syz.1.13143': attribute type 10 has an invalid length. [ 1500.041266][ C1] xpad 4-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 1500.051386][ T6153] usb 4-1: USB disconnect, device number 55 [ 1500.075562][ T6153] xpad 4-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 1500.106714][ T3261] team0: Port device dummy0 added [ 1500.371018][ T3271] netlink: 8 bytes leftover after parsing attributes in process `syz.1.13148'. [ 1500.555384][ T3277] netlink: 'syz.1.13151': attribute type 3 has an invalid length. [ 1500.952421][ T28] kauditd_printk_skb: 8 callbacks suppressed [ 1500.952436][ T28] audit: type=1326 audit(2000526177.107:272): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3292 comm="syz.0.13159" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f237678efc9 code=0x7ffc0000 [ 1501.047377][ T28] audit: type=1326 audit(2000526177.135:273): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3292 comm="syz.0.13159" exe="/root/syz-executor" sig=0 arch=c000003e syscall=239 compat=0 ip=0x7f237678efc9 code=0x7ffc0000 [ 1501.078840][T12696] usb 4-1: new high-speed USB device number 56 using dummy_hcd [ 1501.142951][ T28] audit: type=1326 audit(2000526177.135:274): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3292 comm="syz.0.13159" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f237678efc9 code=0x7ffc0000 [ 1501.205410][ T28] audit: type=1326 audit(2000526177.135:275): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3292 comm="syz.0.13159" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f237678efc9 code=0x7ffc0000 [ 1501.292681][T12696] usb 4-1: Using ep0 maxpacket: 8 [ 1501.305836][T12696] usb 4-1: unable to get BOS descriptor or descriptor too short [ 1501.316266][T12696] usb 4-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 1501.346083][T12696] usb 4-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 1501.356262][T12696] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1501.391446][T12696] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1501.400833][T12696] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1501.408853][T12696] usb 4-1: Product: syz [ 1501.424209][T12696] usb 4-1: Manufacturer: syz [ 1501.428945][T12696] usb 4-1: SerialNumber: syz [ 1501.459028][ T3309] netlink: 'syz.0.13167': attribute type 21 has an invalid length. [ 1501.470387][ T3309] IPv6: NLM_F_CREATE should be specified when creating new route [ 1501.481600][ T3309] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1501.489847][ T3309] IPv6: NLM_F_CREATE should be set when creating new route [ 1501.497289][ T3309] IPv6: NLM_F_CREATE should be set when creating new route [ 1501.504551][ T3309] IPv6: NLM_F_CREATE should be set when creating new route [ 1501.744203][T12696] usb 4-1: 0:2 : does not exist [ 1501.797277][T12696] usb 4-1: USB disconnect, device number 56 [ 1501.907140][ T6026] udevd[6026]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1501.959531][ T3325] netlink: 20 bytes leftover after parsing attributes in process `syz.2.13175'. [ 1502.319368][T25152] usb 1-1: new high-speed USB device number 84 using dummy_hcd [ 1502.524902][T25152] usb 1-1: Using ep0 maxpacket: 16 [ 1502.565476][T25152] usb 1-1: config 0 has an invalid interface number: 20 but max is 0 [ 1502.574563][T25152] usb 1-1: config 0 has no interface number 0 [ 1502.600781][T25152] usb 1-1: New USB device found, idVendor=0402, idProduct=5602, bcdDevice=7c.94 [ 1502.621723][T25152] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1502.650012][T25152] usb 1-1: Product: syz [ 1502.665531][T25152] usb 1-1: Manufacturer: syz [ 1502.670201][T25152] usb 1-1: SerialNumber: syz [ 1502.700187][T25152] usb 1-1: config 0 descriptor?? [ 1502.751359][ T3350] netlink: 'syz.1.13187': attribute type 49 has an invalid length. [ 1502.759752][ T3351] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=io+mem:owns=io+mem [ 1502.984748][T25152] gspca_main: ALi m5602-2.14.0 probing 0402:5602 [ 1503.036359][T25152] gspca_m5602: Failed to find a sensor [ 1503.041891][T25152] ALi m5602 1-1:0.20: ALi m5602 webcam failed [ 1503.081541][T25152] usb 1-1: USB disconnect, device number 84 [ 1503.662680][ T3393] loop1: detected capacity change from 0 to 64 [ 1504.394121][ T3421] loop1: detected capacity change from 0 to 1024 [ 1504.838292][ T3437] netlink: 8 bytes leftover after parsing attributes in process `syz.2.13224'. [ 1505.162833][T25152] usb 4-1: new high-speed USB device number 57 using dummy_hcd [ 1505.251600][ T3453] netlink: 'syz.1.13232': attribute type 9 has an invalid length. [ 1505.260137][ T3453] netlink: 911 bytes leftover after parsing attributes in process `syz.1.13232'. [ 1505.366394][T25152] usb 4-1: Using ep0 maxpacket: 16 [ 1505.398356][T25152] usb 4-1: config 0 has an invalid interface number: 237 but max is 0 [ 1505.406589][T25152] usb 4-1: config 0 has no interface number 0 [ 1505.440853][T25152] usb 4-1: config 0 interface 237 has no altsetting 0 [ 1505.461002][T25152] usb 4-1: New USB device found, idVendor=0e41, idProduct=5057, bcdDevice= 6.ad [ 1505.482582][T25152] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1505.500299][T25152] usb 4-1: Product: syz [ 1505.505258][T25152] usb 4-1: Manufacturer: syz [ 1505.516028][T25152] usb 4-1: SerialNumber: syz [ 1505.531875][T25152] usb 4-1: config 0 descriptor?? [ 1505.559937][T25152] snd_usb_podhd 4-1:0.237: Line 6 POD HD300 found [ 1505.783647][T25152] snd_usb_podhd 4-1:0.237: cannot get proper max packet size [ 1505.796734][T25152] snd_usb_podhd 4-1:0.237: Line 6 POD HD300 now disconnected [ 1505.827769][T25152] snd_usb_podhd: probe of 4-1:0.237 failed with error -22 [ 1506.065952][T25152] usb 4-1: USB disconnect, device number 57 [ 1506.132812][ T3475] loop0: detected capacity change from 0 to 2048 [ 1506.190230][ T3475] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024) [ 1506.274016][ T3481] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1506.283511][ T3482] --map-set only usable from mangle table [ 1506.342081][ T3475] NILFS (loop0): DAT doesn't have a block to manage vblocknr = 147 [ 1506.387829][ T3475] NILFS error (device loop0): nilfs_bmap_truncate: broken bmap (inode number=15) [ 1506.408743][ T3475] Remounting filesystem read-only [ 1506.408763][ T3475] NILFS (loop0): error -5 truncating bmap (ino=15) [ 1506.409155][ T3475] syz.0.13243: attempt to access beyond end of device [ 1506.409155][ T3475] loop0: rw=0, sector=262216, nr_sectors = 2 limit=2048 [ 1506.409295][ T3475] NILFS (loop0): I/O error reading meta-data file (ino=6, block-offset=1) [ 1506.464427][ T6076] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 1506.464534][ T6076] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 1506.464554][ T6076] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 1506.464572][ T6076] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 1506.464590][ T6076] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 1506.464606][ T6076] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 1506.464947][ T6076] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 1506.464966][ T6076] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 1506.465001][ T6076] NILFS (loop0): discard dirty block: blocknr=131108, size=1024 [ 1506.465017][ T6076] NILFS (loop0): discard dirty block: blocknr=37, size=1024 [ 1506.465034][ T6076] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 1507.337398][ T12] hfsplus: b-tree write err: -5, ino 4 [ 1507.352236][ T3513] loop1: detected capacity change from 0 to 4096 [ 1507.386415][ T3513] ntfs: (device loop1): check_mft_mirror(): $MFT and $MFTMirr (record 1) do not match. Run ntfsfix or chkdsk. [ 1507.427137][ T3513] ntfs: (device loop1): load_system_files(): $MFTMirr does not match $MFT. Mounting read-only. Run ntfsfix and/or chkdsk. [ 1507.472137][ T3513] ntfs: (device loop1): ntfs_read_locked_inode(): First extent of $DATA attribute has non zero lowest_vcn. [ 1507.493113][ T3513] ntfs: (device loop1): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0xa as bad. Run chkdsk. [ 1507.522892][ T3513] ntfs: (device loop1): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 1507.579040][ T3513] ntfs: volume version 3.1. [ 1507.615877][ T3513] ntfs: (device loop1): ntfs_check_logfile(): Did not find any restart pages in $LogFile and it was not empty. [ 1507.647173][ T3513] ntfs: (device loop1): load_system_files(): Failed to load $LogFile. Will not be able to remount read-write. Mount in Windows. [ 1507.731846][ T3513] ntfs: (device loop1): ntfs_lookup_inode_by_name(): Index entry out of bounds in directory inode 0x5. [ 1507.768442][ T3513] ntfs: (device loop1): check_windows_hibernation_status(): Failed to find inode number for hiberfil.sys. [ 1507.803484][ T3513] ntfs: (device loop1): load_system_files(): Failed to determine if Windows is hibernated. Will not be able to remount read-write. Run chkdsk. [ 1508.386094][ T3549] loop1: detected capacity change from 0 to 1024 [ 1508.894495][ T3566] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1508.918317][ T3566] overlayfs: missing 'lowerdir' [ 1509.130947][ T3576] loop3: detected capacity change from 0 to 1024 [ 1509.176831][ T3579] netlink: 16 bytes leftover after parsing attributes in process `syz.0.13294'. [ 1509.360655][ T3583] mac80211_hwsim hwsim4 wlan0: left promiscuous mode [ 1509.382143][ T3583] mac80211_hwsim hwsim4 wlan0: entered allmulticast mode [ 1509.403676][ T3583] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check. [ 1509.530831][ T3589] netlink: 'syz.3.13299': attribute type 29 has an invalid length. [ 1509.552011][ T3589] netlink: 'syz.3.13299': attribute type 29 has an invalid length. [ 1509.738400][T18302] usb 2-1: new high-speed USB device number 74 using dummy_hcd [ 1509.930761][T18302] usb 2-1: Using ep0 maxpacket: 8 [ 1509.943303][T18302] usb 2-1: config 179 has an invalid interface number: 65 but max is 0 [ 1509.952320][T18302] usb 2-1: config 179 has no interface number 0 [ 1509.958650][T18302] usb 2-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9 [ 1509.986882][T18302] usb 2-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024 [ 1510.009368][T18302] usb 2-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 52, changing to 9 [ 1510.037533][T18302] usb 2-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid maxpacket 8241, setting to 1024 [ 1510.060175][T18302] usb 2-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 1510.087947][T18302] usb 2-1: config 179 interface 65 has no altsetting 0 [ 1510.106251][T18302] usb 2-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00 [ 1510.123160][T18302] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1510.153858][T18302] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:179.65/input/input98 [ 1510.248162][ T3609] IPv6: sit1: Disabled Multicast RS [ 1510.256280][ T5143] input input98: unable to receive magic message: -110 [ 1510.282142][ T5143] input input98: unable to receive magic message: -32 [ 1510.316971][ T5143] input input98: unable to receive magic message: -32 [ 1510.324021][T25152] usb 1-1: new high-speed USB device number 85 using dummy_hcd [ 1510.374755][ T5143] input input98: unable to receive magic message: -32 [ 1510.400149][ T5143] input input98: unable to receive magic message: -32 [ 1510.555450][T25152] usb 1-1: Using ep0 maxpacket: 8 [ 1510.577712][T25152] usb 1-1: config 0 interface 0 has no altsetting 0 [ 1510.596876][T25152] usb 1-1: New USB device found, idVendor=0e41, idProduct=4142, bcdDevice=d4.6e [ 1510.621388][T25152] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1510.636293][T25152] usb 1-1: Product: syz [ 1510.645042][T25152] usb 1-1: Manufacturer: syz [ 1510.657719][T25152] usb 1-1: SerialNumber: syz [ 1510.680019][T18302] usb 2-1: USB disconnect, device number 74 [ 1510.681960][T25152] usb 1-1: config 0 descriptor?? [ 1510.686122][ C0] xpad 2-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 1510.719759][T18302] xpad 2-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 1510.735661][T25152] snd_usb_toneport 1-1:0.0: Line 6 TonePort UX2 found [ 1510.997584][T25152] snd_usb_toneport 1-1:0.0: Line 6 TonePort UX2 now disconnected [ 1511.023889][T25152] snd_usb_toneport: probe of 1-1:0.0 failed with error -22 [ 1511.073134][ T3626] netlink: 8 bytes leftover after parsing attributes in process `syz.2.13317'. [ 1511.226892][ T3615] loop3: detected capacity change from 0 to 32768 [ 1511.237026][T18302] usb 1-1: USB disconnect, device number 85 [ 1511.271970][ T3615] JBD2: Ignoring recovery information on journal [ 1511.322755][ T3615] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 1511.451463][ T6086] ocfs2: Unmounting device (7,3) on (node local) [ 1511.813727][ T3641] loop1: detected capacity change from 0 to 1764 [ 1512.219063][ T3658] loop0: detected capacity change from 0 to 1764 [ 1512.507152][ T3671] netlink: 8 bytes leftover after parsing attributes in process `syz.1.13337'. [ 1512.800138][ T6153] usb 4-1: new high-speed USB device number 58 using dummy_hcd [ 1512.835022][ T3681] netlink: 20 bytes leftover after parsing attributes in process `syz.1.13342'. [ 1513.003896][ T3685] netlink: 'syz.1.13344': attribute type 21 has an invalid length. [ 1513.020487][ T6153] usb 4-1: Using ep0 maxpacket: 16 [ 1513.030932][ T3685] netlink: 128 bytes leftover after parsing attributes in process `syz.1.13344'. [ 1513.035163][ T6153] usb 4-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 1513.040112][ T3685] netlink: 'syz.1.13344': attribute type 4 has an invalid length. [ 1513.078411][ T6153] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1513.095155][ T28] kauditd_printk_skb: 11 callbacks suppressed [ 1513.095171][ T28] audit: type=1326 audit(2000000010.523:281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3686 comm="syz.2.13345" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3bd818efc9 code=0x7ffc0000 [ 1513.101981][ T6153] usb 4-1: Product: syz [ 1513.170714][ T28] audit: type=1326 audit(2000000010.523:282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3686 comm="syz.2.13345" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3bd818efc9 code=0x7ffc0000 [ 1513.177532][ T6153] usb 4-1: Manufacturer: syz [ 1513.223636][ T6153] usb 4-1: SerialNumber: syz [ 1513.241159][ T6153] r8152-cfgselector 4-1: config 0 descriptor?? [ 1513.266099][ T28] audit: type=1326 audit(2000000010.551:283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3686 comm="syz.2.13345" exe="/root/syz-executor" sig=0 arch=c000003e syscall=448 compat=0 ip=0x7f3bd818efc9 code=0x7ffc0000 [ 1513.271715][ T3673] loop0: detected capacity change from 0 to 32768 [ 1513.340424][ T3673] [ 1513.340424][ T3673] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 1513.340424][ T3673] [ 1513.371036][ T3673] ERROR: (device loop0): dtSearch: stack overrun! [ 1513.371036][ T3673] [ 1513.390785][ T28] audit: type=1326 audit(2000000010.551:284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3686 comm="syz.2.13345" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3bd818efc9 code=0x7ffc0000 [ 1513.422944][ T3673] btstack dump: [ 1513.428666][ T3673] bn = 0, index = 0 [ 1513.432612][ T3673] bn = 0, index = 0 [ 1513.437682][ T3673] bn = 0, index = 0 [ 1513.441561][ T3673] bn = 0, index = 0 [ 1513.445948][ T3673] bn = 0, index = 0 [ 1513.476448][ T28] audit: type=1326 audit(2000000010.551:285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3686 comm="syz.2.13345" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3bd818efc9 code=0x7ffc0000 [ 1513.490852][ T3673] bn = 0, index = 0 [ 1513.565538][ T3673] bn = 0, index = 0 [ 1513.569439][ T3673] bn = 0, index = 0 [ 1513.573333][ T3673] jfs_lookup: dtSearch returned -5 [ 1513.711220][ T6153] r8152-cfgselector 4-1: Unknown version 0x0000 [ 1513.727766][ T6076] [ 1513.727766][ T6076] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 1513.727766][ T6076] [ 1513.748081][ T6153] r8152-cfgselector 4-1: USB disconnect, device number 58 [ 1513.755276][ T6076] [ 1513.755276][ T6076] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 1513.755276][ T6076] [ 1514.358401][ T3713] loop1: detected capacity change from 0 to 764 [ 1514.575676][ T3722] netlink: 8 bytes leftover after parsing attributes in process `syz.0.13363'. [ 1514.627322][ T3722] netlink: 8 bytes leftover after parsing attributes in process `syz.0.13363'. [ 1514.636658][ T3722] netlink: 4 bytes leftover after parsing attributes in process `syz.0.13363'. [ 1515.188607][ T3747] netlink: 16 bytes leftover after parsing attributes in process `syz.2.13375'. [ 1515.413523][ T3755] netlink: 8 bytes leftover after parsing attributes in process `syz.0.13378'. [ 1515.729881][ T3739] loop3: detected capacity change from 0 to 32768 [ 1515.745199][ T3739] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz.3.13371 (3739) [ 1515.813507][ T3739] BTRFS info (device loop3): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 1515.854164][ T3739] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [ 1515.885874][ T3739] BTRFS info (device loop3): force zlib compression, level 3 [ 1515.894062][ T3739] BTRFS info (device loop3): force clearing of disk cache [ 1515.914052][ T3739] BTRFS info (device loop3): setting nodatasum [ 1515.937536][ T3739] BTRFS info (device loop3): allowing degraded mounts [ 1515.975994][ T3739] BTRFS info (device loop3): enabling disk space caching [ 1516.003549][ T3739] BTRFS info (device loop3): disk space caching is enabled [ 1516.243167][ T3739] BTRFS info (device loop3): auto enabling async discard [ 1516.284993][ T3739] BTRFS info (device loop3): rebuilding free space tree [ 1516.388200][ T3739] BTRFS info (device loop3): disabling free space tree [ 1516.395191][ T3739] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 1516.441241][ T3739] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 1516.751699][ T6086] BTRFS info (device loop3): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 1517.550956][ T3836] comedi comedi4: bad chanlist[0]=0x000040e3 chan=16611 range length=2 [ 1517.727969][ T3834] loop0: detected capacity change from 0 to 4096 [ 1517.759573][ T3834] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 1517.879970][ T3834] ntfs3: loop0: Failed to initialize $Secure (-22). [ 1518.249410][ T3827] loop1: detected capacity change from 0 to 32768 [ 1518.579486][ T3859] netlink: 16 bytes leftover after parsing attributes in process `syz.2.13424'. [ 1518.599396][ T3859] netlink: 40 bytes leftover after parsing attributes in process `syz.2.13424'. [ 1519.086529][ T3851] loop0: detected capacity change from 0 to 32768 [ 1519.126667][ T3851] XFS: ikeep mount option is deprecated. [ 1519.184285][ T3851] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 1519.424926][ T3851] XFS (loop0): Ending clean mount [ 1519.439635][ T3851] XFS (loop0): Quotacheck needed: Please wait. [ 1519.502102][ T58] XFS (loop0): Metadata corruption detected at xfs_dinode_verify+0x2b9/0x1140, inode 0x2443 dinode [ 1519.515915][ T58] XFS (loop0): Unmount and run xfs_repair [ 1519.524985][ T58] XFS (loop0): First 128 bytes of corrupted metadata buffer: [ 1519.542584][ T58] 00000000: 49 4e 41 ed 03 01 00 00 00 00 00 00 00 00 00 00 INA............. [ 1519.551934][ T58] 00000010: 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 1519.594986][ T58] 00000020: 34 f7 58 68 a5 e2 bf 3d 34 f7 58 68 a5 e2 bf 3d 4.Xh...=4.Xh...= [ 1519.616001][ T58] 00000030: 34 f7 58 68 a5 e2 bf 3d 00 00 00 00 00 00 00 20 4.Xh...=....... [ 1519.649613][ T58] 00000040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 1519.658537][ T58] 00000050: 00 00 00 02 00 00 00 00 00 00 00 00 54 01 7a fc ............T.z. [ 1519.691441][ T58] 00000060: ff ff ff ff 4c 7b c2 21 00 00 00 00 00 00 00 04 ....L{.!........ [ 1519.709496][ T58] 00000070: 00 00 00 01 00 00 00 80 00 00 00 00 00 00 00 08 ................ [ 1519.793034][ T3851] XFS (loop0): Quotacheck: Unsuccessful (Error -117): Disabling quotas. [ 1519.827186][ T3851] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 1520.816658][ T3900] loop3: detected capacity change from 0 to 32768 [ 1520.880177][ T3900] [ 1520.880177][ T3900] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 1520.880177][ T3900] [ 1520.954120][ T3900] ERROR: (device loop3): dbAlloc: the hint is outside the map [ 1520.954120][ T3900] [ 1521.162373][ T12] read_mapping_page failed! [ 1521.168595][ T12] ERROR: (device loop3): txCommit: [ 1521.168595][ T12] [ 1521.176039][ T12] jfs_write_inode: jfs_commit_inode failed! [ 1521.240753][ T6086] [ 1521.240753][ T6086] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 1521.240753][ T6086] [ 1521.280217][ T6086] [ 1521.280217][ T6086] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 1521.280217][ T6086] [ 1521.387512][ T3930] Cannot find add_set index 3 as target [ 1522.021781][ T3946] netlink: 24 bytes leftover after parsing attributes in process `syz.2.13461'. [ 1522.048744][ T3946] (unnamed net_device) (uninitialized): option ad_actor_sys_prio: mode dependency failed, not supported in mode balance-rr(0) [ 1522.532171][ T3938] loop3: detected capacity change from 0 to 32768 [ 1522.557089][ T3938] XFS: ikeep mount option is deprecated. [ 1522.650148][T19905] XFS (loop3): filesystem is marked as having an internal log; do not specify logdev on the mount command line. [ 1523.020017][ T3977] loop1: detected capacity change from 0 to 1024 [ 1523.273174][ T3981] veth5: entered promiscuous mode [ 1523.278399][ T3981] veth5: entered allmulticast mode [ 1523.860954][ T28] audit: type=1326 audit(2000000020.588:286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4002 comm="syz.0.13487" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f237678efc9 code=0x7ffc0000 [ 1523.951518][ T28] audit: type=1326 audit(2000000020.588:287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4002 comm="syz.0.13487" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f237678efc9 code=0x7ffc0000 [ 1524.034407][ T4009] vivid-007: disconnect [ 1524.047590][ T28] audit: type=1326 audit(2000000020.597:288): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4002 comm="syz.0.13487" exe="/root/syz-executor" sig=0 arch=c000003e syscall=198 compat=0 ip=0x7f237678efc9 code=0x7ffc0000 [ 1524.087923][ T4006] vivid-007: reconnect [ 1524.159849][ T28] audit: type=1326 audit(2000000020.597:289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4002 comm="syz.0.13487" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f237678efc9 code=0x7ffc0000 [ 1524.182554][ C0] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 1524.678211][ T4030] netlink: 44 bytes leftover after parsing attributes in process `syz.2.13501'. [ 1524.859877][ T4035] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 1524.871018][ T4037] tmpfs: Bad value for 'mpol' [ 1525.693196][ T4027] loop1: detected capacity change from 0 to 40427 [ 1525.744354][ T4027] F2FS-fs (loop1): Fix alignment : internally, start(4096) end(16896) block(12288) [ 1525.804196][ T4027] F2FS-fs (loop1): invalid crc value [ 1525.826883][ T4041] loop3: detected capacity change from 0 to 32768 [ 1525.838017][ T4027] F2FS-fs (loop1): Found nat_bits in checkpoint [ 1525.929364][ T4041] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 1526.066207][ T4027] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 1526.141482][ T4027] F2FS-fs (loop1): Try to recover all the superblocks, ret: 0 [ 1526.305632][ T4041] XFS (loop3): Ending clean mount [ 1526.375592][ T4078] netlink: 8 bytes leftover after parsing attributes in process `syz.2.13518'. [ 1526.385564][ T4041] XFS (loop3): Quotacheck needed: Please wait. [ 1526.394492][ T4078] netlink: 8 bytes leftover after parsing attributes in process `syz.2.13518'. [ 1526.409224][ T4078] ip6tnl5: entered promiscuous mode [ 1526.432477][ T4078] ip6tnl5: entered allmulticast mode [ 1526.449086][ T4041] XFS (loop3): Quotacheck: Done. [ 1526.852791][ T6086] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 1527.779620][ T4112] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 1528.509082][ T4141] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks [ 1528.647866][T19905] usb 1-1: new high-speed USB device number 86 using dummy_hcd [ 1528.706926][ T4149] loop1: detected capacity change from 0 to 256 [ 1528.854922][T19905] usb 1-1: config 0 has an invalid interface number: 216 but max is 0 [ 1528.874142][T19905] usb 1-1: config 0 has no interface number 0 [ 1528.881041][T19905] usb 1-1: config 0 interface 216 altsetting 4 bulk endpoint 0x8F has invalid maxpacket 64 [ 1528.913239][T19905] usb 1-1: config 0 interface 216 altsetting 4 endpoint 0x1 has invalid wMaxPacketSize 0 [ 1528.949213][T19905] usb 1-1: config 0 interface 216 has no altsetting 0 [ 1528.958703][T19905] usb 1-1: New USB device found, idVendor=1286, idProduct=2046, bcdDevice=c1.2e [ 1528.969177][T19905] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1529.001764][T19905] usb 1-1: config 0 descriptor?? [ 1529.026808][ T4135] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 1529.043176][T19905] usb 1-1: NFC: intf ffff888054537000 id ffffffff8d63b520 [ 1529.061811][ T4161] netlink: 'syz.1.13559': attribute type 33 has an invalid length. [ 1529.085559][ T4161] netlink: 152 bytes leftover after parsing attributes in process `syz.1.13559'. [ 1529.275972][T18302] usb 1-1: USB disconnect, device number 86 [ 1529.559279][ T8] usb 2-1: new high-speed USB device number 75 using dummy_hcd [ 1529.775113][ T8] usb 2-1: config 0 has an invalid interface number: 194 but max is 0 [ 1529.787794][ T8] usb 2-1: config 0 has no interface number 0 [ 1529.803686][ T8] usb 2-1: too many endpoints for config 0 interface 194 altsetting 233: 59, using maximum allowed: 30 [ 1529.831068][ T8] usb 2-1: config 0 interface 194 altsetting 233 has 0 endpoint descriptors, different from the interface descriptor's value: 59 [ 1529.877354][ T8] usb 2-1: config 0 interface 194 has no altsetting 0 [ 1529.901845][ T8] usb 2-1: New USB device found, idVendor=0c72, idProduct=0012, bcdDevice=22.96 [ 1529.933098][ T8] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1529.941151][ T8] usb 2-1: Product: syz [ 1529.971732][ T8] usb 2-1: Manufacturer: syz [ 1529.976682][ T4192] netlink: 'syz.2.13574': attribute type 10 has an invalid length. [ 1529.985340][ T8] usb 2-1: SerialNumber: syz [ 1530.004018][ T8] usb 2-1: config 0 descriptor?? [ 1530.103201][ T4192] team0: Port device wlan1 added [ 1530.274974][ T8] peak_usb: probe of 2-1:0.194 failed with error 194 [ 1530.305774][ T8] usb 2-1: USB disconnect, device number 75 [ 1531.224183][ T4234] xt_bpf: check failed: parse error [ 1531.536650][ T4244] cgroup: name respecified [ 1531.690733][ T4250] (null): rxe_set_mtu: Set mtu to 1024 [ 1532.009687][ T4250] infiniband syz1: set active [ 1532.017740][ T4250] infiniband syz1: added syz_tun [ 1532.201619][ T4250] RDS/IB: syz1: added [ 1532.211094][ T4271] netlink: 'syz.3.13613': attribute type 1 has an invalid length. [ 1532.219103][ T4271] netlink: 228 bytes leftover after parsing attributes in process `syz.3.13613'. [ 1532.228523][ T4250] smc: adding ib device syz1 with port count 1 [ 1532.256225][ T4250] smc: ib device syz1 port 1 has pnetid [ 1532.800816][ T4285] loop1: detected capacity change from 0 to 1024 [ 1533.777959][ T4309] loop3: detected capacity change from 0 to 512 [ 1533.826826][ T4309] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 1533.889238][ T4309] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a843c018, mo2=0002] [ 1533.897423][ T4309] System zones: 0-2, 18-18, 34-34 [ 1533.909775][T12696] usb 3-1: new high-speed USB device number 62 using dummy_hcd [ 1533.920418][ T4309] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1533.974002][ T4309] ext4 filesystem being mounted at /3450/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1534.101373][ T4304] loop1: detected capacity change from 0 to 32768 [ 1534.103937][ T6086] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1534.125774][T12696] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 1534.137142][T12696] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 1534.149886][T12696] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 1534.159213][T12696] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1534.174739][ T4304] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 1534.190446][ T4306] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1534.226926][T12696] usb 3-1: Quirk or no altest; falling back to MIDI 1.0 [ 1534.415853][ T4304] XFS (loop1): Ending clean mount [ 1534.431274][ T4322] bond3: entered promiscuous mode [ 1534.468268][ T4304] XFS (loop1): Quotacheck needed: Please wait. [ 1534.473054][ T4322] bond3: entered allmulticast mode [ 1534.521239][ T4322] 8021q: adding VLAN 0 to HW filter on device bond3 [ 1534.618474][ T4304] XFS (loop1): Quotacheck: Done. [ 1534.736316][T12696] usb 3-1: USB disconnect, device number 62 [ 1534.812017][ T4326] [U]  [ 1534.857205][ T6082] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 1535.132261][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 1535.138864][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 1535.616439][ T4351] IPv6: Can't replace route, no match found [ 1535.963370][ T4363] netlink: 20 bytes leftover after parsing attributes in process `syz.3.13654'. [ 1536.633775][ T4375] netlink: 'syz.3.13660': attribute type 3 has an invalid length. [ 1536.686492][ T4375] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.13660'. [ 1537.108942][ T4389] 8021q: adding VLAN 0 to HW filter on device bond4 [ 1537.363058][ T4406] qrtr: Invalid version 0 [ 1537.751803][ T4418] netlink: 'syz.2.13680': attribute type 2 has an invalid length. [ 1538.453049][ T4440] loop1: detected capacity change from 0 to 4096 [ 1538.475942][ T4440] ntfs: (device loop1): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel. [ 1538.623709][ T4440] ntfs: volume version 3.1. [ 1539.163033][ T4464] netlink: 8 bytes leftover after parsing attributes in process `syz.2.13702'. [ 1539.766937][ T4488] loop1: detected capacity change from 0 to 256 [ 1539.872513][ T4488] FAT-fs (loop1): Directory bread(block 64) failed [ 1539.904859][ T4488] FAT-fs (loop1): Directory bread(block 65) failed [ 1539.944435][ T4488] FAT-fs (loop1): Directory bread(block 66) failed [ 1539.965024][ T4488] FAT-fs (loop1): Directory bread(block 67) failed [ 1539.992847][ T4488] FAT-fs (loop1): Directory bread(block 68) failed [ 1540.014395][ T4488] FAT-fs (loop1): Directory bread(block 69) failed [ 1540.021203][ T4488] FAT-fs (loop1): Directory bread(block 70) failed [ 1540.046185][ T4488] FAT-fs (loop1): Directory bread(block 71) failed [ 1540.057333][ T4488] FAT-fs (loop1): Directory bread(block 72) failed [ 1540.078194][ T4488] FAT-fs (loop1): Directory bread(block 73) failed [ 1540.367974][ T4502] xt_limit: Overflow, try lower: 65536/2147483648 [ 1540.758737][ T4512] netlink: 16 bytes leftover after parsing attributes in process `syz.3.13728'. [ 1541.083511][ T4525] netlink: 'syz.3.13733': attribute type 29 has an invalid length. [ 1541.096123][ T4525] netlink: 'syz.3.13733': attribute type 29 has an invalid length. [ 1542.229625][T12696] usb 3-1: new high-speed USB device number 63 using dummy_hcd [ 1542.331645][ T4575] netlink: 52 bytes leftover after parsing attributes in process `syz.0.13758'. [ 1542.430152][T12696] usb 3-1: Using ep0 maxpacket: 8 [ 1542.442546][T12696] usb 3-1: unable to get BOS descriptor or descriptor too short [ 1542.452629][T12696] usb 3-1: config 8 has an invalid interface number: 61 but max is 2 [ 1542.460794][T12696] usb 3-1: config 8 has 1 interface, different from the descriptor's value: 3 [ 1542.513257][T12696] usb 3-1: config 8 has no interface number 0 [ 1542.539176][T12696] usb 3-1: config 8 interface 61 altsetting 8 endpoint 0x9 has invalid wMaxPacketSize 0 [ 1542.551846][ T4581] netlink: 28 bytes leftover after parsing attributes in process `syz.3.13761'. [ 1542.567098][T12696] usb 3-1: config 8 interface 61 altsetting 8 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1542.581441][ T4581] netlink: 28 bytes leftover after parsing attributes in process `syz.3.13761'. [ 1542.589940][T12696] usb 3-1: config 8 interface 61 has no altsetting 0 [ 1542.607766][ T4583] ptrace attach of "./syz-executor exec"[6076] was attempted by "./syz-executor exec"[4583] [ 1542.619472][T12696] usb 3-1: New USB device found, idVendor=057c, idProduct=2200, bcdDevice=e9.1f [ 1542.629208][T12696] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1542.644010][T12696] usb 3-1: Product: syz [ 1542.654685][T12696] usb 3-1: Manufacturer: syz [ 1542.664127][T12696] usb 3-1: SerialNumber: syz [ 1542.917719][T12696] bfusb: probe of 3-1:8.61 failed with error -5 [ 1542.956711][T12696] usb 3-1: USB disconnect, device number 63 [ 1543.270725][ T4607] netlink: 20 bytes leftover after parsing attributes in process `syz.0.13774'. [ 1543.649942][ T4618] loop3: detected capacity change from 0 to 4096 [ 1543.683799][ T4618] EXT4-fs (loop3): Test dummy encryption mode enabled [ 1543.701592][ T4618] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003] [ 1543.741235][ T4618] System zones: 0-5 [ 1543.789740][ T4618] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1543.841474][T12696] usb 2-1: new high-speed USB device number 76 using dummy_hcd [ 1544.005115][ T6086] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1544.075150][T12696] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 1544.107143][T12696] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 1544.140550][T12696] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 1544.178929][T12696] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1544.210873][ T4619] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 1544.235196][T12696] usb 2-1: Quirk or no altest; falling back to MIDI 1.0 [ 1544.325079][ T4639] loop3: detected capacity change from 0 to 764 [ 1544.371653][ T4641] CIFS mount error: No usable UNC path provided in device string! [ 1544.371653][ T4641] [ 1544.427117][ T4641] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 1544.732194][T12696] usb 2-1: USB disconnect, device number 76 [ 1544.738500][ T4645] netlink: 8 bytes leftover after parsing attributes in process `syz.0.13792'. [ 1545.272447][ T4655] loop3: detected capacity change from 0 to 2048 [ 1545.296646][ T4655] UDF-fs: error (device loop3): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 1545.315049][ T4655] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1545.940114][ T4675] (null): rxe_set_mtu: Set mtu to 1024 [ 1546.297373][ T4675] infiniband yyz!: set down [ 1546.321498][ T4675] infiniband yyz!: added team_slave_0 [ 1546.410646][ T4675] RDS/IB: yyz!: added [ 1546.414766][ T4675] smc: adding ib device yyz! with port count 1 [ 1546.464246][ T4675] smc: ib device yyz! port 1 has pnetid [ 1547.230253][T19905] usb 1-1: new high-speed USB device number 87 using dummy_hcd [ 1547.291452][ T4693] delete_channel: no stack [ 1547.427278][ T4699] netlink: 'syz.2.13818': attribute type 10 has an invalid length. [ 1547.436741][T19905] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 1547.455363][T19905] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 1547.476684][T19905] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 1547.493246][T19905] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1547.495064][ T4699] team0: Device veth1_macvtap failed to register rx_handler [ 1547.539886][ T4684] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 1547.559208][T19905] usb 1-1: Quirk or no altest; falling back to MIDI 1.0 [ 1547.610953][ T4702] usb usb8: usbfs: interface 0 claimed by hub while 'syz.1.13820' sets config #0 [ 1547.982622][T19905] usb 1-1: USB disconnect, device number 87 [ 1548.372361][ T4718] ip6gretap3: default qdisc (pfifo_fast) fail, fallback to noqueue [ 1548.417363][ T8] usb 2-1: new high-speed USB device number 77 using dummy_hcd [ 1548.644730][ T8] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1548.665869][ T8] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 1548.697903][ T8] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 1548.729808][ T4732] tmpfs: Bad value for 'mpol' [ 1548.745265][ T8] usb 2-1: New USB device found, idVendor=8086, idProduct=0b5b, bcdDevice=e1.c5 [ 1548.765204][ T8] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1548.801871][ T8] usb 2-1: Product: syz [ 1548.806092][ T8] usb 2-1: Manufacturer: syz [ 1548.827933][ T8] usb 2-1: SerialNumber: syz [ 1548.832835][ T4734] program syz.2.13836 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1548.856616][ T8] usb 2-1: config 0 descriptor?? [ 1549.112331][ T8] usb 2-1: Found UVC 34.00 device syz (8086:0b5b) [ 1549.118827][ T8] usb 2-1: No valid video chain found. [ 1549.154893][ T8] usb 2-1: USB disconnect, device number 77 [ 1549.563699][ T4752] loop3: detected capacity change from 0 to 4096 [ 1549.608494][ T4752] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1549.865502][ T6086] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1550.360406][ T4788] netlink: 209820 bytes leftover after parsing attributes in process `syz.0.13862'. [ 1550.918507][T19905] usb 1-1: new high-speed USB device number 88 using dummy_hcd [ 1551.112366][ T4816] netlink: 20 bytes leftover after parsing attributes in process `syz.3.13875'. [ 1551.142926][T19905] usb 1-1: Using ep0 maxpacket: 16 [ 1551.166899][T19905] usb 1-1: config 0 has an invalid interface number: 8 but max is 0 [ 1551.177064][T19905] usb 1-1: config 0 has no interface number 0 [ 1551.183223][T19905] usb 1-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 208, changing to 11 [ 1551.216294][T19905] usb 1-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid maxpacket 25296, setting to 1024 [ 1551.248599][T19905] usb 1-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 1551.259315][T19905] usb 1-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 1551.281468][T19905] usb 1-1: Product: syz [ 1551.289786][T19905] usb 1-1: SerialNumber: syz [ 1551.316747][T19905] usb 1-1: config 0 descriptor?? [ 1551.332742][T19905] cm109 1-1:0.8: invalid payload size 1024, expected 4 [ 1551.354795][T19905] input: CM109 USB driver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.8/input/input101 [ 1551.569779][ T4826] netlink: 16 bytes leftover after parsing attributes in process `syz.2.13880'. [ 1551.594250][ T4826] netlink: 24 bytes leftover after parsing attributes in process `syz.2.13880'. [ 1551.602688][T25152] usb 4-1: new high-speed USB device number 59 using dummy_hcd [ 1551.613865][ T4826] (unnamed net_device) (uninitialized): option primary_reselect: invalid value (255) [ 1551.753027][ T28] audit: type=1326 audit(2000000046.685:290): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4827 comm="syz.2.13881" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3bd818efc9 code=0x0 [ 1551.813663][T25152] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 1551.829174][T25152] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1551.839016][ C1] cm109 1-1:0.8: cm109_urb_irq_callback: urb status -71 [ 1551.846245][ C1] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1551.853525][ C1] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1551.860722][ C1] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1551.867916][ C1] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1551.874454][ T4818] loop1: detected capacity change from 0 to 32768 [ 1551.875148][ C1] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1551.888999][ C1] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1551.896199][ C1] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1551.903397][ C1] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1551.910619][ C1] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1551.917947][ C1] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1551.922961][ T4818] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz.1.13876 (4818) [ 1551.934782][T25152] usb 4-1: Product: syz [ 1551.946022][T25152] usb 4-1: Manufacturer: syz [ 1551.950940][T25152] usb 4-1: SerialNumber: syz [ 1551.958337][ C1] cm109 1-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19 [ 1551.967971][T19905] usb 1-1: USB disconnect, device number 88 [ 1551.990387][T25152] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 1552.010742][T19905] cm109 1-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19 [ 1552.033486][ T4818] BTRFS info (device loop1): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 1552.054565][ T5531] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 1552.086098][ T4818] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm [ 1552.117465][ T4818] BTRFS info (device loop1): using free space tree [ 1552.253960][ T4818] BTRFS info (device loop1): enabling ssd optimizations [ 1552.275592][ T4818] BTRFS info (device loop1): auto enabling async discard [ 1552.524221][ T6082] BTRFS info (device loop1): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 1552.611016][ T8] usb 4-1: USB disconnect, device number 59 [ 1553.289738][ T4871] netlink: 'syz.2.13890': attribute type 1 has an invalid length. [ 1553.308790][ T4871] netlink: 232 bytes leftover after parsing attributes in process `syz.2.13890'. [ 1553.516778][ T5531] usb 4-1: Service connection timeout for: 256 [ 1553.530380][ T5531] ath9k_htc 4-1:1.0: ath9k_htc: Unable to initialize HTC services [ 1553.573748][ T5531] ath9k_htc: Failed to initialize the device [ 1553.583687][ T8] usb 4-1: ath9k_htc: USB layer deinitialized [ 1553.905555][ T4890] netlink: 12 bytes leftover after parsing attributes in process `syz.3.13898'. [ 1553.922704][ T4890] openvswitch: netlink: Missing key (keys=40, expected=200000) [ 1554.083254][ T4896] netlink: 132 bytes leftover after parsing attributes in process `syz.1.13900'. [ 1554.358899][ T4905] loop1: detected capacity change from 0 to 64 [ 1554.491672][ T4910] loop3: detected capacity change from 0 to 764 [ 1554.596940][ T4910] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 1554.652835][ T4912] tmpfs: Bad value for 'mpol' [ 1554.937802][ T4924] netlink: 28 bytes leftover after parsing attributes in process `syz.1.13914'. [ 1554.958737][ T4924] netlink: 28 bytes leftover after parsing attributes in process `syz.1.13914'. [ 1554.994898][ T4924] netlink: 8 bytes leftover after parsing attributes in process `syz.1.13914'. [ 1555.160952][ T4930] loop1: detected capacity change from 0 to 1024 [ 1555.253905][ T4930] EXT4-fs (loop1): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 1555.323178][ T4930] ext4 filesystem being mounted at /3393/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1555.394219][ T4943] Zero length message leads to an empty skb [ 1555.511392][ T6082] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 1556.114492][ T4967] netlink: 16 bytes leftover after parsing attributes in process `syz.2.13934'. [ 1556.493556][ T4981] netlink: 8 bytes leftover after parsing attributes in process `syz.3.13939'. [ 1556.727087][ T4989] loop1: detected capacity change from 0 to 256 [ 1556.844695][ T4989] FAT-fs (loop1): Directory bread(block 64) failed [ 1556.851323][ T4989] FAT-fs (loop1): Directory bread(block 65) failed [ 1556.882887][ T4989] FAT-fs (loop1): Directory bread(block 66) failed [ 1556.926745][ T4989] FAT-fs (loop1): Directory bread(block 67) failed [ 1556.969464][ T4989] FAT-fs (loop1): Directory bread(block 68) failed [ 1556.976057][ T4989] FAT-fs (loop1): Directory bread(block 69) failed [ 1557.004081][ T4989] FAT-fs (loop1): Directory bread(block 70) failed [ 1557.011110][ T4989] FAT-fs (loop1): Directory bread(block 71) failed [ 1557.024885][ T4989] FAT-fs (loop1): Directory bread(block 72) failed [ 1557.031453][ T4989] FAT-fs (loop1): Directory bread(block 73) failed [ 1557.183241][T19905] usb 1-1: new high-speed USB device number 89 using dummy_hcd [ 1557.262508][ T5004] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1557.407905][T19905] usb 1-1: Using ep0 maxpacket: 32 [ 1557.426989][T19905] usb 1-1: unable to get BOS descriptor or descriptor too short [ 1557.433849][ T5009] netlink: 20 bytes leftover after parsing attributes in process `syz.1.13955'. [ 1557.453136][T19905] usb 1-1: config 7 has an invalid interface number: 187 but max is 0 [ 1557.476838][T19905] usb 1-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config [ 1557.509773][T19905] usb 1-1: config 7 has no interface number 0 [ 1557.521286][T19905] usb 1-1: config 7 interface 187 altsetting 6 endpoint 0x7 has invalid wMaxPacketSize 0 [ 1557.546786][T19905] usb 1-1: config 7 interface 187 altsetting 6 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1557.594067][T19905] usb 1-1: config 7 interface 187 has no altsetting 0 [ 1557.618086][T19905] usb 1-1: New USB device found, idVendor=18d1, idProduct=1eaf, bcdDevice=5a.bb [ 1557.637650][T19905] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1557.649167][T19905] usb 1-1: Product: syz [ 1557.657989][T19905] usb 1-1: Manufacturer: syz [ 1557.662617][T19905] usb 1-1: SerialNumber: syz [ 1557.686301][ T5015] loop1: detected capacity change from 0 to 2048 [ 1557.729744][ T5015] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024) [ 1557.785419][ T5020] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1557.787022][ T5015] syz.1.13958: attempt to access beyond end of device [ 1557.787022][ T5015] loop1: rw=524288, sector=33554430, nr_sectors = 2 limit=2048 [ 1557.849080][ T5022] loop3: detected capacity change from 0 to 256 [ 1557.939379][ T5015] syz.1.13958: attempt to access beyond end of device [ 1557.939379][ T5015] loop1: rw=0, sector=9437254, nr_sectors = 2 limit=2048 [ 1557.954154][T19905] usb 1-1: Limiting number of CPorts to U8_MAX [ 1557.956047][T19905] usb 1-1: Unknown endpoint type found, address 0x07 [ 1557.971698][ T5022] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d) [ 1557.988693][ T5015] NILFS (loop1): I/O error reading meta-data file (ino=6, block-offset=0) [ 1558.006864][T19905] usb 1-1: Not enough endpoints found in device, aborting! [ 1558.215818][T19905] usb 1-1: USB disconnect, device number 89 [ 1558.653050][ T5042] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 1558.902314][ T5050] netlink: 8 bytes leftover after parsing attributes in process `syz.1.13975'. [ 1558.954062][ T5053] netlink: 129384 bytes leftover after parsing attributes in process `syz.0.13976'. [ 1559.145591][ T5058] netlink: 12 bytes leftover after parsing attributes in process `syz.1.13979'. [ 1559.268072][ T5064] netlink: 'syz.0.13982': attribute type 1 has an invalid length. [ 1559.275976][ T5064] netlink: 8 bytes leftover after parsing attributes in process `syz.0.13982'. [ 1559.753203][ T5082] loop3: detected capacity change from 0 to 512 [ 1559.772073][T12696] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 1559.815917][ T5082] EXT4-fs: Ignoring removed nobh option [ 1559.900410][ T5082] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1559.978489][ T5082] ext4 filesystem being mounted at /3553/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 1560.010744][ T5091] netlink: 28 bytes leftover after parsing attributes in process `syz.1.13994'. [ 1560.028113][ T5091] netlink: 108 bytes leftover after parsing attributes in process `syz.1.13994'. [ 1560.037800][T12696] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 1560.038583][ T28] audit: type=1326 audit(2000000054.421:291): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5092 comm="syz.2.13995" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3bd818efc9 code=0x7ffc0000 [ 1560.046282][ T5091] netlink: 28 bytes leftover after parsing attributes in process `syz.1.13994'. [ 1560.108261][ T5082] EXT4-fs error (device loop3): ext4_xattr_block_get:600: inode #15: comm syz.3.13989: corrupted xattr block 33: bad e_name length [ 1560.141659][ T28] audit: type=1326 audit(2000000054.421:292): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5092 comm="syz.2.13995" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3bd818efc9 code=0x7ffc0000 [ 1560.172201][ T28] audit: type=1326 audit(2000000054.421:293): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5092 comm="syz.2.13995" exe="/root/syz-executor" sig=0 arch=c000003e syscall=253 compat=0 ip=0x7f3bd818efc9 code=0x7ffc0000 [ 1560.195052][ T28] audit: type=1326 audit(2000000054.430:294): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5092 comm="syz.2.13995" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3bd818efc9 code=0x7ffc0000 [ 1560.291357][ T5082] EXT4-fs error (device loop3): ext4_get_inode_usage:905: inode #15: comm syz.3.13989: corrupted xattr block 33: bad e_name length [ 1560.352346][ T28] audit: type=1326 audit(2000000054.430:295): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5092 comm="syz.2.13995" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3bd818efc9 code=0x7ffc0000 [ 1560.462670][ T6086] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1560.617201][ T5110] netlink: 'syz.1.14002': attribute type 10 has an invalid length. [ 1560.657748][ T5110] veth0_virt_wifi: entered allmulticast mode [ 1560.741903][ T5110] team0: Port device veth0_virt_wifi added [ 1560.985768][ T5125] loop3: detected capacity change from 0 to 512 [ 1561.030052][ T5125] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem [ 1561.068283][ T5125] EXT4-fs error (device loop3): mb_free_blocks:1938: group 0, inode 11: block 64:freeing already freed block (bit 63); block bitmap corrupt. [ 1561.162569][ T5125] EXT4-fs error (device loop3): ext4_do_update_inode:5236: inode #11: comm syz.3.14007: corrupted inode contents [ 1561.275732][ T5125] EXT4-fs error (device loop3): ext4_dirty_inode:6112: inode #11: comm syz.3.14007: mark_inode_dirty error [ 1561.299820][ T5125] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #11: comm syz.3.14007: invalid indirect mapped block 1 (level 1) [ 1561.331529][ T5125] EXT4-fs error (device loop3): ext4_do_update_inode:5236: inode #11: comm syz.3.14007: corrupted inode contents [ 1561.352205][ T5125] EXT4-fs error (device loop3) in ext4_orphan_del:301: Corrupt filesystem [ 1561.388016][ T5125] EXT4-fs error (device loop3): ext4_do_update_inode:5236: inode #11: comm syz.3.14007: corrupted inode contents [ 1561.401509][ T5125] EXT4-fs error (device loop3): ext4_truncate:4294: inode #11: comm syz.3.14007: mark_inode_dirty error [ 1561.421222][ T5125] EXT4-fs error (device loop3) in ext4_process_orphan:343: Corrupt filesystem [ 1561.440646][ T5125] EXT4-fs (loop3): 1 truncate cleaned up [ 1561.468916][ T5125] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1561.689627][ T6086] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1561.779053][ T5152] x_tables: duplicate underflow at hook 2 [ 1561.871813][ T5154] loop1: detected capacity change from 0 to 1024 [ 1562.053508][ T5161] loop3: detected capacity change from 0 to 512 [ 1562.095012][ T5161] EXT4-fs: Ignoring removed bh option [ 1562.116403][ T5161] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem [ 1562.159140][ T5161] EXT4-fs (loop3): 1 truncate cleaned up [ 1562.208243][ T5161] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1562.389629][T18302] usb 3-1: new high-speed USB device number 64 using dummy_hcd [ 1562.453168][ T6086] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1562.607991][T18302] usb 3-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice=f6.00 [ 1562.628663][T18302] usb 3-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3 [ 1562.657108][T18302] usb 3-1: Product: syz [ 1562.667658][T18302] usb 3-1: SerialNumber: syz [ 1562.683242][T18302] usb 3-1: config 0 descriptor?? [ 1562.945189][T18302] hso 3-1:0.0: Failed to find BULK IN ep [ 1563.186815][T18302] usb 3-1: USB disconnect, device number 64 [ 1563.336116][ T5203] loop3: detected capacity change from 0 to 1024 [ 1563.382324][ T5208] loop1: detected capacity change from 0 to 128 [ 1563.390636][ T5203] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1563.592804][ T6086] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1563.788187][ T5222] loop1: detected capacity change from 0 to 128 [ 1563.803652][ T5222] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256 [ 1563.838110][ T5222] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1564.046811][T19905] usb 1-1: new high-speed USB device number 90 using dummy_hcd [ 1564.066420][ T5231] netdevsim netdevsim2 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0 [ 1564.110151][ T5231] netdevsim netdevsim2 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0 [ 1564.131178][ T5231] netdevsim netdevsim2 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0 [ 1564.153471][ T5231] netdevsim netdevsim2 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0 [ 1564.190506][ T5231] geneve4: entered promiscuous mode [ 1564.196034][ T5231] geneve4: entered allmulticast mode [ 1564.238255][ T5231] netdevsim netdevsim2 netdevsim0: unset [1, 1] type 2 family 0 port 20000 - 0 [ 1564.264265][T19905] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 1564.264341][ T5231] netdevsim netdevsim2 netdevsim1: unset [1, 1] type 2 family 0 port 20000 - 0 [ 1564.281711][T19905] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1564.303218][ T5231] netdevsim netdevsim2 netdevsim2: unset [1, 1] type 2 family 0 port 20000 - 0 [ 1564.312422][T19905] usb 1-1: Product: syz [ 1564.322900][T19905] usb 1-1: Manufacturer: syz [ 1564.328056][ T5231] netdevsim netdevsim2 netdevsim3: unset [1, 1] type 2 family 0 port 20000 - 0 [ 1564.334997][T19905] usb 1-1: SerialNumber: syz [ 1564.363040][T19905] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 1564.386458][ T5531] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 1564.703140][ C1] usb 1-1: ath9k_htc: invalid pkt_len (fd7e) [ 1564.847504][ T5254] __nla_validate_parse: 2 callbacks suppressed [ 1564.847524][ T5254] netlink: 24 bytes leftover after parsing attributes in process `syz.3.14068'. [ 1564.864283][ T5254] netlink: 8 bytes leftover after parsing attributes in process `syz.3.14068'. [ 1564.889743][ T5256] binder: 5255:5256 ioctl 400c620e ffffffffffffffff returned -14 [ 1564.939147][T19905] usb 1-1: USB disconnect, device number 90 [ 1565.147815][ T5264] netlink: 'syz.2.14072': attribute type 1 has an invalid length. [ 1565.252800][ T5268] loop1: detected capacity change from 0 to 2048 [ 1565.500959][ T5531] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive [ 1565.529692][ T5531] ath9k_htc: Failed to initialize the device [ 1565.543859][T19905] usb 1-1: ath9k_htc: USB layer deinitialized [ 1566.013771][T25152] usb 4-1: new high-speed USB device number 60 using dummy_hcd [ 1566.208311][T25152] usb 4-1: New USB device found, idVendor=8086, idProduct=0110, bcdDevice=bf.ad [ 1566.217854][T25152] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1566.227829][T19905] usb 1-1: new high-speed USB device number 91 using dummy_hcd [ 1566.245734][T25152] usb 4-1: config 0 descriptor?? [ 1566.265130][T25152] gspca_main: spca508-2.14.0 probing 8086:0110 [ 1566.452165][T19905] usb 1-1: Using ep0 maxpacket: 16 [ 1566.460077][T19905] usb 1-1: config 0 has an invalid interface number: 104 but max is 1 [ 1566.483131][T19905] usb 1-1: config 0 has an invalid interface number: 104 but max is 1 [ 1566.497583][T19905] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 1566.526746][T19905] usb 1-1: config 0 has no interface number 0 [ 1566.544169][T19905] usb 1-1: config 0 interface 104 altsetting 0 endpoint 0x8 has invalid wMaxPacketSize 0 [ 1566.558642][T19905] usb 1-1: config 0 interface 104 has no altsetting 1 [ 1566.570172][T19905] usb 1-1: New USB device found, idVendor=1189, idProduct=0893, bcdDevice= 0.00 [ 1566.579488][T19905] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1566.588720][T19905] usb 1-1: Product: syz [ 1566.600220][T19905] usb 1-1: Manufacturer: syz [ 1566.606475][T19905] usb 1-1: SerialNumber: syz [ 1566.623878][T19905] usb 1-1: config 0 descriptor?? [ 1566.680947][ T5308] loop1: detected capacity change from 0 to 4096 [ 1566.702071][ T5308] ntfs: (device loop1): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel. [ 1566.709295][T25152] gspca_spca508: reg_read err -71 [ 1566.763584][ T5308] ntfs: (device loop1): check_mft_mirror(): $MFT and $MFTMirr (record 1) do not match. Run ntfsfix or chkdsk. [ 1566.768392][T25152] gspca_spca508: reg_read err -71 [ 1566.785939][ T5308] ntfs: (device loop1): load_system_files(): $MFTMirr does not match $MFT. Mounting read-only. Run ntfsfix and/or chkdsk. [ 1566.788385][T25152] gspca_spca508: reg_read err -71 [ 1566.824342][T25152] gspca_spca508: reg_read err -71 [ 1566.837921][T25152] gspca_spca508: reg write: error -71 [ 1566.843435][T25152] spca508: probe of 4-1:0.0 failed with error -71 [ 1566.853141][ T5308] ntfs: volume version 3.1. [ 1566.875172][T19905] asix 1-1:0.104 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 1566.901577][T25152] usb 4-1: USB disconnect, device number 60 [ 1566.923592][T19905] asix: probe of 1-1:0.104 failed with error -71 [ 1566.957433][T19905] usb 1-1: USB disconnect, device number 91 [ 1567.754710][ T5326] netlink: 76 bytes leftover after parsing attributes in process `syz.1.14103'. [ 1567.940195][ T5333] xt_hashlimit: invalid rate [ 1568.340431][ T5345] netlink: 424 bytes leftover after parsing attributes in process `syz.2.14112'. [ 1568.376176][ T5345] netlink: 'syz.2.14112': attribute type 1 has an invalid length. [ 1568.445437][ T5349] netlink: 12 bytes leftover after parsing attributes in process `syz.0.14113'. [ 1568.490134][ T5349] netlink: 'syz.0.14113': attribute type 1 has an invalid length. [ 1568.529252][ T5349] netlink: 'syz.0.14113': attribute type 2 has an invalid length. [ 1568.558046][ T5349] netlink: 4 bytes leftover after parsing attributes in process `syz.0.14113'. [ 1568.788167][ T5359] delete_channel: no stack [ 1569.336380][ T5378] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 1569.358520][ T5379] netlink: 12 bytes leftover after parsing attributes in process `syz.2.14129'. [ 1569.746049][ T5391] netlink: 4 bytes leftover after parsing attributes in process `syz.2.14135'. [ 1570.037724][ T5397] netlink: 16 bytes leftover after parsing attributes in process `syz.3.14138'. [ 1571.011269][ T5399] loop1: detected capacity change from 0 to 32768 [ 1571.129329][ T5399] ea_get: invalid extended attribute [ 1572.478992][ T5438] loop1: detected capacity change from 0 to 32768 [ 1572.515400][ T5438] BTRFS: device fsid e0cb6322-611b-4325-acdf-015f79de3787 devid 1 transid 8 /dev/loop1 scanned by syz.1.14158 (5438) [ 1572.572133][ T5438] BTRFS info (device loop1): first mount of filesystem e0cb6322-611b-4325-acdf-015f79de3787 [ 1572.620460][ T5438] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 1572.654032][ T5438] BTRFS info (device loop1): turning on flush-on-commit [ 1572.672381][ T5438] BTRFS info (device loop1): turning off barriers [ 1572.701225][ T5438] BTRFS info (device loop1): turning on sync discard [ 1572.711408][ T5446] loop3: detected capacity change from 0 to 32768 [ 1572.718110][ T5438] BTRFS info (device loop1): using free space tree [ 1572.764742][ T5473] ieee802154 phy0 wpan0: encryption failed: -22 [ 1573.110599][ T6082] BTRFS info (device loop1): last unmount of filesystem e0cb6322-611b-4325-acdf-015f79de3787 [ 1573.372224][ T5495] loop3: detected capacity change from 0 to 1024 [ 1573.388401][ T5497] loop1: detected capacity change from 0 to 256 [ 1573.486527][ T5495] hfsplus: keylen 65060 too large [ 1573.944653][ T28] audit: type=1326 audit(2000000067.442:296): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5510 comm="syz.2.14184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3bd818efc9 code=0x7ff00000 [ 1574.071143][ T28] audit: type=1326 audit(2000000067.442:297): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5510 comm="syz.2.14184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3bd818efc9 code=0x7ff00000 [ 1574.174933][ T28] audit: type=1326 audit(2000000067.442:298): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5510 comm="syz.2.14184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3bd818efc9 code=0x7ff00000 [ 1574.279435][ T28] audit: type=1326 audit(2000000067.442:299): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5510 comm="syz.2.14184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3bd818efc9 code=0x7ff00000 [ 1574.345068][ T28] audit: type=1326 audit(2000000067.442:300): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5510 comm="syz.2.14184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3bd818efc9 code=0x7ff00000 [ 1574.416441][ T28] audit: type=1326 audit(2000000067.442:301): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5510 comm="syz.2.14184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3bd818efc9 code=0x7ff00000 [ 1574.518124][ T5526] wg1 speed is unknown, defaulting to 1000 [ 1574.525065][ T28] audit: type=1326 audit(2000000067.442:302): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5510 comm="syz.2.14184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3bd818efc9 code=0x7ff00000 [ 1574.535895][ T5526] wg1 speed is unknown, defaulting to 1000 [ 1574.576066][ T5526] wg1 speed is unknown, defaulting to 1000 [ 1574.594184][ T5526] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 1574.606410][ T28] audit: type=1326 audit(2000000067.442:303): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5510 comm="syz.2.14184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3bd818efc9 code=0x7ff00000 [ 1574.631623][ T5529] netlink: 772 bytes leftover after parsing attributes in process `syz.0.14193'. [ 1574.652278][ T5526] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 1574.673088][ T28] audit: type=1326 audit(2000000067.442:304): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5510 comm="syz.2.14184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3bd818efc9 code=0x7ff00000 [ 1574.710284][ T5526] wg1 speed is unknown, defaulting to 1000 [ 1574.711291][ T5534] loop3: detected capacity change from 0 to 16 [ 1574.727041][ T5526] wg1 speed is unknown, defaulting to 1000 [ 1574.727647][ T28] audit: type=1326 audit(2000000067.442:305): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5510 comm="syz.2.14184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3bd818efc9 code=0x7ff00000 [ 1574.741851][ T5526] wg1 speed is unknown, defaulting to 1000 [ 1574.756762][ T5534] erofs: DAX enabled. Warning: EXPERIMENTAL, use at your own risk [ 1574.772005][ T5526] wg1 speed is unknown, defaulting to 1000 [ 1574.785742][ T5534] erofs: DAX enabled. Warning: EXPERIMENTAL, use at your own risk [ 1575.260024][ T5534] erofs: DAX unsupported by block device. Turning off DAX. [ 1575.285364][ T5534] erofs: (device loop3): mounted with root inode @ nid 36. [ 1575.385971][ T5103] erofs: (device loop3): z_erofs_lz4_decompress_mem: failed to decompress -4045 in[4096, 0] out[9000] [ 1575.399931][ T8] usb 2-1: new full-speed USB device number 78 using dummy_hcd [ 1575.412917][ T5534] erofs: (device loop3): z_erofs_lz4_decompress_mem: failed to decompress -4045 in[4096, 0] out[8192] [ 1575.609574][ T8] usb 2-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f [ 1575.630236][ T8] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1575.662593][ T8] usb 2-1: Product: syz [ 1575.666863][ T8] usb 2-1: Manufacturer: syz [ 1575.688133][ T8] usb 2-1: SerialNumber: syz [ 1575.711393][ T8] usb 2-1: config 0 descriptor?? [ 1575.730864][ T8] gspca_main: stk1135-2.14.0 probing 174f:6a31 [ 1575.833912][ T5557] netlink: 192436 bytes leftover after parsing attributes in process `syz.0.14205'. [ 1575.874699][ T5557] openvswitch: netlink: Message has 13056 unknown bytes. [ 1576.167986][ T8] gspca_stk1135: reg_w 0x0 err -71 [ 1576.198118][ T8] gspca_stk1135: serial bus timeout: status=0x00 [ 1576.220349][ T8] gspca_stk1135: Sensor write failed [ 1576.249363][ T8] gspca_stk1135: serial bus timeout: status=0x00 [ 1576.284786][ T8] gspca_stk1135: Sensor write failed [ 1576.297910][ T8] gspca_stk1135: serial bus timeout: status=0x00 [ 1576.315214][ T8] gspca_stk1135: Sensor read failed [ 1576.326080][ T8] gspca_stk1135: serial bus timeout: status=0x00 [ 1576.338501][ T8] gspca_stk1135: Sensor read failed [ 1576.363101][ T8] gspca_stk1135: Detected sensor type unknown (0x0) [ 1576.394227][ T8] gspca_stk1135: serial bus timeout: status=0x00 [ 1576.420047][ T8] gspca_stk1135: Sensor read failed [ 1576.443461][ T8] gspca_stk1135: serial bus timeout: status=0x00 [ 1576.456957][ T8] gspca_stk1135: Sensor read failed [ 1576.476287][ T8] gspca_stk1135: serial bus timeout: status=0x00 [ 1576.482752][ T8] gspca_stk1135: Sensor write failed [ 1576.498981][ T8] gspca_stk1135: serial bus timeout: status=0x00 [ 1576.516213][ T8] gspca_stk1135: Sensor write failed [ 1576.554227][ T8] stk1135: probe of 2-1:0.0 failed with error -71 [ 1576.584809][ T8] usb 2-1: USB disconnect, device number 78 [ 1577.197012][ T5606] tipc: Can't bind to reserved service type 2 [ 1577.526483][ T5620] Unsupported ieee802154 address type: 0 [ 1577.941954][ T5636] loop3: detected capacity change from 0 to 256 [ 1577.989695][ T5636] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 1578.174183][ T5647] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1578.660944][ T8] usb 3-1: new high-speed USB device number 65 using dummy_hcd [ 1578.885137][ T8] usb 3-1: Using ep0 maxpacket: 32 [ 1578.895085][ T8] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1578.915136][ T8] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 1578.948632][ T8] usb 3-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1578.994231][ T8] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1579.020086][ T8] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1579.054467][ T8] usb 3-1: Product: syz [ 1579.086056][ T8] usb 3-1: Manufacturer: syz [ 1579.091110][ T8] usb 3-1: SerialNumber: syz [ 1579.118938][ T8] cdc_ncm 3-1:1.0: skipping garbage [ 1579.141722][ T8] cdc_ncm 3-1:1.0: skipping garbage [ 1579.161028][ T8] cdc_ncm 3-1:1.0: CDC Union missing and no IAD found [ 1579.187074][ T8] cdc_ncm 3-1:1.0: bind() failure [ 1579.384854][ T8] usb 3-1: USB disconnect, device number 65 [ 1579.667265][ T5697] netlink: 8 bytes leftover after parsing attributes in process `syz.3.14270'. [ 1579.686496][ T5697] netlink: 8 bytes leftover after parsing attributes in process `syz.3.14270'. [ 1580.104725][ T5716] netlink: 24 bytes leftover after parsing attributes in process `syz.2.14280'. [ 1580.150893][ T5716] netdevsim netdevsim2 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0 [ 1580.178376][ T5716] netdevsim netdevsim2 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0 [ 1580.206004][ T5716] netdevsim netdevsim2 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0 [ 1580.232176][ T5716] netdevsim netdevsim2 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0 [ 1580.851572][ T5737] netlink: 'syz.2.14288': attribute type 1 has an invalid length. [ 1580.868657][ T5737] netlink: 224 bytes leftover after parsing attributes in process `syz.2.14288'. [ 1581.016412][ T5743] SET target dimension over the limit! [ 1581.094763][ T5745] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1584.246230][ T5863] netlink: 12 bytes leftover after parsing attributes in process `syz.2.14348'. [ 1584.277924][ T5865] netlink: 'syz.3.14349': attribute type 10 has an invalid length. [ 1584.317468][ T5865] veth1_macvtap: left promiscuous mode [ 1584.364587][ T5867] loop1: detected capacity change from 0 to 128 [ 1584.386008][ T5867] EXT4-fs (loop1): Test dummy encryption mode enabled [ 1584.424924][ T5867] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=16, mo=a802c118, mo2=0002] [ 1584.433290][ T5867] System zones: 1-3, 19-19, 35-36 [ 1584.469379][ T5867] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 1584.496734][ T5867] ext4 filesystem being mounted at /3511/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1584.834235][ T5867] fscrypt: AES-256-CTS-CBC using implementation "cts-cbc-aes-aesni" [ 1584.883351][ T5867] EXT4-fs error (device loop1): ext4_validate_block_bitmap:421: comm syz.1.14350: bg 0: bad block bitmap checksum [ 1585.126847][ T6082] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 1585.255781][ T5894] bridge2: entered promiscuous mode [ 1586.233748][ T5937] netlink: 209844 bytes leftover after parsing attributes in process `syz.2.14382'. [ 1586.347926][T12696] usb 2-1: new high-speed USB device number 79 using dummy_hcd [ 1586.560934][T12696] usb 2-1: Using ep0 maxpacket: 32 [ 1586.600093][T12696] usb 2-1: config 0 has an invalid interface number: 66 but max is 1 [ 1586.618448][T12696] usb 2-1: config 0 has no interface number 1 [ 1586.646299][T12696] usb 2-1: too many endpoints for config 0 interface 0 altsetting 5: 69, using maximum allowed: 30 [ 1586.669811][T12696] usb 2-1: config 0 interface 0 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 69 [ 1586.702639][T12696] usb 2-1: too many endpoints for config 0 interface 66 altsetting 107: 137, using maximum allowed: 30 [ 1586.729116][T12696] usb 2-1: config 0 interface 66 altsetting 107 has 0 endpoint descriptors, different from the interface descriptor's value: 137 [ 1586.771886][T12696] usb 2-1: config 0 interface 0 has no altsetting 0 [ 1586.789493][T12696] usb 2-1: config 0 interface 66 has no altsetting 0 [ 1586.808458][T12696] usb 2-1: New USB device found, idVendor=152d, idProduct=0539, bcdDevice= 0.00 [ 1586.828248][T12696] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 1586.845200][T12696] usb 2-1: SerialNumber: syz [ 1586.871572][T12696] usb 2-1: config 0 descriptor?? [ 1586.888467][T12696] usb-storage 2-1:0.0: USB Mass Storage device detected [ 1586.906809][T12696] usb-storage 2-1:0.0: Quirks match for vid 152d pid 0539: 4000000 [ 1587.000804][ T5960] netlink: 44 bytes leftover after parsing attributes in process `syz.0.14393'. [ 1587.106787][T12696] usb-storage 2-1:0.66: USB Mass Storage device detected [ 1587.142856][T12696] usb-storage 2-1:0.66: Quirks match for vid 152d pid 0539: 4000000 [ 1587.189951][ T5966] (unnamed net_device) (uninitialized): option updelay: invalid value (18446744073709510581) [ 1587.230114][T12696] usb 2-1: USB disconnect, device number 79 [ 1587.251459][ T5966] (unnamed net_device) (uninitialized): option updelay: allowed values 0 - 2147483647 [ 1587.377484][ T5970] (unnamed net_device) (uninitialized): option arp_interval: invalid value (18446744073709551615) [ 1587.410152][ T5970] (unnamed net_device) (uninitialized): option arp_interval: allowed values 0 - 2147483647 [ 1587.570309][ T5974] loop3: detected capacity change from 0 to 8 [ 1587.590612][ T5974] MTD: Attempt to mount non-MTD device "/dev/loop3" [ 1587.638633][ T5974] cramfs: Error -3 while decompressing! [ 1587.652067][ T5974] cramfs: ffffffff96fdc328(18)->ffff888057928000(4096) [ 1587.683794][ T5974] cramfs: Error -3 while decompressing! [ 1587.689411][ T5974] cramfs: ffffffff96fdc328(18)->ffff888057928000(4096) [ 1587.707575][ T28] kauditd_printk_skb: 62 callbacks suppressed [ 1587.707589][ T28] audit: type=1800 audit(2000000080.313:368): pid=5974 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.14398" name="file1" dev="loop3" ino=324 res=0 errno=0 [ 1587.953438][ T5986] netlink: 12 bytes leftover after parsing attributes in process `syz.2.14403'. [ 1588.266588][ T5996] sctp: [Deprecated]: syz.0.14407 (pid 5996) Use of int in maxseg socket option. [ 1588.266588][ T5996] Use struct sctp_assoc_value instead [ 1588.501767][ T6005] netlink: 'syz.2.14413': attribute type 1 has an invalid length. [ 1588.557566][ T6005] netlink: 224 bytes leftover after parsing attributes in process `syz.2.14413'. [ 1588.579881][ T6005] netlink: 8 bytes leftover after parsing attributes in process `syz.2.14413'. [ 1588.600348][ T6008] netlink: 16 bytes leftover after parsing attributes in process `syz.3.14414'. [ 1589.447420][ T8] usb 1-1: new high-speed USB device number 92 using dummy_hcd [ 1589.473267][ T6038] netlink: 'syz.2.14427': attribute type 5 has an invalid length. [ 1589.665583][ T8] usb 1-1: Using ep0 maxpacket: 32 [ 1589.694210][ T8] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1589.733966][ T6017] loop1: detected capacity change from 0 to 32768 [ 1589.746437][ T8] usb 1-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80 [ 1589.758672][ T6046] netlink: 20 bytes leftover after parsing attributes in process `syz.3.14431'. [ 1589.763636][ T8] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1589.786570][ T6017] [ 1589.786570][ T6017] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 1589.786570][ T6017] [ 1589.804143][ T8] usb 1-1: Product: syz [ 1589.808378][ T8] usb 1-1: Manufacturer: syz [ 1589.835302][ T8] usb 1-1: SerialNumber: syz [ 1589.859611][ T8] usb 1-1: config 0 descriptor?? [ 1589.864423][ T28] audit: type=1800 audit(2000000082.324:369): pid=6017 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.14418" name="file1" dev="loop1" ino=4 res=0 errno=0 [ 1589.897731][ T8] usb 1-1: bad CDC descriptors [ 1589.905517][ T8] usb 1-1: unsupported MDLM descriptors [ 1589.967564][ T6082] [ 1589.967564][ T6082] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 1589.967564][ T6082] [ 1589.995681][ T6082] [ 1589.995681][ T6082] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 1589.995681][ T6082] [ 1590.168011][ T8] usb 1-1: USB disconnect, device number 92 [ 1590.506212][ T6066] netlink: 'syz.3.14440': attribute type 6 has an invalid length. [ 1590.620025][ T6070] loop1: detected capacity change from 0 to 512 [ 1590.643255][ T6070] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 1590.744199][ T6070] FAT-fs (loop1): error, invalid access to FAT (entry 0x0fffff00) [ 1590.864052][ T6080] netlink: 209844 bytes leftover after parsing attributes in process `syz.3.14445'. [ 1590.909392][ T6084] mac80211_hwsim hwsim8 : renamed from wlan0 (while UP) [ 1591.335869][ T6137] loop3: detected capacity change from 0 to 2048 [ 1591.383654][ T6137] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1591.496591][ T6143] geneve2: entered promiscuous mode [ 1591.500975][ T6137] ext4 filesystem being mounted at /3682/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1591.502197][ T6143] geneve2: entered allmulticast mode [ 1591.659725][ T6086] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1592.038423][ T6092] loop1: detected capacity change from 0 to 32768 [ 1592.106260][ T6092] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 1592.266390][ T6082] ocfs2: Unmounting device (7,1) on (node local) [ 1592.516443][ T6167] netlink: 24 bytes leftover after parsing attributes in process `syz.3.14464'. [ 1592.653412][ T6172] loop1: detected capacity change from 0 to 512 [ 1592.723100][ T6172] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 1592.770429][ T6172] EXT4-fs warning (device loop1): ext4_update_dynamic_rev:1154: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 1592.880905][ T6172] EXT4-fs error (device loop1): ext4_validate_block_bitmap:439: comm syz.1.14467: bg 0: block 248: padding at end of block bitmap is not set [ 1592.946714][ T6184] loop3: detected capacity change from 0 to 2048 [ 1592.969541][ T6172] Quota error (device loop1): write_blk: dquota write failed [ 1592.988978][ T6187] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1593.003796][ T6172] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 1593.052491][ T6172] EXT4-fs error (device loop1): ext4_acquire_dquot:6940: comm syz.1.14467: Failed to acquire dquot type 1 [ 1593.090992][ T6184] CPU: 1 PID: 6184 Comm: syz.3.14473 Not tainted syzkaller #0 [ 1593.099009][ T6184] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1593.109111][ T6184] Call Trace: [ 1593.112421][ T6184] [ 1593.115395][ T6184] dump_stack_lvl+0x16c/0x230 [ 1593.120143][ T6184] ? show_regs_print_info+0x20/0x20 [ 1593.125392][ T6184] ? kmem_cache_alloc+0x14d/0x2e0 [ 1593.130480][ T6184] ? __asan_memset+0x22/0x40 [ 1593.135117][ T6184] ? nilfs_btree_alloc_path+0x5e5/0x600 [ 1593.140749][ T6184] nilfs_btree_last_key+0x489/0x610 [ 1593.146005][ T6184] nilfs_bmap_last_key+0x74/0x120 [ 1593.151085][ T6184] nilfs_truncate_bmap+0xff/0x340 [ 1593.156170][ T6184] ? nilfs_update_inode+0x1d0/0x1d0 [ 1593.161419][ T6184] ? block_truncate_page+0x168/0x9f0 [ 1593.166775][ T6184] ? nilfs_inode_sub_blocks+0xe0/0xe0 [ 1593.172202][ T6184] nilfs_truncate+0x267/0x4a0 [ 1593.176936][ T6184] ? nilfs_write_failed+0xa0/0xa0 [ 1593.182097][ T6184] nilfs_setattr+0x211/0x2b0 [ 1593.186756][ T6184] ? nilfs_clear_inode+0x280/0x280 [ 1593.191917][ T6184] ? is_bad_inode+0xd/0x40 [ 1593.196398][ T6184] ? evm_inode_setattr+0x94/0x6a0 [ 1593.201491][ T6184] ? bpf_lsm_inode_setattr+0x9/0x10 [ 1593.206736][ T6184] ? try_break_deleg+0x79/0x120 [ 1593.211630][ T6184] ? nilfs_clear_inode+0x280/0x280 [ 1593.216794][ T6184] notify_change+0xb0d/0xe10 [ 1593.221460][ T6184] do_truncate+0x19b/0x220 [ 1593.225918][ T6184] ? put_page_bootmem+0x2c0/0x2c0 [ 1593.230985][ T6184] ? apparmor_file_truncate+0x23f/0x2d0 [ 1593.236586][ T6184] ? ima_bprm_check+0x1f0/0x1f0 [ 1593.241497][ T6184] path_openat+0x298c/0x3190 [ 1593.246170][ T6184] ? do_filp_open+0x3d0/0x3d0 [ 1593.250935][ T6184] do_filp_open+0x1c5/0x3d0 [ 1593.255514][ T6184] ? vfs_tmpfile+0x490/0x490 [ 1593.260178][ T6184] ? _raw_spin_unlock+0x28/0x40 [ 1593.265071][ T6184] ? alloc_fd+0x58f/0x630 [ 1593.269466][ T6184] do_sys_openat2+0x12c/0x1c0 [ 1593.274186][ T6184] ? do_sys_open+0xe0/0xe0 [ 1593.278643][ T6184] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 1593.284667][ T6184] ? lock_chain_count+0x20/0x20 [ 1593.289656][ T6184] __x64_sys_openat+0x139/0x160 [ 1593.294557][ T6184] do_syscall_64+0x55/0xb0 [ 1593.299030][ T6184] ? clear_bhb_loop+0x40/0x90 [ 1593.303744][ T6184] ? clear_bhb_loop+0x40/0x90 [ 1593.308469][ T6184] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1593.310587][ T6172] EXT4-fs (loop1): 1 truncate cleaned up [ 1593.314376][ T6184] RIP: 0033:0x7f77bc78efc9 [ 1593.321980][ T6172] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0008-000000000000 r/w without journal. Quota mode: writeback. [ 1593.324436][ T6184] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1593.324458][ T6184] RSP: 002b:00007f77bd62c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1593.324483][ T6184] RAX: ffffffffffffffda RBX: 00007f77bc9e5fa0 RCX: 00007f77bc78efc9 [ 1593.372984][ T6184] RDX: 00000000000a2281 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 1593.381000][ T6184] RBP: 00007f77bc811f91 R08: 0000000000000000 R09: 0000000000000000 [ 1593.389010][ T6184] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1593.397022][ T6184] R13: 00007f77bc9e6038 R14: 00007f77bc9e5fa0 R15: 00007ffceffcc628 [ 1593.405059][ T6184] [ 1593.492658][ T6184] NILFS (loop3): btree level mismatch (ino=16): 1 != 7 [ 1593.566925][ T6082] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0008-000000000000. [ 1593.568068][ T6184] NILFS error (device loop3): nilfs_bmap_last_key: broken bmap (inode number=16) [ 1593.595934][ T58] Quota error (device loop1): do_check_range: Getting block 0 out of range 1-5 [ 1593.627546][ T58] EXT4-fs error (device loop1): ext4_release_dquot:6976: comm kworker/u4:4: Failed to release dquot type 1 [ 1593.640213][ T6184] Remounting filesystem read-only [ 1593.645289][ T6184] NILFS (loop3): error -5 truncating bmap (ino=16) [ 1593.750057][ T6199] netlink: 52 bytes leftover after parsing attributes in process `syz.0.14480'. [ 1593.810099][ T6086] NILFS (loop3): discard dirty page: offset=4096, ino=6 [ 1593.817148][ T6086] NILFS (loop3): discard dirty block: blocknr=39, size=1024 [ 1593.849979][ T6086] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 1593.884096][ T6086] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 1593.916154][ T6086] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 1593.925406][ T6086] NILFS (loop3): disposed unprocessed dirty file(s) when detaching log writer [ 1594.878856][ T6243] mac80211_hwsim hwsim7 : renamed from wlan0 (while UP) [ 1594.945654][T12696] usb 2-1: new high-speed USB device number 80 using dummy_hcd [ 1595.017184][ T8] usb 3-1: new high-speed USB device number 66 using dummy_hcd [ 1595.019210][ T6248] loop3: detected capacity change from 0 to 16 [ 1595.038324][ T6248] MTD: Attempt to mount non-MTD device "/dev/loop3" [ 1595.156468][T12696] usb 2-1: Using ep0 maxpacket: 16 [ 1595.164754][T12696] usb 2-1: config 0 interface 0 has no altsetting 0 [ 1595.192654][T12696] usb 2-1: New USB device found, idVendor=1235, idProduct=0010, bcdDevice=29.82 [ 1595.209395][T12696] usb 2-1: New USB device strings: Mfr=83, Product=5, SerialNumber=10 [ 1595.228675][T12696] usb 2-1: Product: syz [ 1595.235408][ T8] usb 3-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 1595.252244][T12696] usb 2-1: Manufacturer: syz [ 1595.261719][ T8] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 31, changing to 7 [ 1595.281519][T12696] usb 2-1: SerialNumber: syz [ 1595.288310][ T8] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 1595.302350][T12696] usb 2-1: config 0 descriptor?? [ 1595.311494][ T8] usb 3-1: language id specifier not provided by device, defaulting to English [ 1595.328798][ T8] usb 3-1: New USB device found, idVendor=2013, idProduct=0251, bcdDevice=e8.6e [ 1595.349263][ T8] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1595.359655][ T8] usb 3-1: Manufacturer: ‰ [ 1595.367448][ T28] audit: type=1326 audit(2000000087.478:370): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6254 comm="syz.3.14506" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77bc78efc9 code=0x7ffc0000 [ 1595.370093][ T8] usb 3-1: SerialNumber: syz [ 1595.441067][ T8] usb 3-1: config 0 descriptor?? [ 1595.444974][ T28] audit: type=1326 audit(2000000087.478:371): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6254 comm="syz.3.14506" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77bc78efc9 code=0x7ffc0000 [ 1595.460957][ T8] em28xx 3-1:0.0: New device ‰ @ 480 Mbps (2013:0251, interface 0, class 0) [ 1595.528086][ T28] audit: type=1326 audit(2000000087.506:372): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6254 comm="syz.3.14506" exe="/root/syz-executor" sig=0 arch=c000003e syscall=293 compat=0 ip=0x7f77bc78efc9 code=0x7ffc0000 [ 1595.547319][ T8] em28xx 3-1:0.0: Audio interface 0 found (Vendor Class) [ 1595.561583][ T28] audit: type=1326 audit(2000000087.506:373): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6254 comm="syz.3.14506" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77bc78efc9 code=0x7ffc0000 [ 1595.598257][ T28] audit: type=1326 audit(2000000087.506:374): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6254 comm="syz.3.14506" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77bc78efc9 code=0x7ffc0000 [ 1595.609641][T12696] snd-usb-audio: probe of 2-1:0.0 failed with error -22 [ 1595.657060][T12696] usb 2-1: USB disconnect, device number 80 [ 1595.765996][ T8] em28xx 3-1:0.0: unknown em28xx chip ID (0) [ 1595.769181][ T6026] udevd[6026]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1595.797962][ T8] em28xx 3-1:0.0: Config register raw data: 0xfffffffb [ 1595.805616][ T8] em28xx 3-1:0.0: AC97 chip type couldn't be determined [ 1595.821982][ T8] em28xx 3-1:0.0: No AC97 audio processor [ 1595.855982][ T8] usb 3-1: USB disconnect, device number 66 [ 1595.870871][ T8] em28xx 3-1:0.0: Disconnecting em28xx [ 1595.888667][ T8] em28xx 3-1:0.0: Freeing device [ 1596.032954][ T1193] usb 4-1: new high-speed USB device number 61 using dummy_hcd [ 1596.246696][T12696] usb 1-1: new high-speed USB device number 93 using dummy_hcd [ 1596.254431][ T1193] usb 4-1: Using ep0 maxpacket: 16 [ 1596.268036][ T1193] usb 4-1: config 0 has an invalid interface number: 105 but max is 0 [ 1596.289333][ T1193] usb 4-1: config 0 has an invalid descriptor of length 214, skipping remainder of the config [ 1596.321629][ T1193] usb 4-1: config 0 has no interface number 0 [ 1596.341883][ T1193] usb 4-1: New USB device found, idVendor=046d, idProduct=08d3, bcdDevice= b.28 [ 1596.370455][ T1193] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1596.407003][ T1193] usb 4-1: Product: syz [ 1596.411238][ T1193] usb 4-1: Manufacturer: syz [ 1596.432737][ T1193] usb 4-1: SerialNumber: syz [ 1596.456564][ T1193] usb 4-1: config 0 descriptor?? [ 1596.461780][T12696] usb 1-1: New USB device found, idVendor=249c, idProduct=9002, bcdDevice=5e.ad [ 1596.470850][T12696] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1596.523264][T12696] usb 1-1: config 0 descriptor?? [ 1596.760480][T25152] usb 4-1: USB disconnect, device number 61 [ 1596.801559][T12696] snd-usb-hiface: probe of 1-1:0.0 failed with error -22 [ 1597.026696][T25152] usb 1-1: USB disconnect, device number 93 [ 1597.041135][ T6290] loop1: detected capacity change from 0 to 64 [ 1597.630883][ T6306] vcan0: entered promiscuous mode [ 1597.660154][ T6306] A link change request failed with some changes committed already. Interface vcan0 may have been left with an inconsistent configuration, please check. [ 1598.341156][ T6302] loop1: detected capacity change from 0 to 32768 [ 1598.426236][ T6302] ERROR: (device loop1): dbAlloc: unable to allocate blocks [ 1598.426236][ T6302] [ 1598.448964][ T1193] usb 3-1: new high-speed USB device number 67 using dummy_hcd [ 1598.477041][ T6302] ERROR: (device loop1): remounting filesystem as read-only [ 1598.485663][ T6302] jfs_create: dtInsert returned -EIO [ 1598.506953][ T6302] ERROR: (device loop1): jfs_create: [ 1598.506953][ T6302] [ 1598.657972][ T1193] usb 3-1: New USB device found, idVendor=0b95, idProduct=772b, bcdDevice=a2.4c [ 1598.686240][ T1193] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1598.718980][ T1193] usb 3-1: Product: syz [ 1598.723209][ T1193] usb 3-1: Manufacturer: syz [ 1598.762312][ T1193] usb 3-1: SerialNumber: syz [ 1598.770563][ T1193] usb 3-1: config 0 descriptor?? [ 1598.986401][ T6340] loop3: detected capacity change from 0 to 1024 [ 1599.049989][ T1193] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 1599.077970][ T1193] asix: probe of 3-1:0.0 failed with error -71 [ 1599.109617][ T6340] hfsplus: inconsistency in B*Tree (0,1,255,1,0) [ 1599.116998][ T1193] usb 3-1: USB disconnect, device number 67 [ 1599.139196][ T6340] hfsplus: inconsistency in B*Tree (0,1,255,1,0) [ 1599.239485][ T48] hfsplus: b-tree write err: -5, ino 4 [ 1599.370668][ T6350] netlink: 'syz.1.14553': attribute type 32 has an invalid length. [ 1599.409860][ T6352] netlink: 8 bytes leftover after parsing attributes in process `syz.0.14554'. [ 1599.560420][ T6356] loop3: detected capacity change from 0 to 512 [ 1599.603029][ T6356] EXT4-fs (loop3): orphan cleanup on readonly fs [ 1599.622031][ T6356] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2249: inode #15: comm syz.3.14556: corrupted in-inode xattr: invalid size in ea xattr [ 1599.640005][ T6361] loop1: detected capacity change from 0 to 1024 [ 1599.688052][ T6361] fuse: Bad value for 'fd' [ 1599.726127][ T6356] EXT4-fs (loop3): Remounting filesystem read-only [ 1599.768670][ T6356] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 1599.968678][ T6086] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1600.816037][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 1600.890322][ T6404] loop1: detected capacity change from 0 to 256 [ 1600.955392][ T6406] loop3: detected capacity change from 0 to 256 [ 1601.163758][ T6406] FAT-fs (loop3): Directory bread(block 64) failed [ 1601.196467][ T6406] FAT-fs (loop3): Directory bread(block 65) failed [ 1601.202042][ T6412] loop1: detected capacity change from 0 to 1024 [ 1601.203140][ T6406] FAT-fs (loop3): Directory bread(block 66) failed [ 1601.266679][ T6406] FAT-fs (loop3): Directory bread(block 67) failed [ 1601.295516][ T6406] FAT-fs (loop3): Directory bread(block 68) failed [ 1601.313406][ T6406] FAT-fs (loop3): Directory bread(block 69) failed [ 1601.323273][ T6406] FAT-fs (loop3): Directory bread(block 70) failed [ 1601.347026][ T6406] FAT-fs (loop3): Directory bread(block 71) failed [ 1601.358839][ T6406] FAT-fs (loop3): Directory bread(block 72) failed [ 1601.376696][ T6406] FAT-fs (loop3): Directory bread(block 73) failed [ 1601.508414][T18302] usb 3-1: new high-speed USB device number 68 using dummy_hcd [ 1601.721058][T18302] usb 3-1: Using ep0 maxpacket: 32 [ 1601.729142][ T6426] usb usb8: usbfs: process 6426 (syz.0.14590) did not claim interface 0 before use [ 1601.733637][T18302] usb 3-1: unable to get BOS descriptor or descriptor too short [ 1601.803726][T18302] usb 3-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 1601.814771][T18302] usb 3-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 1601.845996][T18302] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1601.867635][T18302] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 1601.908330][T18302] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1601.936759][T18302] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1601.958341][T18302] usb 3-1: Product: syz [ 1601.962651][T18302] usb 3-1: Manufacturer: syz [ 1601.973988][T18302] usb 3-1: SerialNumber: syz [ 1602.298706][T18302] usb 3-1: 0:2 : does not exist [ 1602.339886][T18302] usb 3-1: USB disconnect, device number 68 [ 1602.405900][ T6032] udevd[6032]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1602.670785][ T6459] netlink: 'syz.1.14606': attribute type 1 has an invalid length. [ 1602.812014][ T6463] loop1: detected capacity change from 0 to 512 [ 1602.836175][ T6463] EXT4-fs: Ignoring removed mblk_io_submit option [ 1602.847182][ T6463] EXT4-fs (loop1): orphan cleanup on readonly fs [ 1602.857699][ T6463] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -13 [ 1602.904197][ T6463] EXT4-fs error (device loop1): ext4_clear_blocks:883: inode #13: comm syz.1.14607: attempt to clear invalid blocks 2 len 1 [ 1602.928526][ T6463] EXT4-fs (loop1): Remounting filesystem read-only [ 1602.946503][ T6463] EXT4-fs (loop1): 1 truncate cleaned up [ 1602.962205][ T6463] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 1602.964994][ T6468] loop3: detected capacity change from 0 to 256 [ 1603.036825][ T6468] exfat: Deprecated parameter 'namecase' [ 1603.042556][ T6468] exfat: Deprecated parameter 'utf8' [ 1603.081652][ T6082] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1603.099527][ T6468] exfat: Deprecated parameter 'namecase' [ 1603.105237][ T6468] exfat: Deprecated parameter 'utf8' [ 1603.204451][ T6468] exFAT-fs (loop3): failed to load upcase table (idx : 0x00012153, chksum : 0x555ffa9e, utbl_chksum : 0xe619d30d) [ 1604.329203][ T6512] program syz.1.14630 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1604.351302][ T28] audit: type=1326 audit(2000000095.887:375): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6514 comm="syz.0.14633" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f237678efc9 code=0x7ffc0000 [ 1604.407687][ T28] audit: type=1326 audit(2000000095.887:376): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6514 comm="syz.0.14633" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f237678efc9 code=0x7ffc0000 [ 1604.499832][ T28] audit: type=1326 audit(2000000095.906:377): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6514 comm="syz.0.14633" exe="/root/syz-executor" sig=0 arch=c000003e syscall=107 compat=0 ip=0x7f237678efc9 code=0x7ffc0000 [ 1604.585860][ T28] audit: type=1326 audit(2000000095.906:378): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6514 comm="syz.0.14633" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f237678efc9 code=0x7ffc0000 [ 1604.633326][ T28] audit: type=1326 audit(2000000095.906:379): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6514 comm="syz.0.14633" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f237678efc9 code=0x7ffc0000 [ 1605.433566][ T6554] netlink: 'syz.1.14652': attribute type 2 has an invalid length. [ 1605.446927][ T6554] netlink: 'syz.1.14652': attribute type 1 has an invalid length. [ 1605.677177][ T6564] netlink: 32 bytes leftover after parsing attributes in process `syz.1.14657'. [ 1605.971379][ T6576] loop3: detected capacity change from 0 to 8 [ 1606.135712][T25152] usb 1-1: new high-speed USB device number 94 using dummy_hcd [ 1606.263568][ T6580] loop3: detected capacity change from 0 to 4096 [ 1606.282979][ T6580] ntfs3: loop3: Different NTFS sector size (4096) and media sector size (512). [ 1606.352919][T25152] usb 1-1: config 0 has no interfaces? [ 1606.384422][T25152] usb 1-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=e2.3d [ 1606.407216][ T6580] ntfs3: loop3: Failed to initialize $Extend/$Reparse. [ 1606.423794][T25152] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1606.444172][T25152] usb 1-1: Product: syz [ 1606.454299][T25152] usb 1-1: Manufacturer: syz [ 1606.474537][T25152] usb 1-1: SerialNumber: syz [ 1606.485893][T25152] r8152-cfgselector 1-1: config 0 descriptor?? [ 1606.734793][ T6572] loop1: detected capacity change from 0 to 32768 [ 1606.745368][T25152] usbip-host 1-1: 1-1 is not in match_busid table... skip! [ 1606.757844][ T6572] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 scanned by syz.1.14661 (6572) [ 1606.834953][ T6572] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 1606.859320][ T6572] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 1606.878941][ T6572] BTRFS info (device loop1): using free space tree [ 1606.970904][T25152] usb 1-1: USB disconnect, device number 94 [ 1607.079141][ T6572] BTRFS info (device loop1): enabling ssd optimizations [ 1607.101927][ T6572] BTRFS info (device loop1): auto enabling async discard [ 1607.297727][ T6082] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 1607.350965][ T6620] netlink: 3 bytes leftover after parsing attributes in process `syz.3.14677'. [ 1607.398554][ T6620] 0ªX¹¦À: renamed from caif0 [ 1607.428578][ T6620] 0ªX¹¦À: entered allmulticast mode [ 1607.436549][ T6620] A link change request failed with some changes committed already. Interface 60ªX¹¦À may have been left with an inconsistent configuration, please check. [ 1608.071959][ T6639] ptrace attach of "./syz-executor exec"[6086] was attempted by ""[6639] [ 1608.177675][T25152] usb 1-1: new high-speed USB device number 95 using dummy_hcd [ 1608.245587][ T6645] netlink: 8 bytes leftover after parsing attributes in process `syz.1.14687'. [ 1608.270515][ T6645] netlink: 16 bytes leftover after parsing attributes in process `syz.1.14687'. [ 1608.281231][ T28] audit: type=1326 audit(2000000099.554:380): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6646 comm="syz.2.14690" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3bd818efc9 code=0x7ffc0000 [ 1608.350534][ T28] audit: type=1326 audit(2000000099.554:381): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6646 comm="syz.2.14690" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3bd818efc9 code=0x7ffc0000 [ 1608.386204][T25152] usb 1-1: Using ep0 maxpacket: 32 [ 1608.404098][T25152] usb 1-1: unable to get BOS descriptor or descriptor too short [ 1608.422879][T25152] usb 1-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config [ 1608.430018][ T6649] netlink: 12 bytes leftover after parsing attributes in process `syz.3.14691'. [ 1608.453115][ T28] audit: type=1326 audit(2000000099.554:382): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6646 comm="syz.2.14690" exe="/root/syz-executor" sig=0 arch=c000003e syscall=100 compat=0 ip=0x7f3bd818efc9 code=0x7ffc0000 [ 1608.498999][T25152] usb 1-1: New USB device found, idVendor=18d1, idProduct=1eaf, bcdDevice=5a.bb [ 1608.508118][T25152] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1608.523246][T25152] usb 1-1: Product: syz [ 1608.527469][T25152] usb 1-1: Manufacturer: syz [ 1608.532808][ T28] audit: type=1326 audit(2000000099.554:383): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6646 comm="syz.2.14690" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3bd818efc9 code=0x7ffc0000 [ 1608.555722][T25152] usb 1-1: SerialNumber: syz [ 1608.588959][ T28] audit: type=1326 audit(2000000099.554:384): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6646 comm="syz.2.14690" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3bd818efc9 code=0x7ffc0000 [ 1608.707505][ T6658] netlink: 'syz.2.14695': attribute type 1 has an invalid length. [ 1608.727368][ T6658] netlink: 'syz.2.14695': attribute type 3 has an invalid length. [ 1608.750878][ T6658] netlink: 224 bytes leftover after parsing attributes in process `syz.2.14695'. [ 1608.776263][ T6658] NCSI netlink: No device for ifindex 0 [ 1608.804596][T25152] usb 1-1: Not enough endpoints found in device, aborting! [ 1609.072510][T25152] usb 1-1: USB disconnect, device number 95 [ 1609.339113][ T6677] loop1: detected capacity change from 0 to 8 [ 1609.390529][ T6677] SQUASHFS error: xz decompression failed, data probably corrupt [ 1609.411316][ T6677] SQUASHFS error: Failed to read block 0x108: -5 [ 1609.428873][ T6677] SQUASHFS error: Unable to read metadata cache entry [106] [ 1609.453955][ T6677] SQUASHFS error: Unable to read inode 0x11f [ 1609.689775][ T6669] loop3: detected capacity change from 0 to 32768 [ 1609.746731][ T6669] ERROR: (device loop3): dbAllocAG: unable to allocate blocks [ 1609.746731][ T6669] [ 1609.778945][ T6685] netlink: 8 bytes leftover after parsing attributes in process `syz.0.14709'. [ 1609.788253][ T6669] ERROR: (device loop3): remounting filesystem as read-only [ 1609.809590][ T6669] jfs_create: dtInsert returned -EIO [ 1609.828717][ T6669] ERROR: (device loop3): jfs_create: [ 1609.828717][ T6669] [ 1609.930695][T18302] usb 2-1: new high-speed USB device number 81 using dummy_hcd [ 1610.168215][T18302] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 1610.199225][T18302] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0 [ 1610.251582][T18302] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 33119, setting to 1024 [ 1610.288454][T18302] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024 [ 1610.321191][T18302] usb 2-1: New USB device found, idVendor=2040, idProduct=2000, bcdDevice=65.72 [ 1610.347668][T18302] usb 2-1: New USB device strings: Mfr=151, Product=0, SerialNumber=0 [ 1610.381066][T18302] usb 2-1: Manufacturer: syz [ 1610.400940][T18302] usb 2-1: config 0 descriptor?? [ 1610.421232][ T6677] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 1610.442644][T18302] smsusb:smsusb_probe: board id=9, interface number 0 [ 1610.484288][T18302] smsusb:siano_media_device_register: media controller created [ 1610.516060][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1610.523442][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1610.530984][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1610.538328][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1610.545674][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1610.556829][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1610.565084][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1610.572391][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1610.579699][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1610.587006][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1610.594839][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1610.602468][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1610.609784][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1610.617086][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1610.624356][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1610.631612][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1610.641135][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1610.657757][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1610.665082][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1610.672390][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1610.679699][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1610.687001][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1610.694639][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1610.701933][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1610.709227][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1610.716813][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1610.724127][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1610.731411][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1610.738693][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1610.764615][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1610.771960][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1610.779283][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1610.786602][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1610.793885][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1610.835980][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1610.843307][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1610.850605][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1610.857899][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1610.865170][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1610.872916][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1610.880231][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1610.887520][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1610.894820][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1610.902113][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1610.914958][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1610.922383][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1610.929694][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1610.937010][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1610.944313][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1610.987013][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1610.994370][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1611.001779][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1611.009091][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1611.016397][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1611.031250][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1611.038548][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1611.045790][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1611.053039][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1611.060291][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1611.068173][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1611.075579][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1611.082944][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1611.090281][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1611.097625][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1611.104995][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1611.112951][T18302] smsmdtv:smscore_sendrequest_and_wait: sendrequest returned error -22 [ 1611.122483][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1611.122588][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1611.122696][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1611.122788][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1611.158355][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1611.165680][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1611.173004][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1611.180328][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1611.187644][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1611.194941][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1611.202231][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1611.209514][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1611.216824][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1611.225107][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1611.232419][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1611.239669][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1611.246925][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1611.254163][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1611.261400][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1611.268643][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1611.275898][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1611.283150][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1611.296343][T18302] smsmdtv:smscore_set_device_mode: mode detect failed -22 [ 1611.303627][T18302] smsmdtv:smscore_start_device: set device mode failed , rc -22 [ 1611.311508][T18302] smsusb:smsusb_init_device: smscore_start_device(...) failed [ 1611.319458][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1611.327131][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 1611.337867][T18302] ------------[ cut here ]------------ [ 1611.343422][T18302] ODEBUG: free active (active state 0) object: ffff888021b26b08 object type: work_struct hint: do_submit_urb+0x0/0x360 [ 1611.343984][T18302] WARNING: CPU: 0 PID: 18302 at lib/debugobjects.c:518 debug_check_no_obj_freed+0x446/0x540 [ 1611.344029][T18302] Modules linked in: [ 1611.344046][T18302] CPU: 0 PID: 18302 Comm: kworker/0:5 Not tainted syzkaller #0 [ 1611.344067][T18302] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1611.344082][T18302] Workqueue: usb_hub_wq hub_event [ 1611.344108][T18302] RIP: 0010:debug_check_no_obj_freed+0x446/0x540 [ 1611.344137][T18302] Code: 4c 8b 4d 00 48 c7 c7 80 71 fc 8a 48 c7 c6 e0 6d fc 8a 48 c7 c2 00 73 fc 8a 8b 0c 24 4d 89 f8 41 55 e8 be f0 29 fd 48 83 c4 08 <0f> 0b 4c 8b 6c 24 18 48 b9 00 00 00 00 00 fc ff df ff 05 f3 a2 24 [ 1611.344157][T18302] RSP: 0018:ffffc90004186b38 EFLAGS: 00010282 [ 1611.344178][T18302] RAX: 5b7b26ccff24da00 RBX: ffffffff970ca8d8 RCX: 0000000000100000 [ 1611.344195][T18302] RDX: ffffc9001823d000 RSI: 000000000006b649 RDI: 000000000006b64a [ 1611.344211][T18302] RBP: ffffffff8aa9eac0 R08: ffff8880b8e28c13 R09: 1ffff110171c5182 [ 1611.344229][T18302] R10: dffffc0000000000 R11: ffffed10171c5183 R12: ffff888021b27000 [ 1611.344245][T18302] R13: ffffffff870be920 R14: ffff888021b26000 R15: ffff888021b26b08 [ 1611.344262][T18302] FS: 0000000000000000(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000 [ 1611.344282][T18302] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1611.344298][T18302] CR2: 0000001b30a0fff8 CR3: 000000005db93000 CR4: 00000000003506f0 [ 1611.344318][T18302] Call Trace: [ 1611.344329][T18302] [ 1611.344355][T18302] slab_free_freelist_hook+0xd2/0x1b0 [ 1611.344396][T18302] ? smsusb_term_device+0x1ac/0x220 [ 1611.344428][T18302] __kmem_cache_free+0xba/0x1f0 [ 1611.344473][T18302] smsusb_term_device+0x1ac/0x220 [ 1611.344506][T18302] smsusb_probe+0x1708/0x1da0 [ 1611.344552][T18302] ? s2255_print_cfg+0x1b0/0x1b0 [ 1611.344586][T18302] ? smsusb1_detectmode+0x260/0x260 [ 1611.344616][T18302] ? _raw_spin_unlock_irqrestore+0x86/0x110 [ 1611.344641][T18302] ? pm_runtime_enable+0x192/0x2a0 [ 1611.344668][T18302] ? __pm_runtime_set_status+0x8ab/0xb80 [ 1611.344702][T18302] usb_probe_interface+0x5a4/0xb00 [ 1611.344744][T18302] ? usb_register_driver+0x3d0/0x3d0 [ 1611.344771][T18302] really_probe+0x25b/0xb40 [ 1611.344798][T18302] ? pm_runtime_barrier+0x14b/0x1c0 [ 1611.344824][T18302] __driver_probe_device+0x18c/0x330 [ 1611.344851][T18302] driver_probe_device+0x4f/0x420 [ 1611.344885][T18302] __device_attach_driver+0x2ca/0x520 [ 1611.344915][T18302] bus_for_each_drv+0x24b/0x2d0 [ 1611.344936][T18302] ? coredump_store+0x90/0x90 [ 1611.344960][T18302] ? bus_find_device+0x320/0x320 [ 1611.344992][T18302] __device_attach+0x2b5/0x400 [ 1611.345018][T18302] ? device_attach+0x20/0x20 [ 1611.345038][T18302] ? __kmem_cache_free+0xba/0x1f0 [ 1611.345072][T18302] ? do_raw_spin_unlock+0x121/0x230 [ 1611.345103][T18302] bus_probe_device+0x180/0x260 [ 1611.345128][T18302] device_add+0x85b/0xc20 [ 1611.345161][T18302] usb_set_configuration+0x1a79/0x20c0 [ 1611.345219][T18302] usb_generic_driver_probe+0x8d/0x150 [ 1611.345250][T18302] usb_probe_device+0x13d/0x280 [ 1611.345282][T18302] ? usb_register_device_driver+0x230/0x230 [ 1611.345309][T18302] really_probe+0x25b/0xb40 [ 1611.345336][T18302] ? pm_runtime_barrier+0x14b/0x1c0 [ 1611.345362][T18302] __driver_probe_device+0x18c/0x330 [ 1611.345389][T18302] driver_probe_device+0x4f/0x420 [ 1611.345416][T18302] __device_attach_driver+0x2ca/0x520 [ 1611.345445][T18302] bus_for_each_drv+0x24b/0x2d0 [ 1611.345467][T18302] ? coredump_store+0x90/0x90 [ 1611.345489][T18302] ? bus_find_device+0x320/0x320 [ 1611.345520][T18302] __device_attach+0x2b5/0x400 [ 1611.345547][T18302] ? device_attach+0x20/0x20 [ 1611.345567][T18302] ? __kmem_cache_free+0xba/0x1f0 [ 1611.345600][T18302] ? do_raw_spin_unlock+0x121/0x230 [ 1611.345631][T18302] bus_probe_device+0x180/0x260 [ 1611.345655][T18302] device_add+0x85b/0xc20 [ 1611.345689][T18302] usb_new_device+0xa31/0x1630 [ 1611.345721][T18302] ? usb_disconnect+0x8a0/0x8a0 [ 1611.345761][T18302] ? _raw_spin_unlock_irq+0x23/0x50 [ 1611.345784][T18302] ? lockdep_hardirqs_on+0x98/0x150 [ 1611.345821][T18302] hub_event+0x2962/0x49c0 [ 1611.345911][T18302] ? hub_post_resume+0x120/0x120 [ 1611.750177][T18302] ? read_lock_is_recursive+0x20/0x20 [ 1611.750221][T18302] ? _raw_spin_unlock_irq+0x23/0x50 [ 1611.750249][T18302] ? process_scheduled_works+0x957/0x15b0 [ 1611.767621][T18302] ? process_scheduled_works+0x957/0x15b0 [ 1611.773456][T18302] process_scheduled_works+0xa45/0x15b0 [ 1611.779097][T18302] ? assign_work+0x400/0x400 [ 1611.783787][T18302] ? assign_work+0x39e/0x400 [ 1611.788427][T18302] worker_thread+0xa55/0xfc0 [ 1611.793106][T18302] ? _raw_spin_unlock_irqrestore+0xae/0x110 [ 1611.799043][T18302] ? _raw_spin_unlock+0x40/0x40 [ 1611.803992][T18302] ? _raw_spin_unlock_irqrestore+0x86/0x110 [ 1611.809954][T18302] kthread+0x2fa/0x390 [ 1611.814109][T18302] ? pr_cont_work+0x560/0x560 [ 1611.818835][T18302] ? kthread_blkcg+0xd0/0xd0 [ 1611.823522][T18302] ret_from_fork+0x48/0x80 [ 1611.827982][T18302] ? kthread_blkcg+0xd0/0xd0 [ 1611.832617][T18302] ret_from_fork_asm+0x11/0x20 [ 1611.837510][T18302] [ 1611.840582][T18302] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 1611.847889][T18302] CPU: 0 PID: 18302 Comm: kworker/0:5 Not tainted syzkaller #0 [ 1611.855458][T18302] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1611.865544][T18302] Workqueue: usb_hub_wq hub_event [ 1611.870619][T18302] Call Trace: [ 1611.873937][T18302] [ 1611.876905][T18302] dump_stack_lvl+0x16c/0x230 [ 1611.881636][T18302] ? show_regs_print_info+0x20/0x20 [ 1611.886877][T18302] ? load_image+0x3b0/0x3b0 [ 1611.891438][T18302] panic+0x2c0/0x710 [ 1611.895378][T18302] ? bpf_jit_dump+0xd0/0xd0 [ 1611.899929][T18302] ? ret_from_fork_asm+0x11/0x20 [ 1611.905008][T18302] __warn+0x2e0/0x470 [ 1611.909036][T18302] ? debug_check_no_obj_freed+0x446/0x540 [ 1611.914789][T18302] ? debug_check_no_obj_freed+0x446/0x540 [ 1611.920528][T18302] report_bug+0x2be/0x4f0 [ 1611.924877][T18302] ? debug_check_no_obj_freed+0x446/0x540 [ 1611.930623][T18302] ? debug_check_no_obj_freed+0x446/0x540 [ 1611.936363][T18302] ? debug_check_no_obj_freed+0x448/0x540 [ 1611.942120][T18302] handle_bug+0xcf/0x120 [ 1611.946381][T18302] exc_invalid_op+0x1a/0x50 [ 1611.950904][T18302] asm_exc_invalid_op+0x1a/0x20 [ 1611.955765][T18302] RIP: 0010:debug_check_no_obj_freed+0x446/0x540 [ 1611.962108][T18302] Code: 4c 8b 4d 00 48 c7 c7 80 71 fc 8a 48 c7 c6 e0 6d fc 8a 48 c7 c2 00 73 fc 8a 8b 0c 24 4d 89 f8 41 55 e8 be f0 29 fd 48 83 c4 08 <0f> 0b 4c 8b 6c 24 18 48 b9 00 00 00 00 00 fc ff df ff 05 f3 a2 24 [ 1611.981750][T18302] RSP: 0018:ffffc90004186b38 EFLAGS: 00010282 [ 1611.987829][T18302] RAX: 5b7b26ccff24da00 RBX: ffffffff970ca8d8 RCX: 0000000000100000 [ 1611.995808][T18302] RDX: ffffc9001823d000 RSI: 000000000006b649 RDI: 000000000006b64a [ 1612.003787][T18302] RBP: ffffffff8aa9eac0 R08: ffff8880b8e28c13 R09: 1ffff110171c5182 [ 1612.011777][T18302] R10: dffffc0000000000 R11: ffffed10171c5183 R12: ffff888021b27000 [ 1612.019769][T18302] R13: ffffffff870be920 R14: ffff888021b26000 R15: ffff888021b26b08 [ 1612.027752][T18302] ? smsusb_onresponse+0x890/0x890 [ 1612.032893][T18302] ? smsusb_onresponse+0x890/0x890 [ 1612.038029][T18302] slab_free_freelist_hook+0xd2/0x1b0 [ 1612.043424][T18302] ? smsusb_term_device+0x1ac/0x220 [ 1612.048669][T18302] __kmem_cache_free+0xba/0x1f0 [ 1612.053593][T18302] smsusb_term_device+0x1ac/0x220 [ 1612.058650][T18302] smsusb_probe+0x1708/0x1da0 [ 1612.063362][T18302] ? s2255_print_cfg+0x1b0/0x1b0 [ 1612.068323][T18302] ? smsusb1_detectmode+0x260/0x260 [ 1612.073565][T18302] ? _raw_spin_unlock_irqrestore+0x86/0x110 [ 1612.079481][T18302] ? pm_runtime_enable+0x192/0x2a0 [ 1612.084609][T18302] ? __pm_runtime_set_status+0x8ab/0xb80 [ 1612.090269][T18302] usb_probe_interface+0x5a4/0xb00 [ 1612.095413][T18302] ? usb_register_driver+0x3d0/0x3d0 [ 1612.100728][T18302] really_probe+0x25b/0xb40 [ 1612.105279][T18302] ? pm_runtime_barrier+0x14b/0x1c0 [ 1612.110491][T18302] __driver_probe_device+0x18c/0x330 [ 1612.115791][T18302] driver_probe_device+0x4f/0x420 [ 1612.120837][T18302] __device_attach_driver+0x2ca/0x520 [ 1612.126226][T18302] bus_for_each_drv+0x24b/0x2d0 [ 1612.131100][T18302] ? coredump_store+0x90/0x90 [ 1612.135793][T18302] ? bus_find_device+0x320/0x320 [ 1612.140754][T18302] __device_attach+0x2b5/0x400 [ 1612.145534][T18302] ? device_attach+0x20/0x20 [ 1612.150135][T18302] ? __kmem_cache_free+0xba/0x1f0 [ 1612.155183][T18302] ? do_raw_spin_unlock+0x121/0x230 [ 1612.160418][T18302] bus_probe_device+0x180/0x260 [ 1612.165305][T18302] device_add+0x85b/0xc20 [ 1612.169669][T18302] usb_set_configuration+0x1a79/0x20c0 [ 1612.175180][T18302] usb_generic_driver_probe+0x8d/0x150 [ 1612.180693][T18302] usb_probe_device+0x13d/0x280 [ 1612.185587][T18302] ? usb_register_device_driver+0x230/0x230 [ 1612.191512][T18302] really_probe+0x25b/0xb40 [ 1612.196046][T18302] ? pm_runtime_barrier+0x14b/0x1c0 [ 1612.201274][T18302] __driver_probe_device+0x18c/0x330 [ 1612.206610][T18302] driver_probe_device+0x4f/0x420 [ 1612.211660][T18302] __device_attach_driver+0x2ca/0x520 [ 1612.217058][T18302] bus_for_each_drv+0x24b/0x2d0 [ 1612.221937][T18302] ? coredump_store+0x90/0x90 [ 1612.226628][T18302] ? bus_find_device+0x320/0x320 [ 1612.231591][T18302] __device_attach+0x2b5/0x400 [ 1612.236391][T18302] ? device_attach+0x20/0x20 [ 1612.241021][T18302] ? __kmem_cache_free+0xba/0x1f0 [ 1612.246064][T18302] ? do_raw_spin_unlock+0x121/0x230 [ 1612.251294][T18302] bus_probe_device+0x180/0x260 [ 1612.256162][T18302] device_add+0x85b/0xc20 [ 1612.260515][T18302] usb_new_device+0xa31/0x1630 [ 1612.265300][T18302] ? usb_disconnect+0x8a0/0x8a0 [ 1612.270160][T18302] ? _raw_spin_unlock_irq+0x23/0x50 [ 1612.275367][T18302] ? lockdep_hardirqs_on+0x98/0x150 [ 1612.280587][T18302] hub_event+0x2962/0x49c0 [ 1612.285054][T18302] ? hub_post_resume+0x120/0x120 [ 1612.290007][T18302] ? read_lock_is_recursive+0x20/0x20 [ 1612.295398][T18302] ? _raw_spin_unlock_irq+0x23/0x50 [ 1612.300613][T18302] ? process_scheduled_works+0x957/0x15b0 [ 1612.306352][T18302] ? process_scheduled_works+0x957/0x15b0 [ 1612.312106][T18302] process_scheduled_works+0xa45/0x15b0 [ 1612.317705][T18302] ? assign_work+0x400/0x400 [ 1612.322314][T18302] ? assign_work+0x39e/0x400 [ 1612.326923][T18302] worker_thread+0xa55/0xfc0 [ 1612.331541][T18302] ? _raw_spin_unlock_irqrestore+0xae/0x110 [ 1612.337446][T18302] ? _raw_spin_unlock+0x40/0x40 [ 1612.342308][T18302] ? _raw_spin_unlock_irqrestore+0x86/0x110 [ 1612.348239][T18302] kthread+0x2fa/0x390 [ 1612.352316][T18302] ? pr_cont_work+0x560/0x560 [ 1612.357010][T18302] ? kthread_blkcg+0xd0/0xd0 [ 1612.361614][T18302] ret_from_fork+0x48/0x80 [ 1612.366042][T18302] ? kthread_blkcg+0xd0/0xd0 [ 1612.370640][T18302] ret_from_fork_asm+0x11/0x20 [ 1612.375433][T18302] [ 1612.378780][T18302] Kernel Offset: disabled [ 1612.383188][T18302] Rebooting in 86400 seconds..