last executing test programs: 2m8.926043619s ago: executing program 2 (id=248): openat$kvm(0xffffffffffffff9c, 0x0, 0x28100, 0x0) r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$NL80211_CMD_REGISTER_BEACONS(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0700f6ffffff0116df25020000000c0099000400000002"], 0x20}, 0x1, 0x0, 0x0, 0x91}, 0x0) 2m8.797171426s ago: executing program 2 (id=249): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)={0x6c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x2c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x1}]}, 0x6c}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x38, 0x3, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x38}}, 0x0) 2m8.718791222s ago: executing program 2 (id=251): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x15, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0x100}, [@ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x162b5679}}, @ringbuf_output={{}, {}, {}, {0x4}, {0x6, 0x0, 0xa}, {}, {}, {0x85, 0x0, 0x0, 0x33}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x100, 0x1108, 0x9, 0x1}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000000), &(0x7f00000002c0), 0xb, r0}, 0x38) bpf$MAP_LOOKUP_BATCH(0x1b, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000100), 0x0, 0x3, r0}, 0x38) 2m8.634036367s ago: executing program 2 (id=252): syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000340)='./file1\x00', 0x210000, &(0x7f0000002f40)={[{@nodelalloc}, {@dioread_lock}, {@barrier_val={'barrier', 0x3d, 0x5}}, {@nolazytime}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@lazytime}, {@errors_remount}, {@stripe={'stripe', 0x3d, 0x5}}, {@bh}, {@init_itable}]}, 0xfc, 0x56f, &(0x7f0000003780)="$eJzs3d9rW1UcAPDvTdPup66DMdQHGezByVy6tv6YIDgfRYcDfZ+hzcpouowmHWsduD24F19kCCIOxD/Adx+H/4B/xUAHQ0bRBxEiN73psjZp2i4z2fL5wG3Pyb23535z7vf2nNyEBDC0jqU/chEvR8Q3ScShlnX5yFYeW9tu9eH1mXRJol7/9M8kkuyx5vZJ9vtAVnkpIn79KuJkbnO71eWV+WK5XFrM6hO1hSsT1eWVU5cWinOludLlqenpM29NT737zts9i/X1839//8ndD898fXz1u5/vH76dxNk4mK1rjeMJ3GitHCv+m5VG4+yGDSd70NggSfp9AOzKSJbno5FeAw7FSJb1wPPvy4ioA0Mqkf8wpJrjgObcvkfz4GfGgw/WJkCN2Mda48+vvTYSextzo/2ryWMzo3S+O96D9tM2fvnjzu10ia1fh9jXpQ6wIzduRsTpfH7z9T/Jrn+7d7rx4vHWNrYxbP9/oJ/upuOfN9qN/3Lr459oM/450CZ3d6N7/ufu96CZjtLx33ttx7/rl67xkaz2QmPMN5pcvFQunY6IFyPiRNS73vo4s3qv3mld6/gvXdL2m2PB7Dju5/c8vs9ssVaMiLFdhvyYBzcjXsm3iz9Z7/+kTf+nz8f5bbZxtHTn1U7rusf/dNV/initbf8/6tZk6/uTE43zYaJ5Vmz2162jv3Vqv9/xp/2/f+v4x5PW+7XVnbfx495/Sp3W7fb8H0s+a5SbSXCtWKstTkaMJR9vfnzq0b7NenP7NP4Tx7e+/rU7/9PJ1+fbjP/WkVsdNx2E/p/dUf/vvHDvoy9+6NT+9vr/zUbpRPZIdv1rLztXtnuAT/r8AQAAAAAAwCDJRcTBSHKF9XIuVyisvb/jSOzPlSvV2smLlaXLs9H4rOx4jOaad7oPtbwfYjJ7P2yzPrWhPh0RhyPi25F9jXphplKe7XfwAAAAAAAAAAAAAAAAAAAAMCAOdPj8f+r3kX4fHfDUNb7YYE+/jwLoh65f+d+Lb3oCBlLX/AeeW/Ifhpf8h+El/2F4yX8YXvIfhpf8h+El/wEAAAAAAAAAAAAAAAAAAAAAAAAAAKCnzp87ly711YfXZ9L67NXlpfnK1VOzpep8YWFppjBTWbxSmKtU5sqlwkxlodvfK1cqVyanYunaRK1UrU1Ul1cuLFSWLtcuXFoozpUulEb/l6gAAAAAAAAAAAAAAAAAAADg2VJdXpkvlsulRYWOhfdjIA7jaQa4Zle75wclCoUOhZtZ9+5srz5elAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgg/8CAAD//4yLMZo=") syz_mount_image$fuse(0x0, &(0x7f0000000300)='./bus\x00', 0x3000001, 0x0, 0x1, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]}) llistxattr(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) 2m8.297849417s ago: executing program 2 (id=257): r0 = socket(0x10, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000240)={'veth0_virt_wifi\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000740)=@newqdisc={0x8c, 0x24, 0xf0b, 0x70bd26, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0xffff}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x5b, 0x2, {{0x1, [], 0x0, [0x1, 0x2, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c4, 0x0, 0x0, 0x0, 0x3df], [0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000]}, [@TCA_MQPRIO_MAX_RATE64={0x4}]}}}]}, 0x8c}}, 0x20000000) 2m6.256909994s ago: executing program 2 (id=263): pipe2$watch_queue(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) r1 = add_key$keyring(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$KEYCTL_WATCH_KEY(0x20, r1, r0, 0x3b) keyctl$clear(0x7, r1) 2m5.872307196s ago: executing program 32 (id=263): pipe2$watch_queue(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) r1 = add_key$keyring(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$KEYCTL_WATCH_KEY(0x20, r1, r0, 0x3b) keyctl$clear(0x7, r1) 1m54.022238906s ago: executing program 4 (id=350): r0 = socket$inet(0x2, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000140)='bridge0\x00', 0x10) sendto$inet(r0, 0x0, 0x0, 0x8004, &(0x7f0000000080)={0x2, 0x0, @multicast1}, 0x10) sendto$inet(r0, &(0x7f00000008c0)="8b4ff4a01daf0082", 0x1c, 0x10000, &(0x7f0000000100)={0x2, 0x4e24, @multicast1}, 0x10) 1m53.87518386s ago: executing program 4 (id=353): syz_mount_image$hfsplus(&(0x7f0000000100), &(0x7f0000000180)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2000010, &(0x7f0000000000)=ANY=[], 0x1, 0x6f6, &(0x7f0000000340)="$eJzs3c1vHGcdB/DvrNeON1Sp0yY0QkGYRCpIEYkTK4VwwSCEcqhQVQ49W4nTWHGSKnFRWiFwAcEJiUP/gILkGweExD0oXLiUW68+VkLiEnGIelk0s7Pr3fX6LfFLAp9PNJ5n5nnmmd/+5pmZ3XWsCfB/6+q5NB+myNVzbz4ol9dWZ5fWVmeP1NVLScpyI2l2ZinuJMWjZK6sL/qm9M03+HjxytufPV77vLPUrKeq/dhW240wou1KPWW67m965JbjO93FSh1eXkpyrZ4PmthpXwMNy6Sdredw6NqDGmmv7Gbz3Zy3wHOme3cqOvfNDaaSo0km6/cBqa8OjYOLcE99vVvY1VUOAAAAXlCf3j3sCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAODFUz3/v9VbbHRWJdMpus//n+iuq8vPobkdt3y4r3EAAAAAAAAAwMH42pM8yYMcK8vjSdpF9Tv/M1XliXzRTr6U93M/C7mX83mQ+SxnOfdyMclUX0cTD+aXl+9d7G1ZGr3lpZFbXjrIVw0AAAAAAAAA/3N+mVbn9/8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPC8KJKxzqyaTtTzTKXRzHpdVpJ/Jpk47Hh3oRi18uHBxwEAAADPZHLUyvGtt3n5SZ7kQY51l9tF9Zn/y9Xn5cm8nztZzmKWs5SFXK8/Q5ef+htrq7NLa6uzt8upXB7s9/v/3lUoE3UPY9XSqD2fqlq0ciOL1ZrzuVYFcz2Nzr7PJqe68fTF1eejMqbie7Wt89LTrNNa7uz3m32LsCcGv4pobNGytR5c0svITB1bueXxTgaK6ouaZDgTw0dnw86aA0tTVZPx3p4uptH75ufEPuT8aD0vX89v9jXnO9Gfi14mGqkycak7+spzZutMJN/465/eubl059bNG/fPHe5L2oWxTdYPj4nZvky89kJnornL9jNVJk72lq/mR/lJzmU6b+VeFvPTzGc5C2nX9fP1eC5/To3MVC8lcwM7emu7SCbq49I5ZjuJaTo/rErzOVNteyyLKXI317OQN6p/l3Ix387lXM6VviN8ctMjXMVenfWN4bO++7L+NjL4s9+sC+XV7bfrV7m5rV7xZqNzr3Su/WVej/fltTPqH/daHe87D2b6svRKNzuj73xPc21sfqUulPv41Tb3iYM1VWeiPIG6d4ludK92MtGs7kUbrwh/aFdvDpbutNs359/bpP+VoeXX63k5rFa/urF1MbxBZZv3Q3uiHC+vZLK+kgyOjrLu1d5Vpq+uvT6WO3WDd9xyu5NVXVF0z9Qf5241ADaeqRP1e7iNPV2q6l4bqjtdX8PLulN9dQPvt3I3S7l+APkD4Gn8451ecSpHJ1r/an3a+qT169bN1puTPzjynSOnJzL+9/HvNmfGXm+cLv6ST/Lz9c//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA07v/wYe35peWFu6NLjQ2rxootDK8ZruehwpF/UCfUW1u1U8p2FWHh1yYTDKwpnrO0YGH0RoOY0Oh/YvkwPPTfYjg6Da/KwvNHR3uuYE1f97Y4UfbxzOWoXG4g/NiHwuN7EvP7Zc3GQljGT0ADuuKBByUC8u337tw/4MPv7V4e/7dhXcX7oxfvnxl5srlN2Yv3FhcWpjp/DzsKIH9sH7TP+xIAAAAAAAAAAAAgJ0a9acCZ17a7o9GNhQaSYb/xsP/LAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD2xNVzaT5MkYsz52fK5bXV2aVy6pbXWzaTNBpJ8bOkeJTMpTNlqq+7In98lPaI/Xy8eOXtzx6vfb7eV7PTPmnU881tXZtkpZ4ynWSsnj+Dgf6uPXN/xX+6r6FM2Bftdnvu2eKDvfHfAAAA//+0rO1Q") mkdir(&(0x7f0000000280)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0/file1\x00', 0xc1) openat(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0xc4042, 0x1ff) 1m53.464981567s ago: executing program 4 (id=358): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0x12, 0xb, 0x4, 0x2}, 0x50) socketpair(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000005c0)={r0, &(0x7f0000000480), &(0x7f0000000580)=@tcp=r2}, 0x20) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000080)={r0, &(0x7f0000000380), &(0x7f0000000100)=@tcp6=r1, 0x1}, 0x20) 1m53.127146497s ago: executing program 4 (id=363): syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x404, &(0x7f0000000580)={[{@max_batch_time={'max_batch_time', 0x3d, 0x4}}, {@max_batch_time={'max_batch_time', 0x3d, 0x2}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x6a}}, {@block_validity}, {@errors_remount}, {@nombcache}]}, 0x1, 0x44f, &(0x7f0000000640)="$eJzs28tvG8UfAPDvrpP219cvoSqPPoBAQVQ8kiYtpQcuIJA4gIQEh3IMSVqVug1qgkSrCAJC5YgqcUcckfgLOMEFASckrnBHlSoUIbVwMlp7N7Ed23nUiaH+fKRtZ3bXnfl6drwzO90A+tZI9kcSsTcifo2IoVq28YSR2l+3lxam/lpamEqiUnnjj6R63q2lhani1OJze4rMQET6SRKHW5Q7d+XqhclyeeZynh+bv/ju2NyVq8+cvzh5bubczKWJ06dPnhh/7tTEs12JM4vr1qEPZo8cfOWt669Nnbn+9o9fJ0X8TXF0yUing49XKl0urrf21aWTgR5WhA0p1bppDFb7/1CUYqXxhuLlj3taOWBLVSqVyn3tDy9WgLtYEr2uAdAbxY0+m//mW3Hr34bRR+/dfKE2Acpiv51vtSMDkebnDDbNb7tpJCLOLP79RbbFRp9DpFtUKQDgrvZtNv55umH8l48/0qh/LvT/fA1lOCLuiYj9EXEqIg5ExL0R1XPvj4gHWhWStC+/eZFk9fgnvbHp4NYhG/89n69tNY7/lgdXw6U8t68a/2By9nx55nj+nRyLwZ1ZfrxDGd+99Mtn7Y7Vj/+yLSu/GAvm9bgxsLPxM9OT85N3EnO9mx9FHBpoFX+yvBKQNd/BiDi0yTLOP/nVkSJ9uNR4bO34O+jCOlPly4gnau2/GE3xF5LO65Nj/4vyzPGx4qpY7aefr73ervw7ir8Lsvbf3fL6X45/OKlfr53beBnXfvu07Zxms9f/juTNhn3vT87PXx6P2JG8Wqt0/f6JpvMmVs7P4j92tHX/3x8r38Th7PpPIx6MiIci4uG87o9ExKMRcbRD/D+8+Ng7HeP/s138Ozv8q92RxT/d0P7FD1+79l9J7IjmPa0TpQvff9NQ6HBT/Gu2/8lq6li+Zz2/f+up1+auZgAAAPjvySb7eyNJR5fTaTo6Wvs//Adid1qenZt/6uzse5ema+8IDMdgWjzpGqp7HjqeT+uL/ERT/kT+3Pjz0q5qfnRqtjzd6+Chz+1p0/8zv5d6XTtgy3lfC/qX/g99q/49AKDPuP9D/2rR/3f1oh7A9mt1//+wB/UAtl9T/7fsB33E/B/6l/4P/Uv/h740tyvWfkleQmJVItJ/RTUktijR618mAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA7vgnAAD//wW66qg=") chdir(&(0x7f0000000180)='./file0\x00') mount$bind(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340)='./file0\x00', 0x0, 0x41000, 0x0) lstat(&(0x7f0000004dc0)='./file0\x00', &(0x7f0000004e00)) 1m52.430911423s ago: executing program 4 (id=371): bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000040000008500000005000000850000005000000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x12, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_GET_PROG_INFO(0xa, &(0x7f0000000740)={r0, 0x0, 0x0}, 0x10) 1m50.322468198s ago: executing program 4 (id=396): syz_mount_image$udf(&(0x7f0000000a40), &(0x7f0000000680)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x4440, &(0x7f0000000000)=ANY=[], 0x1, 0xa2d, &(0x7f0000000a80)="$eJzs209sm+d9B/Dfw1eyaadrFbd1kzbLWLQIPKUN5P9KvAH2rApt5iZGZWXzZTBlyQ4R/askF043tB42oAjQg1FgPWzAkMsOA3bwDrvsFGzAMGDYYOwwFCvaaemapTcVG5DTpuJ9+VCiZNlWY8uS7c/HsL/ky99LPn9o8iUfvgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAARPzWl04NHEzb3QoA4EF6ZeRrA4e9/wPAY+Wcz/8AAAAAAAAAAAAAALDTpSjizyLF6z9aSheq6231M63pK1dHh4Y33m1PihS1KKr68m/94KHDR44eOz7YyTvvf789Ha+OnDvVOD0zNTs3MT8/Md4YnW5dnBmf2PQ93Ov+6/VXA9CYeuPK+KVL841DLxxec/PVvvd2P7G/78Txl8/v69SODg0Pj3TV9PR+6Ee/xe3O8NgVRfwkUtS/835qRkQt7n0s7vLc2Wp7qk70V50YHRquOjLZak4vlDemWq6qRfR17XSyM0YPYC7uSSPiWtn8ssH9ZfdGZptzzbHJicbZ5txCa6E1M51q7daW/emLWgymiNmIWCpuvbveKOI/IsV3P1hKYxFRdMbh+erE4Lu3p7YFfdyEnrJvRcTNeAjmbAfbHUW8FSm+d34gLuZxrYbtuYivlvlsxNfLXIy4nq+n8gnyTMTPN3g+8XDpiSL+OVLMpKU03pn76nXlzGuNr0xfmumq7byuPPTvDw/SDn9tqkcRY9Ur/lL6JQ52/n4r2wQAAAAAwP1QxN9GihtTB9JsdK8ptqYvN841xybb3wp3vvtv5L2Wl5eX+1I7GzkHcp7MeTbnhZyzOa/lvJ7z7Zw3cr6T82bOxZxLOaOWHz9nI+dAzpM5z+a8kHM257Wc13O+nfNGzndy3sy5mHMpZ1j3AgAAAAAAAGCH2RNF/DBSfO5vvlGdVxzVeekfOzF44Muf7z5n/FN3uZ+y9oWIuBGbOye3N586nGrln/vfLzanHkV8K5//94fb3RgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGBb1aKIT0WK77+1lCJFRCPiQrRzsdju1gEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfRj0VcTpS/OxL9er6zYj4dET8/3L5JyIWl9fZ7hYDAAAAAAAAALdIRQxEiiefXkp9EXG1773dT+zvO3H85fP7iigilSXd9a+OnDvVOD0zNTs3MT8/Md4YnW5dnBmf2OzD1c+0pq9cHR0a3pLO3NWeLW7/nvrpmdk351qXX1/Y8Pa99VNj8wtzzYsb3xx7ohYx0L2lv2rw6NBw1ejJVnO62jXVbtPAWkRjs50BAAAAAAAA4JGxNxVxNFK83jqSOuvGPe01/19pXytWav/iD1Z/CzC5Lju6fz+wmctpsw3trxbeG6NDw8MjXZt7em8tLduUUhF/HSk+87tPVevhKfZuuDZe1u2KFMe+cSTX9X2mrDu5pqrePzo03HhlZvqLpyYnZy42F5pjkxONkdnmxU3/cAAAAAAAAAAAttDeVMSfR4rfG7iZOued5/X/nva1rvX/36iW0Cv1tDZXVGv7H63W9tuXP3ZisDH8a7fbvhXr/2WbUiri3yPFk7//VHU+fWf9f2BdbVn3P5Hi3/7pmVxX21XWHex0p32Pl1qTEwMpj9Vnn+/URlV7PNd+fLX2YFn72Ujxl8+trR3MtZ9YrT1U1v5xpPi/oxvXfnK19nBZ+0eR4rffbXRq95a1Z3Lt/tXaFy7OTI7fbVjL+f+7SHH2Z19OnT7fdv67fv9xbV2uuGXO73z5fs1/X9e2a3lef5jn/+Bd5v8fIsWf/PiZXNce+0P59ierf1fn/3cixX//6traY7l232rtwc12a7uV8/+FSHHiBz9Y6XOe/zyyqzPUPf+f7lmbK8+SbZr/J7u29eV2Hf4lx+JxNP/mN99oTk5OzLmwnRf6dkYzHtSF8ihiBzTDhTtc2O5XJh6E8v3/XyLFS2dqqXMck9//P9K+tnr898G3Vt//X1qXK7bp/X9f17aX8lFLb09EfWFqtnd/RH3+zW9+sTXVvDxxeWJ68NjRIy8OHjv2Yu+uzrHd6qVND90joZz/M5HitR//68rnmLXHfxsf/+9dlyu2af4/3t2nNcc1mx6Kx1I5/9cjxbfffX/l8+adjv87n/8PfG5trvz/26b5/0TXtuo3/h+NeLFr24FPRpza7GMBAADAI2ZvXif/01//x5Vz3td+/o/Pd2q7v/+5nZ1w/j8AAAAAADzu9qYi/ipS/O/AF1LnHLLN/P5zfF2u2Kbf/+3v2jb+gM5r2fQgAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADsQCmKeDZSvP6jpbRYlNfb6mda01eujg4Nb7zbnhQpalFU9eXf+sFDh48cPXZ8sJN33v9+ezpeHTl3qnF6Zmp2bmJ+fmK8MTrdujgzPrHpe7jX/dfrrwagMfXGlfFLl+Ybh144vObmq33v7X5if9+J4y+f39epHR0aHh7pqunp/dCPfot0m+27oohLkaL+nffTfxYRtbj3sbjLc2er7ak60V91YnRouOrIZKs5vVDemGq5qhbR17XTyc4YPYC5uCeNiGtl88sG95fdG5ltzjXHJicaZ5tzC62F1sx0qrVbW/anL2oxmCJmI2KpuPXueqOIsUjx3Q+W0rtFRNEZh+dfGfnawOG7t6e2BX3stvztDTf3lH0rIm7GQzBnO9juKOIjkeJ75wfiJ0V7XKthey7iq2U+G/H1MhcjrufrqXyCPBPx8w2eTzxceqKIs5FiJi2l/yry3FevK2dea3xl+tJMV23ndeWhf394kHb4a1M9ivhp9Yq/lH7q/zMAAAAAwCOkiN+MFDemDqRqfXBlTbE1fblxrjk22f5av/PdfyPvtby8vNyX2tnIOZDzZM6zOS/knM15Lef1nG/nvJHznZw3cy7mXMoZtfz4ORs5B3KezHk254Wcszmv5bye8+2cN3K+k/NmzsWcSznD9+QAAAAAAADADlSLIp6KFN9/ayktF+0F3gvRzkXrnI+8XwQAAP//JFY90Q==") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='cpuset.effective_cpus\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000200), 0xfea7) openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x101042, 0x15) 1m49.983827047s ago: executing program 33 (id=396): syz_mount_image$udf(&(0x7f0000000a40), &(0x7f0000000680)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x4440, &(0x7f0000000000)=ANY=[], 0x1, 0xa2d, &(0x7f0000000a80)="$eJzs209sm+d9B/Dfw1eyaadrFbd1kzbLWLQIPKUN5P9KvAH2rApt5iZGZWXzZTBlyQ4R/askF043tB42oAjQg1FgPWzAkMsOA3bwDrvsFGzAMGDYYOwwFCvaaemapTcVG5DTpuJ9+VCiZNlWY8uS7c/HsL/ky99LPn9o8iUfvgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAARPzWl04NHEzb3QoA4EF6ZeRrA4e9/wPAY+Wcz/8AAAAAAAAAAAAAALDTpSjizyLF6z9aSheq6231M63pK1dHh4Y33m1PihS1KKr68m/94KHDR44eOz7YyTvvf789Ha+OnDvVOD0zNTs3MT8/Md4YnW5dnBmf2PQ93Ov+6/VXA9CYeuPK+KVL841DLxxec/PVvvd2P7G/78Txl8/v69SODg0Pj3TV9PR+6Ee/xe3O8NgVRfwkUtS/835qRkQt7n0s7vLc2Wp7qk70V50YHRquOjLZak4vlDemWq6qRfR17XSyM0YPYC7uSSPiWtn8ssH9ZfdGZptzzbHJicbZ5txCa6E1M51q7daW/emLWgymiNmIWCpuvbveKOI/IsV3P1hKYxFRdMbh+erE4Lu3p7YFfdyEnrJvRcTNeAjmbAfbHUW8FSm+d34gLuZxrYbtuYivlvlsxNfLXIy4nq+n8gnyTMTPN3g+8XDpiSL+OVLMpKU03pn76nXlzGuNr0xfmumq7byuPPTvDw/SDn9tqkcRY9Ur/lL6JQ52/n4r2wQAAAAAwP1QxN9GihtTB9JsdK8ptqYvN841xybb3wp3vvtv5L2Wl5eX+1I7GzkHcp7MeTbnhZyzOa/lvJ7z7Zw3cr6T82bOxZxLOaOWHz9nI+dAzpM5z+a8kHM257Wc13O+nfNGzndy3sy5mHMpZ1j3AgAAAAAAAGCH2RNF/DBSfO5vvlGdVxzVeekfOzF44Muf7z5n/FN3uZ+y9oWIuBGbOye3N586nGrln/vfLzanHkV8K5//94fb3RgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGBb1aKIT0WK77+1lCJFRCPiQrRzsdju1gEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfRj0VcTpS/OxL9er6zYj4dET8/3L5JyIWl9fZ7hYDAAAAAAAAALdIRQxEiiefXkp9EXG1773dT+zvO3H85fP7iigilSXd9a+OnDvVOD0zNTs3MT8/Md4YnW5dnBmf2OzD1c+0pq9cHR0a3pLO3NWeLW7/nvrpmdk351qXX1/Y8Pa99VNj8wtzzYsb3xx7ohYx0L2lv2rw6NBw1ejJVnO62jXVbtPAWkRjs50BAAAAAAAA4JGxNxVxNFK83jqSOuvGPe01/19pXytWav/iD1Z/CzC5Lju6fz+wmctpsw3trxbeG6NDw8MjXZt7em8tLduUUhF/HSk+87tPVevhKfZuuDZe1u2KFMe+cSTX9X2mrDu5pqrePzo03HhlZvqLpyYnZy42F5pjkxONkdnmxU3/cAAAAAAAAAAAttDeVMSfR4rfG7iZOued5/X/nva1rvX/36iW0Cv1tDZXVGv7H63W9tuXP3ZisDH8a7fbvhXr/2WbUiri3yPFk7//VHU+fWf9f2BdbVn3P5Hi3/7pmVxX21XWHex0p32Pl1qTEwMpj9Vnn+/URlV7PNd+fLX2YFn72Ujxl8+trR3MtZ9YrT1U1v5xpPi/oxvXfnK19nBZ+0eR4rffbXRq95a1Z3Lt/tXaFy7OTI7fbVjL+f+7SHH2Z19OnT7fdv67fv9xbV2uuGXO73z5fs1/X9e2a3lef5jn/+Bd5v8fIsWf/PiZXNce+0P59ierf1fn/3cixX//6traY7l232rtwc12a7uV8/+FSHHiBz9Y6XOe/zyyqzPUPf+f7lmbK8+SbZr/J7u29eV2Hf4lx+JxNP/mN99oTk5OzLmwnRf6dkYzHtSF8ihiBzTDhTtc2O5XJh6E8v3/XyLFS2dqqXMck9//P9K+tnr898G3Vt//X1qXK7bp/X9f17aX8lFLb09EfWFqtnd/RH3+zW9+sTXVvDxxeWJ68NjRIy8OHjv2Yu+uzrHd6qVND90joZz/M5HitR//68rnmLXHfxsf/+9dlyu2af4/3t2nNcc1mx6Kx1I5/9cjxbfffX/l8+adjv87n/8PfG5trvz/26b5/0TXtuo3/h+NeLFr24FPRpza7GMBAADAI2ZvXif/01//x5Vz3td+/o/Pd2q7v/+5nZ1w/j8AAAAAADzu9qYi/ipS/O/AF1LnHLLN/P5zfF2u2Kbf/+3v2jb+gM5r2fQgAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADsQCmKeDZSvP6jpbRYlNfb6mda01eujg4Nb7zbnhQpalFU9eXf+sFDh48cPXZ8sJN33v9+ezpeHTl3qnF6Zmp2bmJ+fmK8MTrdujgzPrHpe7jX/dfrrwagMfXGlfFLl+Ybh144vObmq33v7X5if9+J4y+f39epHR0aHh7pqunp/dCPfot0m+27oohLkaL+nffTfxYRtbj3sbjLc2er7ak60V91YnRouOrIZKs5vVDemGq5qhbR17XTyc4YPYC5uCeNiGtl88sG95fdG5ltzjXHJicaZ5tzC62F1sx0qrVbW/anL2oxmCJmI2KpuPXueqOIsUjx3Q+W0rtFRNEZh+dfGfnawOG7t6e2BX3stvztDTf3lH0rIm7GQzBnO9juKOIjkeJ75wfiJ0V7XKthey7iq2U+G/H1MhcjrufrqXyCPBPx8w2eTzxceqKIs5FiJi2l/yry3FevK2dea3xl+tJMV23ndeWhf394kHb4a1M9ivhp9Yq/lH7q/zMAAAAAwCOkiN+MFDemDqRqfXBlTbE1fblxrjk22f5av/PdfyPvtby8vNyX2tnIOZDzZM6zOS/knM15Lef1nG/nvJHznZw3cy7mXMoZtfz4ORs5B3KezHk254Wcszmv5bye8+2cN3K+k/NmzsWcSznD9+QAAAAAAADADlSLIp6KFN9/ayktF+0F3gvRzkXrnI+8XwQAAP//JFY90Q==") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='cpuset.effective_cpus\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000200), 0xfea7) openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x101042, 0x15) 1m6.561367048s ago: executing program 0 (id=788): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0xfffffffe, '\x00', 0x0, 0x0}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x3, 0x8, &(0x7f0000000740)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0x23, &(0x7f0000000000)={r1, r0}, 0xc) 1m6.226498088s ago: executing program 0 (id=792): r0 = socket$kcm(0x2, 0x2, 0x0) setsockopt$sock_attach_bpf(r0, 0x1, 0xf, &(0x7f00000002c0), 0x161) sendmsg$inet(r0, &(0x7f0000000440)={0x0, 0x0, 0x0}, 0x48000) setsockopt$sock_attach_bpf(r0, 0x1, 0x31, &(0x7f0000000640), 0x4) 1m6.058335968s ago: executing program 0 (id=793): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_IBSS(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000180)={0x3c, r1, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0x5, 0x34, @random='n'}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0x4}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x6}]]}, 0x3c}, 0x1, 0x0, 0x0, 0x7040}, 0x20004800) 1m5.760297205s ago: executing program 0 (id=798): syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000340)='./file1\x00', 0x210000, &(0x7f0000002f40)={[{@nodelalloc}, {@dioread_lock}, {@barrier_val={'barrier', 0x3d, 0x5}}, {@nolazytime}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@lazytime}, {@errors_remount}, {@stripe={'stripe', 0x3d, 0x5}}, {@bh}, {@init_itable}]}, 0xfc, 0x56f, &(0x7f0000003780)="$eJzs3d9rW1UcAPDvTdPup66DMdQHGezByVy6tv6YIDgfRYcDfZ+hzcpouowmHWsduD24F19kCCIOxD/Adx+H/4B/xUAHQ0bRBxEiN73psjZp2i4z2fL5wG3Pyb23535z7vf2nNyEBDC0jqU/chEvR8Q3ScShlnX5yFYeW9tu9eH1mXRJol7/9M8kkuyx5vZJ9vtAVnkpIn79KuJkbnO71eWV+WK5XFrM6hO1hSsT1eWVU5cWinOludLlqenpM29NT737zts9i/X1839//8ndD898fXz1u5/vH76dxNk4mK1rjeMJ3GitHCv+m5VG4+yGDSd70NggSfp9AOzKSJbno5FeAw7FSJb1wPPvy4ioA0Mqkf8wpJrjgObcvkfz4GfGgw/WJkCN2Mda48+vvTYSextzo/2ryWMzo3S+O96D9tM2fvnjzu10ia1fh9jXpQ6wIzduRsTpfH7z9T/Jrn+7d7rx4vHWNrYxbP9/oJ/upuOfN9qN/3Lr459oM/450CZ3d6N7/ufu96CZjtLx33ttx7/rl67xkaz2QmPMN5pcvFQunY6IFyPiRNS73vo4s3qv3mld6/gvXdL2m2PB7Dju5/c8vs9ssVaMiLFdhvyYBzcjXsm3iz9Z7/+kTf+nz8f5bbZxtHTn1U7rusf/dNV/initbf8/6tZk6/uTE43zYaJ5Vmz2162jv3Vqv9/xp/2/f+v4x5PW+7XVnbfx495/Sp3W7fb8H0s+a5SbSXCtWKstTkaMJR9vfnzq0b7NenP7NP4Tx7e+/rU7/9PJ1+fbjP/WkVsdNx2E/p/dUf/vvHDvoy9+6NT+9vr/zUbpRPZIdv1rLztXtnuAT/r8AQAAAAAAwCDJRcTBSHKF9XIuVyisvb/jSOzPlSvV2smLlaXLs9H4rOx4jOaad7oPtbwfYjJ7P2yzPrWhPh0RhyPi25F9jXphplKe7XfwAAAAAAAAAAAAAAAAAAAAMCAOdPj8f+r3kX4fHfDUNb7YYE+/jwLoh65f+d+Lb3oCBlLX/AeeW/Ifhpf8h+El/2F4yX8YXvIfhpf8h+El/wEAAAAAAAAAAAAAAAAAAAAAAAAAAKCnzp87ly711YfXZ9L67NXlpfnK1VOzpep8YWFppjBTWbxSmKtU5sqlwkxlodvfK1cqVyanYunaRK1UrU1Ul1cuLFSWLtcuXFoozpUulEb/l6gAAAAAAAAAAAAAAAAAAADg2VJdXpkvlsulRYWOhfdjIA7jaQa4Zle75wclCoUOhZtZ9+5srz5elAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgg/8CAAD//4yLMZo=") syz_mount_image$fuse(0x0, &(0x7f0000000300)='./bus\x00', 0x3000001, 0x0, 0x1, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]}) llistxattr(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) 1m5.319382036s ago: executing program 0 (id=800): openat$kvm(0xffffffffffffff9c, 0x0, 0x28100, 0x0) r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$NL80211_CMD_REGISTER_BEACONS(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0700f6ffffff0116df25020000000c0099000400000002"], 0x20}, 0x1, 0x0, 0x0, 0x91}, 0x0) 1m2.900889146s ago: executing program 0 (id=816): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) mincore(&(0x7f0000000000/0x800000)=nil, 0x800000, &(0x7f0000000000)=""/188) 1m2.678770607s ago: executing program 34 (id=816): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) mincore(&(0x7f0000000000/0x800000)=nil, 0x800000, &(0x7f0000000000)=""/188) 5.390292009s ago: executing program 3 (id=1456): r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000001280)='/proc/mdstat\x00', 0x0, 0x0) read$hiddev(r0, &(0x7f00000000c0)=""/4092, 0xffc) preadv(r0, &(0x7f00000010c0)=[{&(0x7f0000001240)=""/17, 0x11}], 0x1, 0x0, 0x0) read$hiddev(r0, &(0x7f0000001100)=""/234, 0xea) 5.208267787s ago: executing program 3 (id=1458): syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000340)='./bus\x00', 0x0, &(0x7f0000000a00)=ANY=[@ANYBLOB="6e6f6e756d7461696c2c6e66732c73686f72746e616d653d6c6f7765722c757466383d312c64656275672c696f636861727365743d757466382c73686f72746e616d653d6d697865642c757466383d312c004845160000000000", @ANYRESOCT=0x0, @ANYBLOB="8d127aa1d1c885a53d723712bdbaf59f77716a620a92fc6af42aea684fc1b04206710d7591cae5e6e5e6aa6a8047b986e34072c01890254bd0f0d27d9bd161bc457efccb6da522cf3c2210dacbcad1c8523ebde1f4", @ANYRESHEX, @ANYBLOB="9cf9ad258963981511d9de699a75f5d71cb604eabc48fd892b4dc3737520bd5bda32268404ab99a848bf77fb6a5725f795bbb1f2dfdf284e7f82f6668ecefa6a85a7cc434bd34e91014dabf203309be1bf6999d8f59d0dd567ecf9a87c680dd467a682cb262e4d90b57237e3cdf84c85df4749a4ef6a67dc6556b6ff4ae8f5026f865e4075efa250a02a670d48851a6cf97522e52300c7ef213ef50de6979ee12e2ecb9f5068e3e68e8d06c5ad68570a9e9e1fec5bcfedf4b7f56b0fa96f8b4cdb9f5178efb59d90367e10da96bd6b57ac82f23fd4d18692fe381bc4f2cc390a5056cccee185b77089246101c0647c3486055342dd36"], 0x1, 0x2d2, &(0x7f0000000dc0)="$eJzs3U9LG3kcx/HPGtfEiCYLy8Iu7O6P3cvuJWj2AeyGRWHZQIs10vZQGOukDZkmMhMsKaXmUnrt45Aeeyu0fQJeSi+99dCbFAq9eCid4kyiE80/W2Osvl8g8818fx/np4nyTcC4ffnhrXLRyxStmsYSRmNSQztSerdq+qZ5HAvqCUU19OfU+1c/X7py9f9cPj+/aMxCbumvrDFm5tent+8++u15bWr58cyTuLbS17bfZd9sTWz9uP1x6WbJMyXPVKo1Y5mVarVmrTi2WS155YwxFx3b8mxTqni229YvOtW1tbqxKqvTyTXX9jxjVeqmbNdNrWpqbt1YN6xSxWQyGTOd1Pk2PsCawubiopXr2vZjx7ojDN1kp5Oum2t0bhY2T2BPAADglOk9/4ezfvf5P78cHnvM/wlJbfP/D/3nf4n5f0gabbf6zP84E1w3ZyWbP7/tmP8BAAAAAAAAAAAAAAAAAAAAAPga7Ph+yvf91O6xeSq4HZeUkOQ3+yPeJoYkev/7kY8+9//fI9oujlnkD/cSkvNgvbBeCI9hP1dUSY5szSqlD8HjoSmsF/7Lz8+aQFrPnI1mfmO9EFO8lW9Jd8r/8t1cmDft+W+VjF4/q5S+73z9bMf8hP74PZLPKKUX11WVo9Xgcb2fvzdnzL8X8gfyk8E6AAAAAADOgozZc+j5e9APFiR0uB/mI68P+L6/0ev1gQPPr8f10yBvUQkAAAAAAL6YV79TthzHdrsVie6tuKR+8bZi7x8QHCk1eOH70nA+81GKmEZ59W7FP5JOwTZOqkhICs+Yz4m/3YsPlPIHWDMuaeTflo7F646t0f5eAgAAAHD89of+I4Re3h/ijgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOH8Gfauw1vpDrVajRzxyudiJf4EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAKfIpAAD//3CBFzw=") mkdir(&(0x7f00000000c0)='./bus\x00', 0x0) syz_mount_image$vfat(&(0x7f00000002c0), &(0x7f0000000200)='./file0/file0\x00', 0x812488, 0x0, 0xff, 0x0, &(0x7f00000007c0)) rename(&(0x7f0000000440)='./bus\x00', &(0x7f0000000240)='./file0/file0\x00') 4.728070701s ago: executing program 3 (id=1462): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) mknod(&(0x7f0000000000)='./bus\x00', 0x1000, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x8) syz_mount_image$f2fs(&(0x7f0000000040), &(0x7f00000000c0)='./bus\x00', 0x2000401, &(0x7f00000001c0)={[{@noinline_xattr}, {@heap}, {@discard}, {@fault_type}, {@block_mode}, {@noextent_cache}, {@noinline_xattr}, {@nobarrier}, {@lfs_mode}, {@nodiscard}]}, 0x21, 0x553d, &(0x7f0000005800)="$eJzs3EtvG1UUAODjpGnpgxIhFuw6qEJKpNqq04dgV6AVz1ZVgQUrcGzXcmt7oth1QlYsWCIW/BMEEiuW/AYWrNkhFiB2SCDPHRdaqFQUJybN90njM/fOnTP3jpJIZyZyAIfWcvbbL5U4HccjYjEiTkUU+5VyK1xJ4fmIOBMRC3/bKmX//Y6jEXEiIk5PkqeclfLQF+fGZy/9/Nav335/7MjJL7/5YX6rBubtxYjob6T9rX6KeSfFO2V/Y9wtYv/iuIzpQP9u2c5T3GqvFxm2GtNxjSJe6KTx+ca94STe7jWak9jp3i76NwbpgsNxZ5qnOOFOY7Not9rrRewO8yJ2dtK8tnfS37ad4SjlaZX5Pi7Sx2g0jam/vd1O69m4W8TmYFT2p7x5q709ieMylpeLZt5rFfNY382d/l974Z3u4N52Nm5vDrv5ILtUq79Uq1+u1jfzVnvUvlht9FuXL2Yrnd5kWHXUbvSvdPK802vXmnl/NVvpNJvVej1budpe7zYGWb1eu1A7X720Wu6dy16/8X7Wa2Urk/hqd3Bv1O0Ns9v5ZpbOWM3WahdeXs3O1rN3r9/Mbt66du36zfc+vPrBjVeuv/laOegf08pW1s6vrVXr56tr9dXd3YADtf5Py0nPcP2wK5V5TwDg4FH/A/Owd/X/5q2I/1r/H5vmeez6P9T/M3Gg6t/DXv/vwfphV9T/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH1o9LX71R7Cyn9smy/+my69myXYmIhYj4418sxtEHci6WeZYeMX7poTl8V4kiw+Qax8rtRERcKbffn9nruwAAAABPrq8/OfN5qtbTx/K8J8R+Sg9tFk59NKN8lYhYWv5pRtkWJh/PzShZ8fN9JLZnlK14gPXUjJKlR25HZpXtsRS/7m+ncH8lRaiksPDwGTNbLQAAMDeLD4T9rUIAAADYT5898sjdfZ0H+6wS01eZ03fBxX/e//Wy73hqe/UHAAAAB1dl3hMAAAAA9lxR//v+PwAAAHiype//AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPiTnfvJVRqI4wD+a0sF/0Vi3HsVd3AMj+DSpeEAXoIj4BW8AGfAnUcw1NApRoi+96BTmvfy+STtME35dgbYzAwZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACG9KPeLL99ef+1rTTV1Tn7pp+MXQIAAADO7OrNsn0xT/WX3fXX3aW3Xb2IiDIi/jV2r+LZSWbV5dT/ub8+a8P3iDbh8Ixpd7yIiA/paOLN0J8CAAAAPEmTw2m7Wi/SaD2d5mO3it4u+A7TpE356mOmRxcRUc9/ZkorD3nvMoW1v+9JfM6U1k5gzTKFpSm3Sa60B0n/8znO2s3+KopUlHe/P1vfAQCAG6pOituOQgAAALilT2M3gCE8v/eOIo5LmX+WAqepmJ1EWOwDAACAx6sYuwEAAADA4Nrx/yX7/8U4+//FL/v/AQAAwNXS/n8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMaVdvltvVetE3Z9/0k6c3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC/2Z93FAiBMAiDves7k7n/YaVBU1OTKhA+/sZgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN787i//J6bGmWTutbH0PJKsnRpbp8beuXH0h/H1awAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBif15SIASCIArmjP+d9P0PKwl6BhEioOFRRS0aAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAL/rdL/8npsaZZO60sXQ8kqxdNbauGnsPGkcPxtu/AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBi5/5946biAIA/2+frD0AcAd0QhEBigIVer6WlG2IARQz8CUhRei2hV360GWhVIWVhQ5m7IBgRQgKFrf8AUzekVupStg43FImF5ZB9ds5pInEhin1NPh/p+X3Pcfy+z5aifP2cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACl0XvTOMk2nUkcF/vuPb61kvX3n+gzdzYeLGYti6M6k346vFL9EHWbSwQAAICjIynr+xDCw3RzKevjTl7/p+UxWc3//XOTuKznn6z7y76s/bP226+PXtoaqDMZJzvppdXh4PTOVFoHN8v59vx/HtHKr3z+7CXJb0j84fqLozS/ntG3d+++387DY3VkCwD8H6fKvgjK34eyvt9kYgAcGa1K4V3W/0mn2ZwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6jBaD8+UcRRCWGxN48z9x7dWduvvbDxYLNv527c3qufMTpGGEC6tDgena5zLvLt+4+aV5eFwcK3+4NUQQlOjv1tM/8rHMxwcQiPX56CCf8bj8Z6+63jzOe8riIubPcPB7XnJufmgwR9KAAAcSmnRsrr+Ybq5lO2LFkIY/7C9/n+jEocZ6/9Hn5y/Vx2rWv/3a5vh/OutXf2id/3GzbdWry5fHlwefPb2mf47/bMXzp270MuflfQ8MQEAAGB/2kWr1v/xws71/5OVOMxY/3/5Xf/r6Uh/5Fv1/07TRb+mMwEAADjaXnjt77+iXfZH7Xb4anlt7Vp/st36fGaybSDVPTtWtGr9nyw0nRUAAABQh9F6tG39/2IlDjOu/z/748s/V8+ZhBBOFOv/p1Y+H16sbzpzrY4/J256jgAAADTrRNGq6/9p/v5/vPXKQxxCePP1SVz8G8CZ6v/kg29+qo6VVN7/P1vfFOdS3J1cj7zvhtDqbvvy740lBgAAwKF0vGhZsf9nurn06S8nP2p7/x8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgbv8GAAD//62JQyA=") 4.227076912s ago: executing program 3 (id=1465): r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000001009058b1e20"], 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000300)={0x84, &(0x7f0000000100)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$FS_IOC_GETVERSION(r1, 0x40015b19, &(0x7f0000001180)) 4.131752355s ago: executing program 7 (id=1468): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000004300), 0x1, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_GET_DEBUGREGS(r2, 0x8080aea1, &(0x7f0000000480)) 3.780798952s ago: executing program 7 (id=1474): r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/sctp\x00') fcntl$notify(r0, 0x402, 0x8000001c) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/dev_snmp6\x00') getdents(r1, &(0x7f0000000f40)=""/243, 0xf3) 3.585160727s ago: executing program 7 (id=1478): r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)={{0x1, 0x1, 0xff}}) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) close(0x3) 3.31551705s ago: executing program 7 (id=1480): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000090024206d041cc340000000000109022400010000a00009040000010301010009210008000122010009058103"], 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000740)={0x24, &(0x7f0000000180)={0x0, 0x1, 0xe, {0xe, 0xf, "c4ebb5fa819041b31285b54c"}}, 0x0, 0x0, &(0x7f0000000700)={0x0, 0x21, 0x9, {0x9, 0x21, 0x2, 0x0, 0x1, {0x22, 0x36}}}}, &(0x7f0000000a40)={0x2c, &(0x7f0000000780)={0x20, 0x30, 0x93, "7955437f495d0db8189c3db688dedc0fd431f7fcec927c2adb1ea7faf400a73427d77f0b25d41d9bc1fa7806458882a39c143653227c5bfdddb593218d00196b3984df7d787d85b6d044775a5fd23ae25edeac684bc738586b491dd6091f61b76756869bbe22285f9d13067f8ac3a6028daf6d06f33e20fb6d8e92931e6ffb15c2f0a6c0567bc8cbf6b3020f213c0ab4612394"}, 0x0, 0x0, 0x0, 0x0}) 2.170115435s ago: executing program 1 (id=1494): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) listen(r0, 0x6) r1 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000280)="89000000120081ae08060cdc030ec0007f03e3f70003000000e2ffca1b1f0000000004c00e72f750375ed08a56331dbf9ed7815e381ad6e747033a0093b837dc6cc01e32efaec8c7a6ec08120800030006010000bdad446b9bbc7a46e3988285dcdf12f21308f868fece01955fed0009d78f0a947ee2b49e33538afa8af92347514f0b56a20ff27fff", 0x89}], 0x1}, 0x24000810) 2.120332057s ago: executing program 3 (id=1495): r0 = socket(0xa, 0x3, 0xff) setsockopt$inet6_int(r0, 0x29, 0x5, &(0x7f0000000040)=0xfffffff9, 0x4) syz_emit_ethernet(0x4e, &(0x7f00000001c0)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa3986dd6c370c8900182c01fe800000000000000000000000000025fe8000000000000000000000000000aaff"], 0x0) recvmmsg(r0, &(0x7f0000003a00)=[{{0x0, 0x0, 0x0}, 0x2003}], 0x1, 0x40010002, 0x0) 1.987272463s ago: executing program 3 (id=1497): r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0) syz_usb_disconnect(r0) syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f00000006c0)={{0x12, 0x1, 0x201, 0x2, 0x0, 0x0, 0x10, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x78, 0x20, 0x2, "", {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x400, 0x0, 0x0, 0xde}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x8}}}}}}}]}}, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x0}) ioctl$EVIOCRMFF(r0, 0x4004550f, 0x0) 1.986705853s ago: executing program 1 (id=1498): syz_mount_image$reiserfs(&(0x7f0000000140), &(0x7f0000001140)='./file6\x00', 0x98, &(0x7f0000000280), 0x1, 0x10ef, &(0x7f00000022c0)="$eJzs2DGLE0EYBuB3dg/kqshcvx5oYSHHHfEPXKGQxsLaLljZmUrJz/HnyFX2R3pTBOyVTQwJEhDJYuB4Hlh252Vmvp1yvgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDvLPlekosmqdusSVKSrrubLJJ02/zx17ZJydv3k9mrj+PXs8209FmT0q9aj+vN01rHdVxv6suL22d19unzh3avZEmX+9V8ev5mOehR+trtoDsCAADAw/DzaKMT1wcAAAD+ZrBGAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAA6vajSVKSrrubLJJ0p/0tAAAA4EglTd6NDuWbNsDOi3wblZRHu+RH6edc58uB9QAAAMC/KXv38ec5z5O9/DJnubrajH+/srxN2iTXf+xzv5pP18/lfFr+5wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgF/swLEAAAAAgDB/6zQ6NgAAAAAAAAAAAAAAAGCqAAAA//9TGNII") openat(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x103a42, 0x100) truncate(&(0x7f0000000080)='./file0\x00', 0x3a6800) symlink(&(0x7f000000a900)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000cc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') 1.791189738s ago: executing program 6 (id=1500): syz_mount_image$ext4(&(0x7f00000001c0)='ext4\x00', &(0x7f0000000340)='./file1\x00', 0x210000, &(0x7f0000002f40)={[{@nodelalloc}, {@dioread_lock}, {@barrier_val={'barrier', 0x3d, 0x4}}, {@nolazytime}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@lazytime}, {@errors_remount}, {@stripe={'stripe', 0x3d, 0x5}}, {@bh}, {@init_itable}]}, 0xfc, 0x56f, &(0x7f0000003780)="$eJzs3d9rW1UcAPDvTdPup66DMdQHGezByVy6tv6YIDgfRYcDfZ+hzcpouowmHWsduD24F19kCCIOxD/Adx+H/4B/xUAHQ0bRBxEiN73psjZp2i4z2fL5wG3Pyb23535z7vf2nNyEBDC0jqU/chEvR8Q3ScShlnX5yFYeW9tu9eH1mXRJol7/9M8kkuyx5vZJ9vtAVnkpIn79KuJkbnO71eWV+WK5XFrM6hO1hSsT1eWVU5cWinOludLlqenpM29NT737zts9i/X1839//8ndD898fXz1u5/vH76dxNk4mK1rjeMJ3GitHCv+m5VG4+yGDSd70NggSfp9AOzKSJbno5FeAw7FSJb1wPPvy4ioA0Mqkf8wpJrjgObcvkfz4GfGgw/WJkCN2Mda48+vvTYSextzo/2ryWMzo3S+O96D9tM2fvnjzu10ia1fh9jXpQ6wIzduRsTpfH7z9T/Jrn+7d7rx4vHWNrYxbP9/oJ/upuOfN9qN/3Lr459oM/450CZ3d6N7/ufu96CZjtLx33ttx7/rl67xkaz2QmPMN5pcvFQunY6IFyPiRNS73vo4s3qv3mld6/gvXdL2m2PB7Dju5/c8vs9ssVaMiLFdhvyYBzcjXsm3iz9Z7/+kTf+nz8f5bbZxtHTn1U7rusf/dNV/initbf8/6tZk6/uTE43zYaJ5Vmz2162jv3Vqv9/xp/2/f+v4x5PW+7XVnbfx495/Sp3W7fb8H0s+a5SbSXCtWKstTkaMJR9vfnzq0b7NenP7NP4Tx7e+/rU7/9PJ1+fbjP/WkVsdNx2E/p/dUf/vvHDvoy9+6NT+9vr/zUbpRPZIdv1rLztXtnuAT/r8AQAAAAAAwCDJRcTBSHKF9XIuVyisvb/jSOzPlSvV2smLlaXLs9H4rOx4jOaad7oPtbwfYjJ7P2yzPrWhPh0RhyPi25F9jXphplKe7XfwAAAAAAAAAAAAAAAAAAAAMCAOdPj8f+r3kX4fHfDUNb7YYE+/jwLoh65f+d+Lb3oCBlLX/AeeW/Ifhpf8h+El/2F4yX8YXvIfhpf8h+El/wEAAAAAAAAAAAAAAAAAAAAAAAAAAKCnzp87ly711YfXZ9L67NXlpfnK1VOzpep8YWFppjBTWbxSmKtU5sqlwkxlodvfK1cqVyanYunaRK1UrU1Ul1cuLFSWLtcuXFoozpUulEb/l6gAAAAAAAAAAAAAAAAAAADg2VJdXpkvlsulRYWOhfdjIA7jaQa4Zle75wclCoUOhZtZ9+5srz5elAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgg/8CAAD//4yLMZo=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0) ioctl$FS_IOC_READ_VERITY_METADATA(r0, 0xc0286687, 0x0) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x4fed0) 1.455779829s ago: executing program 6 (id=1502): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x4, 0x6, 0xb}, 0x50) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000b80)={{r0}, &(0x7f0000000b00), &(0x7f0000000b40)='%-010d \x00'}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000f4751f2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b703000000000000850000000400000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000380)={r1}, 0xc) 1.286054928s ago: executing program 6 (id=1504): syz_mount_image$msdos(&(0x7f00000002c0), &(0x7f0000000300)='./file0\x00', 0x2204080, &(0x7f0000000040)=ANY=[@ANYBLOB="6e6f646f74732c73686f77657865632c6e6f646f74732c6e66733d6e6f7374616c655f726f2c0030a66d3a1127e03fc4ec7721f7c77d616ce2d9a9b0ef6cf77d486df06aac6920f6f13474bc77836cb851c86e0cc5dc8611db21e0dafe4caa2c5b34"], 0x1, 0x28d, &(0x7f0000000640)="$eJzs3b9qFF0cBuCTTUI+8pGQStDGg1Y2Q5LaIkESCC4omhVUECZkosuOu2Fni51gEWsbwdI7EEs7QbyB3IVdmpAqlRGd/DEBq5DdIs/TzMu8c+D8GDhTzu7d969bG0WykfZCbWEk1BZCqB2MhJlQC8e2w50Pbz++e/z02f3Fen3pUYzLi6tz8zHG6Zvfnr/5fOt77/8nX6a/ToSdmRe7e/M/dq7tXN/9ufqqWcRmEdudXkzjWqfTS9fyLK43i1YS48M8S4ssNttF1j3Tb+Sdzc0ypu31qcnNblYUMW2XsZWVsdeJvW4Z05dpsx2TJIlTk4GLaHw6ODwMe4eVYe+GwfP+r7a/DvX/Qtjf7jf6jepa9csr9aXZ+Mf46ar9fr8xetLPVX0824+HyaN+/nx//Gm5XfW/u3sP6ufWT4T1S54dAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAqyuJJ2ZO7+73+43Rqk/+1VdpeaW+NHv0wNl+LNwYG9gYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHAhRbnVSvM86wqCIJyEYZ9MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMHinP/0e9k4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYpqLcaqV5nnUvMQx7RgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4qF8BAAD//3nQbMU=") bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x14, '\x00', 0x0, @xdp, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x9e) r0 = open(&(0x7f00000001c0)='./file1\x00', 0x4000, 0xd7) preadv2(r0, &(0x7f00000000c0)=[{&(0x7f0000001200)=""/4096, 0x1000}], 0x2, 0x0, 0x0, 0x0) 1.164117157s ago: executing program 1 (id=1505): bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000500)=@bpf_lsm={0xd, 0x0, 0x0, 0x0, 0x2}, 0x94) r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x2002) readv(r0, &(0x7f0000000300)=[{&(0x7f00000000c0)=""/133, 0x18}, {&(0x7f0000000940)=""/114}], 0x44) write$evdev(r0, &(0x7f0000000040)=[{{}, 0x0, 0x2}], 0x37) 994.769107ms ago: executing program 5 (id=1507): sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x2, 0x9, 0x1, 0x6, 0x2, 0x0, 0x70bd29, 0x25dfdbfc}, 0x10}}, 0x40) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f00000000c0)) ioctl$PPPIOCSMRRU(r0, 0x4010744d, &(0x7f0000000080)=0xc) 821.251595ms ago: executing program 6 (id=1508): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x24, &(0x7f0000000080)=0x1, 0x4) shutdown(r0, 0x0) recvmmsg(r0, &(0x7f0000000040), 0x4e, 0x14322, 0x0) 712.824757ms ago: executing program 6 (id=1509): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000240), 0x4000000044402, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x200000e, 0x13, r0, 0x0) io_setup(0x5, &(0x7f00000000c0)=0x0) io_submit(r1, 0x2, &(0x7f0000000140)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x8, r0, &(0x7f0000000040)="1e", 0x1, 0x4b}, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x8, 0x3eb, r0, 0x0, 0x0, 0x9, 0x0, 0x2}]) 712.348826ms ago: executing program 5 (id=1510): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000680)=ANY=[@ANYBLOB="2c00000011000500000000000003000007000000", @ANYRES32=r2, @ANYBLOB="01000000000000000c001a800800048004"], 0x2c}, 0x1, 0x0, 0x0, 0x1}, 0x0) 645.107604ms ago: executing program 1 (id=1511): syz_mount_image$minix(&(0x7f00000000c0), &(0x7f0000000000)='./file0\x00', 0x800000, &(0x7f0000000040)=ANY=[], 0xa, 0x238, &(0x7f0000000100)="$eJzs2z1rFEEcx/Hfzj1tTpOIUQtRCIjRxpwPlYWIXaq8gVQhOTW4YjQKJgjmGrUQUtnZWAmChaVI7MTKF2Ah2CnBFAdWFlnZdR9yt3e5B+5u5fL9FGF2fjM7s0v27h8uJwD7lqVJWbKU9w5O2Ic2Jqy0twRgQFzvh5F2sm7MhCGA4XZzNO0dAEjH9jXp5WnpV/XRgjL5sCzwKoBvW5I2p55qXUFuCpJef5GyUf2wXZGOZ4PcsjVSX1+8ks6E861ibfjQlipSMcoP7ApHpIrrn//sqXD9gxrVmMZzXn5YE8H6i9H8Yy3rnWxXVRIAAMPF0nSrfM8BRteXnPL5pnnOzy80zfN+frFFfik6LkStuRezDz64V3a8fHrhjrO41zYBNGC6eP6/nozbmRbPf75Jf/3fCQAGb2V17da847iPJb9Rvhf0BI3w+Y17MokxPWmEnzm0MTj8hDIReefY1ZNJTt+YSl57767CxBsbl+RFpl9r/Y8NNYi+z/y7AVGP6e/d8E7/88+T5efv3rcz622HS5jot25us1ytGyMj9fH2TiaegnnHbm+6tV5wO1y04ctF/M8Bdi9fhQCkoXT/9nJpZXXt3FJG0o1yLnzDn/mx5Vf2pZr6PpfeTgH0Wvym3yitJHrc2sPZT59/Vy+/edbFylclfSx2MREAAAAAAAAAAAAAANQ5oqNpbwEAAADAgCS//XN3rIOvJVnZNganfY0AAAAAAAAAAAAAAAAAAAybvwEAAP//BkMBsw==") syz_mount_image$msdos(&(0x7f0000000f40), &(0x7f0000000f00)='.\x00', 0x1a5a438, &(0x7f0000002dc0)=ANY=[], 0xb, 0x0, &(0x7f0000000000)) mkdirat(0xffffffffffffff9c, &(0x7f0000000540)='./file7\x00', 0x1c0) syz_mount_image$romfs(&(0x7f0000000040), &(0x7f0000000b40)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x4, &(0x7f0000005c00)=ANY=[@ANYBLOB="00f3000000be5500200800000000c19e57fc847c52a19b0b247df0690ca7d757194d0335d8e8a065e069e1294e9f28bcee7085d4988309e751e0eec20f77d6c68ae8"], 0x1, 0x14a, &(0x7f0000000080)="$eJzs2j9Lw0AYBvBXEJSOjk6FShQ0/7WuOoqbu0OouTR4MSURpP0C4iQonINfQvAT+Akko5suRfwSkWsPTaNCFk2E57f0gbe93r0HN716Ekc2S3WijcHVwXgpiaN2193uMZt5NLVHRG0Zsjy/MeiL5496lpPxzRfqtfI2/eysBWL/goXcd+reEgAAAAAAAAAAAAAAAAAAAAAAVKS1VGj1RXTOQu7bhWo6HB17nPtJSrRY0w7rpbXVDBcxwW9lf9yZVqzLvCNTKHYTWbdmf3+twmpf8Jdyf83TaGCmw5EeRl7gB/6J47hda9OythxzspZZXlG7U3uiLL+3CuNkxuOhK+uFebOnKvNm6v7nl0NxeVb+t8/7R2hCmKPfWfm1KQdE+Ceh+gvacJP3b0xEC27nQb5/Ri/mR6r4F+2s9/gA8JP3AAAA///ltzsl") 589.809204ms ago: executing program 5 (id=1512): r0 = syz_io_uring_setup(0xfdb, &(0x7f0000000400)={0x0, 0x879, 0x1, 0x44000001, 0x1a2}, &(0x7f00000000c0)=0x0, &(0x7f0000000280)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1b, 0x0, 0x10f0, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_WRITE_FIXED={0x5, 0x0, 0x0, @fd_index=0x9, 0x0, 0x6, 0x6, 0x1, 0x1, {0x2}}) io_uring_enter(r0, 0x47bc, 0x0, 0x0, 0x0, 0x0) 544.436446ms ago: executing program 6 (id=1513): syz_mount_image$ext4(&(0x7f0000000900)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x1000040, &(0x7f0000000240)={[{@nouid32}, {@nodioread_nolock}, {@noquota}, {@jqfmt_vfsv1}, {@journal_dev={'journal_dev', 0x3d, 0x9}}, {@commit}]}, 0x1, 0x5a3, &(0x7f00000002c0)="$eJzs3T1sG3UbAPDnznHTj7xv+krvK72gDhUgFamqk/QDClO7IipV6oDEApHjRlWcuIodaKJIpHuF6IAAdSkbDIwgBgbEwsjKwseMVNEIpKYDGDk+p2nqFCfEMcS/n3TJ/3939vP8fX7OvtOdHEDfOtr4k0Y8EREXk4jhdcsGIlt4tLneyvJi8f7yYjGJev3Sz0kkEXFvebHYWj/J/h+KiKWI+H9EfJWPOJ6uPeW+VqM6vzA1Xi6XZrP+SG366kh1fuHElenxydJkaebU8y+cOXv6zNjJsfXp3q+v7+W3NtYb3998+8Y3L92++fEnR5aK744ncS6GsmXrx7GTmq9JPs5tmH+6G8F6KOl1AmxLLqvzRin9L4Yjl1V9O/X1O4fBXUkP6KL6YER9zbom0AcSRQ99qvU9oHH825p28/vHnfPNA5BG3JXlxeJb0Yo/0Dw3EftXj00O/pI8dGTSON48vJuJsictXY+I0YGBR9//Sfb+277RnUiQrvryfHNDPbr907X9T7TZ/wy1zp3+Ra3930q2/1tpEz+3yf7vYocxfnv1xw82jX99MJ5sGz9Zi5+0iZ9GxOsdxr/1yudnN1tW/zDiWLSP35I8/vzwyOUr5dJo82/bGF8cO/Li5uOPOLhJ/OY52/2riawf/74sp7TD8X/29adPLT0m/rNPP377t3v9D0TEOx3G/8+9j17ebNmd68ndxreArW7/JPJxu8P4z507+l3WdNYQAAAAAAAAAAB2ULp6LVuSFtbaaVooNO/h/W8cTMuVau345crczETzmrfDkU9bV1oNN/tJoz+WXY/b6p/c0D+VywLmDqz2C8VKeaLHYwcAAAAAAAAAAAAAAAAAAIC/i0Mb7v//Nbd6///Gn6sG9qrNf/Ib2OvUP/Svh+s/6VkewO7z+Q99q67+oX+pf+hf6h/6l/qH/tW2/g/sfh7A7vP5D/1L/QMAAAAAAAAAAAAAAAAAAAAAAAAAQFdcvHChMdXvLy8WG/2Jgfm5qcobJyZK1anC9FyxUKzMXi1MViqT5VKhWJn+s+dLKpWrozEzd22kVqrWRqrzC69NV+ZmWr8pWsp3fUQAAAAAAAAAAAAAAAAAAADwzzO0OiVpISLf7KdpoRDxr4g4nERy+Uq5NBoR/46Ib3P5wUZ/rNdJAwAAAAAAAAAAAAAAAAAAwB5TnV+YGi+XS7PdawxkoTp71A+1ruYzsJWVI2JpZ9NoPOOWH5XPXsDubqY+aeQ6fB/2faOHOyUAAAAAAAAAAAAAAAAAAOhTD2767fQRv3c3IQAAAAAAAAAAAAAAAAAAAOhL6U9JRDSmY8PPDG1cui9Zya3+j4g3b11679p4rTY71ph/d21+7f1s/sle5A90qlWnaUQ06hgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4oDq/MDVeLpdmt9kY7GCdXo8RAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYDv+CAAA//9bQM66") r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file2\x00', 0x143042, 0x80) pwritev2(r0, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfe}], 0x1, 0x5405, 0x0, 0x0) sendfile(r0, r0, 0x0, 0x7a680000) 468.917193ms ago: executing program 5 (id=1514): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000140)={0x1, 0x6}, 0x4) setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f0000000100)={0x3, &(0x7f0000000180)=[{0x28, 0x0, 0xd, 0xfffff034}, {0x50, 0xfd, 0x5, 0xfffffffd}, {0x6, 0x0, 0x2, 0xffffffff}]}, 0x10) syz_emit_ethernet(0x1e, &(0x7f0000000fc0)={@broadcast, @local, @val={@val={0x88a8, 0x0, 0x0, 0x3}, {0x8100, 0x3, 0x0, 0x2}}, {@llc_tr={0x11, {@snap={0x7b829af396dd3265, 0x54, "02", "948f88", 0x88a8}}}}}, 0x0) 366.941305ms ago: executing program 1 (id=1515): sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) syz_emit_ethernet(0x6e, &(0x7f0000000040)={@multicast, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "02adf7", 0x38, 0x3a, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}, @mcast2, {[@dstopts={0x3c}], @time_exceed={0x2, 0x0, 0x0, 0x0, '\x00', {0x0, 0x6, "fd9063", 0x0, 0x3a, 0x0, @loopback, @loopback={0x0, 0xffffac1414aa}}}}}}}}, 0x0) 366.335204ms ago: executing program 5 (id=1516): r0 = socket(0x2, 0x80805, 0x0) sendmmsg$inet(r0, &(0x7f0000003780)=[{{&(0x7f0000000300)={0x2, 0x4e23, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000001740)=[{&(0x7f00000006c0)='\f', 0x1}], 0x1}}, {{&(0x7f0000000540)={0x2, 0x4e23, @private=0xa010101}, 0x10, &(0x7f0000001c80)=[{&(0x7f0000001780)='\"', 0x1}], 0x1}}], 0x2, 0x4004800) getsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0xc, &(0x7f0000000100)=@assoc_value={0x0}, &(0x7f0000000000)=0x8) setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f0000000080)=@assoc_value={r1, 0x4}, 0x8) 200.019155ms ago: executing program 7 (id=1517): madvise(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x15) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4000880) writev(r0, &(0x7f0000000080)=[{&(0x7f0000000000)="ebfa0e81ceb3dc4c43c215dc4dade38ff8c84ace9d15af003afa41ae5fbebe5b175c12cf29c48c2d4b61ce76443645c1dc73113beeb9b5a73cd0415b0437839aa6c68111a4582c3a6a3bb8f9e0c37b9b3f3b63", 0x53}], 0x1) 191.443074ms ago: executing program 5 (id=1518): syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000340)='./bus\x00', 0x0, &(0x7f0000000a00)=ANY=[@ANYBLOB="6e6f6e756d7461696c2c6e66732c73686f72746e616d653d6c6f7765722c757466383d312c64656275672c696f636861727365743d757466382c73686f72746e616d653d6d697865642c757466383d312c004845160000000000", @ANYRESOCT=0x0, @ANYBLOB="8d127aa1d1c885a53d723712bdbaf59f77716a620a92fc6af42aea684fc1b04206710d7591cae5e6e5e6aa6a8047b986e34072c01890254bd0f0d27d9bd161bc457efccb6da522cf3c2210dacbcad1c8523ebde1f4", @ANYRESHEX, @ANYBLOB="9cf9ad258963981511d9de699a75f5d71cb604eabc48fd892b4dc3737520bd5bda32268404ab99a848bf77fb6a5725f795bbb1f2dfdf284e7f82f6668ecefa6a85a7cc434bd34e91014dabf203309be1bf6999d8f59d0dd567ecf9a87c680dd467a682cb262e4d90b57237e3cdf84c85df4749a4ef6a67dc6556b6ff4ae8f5026f865e4075efa250a02a670d48851a6cf97522e52300c7ef213ef50de6979ee12e2ecb9f5068e3e68e8d06c5ad68570a9e9e1fec5bcfedf4b7f56b0fa96f8b4cdb9f5178efb59d90367e10da96bd6b57ac82f23fd4d18692fe381bc4f2cc390a5056cccee185b77089246101c0647c3486055342dd36"], 0x1, 0x2d2, &(0x7f0000000dc0)="$eJzs3U9LG3kcx/HPGtfEiCYLy8Iu7O6P3cvuJWj2AeyGRWHZQIs10vZQGOukDZkmMhMsKaXmUnrt45Aeeyu0fQJeSi+99dCbFAq9eCid4kyiE80/W2Osvl8g8818fx/np4nyTcC4ffnhrXLRyxStmsYSRmNSQztSerdq+qZ5HAvqCUU19OfU+1c/X7py9f9cPj+/aMxCbumvrDFm5tent+8++u15bWr58cyTuLbS17bfZd9sTWz9uP1x6WbJMyXPVKo1Y5mVarVmrTi2WS155YwxFx3b8mxTqni229YvOtW1tbqxKqvTyTXX9jxjVeqmbNdNrWpqbt1YN6xSxWQyGTOd1Pk2PsCawubiopXr2vZjx7ojDN1kp5Oum2t0bhY2T2BPAADglOk9/4ezfvf5P78cHnvM/wlJbfP/D/3nf4n5f0gabbf6zP84E1w3ZyWbP7/tmP8BAAAAAAAAAAAAAAAAAAAAAPga7Ph+yvf91O6xeSq4HZeUkOQ3+yPeJoYkev/7kY8+9//fI9oujlnkD/cSkvNgvbBeCI9hP1dUSY5szSqlD8HjoSmsF/7Lz8+aQFrPnI1mfmO9EFO8lW9Jd8r/8t1cmDft+W+VjF4/q5S+73z9bMf8hP74PZLPKKUX11WVo9Xgcb2fvzdnzL8X8gfyk8E6AAAAAADOgozZc+j5e9APFiR0uB/mI68P+L6/0ev1gQPPr8f10yBvUQkAAAAAAL6YV79TthzHdrsVie6tuKR+8bZi7x8QHCk1eOH70nA+81GKmEZ59W7FP5JOwTZOqkhICs+Yz4m/3YsPlPIHWDMuaeTflo7F646t0f5eAgAAAHD89of+I4Re3h/ijgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOH8Gfauw1vpDrVajRzxyudiJf4EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAKfIpAAD//3CBFzw=") mkdir(&(0x7f00000000c0)='./bus\x00', 0x0) syz_mount_image$vfat(&(0x7f00000002c0), &(0x7f0000000200)='./file0/file0\x00', 0x812488, 0x0, 0xff, 0x0, &(0x7f00000007c0)) rename(&(0x7f0000000440)='./bus\x00', &(0x7f0000000240)='./file0/file0\x00') 147.153455ms ago: executing program 7 (id=1519): syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000100)='./file1\x00', 0x8c0, &(0x7f00000002c0)=ANY=[@ANYBLOB='acl,heartbeat=none,dir_resv_level=00000000000000000003,resv_level=000000006,coherency=full,localflocks,coherency=full,noacl,\x00'/136], 0x1, 0x4435, &(0x7f000000cd80)="$eJzs3c9PVNcCB/BzL6jgUx/4XPiSl7xJnsl7eW0IuGqLSRFRBKU2tpqmm3GAUWkHxsDQdOGC7ky6atJF04Vpk+5YGRbd2j+hmy7t2qRddNOkiSnNzNwB7mUmjJSBaj6fRC73/Lpn+M69c+5ivHGicnduKTe3lCss5Mozt5fO5j4ql5bniyHeJwd9fNrTLKfDoW4vx5T9/rh24dI7N8+G8N3sD0/X19fXa0F2h6aGtvz+6y/3Z7ZuG+JMn+q4zUfbK++HEE5tm1dVVwjhvW9DiEII55Oy0WTbG0I4Eep1N+9/eivX4jU/r0dPiufyz6YerA2fmVx9uNb6tUchfFn656t35n/6T9fwj//fm6MDAAAAAAAAAAAAAAAAAPCiG79+7cbbg0PhcRS6V6Pt39cdT7a5Fv3X98y/O/9iAQAAAAAAAAAAAAAAAAAA4C9q8/v/uehkk+//jyXbkRb919/s/BzpnIm3ro1dHBxKnv8ebat/LSn6+XxX6G/y3Pfs89/PZ/o3f/779uPsVmN+jeP2hSgeSO3H8cBACF8nD34/HR2NS+Wlyiu3y8sLs3s2jRdWOv/60/tT6SQP9G83/9HM+J1//v8/tr2bqvu39u4t9lJL59/Vst03n0Rt5X8h028/8mf30vl318p6tzYYqV8Aqvl/1r1z/mOZ8TuV/4kQQi6qzjWXugJU1zDV8lbrFdLS+R+qlaUunckfstX5/1sm/4uZ8Q/q+r+S/SCiqXT+h2tlPakWm+d/f7zz+X8pM/5B5F+d/4rP/7ak8z9SL+xONan9Jdu9/o9nxu9U/jfiZJ4notQ7YDWql7f6/+pIS+ffs61+8/4vbmv9dznTf7/u/xrHbdz/NS7//4vq9380l86/t2W7ds//iUy/Tl//R2rrP3Yrnf/RWll67dxX+9lu/pOZ8f9U/odaV9VWJT2N/DevJ78fqZd/Zf3XlnT+f6sXxltbrNR+1tZ/0c7r/yuZ8Q9i/Ved/0rc2aO+LNL5H2vZrpr/9218/l/N9Ot8/iEMWuvvWjr/4y3b1c7/np3zn8r063T+/+3k4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvgNFk2xeieCC1H8cDAyFcSPZPh6PRdGE2P10qz3y4FMJYUp4LJ6M7pfJ0oZSfWyjPFvOFUqk8E8LFpP5U6ImWSuVKfr5w79LGWL3R3WJhsTJdLFRCCONJ+b/C8cZY03OV+cK9EMLljbq/x+XFe3cLC/nZucU3BgcHB8PExhz6o+LHleJCpX70em0Ikxt9+6Itk6tVX9mYy7Hog/Ly4kKhVCu/uqVPqTxTKG3pM5XUfR76o8ri8sJMoVLMl8p3Gsc7SCPJdmzi+rvXrw5tq78V1bej+zstAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJ7T4+HXvwghdNf34hBCLkp+iZJ/KY+eFM/ln009WBs+M7n6cO1pszYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPzBDhwIAAAAAAD5vzZCVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVFXbp2KZhIAoD8LujgJIxqCy7ozUCISgwQmICGINhYBSWYAeKFGlTJFFiW7IsR3GTVN/XPMm/fPek+wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA5nt8a95fyyoixdX6MuL38+9/mD938/tu+v+LM+zI6Ty9NPcPZdW9e9p92gzz29TORZ336Wr59RETs/cz6sm4T610dK9DfRvr9+vvvY6Ui4iou/wm5VwU884CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANiyAwcCAAAAAED+r41QVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVhR04FgAAAAAQ5m8dRd8GAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADArwAAAP//xu4fEQ==") sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7fff) r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='.\x00', 0x0, 0x0) ioctl$EXT4_IOC_GET_ES_CACHE(r0, 0xc020660b, &(0x7f0000000a00)={0x4, 0x110000002000003, 0x3, 0xfffffffe}) 0s ago: executing program 1 (id=1520): read$FUSE(0xffffffffffffffff, &(0x7f0000001b40)={0x2020}, 0x205c) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000040)={0x3, &(0x7f0000000140)=[{0x20, 0x0, 0xb, 0xfffff034}, {0x20, 0x81, 0x0, 0xfffff024}, {0x6, 0x0, 0x0, 0x2000000}]}, 0x10) sendmmsg(r0, &(0x7f0000001c00), 0x400000000000159, 0x40840) kernel console output (not intermixed with test programs): 23174][ T5906] NILFS error (device loop5): nilfs_check_page: bad entry in directory #2: unaligned directory entry - offset=0, inode=18446736377128157191, rec_len=65535, name_len=255 [ 132.423560][ T5917] loop3: detected capacity change from 0 to 1024 [ 132.436643][ T5920] loop1: detected capacity change from 0 to 256 [ 132.444761][ T5920] exfat: Deprecated parameter 'namecase' [ 132.480012][ T5917] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (29950!=20869) [ 132.480296][ T5917] EXT4-fs (loop3): invalid journal inode [ 132.480358][ T5917] EXT4-fs (loop3): can't get journal size [ 132.482173][ T5920] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d) [ 132.511590][ T5917] EXT4-fs error (device loop3): ext4_protect_reserved_inode:182: inode #2: comm syz.3.505: blocks 48-48 from inode overlap system zone [ 132.513570][ T5917] EXT4-fs (loop3): failed to initialize system zone (-117) [ 132.513676][ T5917] EXT4-fs (loop3): mount failed [ 132.567690][ T5917] netlink: 216 bytes leftover after parsing attributes in process `syz.3.505'. [ 132.567754][ T5917] netlink: 24 bytes leftover after parsing attributes in process `syz.3.505'. [ 132.567772][ T5917] netlink: 16 bytes leftover after parsing attributes in process `syz.3.505'. [ 132.801551][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.801647][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.186530][ T5950] loop0: detected capacity change from 0 to 128 [ 133.309507][ T5950] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 133.403753][ T5950] ext4 filesystem being mounted at /121/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 133.592525][ T5962] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 133.600226][ T5962] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 133.892937][ T5974] loop0: detected capacity change from 0 to 4096 [ 133.978965][ T5974] ntfs: (device loop0): ntfs_is_extended_system_file(): Non-resident file name. You should run chkdsk. [ 134.022258][ T5974] ntfs: (device loop0): ntfs_read_locked_inode(): $DATA attribute is missing. [ 134.046263][ T5974] ntfs: (device loop0): ntfs_read_locked_inode(): Failed with error code -2. Marking corrupt inode 0x1 as bad. Run chkdsk. [ 134.054371][ T5680] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 134.107646][ T5974] ntfs: (device loop0): load_system_files(): Failed to load $MFTMirr. Mounting read-only. Run ntfsfix and/or chkdsk. [ 134.146102][ T5974] ntfs: volume version 3.1. [ 134.167571][ T5974] ntfs: (device loop0): load_and_init_quota(): Failed to find inode number for $Quota. [ 134.183215][ T5974] ntfs: (device loop0): load_system_files(): Failed to load $Quota. Will not be able to remount read-write. Run chkdsk. [ 134.314173][ T5680] usb 6-1: Using ep0 maxpacket: 16 [ 134.318777][ T5974] ntfs: (device loop0): ntfs_ucstonls(): Unicode name contains characters that cannot be converted to character set iso8859-2. You might want to try to use the mount option nls=utf8. [ 134.391731][ T5974] ntfs: (device loop0): ntfs_filldir(): Skipping unrepresentable inode 0x4. [ 134.434311][ T5680] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 134.454084][ T5680] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 134.634290][ T5680] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 134.654064][ T5682] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 134.661758][ T5680] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 134.670434][ T5680] usb 6-1: Product: syz [ 134.680438][ T5680] usb 6-1: Manufacturer: syz [ 134.692084][ T5680] usb 6-1: SerialNumber: syz [ 134.824131][ T4666] Bluetooth: hci2: command 0x0405 tx timeout [ 134.937475][ T6010] program syz.6.531 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 135.024225][ T5680] usb 6-1: 0:2 : does not exist [ 135.034859][ T5682] usb 2-1: config 0 has an invalid interface number: 83 but max is 0 [ 135.043783][ T5682] usb 2-1: config 0 has no interface number 0 [ 135.081701][ T5680] usb 6-1: USB disconnect, device number 4 [ 135.087986][ T5682] usb 2-1: config 0 interface 83 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0 [ 135.129377][ T5682] usb 2-1: New USB device found, idVendor=0b48, idProduct=2003, bcdDevice=39.61 [ 135.168850][ T5682] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 135.199483][ T5682] usb 2-1: config 0 descriptor?? [ 135.256531][ T5682] ttusbir 2-1:0.83: cannot find expected altsetting [ 135.350197][ T4572] udevd[4572]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 135.450819][ T6033] loop6: detected capacity change from 0 to 8 [ 135.459272][ T5682] usb 2-1: USB disconnect, device number 7 [ 135.568178][ T6033] SQUASHFS error: zlib decompression failed, data probably corrupt [ 135.612748][ T6033] SQUASHFS error: Failed to read block 0x4de: -5 [ 135.664541][ T6033] SQUASHFS error: Failed to read block 0x4e2: -5 [ 135.713228][ T6033] SQUASHFS error: Failed to read block 0x9ca: -5 [ 135.741500][ T6033] SQUASHFS error: Failed to read block 0x2cf2: -5 [ 135.779784][ T6033] SQUASHFS error: Failed to read block 0x52cf2: -5 [ 135.821742][ T6033] SQUASHFS error: Failed to read block 0x535f2: -5 [ 135.872534][ T26] audit: type=1800 audit(1773071377.123:5): pid=6033 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.6.538" name="file1" dev="loop6" ino=5 res=0 errno=0 [ 136.102154][ T6057] loop9: detected capacity change from 0 to 7 [ 136.144652][ T6060] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 136.162423][ T6057] Dev loop9: unable to read RDB block 7 [ 136.199478][ T6057] loop9: unable to read partition table [ 136.228607][ T6057] loop9: partition table beyond EOD, truncated [ 136.241340][ T6014] loop0: detected capacity change from 0 to 40427 [ 136.283413][ T6057] loop_reread_partitions: partition scan of loop9 (úù) failed (rc=-5) [ 136.305893][ T6064] netlink: 32 bytes leftover after parsing attributes in process `syz.1.548'. [ 136.411113][ T6014] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 136.452859][ T6014] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 136.473290][ T6073] loop3: detected capacity change from 0 to 256 [ 136.518715][ T6014] F2FS-fs (loop0): invalid crc value [ 136.589724][ T6014] F2FS-fs (loop0): Found nat_bits in checkpoint [ 136.599448][ T26] audit: type=1800 audit(1773071377.853:6): pid=6073 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.551" name="file1" dev="loop3" ino=1048615 res=0 errno=0 [ 136.639705][ T6073] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 136.690315][ T6073] FAT-fs (loop3): Filesystem has been set read-only [ 136.714328][ T6073] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 136.747101][ T6073] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 136.793652][ T6073] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 136.816474][ T6014] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 136.874025][ T6014] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 137.284726][ T4890] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 137.298815][ T4890] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 137.510926][ T6115] loop1: detected capacity change from 0 to 512 [ 137.653448][ T6115] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 137.684729][ T6115] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a802e01c, mo2=0002] [ 137.713174][ T6115] System zones: 1-12 [ 137.721673][ T6115] EXT4-fs (loop1): orphan cleanup on readonly fs [ 137.786951][ T6131] loop3: detected capacity change from 0 to 512 [ 137.801570][ T6115] EXT4-fs error (device loop1): ext4_clear_blocks:883: inode #11: comm syz.1.566: attempt to clear invalid blocks 1024 len 1 [ 137.854105][ T5682] usb 6-1: new full-speed USB device number 5 using dummy_hcd [ 137.861984][ T6131] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 137.886209][ T6131] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem [ 137.897299][ T6115] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz.1.566: bg 0: block 361: padding at end of block bitmap is not set [ 137.984509][ T6115] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6192: Corrupt filesystem [ 138.002849][ T6131] EXT4-fs (loop3): warning: mounting unchecked fs, running e2fsck is recommended [ 138.023897][ T6115] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #11: comm syz.1.566: invalid indirect mapped block 1811939328 (level 0) [ 138.040808][ T6131] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a002e01c, mo2=0006] [ 138.054968][ T6131] System zones: 0-2, 18-18, 34-35 [ 138.071810][ T6131] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 138.135579][ T6115] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #11: comm syz.1.566: invalid indirect mapped block 2 (level 2) [ 138.173395][ T6115] EXT4-fs (loop1): 1 truncate cleaned up [ 138.185294][ T6115] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,,errors=continue. Quota mode: none. [ 138.234679][ T5682] usb 6-1: config 246 has an invalid interface number: 166 but max is 0 [ 138.243542][ T5682] usb 6-1: config 246 has an invalid descriptor of length 0, skipping remainder of the config [ 138.312127][ T5682] usb 6-1: config 246 has no interface number 0 [ 138.312301][ T6131] EXT4-fs (loop3): re-mounted. Opts: . Quota mode: none. [ 138.354171][ T5682] usb 6-1: config 246 interface 166 altsetting 118 endpoint 0xB has invalid wMaxPacketSize 0 [ 138.423427][ T5682] usb 6-1: config 246 interface 166 altsetting 118 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 138.473372][ T5682] usb 6-1: config 246 interface 166 has no altsetting 0 [ 138.620339][ T6155] program syz.6.578 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 138.644307][ T5682] usb 6-1: New USB device found, idVendor=18d1, idProduct=1eaf, bcdDevice= 9.63 [ 138.653545][ T5682] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 138.663671][ T5682] usb 6-1: Product: syz [ 138.694066][ T5682] usb 6-1: Manufacturer: syz [ 138.698767][ T5682] usb 6-1: SerialNumber: syz [ 138.792053][ T6164] loop6: detected capacity change from 0 to 256 [ 138.883787][ T6171] loop3: detected capacity change from 0 to 256 [ 138.936962][ T6171] exfat: Deprecated parameter 'utf8' [ 138.942480][ T6171] exfat: Deprecated parameter 'utf8' [ 138.969865][ T6171] exfat: Deprecated parameter 'utf8' [ 139.007084][ T6171] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xabf88b1f, utbl_chksum : 0xe619d30d) [ 139.182768][ T6181] IPv6: ADDRCONF(NETDEV_CHANGE): nr16: link becomes ready [ 139.240162][ T6178] loop6: detected capacity change from 0 to 2048 [ 139.298599][ T6178] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 139.444237][ T5682] usb 6-1: Limiting number of CPorts to U8_MAX [ 139.457528][ T5682] usb 6-1: Unknown endpoint type found, address 0x0b [ 139.478852][ T5682] usb 6-1: Not enough endpoints found in device, aborting! [ 139.668889][ T4660] usb 6-1: USB disconnect, device number 5 [ 139.767917][ T6202] loop3: detected capacity change from 0 to 764 [ 139.768462][ T6205] ptrace attach of "./syz-executor exec"[5497] was attempted by ""[6205] [ 139.966529][ T6215] loop1: detected capacity change from 0 to 256 [ 140.013125][ T6217] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 140.051034][ T6215] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d) [ 140.388418][ T6236] exfat: Deprecated parameter 'utf8' [ 140.536461][ T6236] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xbc51571d, utbl_chksum : 0xe619d30d) [ 141.025910][ T6267] bridge0: port 1(bridge_slave_0) entered blocking state [ 141.034309][ T6267] bridge0: port 1(bridge_slave_0) entered forwarding state [ 141.303147][ T6278] set_capacity_and_notify: 1 callbacks suppressed [ 141.303166][ T6278] loop0: detected capacity change from 0 to 64 [ 142.051999][ T6288] loop5: detected capacity change from 0 to 8192 [ 142.178538][ T6288] REISERFS (device loop5): found reiserfs format "3.6" with non-standard journal [ 142.212376][ T6288] REISERFS (device loop5): using ordered data mode [ 142.219846][ T6288] reiserfs: using flush barriers [ 142.248849][ T6288] REISERFS (device loop5): journal params: device loop5, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 142.275122][ T6288] REISERFS (device loop5): checking transaction log (loop5) [ 142.591008][ T6324] loop1: detected capacity change from 0 to 64 [ 142.675504][ T6288] REISERFS (device loop5): Using tea hash to sort names [ 142.714302][ T6288] REISERFS warning (device loop5): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 4) not found (pos 2) [ 142.758459][ T6288] REISERFS (device loop5): Created .reiserfs_priv - reserved for xattr storage. [ 142.809899][ T6328] loop6: detected capacity change from 0 to 2048 [ 142.858550][ T6330] loop0: detected capacity change from 0 to 256 [ 142.987740][ T6328] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 143.036573][ T1092] block nbd0: Possible stuck request ffff888020ff8000: control (read@0,4096B). Runtime 60 seconds [ 143.049163][ T6330] exFAT-fs (loop0): failed to load upcase table (idx : 0x00011bf5, chksum : 0xcea91b8a, utbl_chksum : 0xe619d30d) [ 143.075471][ T6338] REISERFS warning (device loop5): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 5) not found (pos 2) [ 143.105499][ T5497] EXT4-fs error (device loop6): ext4_mb_generate_buddy:1161: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4128793 free clusters [ 143.164550][ T6330] exFAT-fs (loop0): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 143.857956][ T6349] loop5: detected capacity change from 0 to 1024 [ 143.962007][ T6349] EXT4-fs (loop5): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 143.994464][ T6345] loop6: detected capacity change from 0 to 65536 [ 144.035328][ T6345] XFS: attr2 mount option is deprecated. [ 144.126241][ T6349] EXT4-fs (loop5): mounted filesystem without journal. Opts: user_xattr,noquota,dioread_nolock,jqfmt=vfsv1,debug_want_extra_isize=0x0000000000000070,max_dir_size_kb=0x00000000000007b1,stripe=0x0000000000000020,bsdgroups,max_batch_time=0x00000000000003fe,user_xattr,noinit_itable,,errors=continue. Quota mode: none. [ 144.273582][ T6349] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1161: group 0, block bitmap and bg descriptor inconsistent: 25 vs 1305 free clusters [ 144.294208][ T6345] XFS (loop6): Mounting V5 Filesystem [ 144.348640][ T6345] XFS (loop6): Ending clean mount [ 144.375707][ T6345] XFS (loop6): Quotacheck needed: Please wait. [ 144.510781][ T6349] syz.5.644 (6349) used greatest stack depth: 20696 bytes left [ 144.551176][ T6370] loop0: detected capacity change from 0 to 4096 [ 144.578068][ T6345] XFS (loop6): Quotacheck: Done. [ 144.714277][ T5497] XFS (loop6): Unmounting Filesystem [ 144.765335][ T6387] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 144.887293][ T6391] program syz.5.655 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 145.082108][ T26] audit: type=1800 audit(1773071386.333:7): pid=6370 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.651" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 145.981607][ T6423] loop0: detected capacity change from 0 to 512 [ 146.101737][ T6423] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 146.119132][ T6428] loop5: detected capacity change from 0 to 512 [ 146.177151][ T6423] EXT4-fs error (device loop0): ext4_readdir:223: inode #12: comm syz.0.665: path /153/file0/file0: directory fails checksum at offset 0 [ 146.482274][ T6448] loop0: detected capacity change from 0 to 512 [ 146.512906][ T6439] loop3: detected capacity change from 0 to 4096 [ 146.547651][ T6448] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 146.601989][ T6448] EXT4-fs (loop0): 1 truncate cleaned up [ 146.684997][ T6448] EXT4-fs (loop0): mounted filesystem without journal. Opts: errors=remount-ro,nodiscard,debug_want_extra_isize=0x0000000000000064,barrier,jqfmt=vfsold,quota,. Quota mode: writeback. [ 146.733474][ T6452] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 146.874162][ T6451] loop6: detected capacity change from 0 to 32768 [ 146.915428][ T6448] EXT4-fs (loop0): shut down requested (2) [ 147.011113][ T6451] [ 147.011113][ T6451] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 147.011113][ T6451] [ 147.052318][ T6439] NILFS error (device loop3): nilfs_dotdot: directory #12 missing '.' [ 147.098026][ T5497] [ 147.098026][ T5497] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 147.098026][ T5497] [ 147.141738][ T5497] [ 147.141738][ T5497] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 147.141738][ T5497] [ 147.170905][ T6439] Remounting filesystem read-only [ 147.388436][ T4192] NILFS (loop3): disposed unprocessed dirty file(s) when detaching log writer [ 147.795128][ T6447] loop5: detected capacity change from 0 to 32768 [ 148.197255][ T6475] openvswitch: netlink: Actions may not be safe on all matching packets [ 148.229989][ T6458] loop1: detected capacity change from 0 to 32768 [ 148.240631][ T6477] loop5: detected capacity change from 0 to 256 [ 148.274136][ T6463] loop6: detected capacity change from 0 to 32768 [ 148.305092][ T6479] loop0: detected capacity change from 0 to 256 [ 148.387216][ T6463] XFS (loop6): Mounting V5 Filesystem [ 148.406228][ T6458] XFS (loop1): Mounting V5 Filesystem [ 148.442996][ T6463] XFS (loop6): Ending clean mount [ 148.522953][ T6458] XFS (loop1): Ending clean mount [ 148.533179][ T6463] XFS (loop6): Quotacheck needed: Please wait. [ 148.589686][ T6467] loop3: detected capacity change from 0 to 32768 [ 148.620503][ T6458] XFS (loop1): Quotacheck needed: Please wait. [ 148.768056][ T6463] XFS (loop6): Quotacheck: Done. [ 148.782022][ T6458] XFS (loop1): Quotacheck: Done. [ 148.934107][ T5291] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 148.979478][ T5497] XFS (loop6): Unmounting Filesystem [ 149.125336][ T4183] XFS (loop1): Unmounting Filesystem [ 149.386508][ T6500] loop0: detected capacity change from 0 to 32768 [ 149.419738][ T5291] usb 6-1: unable to get BOS descriptor or descriptor too short [ 149.454833][ T6500] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz.0.685 (6500) [ 149.510446][ T6500] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 149.534442][ T5291] usb 6-1: config 6 has an invalid interface number: 1 but max is 0 [ 149.554695][ T6500] BTRFS info (device loop0): using free space tree [ 149.562639][ T5291] usb 6-1: config 6 has no interface number 0 [ 149.583833][ T6500] BTRFS info (device loop0): has skinny extents [ 149.594999][ T5291] usb 6-1: config 6 interface 1 has no altsetting 0 [ 149.799046][ T6500] BTRFS info (device loop0): enabling ssd optimizations [ 149.858392][ T6500] 9pnet: p9_fd_create_unix (6500): problem connecting socket: ./file2: -30 [ 149.905419][ T5291] usb 6-1: string descriptor 0 read error: -22 [ 149.911770][ T5291] usb 6-1: New USB device found, idVendor=058b, idProduct=0043, bcdDevice=3c.4e [ 149.923129][ T5291] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 149.957057][ T6529] program syz.1.691 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 150.016138][ T5291] ftdi_sio 6-1:6.1: FTDI USB Serial Device converter detected [ 150.045378][ T5291] usb 6-1: Detected FT-X [ 150.228929][ T5291] ftdi_sio ttyUSB0: Unable to read latency timer: -71 [ 150.254825][ T5291] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 150.284280][ T5291] ftdi_sio 6-1:6.1: GPIO initialisation failed: -71 [ 150.304831][ T5291] usb 6-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 150.339602][ T5291] usb 6-1: USB disconnect, device number 6 [ 150.392255][ T5291] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 150.433851][ T5291] ftdi_sio 6-1:6.1: device disconnected [ 150.534130][ T5683] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 150.845432][ T6551] program syz.3.700 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 150.859926][ T6552] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 150.946960][ T6541] NILFS error (device loop0): nilfs_dotdot: directory #12 missing '.' [ 150.989324][ T6541] Remounting filesystem read-only [ 151.054400][ T5683] usb 7-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 151.088590][ T6558] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem [ 151.091266][ T5683] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 151.138323][ T4184] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 151.139942][ T5683] usb 7-1: Product: syz [ 151.164061][ T5683] usb 7-1: Manufacturer: syz [ 151.168758][ T5683] usb 7-1: SerialNumber: syz [ 151.173850][ T6558] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz.3.702: bg 0: block 255: padding at end of block bitmap is not set [ 151.251239][ T6558] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6192: Corrupt filesystem [ 151.326811][ T6558] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #11: comm syz.3.702: invalid indirect mapped block 1 (level 1) [ 151.347024][ T6558] EXT4-fs (loop3): 1 truncate cleaned up [ 151.357352][ T6558] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 151.444180][ T5683] lan78xx 7-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -71 [ 151.494220][ T5683] lan78xx 7-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -71 [ 151.525072][ T5683] lan78xx 7-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -71 [ 151.574326][ T5683] lan78xx 7-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 151.585137][ T5683] lan78xx 7-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 151.604203][ T5683] lan78xx: probe of 7-1:1.0 failed with error -71 [ 151.627026][ T5683] usb 7-1: USB disconnect, device number 2 [ 152.057473][ T6591] set_capacity_and_notify: 3 callbacks suppressed [ 152.058670][ T6591] loop6: detected capacity change from 0 to 512 [ 152.128001][ T6591] EXT4-fs (loop6): Ignoring removed orlov option [ 152.136411][ T6560] loop5: detected capacity change from 0 to 32768 [ 152.175980][ T6591] EXT4-fs (loop6): 1 truncate cleaned up [ 152.201191][ T6591] EXT4-fs (loop6): mounted filesystem without journal. Opts: orlov,,errors=continue. Quota mode: none. [ 152.223753][ T6560] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop5 scanned by syz.5.703 (6560) [ 152.294362][ T6560] BTRFS info (device loop5): using sha256 (sha256-avx2) checksum algorithm [ 152.354910][ T6560] BTRFS info (device loop5): using free space tree [ 152.390397][ T6560] BTRFS info (device loop5): has skinny extents [ 152.645130][ T6560] BTRFS info (device loop5): enabling ssd optimizations [ 152.660825][ T6586] loop0: detected capacity change from 0 to 32768 [ 152.783805][ T6631] loop3: detected capacity change from 0 to 64 [ 152.796570][ T6632] 9pnet: p9_fd_create_unix (6632): problem connecting socket: ./file2: -30 [ 153.058002][ T6631] Trying to free block not in datazone [ 153.203114][ T6646] loop1: detected capacity change from 0 to 256 [ 153.220672][ T4937] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 10 /dev/loop5 scanned by udevd (4937) [ 153.399495][ T6646] FAT-fs (loop1): Directory bread(block 64) failed [ 153.445038][ T6646] FAT-fs (loop1): Directory bread(block 65) failed [ 153.483267][ T6646] FAT-fs (loop1): Directory bread(block 66) failed [ 153.505565][ T6651] loop6: detected capacity change from 0 to 512 [ 153.524325][ T6646] FAT-fs (loop1): Directory bread(block 67) failed [ 153.559315][ T6646] FAT-fs (loop1): Directory bread(block 68) failed [ 153.593000][ T6646] FAT-fs (loop1): Directory bread(block 69) failed [ 153.644559][ T6646] FAT-fs (loop1): Directory bread(block 70) failed [ 153.651200][ T6646] FAT-fs (loop1): Directory bread(block 71) failed [ 153.678949][ T6646] FAT-fs (loop1): Directory bread(block 72) failed [ 153.691351][ T6646] FAT-fs (loop1): Directory bread(block 73) failed [ 153.724145][ T6651] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 153.897880][ T6651] EXT4-fs error (device loop6): ext4_readdir:223: inode #12: comm syz.6.723: path /50/file0/file0: directory fails checksum at offset 0 [ 154.355486][ T6677] program syz.3.729 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 154.541804][ T6683] loop3: detected capacity change from 0 to 256 [ 154.569583][ T6681] loop6: detected capacity change from 0 to 2048 [ 154.635216][ T6681] UDF-fs: error (device loop6): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 154.650046][ T6683] exFAT-fs (loop3): failed to load upcase table (idx : 0x00011bf5, chksum : 0xcea91b8a, utbl_chksum : 0xe619d30d) [ 154.694397][ T6683] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 154.725543][ T6681] UDF-fs: error (device loop6): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 154.756359][ T6681] UDF-fs: warning (device loop6): udf_load_vrs: No anchor found [ 154.794264][ T6681] UDF-fs: Scanning with blocksize 512 failed [ 154.849624][ T6681] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 155.180363][ T6658] loop0: detected capacity change from 0 to 32768 [ 155.296421][ T6702] loop3: detected capacity change from 0 to 256 [ 155.318761][ T6658] ocfs2: Slot 0 on device (7,0) was already allocated to this node! [ 155.374101][ T6658] JBD2: Ignoring recovery information on journal [ 155.565195][ T6707] program syz.6.738 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 155.638263][ T6658] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 155.812467][ T6672] XFS (loop1): Mounting V5 Filesystem [ 156.048250][ T6672] XFS (loop1): Ending clean mount [ 156.081551][ T6672] XFS (loop1): Quotacheck needed: Please wait. [ 156.103418][ T4184] ocfs2: Unmounting device (7,0) on (node local) [ 156.274681][ T6672] XFS (loop1): Quotacheck: Done. [ 156.386079][ T6740] serio: Serial port ptm0 [ 156.478272][ T4183] XFS (loop1): Unmounting Filesystem [ 156.644254][ T6750] program syz.0.745 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 157.217342][ T6775] set_capacity_and_notify: 2 callbacks suppressed [ 157.217359][ T6775] loop1: detected capacity change from 0 to 256 [ 157.366798][ T6775] exFAT-fs (loop1): failed to load upcase table (idx : 0x00011bf5, chksum : 0xcea91b8a, utbl_chksum : 0xe619d30d) [ 157.434454][ T6775] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 158.030895][ T6767] loop6: detected capacity change from 0 to 32768 [ 158.130842][ T6771] loop0: detected capacity change from 0 to 32768 [ 158.378299][ T6782] loop5: detected capacity change from 0 to 32768 [ 158.431168][ T6771] XFS (loop0): Mounting V5 Filesystem [ 158.459341][ T6822] loop3: detected capacity change from 0 to 512 [ 158.594270][ T6822] EXT4-fs (loop3): Ignoring removed orlov option [ 158.602349][ T6822] EXT4-fs (loop3): Ignoring removed mblk_io_submit option [ 158.627397][ T6782] jfs_readdir called with invalid offset! [ 158.634575][ T6831] netlink: 8 bytes leftover after parsing attributes in process `syz.6.770'. [ 158.643511][ T6831] netlink: 12 bytes leftover after parsing attributes in process `syz.6.770'. [ 158.670950][ T6771] XFS (loop0): Ending clean mount [ 158.707061][ T6831] netlink: 'syz.6.770': attribute type 20 has an invalid length. [ 158.711867][ T6822] EXT4-fs error (device loop3): ext4_iget_extra_inode:4566: inode #15: comm syz.3.768: corrupted in-inode xattr [ 158.734608][ T6771] XFS (loop0): Quotacheck needed: Please wait. [ 158.846942][ T6822] EXT4-fs error (device loop3): ext4_orphan_get:1405: comm syz.3.768: couldn't read orphan inode 15 (err -117) [ 158.906763][ T6822] EXT4-fs (loop3): mounted filesystem without journal. Opts: jqfmt=vfsold,inode_readahead_blks=0x0000000004000000,orlov,noload,delalloc,mblk_io_submit,commit=0x0000000000000000,noblock_validity,nogrpid,init_itable=0x0000000000000fff,,errors=continue. Quota mode: none. [ 158.937981][ T6771] XFS (loop0): Quotacheck: Done. [ 159.084681][ T4184] XFS (loop0): Unmounting Filesystem [ 159.348678][ T6850] loop3: detected capacity change from 0 to 256 [ 159.481282][ T6850] exFAT-fs (loop3): failed to load upcase table (idx : 0x000104d0, chksum : 0xda218cab, utbl_chksum : 0xe619d30d) [ 159.494188][ T1108] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 159.547891][ T6850] exFAT-fs (loop3): error, invalid access to FAT free cluster (entry 0x00000008) [ 159.754074][ T1108] usb 6-1: Using ep0 maxpacket: 16 [ 159.905714][ T1108] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 159.931652][ T1108] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 159.986465][ T1108] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 160.001532][ T6858] loop3: detected capacity change from 0 to 8192 [ 160.019278][ T1108] usb 6-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 160.039114][ T1108] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 160.067128][ T1108] usb 6-1: config 0 descriptor?? [ 160.200793][ T6843] loop1: detected capacity change from 0 to 32768 [ 160.302013][ T6843] (syz.1.774,6843,0):ocfs2_find_slot:468 ERROR: no free slots available! [ 160.314457][ T6843] (syz.1.774,6843,1):ocfs2_mount_volume:1811 ERROR: status = -22 [ 160.368849][ T6843] (syz.1.774,6843,1):ocfs2_fill_super:1177 ERROR: status = -22 [ 160.570896][ T1108] input: HID 045e:07da as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:045E:07DA.0004/input/input13 [ 160.633813][ T6879] loop1: detected capacity change from 0 to 512 [ 160.643670][ T6876] loop0: detected capacity change from 0 to 4096 [ 160.691811][ T1108] microsoft 0003:045E:07DA.0004: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.5-1/input0 [ 160.803167][ T6879] EXT4-fs (loop1): mounted filesystem without journal. Opts: user_xattr,,errors=continue. Quota mode: writeback. [ 160.828643][ T6848] udc-core: couldn't find an available UDC or it's busy [ 160.872418][ T6879] ext4 filesystem being mounted at /164/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 160.884961][ T6848] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 160.894436][ T5683] usb 6-1: USB disconnect, device number 7 [ 160.920545][ T6891] EXT4-fs (loop6): mounting ext2 file system using the ext4 subsystem [ 160.999590][ T4184] ntfs3: loop0: ntfs_evict_inode r=5 failed, -22. [ 161.024909][ T6879] Quota error (device loop1): find_block_dqentry: Quota for id 62708 referenced but not present [ 161.059573][ T6879] Quota error (device loop1): qtree_read_dquot: Can't read quota structure for id 62708 [ 161.079296][ T4184] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 161.088869][ T6879] EXT4-fs error (device loop1): ext4_acquire_dquot:6234: comm syz.1.781: Failed to acquire dquot type 0 [ 161.229717][ T6891] EXT4-fs error (device loop6): ext4_validate_block_bitmap:438: comm syz.6.784: bg 0: block 255: padding at end of block bitmap is not set [ 161.262119][ T6898] fido_id[6898]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/report_descriptor': No such file or directory [ 161.284684][ T6891] EXT4-fs error (device loop6) in ext4_mb_clear_bb:6192: Corrupt filesystem [ 161.340632][ T6891] EXT4-fs error (device loop6): ext4_free_branches:1030: inode #11: comm syz.6.784: invalid indirect mapped block 1 (level 1) [ 161.550618][ T6891] EXT4-fs (loop6): 1 truncate cleaned up [ 161.593295][ T6891] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 162.368938][ T6944] set_capacity_and_notify: 1 callbacks suppressed [ 162.368956][ T6944] loop0: detected capacity change from 0 to 1024 [ 162.474626][ T6900] loop3: detected capacity change from 0 to 32768 [ 162.533630][ T6947] loop6: detected capacity change from 0 to 4096 [ 162.551822][ T6944] EXT4-fs (loop0): Ignoring removed bh option [ 162.583922][ T6944] EXT4-fs (loop0): mounted filesystem without journal. Opts: nodelalloc,dioread_lock,barrier=0x0000000000000005,nolazytime,debug_want_extra_isize=0x0000000000000080,lazytime,errors=remount-ro,stripe=0x0000000000000005,bh,init_itable,. Quota mode: none. [ 162.701990][ T6900] XFS (loop3): Mounting V5 Filesystem [ 162.774132][ T5683] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 162.856181][ T4184] EXT4-fs error (device loop0): ext4_read_inline_dir:1618: inode #12: block 7: comm syz-executor: path /180/file1/file0: bad entry in directory: rec_len is too small for name_len - offset=40, inode=14, rec_len=40, size=80 fake=0 [ 162.925358][ T6900] XFS (loop3): Ending clean mount [ 162.963589][ T6900] XFS (loop3): Quotacheck needed: Please wait. [ 163.014337][ T4184] EXT4-fs (loop0): Remounting filesystem read-only [ 163.022038][ T4184] EXT4-fs error (device loop0): ext4_read_inline_dir:1618: inode #12: block 7: comm syz-executor: path /180/file1/file0: bad entry in directory: rec_len is too small for name_len - offset=40, inode=14, rec_len=40, size=80 fake=0 [ 163.054775][ T5497] ntfs3: loop6: ntfs_evict_inode r=5 failed, -22. [ 163.061269][ T5497] ntfs3: loop6: Mark volume as dirty due to NTFS errors [ 163.074343][ T4184] EXT4-fs (loop0): Remounting filesystem read-only [ 163.102239][ T4184] EXT4-fs error (device loop0): empty_inline_dir:1873: inode #12: block 7: comm syz-executor: bad entry in directory: rec_len is too small for name_len - offset=20, inode=14, rec_len=40, size=60 fake=0 [ 163.134358][ T5683] usb 6-1: config index 0 descriptor too short (expected 57635, got 36) [ 163.142772][ T5683] usb 6-1: config 1 has an invalid interface number: 188 but max is 0 [ 163.207226][ T5683] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 163.217949][ T4184] EXT4-fs (loop0): Remounting filesystem read-only [ 163.236037][ T5683] usb 6-1: config 1 has no interface number 0 [ 163.242335][ T5683] usb 6-1: config 1 interface 188 altsetting 209 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 163.264175][ T5683] usb 6-1: config 1 interface 188 has no altsetting 0 [ 163.266780][ T4184] EXT4-fs warning (device loop0): empty_inline_dir:1880: bad inline directory (dir #12) - inode 14, rec_len 40, name_len 255inline size 60 [ 163.317687][ T6900] XFS (loop3): Quotacheck: Done. [ 163.332447][ T4184] EXT4-fs error (device loop0): ext4_read_inline_dir:1618: inode #12: block 7: comm syz-executor: path /180/file1/file0: bad entry in directory: rec_len is too small for name_len - offset=40, inode=14, rec_len=40, size=80 fake=0 [ 163.404397][ T4184] EXT4-fs (loop0): Remounting filesystem read-only [ 163.418177][ T4184] EXT4-fs error (device loop0): ext4_read_inline_dir:1618: inode #12: block 7: comm syz-executor: path /180/file1/file0: bad entry in directory: rec_len is too small for name_len - offset=40, inode=14, rec_len=40, size=80 fake=0 [ 163.440817][ T5683] usb 6-1: New USB device found, idVendor=2040, idProduct=7210, bcdDevice=5b.6b [ 163.463809][ T5683] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 163.482636][ T5683] usb 6-1: Product: syz [ 163.490116][ T5683] usb 6-1: Manufacturer: syz [ 163.503592][ T4192] XFS (loop3): Unmounting Filesystem [ 163.503806][ T5683] usb 6-1: SerialNumber: syz [ 163.521224][ T4184] EXT4-fs (loop0): Remounting filesystem read-only [ 163.528444][ T4184] EXT4-fs error (device loop0): empty_inline_dir:1873: inode #12: block 7: comm syz-executor: bad entry in directory: rec_len is too small for name_len - offset=20, inode=14, rec_len=40, size=60 fake=0 [ 163.588070][ T4184] EXT4-fs (loop0): Remounting filesystem read-only [ 163.601132][ T4184] EXT4-fs warning (device loop0): empty_inline_dir:1880: bad inline directory (dir #12) - inode 14, rec_len 40, name_len 255inline size 60 [ 163.616987][ T4184] EXT4-fs error (device loop0): ext4_read_inline_dir:1618: inode #12: block 7: comm syz-executor: path /180/file1/file0: bad entry in directory: rec_len is too small for name_len - offset=40, inode=14, rec_len=40, size=80 fake=0 [ 163.642301][ T4184] EXT4-fs (loop0): Remounting filesystem read-only [ 163.649638][ T4184] EXT4-fs error (device loop0): ext4_read_inline_dir:1618: inode #12: block 7: comm syz-executor: path /180/file1/file0: bad entry in directory: rec_len is too small for name_len - offset=40, inode=14, rec_len=40, size=80 fake=0 [ 163.698526][ T4184] EXT4-fs (loop0): Remounting filesystem read-only [ 163.705766][ T4184] EXT4-fs error (device loop0): empty_inline_dir:1873: inode #12: block 7: comm syz-executor: bad entry in directory: rec_len is too small for name_len - offset=20, inode=14, rec_len=40, size=60 fake=0 [ 163.755610][ T4184] EXT4-fs (loop0): Remounting filesystem read-only [ 163.776692][ T4184] EXT4-fs warning (device loop0): empty_inline_dir:1880: bad inline directory (dir #12) - inode 14, rec_len 40, name_len 255inline size 60 [ 163.796042][ T4184] EXT4-fs error (device loop0): ext4_read_inline_dir:1618: inode #12: block 7: comm syz-executor: path /180/file1/file0: bad entry in directory: rec_len is too small for name_len - offset=40, inode=14, rec_len=40, size=80 fake=0 [ 163.819933][ T4184] EXT4-fs (loop0): Remounting filesystem read-only [ 163.856011][ T4184] EXT4-fs warning (device loop0): empty_inline_dir:1880: bad inline directory (dir #12) - inode 14, rec_len 40, name_len 255inline size 60 [ 163.881550][ T4184] EXT4-fs warning (device loop0): empty_inline_dir:1880: bad inline directory (dir #12) - inode 14, rec_len 40, name_len 255inline size 60 [ 163.911688][ T4184] EXT4-fs warning (device loop0): empty_inline_dir:1880: bad inline directory (dir #12) - inode 14, rec_len 40, name_len 255inline size 60 [ 163.922038][ T5683] usb 6-1: unknown interface protocol 0xc1, assuming v1 [ 163.960166][ T5683] usb 6-1: 188:0 : does not exist [ 163.964677][ T4184] EXT4-fs warning (device loop0): empty_inline_dir:1880: bad inline directory (dir #12) - inode 14, rec_len 40, name_len 255inline size 60 [ 164.009629][ T5683] usb 6-1: USB disconnect, device number 8 [ 164.017402][ T4184] EXT4-fs warning (device loop0): empty_inline_dir:1880: bad inline directory (dir #12) - inode 14, rec_len 40, name_len 255inline size 60 [ 164.089143][ T4184] EXT4-fs warning (device loop0): empty_inline_dir:1880: bad inline directory (dir #12) - inode 14, rec_len 40, name_len 255inline size 60 [ 164.115403][ T4184] EXT4-fs warning (device loop0): empty_inline_dir:1880: bad inline directory (dir #12) - inode 14, rec_len 40, name_len 255inline size 60 [ 164.207083][ T6983] netlink: 12 bytes leftover after parsing attributes in process `syz.6.806'. [ 164.284676][ T6985] loop1: detected capacity change from 0 to 1024 [ 164.305984][ T4572] udevd[4572]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.188/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 164.392378][ T6985] EXT4-fs (loop1): filesystem is read-only [ 164.411631][ T6985] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 0 overlaps block group descriptors [ 164.470266][ T6985] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (11891!=20869) [ 164.503864][ T6985] EXT4-fs error (device loop1): ext4_get_journal_inode:5185: comm syz.1.807: inode #1: comm syz.1.807: iget: illegal inode # [ 164.545709][ T6991] loop6: detected capacity change from 0 to 1024 [ 164.558022][ T6985] EXT4-fs (loop1): no journal found [ 164.563785][ T6985] EXT4-fs (loop1): can't get journal size [ 164.581424][ T6985] EXT4-fs error (device loop1): ext4_fill_super:4866: inode #2: comm syz.1.807: iget: bad extra_isize 65535 (inode size 1024) [ 164.600106][ T6985] EXT4-fs (loop1): get root inode failed [ 164.621991][ T6985] EXT4-fs (loop1): mount failed [ 164.702433][ T6991] EXT4-fs (loop6): mounted filesystem without journal. Opts: nouid32,nodioread_nolock,noquota,noblock_validity,journal_dev=0x0000000000000009,nodioread_nolock,,errors=continue. Quota mode: none. [ 164.767969][ T6991] ext4 filesystem being mounted at /72/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 164.928009][ T7004] loop5: detected capacity change from 0 to 512 [ 165.127734][ T4304] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 165.230669][ T4304] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 165.361783][ T4304] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 165.434801][ T4304] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 165.459518][ T7017] loop3: detected capacity change from 0 to 2048 [ 165.466376][ T5285] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 165.474015][ T5292] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 165.536509][ T7017] UDF-fs: error (device loop3): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 165.582385][ T7017] UDF-fs: error (device loop3): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 165.616410][ T7017] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found [ 165.647908][ T7017] UDF-fs: Scanning with blocksize 512 failed [ 165.709392][ T7017] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 165.894524][ T5285] usb 7-1: config 0 has an invalid interface number: 1 but max is 0 [ 165.902774][ T5292] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 165.924166][ T5285] usb 7-1: config 0 has no interface number 0 [ 165.930428][ T5285] usb 7-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 165.943298][ T5292] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 165.953748][ T5285] usb 7-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 165.965654][ T5292] usb 2-1: config 0 descriptor?? [ 165.971508][ T5285] usb 7-1: config 0 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 165.992482][ T5285] usb 7-1: New USB device found, idVendor=28bd, idProduct=0042, bcdDevice= 0.00 [ 166.005566][ T5292] cp210x 2-1:0.0: cp210x converter detected [ 166.020525][ T7025] loop3: detected capacity change from 0 to 1024 [ 166.027298][ T5285] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 166.052117][ T5285] usb 7-1: config 0 descriptor?? [ 166.080104][ T7025] EXT4-fs (loop3): filesystem is read-only [ 166.124254][ T7025] EXT4-fs (loop3): ext4_check_descriptors: Inode table for group 0 overlaps block group descriptors [ 166.164120][ T7025] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (11891!=20869) [ 166.200108][ T7025] EXT4-fs error (device loop3): ext4_get_journal_inode:5185: comm syz.3.822: inode #1: comm syz.3.822: iget: illegal inode # [ 166.235291][ T7025] EXT4-fs (loop3): no journal found [ 166.250902][ T7025] EXT4-fs (loop3): can't get journal size [ 166.272783][ T7025] EXT4-fs error (device loop3): ext4_fill_super:4866: inode #2: comm syz.3.822: iget: bad extra_isize 65535 (inode size 1024) [ 166.292294][ T7025] EXT4-fs (loop3): get root inode failed [ 166.318106][ T7019] loop5: detected capacity change from 0 to 32768 [ 166.329584][ T7025] EXT4-fs (loop3): mount failed [ 166.395548][ T7019] XFS (loop5): Mounting V5 Filesystem [ 166.475443][ T5292] cp210x 2-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 166.511584][ T7020] chnl_net:caif_netlink_parms(): no params data found [ 166.554483][ T5292] usb 2-1: cp210x converter now attached to ttyUSB0 [ 166.629530][ T7019] XFS (loop5): Ending clean mount [ 166.651275][ T7019] XFS (loop5): Quotacheck needed: Please wait. [ 166.758063][ T5285] input: HID 28bd:0042 Pad as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.1/0003:28BD:0042.0005/input/input14 [ 166.760100][ T6535] usb 2-1: USB disconnect, device number 8 [ 166.802416][ T7020] bridge0: port 1(bridge_slave_0) entered blocking state [ 166.824991][ T6535] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 166.852535][ T7020] bridge0: port 1(bridge_slave_0) entered disabled state [ 166.862771][ T6535] cp210x 2-1:0.0: device disconnected [ 166.869486][ T5285] uclogic 0003:28BD:0042.0005: input,hidraw0: USB HID v0.00 Keypad [HID 28bd:0042] on usb-dummy_hcd.6-1/input1 [ 166.889906][ T7019] XFS (loop5): Quotacheck: Done. [ 166.908190][ T7020] device bridge_slave_0 entered promiscuous mode [ 166.980425][ T5299] usb 7-1: USB disconnect, device number 3 [ 167.010322][ T4999] XFS (loop5): Unmounting Filesystem [ 167.019931][ T7020] bridge0: port 2(bridge_slave_1) entered blocking state [ 167.039629][ T7020] bridge0: port 2(bridge_slave_1) entered disabled state [ 167.094384][ T7054] fido_id[7054]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.6/usb7/7-1/report_descriptor': No such file or directory [ 167.131873][ T7020] device bridge_slave_1 entered promiscuous mode [ 167.209277][ T7056] loop3: detected capacity change from 0 to 4096 [ 167.238130][ T7056] ntfs3: loop3: Different NTFS' sector size (1024) and media sector size (512) [ 167.396448][ T7020] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 167.454063][ T7020] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 167.665587][ T7020] team0: Port device team_slave_0 added [ 167.779384][ T4304] device hsr_slave_0 left promiscuous mode [ 167.808109][ T4304] device hsr_slave_1 left promiscuous mode [ 167.844281][ T4304] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 167.870514][ T4304] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 167.903539][ T4304] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 167.921401][ T4304] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 167.929012][ T5292] Bluetooth: hci0: command 0x0409 tx timeout [ 167.940649][ T4304] device bridge_slave_1 left promiscuous mode [ 167.954283][ T4304] bridge0: port 2(bridge_slave_1) entered disabled state [ 167.983179][ T4304] device bridge_slave_0 left promiscuous mode [ 167.984500][ T4256] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 167.995587][ T4304] bridge0: port 1(bridge_slave_0) entered disabled state [ 168.007144][ T7074] loop3: detected capacity change from 0 to 1024 [ 168.052863][ T4304] device veth1_macvtap left promiscuous mode [ 168.064372][ T4304] device veth0_macvtap left promiscuous mode [ 168.070676][ T4304] device veth1_vlan left promiscuous mode [ 168.078709][ T4304] device veth0_vlan left promiscuous mode [ 168.203304][ T5679] hfsplus: b-tree write err: -5, ino 25 [ 168.210083][ T5679] hfsplus: b-tree write err: -5, ino 4 [ 168.223247][ T5679] hfsplus: b-tree write err: -5, ino 2 [ 168.240004][ T5679] hfsplus: b-tree write err: -5, ino 17 [ 168.314636][ T5683] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 168.419160][ T4304] bond0 (unregistering): (slave bond1): Releasing backup interface [ 168.430117][ T4304] bond1 (unregistering): Released all slaves [ 168.524451][ T4256] usb 7-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.00 [ 168.538225][ T4256] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 168.549874][ T4256] usb 7-1: Product: syz [ 168.558123][ T4256] usb 7-1: Manufacturer: syz [ 168.562966][ T4256] usb 7-1: SerialNumber: syz [ 168.572176][ T4304] team0 (unregistering): Port device team_slave_1 removed [ 168.596207][ T4304] team0 (unregistering): Port device team_slave_0 removed [ 168.615237][ T4304] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 168.635367][ T4304] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 168.717652][ T4304] bond0 (unregistering): Released all slaves [ 168.772790][ T7020] team0: Port device team_slave_1 added [ 168.834527][ T5683] usb 6-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36 [ 168.867807][ T5683] usb 6-1: New USB device strings: Mfr=241, Product=2, SerialNumber=3 [ 168.884709][ T7020] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 168.894137][ T5683] usb 6-1: Product: syz [ 168.904356][ T5683] usb 6-1: Manufacturer: syz [ 168.910535][ T5683] usb 6-1: SerialNumber: syz [ 168.916954][ T7020] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 168.945003][ T7020] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 168.951673][ T5683] usb 6-1: config 0 descriptor?? [ 168.961685][ T7020] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 168.969097][ T7020] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 168.995687][ T7020] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 169.025483][ T5683] ch341 6-1:0.0: ch341-uart converter detected [ 169.050554][ T7090] loop3: detected capacity change from 0 to 256 [ 169.086448][ T7020] device hsr_slave_0 entered promiscuous mode [ 169.142555][ T7020] device hsr_slave_1 entered promiscuous mode [ 169.164672][ T7020] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 169.201615][ T7020] Cannot create hsr debugfs directory [ 169.332617][ T4256] rtl8150 7-1:1.0: eth13: rtl8150 is detected [ 169.503366][ T4256] usb 7-1: USB disconnect, device number 4 [ 169.688258][ T7020] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 169.719047][ T7020] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 169.737677][ T7020] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 169.783939][ T7020] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 169.853271][ T7093] loop1: detected capacity change from 0 to 32768 [ 169.904323][ T5683] usb 6-1: failed to send control message: -71 [ 169.910601][ T5683] ch341-uart: probe of ttyUSB0 failed with error -71 [ 169.968354][ T5683] usb 6-1: USB disconnect, device number 9 [ 170.004121][ T5285] Bluetooth: hci0: command 0x041b tx timeout [ 170.055618][ T5683] ch341 6-1:0.0: device disconnected [ 170.114620][ T7093] XFS (loop1): Mounting V5 Filesystem [ 170.238334][ T7020] 8021q: adding VLAN 0 to HW filter on device bond0 [ 170.247322][ T7093] XFS (loop1): Ending clean mount [ 170.274333][ T7093] XFS (loop1): Quotacheck needed: Please wait. [ 170.365805][ T423] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 170.386237][ T423] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 170.445690][ T7020] 8021q: adding VLAN 0 to HW filter on device team0 [ 170.464337][ T5285] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 170.489238][ T7093] XFS (loop1): Quotacheck: Done. [ 170.495970][ T423] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 170.523302][ T423] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 170.603174][ T423] bridge0: port 1(bridge_slave_0) entered blocking state [ 170.610385][ T423] bridge0: port 1(bridge_slave_0) entered forwarding state [ 170.640860][ T423] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 170.668768][ T4183] XFS (loop1): Unmounting Filesystem [ 170.674605][ T1235] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 170.695778][ T1235] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 170.730379][ T1235] bridge0: port 2(bridge_slave_1) entered blocking state [ 170.737562][ T1235] bridge0: port 2(bridge_slave_1) entered forwarding state [ 170.786032][ T1235] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 170.834431][ T423] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 170.849475][ T423] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 170.874552][ T5285] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 170.883652][ T5285] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 170.894298][ T5683] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 170.917893][ T423] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 170.944318][ T5285] usb 4-1: config 0 descriptor?? [ 170.975440][ T423] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 170.985638][ T5285] cp210x 4-1:0.0: cp210x converter detected [ 171.006126][ T423] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 171.015506][ T423] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 171.034589][ T423] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 171.059125][ T423] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 171.085240][ T423] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 171.115064][ T423] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 171.162880][ T7020] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 171.264259][ T5683] usb 7-1: config index 0 descriptor too short (expected 57635, got 36) [ 171.283120][ T5683] usb 7-1: config 1 has an invalid interface number: 188 but max is 0 [ 171.313647][ T5683] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 171.354091][ T5683] usb 7-1: config 1 has no interface number 0 [ 171.369663][ T5683] usb 7-1: config 1 interface 188 altsetting 209 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 171.414325][ T5285] cp210x 4-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 171.423819][ T5683] usb 7-1: config 1 interface 188 has no altsetting 0 [ 171.466838][ T5285] usb 4-1: cp210x converter now attached to ttyUSB0 [ 171.604416][ T5683] usb 7-1: New USB device found, idVendor=2040, idProduct=7210, bcdDevice=5b.6b [ 171.613691][ T5683] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 171.652308][ T5683] usb 7-1: Product: syz [ 171.662429][ T5683] usb 7-1: Manufacturer: syz [ 171.669246][ T7131] loop5: detected capacity change from 0 to 32768 [ 171.687574][ T5683] usb 7-1: SerialNumber: syz [ 171.712989][ T4256] usb 4-1: USB disconnect, device number 8 [ 171.736706][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 171.753663][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 171.762003][ T4256] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 171.784331][ T4256] cp210x 4-1:0.0: device disconnected [ 171.795833][ T7131] XFS (loop5): Mounting V5 Filesystem [ 171.843503][ T7020] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 172.025479][ T7131] XFS (loop5): Starting recovery (logdev: internal) [ 172.030991][ T5683] usb 7-1: unknown interface protocol 0xc1, assuming v1 [ 172.049579][ T5683] usb 7-1: 188:0 : does not exist [ 172.080641][ T5683] usb 7-1: USB disconnect, device number 5 [ 172.084464][ T5285] Bluetooth: hci0: command 0x040f tx timeout [ 172.131604][ T7131] XFS (loop5): Ending recovery (logdev: internal) [ 172.385771][ T4937] udevd[4937]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:1.188/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 172.517667][ T4999] XFS (loop5): Unmounting Filesystem [ 172.636125][ T4239] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 172.670628][ T4239] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 172.740791][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 172.762786][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 172.791067][ T7020] device veth0_vlan entered promiscuous mode [ 172.806760][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 172.846233][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 172.881100][ T7020] device veth1_vlan entered promiscuous mode [ 172.895996][ T4660] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 172.913785][ T5679] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 173.003919][ T7020] device veth0_macvtap entered promiscuous mode [ 173.040676][ T1235] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 173.067468][ T1235] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 173.112952][ T7020] device veth1_macvtap entered promiscuous mode [ 173.117414][ T1092] block nbd0: Possible stuck request ffff888020ff8000: control (read@0,4096B). Runtime 90 seconds [ 173.173393][ T1235] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 173.200918][ T1235] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 173.280700][ T7020] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 173.342399][ T7020] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 173.379702][ T7020] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 173.418336][ T7020] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 173.434340][ T4660] usb 4-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.00 [ 173.443450][ T4660] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 173.449414][ T7020] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 173.464849][ T7204] loop5: detected capacity change from 0 to 512 [ 173.492889][ T7020] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 173.494379][ T4660] usb 4-1: Product: syz [ 173.516367][ T7020] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 173.528572][ T7020] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 173.541285][ T7020] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 173.549235][ T4660] usb 4-1: Manufacturer: syz [ 173.553881][ T4660] usb 4-1: SerialNumber: syz [ 173.560956][ T1235] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 173.577810][ T1235] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 173.615871][ T7204] FAT-fs (loop5): error, corrupted file size (i_pos 51, 8960) [ 173.625619][ T7020] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 173.650242][ T7020] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 173.673511][ T7020] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 173.700091][ T7204] FAT-fs (loop5): error, corrupted file size (i_pos 51, 8960) [ 173.713645][ T7020] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 173.740644][ T7020] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 173.751646][ T7020] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 173.783090][ T7020] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 173.804201][ T5285] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 173.824088][ T7020] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 173.845627][ T7020] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 173.862144][ T4890] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 173.891556][ T4890] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 173.935841][ T7020] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 173.962101][ T7020] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 173.972224][ T7020] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 173.981499][ T7020] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 174.090335][ T7187] loop6: detected capacity change from 0 to 32768 [ 174.161522][ T4239] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 174.174130][ T5292] Bluetooth: hci0: command 0x0419 tx timeout [ 174.192844][ T4239] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 174.226594][ T4305] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 174.272622][ T5679] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 174.284298][ T5679] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 174.296029][ T7187] XFS (loop6): Mounting V5 Filesystem [ 174.302157][ T5679] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 174.379820][ T4660] rtl8150 4-1:1.0: eth13: rtl8150 is detected [ 174.396826][ T5285] usb 2-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36 [ 174.410355][ T5285] usb 2-1: New USB device strings: Mfr=241, Product=2, SerialNumber=3 [ 174.419135][ T5285] usb 2-1: Product: syz [ 174.423372][ T5285] usb 2-1: Manufacturer: syz [ 174.428172][ T5285] usb 2-1: SerialNumber: syz [ 174.447383][ T7187] XFS (loop6): Ending clean mount [ 174.480408][ T5285] usb 2-1: config 0 descriptor?? [ 174.492400][ T7187] XFS (loop6): Quotacheck needed: Please wait. [ 174.546822][ T5285] ch341 2-1:0.0: ch341-uart converter detected [ 174.594668][ T5292] usb 4-1: USB disconnect, device number 9 [ 174.617379][ T7187] XFS (loop6): Quotacheck: Done. [ 174.627240][ T7229] overlayfs: conflicting lowerdir path [ 174.759358][ T5497] XFS (loop6): Unmounting Filesystem [ 175.233688][ T7249] mkiss: ax0: crc mode is auto. [ 175.437296][ T5285] usb 2-1: failed to send control message: -71 [ 175.443833][ T5285] ch341-uart: probe of ttyUSB0 failed with error -71 [ 175.477646][ T7264] sock: sock_timestamping_bind_phc: sock not bind to device [ 175.491633][ T5285] usb 2-1: USB disconnect, device number 9 [ 175.524927][ T5285] ch341 2-1:0.0: device disconnected [ 176.151731][ T7288] loop7: detected capacity change from 0 to 1024 [ 176.317227][ T7288] hfsplus: catalog searching failed [ 176.439482][ T1235] hfsplus: bad catalog file entry [ 176.454554][ T1235] hfsplus: b-tree write err: -5, ino 3 [ 176.544590][ T7310] sock: sock_timestamping_bind_phc: sock not bind to device [ 176.561503][ T7267] loop6: detected capacity change from 0 to 32768 [ 176.770393][ T7267] XFS (loop6): Mounting V5 Filesystem [ 177.170421][ T7267] XFS (loop6): Starting recovery (logdev: internal) [ 177.255052][ T7267] XFS (loop6): Ending recovery (logdev: internal) [ 177.583098][ T5497] XFS (loop6): Unmounting Filesystem [ 177.768457][ T7372] loop5: detected capacity change from 0 to 2048 [ 177.884220][ T7372] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 178.011146][ T7385] 8021q: adding VLAN 0 to HW filter on device bond1 [ 178.083906][ T7385] bond0: (slave bond1): Enslaving as an active interface with an up link [ 178.159349][ T7383] loop1: detected capacity change from 0 to 8192 [ 178.323572][ T7398] loop5: detected capacity change from 0 to 4096 [ 178.333682][ T7383] REISERFS (device loop1): found reiserfs format "3.5" with non-standard journal [ 178.369461][ T7383] REISERFS (device loop1): using ordered data mode [ 178.399427][ T7383] reiserfs: using flush barriers [ 178.429823][ T7383] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 178.479431][ T7398] ntfs3: loop5: Different NTFS' sector size (1024) and media sector size (512) [ 178.534772][ T7383] REISERFS (device loop1): checking transaction log (loop1) [ 178.547243][ T7383] REISERFS (device loop1): Using r5 hash to sort names [ 178.576990][ T7383] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage. [ 178.737772][ T7413] mkiss: ax0: crc mode is auto. [ 179.132899][ T7436] sp0: Synchronizing with TNC [ 179.230068][ T7435] [U] è` [ 179.235704][ T7442] program syz.7.927 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 179.247889][ T7445] loop6: detected capacity change from 0 to 256 [ 179.295364][ T7445] exFAT-fs (loop6): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x46ae1815, utbl_chksum : 0xe619d30d) [ 179.371425][ T7445] exFAT-fs (loop6): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 179.549980][ T7453] loop7: detected capacity change from 0 to 64 [ 179.870948][ T7457] loop6: detected capacity change from 0 to 4096 [ 180.001680][ T7457] ntfs3: loop6: Different NTFS' sector size (1024) and media sector size (512) [ 180.512958][ T7484] sp0: Synchronizing with TNC [ 180.550107][ T7483] [U] è` [ 180.869343][ T7468] loop7: detected capacity change from 0 to 32768 [ 181.073078][ T7482] loop3: detected capacity change from 0 to 32768 [ 181.164709][ T7466] loop5: detected capacity change from 0 to 32768 [ 181.248031][ T7482] JBD2: Ignoring recovery information on journal [ 181.314006][ T7466] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 181.322411][ T7466] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 181.418713][ T7466] gfs2: fsid=syz:syz.s: journal 0 mapped with 5 extents in 0ms [ 181.456416][ T7482] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 181.532818][ T7482] ocfs2: Unmounting device (7,3) on (node local) [ 181.575799][ T7466] gfs2: fsid=syz:syz.s: first mount done, others may mount [ 181.652308][ T7514] loop6: detected capacity change from 0 to 4096 [ 181.676385][ T7519] loop7: detected capacity change from 0 to 8 [ 182.473433][ T7542] loop3: detected capacity change from 0 to 64 [ 182.695877][ T7545] loop7: detected capacity change from 0 to 8192 [ 182.796150][ T7545] REISERFS (device loop7): found reiserfs format "3.5" with non-standard journal [ 182.843885][ T7545] REISERFS (device loop7): using ordered data mode [ 182.884205][ T7545] reiserfs: using flush barriers [ 182.914864][ T7545] REISERFS (device loop7): journal params: device loop7, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 182.931785][ T7545] REISERFS (device loop7): checking transaction log (loop7) [ 182.942912][ T7545] REISERFS (device loop7): Using r5 hash to sort names [ 182.996168][ T7545] REISERFS (device loop7): Created .reiserfs_priv - reserved for xattr storage. [ 183.334907][ T7570] netlink: 6 bytes leftover after parsing attributes in process `syz.3.989'. [ 183.386485][ T7576] netlink: 6 bytes leftover after parsing attributes in process `syz.3.989'. [ 184.004206][ T4256] usb 6-1: new high-speed USB device number 10 using dummy_hcd [ 184.148774][ T7584] XFS (loop1): Mounting V5 Filesystem [ 184.253710][ T7584] XFS (loop1): Ending clean mount [ 184.265141][ T7584] XFS (loop1): Quotacheck needed: Please wait. [ 184.339411][ T7584] XFS (loop1): Quotacheck: Done. [ 184.374851][ T4256] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 184.425129][ T4256] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 184.502011][ T4183] XFS (loop1): Unmounting Filesystem [ 184.558397][ T4256] usb 6-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 184.591645][ T4256] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 184.606329][ T4256] usb 6-1: SerialNumber: syz [ 184.739430][ T1325] kernel write not supported for file /dsp (pid: 1325 comm: kworker/0:2) [ 184.872926][ T7623] input: syz0 as /devices/virtual/input/input15 [ 184.907255][ T4256] usb 6-1: 0:2 : does not exist [ 184.994709][ T4256] usb 6-1: USB disconnect, device number 10 [ 185.251408][ T4572] udevd[4572]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 185.451958][ T4256] kernel write not supported for file /474/loginuid (pid: 4256 comm: kworker/0:5) [ 185.662103][ T7620] set_capacity_and_notify: 2 callbacks suppressed [ 185.662122][ T7620] loop7: detected capacity change from 0 to 32768 [ 185.862030][ T7620] JBD2: Ignoring recovery information on journal [ 186.068301][ T7620] ocfs2: Mounting device (7,7) on (node local, slot 0) with ordered data mode. [ 186.205361][ T7679] loop5: detected capacity change from 0 to 64 [ 186.236377][ T7677] binder: 7676:7677 ioctl 4018620d 0 returned -22 [ 186.255213][ T7020] ocfs2: Unmounting device (7,7) on (node local) [ 186.258587][ T7643] loop3: detected capacity change from 0 to 32768 [ 186.278452][ T7679] BFS-fs: bfs_fill_super(): loop5 is unclean, continuing [ 186.986544][ T4231] kernel read not supported for file /usbmon0 (pid: 4231 comm: kworker/1:7) [ 187.024973][ T7699] loop3: detected capacity change from 0 to 256 [ 187.102976][ T7699] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x46ae1815, utbl_chksum : 0xe619d30d) [ 187.149509][ T7699] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 187.313733][ T7707] block nbd5: NBD_DISCONNECT [ 187.354058][ T1325] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 187.373277][ T7674] loop1: detected capacity change from 0 to 40427 [ 187.458439][ T7674] F2FS-fs (loop1): invalid crc value [ 187.477717][ T7674] F2FS-fs (loop1): Found nat_bits in checkpoint [ 187.632951][ T7674] F2FS-fs (loop1): Start checkpoint disabled! [ 187.668850][ T7674] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [ 187.698045][ T7714] loop5: detected capacity change from 0 to 2048 [ 187.724323][ T1325] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 187.743302][ T1325] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 187.773792][ T7714] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 187.836317][ T1325] usb 7-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 187.855169][ T1325] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 187.919496][ T1325] usb 7-1: SerialNumber: syz [ 188.060001][ T5679] attempt to access beyond end of device [ 188.060001][ T5679] loop1: rw=2049, want=40976, limit=40427 [ 188.227023][ T1325] usb 7-1: 0:2 : does not exist [ 188.308842][ T1325] usb 7-1: USB disconnect, device number 6 [ 188.540031][ T7725] loop7: detected capacity change from 0 to 32768 [ 188.568240][ T4572] udevd[4572]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 188.640746][ T7725] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop7 scanned by syz.7.1047 (7725) [ 188.679017][ T7725] BTRFS info (device loop7): using sha256 (sha256-avx2) checksum algorithm [ 188.696956][ T7725] BTRFS info (device loop7): enabling auto defrag [ 188.711282][ T7725] BTRFS info (device loop7): use no compression [ 188.730126][ T7725] BTRFS info (device loop7): force clearing of disk cache [ 188.748445][ T7725] BTRFS info (device loop7): max_inline at 4096 [ 188.778809][ T7725] BTRFS info (device loop7): disabling free space tree [ 188.826507][ T7725] BTRFS info (device loop7): has skinny extents [ 188.979156][ T7741] loop3: detected capacity change from 0 to 512 [ 189.118410][ T7741] EXT4-fs (loop3): Ignoring removed nobh option [ 189.149022][ T7741] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 189.246163][ T7725] BTRFS info (device loop7): enabling ssd optimizations [ 189.314402][ T7725] BTRFS info (device loop7): clearing free space tree [ 189.321347][ T7725] BTRFS info (device loop7): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 189.334491][ T7741] EXT4-fs (loop3): 1 truncate cleaned up [ 189.340193][ T7741] EXT4-fs (loop3): mounted filesystem without journal. Opts: errors=remount-ro,nobh,debug_want_extra_isize=0x0000000000000068,mb_optimize_scan=0x0000000000000001,max_batch_time=0x0000000000000007,dioread_lock,. Quota mode: none. [ 189.411310][ T7725] BTRFS info (device loop7): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 189.440394][ T7741] EXT4-fs (loop3): shut down requested (2) [ 189.801806][ T7731] loop1: detected capacity change from 0 to 32768 [ 190.012460][ T7731] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 190.021692][ T7731] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 190.091721][ T7731] gfs2: fsid=syz:syz.s: journal 0 mapped with 5 extents in 1ms [ 190.355889][ T7731] gfs2: fsid=syz:syz.s: first mount done, others may mount [ 190.483426][ T7796] input: syz0 as /devices/virtual/input/input16 [ 190.572399][ T4573] udevd[4573]: setting mode of /dev/input/event4 to 020660 failed: No such file or directory [ 190.652339][ T4573] udevd[4573]: setting owner of /dev/input/event4 to uid=0, gid=104 failed: No such file or directory [ 190.661383][ T7779] loop6: detected capacity change from 0 to 32768 [ 190.787729][ T7779] JBD2: Ignoring recovery information on journal [ 190.892775][ T7779] ocfs2: Mounting device (7,6) on (node local, slot 0) with ordered data mode. [ 191.148610][ T5497] ocfs2: Unmounting device (7,6) on (node local) [ 191.204145][ T1108] Bluetooth: hci3: command 0x0406 tx timeout [ 191.249653][ T1108] Bluetooth: hci1: command 0x0406 tx timeout [ 192.185560][ T7821] loop3: detected capacity change from 0 to 40427 [ 192.246655][ T7821] F2FS-fs (loop3): invalid crc value [ 192.283667][ T7821] F2FS-fs (loop3): Found nat_bits in checkpoint [ 192.420042][ T7829] loop5: detected capacity change from 0 to 40427 [ 192.469273][ T7821] F2FS-fs (loop3): Start checkpoint disabled! [ 192.488906][ T7821] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6 [ 192.513767][ T7829] F2FS-fs (loop5): build fault injection attr: rate: 684, type: 0x1ffff [ 192.564054][ T7829] F2FS-fs (loop5): build fault injection attr: rate: 0, type: 0x35f7 [ 192.587881][ T7829] F2FS-fs (loop5): invalid crc value [ 192.619719][ T7829] F2FS-fs (loop5): Found nat_bits in checkpoint [ 192.841626][ T7829] F2FS-fs (loop5): Start checkpoint disabled! [ 192.889998][ T7829] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6 [ 192.941472][ T423] attempt to access beyond end of device [ 192.941472][ T423] loop3: rw=2049, want=45104, limit=40427 [ 193.111759][ T7829] F2FS-fs (loop5): access invalid blkaddr:4043309056 [ 193.149556][ T7829] CPU: 1 PID: 7829 Comm: syz.5.1057 Not tainted syzkaller #0 [ 193.157095][ T7829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 193.167196][ T7829] Call Trace: [ 193.170509][ T7829] [ 193.173475][ T7829] dump_stack_lvl+0x188/0x250 [ 193.178204][ T7829] ? show_regs_print_info+0x20/0x20 [ 193.183451][ T7829] ? f2fs_get_next_page_offset+0x6a0/0x6a0 [ 193.189417][ T7829] f2fs_is_valid_blkaddr+0xc7e/0x1250 [ 193.194847][ T7829] f2fs_map_blocks+0xbcd/0x3300 [ 193.199810][ T7829] ? f2fs_force_buffered_io+0x680/0x680 [ 193.205415][ T7829] ? xa_load+0x276/0x2a0 [ 193.209758][ T7829] f2fs_mpage_readpages+0xc95/0x2260 [ 193.215125][ T7829] ? dquot_release_reservation_block+0xa0/0xa0 [ 193.221335][ T7829] ? f2fs_is_compress_backend_ready+0x99/0x120 [ 193.227527][ T7829] ? f2fs_readahead+0x163/0x2f0 [ 193.232422][ T7829] ? f2fs_set_data_page_dirty+0xad0/0xad0 [ 193.238196][ T7829] read_pages+0x175/0x930 [ 193.242572][ T7829] ? page_cache_ra_unbounded+0x940/0x940 [ 193.248268][ T7829] ? add_to_page_cache_lru+0x2a8/0x4a0 [ 193.253809][ T7829] page_cache_ra_unbounded+0x838/0x940 [ 193.259345][ T7829] ? read_cache_pages_invalidate_pages+0x1c0/0x1c0 [ 193.265900][ T7829] f2fs_readdir+0x496/0xda0 [ 193.270469][ T7829] ? f2fs_fill_dentries+0xd10/0xd10 [ 193.275802][ T7829] ? end_current_label_crit_section+0x14b/0x170 [ 193.282105][ T7829] ? iterate_dir+0x10d/0x560 [ 193.286753][ T7829] ? down_read_killable+0x1ce/0x340 [ 193.291994][ T7829] ? fsnotify_perm+0x254/0x560 [ 193.296807][ T7829] iterate_dir+0x218/0x560 [ 193.301349][ T7829] ? f2fs_fill_dentries+0xd10/0xd10 [ 193.306602][ T7829] __se_sys_getdents+0xf2/0x260 [ 193.311489][ T7829] ? __x64_sys_getdents+0x80/0x80 [ 193.316664][ T7829] ? fillonedir+0x4e0/0x4e0 [ 193.321211][ T7829] ? vtime_user_exit+0x2c8/0x3e0 [ 193.326296][ T7829] ? lockdep_hardirqs_on+0x94/0x140 [ 193.331628][ T7829] do_syscall_64+0x4c/0xa0 [ 193.336091][ T7829] ? clear_bhb_loop+0x30/0x80 [ 193.340809][ T7829] ? clear_bhb_loop+0x30/0x80 [ 193.345615][ T7829] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 193.351558][ T7829] RIP: 0033:0x7f4e65fdd799 [ 193.356110][ T7829] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 193.375946][ T7829] RSP: 002b:00007f4e64237028 EFLAGS: 00000246 ORIG_RAX: 000000000000004e [ 193.384499][ T7829] RAX: ffffffffffffffda RBX: 00007f4e66256fa0 RCX: 00007f4e65fdd799 [ 193.392512][ T7829] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 193.400525][ T7829] RBP: 00007f4e66073bd9 R08: 0000000000000000 R09: 0000000000000000 [ 193.408530][ T7829] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 193.416538][ T7829] R13: 00007f4e66257038 R14: 00007f4e66256fa0 R15: 00007ffe5914f1c8 [ 193.424562][ T7829] [ 193.451139][ T7829] attempt to access beyond end of device [ 193.451139][ T7829] loop5: rw=524288, want=45072, limit=40427 [ 193.462867][ T7829] attempt to access beyond end of device [ 193.462867][ T7829] loop5: rw=0, want=45072, limit=40427 [ 193.773778][ T4239] attempt to access beyond end of device [ 193.773778][ T4239] loop5: rw=2049, want=40976, limit=40427 [ 193.788847][ T7897] loop7: detected capacity change from 0 to 2048 [ 193.812485][ T1108] kernel read not supported for file /usbmon0 (pid: 1108 comm: kworker/1:2) [ 193.904252][ T7897] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 194.026232][ T7908] loop6: detected capacity change from 0 to 128 [ 194.079923][ T7910] loop1: detected capacity change from 0 to 1024 [ 194.200206][ T7910] EXT4-fs (loop1): Ignoring removed bh option [ 194.238973][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.245349][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.364144][ T7910] EXT4-fs (loop1): mounted filesystem without journal. Opts: nojournal_checksum,auto_da_alloc,barrier,norecovery,debug_want_extra_isize=0x0000000000000080,lazytime,nodelalloc,usrquota,noauto_da_alloc,bh,init_itable,,errors=continue. Quota mode: writeback. [ 194.827998][ T7941] loop5: detected capacity change from 0 to 4096 [ 194.939635][ T7941] ntfs3: loop5: Different NTFS' sector size (1024) and media sector size (512) [ 195.012384][ T7939] loop3: detected capacity change from 0 to 8192 [ 195.126734][ T7939] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 195.242106][ T7960] loop5: detected capacity change from 0 to 512 [ 195.340817][ T7960] EXT4-fs (loop5): 1 orphan inode deleted [ 195.368712][ T7960] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 195.407752][ T7960] ext4 filesystem being mounted at /123/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 195.421364][ T7965] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 195.427872][ T7965] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 196.080404][ T7985] loop6: detected capacity change from 0 to 4096 [ 196.111014][ T7985] ntfs: (device loop6): ntfs_is_extended_system_file(): Non-resident file name. You should run chkdsk. [ 196.134017][ T1108] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 196.141951][ T7985] ntfs: (device loop6): ntfs_read_locked_inode(): $DATA attribute is missing. [ 196.168998][ T7985] ntfs: (device loop6): ntfs_read_locked_inode(): Failed with error code -2. Marking corrupt inode 0x1 as bad. Run chkdsk. [ 196.198848][ T7985] ntfs: (device loop6): load_system_files(): Failed to load $MFTMirr. Mounting read-only. Run ntfsfix and/or chkdsk. [ 196.256386][ T7985] ntfs: volume version 3.1. [ 196.276841][ T7985] ntfs: (device loop6): load_and_init_quota(): Failed to find inode number for $Quota. [ 196.311201][ T7985] ntfs: (device loop6): load_system_files(): Failed to load $Quota. Will not be able to remount read-write. Run chkdsk. [ 196.388539][ T1108] usb 4-1: Using ep0 maxpacket: 16 [ 196.388539][ T7985] ntfs: (device loop6): ntfs_ucstonls(): Unicode name contains characters that cannot be converted to character set iso8859-2. You might want to try to use the mount option nls=utf8. [ 196.388658][ T7985] ntfs: (device loop6): ntfs_filldir(): Skipping unrepresentable inode 0x4. [ 196.504474][ T1108] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 196.524044][ T1108] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 196.544023][ T1108] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 196.571685][ T1108] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 196.591229][ T1108] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 196.622444][ T1108] usb 4-1: config 0 descriptor?? [ 196.817785][ T8006] loop6: detected capacity change from 0 to 2048 [ 196.842384][ T8009] program syz.5.1100 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 197.068980][ T8006] NILFS error (device loop6): nilfs_check_page: bad entry in directory #2: unaligned directory entry - offset=0, inode=18446736377128157191, rec_len=65535, name_len=255 [ 197.114501][ T5299] Bluetooth: hci0: command 0x0405 tx timeout [ 197.121509][ T8022] NILFS error (device loop6): nilfs_check_page: bad entry in directory #2: unaligned directory entry - offset=0, inode=18446736377128157191, rec_len=65535, name_len=255 [ 197.136979][ T1108] microsoft 0003:045E:07DA.0006: unknown main item tag 0x0 [ 197.177392][ T1108] microsoft 0003:045E:07DA.0006: No inputs registered, leaving [ 197.213685][ T8006] NILFS error (device loop6): nilfs_check_page: bad entry in directory #2: unaligned directory entry - offset=0, inode=18446736377128157191, rec_len=65535, name_len=255 [ 197.232039][ T1108] microsoft 0003:045E:07DA.0006: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.3-1/input0 [ 197.309818][ T1108] microsoft 0003:045E:07DA.0006: no inputs found [ 197.326941][ T1108] microsoft 0003:045E:07DA.0006: could not initialize ff, continuing anyway [ 197.376831][ T1108] usb 4-1: USB disconnect, device number 10 [ 197.652426][ T8035] fido_id[8035]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory [ 197.874410][ T8056] loop9: detected capacity change from 0 to 7 [ 197.952601][ T8056] Dev loop9: unable to read RDB block 7 [ 197.980849][ T8061] loop5: detected capacity change from 0 to 1024 [ 197.984674][ T8056] loop9: unable to read partition table [ 198.008886][ T8065] loop7: detected capacity change from 0 to 2048 [ 198.015862][ T8056] loop9: partition table beyond EOD, truncated [ 198.028275][ T8056] loop_reread_partitions: partition scan of loop9 (úù) failed (rc=-5) [ 198.101273][ T8061] EXT4-fs (loop5): Ignoring removed bh option [ 198.181790][ T8061] EXT4-fs (loop5): mounted filesystem without journal. Opts: nojournal_checksum,auto_da_alloc,barrier,norecovery,debug_want_extra_isize=0x0000000000000080,lazytime,nodelalloc,usrquota,noauto_da_alloc,bh,init_itable,,errors=continue. Quota mode: writeback. [ 198.225275][ T8065] NILFS error (device loop7): nilfs_check_page: bad entry in directory #2: unaligned directory entry - offset=0, inode=18446736377128157191, rec_len=65535, name_len=255 [ 198.287280][ T8065] NILFS error (device loop7): nilfs_check_page: bad entry in directory #2: unaligned directory entry - offset=0, inode=18446736377128157191, rec_len=65535, name_len=255 [ 198.307091][ T8065] NILFS error (device loop7): nilfs_check_page: bad entry in directory #2: unaligned directory entry - offset=0, inode=18446736377128157191, rec_len=65535, name_len=255 [ 198.364200][ T4658] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 198.744482][ T4658] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 198.769419][ T4658] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 198.809860][ T4658] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 198.847484][ T8099] loop6: detected capacity change from 0 to 8192 [ 198.863142][ T8094] Invalid ELF header magic: != ELF [ 198.916937][ T8099] REISERFS (device loop6): found reiserfs format "3.5" with non-standard journal [ 198.939759][ T8099] REISERFS (device loop6): using ordered data mode [ 198.964213][ T8099] reiserfs: using flush barriers [ 198.979793][ T8099] REISERFS (device loop6): journal params: device loop6, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 198.985723][ T4658] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41 [ 199.005775][ T4658] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11 [ 199.014333][ T4658] usb 4-1: Product: syz [ 199.018833][ T4658] usb 4-1: Manufacturer: syz [ 199.023470][ T4658] usb 4-1: SerialNumber: syz [ 199.036722][ T8099] REISERFS (device loop6): checking transaction log (loop6) [ 199.049416][ T8099] REISERFS (device loop6): Using r5 hash to sort names [ 199.057376][ T8099] REISERFS (device loop6): Created .reiserfs_priv - reserved for xattr storage. [ 199.243746][ T8113] netlink: 32 bytes leftover after parsing attributes in process `syz.5.1149'. [ 199.306598][ T8114] loop1: detected capacity change from 0 to 2048 [ 199.323868][ T4658] usblp 4-1:1.0: usblp0: USB Unidirectional printer dev 11 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 199.472128][ T8114] NILFS error (device loop1): nilfs_check_page: bad entry in directory #2: unaligned directory entry - offset=0, inode=18446736377128157191, rec_len=65535, name_len=255 [ 199.500672][ T8119] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 199.538451][ T8120] NILFS error (device loop1): nilfs_check_page: bad entry in directory #2: unaligned directory entry - offset=0, inode=18446736377128157191, rec_len=65535, name_len=255 [ 199.555385][ C1] vkms_vblank_simulate: vblank timer overrun [ 199.571324][ T1108] usb 4-1: USB disconnect, device number 11 [ 199.584679][ T1108] usblp0: removed [ 199.616509][ T8114] NILFS error (device loop1): nilfs_check_page: bad entry in directory #2: unaligned directory entry - offset=0, inode=18446736377128157191, rec_len=65535, name_len=255 [ 200.080925][ T8129] loop5: detected capacity change from 0 to 4096 [ 200.168998][ T8136] loop3: detected capacity change from 0 to 128 [ 200.197702][ T8129] ntfs: (device loop5): ntfs_is_extended_system_file(): Non-resident file name. You should run chkdsk. [ 200.228484][ T8129] ntfs: (device loop5): ntfs_read_locked_inode(): $DATA attribute is missing. [ 200.297223][ T8136] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 200.325750][ T1108] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 200.349149][ T8129] ntfs: volume version 3.1. [ 200.365307][ T8136] ext4 filesystem being mounted at /260/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 200.594390][ T1108] usb 2-1: Using ep0 maxpacket: 16 [ 200.718633][ T8155] loop5: detected capacity change from 0 to 256 [ 200.728623][ T1108] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 200.748893][ T1108] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 200.784834][ T1108] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 200.799711][ T8151] loop7: detected capacity change from 0 to 8192 [ 200.807301][ T1108] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 200.816815][ T1108] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 200.833900][ T1108] usb 2-1: config 0 descriptor?? [ 200.914711][ T8151] REISERFS (device loop7): found reiserfs format "3.5" with non-standard journal [ 200.933394][ T8151] REISERFS (device loop7): using ordered data mode [ 200.983075][ T8151] reiserfs: using flush barriers [ 201.017102][ T8151] REISERFS (device loop7): journal params: device loop7, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 201.033840][ T8151] REISERFS (device loop7): checking transaction log (loop7) [ 201.078584][ T8151] REISERFS (device loop7): Using r5 hash to sort names [ 201.090712][ T8151] REISERFS (device loop7): Created .reiserfs_priv - reserved for xattr storage. [ 201.262962][ T8172] loop6: detected capacity change from 0 to 512 [ 201.326054][ T1108] microsoft 0003:045E:07DA.0007: unknown main item tag 0x0 [ 201.334940][ T1108] microsoft 0003:045E:07DA.0007: No inputs registered, leaving [ 201.346325][ T1108] microsoft 0003:045E:07DA.0007: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0 [ 201.387231][ T8172] EXT4-fs (loop6): feature flags set on rev 0 fs, running e2fsck is recommended [ 201.418483][ T1108] microsoft 0003:045E:07DA.0007: no inputs found [ 201.430969][ T8178] program syz.3.1167 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 201.449203][ T8172] EXT4-fs (loop6): mounting ext2 file system using the ext4 subsystem [ 201.460298][ T1108] microsoft 0003:045E:07DA.0007: could not initialize ff, continuing anyway [ 201.535493][ T1108] usb 2-1: USB disconnect, device number 10 [ 201.554090][ T8172] EXT4-fs (loop6): warning: mounting unchecked fs, running e2fsck is recommended [ 201.564633][ T8172] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a002e01c, mo2=0006] [ 201.572775][ T8172] System zones: 0-2, 18-18, 34-35 [ 201.614340][ T8172] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 201.721818][ T8181] fido_id[8181]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 201.751476][ T8177] REISERFS (device loop5): found reiserfs format "3.5" with non-standard journal [ 201.761462][ T8172] EXT4-fs (loop6): re-mounted. Opts: . Quota mode: none. [ 201.768798][ T8177] REISERFS (device loop5): using ordered data mode [ 201.785408][ T8177] reiserfs: using flush barriers [ 201.791740][ T8177] REISERFS (device loop5): journal params: device loop5, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 201.808946][ T8177] REISERFS (device loop5): checking transaction log (loop5) [ 201.820032][ T8177] REISERFS (device loop5): Using r5 hash to sort names [ 201.854772][ T8177] REISERFS (device loop5): Created .reiserfs_priv - reserved for xattr storage. [ 201.865504][ T26] kauditd_printk_skb: 6 callbacks suppressed [ 201.865518][ T26] audit: type=1800 audit(1773071443.123:8): pid=8185 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.1166" name="file1" dev="loop7" ino=1048659 res=0 errno=0 [ 201.892232][ C1] vkms_vblank_simulate: vblank timer overrun [ 201.901259][ T8185] FAT-fs (loop7): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 201.967637][ T8185] FAT-fs (loop7): Filesystem has been set read-only [ 202.001846][ T8185] FAT-fs (loop7): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 202.074236][ T8185] FAT-fs (loop7): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 202.153344][ T8185] FAT-fs (loop7): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 202.332147][ T8196] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 202.924165][ T5299] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 202.937969][ T8229] netlink: 32 bytes leftover after parsing attributes in process `syz.6.1199'. [ 203.001660][ T8235] set_capacity_and_notify: 3 callbacks suppressed [ 203.001677][ T8235] loop7: detected capacity change from 0 to 8 [ 203.048505][ T8235] SQUASHFS error: zlib decompression failed, data probably corrupt [ 203.064716][ T8235] SQUASHFS error: Failed to read block 0x4de: -5 [ 203.071626][ T8235] SQUASHFS error: Failed to read block 0x4e2: -5 [ 203.085266][ T8235] SQUASHFS error: Failed to read block 0x9ca: -5 [ 203.091890][ T8235] SQUASHFS error: Failed to read block 0x2cf2: -5 [ 203.105294][ T8235] SQUASHFS error: Failed to read block 0x52cf2: -5 [ 203.137355][ T8235] SQUASHFS error: Failed to read block 0x535f2: -5 [ 203.164308][ T8233] loop1: detected capacity change from 0 to 8192 [ 203.183359][ T26] audit: type=1800 audit(1773071444.433:9): pid=8235 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.7.1189" name="file1" dev="loop7" ino=5 res=0 errno=0 [ 203.197164][ T1092] block nbd0: Possible stuck request ffff888020ff8000: control (read@0,4096B). Runtime 120 seconds [ 203.237288][ T8233] REISERFS (device loop1): found reiserfs format "3.5" with non-standard journal [ 203.251033][ T8233] REISERFS (device loop1): using ordered data mode [ 203.258546][ T8233] reiserfs: using flush barriers [ 203.271828][ T8233] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 203.291566][ T8233] REISERFS (device loop1): checking transaction log (loop1) [ 203.300331][ T8233] REISERFS (device loop1): Using r5 hash to sort names [ 203.317402][ T8233] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage. [ 203.364468][ T5299] usb 4-1: config 0 has an invalid interface number: 83 but max is 0 [ 203.372660][ T5299] usb 4-1: config 0 has no interface number 0 [ 203.419038][ T5299] usb 4-1: config 0 interface 83 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0 [ 203.455036][ T8241] program syz.7.1191 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 203.482872][ T5299] usb 4-1: New USB device found, idVendor=0b48, idProduct=2003, bcdDevice=39.61 [ 203.539694][ T5299] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 203.563335][ T5299] usb 4-1: config 0 descriptor?? [ 203.627268][ T5299] ttusbir 4-1:0.83: cannot find expected altsetting [ 203.865715][ T5299] usb 4-1: USB disconnect, device number 12 [ 203.928459][ T8258] loop6: detected capacity change from 0 to 512 [ 204.042404][ T8258] EXT4-fs (loop6): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 204.079937][ T8258] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a802e01c, mo2=0002] [ 204.093266][ T8265] loop7: detected capacity change from 0 to 764 [ 204.103459][ T8258] System zones: 1-12 [ 204.108635][ T8258] EXT4-fs (loop6): orphan cleanup on readonly fs [ 204.134079][ T8258] EXT4-fs error (device loop6): ext4_clear_blocks:883: inode #11: comm syz.6.1202: attempt to clear invalid blocks 1024 len 1 [ 204.278071][ T8258] EXT4-fs error (device loop6): ext4_validate_block_bitmap:438: comm syz.6.1202: bg 0: block 361: padding at end of block bitmap is not set [ 204.311927][ T8258] EXT4-fs error (device loop6) in ext4_mb_clear_bb:6192: Corrupt filesystem [ 204.363370][ T8253] loop1: detected capacity change from 0 to 40427 [ 204.398883][ T8258] EXT4-fs error (device loop6): ext4_free_branches:1030: inode #11: comm syz.6.1202: invalid indirect mapped block 1811939328 (level 0) [ 204.435085][ T8253] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 204.460685][ T8258] EXT4-fs error (device loop6): ext4_free_branches:1030: inode #11: comm syz.6.1202: invalid indirect mapped block 2 (level 2) [ 204.479739][ T8253] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 204.528940][ T8253] F2FS-fs (loop1): invalid crc value [ 204.544594][ T8258] EXT4-fs (loop6): 1 truncate cleaned up [ 204.584061][ T8258] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,,errors=continue. Quota mode: none. [ 204.637140][ T8253] F2FS-fs (loop1): Found nat_bits in checkpoint [ 204.697251][ T8279] loop5: detected capacity change from 0 to 256 [ 204.784809][ T8279] exfat: Unknown parameter 'ÿÿÿÿÿ' [ 204.820998][ T8284] loop7: detected capacity change from 0 to 64 [ 204.884260][ T8253] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 204.891720][ T8253] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 204.967399][ T8288] loop6: detected capacity change from 0 to 256 [ 205.006660][ T8290] loop5: detected capacity change from 0 to 512 [ 205.056211][ T8290] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended [ 205.110369][ T26] audit: type=1800 audit(1773071446.363:10): pid=8288 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.1212" name="file1" dev="loop6" ino=1048660 res=0 errno=0 [ 205.121585][ T8288] FAT-fs (loop6): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 205.159242][ T8290] EXT4-fs (loop5): mounting ext2 file system using the ext4 subsystem [ 205.237172][ T8288] FAT-fs (loop6): Filesystem has been set read-only [ 205.244015][ T8290] EXT4-fs (loop5): warning: mounting unchecked fs, running e2fsck is recommended [ 205.253901][ T8288] FAT-fs (loop6): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 205.264749][ T8288] FAT-fs (loop6): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 205.268628][ T4239] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 205.278242][ T8288] FAT-fs (loop6): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 205.328517][ T8290] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a002e01c, mo2=0006] [ 205.336895][ T8290] System zones: 0-2, 18-18, 34-35 [ 205.345593][ T4239] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 205.378342][ T8290] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 205.412689][ T8297] loop7: detected capacity change from 0 to 512 [ 205.416666][ T8290] EXT4-fs (loop5): re-mounted. Opts: . Quota mode: none. [ 205.494617][ T8297] EXT4-fs (loop7): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 205.554442][ T8297] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a802e01c, mo2=0002] [ 205.582909][ T8297] System zones: 1-12 [ 205.625100][ T8297] EXT4-fs (loop7): orphan cleanup on readonly fs [ 205.688702][ T8297] EXT4-fs error (device loop7): ext4_clear_blocks:883: inode #11: comm syz.7.1226: attempt to clear invalid blocks 1024 len 1 [ 205.811071][ T8297] EXT4-fs error (device loop7): ext4_validate_block_bitmap:438: comm syz.7.1226: bg 0: block 361: padding at end of block bitmap is not set [ 205.850951][ T8297] EXT4-fs error (device loop7) in ext4_mb_clear_bb:6192: Corrupt filesystem [ 205.904029][ T8297] EXT4-fs error (device loop7): ext4_free_branches:1030: inode #11: comm syz.7.1226: invalid indirect mapped block 1811939328 (level 0) [ 205.964320][ T8297] EXT4-fs error (device loop7): ext4_free_branches:1030: inode #11: comm syz.7.1226: invalid indirect mapped block 2 (level 2) [ 206.009586][ T8312] exfat: Deprecated parameter 'utf8' [ 206.053858][ T8297] EXT4-fs (loop7): 1 truncate cleaned up [ 206.069712][ T8297] EXT4-fs (loop7): mounted filesystem without journal. Opts: ,,errors=continue. Quota mode: none. [ 206.094258][ T8312] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0xbc51571d, utbl_chksum : 0xe619d30d) [ 206.394868][ T8320] program syz.1.1228 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 207.344060][ T7791] usb 4-1: new full-speed USB device number 13 using dummy_hcd [ 207.376113][ T8369] ptrace attach of "./syz-executor exec"[7020] was attempted by ""[8369] [ 207.718834][ T7791] usb 4-1: config 246 has an invalid interface number: 166 but max is 0 [ 207.730850][ T7791] usb 4-1: config 246 has an invalid descriptor of length 0, skipping remainder of the config [ 207.759016][ T7791] usb 4-1: config 246 has no interface number 0 [ 207.773305][ T8392] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 207.786189][ T7791] usb 4-1: config 246 interface 166 altsetting 118 endpoint 0xB has invalid wMaxPacketSize 0 [ 207.802013][ T7791] usb 4-1: config 246 interface 166 altsetting 118 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 207.825596][ T7791] usb 4-1: config 246 interface 166 has no altsetting 0 [ 207.867927][ T8393] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 207.899860][ T8392] EXT4-fs (loop1): mounted filesystem without journal. Opts: user_xattr,noquota,dioread_nolock,jqfmt=vfsv1,debug_want_extra_isize=0x0000000000000070,max_dir_size_kb=0x00000000000007b1,stripe=0x0000000000000020,bsdgroups,max_batch_time=0x00000000000003fe,user_xattr,noinit_itable,,errors=continue. Quota mode: none. [ 207.961451][ T26] audit: type=1800 audit(1773071449.213:11): pid=8386 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1258" name="file1" dev="loop5" ino=15 res=0 errno=0 [ 208.004558][ T26] audit: type=1800 audit(1773071449.243:12): pid=8386 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1258" name="file1" dev="loop5" ino=15 res=0 errno=0 [ 208.014635][ T7791] usb 4-1: New USB device found, idVendor=18d1, idProduct=1eaf, bcdDevice= 9.63 [ 208.050831][ T8392] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1161: group 0, block bitmap and bg descriptor inconsistent: 25 vs 1305 free clusters [ 208.083661][ T7791] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 208.119878][ T7791] usb 4-1: Product: syz [ 208.139276][ T7791] usb 4-1: Manufacturer: syz [ 208.164946][ T7791] usb 4-1: SerialNumber: syz [ 208.436576][ T8414] ptrace attach of "./syz-executor exec"[4183] was attempted by ""[8414] [ 208.740819][ T8428] set_capacity_and_notify: 4 callbacks suppressed [ 208.740836][ T8428] loop1: detected capacity change from 0 to 4096 [ 208.912342][ T8416] loop5: detected capacity change from 0 to 65536 [ 208.934903][ T8416] XFS: attr2 mount option is deprecated. [ 208.946228][ T8431] loop6: detected capacity change from 0 to 1024 [ 208.990538][ T8431] EXT4-fs (loop6): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 209.082771][ T8440] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 209.104314][ T7791] usb 4-1: Limiting number of CPorts to U8_MAX [ 209.111104][ T7791] usb 4-1: Unknown endpoint type found, address 0x0b [ 209.128176][ T7791] usb 4-1: Not enough endpoints found in device, aborting! [ 209.158366][ T8431] EXT4-fs (loop6): mounted filesystem without journal. Opts: user_xattr,noquota,dioread_nolock,jqfmt=vfsv1,debug_want_extra_isize=0x0000000000000070,max_dir_size_kb=0x00000000000007b1,stripe=0x0000000000000020,bsdgroups,max_batch_time=0x00000000000003fe,user_xattr,noinit_itable,,errors=continue. Quota mode: none. [ 209.190906][ T26] audit: type=1800 audit(1773071450.443:13): pid=8428 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1278" name="file1" dev="loop1" ino=15 res=0 errno=0 [ 209.219173][ T8416] XFS (loop5): Mounting V5 Filesystem [ 209.250252][ T26] audit: type=1800 audit(1773071450.443:14): pid=8428 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1278" name="file1" dev="loop1" ino=15 res=0 errno=0 [ 209.329602][ T8431] EXT4-fs error (device loop6): ext4_mb_generate_buddy:1161: group 0, block bitmap and bg descriptor inconsistent: 25 vs 1305 free clusters [ 209.353627][ T5285] usb 4-1: USB disconnect, device number 13 [ 209.407742][ T8416] XFS (loop5): Ending clean mount [ 209.415839][ T8416] XFS (loop5): Quotacheck needed: Please wait. [ 209.517770][ T8416] XFS (loop5): Quotacheck: Done. [ 209.667036][ T4999] XFS (loop5): Unmounting Filesystem [ 210.523404][ T8475] loop6: detected capacity change from 0 to 4096 [ 210.602720][ T8476] loop3: detected capacity change from 0 to 32768 [ 210.717638][ T8476] [ 210.717638][ T8476] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 210.717638][ T8476] [ 210.733160][ T8477] NILFS (loop6): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 210.798002][ T26] audit: type=1800 audit(1773071452.053:15): pid=8475 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.1293" name="file1" dev="loop6" ino=15 res=0 errno=0 [ 210.829413][ T4192] [ 210.829413][ T4192] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 210.829413][ T4192] [ 210.864392][ T4192] [ 210.864392][ T4192] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 210.864392][ T4192] [ 210.906501][ T26] audit: type=1800 audit(1773071452.083:16): pid=8475 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.1293" name="file1" dev="loop6" ino=15 res=0 errno=0 [ 211.571368][ T8504] loop6: detected capacity change from 0 to 128 [ 211.711982][ T8504] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; going on - but anything won't be destroyed because it's read-only [ 211.774037][ T8504] hpfs: filesystem error: improperly stopped [ 211.780098][ T8504] hpfs: filesystem error: warning: spare dnodes used, try chkdsk [ 211.830450][ T8504] hpfs: Proceeding, but your filesystem could be corrupted if you delete files or directories [ 211.874365][ T8504] hpfs: You really don't want any checks? You are crazy... [ 211.893042][ T8504] hpfs: hpfs_map_sector(): read error [ 211.943535][ T8504] hpfs: code page support is disabled [ 211.972558][ T8504] hpfs: hpfs_map_4sectors(): unaligned read [ 212.036070][ T8504] hpfs: hpfs_map_4sectors(): unaligned read [ 212.042138][ T8504] hpfs: filesystem error: unable to find root dir [ 212.130471][ T8521] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1309'. [ 212.180260][ T8521] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1309'. [ 212.455810][ T8511] loop3: detected capacity change from 0 to 40427 [ 212.478650][ T8511] F2FS-fs (loop3): Invalid segment count (0) [ 212.488161][ T8510] loop7: detected capacity change from 0 to 32768 [ 212.495286][ T8511] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock [ 212.511110][ T8511] F2FS-fs (loop3): invalid crc value [ 212.521822][ T8511] F2FS-fs (loop3): Found nat_bits in checkpoint [ 212.594615][ T8511] F2FS-fs (loop3): Start checkpoint disabled! [ 212.639124][ T8511] F2FS-fs (loop3): Try to recover 2th superblock, ret: 0 [ 212.655463][ T8511] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6 [ 212.709491][ T8531] netlink: 'syz.1.1322': attribute type 29 has an invalid length. [ 212.738124][ T8531] netlink: 'syz.1.1322': attribute type 29 has an invalid length. [ 212.890360][ T4305] attempt to access beyond end of device [ 212.890360][ T4305] loop3: rw=2049, want=40984, limit=40427 [ 213.691546][ T8564] loop6: detected capacity change from 0 to 256 [ 213.735523][ T8564] exfat: Deprecated parameter 'utf8' [ 213.779463][ T8564] exFAT-fs (loop6): failed to load upcase table (idx : 0x00010000, chksum : 0xbc51571d, utbl_chksum : 0xe619d30d) [ 214.321806][ T8589] loop6: detected capacity change from 0 to 128 [ 214.462523][ T8589] UDF-fs: error (device loop6): udf_read_tagged: read failed, block=256, location=256 [ 214.535900][ T8589] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 214.642472][ T8589] overlayfs: upper fs needs to support d_type. [ 214.651085][ T8605] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 214.692016][ T8589] overlayfs: upper fs does not support tmpfile. [ 214.838443][ T8609] loop5: detected capacity change from 0 to 256 [ 215.183153][ T8617] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1352'. [ 215.217492][ T8617] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1352'. [ 215.379385][ T8621] loop5: detected capacity change from 0 to 2048 [ 215.406926][ T8623] loop3: detected capacity change from 0 to 64 [ 215.417967][ T8601] loop7: detected capacity change from 0 to 32768 [ 215.560064][ T8626] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 215.580140][ T8621] NILFS (loop5): failed to count free inodes: err=-34 [ 215.628639][ T8601] XFS (loop7): Mounting V5 Filesystem [ 215.845737][ T8601] XFS (loop7): Ending clean mount [ 215.862417][ T8601] XFS (loop7): Quotacheck needed: Please wait. [ 215.902811][ T4999] NILFS (loop5): DAT doesn't have a block to manage vblocknr = 8796093022222 [ 215.921371][ T4999] NILFS error (device loop5): nilfs_bmap_truncate: broken bmap (inode number=16) [ 215.958918][ T4999] Remounting filesystem read-only [ 215.974014][ T4999] NILFS (loop5): error -5 truncating bmap (ino=16) [ 215.984668][ T4999] NILFS (loop5): disposed unprocessed dirty file(s) when detaching log writer [ 216.025437][ T8601] XFS (loop7): Quotacheck: Done. [ 216.195445][ T7020] XFS (loop7): Unmounting Filesystem [ 216.423829][ T8648] netlink: 'syz.3.1360': attribute type 29 has an invalid length. [ 216.479360][ T8648] netlink: 'syz.3.1360': attribute type 29 has an invalid length. [ 216.505596][ T8653] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1362'. [ 216.922305][ T8672] loop7: detected capacity change from 0 to 128 [ 216.992824][ T8672] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; going on - but anything won't be destroyed because it's read-only [ 217.027355][ T8672] hpfs: filesystem error: improperly stopped [ 217.033429][ T8672] hpfs: filesystem error: warning: spare dnodes used, try chkdsk [ 217.069647][ T8672] hpfs: Proceeding, but your filesystem could be corrupted if you delete files or directories [ 217.110766][ T8672] hpfs: You really don't want any checks? You are crazy... [ 217.150373][ T8672] hpfs: hpfs_map_sector(): read error [ 217.159889][ T8672] hpfs: code page support is disabled [ 217.179265][ T8672] hpfs: hpfs_map_4sectors(): unaligned read [ 217.193495][ T8672] hpfs: hpfs_map_4sectors(): unaligned read [ 217.216257][ T8672] hpfs: filesystem error: unable to find root dir [ 217.491064][ T8704] loop7: detected capacity change from 0 to 64 [ 217.509739][ T8703] loop3: detected capacity change from 0 to 256 [ 217.523734][ T8706] loop6: detected capacity change from 0 to 2048 [ 217.608358][ T8707] NILFS (loop6): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 217.643487][ T8706] NILFS (loop6): failed to count free inodes: err=-34 [ 217.744222][ T4668] usb 6-1: new high-speed USB device number 11 using dummy_hcd [ 217.773444][ T5497] NILFS (loop6): DAT doesn't have a block to manage vblocknr = 8796093022222 [ 217.800391][ T5497] NILFS error (device loop6): nilfs_bmap_truncate: broken bmap (inode number=16) [ 217.832040][ T5497] Remounting filesystem read-only [ 217.852101][ T5497] NILFS (loop6): error -5 truncating bmap (ino=16) [ 217.901560][ T5497] NILFS (loop6): disposed unprocessed dirty file(s) when detaching log writer [ 217.994291][ T4668] usb 6-1: Using ep0 maxpacket: 32 [ 218.090103][ T8730] hub 9-0:1.0: USB hub found [ 218.114427][ T4668] usb 6-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 218.124315][ T8730] hub 9-0:1.0: 1 port detected [ 218.129419][ T4668] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 218.143897][ T8733] loop3: detected capacity change from 0 to 128 [ 218.159229][ T4668] usb 6-1: config 0 descriptor?? [ 218.216142][ T8733] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256 [ 218.258985][ T8733] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 218.375779][ T8733] overlayfs: upper fs needs to support d_type. [ 218.383303][ T8733] overlayfs: upper fs does not support tmpfile. [ 218.424205][ T4668] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 218.433510][ C1] vkms_vblank_simulate: vblank timer overrun [ 218.463423][ T4668] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 218.490365][ T8746] overlayfs: upper fs needs to support d_type. [ 218.507066][ T8746] overlayfs: upper fs does not support tmpfile. [ 218.524600][ T4668] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 218.542138][ T4668] usb 6-1: media controller created [ 218.578782][ T4668] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 218.649542][ T8749] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 218.694684][ T4668] az6027: usb out operation failed. (-71) [ 218.711730][ T8743] NILFS (loop1): failed to count free inodes: err=-34 [ 218.749603][ T4668] az6027: usb out operation failed. (-71) [ 218.757584][ T4668] stb0899_attach: Driver disabled by Kconfig [ 218.763726][ T4668] az6027: no front-end attached [ 218.763726][ T4668] [ 218.819409][ T8755] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1408'. [ 218.867259][ T8758] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1409'. [ 218.876872][ T4668] az6027: usb out operation failed. (-71) [ 218.883064][ T4668] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 218.943115][ T8759] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1409'. [ 218.970051][ T4668] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.5/usb6/6-1/input/input20 [ 218.990101][ T8759] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1409'. [ 219.019097][ T4668] dvb-usb: schedule remote query interval to 400 msecs. [ 219.044572][ T4668] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 219.080104][ T4668] usb 6-1: USB disconnect, device number 11 [ 219.216897][ T4668] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 219.363780][ T4183] NILFS (loop1): DAT doesn't have a block to manage vblocknr = 8796093022222 [ 219.403354][ T4183] NILFS error (device loop1): nilfs_bmap_truncate: broken bmap (inode number=16) [ 219.486214][ T4183] Remounting filesystem read-only [ 219.491416][ T4183] NILFS (loop1): error -5 truncating bmap (ino=16) [ 219.544235][ T4183] NILFS (loop1): disposed unprocessed dirty file(s) when detaching log writer [ 219.704093][ T8784] set_capacity_and_notify: 3 callbacks suppressed [ 219.704112][ T8784] loop1: detected capacity change from 0 to 256 [ 219.746969][ T8786] loop5: detected capacity change from 0 to 128 [ 219.775420][ T8784] exFAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 219.814389][ T8786] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=256, location=256 [ 219.854030][ T8784] exFAT-fs (loop1): Medium has reported failures. Some data may be lost. [ 219.919592][ T8786] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 219.929201][ T8784] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xe62d5a5a, utbl_chksum : 0xe619d30d) [ 220.017913][ T8786] overlayfs: upper fs needs to support d_type. [ 220.068006][ T8798] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 220.238514][ T8786] overlayfs: upper fs does not support tmpfile. [ 220.534645][ T8804] program syz.6.1432 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 220.924780][ T8797] loop3: detected capacity change from 0 to 131072 [ 220.953791][ T8793] loop7: detected capacity change from 0 to 32768 [ 221.020538][ T8813] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1431'. [ 221.046462][ T8797] F2FS-fs (loop3): Wrong CP boundary, start(512) end(1536) blocks(0) [ 221.056889][ T8797] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 221.086602][ T8797] F2FS-fs (loop3): invalid crc value [ 221.200703][ T8793] XFS (loop7): Mounting V5 Filesystem [ 221.209220][ T8797] F2FS-fs (loop3): Found nat_bits in checkpoint [ 221.261991][ T8797] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 221.269499][ T8797] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4 [ 221.406577][ T8833] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1439'. [ 221.546938][ T8793] XFS (loop7): Ending clean mount [ 221.559193][ T8793] XFS (loop7): Quotacheck needed: Please wait. [ 221.623762][ T8837] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1438'. [ 221.720227][ T8793] XFS (loop7): Quotacheck: Done. [ 221.811469][ T8845] loop5: detected capacity change from 0 to 256 [ 221.884529][ T7020] XFS (loop7): Unmounting Filesystem [ 221.904715][ T8845] exfat: Deprecated parameter 'utf8' [ 221.910080][ T8845] exfat: Deprecated parameter 'utf8' [ 222.010966][ T8845] exfat: Deprecated parameter 'utf8' [ 222.086442][ T8845] exFAT-fs (loop5): failed to load upcase table (idx : 0x00011f3f, chksum : 0x96b62a4c, utbl_chksum : 0xe619d30d) [ 222.853720][ T8869] loop6: detected capacity change from 0 to 8192 [ 222.886344][ T8873] loop7: detected capacity change from 0 to 256 [ 222.896722][ T8875] loop3: detected capacity change from 0 to 128 [ 222.947021][ T8869] REISERFS (device loop6): found reiserfs format "3.6" with non-standard journal [ 222.970547][ T8869] REISERFS (device loop6): using ordered data mode [ 222.985648][ T8869] reiserfs: using flush barriers [ 222.995693][ T8875] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 223.037188][ T8875] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 223.072276][ T8869] REISERFS (device loop6): journal params: device loop6, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 223.097861][ T8869] REISERFS (device loop6): checking transaction log (loop6) [ 223.107242][ T8869] REISERFS (device loop6): Using r5 hash to sort names [ 223.115053][ T8869] REISERFS warning (device loop6): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 223.129339][ T8869] REISERFS (device loop6): Created .reiserfs_priv - reserved for xattr storage. [ 223.144962][ T8869] REISERFS warning (device loop6): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 223.160857][ T8873] FAT-fs (loop7): Directory bread(block 64) failed [ 223.193569][ T8873] FAT-fs (loop7): Directory bread(block 65) failed [ 223.226301][ T8873] FAT-fs (loop7): Directory bread(block 66) failed [ 223.257216][ T8873] FAT-fs (loop7): Directory bread(block 67) failed [ 223.326734][ T8873] FAT-fs (loop7): Directory bread(block 68) failed [ 223.333341][ T8873] FAT-fs (loop7): Directory bread(block 69) failed [ 223.335812][ T5679] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 223.404166][ T8873] FAT-fs (loop7): Directory bread(block 70) failed [ 223.410775][ T8873] FAT-fs (loop7): Directory bread(block 71) failed [ 223.484068][ T8873] FAT-fs (loop7): Directory bread(block 72) failed [ 223.491711][ T8873] FAT-fs (loop7): Directory bread(block 73) failed [ 223.660129][ T8886] loop5: detected capacity change from 0 to 1024 [ 223.741682][ T8884] loop3: detected capacity change from 0 to 40427 [ 223.756544][ T8884] F2FS-fs (loop3): Insane cp_payload (553648128 >= 504) [ 223.763644][ T8884] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 224.164106][ T4658] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 224.407719][ T4658] usb 4-1: Using ep0 maxpacket: 8 [ 224.539907][ T4658] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 224.559622][ T4658] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 224.566136][ T8926] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 224.566136][ T8926] The task syz.5.1477 (8926) triggered the difference, watch for misbehavior. [ 224.626958][ T4658] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 224.724010][ T4658] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 224.832458][ T4658] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 224.872530][ T4658] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 224.943405][ T8935] loop6: detected capacity change from 0 to 256 [ 224.970705][ T8906] loop1: detected capacity change from 0 to 32768 [ 224.981896][ T8935] exFAT-fs (loop6): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 225.027483][ T8935] exFAT-fs (loop6): Medium has reported failures. Some data may be lost. [ 225.100046][ T8935] exFAT-fs (loop6): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 225.144127][ T4658] usb 4-1: GET_CAPABILITIES returned 0 [ 225.149832][ T4658] usbtmc 4-1:16.0: can't read capabilities [ 225.240623][ T8937] loop6: detected capacity change from 0 to 64 [ 225.282717][ T8937] MINIX-fs: deleted inode referenced: 6 [ 225.294728][ T8937] MINIX-fs: deleted inode referenced: 6 [ 225.300522][ T8937] MINIX-fs: deleted inode referenced: 6 [ 225.332090][ T8937] MINIX-fs: deleted inode referenced: 6 [ 225.350223][ T4658] usb 4-1: USB disconnect, device number 14 [ 225.721501][ T8953] loop6: detected capacity change from 0 to 64 [ 226.139164][ T8946] loop5: detected capacity change from 0 to 32768 [ 226.239782][ T8966] loop1: detected capacity change from 0 to 8192 [ 226.292707][ T8971] loop6: detected capacity change from 0 to 1024 [ 226.300394][ T8966] REISERFS (device loop1): found reiserfs format "3.6" with non-standard journal [ 226.316709][ T8966] REISERFS (device loop1): using ordered data mode [ 226.323492][ T8966] reiserfs: using flush barriers [ 226.331253][ T8966] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 226.354684][ T8971] EXT4-fs (loop6): Ignoring removed bh option [ 226.380270][ T8966] REISERFS (device loop1): checking transaction log (loop1) [ 226.464988][ T8971] EXT4-fs (loop6): mounted filesystem without journal. Opts: nodelalloc,dioread_lock,barrier=0x0000000000000004,nolazytime,debug_want_extra_isize=0x0000000000000080,lazytime,errors=remount-ro,stripe=0x0000000000000005,bh,init_itable,. Quota mode: none. [ 226.489308][ C1] vkms_vblank_simulate: vblank timer overrun [ 226.576254][ T8966] REISERFS (device loop1): Using tea hash to sort names [ 226.584130][ T4658] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 226.604630][ T8966] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage. [ 226.718428][ T8966] REISERFS warning (device loop1): vs-13060 reiserfs_update_sd_size: stat data of object [2 5 0x0 SD] (nlink == 1) not found (pos 4) [ 226.824184][ T4658] usb 4-1: Using ep0 maxpacket: 16 [ 226.847246][ T8983] loop6: detected capacity change from 0 to 512 [ 226.987645][ T26] audit: type=1800 audit(1773071468.243:17): pid=8983 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.1504" name="file1" dev="loop6" ino=1048701 res=0 errno=0 [ 226.990876][ T4658] usb 4-1: unable to get BOS descriptor or descriptor too short [ 227.050586][ T5285] Bluetooth: hci4: command 0x0406 tx timeout [ 227.104558][ T4658] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 227.120186][ T4658] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 8 [ 227.130828][ T4658] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 227.161943][ T4658] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0 [ 227.354273][ T4658] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 227.363404][ T4658] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 227.386273][ T4658] usb 4-1: Product: syz [ 227.390512][ T4658] usb 4-1: Manufacturer: syz [ 227.416827][ T4658] usb 4-1: SerialNumber: syz [ 227.433293][ T8998] loop1: detected capacity change from 0 to 64 [ 227.513349][ T8998] attempt to access beyond end of device [ 227.513349][ T8998] loop1: rw=0, want=1026, limit=64 [ 227.551768][ T8998] Buffer I/O error on dev loop1, logical block 512, async page read [ 227.585978][ T8998] attempt to access beyond end of device [ 227.585978][ T8998] loop1: rw=0, want=113154, limit=64 [ 227.618809][ T8998] Buffer I/O error on dev loop1, logical block 56576, async page read [ 227.632975][ T9002] loop6: detected capacity change from 0 to 1024 [ 227.709025][ T9007] sctp: [Deprecated]: syz.5.1516 (pid 9007) Use of struct sctp_assoc_value in delayed_ack socket option. [ 227.709025][ T9007] Use struct sctp_sack_info instead [ 227.765915][ T4658] cdc_ncm 4-1:1.0: bind() failure [ 227.795183][ T4658] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found [ 227.802042][ T4658] cdc_ncm 4-1:1.1: bind() failure [ 227.818465][ T4658] usb 4-1: USB disconnect, device number 15 [ 227.835065][ T9002] EXT4-fs (loop6): mounted filesystem without journal. Opts: nouid32,nodioread_nolock,noquota,jqfmt=vfsv1,journal_dev=0x0000000000000009,commit=0x0000000000000000,,errors=continue. Quota mode: none. [ 227.854685][ C1] vkms_vblank_simulate: vblank timer overrun [ 227.940773][ T9002] ext4 filesystem being mounted at /241/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 227.995719][ T9016] FAT-fs (loop5): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 228.031794][ T9002] EXT4-fs error (device loop6): ext4_validate_block_bitmap:438: comm syz.6.1513: bg 0: block 112: padding at end of block bitmap is not set [ 228.057725][ T9016] FAT-fs (loop5): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 228.145555][ T9002] EXT4-fs (loop6): Delayed block allocation failed for inode 16 at logical offset 21 with max blocks 44 with error 117 [ 228.164236][ T27] INFO: task udevd:4177 blocked for more than 143 seconds. [ 228.183975][ T27] Not tainted syzkaller #0 [ 228.189206][ T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 228.231076][ T9002] EXT4-fs (loop6): This should not happen!! Data will be lost [ 228.231076][ T9002] [ 228.248600][ T27] task:udevd state:D stack:25264 pid: 4177 ppid: 3560 flags:0x00004002 [ 228.271135][ T27] Call Trace: [ 228.279606][ T27] [ 228.292933][ T27] __schedule+0x11ef/0x43c0 [ 228.309699][ T27] ? release_firmware_map_entry+0x190/0x190 [ 228.339817][ T27] ? preempt_schedule+0xbc/0xd0 [ 228.369701][ T27] ? preempt_schedule_common+0xa5/0xd0 [ 228.395988][ T27] ? release_firmware_map_entry+0x190/0x190 [ 228.402432][ T27] ? preempt_schedule+0xbc/0xd0 [ 228.409485][ T27] ? schedule_preempt_disabled+0x20/0x20 [ 228.415531][ T27] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 228.421563][ T27] ? lock_chain_count+0x20/0x20 [ 228.426945][ T27] schedule+0x11b/0x1e0 [ 228.431989][ T27] io_schedule+0x7c/0xd0 [ 228.436689][ T27] wait_on_page_bit_common+0x83b/0xe50 [ 228.442317][ T27] ? wait_on_page_bit+0x50/0x50 [ 228.447632][ T27] ? blkdev_fallocate+0x4d0/0x4d0 [ 228.452807][ T27] ? rcu_lock_release+0x20/0x20 [ 228.458248][ T27] ? add_to_page_cache_lru+0x2a8/0x4a0 [ 228.463856][ T27] do_read_cache_page+0xb05/0x1030 [ 228.469504][ T27] read_part_sector+0xd4/0x4f0 [ 228.474616][ T27] ? vsnprintf+0x14e/0x1c20 [ 228.479171][ T27] adfspart_check_ICS+0xc3/0xe40 [ 228.484692][ T27] ? vsnprintf+0x1b21/0x1c20 [ 228.489517][ T27] ? adfspart_check_ADFS+0x840/0x840 [ 228.498748][ T27] ? snprintf+0xe5/0x140 [ 228.503058][ T27] ? vscnprintf+0x80/0x80 [ 228.509218][ T27] bdev_disk_changed+0x933/0x16c0 [ 228.514689][ T27] ? blk_drop_partitions+0x1b0/0x1b0 [ 228.520097][ T27] ? _atomic_dec_and_lock+0x8f/0x110 [ 228.525907][ T27] blkdev_get_whole+0x2f9/0x390 [ 228.530880][ T27] blkdev_get_by_dev+0x2d0/0xa60 [ 228.536257][ T27] blkdev_open+0x12d/0x2c0 [ 228.540741][ T27] ? block_ioctl+0xf0/0xf0 [ 228.545702][ T27] do_dentry_open+0x7ff/0xf80 [ 228.550450][ T27] path_openat+0x26f5/0x2fa0 [ 228.557997][ T27] ? verify_lock_unused+0x140/0x140 [ 228.563455][ T27] ? slab_post_alloc_hook+0x4c/0x380 [ 228.573126][ T27] ? do_filp_open+0x410/0x410 [ 228.580353][ T27] do_filp_open+0x1e2/0x410 [ 228.588500][ T27] ? vfs_tmpfile+0x300/0x300 [ 228.593338][ T27] ? _raw_spin_unlock+0x24/0x40 [ 228.600850][ T27] ? alloc_fd+0x598/0x630 [ 228.608910][ T27] do_sys_openat2+0x150/0x4b0 [ 228.615231][ T27] ? __lock_acquire+0x7d10/0x7d10 [ 228.620433][ T27] ? do_sys_open+0xe0/0xe0 [ 228.625262][ T27] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 228.631419][ T27] ? lock_chain_count+0x20/0x20 [ 228.644096][ T27] ? vtime_user_exit+0x2c8/0x3e0 [ 228.649966][ T27] __x64_sys_openat+0x135/0x160 [ 228.655093][ T27] do_syscall_64+0x4c/0xa0 [ 228.659649][ T27] ? clear_bhb_loop+0x30/0x80 [ 228.665440][ T27] ? clear_bhb_loop+0x30/0x80 [ 228.670419][ T27] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 228.677139][ T27] RIP: 0033:0x7f616caf4407 [ 228.681696][ T27] RSP: 002b:00007ffeff705320 EFLAGS: 00000202 ORIG_RAX: 0000000000000101 [ 228.690523][ T27] RAX: ffffffffffffffda RBX: 00007f616ca06880 RCX: 00007f616caf4407 [ 228.698661][ T27] RDX: 0000000000080000 RSI: 00005603f05710f0 RDI: ffffffffffffff9c [ 228.710545][ T27] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 228.719659][ T27] R10: 0000000000000000 R11: 0000000000000202 R12: 00005603c615f95f [ 228.727877][ T27] R13: 00005603c6170660 R14: 0000000000000000 R15: 00000000ffffffff [ 228.736143][ T27] [ 228.739391][ T27] [ 228.739391][ T27] Showing all locks held in the system: [ 228.747624][ T5679] FAT-fs (loop5): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 228.770840][ T27] 1 lock held by khungtaskd/27: [ 228.781236][ T27] #0: ffffffff8c31eaa0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x0/0x30 [ 228.799976][ T27] 2 locks held by kworker/u4:3/423: [ 228.809005][ T27] #0: ffff8880b903a358 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x26/0x140 [ 228.821238][ T27] #1: ffff8880b9027888 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: psi_task_switch+0x4fe/0x7d0 [ 228.835534][ T9018] JBD2: Ignoring recovery information on journal [ 228.846589][ T27] 2 locks held by getty/3947: [ 228.851552][ T27] #0: ffff88802c7ec098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x21/0x70 [ 228.861611][ T27] #1: ffffc90002cf62e8 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x5df/0x1a70 [ 228.872163][ T27] 1 lock held by udevd/4177: [ 228.880149][ T27] #0: ffff888020cb2918 (&disk->open_mutex){+.+.}-{3:3}, at: blkdev_get_by_dev+0x157/0xa60 [ 228.891190][ T27] 1 lock held by udevd/4572: [ 228.896155][ T27] 2 locks held by kworker/0:7/4658: [ 228.901773][ T27] #0: ffff888016c72138 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: process_one_work+0x761/0x1010 [ 228.912514][ T27] #1: ffffc9000367fd00 ((work_completion)(&rew.rew_work)){+.+.}-{0:0}, at: process_one_work+0x79f/0x1010 [ 228.925759][ T27] 3 locks held by kworker/0:15/4668: [ 228.931708][ T27] #0: ffff888016c70938 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x761/0x1010 [ 228.942257][ T27] #1: ffffc900036dfd00 ((work_completion)(&pwq->unbound_release_work)){+.+.}-{0:0}, at: process_one_work+0x79f/0x1010 [ 228.959280][ T27] #2: ffffffff8c323528 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x2d1/0x750 [ 228.970369][ T27] 2 locks held by syz-executor/4999: [ 228.976023][ T27] #0: ffff88802091c518 (&disk->open_mutex){+.+.}-{3:3}, at: blkdev_put+0xf9/0x7d0 [ 228.985528][ T27] #1: ffff888020a8a468 (&lo->lo_mutex){+.+.}-{3:3}, at: __loop_clr_fd+0xaa/0xb90 [ 228.995084][ T27] 2 locks held by syz-executor/5497: [ 229.000406][ T27] #0: ffff88802091e118 (&disk->open_mutex){+.+.}-{3:3}, at: blkdev_put+0xf9/0x7d0 [ 229.010035][ T27] #1: ffff888020a8d468 (&lo->lo_mutex){+.+.}-{3:3}, at: __loop_clr_fd+0xaa/0xb90 [ 229.019597][ T27] 2 locks held by syz.7.1519/9018: [ 229.025135][ T27] [ 229.027859][ T27] ============================================= [ 229.027859][ T27] [ 229.058102][ T27] NMI backtrace for cpu 0 [ 229.062507][ T27] CPU: 0 PID: 27 Comm: khungtaskd Not tainted syzkaller #0 [ 229.069847][ T27] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 229.079946][ T27] Call Trace: [ 229.083275][ T27] [ 229.086396][ T27] dump_stack_lvl+0x188/0x250 [ 229.091126][ T27] ? show_regs_print_info+0x20/0x20 [ 229.096383][ T27] ? load_image+0x400/0x400 [ 229.100940][ T27] ? tick_nohz_tick_stopped+0x7b/0xb0 [ 229.104245][ C1] vkms_vblank_simulate: vblank timer overrun [ 229.106377][ T27] ? nmi_cpu_backtrace+0x1b2/0x3d0 [ 229.117508][ T27] nmi_cpu_backtrace+0x3a2/0x3d0 [ 229.122587][ T27] ? nmi_trigger_cpumask_backtrace+0x280/0x280 [ 229.128893][ T27] ? _printk+0xda/0x130 [ 229.133263][ T27] ? load_image+0x400/0x400 [ 229.137984][ T27] ? load_image+0x400/0x400 [ 229.142530][ T27] ? arch_trigger_cpumask_backtrace+0x10/0x10 [ 229.148781][ T27] nmi_trigger_cpumask_backtrace+0x163/0x280 [ 229.154803][ T27] watchdog+0xe0f/0xe50 [ 229.159020][ T27] kthread+0x436/0x520 [ 229.163127][ T27] ? hungtask_pm_notify+0x40/0x40 [ 229.168292][ T27] ? kthread_blkcg+0xd0/0xd0 [ 229.172918][ T27] ret_from_fork+0x1f/0x30 [ 229.177588][ T27] [ 229.181180][ T27] Sending NMI from CPU 0 to CPUs 1: [ 229.186691][ C1] NMI backtrace for cpu 1 [ 229.186704][ C1] CPU: 1 PID: 9018 Comm: syz.7.1519 Not tainted syzkaller #0 [ 229.186723][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 229.186734][ C1] RIP: 0010:unwind_next_frame+0x6e6/0x1d90 [ 229.186760][ C1] Code: 84 ee 01 00 00 44 89 f9 80 e1 07 38 c1 0f 8c e0 01 00 00 be 02 00 00 00 48 89 7c 24 08 4c 89 ff e8 cf 19 89 00 e9 fd 14 00 00 <48> 8b 44 24 40 42 80 3c 28 00 4c 8b 74 24 38 74 0c 4c 89 f7 e8 f1 [ 229.186776][ C1] RSP: 0018:ffffc900034be608 EFLAGS: 00000297 [ 229.186792][ C1] RAX: 0000000000000105 RBX: ffffc900034be6c8 RCX: ffffffff8dfc08ec [ 229.186806][ C1] RDX: ffffffff8e99815c RSI: ffffffff8e99814a RDI: ffffffff81350d2c [ 229.186820][ C1] RBP: ffffffff89e000c9 R08: 0000000000000004 R09: 0000000000000013 [ 229.186833][ C1] R10: dffffc0000000000 R11: fffff52000697ce5 R12: 1ffffffff1d3302c [ 229.186847][ C1] R13: dffffc0000000000 R14: ffffffff8e998160 R15: 0000000000000005 [ 229.186861][ C1] FS: 00007fd442e8e6c0(0000) GS:ffff8880b9100000(0000) knlGS:0000000000000000 [ 229.186878][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 229.186891][ C1] CR2: 00007f616c056000 CR3: 00000000588c2000 CR4: 00000000003506e0 [ 229.186908][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 229.186919][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 229.186931][ C1] Call Trace: [ 229.186936][ C1] [ 229.186945][ C1] ? entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 229.186968][ C1] ? stack_trace_save+0xf0/0xf0 [ 229.186987][ C1] arch_stack_walk+0x10c/0x140 [ 229.187010][ C1] ? entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 229.187031][ C1] stack_trace_save+0xa6/0xf0 [ 229.187047][ C1] ? stack_trace_snprint+0xf0/0xf0 [ 229.187065][ C1] ? mark_lock+0x94/0x320 [ 229.187080][ C1] ? verify_lock_unused+0x140/0x140 [ 229.187102][ C1] ? memset+0x1e/0x40 [ 229.187122][ C1] __kasan_slab_alloc+0x9c/0xd0 [ 229.187140][ C1] ? __kasan_slab_alloc+0x9c/0xd0 [ 229.187157][ C1] ? slab_post_alloc_hook+0x4c/0x380 [ 229.187174][ C1] ? kmem_cache_alloc+0x100/0x290 [ 229.187190][ C1] ? alloc_buffer_head+0x21/0x100 [ 229.187207][ C1] ? alloc_page_buffers+0x341/0x600 [ 229.187230][ C1] ? __getblk_gfp+0x4cc/0xb60 [ 229.187245][ C1] ? jread+0x344/0x970 [ 229.187261][ C1] ? do_one_pass+0x326/0x2e30 [ 229.187278][ C1] ? jbd2_journal_skip_recovery+0x4d/0x130 [ 229.187296][ C1] ? jbd2_journal_wipe+0x43a/0x5f0 [ 229.187316][ C1] ? ocfs2_journal_wipe+0xa0/0x280 [ 229.187335][ C1] ? ocfs2_mount_volume+0xae4/0x15a0 [ 229.187355][ C1] ? ocfs2_fill_super+0x2ee2/0x50f0 [ 229.187375][ C1] ? mount_bdev+0x287/0x3c0 [ 229.187393][ C1] ? legacy_get_tree+0xe6/0x180 [ 229.187411][ C1] ? vfs_get_tree+0x88/0x270 [ 229.187429][ C1] ? do_new_mount+0x24a/0xa40 [ 229.187446][ C1] ? __se_sys_mount+0x2e3/0x3d0 [ 229.187463][ C1] ? do_syscall_64+0x4c/0xa0 [ 229.187480][ C1] ? entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 229.187517][ C1] slab_post_alloc_hook+0x4c/0x380 [ 229.187536][ C1] ? alloc_buffer_head+0x21/0x100 [ 229.187553][ C1] kmem_cache_alloc+0x100/0x290 [ 229.187576][ C1] alloc_buffer_head+0x21/0x100 [ 229.187594][ C1] alloc_page_buffers+0x341/0x600 [ 229.187614][ C1] __getblk_gfp+0x4cc/0xb60 [ 229.187636][ C1] jread+0x344/0x970 [ 229.187658][ C1] ? jbd2_journal_skip_recovery+0x130/0x130 [ 229.187684][ C1] ? __down_trylock_console_sem+0x19f/0x1f0 [ 229.187702][ C1] ? vprintk_emit+0xa7/0x150 [ 229.187718][ C1] ? release_firmware_map_entry+0x190/0x190 [ 229.187736][ C1] ? vprintk_emit+0xa7/0x150 [ 229.187754][ C1] do_one_pass+0x326/0x2e30 [ 229.187772][ C1] ? preempt_schedule+0xbc/0xd0 [ 229.187793][ C1] ? preempt_schedule+0xbc/0xd0 [ 229.187814][ C1] ? __irq_work_queue_local+0x12c/0x190 [ 229.187838][ C1] ? __wake_up_klogd+0xd9/0x100 [ 229.187854][ C1] ? vprintk_emit+0xf9/0x150 [ 229.187870][ C1] ? jbd2_journal_recover+0x3f0/0x3f0 [ 229.187889][ C1] ? _printk+0xda/0x130 [ 229.187907][ C1] ? load_image+0x400/0x400 [ 229.187925][ C1] jbd2_journal_skip_recovery+0x4d/0x130 [ 229.187947][ C1] jbd2_journal_wipe+0x43a/0x5f0 [ 229.187970][ C1] ocfs2_journal_wipe+0xa0/0x280 [ 229.187988][ C1] ? ocfs2_commit_thread+0xb80/0xb80 [ 229.188005][ C1] ? _atomic_dec_and_lock+0x8f/0x110 [ 229.188023][ C1] ? iput+0x33d/0x8a0 [ 229.188046][ C1] ocfs2_mount_volume+0xae4/0x15a0 [ 229.188069][ C1] ? ocfs2_is_hard_readonly+0x60/0x60 [ 229.188090][ C1] ? lock_chain_count+0x20/0x20 [ 229.188113][ C1] ? seqcount_lockdep_reader_access+0x127/0x1d0 [ 229.188139][ C1] ? __debugfs_create_file+0x476/0x510 [ 229.188162][ C1] ? __lock_acquire+0x7d10/0x7d10 [ 229.188183][ C1] ? __lock_acquire+0x7d10/0x7d10 [ 229.188207][ C1] ? up_write+0x1bb/0x420 [ 229.188230][ C1] ? do_raw_spin_unlock+0x11d/0x230 [ 229.188250][ C1] ? __debugfs_create_file+0x476/0x510 [ 229.188272][ C1] ocfs2_fill_super+0x2ee2/0x50f0 [ 229.188298][ C1] ? ocfs2_mount+0x40/0x40 [ 229.188321][ C1] ? mark_lock+0x94/0x320 [ 229.188338][ C1] ? mark_lock+0x94/0x320 [ 229.188355][ C1] ? __lock_acquire+0x13bc/0x7d10 [ 229.188382][ C1] ? mark_lock+0x94/0x320 [ 229.188398][ C1] ? __lock_acquire+0x13bc/0x7d10 [ 229.188421][ C1] ? 0xffffffffa001a000 [ 229.188439][ C1] ? arch_stack_walk+0xf2/0x140 [ 229.188461][ C1] ? verify_lock_unused+0x140/0x140 [ 229.188480][ C1] ? mark_lock+0x94/0x320 [ 229.188497][ C1] ? __lock_acquire+0x13bc/0x7d10 [ 229.188524][ C1] ? alloc_super+0x201/0x950 [ 229.188541][ C1] ? reacquire_held_locks+0x308/0x5a0 [ 229.188558][ C1] ? alloc_super+0x201/0x950 [ 229.188575][ C1] ? string+0x26d/0x2b0 [ 229.188589][ C1] ? widen_string+0x3b/0x320 [ 229.188604][ C1] ? string+0x26d/0x2b0 [ 229.188619][ C1] ? bdev_name+0x28e/0x390 [ 229.188638][ C1] ? pointer+0x5bc/0xc90 [ 229.188655][ C1] ? string+0x2b0/0x2b0 [ 229.188671][ C1] ? format_decode+0x898/0x1300 [ 229.188702][ C1] ? snprintf+0xe5/0x140 [ 229.188720][ C1] ? vscnprintf+0x80/0x80 [ 229.188736][ C1] ? set_blocksize+0x1f3/0x370 [ 229.188755][ C1] ? sb_set_blocksize+0xa5/0xe0 [ 229.188772][ C1] mount_bdev+0x287/0x3c0 [ 229.188790][ C1] ? ocfs2_mount+0x40/0x40 [ 229.188810][ C1] legacy_get_tree+0xe6/0x180 [ 229.188828][ C1] ? trace_raw_output_ocfs2_buffer_cached_end+0xf0/0xf0 [ 229.188852][ C1] vfs_get_tree+0x88/0x270 [ 229.188871][ C1] do_new_mount+0x24a/0xa40 [ 229.188893][ C1] __se_sys_mount+0x2e3/0x3d0 [ 229.188913][ C1] ? __x64_sys_mount+0xc0/0xc0 [ 229.188933][ C1] ? lockdep_hardirqs_on+0x94/0x140 [ 229.188952][ C1] ? __x64_sys_mount+0x1c/0xc0 [ 229.188971][ C1] do_syscall_64+0x4c/0xa0 [ 229.188988][ C1] ? clear_bhb_loop+0x30/0x80 [ 229.189005][ C1] ? clear_bhb_loop+0x30/0x80 [ 229.189023][ C1] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 229.189041][ C1] RIP: 0033:0x7fd444c35a0a [ 229.189055][ C1] Code: 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 229.189070][ C1] RSP: 002b:00007fd442e8de58 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 229.189088][ C1] RAX: ffffffffffffffda RBX: 00007fd442e8dee0 RCX: 00007fd444c35a0a [ 229.189101][ C1] RDX: 0000200000004440 RSI: 0000200000000100 RDI: 00007fd442e8dea0 [ 229.189114][ C1] RBP: 0000200000004440 R08: 00007fd442e8dee0 R09: 00000000000008c0 [ 229.189127][ C1] R10: 00000000000008c0 R11: 0000000000000246 R12: 0000200000000100 [ 229.189139][ C1] R13: 00007fd442e8dea0 R14: 0000000000004435 R15: 00002000000002c0 [ 229.189159][ C1] [ 229.401877][ T27] Kernel panic - not syncing: hung_task: blocked tasks [ 229.403994][ C1] vkms_vblank_simulate: vblank timer overrun [ 229.409080][ T27] CPU: 0 PID: 27 Comm: khungtaskd Not tainted syzkaller #0 [ 229.790338][ T9018] ocfs2: Mounting device (7,7) on (node local, slot 0) with ordered data mode. [ 229.791423][ T27] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 229.791440][ T27] Call Trace: [ 229.791448][ T27] [ 229.791456][ T27] dump_stack_lvl+0x188/0x250 [ 229.987186][ T27] ? show_regs_print_info+0x20/0x20 [ 229.992527][ T27] ? load_image+0x400/0x400 [ 229.997086][ T27] panic+0x2e5/0x810 [ 230.001026][ T27] ? schedule_preempt_disabled+0x20/0x20 [ 230.006705][ T27] ? bpf_jit_dump+0xd0/0xd0 [ 230.011251][ T27] ? __irq_work_queue_local+0x12c/0x190 [ 230.016845][ T27] ? nmi_trigger_cpumask_backtrace+0x260/0x280 [ 230.023064][ T27] watchdog+0xe4e/0xe50 [ 230.027380][ T27] kthread+0x436/0x520 [ 230.031487][ T27] ? hungtask_pm_notify+0x40/0x40 [ 230.036639][ T27] ? kthread_blkcg+0xd0/0xd0 [ 230.041304][ T27] ret_from_fork+0x1f/0x30 [ 230.045791][ T27] [ 230.049137][ T27] Kernel Offset: disabled [ 230.053483][ T27] Rebooting in 86400 seconds..