last executing test programs: 11.220044539s ago: executing program 3 (id=1165): r0 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000000), 0x102, 0x0) read$FUSE(r0, &(0x7f0000000040)={0x2020}, 0x2084) writev(r0, &(0x7f00000024c0)=[{&(0x7f0000002080)='T01\n', 0x4}], 0x1) pwritev(r0, &(0x7f0000000080)=[{&(0x7f0000000140)="c3a519b22a135df8d0c25a65ef59baf14a2fc3eeb8ff407961514d4c0d7c21dd79c930b2531e8e4c993776ba152bd1", 0x2f}], 0x1, 0x0, 0x0) 10.764742752s ago: executing program 3 (id=1167): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6) syz_mount_image$f2fs(&(0x7f00000004c0), &(0x7f0000000040)='./bus\x00', 0x2008410, &(0x7f0000001f80)=ANY=[@ANYBLOB="66617374626f6f742c71756f7461000000000000003b814e50a959736d65720f73ecea54b5e5be45ace9a88f723cb005aeff24212c651baef614d442ae89412ad3dcd0b7586d02002a6d6d65cacd4fc5002207ce994dda65c4b1d23a9bd5ba0f4ce5c2b5a5718c6aa918080002223d2753a5cac974110144cd0a1e368652324a41b31e1eb3b32dccbdf8f68bd96a45a75427a5f789d267fd92f6a5540200b81d5b9fa9b40fe4d7fbd50a6afc3a989c6d60045663c59cbdc4c700000000bc7f6b22df0191acf5912afdcc1c061835177068c40f757dd123d2600b1c544f1525aa8d00000000000000000000002e8b5c733d362417c17f527c0bfebec112d57fc69fabb9b31ef97b2147931ff60cdf666c25244218b1f1a6010000000100000020563b835d0e8e9a09070ef1691fcb2f37bda5d4e3d9d7a2d0ac82b45a53001057f321acc45d5e065a461de90100000077d200000000000040b78f0dd3836f5ab2f6a1a5b798bb7752f192c6b48e568973a59cd9c74bd9a14721856c5499cd8f93f8beaa9cf76718ce7244c8426803000000005c000208886b313bd01a22d576e414011a4f0a897515329f86d4585fa0ea17068f8af349696da4a2b3e24310ca52ec51bc23b57897cb55a2d513e6a00765ee3f58b471c54dd57f0af584afe4a21f92b515d7f2fa6fbb273ca0f751e684584320534667aea39ad7222c8ef531f514939177a47395e94c1723abb3fd44fd64fde4b45cc2f55f4ae05ff48648a4c998257856bcdcf2fa02010000001f54fb936570450e91c8d55abad76a7b7a000016f81ec9da9ccc1191c211632266d907e4d9b23496ae19bac24dc23c43f514f1b4af19988bbe61ee29a368a999435d6872d01b79c7821e875859dfbf3c57e4f1fb0be46cb5f7a0fa13516c0926d19dd2d5862085e1e4cb8279be17cba17ee4d06ad97b4ca282e73ea142b01b4a742fa11c0927ba811dd60903d575db449d775021b542db617086b3ed42e6e60fe043cff79b0c067c584bbf82657974c3736912b4b522052b9467d0da116ccc1652d861a420f09aaf67d3e9f6160100000001000000ae6335ad9896abd3cc00413638cb9bc62ab8054325d72e9144cf4f88702f586507e3147198e0bc4060a7c8f4dce73b653177ecf8228e6e6fae02510000000000000000000000000000f43739fdd2d24e50e0233acfe1c8639070fe00f40b0d01f8a0a35fcfe3ea10faf9c24b8488ed4ed83fb06a9a7c57442ede9e1fc2853b8f4d2241cff61d0125b7750e3fdae6a4ab9c776a191ed8098a780ea2bbaa64978cd3a6458fcc6b949bcbca0dceb7361f66e46731eba4f3aed335e7c8c541e82453218a19d39489e1525466ac93759787e767f601931d94c9c426489b741a6bc8abf475e4bf859e1ce7f7227069e9f51e25fa3d1b18dc565180a1af464a1dd697db85e2b27b90f6bd7cf1b6bc0bcd8ba552ced3d3cfbf9c9bc04f65b6f83cb40173b4bdc393d47e5da95b63a40ac18daf11e8d0706b47795fbe2b56d0ea7ffc5a59ede88621a08b25ca6ebe041317b62373a60951af33eb7954a9731aaa125add0913ed2435a207439e9122512d77096747a4b404459cebc8faff8f7a31758e630c75a1ff90402754d339dc21cf6b8e04e1aedf14df0b4aaf0e03194df3eb41ba066bc343b323a3162d7e7ba687633c2faa8f28b42364b72e3a457476fd6b2a54e670ba798172c44c4390f73fdab743a4cac88b2bd0545b8483f2e2f9846b138a4d8a7332978da70e9050417087c5ae034a735e8b448dd9701404", @ANYRESDEC], 0x1, 0x553b, &(0x7f000000ac00)="$eJzs3EtvG1UUAOA7TtPSJxFiwa4jVUiJVFt12lSwC9CKh0gV8ViwAsd2LLe2J4odJ2SFBEvEgn+CQGLFkt/AgjU7xALEDgnkuWNKKI9WduKk/T5pfGbujM+cO7ISnRnLAXhiLaS//pyES+FsCGEuhHAhCfl6Uiy51RieCyFcDiGU/rIkxfifA6dDCOdCCJdGyWPOpNj1+dXhlZWf3vjlm+/OnDr/xdffz27WwKw9H0LobsX13W6MWSvGu8V4bdjOY/fGsIhxR/desZ3FuNvcyDPs1sbH1fJ4vRWPz7Z2+qO42anVR7HV3szHt3rxhP1ha5wnf8Pd2na+3Whu5LHdz/LY2o917e3Hv237/UHM0yjyfZinD4PBOMbx5l4zzmfrXh7rvUExHvNmjebeKA6LWJwu1LNOI69jY5Irfby92e7t7KXD5na/nfXSlUr1hUr1Zrm6nTWag+aNcq3buHkjXWx1RoeVB81ad7WVZa1Os1LPukvpYqteL1er6eKt5ka71kur1cr1yrXyylKxdjV99c67aaeRLo7iy+3ezul2p59uZttpfMdSuly5/uJSeqWavr22nq6/dfv22vo77996785La6+/Uhz0QFnp4vK15eVy9Vp5ubp0DOY/+r/7kPMfTDL/T4qiH2H+yWSXB/6bDxjAI3ug/w/6f+DwnfT+P0yz/x+1VPr//+9/S5P3/xP1v8e1/z/B84eJ6P8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJ5YP8x/+Vq+shC3zxfjF4uhZ4rtJIRQCiH8/g/mwukDOeeKPPP/cvz832r4Ngl5htE5zhTLuRDCarH89vRhXwUAAAB4fH310eXPYrceXxZmXRBHKd60KV34YEr5khDC/MKPU8pWGr08O6Vk+ef7VNibUrb8BtZTU0oWb7mdmla2hzI3Dh9fvD+YTyiJoXSk5QAAAEdi7kA42i4EAACAo/TprAtgNpIwfpQ5fhacf/P+/qPNswf2AQAAACdQMusCAAAAgEOX9/9+/w8AAAAeb/H3/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4g537uU0ciOIA/GwwsP+0aLX3bWVvUEZKyDHHQAFpghJIC2mAGsgtJUQQYY+QHIEUiXGsoO+TPM7Y0W9mgMsbSwYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6NJztZ4/3v97uDRnt79MntUAAAAAp2yr9bz+Y9r0f6Trv9KlP6lfREQZEadq90GMWpmDlFOd+f/q3RyeIuqEwxjjdHyPiP/peP3d9acAAAAA12uzXM2aar1ppn1PiM/UbNqUP28y5RURUU1fMqWVh+ZvprD69z2Mu0xp9QbWJFNYs+U2PH1vlGuQtkHrlFYyWdRfYt0ruxkXAADoU7sSOFOFAAAAcAVu+54A/SiOzfE547g5pQeC31o9AAAA4Asq+p4AAAAA0Lm6/vf+PwAAALhuzfv/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6NK2Ws83y9Xs3P3FB3N2+8vkWxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwBv7844CIRAGYbB3fWcy9z+sNGhobFIFwsffGAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAm9/95f/E1DiTzL02lp5HkrVTY+vU2Ds3jv4wvn4NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXOzPSwqEQBBEwZzxv5O+/2ElQc8gQgQ0PKqoRQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBFv/vl/8TUOJPMnTaWjkeStavG1lVj70Hj6MF4+zcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXOzcP28cRRQA8Hd7t5c/gDAGuTCgIFFAQ+xLSEgJBcii4CMgWc45GC4EEhckskBuoEKu0yAoEUICmS7fIXUspQldChdGogbt3u5lkxhyiszuEv9+0uy8Pa9m3uydLD/P2gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAafedeCkp4m52mBnH5Wu39jZWsn7ngT5zY+v2fNayuPOoib55++CTb7eXqycn5ionX9WfDAAAAIdDt6zvI+JOur2U9clMXv+n5TVZzf/9M+O4rOcfrPt39jaOFl+aL+v/3369+8JkopnxPNmgq2uj4eLDqfT+oyW23rOPvKKX3/n8dy/d/A1J3t98fjfN72fn25s33+3n4ZE6sgUAHsfJsi+C8uehrB80mRgAh0avUniX9X93ptmcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOqwuxlPlXEnIuZ79+LMzt7Gyn79ja3b82U7e/36VnXMbIg0IlbXRsO0xrW03ZWr1z5ZHo2Gl+sPTkREc7MXwYdTXBPx79cUH89obhX/HHTakUajQVK8P23J5yCD8rN38CM39A0JAIAnVlq0rK6/k24vZa91ZiP++uH++v+1ShxT1v93Pzp7qzpXtf4f1LbC9ltYv/jZwpWr195Yu7h8YXhh+OmbpwZvDU6fO3Pm3EJ2rxYXViMZLjadJgAAAP9j/aJV6/9k9uH9/+OVOKas/z//bvBlda6u+n9f9zb9ms4EAADgMOpPoude+fOPzj5XdPr9+GJ5ff3yYHycnJ8aH2tN9zEdKVq1/u/ONp0VAAAAUIfdzc59+//nK3FMuf//9I8v/lwdsxsRxyIuRcTw5Mql0fn6ltNqdfyhcj5Rv+mVAgAA0JRjRavu/6f58//J5JGHJCJef3Ucl//rapr6v/ve1z9V56o+/3+6viW2UjI3vh95PxfRm2s6IwAAAJ5kR4uWFfu/p9tLH/9y/IO+5/8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6vZ3AAAA//+pzDYD") r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x183341, 0x0) ioctl$F2FS_IOC_SET_PIN_FILE(r0, 0x4004f50d, &(0x7f0000000180)=0xfffffff9) sched_setscheduler(0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bind$unix(0xffffffffffffffff, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, 0x0, 0x298) r2 = memfd_create(0x0, 0x0) fallocate(r2, 0x0, 0x0, 0x0) r3 = openat$dir(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x20242, 0x0) ioctl$FS_IOC_RESVSP(r3, 0x40305828, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x8001}) r4 = syz_io_uring_setup(0x70e4, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x80000}) write$UHID_CREATE2(r7, &(0x7f00000001c0)=ANY=[@ANYBLOB='+'], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r7, 0x0) syz_io_uring_submit(r5, r6, &(0x7f0000000000)=@IORING_OP_RECV=@use_registered_buffer) io_uring_enter(r4, 0x2d3e, 0x0, 0x0, 0x0, 0x0) r8 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r8, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c) r9 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r9, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000640)={0x50, 0x2, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0xffffffff}]}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}, @IPSET_ATTR_REVISION={0x5}]}, 0x50}}, 0x0) bind$inet6(r8, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r8, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) 6.473399212s ago: executing program 4 (id=1177): r0 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000000), 0x102, 0x0) read$FUSE(r0, &(0x7f0000000040)={0x2020}, 0x2084) writev(r0, &(0x7f00000024c0)=[{&(0x7f0000002080)='T01\n', 0x4}], 0x1) pwritev(r0, &(0x7f0000000080)=[{&(0x7f0000000140)="c3a519b22a135df8d0c25a65ef59baf14a2fc3eeb8ff407961514d4c0d7c21dd79c930b2531e8e4c993776ba152bd1", 0x2f}], 0x1, 0x0, 0x0) 6.46482648s ago: executing program 3 (id=1178): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r3, &(0x7f00000002c0)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) sendmsg$inet(r3, &(0x7f0000003300)={&(0x7f00000000c0)={0x2, 0x4e23, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000200)=[{&(0x7f0000000300)="dba1f6d63215f4cd2de3ea822468cbad6468519f3ae11932c16d1b1d53eef8c2f39fb239a209da1afde2bc2aeeed68b750ece14291e0c7ff5d0fd554031e92862125138c6194f9952350483bfa737d2579c64f8a562c0659e3b4959c2113cae76d39f49a619fd0ea2051fbb64021e448f0c7a9b4871dfa9ddb23ddec05eb6e8575ec15206da0365d682ad2f8d22afc8a6bf81f26e59c2d6e6be16c6d250eabd0116eba1ef31105177a9383fcd2049f7d10adc69ac223b3f759f9e7e2d57f870fffd7369de0ac7f5109fe7eb4b2c038e4fb8fd447d28f2bbce1e65ae49a64b7167d8d657361616e301414dcf5529e2f7e166667eb584f0c7ae4017aecbbdce8dcb3b281b0f358971ecea54aeb7f59d1df20ef92ba7adeba35631e12b910bc34c70beb6aa8fe4223be2f35d563ada7a73afa406f125ad863de746cf87e6f387c6a7550081c96f92086eae5ada7513d1757996a26349d400c5be67c48186d1a497fcd4ad19f4d222f20e738dbc66962e1eb070e62a19b2dfb8ce6a801c405d9e19f79f9c45d07487bc09757072fd44412a6afcbfce71908f6ea995676587b79706005fb0796a7fce46a174d26a83215681c4900b07a9cd4a3b391bf6303ec6967ad5389dcb01c0e5f705140f0075d9ee0f06dcfdfd63a46e055650e7d246adc235b2fbd774c3fa3f789674401c17b18765b8ea616021f87fcccc297776bf5e55f18a710c0639077b980ab87220ab57205c115e3b14f0d6f5b82e596249fc6d3e2d68a8727231a1a012afde839cb9e52d72aa7386df3208a92795eeeda235b7d57ac207186c646f957bdce39527873347f76fefd1ce7718eb02d28db411b9bd591f2f98f41594a910e393ed1fe6c8138c7aee81ee90c806655f08d03562fb46125d48ab94805ab7547f96fa3d2efb16d90318c5a3b553ecf48d9d06dac0b4d67cb33ccc3575d7c139d193ae29271ccf89eea2654855ec3ad55c71eacea48bcfdfcd5563d9a121a6dbfc4048c75a425d1b25875fc3d64cd16ab3b932e2cf6f2cb2456dd83ef4d7771a3487f37074f4f67678e534ee45de86d11636bd4b126d026e987c949c40a13259e765f4694497094636fc56eab8287446f12799269f7893c8205984c8191fb8cc06480634bd75fffb8de665fcff9b246d7e31157cdd32f556854b80dacce558fbba78e3ae32dc18bfc6d12885dde1552743bbe48250d545b11322980ae0f4009ad7ed273c7c1746cb5b2e28b4abb3705c77257518b0f28b5ffd39a52c7e84ea3258425636604d75b9c1f15f9cca3dd0e54bc65682142282ed805829577d14f5e5533bf7d15fd4865bf649ef3f8f49e896e849682faff8b16786b34f8f4d380f2ce3d00fa7253aa9de803e4b8df363f16f9a66c05517a7d06702b52395a45ad49d643939b5e013a0572d422d96b09556d5b3d9ff69082c9bfc76d895ae58c59cdd729b0917ce43b384332877ac460deb7d82f35c34a81b3d842b6f9a21ec790e7b4c0526a9ac6956a2defd57723bbd8dbe12672fe88b6b4835ae79cddab0f9daad03f27121948eca6b1f7fbce0fcc55515b7e3e05a5d91321a3a47ed3ecee55cfd21fc2e053da805a1c2716dacfbc7f9b8b9215f7138e945742403a09ae65d6392fc45a911c2962ffdfa70c0746e873e11d83730087c2812e07bc909bc0139d35cb22f5b8e19477a7a4d7039e7ce960ff8c7e0f0098b0d2da58b8f4df4d4386acc2ac5595ee7b3753c4608a1e04743ad5e35c40562927b5cf7272bd2dbd8aac860f69493ff502e80d38fd868d8e9815f523a6b03fa7ab6905393e987937e81cf287961f31685c7b67aaeec10fb8a839af94f5d59bd939e1380e9a70228cdece9e7bddbcab676f526630b8b33706ecde3c2248ef7f608d91bac00a73c5c59a2d7b24615d7a4ed71e1b11ad36803a947caf0d3c13d939e96ed62d7b40bfd823f1f4c8bbc4d34f166e7791691229567332c5e14cb22cd7dd160360b473976cca4940000bf561ce738d4c35a89f090361acad1c411c27654c7fca5397b4b9d59b782e88abbe", 0x5a9}], 0x1}, 0x0) r4 = memfd_create(&(0x7f0000000100)='\xfb\"a&\x8fe\x11\x8c\xd64\xf9xp#\x00\x00\x00\x12\x1a\'<\xf5\xbeV\x12\xaal\xfa\xf0o\xd8\xb1,\xbd>M\xe3\x98?\xd9\x96\xab\xc7\x06\xfd\x9b\xab\xc8\x1e\x89]\x13bZ\x8d /#k\x95\x9eLV(\x8a\x0e\x93\x93Vc]mP\xbativ\xce\xa4K\xfb\xf2\xe0\xbf\x9d\xa1\xa2\xcd\xb39\xb4\x17a9\x1c\x82\x1aLT\xd0\xb9\x1a\xafB\x95\xb4\xcf\x91X\x8c\x87\xc2\xa1\x1b\xfe\xe7\xff\x7f\x06\xbf~\b\xe0\xf0\xdf\xfd\x00\x00\x00\x00\x00\x00q\xcc%\x98\xb0Yb\xec\xb7\xb5m(9\xde\xd3\xec\xc5\xdf\xa3\xe8\xa4\xe9\x19\\~\x04\xba3R\xfa\xefB\xd4\xee\xb5\xee\xe0\xaa\xdd\x00\xb1jOB\xdas\xe3\xb47\xbd\xfcH\xab}%)\xb9\xbf{N\x94^\xec\xdf\xbcW\xe0I\x0e\xa4\x1e}\x06\vK\xed\x11\x880\x0e\x9c\xaeVU\x88\xb0\x842kgA]\xc3F$F\xab\xf2b[\n\xa2\xfd\xd7>\x17\xe7\x1d{N\x9e/P\xf1\x00\x00\x00;c\xf9\x1d\xf8\x15\xa9\xeb\'3\x1a\x06\xde\x91aNI\x84\xa7\x95\t7\xf9I\x81k&\xbe[\xd9\xab\xe8.\x15F\xf9\xb34\x87Iu\v\xd9\x84n\xd6\n\xd4\xab]ks-\vS\xdf\x91)\x89I\x1d\xfa\\\x93\xf8jT\xfd\xd5\x05\xa7\x94bEC\xdc\xc8\x1c\xfb\xedv~\xaex\x8b0\' \xb6\xdb\xa2\x18\t\xb1\x80\xe6\xbc\x15\x17\x18\xb8\xf3p0\xdf\xc9\x1a\x19\x8e\xff\f*m\x9b\f\xfeH\xfa\xb4%b\xe0\xd3\xa5m\r\xe6k\xd3\xee<\xd32)ta\xb3A\xbacd?[\x17\x9f\xd9\xc4\xca\x1c\x1b\x96\xe0\x89\vM\xb2D\xe5\x14\xf3\x95\x94w\x11\x05A\x9e\xa2r\f\xb7\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00p1\x10Z\xcaD\xb1\x85(\xfc\a\x83\xe1\xe1\xccT\xed\x06\x183\x1bV6\x02\x17`(9-\xa4\xd7d8\xbe\xd1MP\x1e\xb3>+\xac', 0x1) fallocate(r4, 0x0, 0x0, 0x9) ioctl$VIDIOC_S_TUNER(0xffffffffffffffff, 0x4054561e, 0x0) finit_module(r4, 0x0, 0x0) 6.251849403s ago: executing program 4 (id=1182): syz_mount_image$bfs(&(0x7f0000000140), &(0x7f0000000100)='./bus\x00', 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="00f0ea3e7305b16f28aa4d590119da50c0b3bfa2f3d59c8f93ec3622a63a5160966d7498cff9cb4b2dc5c94d8cdaeb826f708fa6b28ce41a7fcf2e6526727c88631c3689733d9244c15a64ce61e7ed53b4b856afea94096c1d651b3e51b74aa3aa007bbfad8414c5fc1a223cc3e9dce0226ea5fc03fe6a5b07000000874c595090"], 0x1, 0xa7, &(0x7f0000000c00)="$eJzszsGJwkAYBeCXsLALC9kC9rAdpIctRTyJ3jwpgo3Ygq1Ygh148OolEqIg5KQBRfg+mBneDI/5d6ftb6qkWSdN63K05ovldDTr9vQU/SveTplJPpN8Jfmr2pwc/ru3Il3eH1fj60ry8eqZAQCAx5Spk2xuc31P+3vQ783PoDoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAE5wDAAD//yRDI3k=") creat(&(0x7f0000000140)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x0) 5.964306551s ago: executing program 4 (id=1187): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan0\x00', 0x0}) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)={0x38, r2, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_TX_RATES={0x1c, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x18, 0x1, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x2, {[0x0, 0x0, 0x0, 0x0, 0xb8a]}}]}]}]}, 0x38}}, 0x0) 5.626862338s ago: executing program 4 (id=1189): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6) syz_mount_image$f2fs(&(0x7f00000004c0), &(0x7f0000000040)='./bus\x00', 0x2008410, &(0x7f0000001f80)=ANY=[@ANYBLOB="66617374626f6f742c71756f7461000000000000003b814e50a959736d65720f73ecea54b5e5be45ace9a88f723cb005aeff24212c651baef614d442ae89412ad3dcd0b7586d02002a6d6d65cacd4fc5002207ce994dda65c4b1d23a9bd5ba0f4ce5c2b5a5718c6aa918080002223d2753a5cac974110144cd0a1e368652324a41b31e1eb3b32dccbdf8f68bd96a45a75427a5f789d267fd92f6a5540200b81d5b9fa9b40fe4d7fbd50a6afc3a989c6d60045663c59cbdc4c700000000bc7f6b22df0191acf5912afdcc1c061835177068c40f757dd123d2600b1c544f1525aa8d00000000000000000000002e8b5c733d362417c17f527c0bfebec112d57fc69fabb9b31ef97b2147931ff60cdf666c25244218b1f1a6010000000100000020563b835d0e8e9a09070ef1691fcb2f37bda5d4e3d9d7a2d0ac82b45a53001057f321acc45d5e065a461de90100000077d200000000000040b78f0dd3836f5ab2f6a1a5b798bb7752f192c6b48e568973a59cd9c74bd9a14721856c5499cd8f93f8beaa9cf76718ce7244c8426803000000005c000208886b313bd01a22d576e414011a4f0a897515329f86d4585fa0ea17068f8af349696da4a2b3e24310ca52ec51bc23b57897cb55a2d513e6a00765ee3f58b471c54dd57f0af584afe4a21f92b515d7f2fa6fbb273ca0f751e684584320534667aea39ad7222c8ef531f514939177a47395e94c1723abb3fd44fd64fde4b45cc2f55f4ae05ff48648a4c998257856bcdcf2fa02010000001f54fb936570450e91c8d55abad76a7b7a000016f81ec9da9ccc1191c211632266d907e4d9b23496ae19bac24dc23c43f514f1b4af19988bbe61ee29a368a999435d6872d01b79c7821e875859dfbf3c57e4f1fb0be46cb5f7a0fa13516c0926d19dd2d5862085e1e4cb8279be17cba17ee4d06ad97b4ca282e73ea142b01b4a742fa11c0927ba811dd60903d575db449d775021b542db617086b3ed42e6e60fe043cff79b0c067c584bbf82657974c3736912b4b522052b9467d0da116ccc1652d861a420f09aaf67d3e9f6160100000001000000ae6335ad9896abd3cc00413638cb9bc62ab8054325d72e9144cf4f88702f586507e3147198e0bc4060a7c8f4dce73b653177ecf8228e6e6fae02510000000000000000000000000000f43739fdd2d24e50e0233acfe1c8639070fe00f40b0d01f8a0a35fcfe3ea10faf9c24b8488ed4ed83fb06a9a7c57442ede9e1fc2853b8f4d2241cff61d0125b7750e3fdae6a4ab9c776a191ed8098a780ea2bbaa64978cd3a6458fcc6b949bcbca0dceb7361f66e46731eba4f3aed335e7c8c541e82453218a19d39489e1525466ac93759787e767f601931d94c9c426489b741a6bc8abf475e4bf859e1ce7f7227069e9f51e25fa3d1b18dc565180a1af464a1dd697db85e2b27b90f6bd7cf1b6bc0bcd8ba552ced3d3cfbf9c9bc04f65b6f83cb40173b4bdc393d47e5da95b63a40ac18daf11e8d0706b47795fbe2b56d0ea7ffc5a59ede88621a08b25ca6ebe041317b62373a60951af33eb7954a9731aaa125add0913ed2435a207439e9122512d77096747a4b404459cebc8faff8f7a31758e630c75a1ff90402754d339dc21cf6b8e04e1aedf14df0b4aaf0e03194df3eb41ba066bc343b323a3162d7e7ba687633c2faa8f28b42364b72e3a457476fd6b2a54e670ba798172c44c4390f73fdab743a4cac88b2bd0545b8483f2e2f9846b138a4d8a7332978da70e9050417087c5ae034a735e8b448dd9701404", @ANYRESDEC], 0x1, 0x553b, &(0x7f000000ac00)="$eJzs3EtvG1UUAOA7TtPSJxFiwa4jVUiJVFt12lSwC9CKh0gV8ViwAsd2LLe2J4odJ2SFBEvEgn+CQGLFkt/AgjU7xALEDgnkuWNKKI9WduKk/T5pfGbujM+cO7ISnRnLAXhiLaS//pyES+FsCGEuhHAhCfl6Uiy51RieCyFcDiGU/rIkxfifA6dDCOdCCJdGyWPOpNj1+dXhlZWf3vjlm+/OnDr/xdffz27WwKw9H0LobsX13W6MWSvGu8V4bdjOY/fGsIhxR/desZ3FuNvcyDPs1sbH1fJ4vRWPz7Z2+qO42anVR7HV3szHt3rxhP1ha5wnf8Pd2na+3Whu5LHdz/LY2o917e3Hv237/UHM0yjyfZinD4PBOMbx5l4zzmfrXh7rvUExHvNmjebeKA6LWJwu1LNOI69jY5Irfby92e7t7KXD5na/nfXSlUr1hUr1Zrm6nTWag+aNcq3buHkjXWx1RoeVB81ad7WVZa1Os1LPukvpYqteL1er6eKt5ka71kur1cr1yrXyylKxdjV99c67aaeRLo7iy+3ezul2p59uZttpfMdSuly5/uJSeqWavr22nq6/dfv22vo77996785La6+/Uhz0QFnp4vK15eVy9Vp5ubp0DOY/+r/7kPMfTDL/T4qiH2H+yWSXB/6bDxjAI3ug/w/6f+DwnfT+P0yz/x+1VPr//+9/S5P3/xP1v8e1/z/B84eJ6P8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJ5YP8x/+Vq+shC3zxfjF4uhZ4rtJIRQCiH8/g/mwukDOeeKPPP/cvz832r4Ngl5htE5zhTLuRDCarH89vRhXwUAAAB4fH310eXPYrceXxZmXRBHKd60KV34YEr5khDC/MKPU8pWGr08O6Vk+ef7VNibUrb8BtZTU0oWb7mdmla2hzI3Dh9fvD+YTyiJoXSk5QAAAEdi7kA42i4EAACAo/TprAtgNpIwfpQ5fhacf/P+/qPNswf2AQAAACdQMusCAAAAgEOX9/9+/w8AAAAeb/H3/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4g537uU0ciOIA/GwwsP+0aLX3bWVvUEZKyDHHQAFpghJIC2mAGsgtJUQQYY+QHIEUiXGsoO+TPM7Y0W9mgMsbSwYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6NJztZ4/3v97uDRnt79MntUAAAAAp2yr9bz+Y9r0f6Trv9KlP6lfREQZEadq90GMWpmDlFOd+f/q3RyeIuqEwxjjdHyPiP/peP3d9acAAAAA12uzXM2aar1ppn1PiM/UbNqUP28y5RURUU1fMqWVh+ZvprD69z2Mu0xp9QbWJFNYs+U2PH1vlGuQtkHrlFYyWdRfYt0ruxkXAADoU7sSOFOFAAAAcAVu+54A/SiOzfE547g5pQeC31o9AAAA4Asq+p4AAAAA0Lm6/vf+PwAAALhuzfv/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6NK2Ws83y9Xs3P3FB3N2+8vkWxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwBv7844CIRAGYbB3fWcy9z+sNGhobFIFwsffGAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAm9/95f/E1DiTzL02lp5HkrVTY+vU2Ds3jv4wvn4NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXOzPSwqEQBBEwZzxv5O+/2ElQc8gQgQ0PKqoRQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBFv/vl/8TUOJPMnTaWjkeStavG1lVj70Hj6MF4+zcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXOzcP28cRRQA8Hd7t5c/gDAGuTCgIFFAQ+xLSEgJBcii4CMgWc45GC4EEhckskBuoEKu0yAoEUICmS7fIXUspQldChdGogbt3u5lkxhyiszuEv9+0uy8Pa9m3uydLD/P2gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAafedeCkp4m52mBnH5Wu39jZWsn7ngT5zY+v2fNayuPOoib55++CTb7eXqycn5ionX9WfDAAAAIdDt6zvI+JOur2U9clMXv+n5TVZzf/9M+O4rOcfrPt39jaOFl+aL+v/3369+8JkopnxPNmgq2uj4eLDqfT+oyW23rOPvKKX3/n8dy/d/A1J3t98fjfN72fn25s33+3n4ZE6sgUAHsfJsi+C8uehrB80mRgAh0avUniX9X93ptmcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOqwuxlPlXEnIuZ79+LMzt7Gyn79ja3b82U7e/36VnXMbIg0IlbXRsO0xrW03ZWr1z5ZHo2Gl+sPTkREc7MXwYdTXBPx79cUH89obhX/HHTakUajQVK8P23J5yCD8rN38CM39A0JAIAnVlq0rK6/k24vZa91ZiP++uH++v+1ShxT1v93Pzp7qzpXtf4f1LbC9ltYv/jZwpWr195Yu7h8YXhh+OmbpwZvDU6fO3Pm3EJ2rxYXViMZLjadJgAAAP9j/aJV6/9k9uH9/+OVOKas/z//bvBlda6u+n9f9zb9ms4EAADgMOpPoude+fOPzj5XdPr9+GJ5ff3yYHycnJ8aH2tN9zEdKVq1/u/ONp0VAAAAUIfdzc59+//nK3FMuf//9I8v/lwdsxsRxyIuRcTw5Mql0fn6ltNqdfyhcj5Rv+mVAgAA0JRjRavu/6f58//J5JGHJCJef3Ucl//rapr6v/ve1z9V56o+/3+6viW2UjI3vh95PxfRm2s6IwAAAJ5kR4uWFfu/p9tLH/9y/IO+5/8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6vZ3AAAA//+pzDYD") r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x183341, 0x0) ioctl$F2FS_IOC_SET_PIN_FILE(r0, 0x4004f50d, &(0x7f0000000180)=0xfffffff9) sched_setscheduler(0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bind$unix(0xffffffffffffffff, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, 0x0, 0x298) r2 = memfd_create(0x0, 0x0) fallocate(r2, 0x0, 0x0, 0x0) r3 = openat$dir(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x20242, 0x0) ioctl$FS_IOC_RESVSP(r3, 0x40305828, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x8001}) r4 = syz_io_uring_setup(0x70e4, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x80000}) write$UHID_CREATE2(r7, &(0x7f00000001c0)=ANY=[@ANYBLOB='+'], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r7, 0x0) syz_io_uring_submit(r5, r6, &(0x7f0000000000)=@IORING_OP_RECV=@use_registered_buffer) io_uring_enter(r4, 0x2d3e, 0x0, 0x0, 0x0, 0x0) r8 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r8, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c) r9 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r9, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000640)={0x50, 0x2, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0xffffffff}]}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}, @IPSET_ATTR_REVISION={0x5}]}, 0x50}}, 0x0) bind$inet6(r8, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r8, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) 4.55028827s ago: executing program 0 (id=1192): r0 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000000), 0x102, 0x0) read$FUSE(r0, &(0x7f0000000040)={0x2020}, 0x2084) writev(r0, &(0x7f00000024c0)=[{&(0x7f0000002080)='T01\n', 0x4}], 0x1) pwritev(r0, &(0x7f0000000080)=[{&(0x7f0000000140)="c3a519b22a135df8d0c25a65ef59baf14a2fc3eeb8ff407961514d4c0d7c21dd79c930b2531e8e4c993776ba152bd1", 0x2f}], 0x1, 0x0, 0x0) 4.427323673s ago: executing program 1 (id=1193): r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000c80), 0x0, 0x0) ioctl$RTC_SET_TIME(r0, 0x40187013, &(0x7f0000000000)={0x0, 0x37}) 4.325832592s ago: executing program 0 (id=1194): r0 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) readv(r0, &(0x7f00000005c0)=[{&(0x7f00000003c0)=""/3, 0x3}], 0x1) 4.246993381s ago: executing program 1 (id=1195): r0 = syz_open_dev$dri(&(0x7f0000000040), 0x0, 0x0) ioctl$DRM_IOCTL_GEM_FLINK(r0, 0xc00864e2, 0x0) 4.192852183s ago: executing program 0 (id=1196): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000700)=ANY=[@ANYRES32=0x0, @ANYBLOB="6502330080800000080211000000ffffffffffff90e488f9971a00000000000000000000000000000000000003010004060000000000002a9d007206030303030303760600000000060bdd73eb13a8b3df323b58645505746aa35226d44912415c3d4ac256aa5c2291a3317d27815fda589135d0308f4ff131b3c4a96dde0f9c497c9bbde281223c0596f01156deb1f851f7602fb2299c382c07898a4d7dddbc046ef6a9b938b13f76ccceb4d339a7d92a6a7f45bd90df8b5bd53f1eec1a24ddc34f2a899e94bcf0613609929460dda7b3421f2af277170aab1eef1bc7a6bad283ec72e75c78d8f4f30f5e2ee79daf8ece54852b5b93eabb5832b001d39227230802e601a7f9749d370367565ddb88a137c4572cce24103d4337027917c48d29a1860dad1f99fe412ea5a512f63ec34a05279e6dc25839f828e60b01f9b6a65bf411101d89dc154716566458aa4111340a6d895801f8d51908b9bdd47762550f4ee51c8a3f64cfe2f8b701e79d393a957fa4e3e620099b226f683280ec0f5d85dd655dad8ac12f96664d51c30bd3379c2d305630cd93fec0b4249d429b451f52399f26b866650e0e9464949a974045190fa9251c8b6aacda7ecc351ee9cb5512364284512cf7643040ee1f52573ed7bb7527b9a86fc2f33bffce71947a0f29cfb9ac7bd9e7642cdd7883534cd40fda26eabadf3814f88fa9c5d39124ac6ffcf2583cbdd58fa0969b3e6783c46ed2318e977c080347f36fa8d773079f6224521c4c8b10e4a9454bece9457b66b239a7eaff140a8d9131349399c804bb1a81f829c6ab11af5cfe8df9"], 0x290}}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000340)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000680)=ANY=[@ANYBLOB="98030000", @ANYRES16=r1, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r3, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff"], 0x398}}, 0x0) 3.780954309s ago: executing program 1 (id=1197): syz_mount_image$fuse(0x0, &(0x7f00000029c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$nfs(0x0, &(0x7f0000000540)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000040)={[{'\x01\x00\x00\x00\x02\x00\x00\x00ef'}], [{@obj_type={'obj_type', 0x3d, 'audit'}}, {@subj_user={'subj_user', 0x3d, '\b\xff\x00\x00\x00'}}]}) 3.129461653s ago: executing program 3 (id=1198): r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000380)={0x300, 0x0, 0x0, 0x0, 0x0, 0x0}) 3.049826957s ago: executing program 2 (id=1199): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)=@ipv4_getnexthop={0x18, 0x6a, 0x1, 0x0, 0x0, {0x2, 0x0, 0x0, 0x5}}, 0x18}}, 0x0) 3.046975507s ago: executing program 1 (id=1200): r0 = socket$netlink(0x10, 0x3, 0x0) writev(r0, &(0x7f0000000140)=[{&(0x7f00000000c0)="39000000130003470fbb65e1c3e4ffff060060001f0000005600000025000000190002000400000007fd17e5ff8e0606040020000000000000", 0x39}], 0x1) 2.947485698s ago: executing program 0 (id=1201): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @empty}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f00000000c0)=0x3, 0x4) sendto(r0, &(0x7f00000002c0)='%', 0x300000, 0x0, 0x0, 0x0) r1 = socket$inet6(0x10, 0x2, 0x4) sendto$inet6(r1, &(0x7f0000000080)="4c00000012001f15b9409b849ac00a00a5784002000000000000030038c88cc055c5ac27a6c5b068d0bf46d323452536005ad94a461cdbfee9bdb942352359a351d1ec0cffc8792cd8000080", 0x4c, 0x0, 0x0, 0x0) 2.936748939s ago: executing program 1 (id=1202): socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r0, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0xd68210}], 0x1, 0x0, 0x1f00000000000000, 0x200000}, 0x1f00) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0) r3 = socket(0x0, 0x0, 0x0) getsockopt(r3, 0x200000000114, 0x2711, 0x0, 0x0) syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000080)='./file0\x00', 0x800, &(0x7f0000001980)=ANY=[@ANYBLOB="696f636861727365743d6d61636963656c616e642c646973636172642c696f636861727365743d69736f383835392d342c646d61736b3d30303030303030303030303030303030303030303031312c646973636172642c6572726f72733d72656d6f756e742d726f2c6572726f72733d72656d6f756e742d726f2c646d61736b3d30303030303030303030303030303030303030303030352c696f636861727365743d63703836302c6572726f72733d636f6e74696e75652c00401b3ed5707e114e487d8a07ac5bf76c35e1ec263fd239572442aeebf5f0885cac9e374bd219562c4cdeda0e24ce11eca191559cabf479c5ab2264639e972d6ac2080a7132a1c1dc10a33c900944ad0198fe12202479fe30823ef0664ce2"], 0x5, 0x1516, &(0x7f0000002280)="$eJzs3AuYTlX7MPD7XmvtMSQ9TXIY1lr35kkOyyRJDknlkCRJkuSUmKRJXklIDDklDUlIDkNyGEJymJg0zufzMUmSJklCckrWd03xeXur7/2//7fv9b/+c/+ua1/Pup+177XXfu7nsPZ2+LbL0FpNat/ViIjg34K/PiQDQCwADASAawAgAIAKcRXisvtzS0z+9w7C/loPp13pGbArieufs3H9czauf87G9c/ZuP45G9c/Z+P652xcf8Zyss3TC1/LW87d+P5/Tsa///+LZJUd++Xastd3/RdSuP45G9f/f63gv7IT1z9n4/rnbFz/nI3rnxPk+tMern/OxvVnLCe70vef/2GLgSs/hxy1Xen3H2OMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4yxnOGMv0wBwKX2lZ4XY4wxxhhjjDHG/jo+15WeAWOMMcYYY4wxxv7/QxAgQUEAMZALYiE35AEBAFdDPrgGInAtxMF1kB+uhwJQEApBYYiHIlAUNBiwQBBCMSgOUbgBSsCNUBJKQWkoAw7KQgLcBOXgZigPt0AFuBUqwm1QCSpDFagKt0M1uAOqw51wF9wNNaAm1ILacA/UgXuhLtwH9eB+qA8PQAN4EBrCQ9AIHobG8Ag0gUehKTwGzaA5tICW0Oq/lf8i9ICXoCf0gmToDX3gZegL/aA/DICB8AoMgldhMLwGKTAEhsLrMAzegOHwJoyAkTAK3oLR8DaMgbEwDsZDKkyAifAOTIJ3YTJMgakwDdJgOsyA92AmzILZ8D7MgQ9gLsyD+bAA0uFDWAiLIAM+gsXwMWTCElgKy2A5rICVsApWwxpYC+tgPWyAjbAJNsMW2ArbYDvsgJ2wC3bDJ7AHPoW98Bnsg8//xfzT/5DfFQEBBQpUqDAGYzAWYzEP5sG8mBfzYT6MYATjMA7zY34sgAWwEBbCeIzHolgUDRokJCyGxTCKUSyBJbAklsTSWBodOkzABCyHN2N5LI8VsAJWxIpYCStjZayKVbEaVsPqWB3vwruwBtbAWlgL78F7sDfWxbpYD+thfax/6fYUNsJG2BgbYxNsgk2xKTbDZtgCW2ArbIWtsTW2wTaYiInYDtthe2yPSZiEHbADdsSO2Ak7YWfsjF2wC3bFbtgNX8wF+BK+hL2whuiNfbAP9sWUXP1xAA7AV3AQvoqv4muYgkNwKL6Or+MbOBxP4QgciaNwFFYTb+MYHIskxmMqpuJEnIiTcBJOxik4BadhGk7HGTgDZ+IsnIXv4xz8AD/AeTgPF2A6puNCXIQZmIGL8TRm4hJcistwOa7A5bgKV+MqXIvrcC1uwA24CTfhFtyC23Ab7sAduAsVAH6Cn+KnmIL7cB/ux/14AA/gQTyIWZiFh/AQHsbDeASP4FE8isfwOJ7A43gST+IpPI1n8Ayew3N4Hp+P/7rxrlJrUkBkU0KJGBEjYkWsyCPyiLwir8gn8omIiIg4ESfyi/yigCggColCIl7Ei6KiqDDCCBJhDACIqIiKEqKEKClKitKitHDCiQSRIMqJcqK8KC8qiFtFRXGbqCQqi7auqqgqqolEV13cKe4Sd4kaoqaoJWqL2qKOqCPqirqinqgn6ov6ooF4UDQUvbE/PiyyK9NEDMGmYig2E82FvPgN1loMxzairUgUT4qROALbi9YuSTwjOogx2FH8TYzF50RnMR67iBdEV9FNdBcvih6ijespeonJ2Fv0EdOwr+gn+osBYibWFO/jnNy1xGsiRQwRQ8XrYgG+IYaLN8UIMVKMEm+J0eJtMUaMFePEeJEqJoiJ4h0xSbwrJospYqqYJtLEdDFDvCdmillitnhfzBEfiLlinpgvFoh08aFYKBaJDPGRWCw+FpliiVgqlonlYoVYKVaJ1WKNWCvWifVig9goNonNYovYKraJ7WKH2Cl2id3iE7FHfCr2is/EPvG52C++EAfEl+Kg+Epkia/FIfGNOCy+FUfEd+Ko+F4cE8fFCfGDOCl+FKfEaXFGnBXnxE/ivPhZXBBegEQppJRKBjJG5pKxMrfMI6+SeWVw8dW9VsbJ62R+eb0sIAvKQrKwjJdFZFGppZFWkgxlMVlcRuUNsoS8UZaUpWRpWUY6WVYmyJtkOXmzLC9vkRXkrbKivE1WkpVlFVlV3i6ryTskRH49Rg1ZU9aSteU9so68V9aV98l68n5ZXz4gG8gHZUP5kGwkH5aN5SOyiXxUNpWPyWayuWwhW8pW8nHZWj4h28i2MlE+KdvJp2R7+bRMks/IDtJffIs8JzvL52UX+YLsKrvJ7vJneUF62VP2kgC9ZR/5suwr+8n+coAcKF+Rg+SrcrB8TabIIXKofF0Ok2/I4fJNOUKOlKPkW3K0fFuOkWPlODlepsoJcqJ8R06S78rJcoqcKqfJNDld9r840mwp/2n+O3+QP/iXo2+Sm+UWuVVuk9vlDrlT7pK75W65R+6Re+VeuU/uk/vlfnlAHpAH5UGZJbPkIXlIHpaH5RF5RB6VR+UxeVyelT/Ik/JHeUqelqflWXlOnpPnL74GoFAJJZVSgYpRuVSsyq3yqKtUXnW1yqeuURF1rYpT16n86npVQBVUhVRhFa+KqKJKK6OsIhWqYqq4iqob8OIbRpVWZZRTZVWCuulfyVcl1I2qpCr1m/xL80v+k/m1Uq1Ua9VatVFtVKJKVO1UO9VetVdJKkl1UB1UR9VRdVKdVGfVWXVRXVRX1VV1V91VD9VD9VQ9VbJKVn3Uy6qv6qf6qwFqoHpFDVKD1GA1WKWoFDVUDVXD1DA1XA1XI9QINUqNUqPVaDVGjVHj1DiVqlLVRDVRTVKT1GQ1WU1VU1WaSlMz1Aw1U81Us9VsNUfNUXPVXDVfzVfpKl0tVAtVhspQi9VilamWqCVqmVqmVqgVapVapdaoNWqdWqc2qA0qU21Wm9VWtVVtV9vVTrVT7Va71R61R+1Ve9U+tU/tV/vVAXVAHVQHVZbKUofUIXVYHVZH1BF1VB1Vx9QxdUKdUCfVSXVKnVJn1Bl1Tp1T59V5dUFdyF72BSIQgQpUEBPEBLFBbJAnyBPkDfIG+YJ8QSSIBHFBXJA/uD4oEBQMCgWFg/igSFA00IEJbCAuFj0a3BCUCG4MSgalgtJBmcAFZYOE4KagXHBzUD64JagQ3BpUDG4LKgWVgypB1eD2oFpwR1A9uDO4K7g7qBHUDGoFtYN7gjrBvUHd4L6gXnB/UD94IGgQPBg0DB4KGgUPB42DR4ImwaNB0+CxoFnQPGgRtAxa/aXje3+q4BOup+6lk3Vv3Ue/rPvqfrq/HqAH6lf0IP2qHqxf0yl6iB6qX9fD9Bt6uH5Tj9Aj9Sj9lh6t39Zj9Fg9To/XqXqCnqjf0ZP0u3qynqKn6mk6TU/XM/R7eqaepWfr9/Uc/YGeq+fp+XqBTtcf6oV6kc7QH+nF+mOdqZfopXqZXq5X6JV6lV6t1+i1ep1erzfojXqT3qy36K16m96ud+idepferT/Re/Sneq/+TO/Tn+v9+gt9QH+pD+qvdJb+Wh/S3+jD+lt9RH+nj+rv9TF9XJ/QP+iT+kd9Sp/WZ/RZfU7/pM/rn/UF7bMX99k/70YZZWJMjIk1sSaPyWPymrwmn8lnIiZi4kycyW/ymwKmgClkCpl4E2+KmqImGxkyxUwxEzVRU8KUMCVNSVPalDbOOJNgEkw5U86UN+VNBVPBVDQVTSVTyVQxVczt5nZzh7nD3GnuNHebu01NU9PUNrVNHVPH1DV1TT1Tz9Q39U0D08A0NA1NI9PINDaNTRPTxDQ1TU0z08y0MC1MK9PKtDatTRvTxiSaRNPOtDPtTXuTZJJMB9PBdDQdTSfTyXQ2nU0X08V0NV1Nd9Pd9DA9TE/T0ySbZNPH9DF9TV/T3/Q3A81AM8gMMoPNYJNiUsxQM9QMM8PMcDPcjDAjzajshap524wxY804M96kmlQz0Uw0k8wkM9lMNlPNVJNm0swMM8PMNDPNbDPbzDFzzFwz18w38026STcLzUKTYTLMYrPYZJpMs9QsNcvNcrPSrDSrzWqz1qw162G92Wg2ms1ms9lqtprtZrvZaXaa3Wa32WP2mL1mr9ln9pn9Zr85YA6Yg+agyTJZ5pA5ZA6bw+aIOWKOmqPmmDlmTpgT5qQ5aU6ZU+aMOWPOmYIXfy+9ibW5bR57lc1rr7b57DX2H+NCtrCNt0VsUattAVvwN7Gx1pa0pWxpW8Y6W9Ym2Jt+F1eylW0VW9XebqvZO2z138V17L22rr3P1rP329r2nt/E9e0DtoF91DZEBLDNbWPb0jaxj9qm9jHbzDa3LWxL284+Zdvbp22SfcZ2sM/+Ll5oF9nVdo1da9fZPfZTe8aetYftt/ac/cn2tL3sQPuKHWRftYPtazbFDvldPMq+ZUfbt+0YO9aOs+N/F0+102yanW5n2PfsTDvrd3G6/dDOsRl2rp1n59sFv8TZc8qwH9nF9mObaZfYpXaZXW5X2JV21f+d6zK7wW60m+xu+4ndarfZ7XaH3Wl3/RJnn8de+5ndZz+3h+w39oD90h60R2yW/fqXOPv8jtjv7FH7vT1mj9sT9gd70v5oT9nTv5x/9rn/YH+2F6y3QEhAkhQFFEO5KJZyUx66ivLS1ZSPrqEIXUtxdB3lp+upABWkQlSY4qkIFSVNhiwRhVSMilOUbqBL6/TSVIYclaUEuonK0c1Unm6hCnQrVaTbqBJVpipUlW6nanQHVac76S66m2pQTapFtekeqkP3Ul26j+rR/VSfHqAG9CA1pIeoET1MjekRakKPUlN6jJpRc2pBLakVPU6t6QlqQ20pkZ6kdvQUtaenKYmeoQ70LHWkv1Eneo460/PUhV6grtSNutOL1INeop7Ui5KpN/Whl6kv9aP+NIAG0is0iF6lwfQapdAQGkqv0zB6g4bTmzSCRtIoeotG09s0hsbSOBpPqTSBJtI7NInepck0habSNEqj6TSD3qOZNItm0/s0hz6guTSP5tMCSqcPaSEtogz6iBbTx5RJS2gpLaPltIJW0ipaTWtoLa2j9bSBNtIm2kxbaCtto+20g3bSLtpNn9Ae+pT20me0jz6n/fQFHaAv6SB9RVn0NR2ib+gwfUtH6Dvfi76nY3ScTtAPdJJ+pFN0ms7QWTpHP9F5+pkukCcIMRShDFUYhDFhrjA2zB3mCa8K84ZXh/nCa8JIeG0YF14X5g+vDwuEBcNCYeEwPiwSFg11aEIbUhiGxcLiYTS8ISwR3hiWDEuFpcMyoQvLhgnhTWG58OawfHhLWCG8NawY3hZWCiuHj95fNbw9rBbeEVYP7wwTw7vDGmHNsFZYO7wnrBPeG9YN7wvrhfeH5cMHwgbhg2HD8KGwUfhw2Dh8JGwSPho2DR8Lm4XNwxZhy7BV+HjYOnwibBO2DRPDJ8N24VNh+/DpMCl8JuwQPvtL/wOL/rw/Oewd9glfDl8Ovb9Pzo8uiKZHP4wujC6KZkQ/ii6OfhzNjC6JLo0uiy6ProiujK6Kro6uia6Nrouuj26IboxuinpfOxc4dMJJp1zgYlwuF+tyuzzuKpfXXe3yuWtcxF3r4tx1Lr+73hVwBV0hV9jFuyKuqNPOOOvIha6YK+6i7gZXwt3oSrpSrrQr45wr6xJcS9fKtXKt3ROujWvrEt2T7kn3lHvKPe2eds+4Du5Z19H9zXVyz7nO7nn3vHvBdXXdXHf3ouvhJuT79TOZ7Pq4Pq6v6+v6u/5uoBvoBrlBbrAb7FJcihvqhrphbpgb7oa7EW6EG+VGudFutBvjxrhxbpxLdaluopvoJrlJbrKb7Ka6qS7NpbkZboab6Wa6arN+PcpcN9fNd/Ndukt3C132mjHDLXaLXabLdEvdUrfcLXcr3Uq32q12a91at96tdxvdRrfZbXZb3Va33W13O91Ot9vtdnv8Nb8O6va5/W6/O+AOuIPuK5flvnaH3DfusPvWHXHfuaPue3fMHXcn3A/upPvRnXKn3Rl31p1zP7nz7md3wXmXGpkQmRh5JzIp8m5kcmRKZGpkWiQtMj0yI/JeZGZkVmR25P3InMgHkbmReZH5kQWR9MiHkYWRRZGMyEeRxZGPI5mRJZGlkWWR5ZEVEe+LbA19MV/cR/0NvoS/0Zf0pXxpX8Y7X9Yn+Jt8OX+zL+9v8RX8rb6iv81X8pV9Ff+Yb+ab+xa+pW/lH/et/RO+jW/rE/2Tvp1/yrf3T/sk/4zv4J/1Hf3ffCf/nO/sn/dd/Au+q+/mu/sXfQ//ku/pe/lk39v38S/7vr6f7+8H+IH+FT/Iv+oH+9d8ih/ih/rX/TD/hh/u3/Qj/Eg/KuYtP/rSJTKM96l+gp/o3/GT/Lt+sp/ip/ppPs1P9zP8e36mn+Vn+/f9HP+Bn+vn+fl+gU/3H/qFfpHP8B/5xf5jn+mXXLqp7Ff6VX61X+PX+nV+vd/gN/pNfrPf4rf6bX673+F3+l1+t//E7/Gf+r3+M7/Pf+73+y/8Af+lP+i/8ln+a3/If+MP+2/9Ef+dP+q/98f8cX/C/+BP+h/9KX/an/Fn/Tn/kz/vf/YX+N+sMcYYY4z9l0y43BR/1N/7D54Tf7dzHwC4elvhrL/vz15Rri/wa7ufiG8XAYBnenV5+NJWo0ZycvLFfTMlBMXnAVz6k6BsMXA5XgKJ8BQkQVso94fz7ye6naN/Mn70VoA8f5cTC5fjy+N/8SfjP/7kqIUVwzNx/4/x5wGULH45JzdcjpdAosp+bAvl/2T8gq3/yfxzf5kK0ObvcvLC5fjy/BPgCXgWkn6zJ2OMMcYYY4wx9qt+okqnS9efl/7G5x9dn8eryzm54HL8z67PGWOMMcYYY4wxduU91637048nJbXt9K83qv+3srjxP7XhPcClZxQA/JsDAvzHz2LLf+RYKRc/Ov/YtfysD+B/Rin/isYV/mJijDHGGGOM/eUuL/p/+7y6UhNijDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcZyoP/Efyd2pc+RMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYu9L+TwAAAP//8SoNew==") syz_open_dev$evdev(0x0, 0x0, 0x0) write$evdev(0xffffffffffffffff, &(0x7f0000000340), 0x0) dup(0xffffffffffffffff) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) read$msr(0xffffffffffffffff, 0x0, 0x0) sendmsg$IPSET_CMD_DESTROY(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$tipc(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0) 2.936251934s ago: executing program 3 (id=1203): syz_usb_connect(0x0, 0x2d, &(0x7f0000000100)={{0x12, 0x1, 0x0, 0xfd, 0x63, 0x57, 0x20, 0x959, 0x2bd0, 0x2ae, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x70, 0x21, 0x14, 0x0, [], [{{0x9, 0x5, 0x4}}]}}]}}]}}, 0x0) 2.546530002s ago: executing program 4 (id=1204): mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0) writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000180)='0', 0x1}], 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() fchmodat(r0, &(0x7f0000000400)='./file0\x00', 0x28) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_open_procfs$namespace(r2, &(0x7f0000000240)='ns/net\x00') sched_setaffinity(0x0, 0x8, &(0x7f0000000300)=0x6) r5 = socket(0x2, 0xa, 0x0) getsockopt$SO_BINDTODEVICE(r5, 0x1, 0x1c, &(0x7f0000000000), 0x20000000) writev(r5, &(0x7f00000007c0)=[{0x0}, {&(0x7f00000005c0)}, {&(0x7f0000000640)}, {0x0}], 0x4) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x1) ioctl$BTRFS_IOC_QGROUP_LIMIT(0xffffffffffffffff, 0x8030942b, 0x0) r6 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$link(0x15, r6, 0x0) mount(&(0x7f0000000440), &(0x7f0000000380)='./file0\x00', &(0x7f0000000340)='securityfs\x00', 0x0, 0x0) r7 = socket(0x840000000002, 0x3, 0xff) connect$inet(r7, &(0x7f0000000280)={0x2, 0x0, @remote}, 0x10) sendmmsg$inet(r7, &(0x7f0000005240)=[{{0x0, 0xfffffdef, 0x0, 0x0, 0x0, 0x0, 0x10}, 0xfffffdef}], 0x4000095, 0x401eb94) 1.917866812s ago: executing program 2 (id=1205): sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f8480d0000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x0) 1.643727747s ago: executing program 0 (id=1206): r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000140)=0x200000000) write$vhost_msg_v2(r0, &(0x7f0000000180)={0x2, 0x0, {&(0x7f0000000000)=""/106, 0x6a, 0x0, 0x3, 0x2}}, 0x48) 608.227118ms ago: executing program 4 (id=1207): timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x989680}}, 0x0) r0 = memfd_create(&(0x7f0000000340)='D\xa3\xd5Wj\x00\x00x0\xc1\xac\x1a\x1a\vG\xa9~vB\xbc\t\x00\x00\x00VoA\xaa\xbc\xee[\xe1\xa2\xe0\xff\x04\x00\x00\x00\\i\xcf\t\xb0\xa9 +H/\x1a\xe7\x95\xce\"\"\xbd\xf9!\xfd\xa4\xcaN\x84\xadS\x8bqE\x99\x01t\xb1\x1f|\x99PL\x92\x8f\xc2\xf9\xcd\x8cj\x03X\x05\x17mwI\xf0\x01\xe5z\xcdJ)\xc7\xfa)\xaa}\xef\xbb\xf5\xcd\xb1o5\x18\xd6\v\x85q\x98\x9bB\xb9\xea\xe7\xff\x7f\x00\x00T\xc0\xd2\t?\bpBl\xf4*8\xc6\xe5\x06P\xc11\f^\x7f\x8e\xc1\xd1Wra\x19)\xe3\x8f\xd9\x9f\x15\x1e\xf2\x18\r\xad\b\xe0\x96NH\x85\r+\xfc\xb3\xdd\xddhg \x03\xa7\x92\xff\x00+h\xb7@#K\x9cMY\xd3\x9b\b-G\xb1\xdaS\x81\xb2\x93\xb83\x8a\x94*\x8d\\\b\xff/\xa1\xc0\xf9&\xd3M\xf6\n\xff\x83k\xc9\rDa\x16\xbd\x1a\xb2w\b', 0x0) write(r0, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) clock_nanosleep(0x2, 0x0, &(0x7f0000000040)={0x0, 0x989680}, &(0x7f0000000100)) 469.662591ms ago: executing program 0 (id=1208): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0x2, 0xc}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x3, 0x0) sendmsg$GTP_CMD_DELPDP(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x14}}, 0x0) getsockname$packet(r4, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="4800000010000507000000000000000000000090", @ANYRES32=r5, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000480)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000c80)=@newqdisc={0x24, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffff}, {0x0, 0xffff}}}, 0x24}}, 0x0) r7 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000340), 0x4) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000740)={r1, 0xe0, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000480)=[0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x7, 0x8, &(0x7f00000004c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000500)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xe9, &(0x7f0000000540)=[{}, {}, {}, {}, {}, {}], 0x30, 0x10, &(0x7f0000000580), &(0x7f00000005c0), 0x8, 0x33, 0x8, 0x8, &(0x7f0000000600)}}, 0x10) r9 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000780)={0x1b, 0x0, 0x0, 0x5, 0x0, r0, 0x1, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x1, 0x3}, 0x48) r10 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000800)={0x1b, 0x0, 0x0, 0x5e17, 0x0, r0, 0x8000, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x7, 0x1b, &(0x7f0000000200)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x700000}, [@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x8}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}}, @initr0={0x18, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x3f}, @jmp={0x5, 0x1, 0x2, 0xa, 0x0, 0x2, 0xffffffffffffffff}, @initr0={0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x3}, @exit, @jmp={0x5, 0x1, 0x0, 0x4, 0x9, 0x10}, @cb_func={0x18, 0x1, 0x4, 0x0, 0xfffffffffffffff9}, @cb_func={0x18, 0x8, 0x4, 0x0, 0x3}]}, &(0x7f0000000300)='syzkaller\x00', 0x101, 0x0, 0x0, 0x41000, 0x25, '\x00', r5, 0x1e, r7, 0x8, &(0x7f0000000400)={0x3, 0x4}, 0x8, 0x10, &(0x7f0000000440)={0x3, 0xf, 0x5, 0x8}, 0x10, r8, r1, 0x1, &(0x7f0000000880)=[r0, r0, r0, r9, r10, r0], &(0x7f00000008c0)=[{0x0, 0x3, 0xa, 0x6}], 0x10, 0x400}, 0x90) syz_usb_connect(0x0, 0x41, &(0x7f00000003c0)=ANY=[@ANYBLOB="120101022f7d8640940f01009c17010203010902"], &(0x7f0000001180)={0x0, 0x0, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="040f"]}) r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) fsopen(&(0x7f0000000000)='configfs\x00', 0x0) ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0) 429.05297ms ago: executing program 2 (id=1209): r0 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000000), 0x101c02, 0x0) pwritev(r0, &(0x7f0000001780)=[{&(0x7f0000000400)="f7", 0x1}, {&(0x7f0000000700)="79f8bdbc37a8fa771cbfe270f5960eb6118e83d2635d577b4017f249c25d0193b9fed92402501468bf3e7b0050f090d25a4890b98adc12c8ea507a0d93a7a7fb", 0x40}], 0x2, 0x0, 0x0) 322.13089ms ago: executing program 2 (id=1210): r0 = socket$inet6(0xa, 0x3, 0x3c) setsockopt$inet6_IPV6_DSTOPTS(r0, 0x29, 0x3b, &(0x7f0000000300)=ANY=[], 0xc0) setsockopt$inet6_IPV6_RTHDRDSTOPTS(r0, 0x29, 0x37, 0x0, 0x0) 171.34256ms ago: executing program 1 (id=1211): iopl(0x3) setuid(0xee00) ioprio_set$pid(0x0, 0xffffffffffffffff, 0x2007) 155.801897ms ago: executing program 3 (id=1212): syz_mount_image$exfat(&(0x7f0000000280), &(0x7f00000000c0)='./file2\x00', 0x2208050, &(0x7f0000000080)=ANY=[@ANYRES32=0x0, @ANYRESOCT, @ANYRESHEX, @ANYRESHEX], 0x1, 0x1528, &(0x7f0000004440)="$eJzs3Au4TtX2MPAx5pxr2+TyJrmvMcfiTS6TJMklSS5JkoTknpCEJEkSm9ySkIRcd5J7yD3t5H6/5Z4kR5IkIbmF+T27Op9Tp/Pv/M/pfM7XHr/nWY851lpzvGMa+91rrXc/e3/deUiV+lUr1mFm+Ffovw7wp3+SACARAPoDQBYACACgZNaSWVOPp9eY9C+9iPgPqTvtalcgribpf9om/U/bpP9pm/Q/bZP+p23S/7RN+p+2Sf+FSNNm5LpWtrS7yef//59T/85kuf7/+SD+/a5/dK70/89G/6/Olv6nGQm/tVP6n1b89iVA+p+2Sf/TsuBqFyCuMnn/p23SfyHStD/8M+X15/7YfAnyM4r/5CaEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQvw/cM5fYQDgr+OrXZcQQgghhBBCCCH+OP7dq12BEEIIIYQQQggh/vMQFGgwEEACpINESA8Z4BrICJkgM2SBGFwLWeE6yAbXQ3bIATkhF+SGPJAXQiCwwBBBPsgPcbgBCsCNUBAKQWEoAg6KQjG4CYrDzVACboGScCuUgtugNJSBslAObofycAdUgDuhItwFlaAyVIGqcDdUg3ugOtwLNeA+qAn3Qy14AGrDg1AH6kI9eAjqw8PQABpCI2gMTaApNPud+clZfmv+89ANXoDu0AOSoCf0ghehN/SBvtAP+sNLMABehoHwCgyCwTAEXoWh8BoMg9dhOIyAkfAGjILRMAbGwjgYD8nwJkyAt2AivP1wJpgMU2AqTIPpMAPegZkwC2bDuzAH5sI8SE6/ABbCIngPAN6HFPgAlsCHsBSWwXJYASthFayGNbAW1sF62AAbYRNshi2wFT6CbbAddsBO2AW7YQ98DHvhE9gHn8J+/Ox/Of/sL+dDFwQEVKjQoMEETMBETMQMmAEzYkbMjJkxhjHMilkxG2bD7Jgdc2JOzI25MS/mRUJCRsZ8mA/jGMcCWAALYkEsjIXRocNiWAyL481YAktgSSyJpbAUlsYyWAbLYTksj+WxAlbAilgRK2ElrIJV8G68G+/B6lgda2ANrIk1sRbWwtpYG+tgHayH9bA+1scG2AAbYSNsgk2wGTbD5tgcW2ALbIWtsDW2xjbYBttiW2yP7bEDdsCO2BE7YSfsjJ2xCz6Hz+Hz+Dy+gC9gD6ykemIv7IW9sTf2xX7YD1/CAfgyvoyv4CAcjEPwVXwVX8NheAaH4wgciSOxvBqNY3AsshqPyZiM6WACTsSJOAkn42ScitNwOs7AGTgTZ+EsfBfn4Fyci/NxPi7ERbgIF+P7mIIpuATP4lJchstxBa7EVbgS1+BaXIPrcQOux024CbfgFvwIP8LtuB134k7cjbvxY/wYP8FPcBDux/14AA/gQTyIh/AQHsbDeASP4FE8isfwGB7H43gCT+IpPImn8TSewbN4DgAu4AW8iBfxMl5OffOrVEYZlaASVKJKVBlUBpVRZVSZVWYVUzGVVWVV2VQ2lV1lVzlVTpVb5VZ5VV5FihSrSOVT+VRcxVUBVUAVVAVVYVVYOeVUMVVMFVfFVQlVQpVUt6pS6jZVWpVRLV05VU6VV61cBXWnqqgqqkqqsqqiqqqqqpqqpqqr6qqGqqFqqpqqlnpA1VY9sS/WVamdqa8GYwM1BBupxqqJaqpew0dUczUMW6iWqpV6TI3A4dhGNXdtVTvVXo3BDuopNRafVp3UeOysnlVd1HOqq3pedVMtXHfVQ03CnqqXmoq9VR/VV/VTM7GySu1YFfWKGqQGqyHqVbUQX1PD1OtquBqhRqo31Cg1Wo1RY9U4NV4lqzfVBPWWmqjeVpPUZDVFTVXT1HQ1Q72jZqpZarZ6V81Rc9U8NV8tUAvVIvWeWqzeVynqA7VEfaiWqmVquVqhVqpVarVao9aqdWq92qA2qk1qs9qitqqP1Da1Xe1QO9UutVvtUR+rveoTtU99qvarz9QB9Rd1UH2uDqkv1GH1pTqivlJH1dfqmPpGHVffqhPqpDqlvlOn1ffqjDqrzqnz6oL6QV1Ul9Rl5RVo1EprbXSgE3Q6najT6wz6Gp1RZ9KZdRYd09fqrPo6nU1fr7PrHDqnyaVz6zw6rw41aatZRzqfzq/j+gZdQN+oC+pCurAuop0uqovpm3RxfbMuoW/RJfWtupS+TZfWZXRZD/p2XV7foSvoO3VFfZeupCvrKrqqvltX0/fo6vpeXUPfp2vq+3Ut/YCurR/UdXRdXU8/pOvrh3UD3VA30o11E91UN9OP6Ob6Ud1Ct9St9GO6tX5ct9FP6La6nW6vn9Qd9FO6o35ad9LP6M76Wd1FP6e76kv68nmvu+seOkn31L30i7q37qP76n66v35JD9Av64H6FT1ID9ZD9Kt6qH5ND9Ov6+F6hB6p39Cj9Gg9Ro/V4/R4nazf1BP0W3qifltP0pP1FD1VT9PTdd+fM83+J+a/9RvzB/746lv0Vv2R3qa36x16p96ld+s9eo/eq/fqfXqf3q/36wP6gD6oD+pD+pA+rA/rI/qIPqqP6mP6mD6uj+sT+qQ+r7/Tp/X3+ow+q8/q8/qCvqAvpv4faK/BoFFGG2MCk2DSmUST3mQw15iMJpPJbLKYmLnWZDXXmWzmepPd5DA5TS6T2+QxeU1oyFjDJjL5TH4TNzeYAuZGU9AUMoVNEeNMUVPM3PRvz/+9+pqZZqa5aW5amBamlWllWpvWpo1pY9qatqa9aW86mA6mo+loOplOprPpbLqYLqar6Wq6mW6mu+lukkyS6WVeNL1NH9PX9DP9zUtmgBlgBpqBZpAZZIaYIWaoGWqGmWFmuBluRpqRZpQZZcaYMWacGWeSfRYzwUwwE81EM8lMMlP6ZzHTzDQzw8wwM81MM9vMNnPMHDPPzDMLzAKzyCwyi81ik2JSzBKzxCw1y8wys8KsMKvMKrPGrDHrzDqzwWwwm8wms9RsNVvNNrPN7DA7zC6zy+wxe8xes9fsM/vMfrPfHDAHzEFz0Bwyh8xhc9gcMUfMUXPUHDPHzHFz3JwwJ8wpc8qcNqfNGXPGnDPnzAVzwVw0F81lczn1ti9QgQpMYIKEICFIDBKDDEGGIGOQMcgcZA5iQSzIGmQNsgXXB9mDHEHOIFeQO8gT5A3CgAIbcBAF+YL8QTy4ISgQ3BgUDAoFhYMigQuKBsWCm4Liwc1BieCWoGRwa1AquC0oHZQJygblgtuD8sEdQYXgzqBicFdQKagcVAmqBncH1YJ7gurBvUGN4L6gZnB/UCt4IKgdPBjUCeoG9YKHgvrBw0GDoGHQKGgcNAmaBs3+0Pzen8nxqOse9giTwp5hr/DFsHfYJ+wb9gv7hy+FA8KX+wJAOCgcHA4JXw2Hhq+Fw8LXw+HhiHBk+EY4KhwdjgnHhuPC8WFy+GY4IXwrnBi+HU4KJ4dTgqnhtHB6OCN8J5wZzgpnh++Gc8K54bxwfrggXBgi/nQ3nhJ+EC4JPwyXhsvC5eGKcGW4KlwdrgnXhuvC9eGGcGO4qeSAn04Nt4Xbwx3hznBXuDvcE34c7g0/CfeFn4b7w8/CA+FfwoPh5+Gh8IvwcPhleCT8Kjwafh0eC78Jj4ffhifCk+kh/C48HX4fngnPhufC8+GF8IfwYngpvBz61Jv71Ms7GTKUQAmUSImUgTJQRspImSkzxShGWSkrZaNslJ2yU07KSbkpN+WlvJSKiSkf5aM4xakAFaCCVJAKU2Fy5KgYFaPiVJxKUAkqSSWpFJWi0mSpLJWl2+l2uoPuoDvpTrqL7qLKVJmqUlVCrEbVqTrVoBpUk2pSLapFtak21aE6VI/qUX2qTw2oATWiRtSEmlAzakbNqTm1oBbUilpRa2pNbagNtaW21J7aUwfqQB2pI3WiTtSZOlMX6kJdqSt1o27UnbpTEiVRL+pFvak39aW+1J/60wAaQANpIA2iQTSEhtBQGkrDaBgNpxE0kt6gUTSaxtBYGkfjKZmSaQJNoIk0kSbRJJpCU2gaTaMZNINm0kyaTbNpDs2heTSPFtACWkSLaDEtphRKoSW0hJbSUlpOy2klraTVtJrW0lpaT+tpI22kzbSZttJW2kbbaAftoF20i/bQHtpLe2kf7aP9tJ8O0AE6SAfpEB2iw3SYjtAROkpH6Rgdo+N0nE7QCTpFp+g0naYzdIbO0Tm6QD/QRbpEl8lTok1vM9hrbEabyWa2Weyv45w2l81t89i8NrTZbY5fxGStLWgL2cK2iHW2qC1mb/q7uLQtY8vacvZ2W97eYSvY0jY9/G1czd5jq9t7bQ17n61q7/5FXNPeb2vZh21t29DWsY1tPdvU1rcP2wa2oW1kG9smtqltbR+3bewTtq1tZ9vbJ/8uXmzft2vtOrvebrB77Sf2nD1vj9qv7QX7g+1ue9j+9iU7wL5sB9pX7CA7+JcxgB1p37Cj7Gg7xo614+z4K3GWdD/GU+xUO81OtzPsO3amnfV38SL7np1jU+w8O98usAt/jFNrSrEf2CX2Q7vULrPL7Qq70q6yq+2a/1vrCrvJbrZb7B77sd1mt9sddqfdZXf/GKeuY5/91O63n9kj9it70H5uD9lj9rD98sc4dX3H7Df2uP3WnrAn7Sn7nT1tv7dn7Nkf15+69u/sJXvZeguMrFiz4YATOB0ncnrOwNdwRs7EmTkLx/hazsrXcTa+nrNzDs7JuTg35+G8HDKxZeaI83F+jvMNXIBv5IJciAtzEXZclIvxTVycb+YSfAuX5Fu5FN/GpbkMl+VyfDuX5zu4At/JFfkursSVuQpX5bu5Gt/D1flersH3cU2+n2vxA1ybH+Q6XJfr8UNcnx/mBtyQG3FjbsJNuRk/ws35UW7BLbkVP8at+XFuw09wW27H7flJ7sBPcUd+mjvxM9yZn+Uu/Bx35ee5G7/A3bkHJ3FP7sUvcm/uw325H/fnl3gAv8wD+RUexIN5CL/KQ/k1Hsav83AewSP5DR7Fo3kMj+VxPJ6T+U2ewG/xRH6bJ/FknsJTeRpP5xn8Ds/kWTyb3+U5PJfn8XxewAt5Eb/Hi/l9TuEPeAl/yEt5GS/nFbySV/FqXsNreR2v5w28kTfxZt7CW/kj3sbbeQfv5F28m/fwx7yXP+F9/Cnv58/4AP+FD/LnfIi/4MP8JR/hr/gof83H+Bs+zt/yCT7Jp/g7Ps3f8xk+y+f4PF/gH/giX+LL7BkijFSkIxMFUUKULkqM0kcZomuijFGmKHOUJYpF10ZZo+uibNH1UfYoR5QzyhXljvJEeaMwoshGHEVRvih/FI9uiApEN0YFo0JR4ahI5KKiUbHopqh4dHNUIrolKhndGpWKbotKR2WislG56PaofHRHVCG6M6oY3RVViipHVaKq0d1RteieqHp0b1Qjui8qEd0f1YoeiGpHD0Z1orpRveihqH70cNQgahg1ihpHTaKmUbPokah59GjUImoZtYoei1pHj0dtoieitlG7qH305JXjhYKfrqa/Op4U9Yz0z5+Q3asXxBfGF8Xfiy+Ovx9PiX8QXxL/ML40viy+PL4ivjK+Kr46via+Nr4uvj6+Ib4xvim+Ob4l7n3VdOAw9UEYjAtcgkvnEl16l8Fd4zK6TC6zy+Ji7lqX1V3nsrnrXXaXw+V0uVxul8fldaEjZx27yOVz+V3c3eAKuBtdQVfIFXZFnHNFXTHX1DVzzVxz96hr4Vq6Vu4x95h73D3unnBPuHauvXvSdXBPuY7uadfJPeOecc+6Lu4519U977q5F1x318MluSTXy/VyvV1v19f1df1dfzfADXAD3UA3yA1yQ9wQN9QNdcPcMDfcDXcj3Ug3yo1yY9wYN86Nc8ku2U1wE9xEN9FNcpPcFDfFTXPT3Aw3w810M91sN9vNcXPcPDfPLXAL3CK3yC12i12KS3FL3BK31C11y91yt9KtdKvdarfWrXXr3Xq30W10m91mt9VtddvcNrfD7XC73C63x+1xe91et8/tc/vdfnfAHXAH3UF3yH3hDrsv3RH3lTvqvnbH3DfuuPvWnXAn3Sn3nTvtvndn3Fl3zp13F9wP7qK75C4775Jjb8YmxN6KTYy9HZsUmxybEpsamxabHpsReyc2MzYrNjv2bmxObG5sXmx+bEFsYWxR7L3Y4tj7sZTYB7ElsQ9jS2PLYstjK2IrY6ti3ufZFvl8Pr+P+xt8AX+jL+gL+cK+iHe+qC/mb/LF/c2+hL/Fl/S3+lL+Nl/al/FlfUPfyDf2TXxT38w/4pv7R30L39K38o/51v5x38Y/4dv6dr69f9J38E/5jv5p38k/4zv7Z+f+/OXpu/kXfHffwyf5nr6Xf9H39n18X9/P9/cv+QH+ZT/Qv+IH+cF+iH/VD/Wv+WH+dT/cj/Aj/Rt+lB/tx/ixfpwf75P9m36Cf8tP9G/7SX6yn+Kn+ml+up/h3/Ez/Sw/27/r5/i5fp6f7xf4hX6Rf88v9u/7FP+BX+I/9Ev9Mr/cr/Ar/Sq/2q/xa/06v95v8Bv9Jr/Zb/FbfTrY5rf7HX6n3+V3+z3+Y7/Xf+L3+U/9fv+ZP+D/4g/6z/0h/4U/7L/0R/xX/qj/2h/z3/jj/lt/wp/0p/x3/rT/3p/xZ/05f95f8D/4i/6Svyy/syaEEEII8U/Rv3O852/sUz9vBgB6AUCm7bkO/zrnxuw/jfuove1jANBOda7brsdPW926SUlJP5+7VEOQfz4AxK7MT4Ar8TJoBY9DW2gJxX+zvj6qLHJq/h5X8gd/czw1f/xWgAwA6f+6LxF+jH+V/+Z/kL/he7/O/+v64/MBCua/Mif1hf4aX8lf4h/k3936d/Kn/zwZoMXfzMkIV+Ir+YvBo/AktP3Fmb+hRuL/fFwIIYQQQgghxJ9SH3Why+8936Y+n+c2V+akgyvx7z2f/44Kf8QahBBCCCGEEEII8T97+rmuTzzStm3Ljn/mQbr/jjL+CwYIAP8FZcjgv39wtb8zCSGEEEIIIf5oV276r3YlQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCFE2vWv/4Uw9U+ffLXXKIQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQlxt/ycAAP//7JlNJg==") bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={0xffffffffffffffff, 0x0, 0x1, 0x0, &(0x7f00000001c0)='?', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuacct.stat\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040), 0xfed8) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x10012, r0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) 125.758832ms ago: executing program 2 (id=1213): r0 = syz_io_uring_setup(0x1f87, &(0x7f0000000080)={0x0, 0x0, 0x13580}, &(0x7f0000000100)=0x0, &(0x7f0000000280)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000140)=@IORING_OP_MSG_RING={0x28, 0x0, 0x0, r0, 0x0, 0x0}) io_uring_enter(r0, 0x54, 0x0, 0x0, 0x0, 0x0) 0s ago: executing program 2 (id=1214): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(r0, 0x84, 0x12, &(0x7f0000000080)=0x1, 0x4) setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f0000000000)=@sack_info={0x0, 0x0, 0x6}, 0xc) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000900)=[@in={0x2, 0x4e23, @loopback}, @in6={0xa, 0x0, 0x0, @loopback}], 0x2c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c) sendto$inet6(r0, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) writev(r0, &(0x7f0000000680)=[{&(0x7f0000000040)='9', 0x1}], 0x1) kernel console output (not intermixed with test programs): EXT4-fs (loop0): 1 truncate cleaned up [ 193.808725][ T7105] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 194.244473][ T6607] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 194.291827][ T5098] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 194.316743][ T5098] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 194.363228][ T5098] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 194.393068][ T5098] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 194.409444][ T5098] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 194.419509][ T5098] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 194.472500][ T7121] netlink: 4 bytes leftover after parsing attributes in process `syz.4.638'. [ 194.610884][ T7113] loop3: detected capacity change from 0 to 32768 [ 194.619158][ T7113] XFS: noikeep mount option is deprecated. [ 194.630393][ T7113] XFS: noikeep mount option is deprecated. [ 194.641889][ T52] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 194.642485][ T7113] xfs: Unknown parameter 'biosize' [ 194.672633][ C1] sd 0:0:1:0: [sda] tag#3557 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s [ 194.683206][ C1] sd 0:0:1:0: [sda] tag#3557 CDB: Write(6) 0a 00 00 00 00 00 00 00 00 00 00 00 [ 194.688000][ T1248] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.703833][ T1248] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.782429][ T7131] loop2: detected capacity change from 0 to 512 [ 194.833797][ T52] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 194.836993][ T7131] EXT4-fs warning (device loop2): ext4_block_to_path:107: block 3279945729 > max in inode 13 [ 194.879306][ T7131] EXT4-fs warning (device loop2): ext4_block_to_path:107: block 3279945730 > max in inode 13 [ 194.904450][ T7131] EXT4-fs (loop2): 1 truncate cleaned up [ 194.921818][ T7131] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 195.015534][ T7113] erofs: (device loop3): erofs_read_superblock: cannot find valid erofs superblock [ 195.046144][ T52] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 195.088224][ T5092] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 195.162791][ T5146] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 195.206327][ T52] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 195.366301][ T5146] usb 1-1: Using ep0 maxpacket: 16 [ 195.462357][ T5146] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024 [ 195.482874][ T5146] usb 1-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 195.500332][ T5146] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 195.511125][ T5146] usb 1-1: config 0 descriptor?? [ 195.583342][ T9] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 195.975325][ T52] bridge_slave_1: left allmulticast mode [ 196.042131][ T52] bridge_slave_1: left promiscuous mode [ 196.117236][ T52] bridge0: port 2(bridge_slave_1) entered disabled state [ 196.311382][ T52] bridge_slave_0: left allmulticast mode [ 196.328013][ T52] bridge_slave_0: left promiscuous mode [ 196.343077][ T52] bridge0: port 1(bridge_slave_0) entered disabled state [ 196.593694][ T5110] Bluetooth: hci4: command tx timeout [ 196.703586][ T9] usb 5-1: Using ep0 maxpacket: 16 [ 196.758185][ T5110] Bluetooth: hci2: command 0x0406 tx timeout [ 196.763086][ T5101] Bluetooth: hci1: command 0x0406 tx timeout [ 196.806763][ T9] usb 5-1: config 0 has no interfaces? [ 196.823521][ T9] usb 5-1: New USB device found, idVendor=15c2, idProduct=0040, bcdDevice= 7.fb [ 196.837501][ T9] usb 5-1: New USB device strings: Mfr=7, Product=130, SerialNumber=11 [ 196.849466][ T9] usb 5-1: Product: syz [ 196.854337][ T9] usb 5-1: Manufacturer: syz [ 196.862410][ T9] usb 5-1: SerialNumber: syz [ 196.883917][ T7152] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 196.884411][ T9] usb 5-1: config 0 descriptor?? [ 196.911185][ T7152] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 197.046992][ T5146] hid-generic 0003:0158:0100.0001: unknown main item tag 0x1 [ 197.075500][ T5146] hid-generic 0003:0158:0100.0001: unexpected long global item [ 197.119391][ T5146] hid-generic 0003:0158:0100.0001: probe with driver hid-generic failed with error -22 [ 197.607661][ T52] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 197.623631][ T52] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 197.646140][ T52] bond0 (unregistering): Released all slaves [ 197.702613][ T7149] loop3: detected capacity change from 0 to 40427 [ 197.750639][ T7149] F2FS-fs (loop3): invalid crc value [ 197.779423][ T7135] netlink: 8 bytes leftover after parsing attributes in process `syz.0.641'. [ 197.841376][ T7149] F2FS-fs (loop3): Found nat_bits in checkpoint [ 197.867630][ T7124] netlink: 8 bytes leftover after parsing attributes in process `syz.4.638'. [ 197.901111][ T25] usb 1-1: USB disconnect, device number 8 [ 197.959487][ T5149] usb 5-1: USB disconnect, device number 5 [ 198.090546][ T7149] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 198.318923][ T7116] chnl_net:caif_netlink_parms(): no params data found [ 198.385573][ T52] hsr_slave_0: left promiscuous mode [ 198.405441][ T52] hsr_slave_1: left promiscuous mode [ 198.483535][ T52] veth1_macvtap: left promiscuous mode [ 198.490270][ T52] veth0_macvtap: left promiscuous mode [ 198.530496][ T52] veth1_vlan: left promiscuous mode [ 198.558363][ T52] veth0_vlan: left promiscuous mode [ 198.604504][ T7174] syz.3.646: attempt to access beyond end of device [ 198.604504][ T7174] loop3: rw=2049, sector=77824, nr_sectors = 544 limit=40427 [ 198.672947][ T54] Bluetooth: hci4: command tx timeout [ 198.875212][ T6643] syz-executor: attempt to access beyond end of device [ 198.875212][ T6643] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 198.933014][ T6643] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 200.148733][ T52] team0 (unregistering): Port device team_slave_1 removed [ 200.204874][ T7191] x_tables: unsorted underflow at hook 2 [ 200.206854][ T7186] loop2: detected capacity change from 0 to 32768 [ 200.224158][ T7186] XFS: noikeep mount option is deprecated. [ 200.230092][ T7186] XFS: noikeep mount option is deprecated. [ 200.238363][ T7186] xfs: Unknown parameter 'biosize' [ 200.269923][ T52] team0 (unregistering): Port device team_slave_0 removed [ 200.404110][ T7186] erofs: (device loop2): erofs_read_superblock: cannot find valid erofs superblock [ 200.522900][ T5146] usb 1-1: new full-speed USB device number 9 using dummy_hcd [ 200.552835][ T9] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 200.713980][ T5146] usb 1-1: config 179 has an invalid interface number: 65 but max is 0 [ 200.732315][ T5146] usb 1-1: config 179 has no interface number 0 [ 200.740398][ T5146] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 10 [ 200.751883][ T5146] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1029, setting to 64 [ 200.765686][ T54] Bluetooth: hci4: command tx timeout [ 200.773349][ T5146] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 65535, setting to 64 [ 200.786534][ T5146] usb 1-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 200.801113][ T9] usb 4-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00 [ 200.811387][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 200.821598][ T5146] usb 1-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00 [ 200.831101][ T9] usb 4-1: Product: syz [ 200.835453][ T5146] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 200.843785][ T9] usb 4-1: Manufacturer: syz [ 200.848590][ T9] usb 4-1: SerialNumber: syz [ 200.861193][ T7191] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 200.862149][ T9] usb 4-1: config 0 descriptor?? [ 200.876515][ T7191] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 200.925913][ T5146] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:179.65/input/input7 [ 201.001041][ T4531] input input7: unable to receive magic message: -110 [ 201.024498][ T4531] input input7: unable to receive magic message: -32 [ 201.032446][ T7182] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 201.093308][ T4531] input input7: unable to receive magic message: -32 [ 201.135909][ T4531] input input7: unable to receive magic message: -32 [ 201.137923][ T9] usb-storage 4-1:0.0: USB Mass Storage device detected [ 201.180616][ T5146] usb 1-1: USB disconnect, device number 9 [ 201.186509][ C0] xpad 1-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 201.186568][ C0] xpad 1-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 201.251885][ T5146] xpad 1-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 201.382136][ T9] usb 4-1: USB disconnect, device number 4 [ 201.434513][ T7116] bridge0: port 1(bridge_slave_0) entered blocking state [ 201.450089][ T7116] bridge0: port 1(bridge_slave_0) entered disabled state [ 201.458020][ T7116] bridge_slave_0: entered allmulticast mode [ 201.474638][ T7116] bridge_slave_0: entered promiscuous mode [ 201.487884][ T7116] bridge0: port 2(bridge_slave_1) entered blocking state [ 201.495453][ T7116] bridge0: port 2(bridge_slave_1) entered disabled state [ 201.515400][ T7116] bridge_slave_1: entered allmulticast mode [ 201.543874][ T7116] bridge_slave_1: entered promiscuous mode [ 201.630349][ T7116] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 201.644348][ T7116] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 201.719670][ T7116] team0: Port device team_slave_0 added [ 201.729555][ T7116] team0: Port device team_slave_1 added [ 201.781483][ T7116] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 201.788534][ T7116] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 201.819910][ T7116] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 201.849032][ T7116] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 201.873027][ T7116] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 201.923526][ T7116] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 202.363355][ T7230] loop4: detected capacity change from 0 to 164 [ 202.873237][ T54] Bluetooth: hci4: command tx timeout [ 202.895311][ T7116] hsr_slave_0: entered promiscuous mode [ 202.955553][ T7116] hsr_slave_1: entered promiscuous mode [ 203.015521][ T7116] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 203.054859][ T7116] Cannot create hsr debugfs directory [ 203.076879][ T7233] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 203.173332][ T7235] loop3: detected capacity change from 0 to 2048 [ 203.227909][ T29] audit: type=1800 audit(1719520714.724:90): pid=7239 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.673" name="bus" dev="sda1" ino=1979 res=0 errno=0 [ 203.572305][ T7251] loop3: detected capacity change from 0 to 64 [ 203.601337][ T7251] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 203.631268][ T7251] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 203.671585][ T7251] CIFS: Unable to determine destination address [ 203.700396][ T7251] sctp: [Deprecated]: syz.3.677 (pid 7251) Use of int in maxseg socket option. [ 203.700396][ T7251] Use struct sctp_assoc_value instead [ 204.407714][ T25] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 204.556002][ T7116] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 204.577307][ T7116] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 204.600850][ T7116] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 204.641167][ T25] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 204.652447][ T25] usb 1-1: config 27 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 204.678997][ T25] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 204.680808][ T7116] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 204.714920][ T25] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 204.750263][ T25] usb 1-1: invalid MIDI out EP 0 [ 204.807642][ T7282] netlink: 'syz.3.689': attribute type 21 has an invalid length. [ 204.823613][ T7282] netlink: 128 bytes leftover after parsing attributes in process `syz.3.689'. [ 204.858254][ T25] snd-usb-audio 1-1:27.0: probe with driver snd-usb-audio failed with error -22 [ 204.863534][ T7282] netlink: 'syz.3.689': attribute type 4 has an invalid length. [ 204.989939][ T7282] netlink: 'syz.3.689': attribute type 5 has an invalid length. [ 205.041536][ T5149] usb 1-1: USB disconnect, device number 10 [ 205.070580][ T7282] netlink: 3 bytes leftover after parsing attributes in process `syz.3.689'. [ 205.684678][ T7116] 8021q: adding VLAN 0 to HW filter on device bond0 [ 205.799930][ T7116] 8021q: adding VLAN 0 to HW filter on device team0 [ 205.904368][ T928] bridge0: port 1(bridge_slave_0) entered blocking state [ 205.911567][ T928] bridge0: port 1(bridge_slave_0) entered forwarding state [ 205.972876][ T928] bridge0: port 2(bridge_slave_1) entered blocking state [ 205.980033][ T928] bridge0: port 2(bridge_slave_1) entered forwarding state [ 206.827646][ T7116] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 207.018200][ T7116] veth0_vlan: entered promiscuous mode [ 207.060580][ T7116] veth1_vlan: entered promiscuous mode [ 207.198362][ T7116] veth0_macvtap: entered promiscuous mode [ 207.281679][ T7116] veth1_macvtap: entered promiscuous mode [ 207.315638][ T7307] loop3: detected capacity change from 0 to 4096 [ 207.367447][ T7307] ntfs3: loop3: Different NTFS sector size (2048) and media sector size (512). [ 207.392194][ T7116] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 207.422843][ T7116] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 207.444538][ T7307] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 207.449936][ T7116] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 207.473504][ T7116] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 207.492795][ T7116] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 207.513892][ T7116] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 207.540761][ T7116] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 207.571530][ T7116] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 207.624672][ T7116] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 207.660167][ T7116] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 207.672527][ T7116] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 207.707418][ T7116] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 207.725278][ T7116] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 207.739106][ T7116] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 207.763110][ T7116] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 207.780888][ T7116] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 207.802889][ T7116] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 207.824788][ T7116] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 207.891966][ T7116] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 207.900946][ T7116] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 207.909861][ T7116] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 207.919570][ T7116] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 207.997596][ T7311] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 208.021577][ T7311] vhci_hcd: USB_PORT_FEAT_BH_PORT_RESET req not supported for USB 2.0 roothub [ 208.109398][ T7309] loop0: detected capacity change from 0 to 32768 [ 208.158404][ T7309] XFS (loop0): Mounting V5 Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a [ 208.239461][ T7309] XFS (loop0): Ending clean mount [ 208.402786][ T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 208.410657][ T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 208.452070][ T6607] XFS (loop0): Unmounting Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a [ 208.680321][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 208.704840][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 208.757695][ T5098] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 208.772612][ T5098] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 208.786025][ T5098] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 208.795328][ T5098] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 208.824925][ T5098] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 208.832595][ T5098] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 208.957340][ T52] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 209.121420][ T52] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 209.233841][ T7324] loop2: detected capacity change from 0 to 40427 [ 209.242501][ T7324] F2FS-fs (loop2): Invalid Fs Meta Ino: node(1) meta(2) root(0) [ 209.256121][ T52] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 209.260470][ T7324] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 209.287287][ T7324] F2FS-fs (loop2): invalid crc value [ 209.318524][ T7324] F2FS-fs (loop2): Found nat_bits in checkpoint [ 209.368972][ T52] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 209.422926][ T7324] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 209.431272][ T7324] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 209.472214][ T7342] loop1: detected capacity change from 0 to 64 [ 209.507674][ T29] audit: type=1800 audit(1719520721.004:91): pid=7324 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.701" name=F22E4E90 dev="loop2" ino=14 res=0 errno=0 [ 209.554867][ T7342] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 209.580134][ T5092] syz-executor: attempt to access beyond end of device [ 209.580134][ T5092] loop2: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 209.597386][ T5092] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 209.606332][ T5092] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 209.643649][ T7339] CIFS: Unable to determine destination address [ 209.663083][ T7339] sctp: [Deprecated]: syz.1.706 (pid 7339) Use of int in maxseg socket option. [ 209.663083][ T7339] Use struct sctp_assoc_value instead [ 209.929253][ T52] bridge_slave_1: left allmulticast mode [ 209.943584][ T52] bridge_slave_1: left promiscuous mode [ 209.949491][ T52] bridge0: port 2(bridge_slave_1) entered disabled state [ 209.991290][ T52] bridge_slave_0: left allmulticast mode [ 210.006650][ T52] bridge_slave_0: left promiscuous mode [ 210.021285][ T52] bridge0: port 1(bridge_slave_0) entered disabled state [ 210.909689][ T52] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 210.918557][ T5098] Bluetooth: hci3: command tx timeout [ 210.948177][ T52] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 210.960445][ T52] bond0 (unregistering): Released all slaves [ 210.962364][ T29] audit: type=1326 audit(1719520722.454:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7353 comm="syz.1.709" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8000f75b29 code=0x7ffc0000 [ 210.989860][ T29] audit: type=1326 audit(1719520722.484:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7353 comm="syz.1.709" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8000f75b29 code=0x7ffc0000 [ 211.016240][ T29] audit: type=1326 audit(1719520722.504:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7353 comm="syz.1.709" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8000f75b29 code=0x7ffc0000 [ 211.088688][ T29] audit: type=1326 audit(1719520722.544:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7353 comm="syz.1.709" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8000f75b29 code=0x7ffc0000 [ 211.120404][ T29] audit: type=1326 audit(1719520722.544:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7353 comm="syz.1.709" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8000f75b29 code=0x7ffc0000 [ 211.211247][ T7325] chnl_net:caif_netlink_parms(): no params data found [ 211.213568][ T29] audit: type=1326 audit(1719520722.554:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7353 comm="syz.1.709" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8000f75b29 code=0x7ffc0000 [ 211.273350][ T29] audit: type=1326 audit(1719520722.554:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7353 comm="syz.1.709" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8000f75b29 code=0x7ffc0000 [ 211.303230][ T29] audit: type=1326 audit(1719520722.554:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7353 comm="syz.1.709" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f8000f6cba7 code=0x7ffc0000 [ 211.367630][ T29] audit: type=1326 audit(1719520722.554:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7353 comm="syz.1.709" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f8000f11559 code=0x7ffc0000 [ 211.426821][ T7361] netlink: 4 bytes leftover after parsing attributes in process `syz.1.710'. [ 211.444056][ T7361] netlink: 'syz.1.710': attribute type 14 has an invalid length. [ 211.460918][ T7361] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 211.470331][ T7361] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 211.479531][ T7361] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 211.488503][ T7361] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 211.521717][ T7361] vxlan0: entered promiscuous mode [ 211.763104][ T7325] bridge0: port 1(bridge_slave_0) entered blocking state [ 211.770394][ T7325] bridge0: port 1(bridge_slave_0) entered disabled state [ 211.788036][ T7325] bridge_slave_0: entered allmulticast mode [ 211.804393][ T7325] bridge_slave_0: entered promiscuous mode [ 211.832495][ T7325] bridge0: port 2(bridge_slave_1) entered blocking state [ 211.850550][ T7325] bridge0: port 2(bridge_slave_1) entered disabled state [ 211.861795][ T7325] bridge_slave_1: entered allmulticast mode [ 211.875558][ T7325] bridge_slave_1: entered promiscuous mode [ 211.920830][ T7373] loop0: detected capacity change from 0 to 1024 [ 211.960811][ T7325] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 211.964942][ T7373] hfsplus: failed to load root directory [ 212.003785][ T52] hsr_slave_0: left promiscuous mode [ 212.010147][ T52] hsr_slave_1: left promiscuous mode [ 212.044887][ T52] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 212.060310][ T52] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 212.069982][ T52] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 212.085131][ T52] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 212.087374][ T7373] loop0: detected capacity change from 0 to 64 [ 212.131266][ T52] veth1_macvtap: left promiscuous mode [ 212.149840][ T52] veth0_macvtap: left promiscuous mode [ 212.162638][ T52] veth1_vlan: left promiscuous mode [ 212.170730][ T52] veth0_vlan: left promiscuous mode [ 212.225584][ T7364] loop2: detected capacity change from 0 to 32768 [ 212.267320][ T7375] loop1: detected capacity change from 0 to 4096 [ 212.287124][ T7364] XFS (loop2): Mounting V5 Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a [ 212.351099][ T7375] Process accounting resumed [ 212.436152][ T7364] XFS (loop2): Ending clean mount [ 212.618165][ T5092] XFS (loop2): Unmounting Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a [ 213.003194][ T5098] Bluetooth: hci3: command tx timeout [ 213.804839][ T52] team0 (unregistering): Port device team_slave_1 removed [ 213.889966][ T52] team0 (unregistering): Port device team_slave_0 removed [ 214.417382][ T54] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 214.453605][ T54] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 214.489239][ T54] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 214.516590][ T54] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 214.533223][ T54] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 214.563288][ T54] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 214.633515][ T7412] loop1: detected capacity change from 0 to 512 [ 214.662866][ T7412] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 214.707293][ T7412] EXT4-fs (loop1): 1 truncate cleaned up [ 214.735707][ T7412] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 214.868939][ T7116] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 215.073510][ T5098] Bluetooth: hci3: command tx timeout [ 215.244256][ T7325] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 215.506023][ T7325] team0: Port device team_slave_0 added [ 215.548368][ T7325] team0: Port device team_slave_1 added [ 215.681263][ T7325] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 215.708570][ T7325] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 215.782618][ T7325] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 215.819231][ T7325] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 215.834216][ T7325] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 215.866368][ T7325] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 216.346086][ T7325] hsr_slave_0: entered promiscuous mode [ 216.375519][ T7325] hsr_slave_1: entered promiscuous mode [ 216.413109][ T7422] syz.0.731 (7422) used greatest stack depth: 17488 bytes left [ 216.498205][ T7421] loop1: detected capacity change from 0 to 32768 [ 216.507389][ T7410] loop2: detected capacity change from 0 to 32768 [ 216.554354][ T7410] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 216.593180][ T5098] Bluetooth: hci5: command tx timeout [ 216.662561][ T7421] XFS (loop1): Mounting V5 Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a [ 216.810189][ T7421] XFS (loop1): Ending clean mount [ 216.897602][ T7410] XFS (loop2): Ending clean mount [ 216.943500][ T7410] XFS (loop2): Quotacheck needed: Please wait. [ 217.019370][ T7410] XFS (loop2): Quotacheck: Done. [ 217.104803][ T7116] XFS (loop1): Unmounting Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a [ 217.153321][ T5098] Bluetooth: hci3: command tx timeout [ 217.389066][ T7405] chnl_net:caif_netlink_parms(): no params data found [ 217.779637][ T7405] bridge0: port 1(bridge_slave_0) entered blocking state [ 217.787075][ T7405] bridge0: port 1(bridge_slave_0) entered disabled state [ 217.796558][ T7405] bridge_slave_0: entered allmulticast mode [ 217.804684][ T7405] bridge_slave_0: entered promiscuous mode [ 217.822949][ T7405] bridge0: port 2(bridge_slave_1) entered blocking state [ 217.830332][ T7405] bridge0: port 2(bridge_slave_1) entered disabled state [ 217.840392][ T7405] bridge_slave_1: entered allmulticast mode [ 217.848181][ T7405] bridge_slave_1: entered promiscuous mode [ 217.887272][ T7405] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 217.903197][ T7405] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 217.953136][ T5092] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 217.979415][ T7405] team0: Port device team_slave_0 added [ 218.019096][ T7405] team0: Port device team_slave_1 added [ 218.123446][ T52] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 218.313412][ T52] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 218.330623][ T7405] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 218.338138][ T7405] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 218.365828][ T7405] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 218.380790][ T7405] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 218.420371][ T7405] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 218.472940][ T7405] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 218.560622][ T52] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 218.676654][ T5098] Bluetooth: hci5: command tx timeout [ 218.729797][ T52] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 218.796076][ T54] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 218.807602][ T54] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 218.817743][ T54] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 218.827387][ T54] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 218.836061][ T54] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 218.895835][ T54] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 218.979292][ T7405] hsr_slave_0: entered promiscuous mode [ 218.986358][ T7405] hsr_slave_1: entered promiscuous mode [ 218.994151][ T7405] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 219.001883][ T7405] Cannot create hsr debugfs directory [ 219.068409][ T7325] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 219.093518][ T7325] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 219.325314][ T7325] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 219.560671][ T7325] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 220.752990][ T54] Bluetooth: hci5: command tx timeout [ 220.914661][ T54] Bluetooth: hci1: command tx timeout [ 221.015253][ T7405] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 221.053405][ T52] bridge_slave_1: left allmulticast mode [ 221.059109][ T52] bridge_slave_1: left promiscuous mode [ 221.072985][ T52] bridge0: port 2(bridge_slave_1) entered disabled state [ 221.104976][ T52] bridge_slave_0: left allmulticast mode [ 221.110701][ T52] bridge_slave_0: left promiscuous mode [ 221.134356][ T7480] loop1: detected capacity change from 0 to 256 [ 221.139754][ T52] bridge0: port 1(bridge_slave_0) entered disabled state [ 221.181514][ T7480] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d) [ 221.611341][ T7478] loop0: detected capacity change from 0 to 32768 [ 221.621346][ T7478] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.742 (7478) [ 221.640649][ T7478] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 221.653381][ T7478] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 221.662071][ T7478] BTRFS info (device loop0): using free-space-tree [ 221.787964][ T52] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 221.801674][ T52] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 221.814535][ T52] bond0 (unregistering): Released all slaves [ 221.822162][ T6607] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 222.023451][ T7405] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 222.280436][ T7405] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 222.401399][ T54] Bluetooth: hci0: command tx timeout [ 222.599713][ T7405] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 222.854431][ T54] Bluetooth: hci5: command tx timeout [ 222.995437][ T54] Bluetooth: hci1: command tx timeout [ 223.776014][ T54] Bluetooth: hci0: Ignoring HCI_Sync_Conn_Complete event for existing connection [ 224.003621][ T52] dummy0: left promiscuous mode [ 224.071779][ T52] batadv_slave_0: left promiscuous mode [ 224.244773][ T52] hsr_slave_0: left promiscuous mode [ 224.263142][ T52] hsr_slave_1: left promiscuous mode [ 224.295118][ T52] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 224.332911][ T52] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 224.340259][ T7521] 9pnet: p9_errstr2errno: server reported unknown error œæçæÿÎsŧ‘̼§6µ‡ [ 224.351266][ T52] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 224.359576][ T52] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 224.405447][ T52] veth1_macvtap: left promiscuous mode [ 224.411263][ T52] veth0_macvtap: left promiscuous mode [ 224.418204][ T52] veth1_vlan: left promiscuous mode [ 224.425142][ T52] veth0_vlan: left promiscuous mode [ 224.784997][ T7529] loop0: detected capacity change from 0 to 8 [ 225.073120][ T54] Bluetooth: hci1: command tx timeout [ 225.872916][ T54] Bluetooth: hci0: command tx timeout [ 225.938616][ T52] team0 (unregistering): Port device team_slave_1 removed [ 225.946977][ T5145] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 226.014695][ T52] team0 (unregistering): Port device team_slave_0 removed [ 226.158288][ T5145] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 226.180710][ T5145] usb 1-1: config 27 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 226.208198][ T5145] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 226.220746][ T5145] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 226.266681][ T5145] usb 1-1: invalid MIDI out EP 0 [ 226.349559][ T5145] snd-usb-audio 1-1:27.0: probe with driver snd-usb-audio failed with error -22 [ 226.534671][ T5147] usb 1-1: USB disconnect, device number 11 [ 226.909004][ T7537] loop1: detected capacity change from 0 to 256 [ 226.944808][ T7537] FAT-fs (loop1): Directory bread(block 64) failed [ 226.954850][ T7537] FAT-fs (loop1): Directory bread(block 65) failed [ 226.961672][ T7537] FAT-fs (loop1): Directory bread(block 66) failed [ 226.973897][ T7537] FAT-fs (loop1): Directory bread(block 67) failed [ 226.999123][ T7537] FAT-fs (loop1): Directory bread(block 68) failed [ 227.018980][ T7537] FAT-fs (loop1): Directory bread(block 69) failed [ 227.034736][ T7537] FAT-fs (loop1): Directory bread(block 70) failed [ 227.041393][ T7537] FAT-fs (loop1): Directory bread(block 71) failed [ 227.049242][ T7537] FAT-fs (loop1): Directory bread(block 72) failed [ 227.055963][ T7537] FAT-fs (loop1): Directory bread(block 73) failed [ 227.078197][ T7405] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 227.139484][ T7461] chnl_net:caif_netlink_parms(): no params data found [ 227.150795][ T4138] kworker/u8:10: attempt to access beyond end of device [ 227.150795][ T4138] loop1: rw=1, sector=1224, nr_sectors = 4 limit=256 [ 227.164994][ T54] Bluetooth: hci1: command tx timeout [ 227.172115][ T7405] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 227.172412][ T4138] Buffer I/O error on dev loop1, logical block 306, lost async page write [ 227.209521][ T7539] syz.1.755: attempt to access beyond end of device [ 227.209521][ T7539] loop1: rw=1, sector=1224, nr_sectors = 4 limit=256 [ 227.239177][ T7405] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 227.242819][ T7539] Buffer I/O error on dev loop1, logical block 306, lost async page write [ 227.348225][ T7405] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 227.415111][ T4138] kworker/u8:10: attempt to access beyond end of device [ 227.415111][ T4138] loop1: rw=2049, sector=1224, nr_sectors = 4 limit=256 [ 227.443972][ T4138] Buffer I/O error on dev loop1, logical block 306, lost async page write [ 227.490776][ T7325] 8021q: adding VLAN 0 to HW filter on device bond0 [ 227.577614][ T7461] bridge0: port 1(bridge_slave_0) entered blocking state [ 227.585046][ T7461] bridge0: port 1(bridge_slave_0) entered disabled state [ 227.592265][ T7461] bridge_slave_0: entered allmulticast mode [ 227.601225][ T7461] bridge_slave_0: entered promiscuous mode [ 227.656812][ T7461] bridge0: port 2(bridge_slave_1) entered blocking state [ 227.666837][ T7461] bridge0: port 2(bridge_slave_1) entered disabled state [ 227.682957][ T7461] bridge_slave_1: entered allmulticast mode [ 227.696996][ T7461] bridge_slave_1: entered promiscuous mode [ 227.778043][ T7325] 8021q: adding VLAN 0 to HW filter on device team0 [ 227.872340][ T7461] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 227.937394][ T7461] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 227.964400][ T4871] bridge0: port 1(bridge_slave_0) entered blocking state [ 227.971682][ T4871] bridge0: port 1(bridge_slave_0) entered forwarding state [ 228.069775][ T5146] bridge0: port 2(bridge_slave_1) entered blocking state [ 228.077027][ T5146] bridge0: port 2(bridge_slave_1) entered forwarding state [ 228.120489][ T7461] team0: Port device team_slave_0 added [ 228.182520][ T7461] team0: Port device team_slave_1 added [ 228.355919][ T29] kauditd_printk_skb: 33 callbacks suppressed [ 228.356085][ T29] audit: type=1326 audit(1719520739.844:134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7565 comm="syz.1.765" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8000f75b29 code=0x7ffc0000 [ 228.417961][ T7461] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 228.419972][ T29] audit: type=1326 audit(1719520739.844:135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7565 comm="syz.1.765" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8000f75b29 code=0x7ffc0000 [ 228.425362][ T7461] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 228.492176][ T7461] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 228.532889][ T29] audit: type=1326 audit(1719520739.864:136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7565 comm="syz.1.765" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8000f75b29 code=0x7ffc0000 [ 228.569866][ T7461] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 228.580344][ T7461] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 228.616436][ T7461] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 228.730506][ T29] audit: type=1326 audit(1719520739.864:137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7565 comm="syz.1.765" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8000f75b29 code=0x7ffc0000 [ 228.771405][ T7568] loop1: detected capacity change from 0 to 256 [ 228.800611][ T29] audit: type=1326 audit(1719520739.864:138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7565 comm="syz.1.765" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8000f75b29 code=0x7ffc0000 [ 228.827481][ T29] audit: type=1326 audit(1719520739.864:139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7565 comm="syz.1.765" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8000f75b29 code=0x7ffc0000 [ 228.879448][ T29] audit: type=1326 audit(1719520739.914:140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7565 comm="syz.1.765" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8000f75b29 code=0x7ffc0000 [ 228.941240][ T7568] FAT-fs (loop1): Directory bread(block 64) failed [ 228.959441][ T29] audit: type=1326 audit(1719520739.964:141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7565 comm="syz.1.765" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f8000f6cba7 code=0x7ffc0000 [ 228.971269][ T7568] FAT-fs (loop1): Directory bread(block 65) failed [ 228.982776][ T29] audit: type=1326 audit(1719520739.964:142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7565 comm="syz.1.765" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f8000f11559 code=0x7ffc0000 [ 229.011836][ T7568] FAT-fs (loop1): Directory bread(block 66) failed [ 229.031964][ T7568] FAT-fs (loop1): Directory bread(block 67) failed [ 229.053023][ T7568] FAT-fs (loop1): Directory bread(block 68) failed [ 229.068371][ T7461] hsr_slave_0: entered promiscuous mode [ 229.069938][ T29] audit: type=1326 audit(1719520739.964:143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7565 comm="syz.1.765" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f8000f6cba7 code=0x7ffc0000 [ 229.097010][ T7461] hsr_slave_1: entered promiscuous mode [ 229.112884][ T7568] FAT-fs (loop1): Directory bread(block 69) failed [ 229.129408][ T7568] FAT-fs (loop1): Directory bread(block 70) failed [ 229.136139][ T7461] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 229.143813][ T7461] Cannot create hsr debugfs directory [ 229.152558][ T7568] FAT-fs (loop1): Directory bread(block 71) failed [ 229.162955][ T7568] FAT-fs (loop1): Directory bread(block 72) failed [ 229.185541][ T7568] FAT-fs (loop1): Directory bread(block 73) failed [ 229.277802][ T52] kworker/u8:3: attempt to access beyond end of device [ 229.277802][ T52] loop1: rw=1, sector=1224, nr_sectors = 4 limit=256 [ 229.301474][ T7325] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 229.324872][ T52] Buffer I/O error on dev loop1, logical block 306, lost async page write [ 229.355254][ T7570] syz.1.766: attempt to access beyond end of device [ 229.355254][ T7570] loop1: rw=1, sector=1224, nr_sectors = 4 limit=256 [ 229.380205][ T7570] Buffer I/O error on dev loop1, logical block 306, lost async page write [ 229.448080][ T52] kworker/u8:3: attempt to access beyond end of device [ 229.448080][ T52] loop1: rw=1, sector=1224, nr_sectors = 4 limit=256 [ 229.462162][ T52] Buffer I/O error on dev loop1, logical block 306, lost async page write [ 229.629280][ T7405] 8021q: adding VLAN 0 to HW filter on device bond0 [ 229.969642][ T7325] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 230.185907][ T7405] 8021q: adding VLAN 0 to HW filter on device team0 [ 230.263292][ T7584] syz.0.769 (pid 7584) is setting deprecated v1 encryption policy; recommend upgrading to v2. [ 230.506803][ T7325] veth0_vlan: entered promiscuous mode [ 230.959002][ T5146] bridge0: port 1(bridge_slave_0) entered blocking state [ 230.966189][ T5146] bridge0: port 1(bridge_slave_0) entered forwarding state [ 230.991096][ T7325] veth1_vlan: entered promiscuous mode [ 231.040532][ T5147] bridge0: port 2(bridge_slave_1) entered blocking state [ 231.047783][ T5147] bridge0: port 2(bridge_slave_1) entered forwarding state [ 231.190043][ T7325] veth0_macvtap: entered promiscuous mode [ 231.246318][ T7325] veth1_macvtap: entered promiscuous mode [ 231.387845][ T7596] loop1: detected capacity change from 0 to 256 [ 231.449326][ T7596] FAT-fs (loop1): Directory bread(block 64) failed [ 231.455694][ T7461] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 231.462922][ T7596] FAT-fs (loop1): Directory bread(block 65) failed [ 231.463064][ T7596] FAT-fs (loop1): Directory bread(block 66) failed [ 231.463110][ T7596] FAT-fs (loop1): Directory bread(block 67) failed [ 231.463317][ T7596] FAT-fs (loop1): Directory bread(block 68) failed [ 231.499875][ T7596] FAT-fs (loop1): Directory bread(block 69) failed [ 231.506849][ T7596] FAT-fs (loop1): Directory bread(block 70) failed [ 231.514032][ T7596] FAT-fs (loop1): Directory bread(block 71) failed [ 231.521392][ T7596] FAT-fs (loop1): Directory bread(block 72) failed [ 231.528316][ T7596] FAT-fs (loop1): Directory bread(block 73) failed [ 231.535927][ T7461] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 231.555423][ T7325] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 231.566034][ T7325] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 231.582765][ T7325] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 231.593791][ T7325] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 231.603751][ T7325] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 231.621802][ T7325] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 231.640488][ T7325] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 231.648080][ T744] kworker/u8:5: attempt to access beyond end of device [ 231.648080][ T744] loop1: rw=1, sector=1224, nr_sectors = 4 limit=256 [ 231.680892][ T744] Buffer I/O error on dev loop1, logical block 306, lost async page write [ 231.693407][ T7461] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 231.700744][ T7598] syz.1.775: attempt to access beyond end of device [ 231.700744][ T7598] loop1: rw=1, sector=1224, nr_sectors = 4 limit=256 [ 231.715365][ T7461] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 231.723034][ T7598] Buffer I/O error on dev loop1, logical block 306, lost async page write [ 231.757242][ T7325] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 231.767979][ T7325] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 231.778044][ T7325] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 231.790091][ T7325] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 231.801382][ T7325] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 231.813280][ T7325] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 231.828044][ T744] kworker/u8:5: attempt to access beyond end of device [ 231.828044][ T744] loop1: rw=1, sector=1224, nr_sectors = 4 limit=256 [ 231.845961][ T7325] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 231.847953][ T744] Buffer I/O error on dev loop1, logical block 306, lost async page write [ 231.897937][ T7325] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 231.907052][ T7325] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 231.916518][ T7325] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 231.928621][ T7325] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 232.247609][ T744] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 232.276407][ T744] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 232.300307][ T7610] loop0: detected capacity change from 0 to 128 [ 232.324910][ T7608] syz.1.778[7608] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 232.325112][ T7608] syz.1.778[7608] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 232.369514][ T7608] hub 6-0:1.0: USB hub found [ 232.389951][ T744] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 232.392553][ T7608] hub 6-0:1.0: 1 port detected [ 232.407678][ T744] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 232.444470][ T7611] netlink: 24 bytes leftover after parsing attributes in process `syz.1.778'. [ 232.527058][ T7613] loop0: detected capacity change from 0 to 64 [ 232.646632][ T7405] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 232.765633][ T7461] 8021q: adding VLAN 0 to HW filter on device bond0 [ 232.795599][ T7623] netlink: 292 bytes leftover after parsing attributes in process `syz.1.783'. [ 232.906729][ T7461] 8021q: adding VLAN 0 to HW filter on device team0 [ 232.981092][ T5147] bridge0: port 1(bridge_slave_0) entered blocking state [ 232.988515][ T5147] bridge0: port 1(bridge_slave_0) entered forwarding state [ 233.005639][ T7629] loop1: detected capacity change from 0 to 256 [ 233.047063][ T7629] FAT-fs (loop1): Directory bread(block 64) failed [ 233.060160][ T7629] FAT-fs (loop1): Directory bread(block 65) failed [ 233.067281][ T7629] FAT-fs (loop1): Directory bread(block 66) failed [ 233.084890][ T7629] FAT-fs (loop1): Directory bread(block 67) failed [ 233.091910][ T7629] FAT-fs (loop1): Directory bread(block 68) failed [ 233.101445][ T7629] FAT-fs (loop1): Directory bread(block 69) failed [ 233.116377][ T7629] FAT-fs (loop1): Directory bread(block 70) failed [ 233.128027][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 233.135277][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 233.140638][ T7629] FAT-fs (loop1): Directory bread(block 71) failed [ 233.149291][ T7629] FAT-fs (loop1): Directory bread(block 72) failed [ 233.157406][ T7629] FAT-fs (loop1): Directory bread(block 73) failed [ 233.332545][ T3394] kworker/u8:9: attempt to access beyond end of device [ 233.332545][ T3394] loop1: rw=1, sector=1224, nr_sectors = 4 limit=256 [ 233.370547][ T3394] Buffer I/O error on dev loop1, logical block 306, lost async page write [ 233.377493][ T7635] loop0: detected capacity change from 0 to 128 [ 233.401300][ T3394] kworker/u8:9: attempt to access beyond end of device [ 233.401300][ T3394] loop1: rw=2049, sector=1224, nr_sectors = 4 limit=256 [ 233.445420][ T3394] Buffer I/O error on dev loop1, logical block 306, lost async page write [ 233.493180][ T7637] syz.1.784: attempt to access beyond end of device [ 233.493180][ T7637] loop1: rw=1, sector=1224, nr_sectors = 4 limit=256 [ 233.532737][ T7637] Buffer I/O error on dev loop1, logical block 306, lost async page write [ 233.640647][ T744] kworker/u8:5: attempt to access beyond end of device [ 233.640647][ T744] loop1: rw=1, sector=1224, nr_sectors = 4 limit=256 [ 233.689792][ T744] Buffer I/O error on dev loop1, logical block 306, lost async page write [ 233.729626][ T7618] loop3: detected capacity change from 0 to 32768 [ 233.738632][ T7405] veth0_vlan: entered promiscuous mode [ 233.754640][ T7618] XFS: attr2 mount option is deprecated. [ 233.780594][ T7405] veth1_vlan: entered promiscuous mode [ 233.851434][ T7618] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 233.897487][ T7657] loop0: detected capacity change from 0 to 64 [ 233.946661][ T7618] XFS (loop3): Ending clean mount [ 233.977479][ T7618] XFS (loop3): Quotacheck needed: Please wait. [ 234.049403][ T7618] XFS (loop3): Quotacheck: Done. [ 234.104997][ T7405] veth0_macvtap: entered promiscuous mode [ 234.150995][ T7405] veth1_macvtap: entered promiscuous mode [ 234.163072][ T7663] netlink: 292 bytes leftover after parsing attributes in process `syz.0.793'. [ 234.164027][ T7618] capability: warning: `syz.3.781' uses 32-bit capabilities (legacy support in use) [ 234.206592][ T7461] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 234.252563][ T7325] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 234.301679][ T7667] loop0: detected capacity change from 0 to 128 [ 234.361027][ T7405] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 234.372269][ T7405] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 234.384624][ T7405] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 234.395118][ T7405] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 234.419660][ T7405] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 234.430454][ T7405] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 234.441560][ T7405] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 234.452354][ T7405] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 234.488743][ T7405] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 234.607379][ T7405] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 234.640477][ T7405] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 234.662734][ T7405] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 234.681461][ T7405] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 234.702718][ T7405] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 234.722853][ T7405] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 234.734595][ T7405] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 234.752133][ T7405] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 234.783193][ T7405] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 234.830164][ T7405] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 234.848999][ T7405] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 234.862621][ T7405] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 234.877371][ T7405] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 235.081436][ T7687] netlink: 292 bytes leftover after parsing attributes in process `syz.0.805'. [ 235.125257][ T7461] veth0_vlan: entered promiscuous mode [ 235.229546][ T4138] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 235.248010][ T4138] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 235.248300][ T7461] veth1_vlan: entered promiscuous mode [ 235.417500][ T2811] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 235.435729][ T2811] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 235.447311][ T7692] netlink: 8 bytes leftover after parsing attributes in process `syz.0.807'. [ 235.568481][ T7461] veth0_macvtap: entered promiscuous mode [ 235.602552][ T7461] veth1_macvtap: entered promiscuous mode [ 235.770981][ T7461] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 235.789124][ T7461] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 235.799750][ T7461] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 235.825219][ T7461] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 235.845510][ T7461] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 235.867869][ T7461] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 235.880091][ T7461] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 235.890804][ T7461] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 235.914763][ T7461] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 235.936592][ T7461] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 235.951821][ T7461] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 236.058091][ T7461] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 236.098777][ T7461] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 236.150588][ T7461] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 236.165837][ T7461] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 236.176060][ T7461] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 236.534412][ T7461] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 236.825525][ T7461] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 236.871569][ T7461] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 236.915933][ T7461] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 236.945410][ T7461] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 236.979345][ T7461] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 237.022345][ T7461] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 237.037668][ T7461] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 237.055897][ T7461] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 237.069745][ T7461] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 237.546685][ T4138] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 237.572045][ T4138] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 237.896309][ T7726] Zero length message leads to an empty skb [ 238.789675][ T52] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 238.808638][ T52] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 238.968209][ T7734] Cannot find map_set index 0 as target [ 238.979886][ T7736] loop3: detected capacity change from 0 to 64 [ 239.173626][ T7740] xt_CT: You must specify a L4 protocol and not use inversions on it [ 239.607296][ T7745] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 239.631778][ T7745] vhci_hcd: USB_PORT_FEAT_BH_PORT_RESET req not supported for USB 2.0 roothub [ 239.996347][ T7758] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(4) [ 240.003257][ T7758] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 240.086517][ T7762] vhci_hcd: connection closed [ 240.099723][ T7758] vhci_hcd vhci_hcd.0: Device attached [ 240.134540][ T11] vhci_hcd: stop threads [ 240.154520][ T11] vhci_hcd: release socket [ 240.162128][ T7769] loop0: detected capacity change from 0 to 64 [ 240.163917][ T11] vhci_hcd: disconnect device [ 240.357115][ T7772] loop2: detected capacity change from 0 to 256 [ 240.379156][ T7776] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 240.395849][ T7776] vhci_hcd: USB_PORT_FEAT_BH_PORT_RESET req not supported for USB 2.0 roothub [ 240.414155][ T7772] FAT-fs (loop2): Directory bread(block 64) failed [ 240.422138][ T7772] FAT-fs (loop2): Directory bread(block 65) failed [ 240.437073][ T7772] FAT-fs (loop2): Directory bread(block 66) failed [ 240.445004][ T7772] FAT-fs (loop2): Directory bread(block 67) failed [ 240.452076][ T7772] FAT-fs (loop2): Directory bread(block 68) failed [ 240.459416][ T7772] FAT-fs (loop2): Directory bread(block 69) failed [ 240.466285][ T7772] FAT-fs (loop2): Directory bread(block 70) failed [ 240.473125][ T7772] FAT-fs (loop2): Directory bread(block 71) failed [ 240.479842][ T7772] FAT-fs (loop2): Directory bread(block 72) failed [ 240.487198][ T7772] FAT-fs (loop2): Directory bread(block 73) failed [ 240.664424][ T4138] kworker/u8:10: attempt to access beyond end of device [ 240.664424][ T4138] loop2: rw=1, sector=1224, nr_sectors = 4 limit=256 [ 240.688841][ T4138] Buffer I/O error on dev loop2, logical block 306, lost async page write [ 240.715289][ T7789] syz.2.836: attempt to access beyond end of device [ 240.715289][ T7789] loop2: rw=1, sector=1224, nr_sectors = 4 limit=256 [ 240.756355][ T7789] Buffer I/O error on dev loop2, logical block 306, lost async page write [ 240.830231][ T7794] netlink: 'syz.3.847': attribute type 1 has an invalid length. [ 240.842496][ T3394] kworker/u8:9: attempt to access beyond end of device [ 240.842496][ T3394] loop2: rw=1, sector=1224, nr_sectors = 4 limit=256 [ 240.855029][ T7794] netlink: 244 bytes leftover after parsing attributes in process `syz.3.847'. [ 240.884061][ T3394] Buffer I/O error on dev loop2, logical block 306, lost async page write [ 241.140710][ T7792] syzkaller0: entered promiscuous mode [ 241.169957][ T7792] syzkaller0: entered allmulticast mode [ 241.354465][ T7817] loop3: detected capacity change from 0 to 16 [ 241.411424][ T7817] MTD: Attempt to mount non-MTD device "/dev/loop3" [ 241.595321][ T5145] hid-generic 0000:0000:0000.0002: hidraw0: HID v0.00 Device [syz0] on syz1 [ 241.685855][ T7823] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(4) [ 241.692421][ T7823] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 241.705093][ T7823] vhci_hcd vhci_hcd.0: Device attached [ 241.754678][ T7825] vhci_hcd: connection closed [ 241.785360][ T52] vhci_hcd: stop threads [ 241.810573][ T52] vhci_hcd: release socket [ 241.815208][ T52] vhci_hcd: disconnect device [ 241.985990][ T7830] loop2: detected capacity change from 0 to 1024 [ 242.000133][ T7830] hfsplus: unable to parse mount options [ 242.139422][ T29] kauditd_printk_skb: 45 callbacks suppressed [ 242.139443][ T29] audit: type=1800 audit(1719520753.634:189): pid=7833 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.859" name="bus" dev="sda1" ino=1976 res=0 errno=0 [ 242.220615][ T7835] syz.1.861[7835] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 242.220754][ T7835] syz.1.861[7835] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 242.361975][ T7837] loop2: detected capacity change from 0 to 256 [ 242.388778][ T7835] hub 6-0:1.0: USB hub found [ 242.402450][ T7835] hub 6-0:1.0: 1 port detected [ 245.959183][ T54] Bluetooth: hci5: command tx timeout [ 246.417628][ T7889] process 'syz.4.879' launched './file0' with NULL argv: empty string added [ 246.620348][ T7894] loop4: detected capacity change from 0 to 16 [ 246.641001][ T7894] MTD: Attempt to mount non-MTD device "/dev/loop4" [ 246.682141][ T5145] hid-generic 0000:0000:0000.0003: hidraw0: HID v0.00 Device [syz0] on syz1 [ 246.912691][ C1] DEBUG: holding rtnl_mutex for 566 jiffies. [ 246.924426][ C1] task:syz.0.845 state:R running task stack:24672 pid:7790 tgid:7790 ppid:6607 flags:0x00004006 [ 246.936253][ C1] Call Trace: [ 246.939532][ C1] [ 246.942462][ C1] __schedule+0x17e8/0x4a20 [ 246.947052][ C1] ? __pfx___schedule+0x10/0x10 [ 246.951925][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 246.958156][ C1] ? kasan_save_track+0x51/0x80 [ 246.963167][ C1] ? preempt_schedule_irq+0xf0/0x1c0 [ 246.968581][ C1] preempt_schedule_irq+0xfb/0x1c0 [ 246.973728][ C1] ? __pfx_preempt_schedule_irq+0x10/0x10 [ 246.979479][ C1] ? kvm_kick_cpu+0x26/0xb0 [ 246.984114][ C1] irqentry_exit+0x5e/0x90 [ 246.988543][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 246.994798][ C1] RIP: 0010:lockdep_unregister_key+0x56d/0x610 [ 247.001008][ C1] Code: ff 92 48 c7 c6 90 b6 6f 81 e8 7f 04 0a 00 e8 ea 18 0a 00 e9 e5 fb ff ff e8 00 18 20 0a 41 f7 c7 00 02 00 00 74 d0 fb 45 84 f6 <75> cf eb e0 90 0f 0b 90 45 31 f6 e9 62 ff ff ff 90 0f 0b 90 e9 a1 [ 247.020778][ C1] RSP: 0018:ffffc900030bf8e0 EFLAGS: 00000246 [ 247.026897][ C1] RAX: dffffc0000000000 RBX: 1ffff92000617f24 RCX: ffffffff947eb803 [ 247.034918][ C1] RDX: 0000000000000001 RSI: ffffffff8bcad5e0 RDI: ffffffff8c206fe0 [ 247.042918][ C1] RBP: ffffc900030bf9b8 R08: ffffffff92ff57cf R09: 1ffffffff25feaf9 [ 247.050899][ C1] R10: dffffc0000000000 R11: fffffbfff25feafa R12: ffffc900030bf920 [ 247.059020][ C1] R13: 1ffff92000617f20 R14: 0000000000000000 R15: 0000000000000a06 [ 247.067051][ C1] ? __pfx_lockdep_unregister_key+0x10/0x10 [ 247.072988][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 247.078220][ C1] ? __qdisc_destroy+0x150/0x410 [ 247.083215][ C1] ? kfree+0x149/0x360 [ 247.087311][ C1] ? __pfx_pfifo_fast_destroy+0x10/0x10 [ 247.092915][ C1] __qdisc_destroy+0x165/0x410 [ 247.097690][ C1] dev_shutdown+0x9b/0x440 [ 247.102135][ C1] unregister_netdevice_many_notify+0x977/0x16b0 [ 247.108526][ C1] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 247.115335][ C1] ? __asan_memset+0x23/0x50 [ 247.119928][ C1] ? skb_queue_purge_reason+0x2de/0x500 [ 247.125534][ C1] ? do_raw_spin_unlock+0x13c/0x8b0 [ 247.130763][ C1] unregister_netdevice_queue+0x303/0x370 [ 247.136573][ C1] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 247.142879][ C1] __tun_detach+0x6b6/0x1600 [ 247.147525][ C1] tun_chr_close+0x108/0x1b0 [ 247.152224][ C1] ? __pfx_tun_chr_close+0x10/0x10 [ 247.157384][ C1] __fput+0x24a/0x8a0 [ 247.161386][ C1] task_work_run+0x24f/0x310 [ 247.166015][ C1] ? __pfx_task_work_run+0x10/0x10 [ 247.171137][ C1] ? syscall_exit_to_user_mode+0xa3/0x370 [ 247.176905][ C1] syscall_exit_to_user_mode+0x168/0x370 [ 247.182558][ C1] do_syscall_64+0x100/0x230 [ 247.187183][ C1] ? clear_bhb_loop+0x35/0x90 [ 247.191868][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 247.197795][ C1] RIP: 0033:0x7fa487575b29 [ 247.202320][ C1] RSP: 002b:00007ffed6c83078 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 247.210770][ C1] RAX: 0000000000000000 RBX: 00007fa4877059a0 RCX: 00007fa487575b29 [ 247.218776][ C1] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 247.226789][ C1] RBP: 00007fa4877059a0 R08: 0000000000000008 R09: 00000017d6c8338f [ 247.234798][ C1] R10: 00000000005cf77c R11: 0000000000000246 R12: 000000000003afcb [ 247.242796][ C1] R13: 0000000000000032 R14: 00007fa4877059a0 R15: 00007fa487704070 [ 247.250795][ C1] [ 247.253853][ C1] DEBUG: waiting rtnl_mutex for 593 jiffies. [ 247.259916][ C1] task:kworker/u8:9 state:D stack:20888 pid:3394 tgid:3394 ppid:2 flags:0x00004000 [ 247.270106][ C1] Workqueue: ipv6_addrconf addrconf_dad_work [ 247.276244][ C1] Call Trace: [ 247.279537][ C1] [ 247.282486][ C1] __schedule+0x17e8/0x4a20 [ 247.287068][ C1] ? __pfx___schedule+0x10/0x10 [ 247.291952][ C1] ? __pfx_lock_release+0x10/0x10 [ 247.297012][ C1] ? __mutex_trylock_common+0x92/0x2e0 [ 247.302514][ C1] ? kthread_data+0x52/0xd0 [ 247.307047][ C1] ? schedule+0x90/0x320 [ 247.311294][ C1] ? wq_worker_sleeping+0x66/0x240 [ 247.316438][ C1] ? schedule+0x90/0x320 [ 247.320685][ C1] schedule+0x14b/0x320 [ 247.324957][ C1] schedule_preempt_disabled+0x13/0x30 [ 247.330416][ C1] __mutex_lock+0x6a4/0xd70 [ 247.334948][ C1] ? mark_lock+0x9a/0x360 [ 247.339288][ C1] ? __mutex_lock+0x527/0xd70 [ 247.343997][ C1] ? addrconf_dad_work+0xd0/0x16f0 [ 247.349118][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 247.354181][ C1] ? rtnl_lock+0xe7/0x130 [ 247.358518][ C1] addrconf_dad_work+0xd0/0x16f0 [ 247.363493][ C1] ? __pfx_addrconf_dad_work+0x10/0x10 [ 247.368958][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 247.375339][ C1] ? process_scheduled_works+0x945/0x1830 [ 247.381148][ C1] process_scheduled_works+0xa2c/0x1830 [ 247.386785][ C1] ? __pfx_process_scheduled_works+0x10/0x10 [ 247.392831][ C1] ? assign_work+0x364/0x3d0 [ 247.397618][ C1] worker_thread+0x86d/0xd40 [ 247.402222][ C1] ? __kthread_parkme+0x169/0x1d0 [ 247.407293][ C1] ? __pfx_worker_thread+0x10/0x10 [ 247.412408][ C1] kthread+0x2f0/0x390 [ 247.416538][ C1] ? __pfx_worker_thread+0x10/0x10 [ 247.421659][ C1] ? __pfx_kthread+0x10/0x10 [ 247.426282][ C1] ret_from_fork+0x4b/0x80 [ 247.430707][ C1] ? __pfx_kthread+0x10/0x10 [ 247.435329][ C1] ret_from_fork_asm+0x1a/0x30 [ 247.440135][ C1] [ 247.443197][ C1] DEBUG: waiting rtnl_mutex for 537 jiffies. [ 247.449180][ C1] task:syz.2.859 state:D stack:25216 pid:7830 tgid:7829 ppid:7461 flags:0x00000004 [ 247.459420][ C1] Call Trace: [ 247.462742][ C1] [ 247.465680][ C1] __schedule+0x17e8/0x4a20 [ 247.470204][ C1] ? __pfx___schedule+0x10/0x10 [ 247.475134][ C1] ? __pfx_lock_release+0x10/0x10 [ 247.480167][ C1] ? __mutex_trylock_common+0x92/0x2e0 [ 247.485754][ C1] ? schedule+0x90/0x320 [ 247.490007][ C1] schedule+0x14b/0x320 [ 247.494221][ C1] schedule_preempt_disabled+0x13/0x30 [ 247.499686][ C1] __mutex_lock+0x6a4/0xd70 [ 247.504227][ C1] ? __mutex_lock+0x527/0xd70 [ 247.508909][ C1] ? tun_chr_close+0x3e/0x1b0 [ 247.513615][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 247.518651][ C1] ? rtnl_lock+0xe7/0x130 [ 247.523007][ C1] tun_chr_close+0x3e/0x1b0 [ 247.527516][ C1] ? __pfx_tun_chr_close+0x10/0x10 [ 247.532692][ C1] __fput+0x24a/0x8a0 [ 247.536731][ C1] __x64_sys_close+0x7f/0x110 [ 247.541414][ C1] do_syscall_64+0xf3/0x230 [ 247.546043][ C1] ? clear_bhb_loop+0x35/0x90 [ 247.550740][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 247.556765][ C1] RIP: 0033:0x7f7cb9f75b29 [ 247.561262][ C1] RSP: 002b:00007f7cbadd0048 EFLAGS: 00000246 ORIG_RAX: 0000000000000003 [ 247.569709][ C1] RAX: ffffffffffffffda RBX: 00007f7cba103fa0 RCX: 00007f7cb9f75b29 [ 247.577791][ C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 247.585783][ C1] RBP: 00007f7cb9ff6756 R08: 0000000000000000 R09: 0000000000000000 [ 247.593805][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 247.601849][ C1] R13: 000000000000000b R14: 00007f7cba103fa0 R15: 00007ffc79542a48 [ 247.609994][ C1] [ 247.613070][ C1] DEBUG: waiting rtnl_mutex for 544 jiffies. [ 247.619057][ C1] task:syz.2.859 state:D stack:24400 pid:7833 tgid:7829 ppid:7461 flags:0x00000004 [ 247.629265][ C1] Call Trace: [ 247.632551][ C1] [ 247.635531][ C1] __schedule+0x17e8/0x4a20 [ 247.640068][ C1] ? __pfx___schedule+0x10/0x10 [ 247.644958][ C1] ? __pfx_lock_release+0x10/0x10 [ 247.650005][ C1] ? __mutex_trylock_common+0x92/0x2e0 [ 247.655523][ C1] ? schedule+0x90/0x320 [ 247.659779][ C1] schedule+0x14b/0x320 [ 247.663979][ C1] schedule_preempt_disabled+0x13/0x30 [ 247.669460][ C1] __mutex_lock+0x6a4/0xd70 [ 247.674017][ C1] ? __mutex_lock+0x527/0xd70 [ 247.678713][ C1] ? vlan_ioctl_handler+0x112/0x9d0 [ 247.683959][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 247.689023][ C1] ? rtnl_lock+0xe7/0x130 [ 247.693430][ C1] vlan_ioctl_handler+0x112/0x9d0 [ 247.698491][ C1] ? sock_ioctl+0x664/0x8e0 [ 247.703027][ C1] ? __pfx_vlan_ioctl_handler+0x10/0x10 [ 247.708583][ C1] ? __pfx_vlan_ioctl_handler+0x10/0x10 [ 247.714164][ C1] sock_ioctl+0x683/0x8e0 [ 247.718597][ C1] ? __pfx_sock_ioctl+0x10/0x10 [ 247.723499][ C1] ? __fget_files+0x29/0x470 [ 247.728106][ C1] ? __fget_files+0x3f6/0x470 [ 247.732864][ C1] ? __fget_files+0x29/0x470 [ 247.737464][ C1] ? bpf_lsm_file_ioctl+0x9/0x10 [ 247.742403][ C1] ? security_file_ioctl+0x87/0xb0 [ 247.747561][ C1] ? __pfx_sock_ioctl+0x10/0x10 [ 247.752435][ C1] __se_sys_ioctl+0xfc/0x170 [ 247.757099][ C1] do_syscall_64+0xf3/0x230 [ 247.761609][ C1] ? clear_bhb_loop+0x35/0x90 [ 247.766345][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 247.772249][ C1] RIP: 0033:0x7f7cb9f75b29 [ 247.776701][ C1] RSP: 002b:00007f7cbadaf048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 247.785150][ C1] RAX: ffffffffffffffda RBX: 00007f7cba104070 RCX: 00007f7cb9f75b29 [ 247.793148][ C1] RDX: 0000000020000180 RSI: 0000000000008982 RDI: 0000000000000005 [ 247.801206][ C1] RBP: 00007f7cb9ff6756 R08: 0000000000000000 R09: 0000000000000000 [ 247.809209][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 247.817228][ C1] R13: 000000000000006e R14: 00007f7cba104070 R15: 00007ffc79542a48 [ 247.825267][ C1] [ 247.828295][ C1] DEBUG: waiting rtnl_mutex for 539 jiffies. [ 247.834304][ C1] task:syz.1.861 state:D stack:23800 pid:7835 tgid:7834 ppid:7116 flags:0x00004004 [ 247.844521][ C1] Call Trace: [ 247.847801][ C1] [ 247.850736][ C1] __schedule+0x17e8/0x4a20 [ 247.855296][ C1] ? __pfx___schedule+0x10/0x10 [ 247.860180][ C1] ? __pfx_lock_release+0x10/0x10 [ 247.865240][ C1] ? __mutex_trylock_common+0x92/0x2e0 [ 247.870736][ C1] ? schedule+0x90/0x320 [ 247.875009][ C1] schedule+0x14b/0x320 [ 247.879170][ C1] schedule_preempt_disabled+0x13/0x30 [ 247.884655][ C1] __mutex_lock+0x6a4/0xd70 [ 247.889167][ C1] ? __mutex_lock+0x527/0xd70 [ 247.893900][ C1] ? rtnetlink_rcv_msg+0x839/0x1170 [ 247.899130][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 247.904199][ C1] ? rtnl_lock+0xe7/0x130 [ 247.908531][ C1] rtnetlink_rcv_msg+0x839/0x1170 [ 247.913598][ C1] ? rtnetlink_rcv_msg+0x208/0x1170 [ 247.919584][ C1] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 247.925071][ C1] ? __local_bh_enable_ip+0x168/0x200 [ 247.930459][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 247.935708][ C1] ? __local_bh_enable_ip+0x168/0x200 [ 247.941095][ C1] ? dev_hard_start_xmit+0x773/0x7e0 [ 247.946405][ C1] ? __dev_queue_xmit+0x2da/0x3e90 [ 247.951539][ C1] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 247.957330][ C1] ? __dev_queue_xmit+0x2da/0x3e90 [ 247.962475][ C1] ? __dev_queue_xmit+0x1763/0x3e90 [ 247.967726][ C1] ? kasan_save_track+0x51/0x80 [ 247.972588][ C1] ? do_syscall_64+0xf3/0x230 [ 247.977301][ C1] ? __dev_queue_xmit+0x2da/0x3e90 [ 247.982458][ C1] ? __pfx___dev_queue_xmit+0x10/0x10 [ 247.987980][ C1] ? ref_tracker_free+0x643/0x7e0 [ 247.993048][ C1] netlink_rcv_skb+0x1e3/0x430 [ 247.997832][ C1] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 248.003361][ C1] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 248.008689][ C1] ? netlink_deliver_tap+0x2e/0x1b0 [ 248.013942][ C1] netlink_unicast+0x7f0/0x990 [ 248.018731][ C1] ? __pfx_netlink_unicast+0x10/0x10 [ 248.024044][ C1] ? __virt_addr_valid+0x183/0x530 [ 248.029180][ C1] ? __check_object_size+0x49c/0x900 [ 248.034494][ C1] ? bpf_lsm_netlink_send+0x9/0x10 [ 248.039629][ C1] netlink_sendmsg+0x8e4/0xcb0 [ 248.044445][ C1] ? __pfx_netlink_sendmsg+0x10/0x10 [ 248.049735][ C1] ? __import_iovec+0x536/0x820 [ 248.054607][ C1] ? aa_sock_msg_perm+0x91/0x160 [ 248.059556][ C1] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 248.064871][ C1] ? security_socket_sendmsg+0x87/0xb0 [ 248.070343][ C1] ? __pfx_netlink_sendmsg+0x10/0x10 [ 248.075656][ C1] __sock_sendmsg+0x221/0x270 [ 248.080340][ C1] ____sys_sendmsg+0x525/0x7d0 [ 248.085142][ C1] ? __pfx_____sys_sendmsg+0x10/0x10 [ 248.090447][ C1] __sys_sendmsg+0x2b0/0x3a0 [ 248.095112][ C1] ? __pfx___sys_sendmsg+0x10/0x10 [ 248.100790][ C1] ? bpf_trace_run2+0x1fc/0x540 [ 248.105684][ C1] ? bpf_trace_run2+0x36e/0x540 [ 248.110645][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 248.117009][ C1] ? rcu_is_watching+0x15/0xb0 [ 248.121804][ C1] ? trace_sys_enter+0x1f/0xd0 [ 248.126621][ C1] do_syscall_64+0xf3/0x230 [ 248.131134][ C1] ? clear_bhb_loop+0x35/0x90 [ 248.135876][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 248.141774][ C1] RIP: 0033:0x7f8000f75b29 [ 248.146218][ C1] RSP: 002b:00007f8001e27048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 248.154685][ C1] RAX: ffffffffffffffda RBX: 00007f8001103fa0 RCX: 00007f8000f75b29 [ 248.162725][ C1] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 000000000000000d [ 248.170713][ C1] RBP: 00007f8000ff6756 R08: 0000000000000000 R09: 0000000000000000 [ 248.178776][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 248.186807][ C1] R13: 000000000000000b R14: 00007f8001103fa0 R15: 00007ffca2aa99e8 [ 248.194846][ C1] [ 248.197867][ C1] DEBUG: waiting rtnl_mutex for 567 jiffies. [ 248.203889][ C1] task:syz.1.861 state:D stack:26800 pid:7840 tgid:7834 ppid:7116 flags:0x00004004 [ 248.214125][ C1] Call Trace: [ 248.217414][ C1] [ 248.220344][ C1] __schedule+0x17e8/0x4a20 [ 248.224910][ C1] ? __pfx___schedule+0x10/0x10 [ 248.229773][ C1] ? __pfx_lock_release+0x10/0x10 [ 248.234857][ C1] ? __mutex_trylock_common+0x92/0x2e0 [ 248.240342][ C1] ? schedule+0x90/0x320 [ 248.244646][ C1] schedule+0x14b/0x320 [ 248.248827][ C1] schedule_preempt_disabled+0x13/0x30 [ 248.254319][ C1] __mutex_lock+0x6a4/0xd70 [ 248.258934][ C1] ? __mutex_lock+0x527/0xd70 [ 248.263641][ C1] ? rtnetlink_rcv_msg+0x839/0x1170 [ 248.268871][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 248.273953][ C1] ? rtnl_lock+0xe7/0x130 [ 248.278311][ C1] rtnetlink_rcv_msg+0x839/0x1170 [ 248.283379][ C1] ? rtnetlink_rcv_msg+0x208/0x1170 [ 248.288672][ C1] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 248.294184][ C1] ? __local_bh_enable_ip+0x168/0x200 [ 248.299558][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 248.304790][ C1] ? __local_bh_enable_ip+0x168/0x200 [ 248.310172][ C1] ? dev_hard_start_xmit+0x773/0x7e0 [ 248.315522][ C1] ? __dev_queue_xmit+0x2da/0x3e90 [ 248.320660][ C1] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 248.326435][ C1] ? __dev_queue_xmit+0x2da/0x3e90 [ 248.331559][ C1] ? __dev_queue_xmit+0x1763/0x3e90 [ 248.337313][ C1] ? kasan_save_track+0x51/0x80 [ 248.342264][ C1] ? do_syscall_64+0xf3/0x230 [ 248.346996][ C1] ? __dev_queue_xmit+0x2da/0x3e90 [ 248.352149][ C1] ? __pfx___dev_queue_xmit+0x10/0x10 [ 248.357577][ C1] ? ref_tracker_free+0x643/0x7e0 [ 248.362616][ C1] netlink_rcv_skb+0x1e3/0x430 [ 248.367461][ C1] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 248.372973][ C1] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 248.378293][ C1] ? netlink_deliver_tap+0x2e/0x1b0 [ 248.383529][ C1] netlink_unicast+0x7f0/0x990 [ 248.388298][ C1] ? __pfx_netlink_unicast+0x10/0x10 [ 248.393605][ C1] ? __virt_addr_valid+0x183/0x530 [ 248.398726][ C1] ? __check_object_size+0x49c/0x900 [ 248.404041][ C1] ? bpf_lsm_netlink_send+0x9/0x10 [ 248.409172][ C1] netlink_sendmsg+0x8e4/0xcb0 [ 248.414022][ C1] ? __pfx_netlink_sendmsg+0x10/0x10 [ 248.419321][ C1] ? __import_iovec+0x536/0x820 [ 248.424189][ C1] ? aa_sock_msg_perm+0x91/0x160 [ 248.429133][ C1] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 248.434441][ C1] ? security_socket_sendmsg+0x87/0xb0 [ 248.440003][ C1] ? __pfx_netlink_sendmsg+0x10/0x10 [ 248.445355][ C1] __sock_sendmsg+0x221/0x270 [ 248.450045][ C1] ____sys_sendmsg+0x525/0x7d0 [ 248.454875][ C1] ? __pfx_____sys_sendmsg+0x10/0x10 [ 248.460280][ C1] __sys_sendmsg+0x2b0/0x3a0 [ 248.464909][ C1] ? __pfx___sys_sendmsg+0x10/0x10 [ 248.470053][ C1] ? bpf_trace_run2+0x1fc/0x540 [ 248.474935][ C1] ? bpf_trace_run2+0x36e/0x540 [ 248.479813][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 248.485865][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 248.492212][ C1] ? rcu_is_watching+0x15/0xb0 [ 248.497009][ C1] ? trace_sys_enter+0x1f/0xd0 [ 248.501774][ C1] do_syscall_64+0xf3/0x230 [ 248.506312][ C1] ? clear_bhb_loop+0x35/0x90 [ 248.511010][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 248.516975][ C1] RIP: 0033:0x7f8000f75b29 [ 248.521393][ C1] RSP: 002b:00007f8001e06048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 248.529865][ C1] RAX: ffffffffffffffda RBX: 00007f8001104070 RCX: 00007f8000f75b29 [ 248.537867][ C1] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 000000000000000d [ 248.545870][ C1] RBP: 00007f8000ff6756 R08: 0000000000000000 R09: 0000000000000000 [ 248.553867][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 248.561841][ C1] R13: 000000000000006e R14: 00007f8001104070 R15: 00007ffca2aa99e8 [ 248.569849][ C1] [ 248.572889][ C1] DEBUG: waiting rtnl_mutex for 596 jiffies. [ 248.578876][ C1] task:syz.1.861 state:D stack:26048 pid:7843 tgid:7834 ppid:7116 flags:0x00000004 [ 248.589060][ C1] Call Trace: [ 248.592363][ C1] [ 248.595350][ C1] __schedule+0x17e8/0x4a20 [ 248.599873][ C1] ? __pfx___schedule+0x10/0x10 [ 248.604763][ C1] ? __pfx_lock_release+0x10/0x10 [ 248.609801][ C1] ? __mutex_trylock_common+0x92/0x2e0 [ 248.615342][ C1] ? schedule+0x90/0x320 [ 248.619614][ C1] schedule+0x14b/0x320 [ 248.623804][ C1] schedule_preempt_disabled+0x13/0x30 [ 248.629303][ C1] __mutex_lock+0x6a4/0xd70 [ 248.633866][ C1] ? __mutex_lock+0x527/0xd70 [ 248.638551][ C1] ? rtnl_dumpit+0x1bd/0x300 [ 248.643165][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 248.648195][ C1] ? __alloc_skb+0x28f/0x440 [ 248.652817][ C1] rtnl_dumpit+0x1bd/0x300 [ 248.657237][ C1] ? __pfx_tc_dump_chain+0x10/0x10 [ 248.662368][ C1] netlink_dump+0x647/0xd80 [ 248.666904][ C1] ? __pfx_netlink_dump+0x10/0x10 [ 248.671957][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 248.677033][ C1] __netlink_dump_start+0x59f/0x780 [ 248.682241][ C1] ? __pfx_tc_dump_chain+0x10/0x10 [ 248.687408][ C1] rtnetlink_rcv_msg+0xd9c/0x1170 [ 248.692436][ C1] ? __pfx_tc_dump_chain+0x10/0x10 [ 248.697581][ C1] ? rtnetlink_rcv_msg+0x208/0x1170 [ 248.702808][ C1] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 248.708280][ C1] ? __local_bh_enable_ip+0x168/0x200 [ 248.713687][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 248.718903][ C1] ? __local_bh_enable_ip+0x168/0x200 [ 248.724307][ C1] ? dev_hard_start_xmit+0x773/0x7e0 [ 248.729609][ C1] ? __dev_queue_xmit+0x2da/0x3e90 [ 248.734775][ C1] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 248.740536][ C1] ? __dev_queue_xmit+0x2da/0x3e90 [ 248.745681][ C1] ? __dev_queue_xmit+0x1763/0x3e90 [ 248.750885][ C1] ? kasan_save_track+0x51/0x80 [ 248.755839][ C1] ? do_syscall_64+0xf3/0x230 [ 248.760535][ C1] ? __dev_queue_xmit+0x2da/0x3e90 [ 248.765706][ C1] ? __pfx___dev_queue_xmit+0x10/0x10 [ 248.771090][ C1] ? __pfx_rtnl_dumpit+0x10/0x10 [ 248.776059][ C1] ? __pfx_tc_dump_chain+0x10/0x10 [ 248.781183][ C1] ? ref_tracker_free+0x643/0x7e0 [ 248.786247][ C1] netlink_rcv_skb+0x1e3/0x430 [ 248.791044][ C1] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 248.796596][ C1] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 248.801925][ C1] ? netlink_deliver_tap+0x2e/0x1b0 [ 248.807163][ C1] netlink_unicast+0x7f0/0x990 [ 248.811954][ C1] ? __pfx_netlink_unicast+0x10/0x10 [ 248.817281][ C1] ? __virt_addr_valid+0x183/0x530 [ 248.822451][ C1] ? __check_object_size+0x49c/0x900 [ 248.827878][ C1] ? bpf_lsm_netlink_send+0x9/0x10 [ 248.833049][ C1] netlink_sendmsg+0x8e4/0xcb0 [ 248.837835][ C1] ? __pfx_netlink_sendmsg+0x10/0x10 [ 248.843176][ C1] ? __import_iovec+0x536/0x820 [ 248.848030][ C1] ? aa_sock_msg_perm+0x91/0x160 [ 248.853000][ C1] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 248.858293][ C1] ? security_socket_sendmsg+0x87/0xb0 [ 248.863818][ C1] ? __pfx_netlink_sendmsg+0x10/0x10 [ 248.869109][ C1] __sock_sendmsg+0x221/0x270 [ 248.873819][ C1] ____sys_sendmsg+0x525/0x7d0 [ 248.878639][ C1] ? __pfx_____sys_sendmsg+0x10/0x10 [ 248.883997][ C1] __sys_sendmsg+0x2b0/0x3a0 [ 248.888637][ C1] ? __pfx___sys_sendmsg+0x10/0x10 [ 248.893816][ C1] ? bpf_trace_run2+0x1fc/0x540 [ 248.898677][ C1] ? bpf_trace_run2+0x36e/0x540 [ 248.903574][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 248.909576][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 248.916043][ C1] ? rcu_is_watching+0x15/0xb0 [ 248.920833][ C1] ? trace_sys_enter+0x1f/0xd0 [ 248.925656][ C1] do_syscall_64+0xf3/0x230 [ 248.930182][ C1] ? clear_bhb_loop+0x35/0x90 [ 248.934914][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 248.940825][ C1] RIP: 0033:0x7f8000f75b29 [ 248.945266][ C1] RSP: 002b:00007f8001de5048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 248.953727][ C1] RAX: ffffffffffffffda RBX: 00007f8001104140 RCX: 00007f8000f75b29 [ 248.961727][ C1] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 000000000000000a [ 248.969754][ C1] RBP: 00007f8000ff6756 R08: 0000000000000000 R09: 0000000000000000 [ 248.977924][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 248.985934][ C1] R13: 000000000000006e R14: 00007f8001104140 R15: 00007ffca2aa99e8 [ 248.993980][ C1] [ 248.997008][ C1] [ 248.997008][ C1] Showing all locks held in the system: [ 249.004781][ C1] 3 locks held by kworker/u8:9/3394: [ 249.010436][ C1] #0: ffff88802a433948 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 249.022069][ C1] #1: ffffc9000a997d00 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 249.034909][ C1] #2: ffffffff8f5fb948 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_dad_work+0xd0/0x16f0 [ 249.044366][ C1] 6 locks held by kworker/u8:10/4138: [ 249.049730][ C1] #0: ffff88802af47148 ((wq_completion)bat_events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 249.061108][ C1] #1: ffffc9000c2c7d00 ((work_completion)(&(&bat_priv->nc.work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 249.074283][ C1] #2: ffffffff8e3357e0 (rcu_read_lock){....}-{1:2}, at: batadv_nc_worker+0xcb/0x610 [ 249.083858][ C1] #3: ffffc90000a18c00 (net/core/rtnetlink.c:82){+.-.}-{0:0}, at: call_timer_fn+0xc0/0x650 [ 249.094036][ C1] #4: ffffffff8e3357e0 (rcu_read_lock){....}-{1:2}, at: report_rtnl_holders+0x20/0x2d0 [ 249.103924][ C1] #5: ffffffff8e3357e0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0 [ 249.113950][ C1] 2 locks held by getty/4851: [ 249.118640][ C1] #0: ffff88802ab330a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 249.128463][ C1] #1: ffffc900031332f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6b5/0x1e10 [ 249.138635][ C1] 1 lock held by syz.0.845/7790: [ 249.143598][ C1] 1 lock held by syz.2.859/7830: [ 249.148558][ C1] #0: ffffffff8f5fb948 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3e/0x1b0 [ 249.157577][ C1] 2 locks held by syz.2.859/7833: [ 249.162597][ C1] #0: ffffffff8f5e0628 (vlan_ioctl_mutex){+.+.}-{3:3}, at: sock_ioctl+0x664/0x8e0 [ 249.172098][ C1] #1: ffffffff8f5fb948 (rtnl_mutex){+.+.}-{3:3}, at: vlan_ioctl_handler+0x112/0x9d0 [ 249.181756][ C1] 1 lock held by syz.1.861/7835: [ 249.186745][ C1] #0: ffffffff8f5fb948 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x839/0x1170 [ 249.196304][ C1] 1 lock held by syz.1.861/7840: [ 249.201247][ C1] #0: ffffffff8f5fb948 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x839/0x1170 [ 249.210986][ C1] 2 locks held by syz.1.861/7843: [ 249.216213][ C1] #0: ffff888021d7c678 (nlk_cb_mutex-ROUTE){+.+.}-{3:3}, at: __netlink_dump_start+0x119/0x780 [ 249.226627][ C1] #1: ffffffff8f5fb948 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_dumpit+0x1bd/0x300 [ 249.235767][ C1] 1 lock held by syz.3.874/7877: [ 249.240718][ C1] #0: ffffffff8f5fb948 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x839/0x1170 [ 249.250642][ C1] 1 lock held by syz.4.880/7891: [ 249.255608][ C1] [ 249.257933][ C1] ============================================= [ 249.257933][ C1] [ 249.571908][ T7896] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(4) [ 249.578501][ T7896] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 249.588844][ T7896] vhci_hcd vhci_hcd.0: Device attached [ 249.597721][ T7897] vhci_hcd: connection closed [ 249.604447][ T62] vhci_hcd: stop threads [ 249.615586][ T62] vhci_hcd: release socket [ 249.620046][ T62] vhci_hcd: disconnect device [ 249.732854][ T7835] netlink: 24 bytes leftover after parsing attributes in process `syz.1.861'. [ 250.268869][ T7909] loop1: detected capacity change from 0 to 1764 [ 250.520659][ T7918] overlay: ./file0 is not a directory [ 250.910953][ T7925] loop0: detected capacity change from 0 to 2048 [ 250.935937][ T7926] loop2: detected capacity change from 0 to 512 [ 250.965956][ T7926] EXT4-fs (loop2): blocks per group (71) and clusters per group (32768) inconsistent [ 250.972251][ T7928] loop4: detected capacity change from 0 to 1024 [ 251.021589][ T7928] hfsplus: unable to parse mount options [ 251.028411][ T7930] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 251.063731][ T7931] netlink: 'syz.1.894': attribute type 3 has an invalid length. [ 251.090031][ T7931] netlink: 'syz.1.894': attribute type 4 has an invalid length. [ 251.106883][ T7931] netlink: 'syz.1.894': attribute type 7 has an invalid length. [ 251.132514][ T7931] netlink: 'syz.1.894': attribute type 8 has an invalid length. [ 251.147124][ T7931] netlink: 'syz.1.894': attribute type 7 has an invalid length. [ 251.168678][ T7931] netlink: 198200 bytes leftover after parsing attributes in process `syz.1.894'. [ 251.339040][ T29] audit: type=1800 audit(1719520762.834:190): pid=7928 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.893" name="bus" dev="sda1" ino=1986 res=0 errno=0 [ 251.494631][ T7937] loop4: detected capacity change from 0 to 256 [ 253.987588][ T7948] loop2: detected capacity change from 0 to 2048 [ 254.015740][ T7948] UDF-fs: error (device loop2): udf_process_sequence: Primary Volume Descriptor not found! [ 254.095123][ T7948] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 255.773057][ T7974] Cannot find map_set index 0 as target [ 256.223795][ T1248] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.542932][ T1248] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.579756][ T7976] loop0: detected capacity change from 0 to 512 [ 256.690146][ T7976] EXT4-fs (loop0): blocks per group (71) and clusters per group (32768) inconsistent [ 256.745996][ T7985] xt_CT: You must specify a L4 protocol and not use inversions on it [ 256.919540][ T7989] pimreg2: entered allmulticast mode [ 257.226023][ T7998] loop1: detected capacity change from 0 to 16 [ 257.241573][ T7998] MTD: Attempt to mount non-MTD device "/dev/loop1" [ 257.249756][ T7997] netlink: 'syz.3.915': attribute type 3 has an invalid length. [ 257.306698][ T7997] netlink: 'syz.3.915': attribute type 4 has an invalid length. [ 257.331007][ T7997] netlink: 'syz.3.915': attribute type 7 has an invalid length. [ 257.340210][ T7997] netlink: 'syz.3.915': attribute type 8 has an invalid length. [ 257.370463][ T5145] hid-generic 0000:0000:0000.0004: hidraw0: HID v0.00 Device [syz0] on syz1 [ 257.372925][ T7997] netlink: 'syz.3.915': attribute type 7 has an invalid length. [ 257.385265][ T7993] loop2: detected capacity change from 0 to 4096 [ 257.413011][ T7997] netlink: 198200 bytes leftover after parsing attributes in process `syz.3.915'. [ 257.438789][ T7993] ntfs3: loop2: Different NTFS sector size (4096) and media sector size (512). [ 257.556943][ T7993] ntfs3: loop2: Failed to initialize $Extend/$Reparse. [ 257.784822][ T11] ntfs3: loop2: ino=1a, ntfs3_write_inode failed, -22. [ 257.801169][ T7461] ntfs3: loop2: ino=1a, ntfs_sync_fs failed, -22. [ 258.017997][ T8009] loop3: detected capacity change from 0 to 2048 [ 258.134445][ T8012] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 258.829901][ T8000] loop4: detected capacity change from 0 to 40427 [ 258.873193][ T8000] F2FS-fs (loop4): invalid crc value [ 258.918271][ T8000] F2FS-fs (loop4): Found nat_bits in checkpoint [ 259.143073][ T8000] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 259.155600][ T8027] netlink: 'syz.2.927': attribute type 1 has an invalid length. [ 259.196495][ T8027] netlink: 168864 bytes leftover after parsing attributes in process `syz.2.927'. [ 259.535644][ T8031] syz.4.916[8031] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 259.535824][ T8031] syz.4.916[8031] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 259.617166][ T8000] overlayfs: failed to resolve './file0': -2 [ 259.869073][ T8034] loop2: detected capacity change from 0 to 512 [ 259.908698][ T8034] EXT4-fs (loop2): blocks per group (71) and clusters per group (32768) inconsistent [ 260.343394][ T7405] syz-executor: attempt to access beyond end of device [ 260.343394][ T7405] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 260.372784][ T7405] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 261.537112][ T8041] loop0: detected capacity change from 0 to 4096 [ 261.612873][ T8041] NILFS (loop0): invalid segment: Checksum error in segment payload [ 261.630716][ T8041] NILFS (loop0): trying rollback from an earlier position [ 261.674529][ T8041] NILFS (loop0): recovery complete [ 261.680713][ T8047] loop1: detected capacity change from 0 to 1024 [ 261.702950][ T8049] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 261.734094][ T8047] hfsplus: invalid extent btree flag [ 261.739709][ T8047] hfsplus: failed to load extents file [ 261.905873][ T8055] loop2: detected capacity change from 0 to 2048 [ 261.959345][ T8058] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 262.236209][ T8062] netlink: 'syz.0.938': attribute type 1 has an invalid length. [ 262.257695][ T8062] netlink: 168864 bytes leftover after parsing attributes in process `syz.0.938'. [ 262.762914][ T25] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 264.873257][ T25] usb 2-1: config index 0 descriptor too short (expected 23569, got 27) [ 264.946409][ T25] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 264.980935][ T25] usb 2-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 265.012698][ T25] usb 2-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 265.036162][ T25] usb 2-1: Manufacturer: syz [ 265.046138][ T25] usb 2-1: config 0 descriptor?? [ 265.152864][ T25] rc_core: IR keymap rc-hauppauge not found [ 265.161390][ T25] Registered IR keymap rc-empty [ 265.168910][ T25] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0 [ 265.188786][ T25] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input8 [ 265.294306][ T8068] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 265.319230][ T8068] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 265.626872][ T8093] libceph: resolve '. [ 265.626872][ T8093] #)|.زf͹Dza×ïÅ2sˆoÖw¿úÕ?£'Ê%ÐKAq‰f»CÖê¨Âz¿e­Sb3L)Hyúo¤¶ÿÿÿÿÿÿÿ÷ǤÜYšM¤¨ìó¤h‡E$ [ 265.626872][ T8093] ' (ret=-3): failed [ 265.693889][ T8099] futex_wake_op: syz.0.951 tries to shift op by 32; fix this program [ 265.743253][ T8068] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 265.799191][ T8068] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 265.852679][ T8104] mmap: syz.2.952 (8104) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 265.974787][ T5148] usb 2-1: USB disconnect, device number 7 [ 269.217026][ T8140] futex_wake_op: syz.2.963 tries to shift op by 32; fix this program [ 269.263634][ T8143] libceph: resolve '. [ 269.263634][ T8143] #)|.زf͹Dza×ïÅ2sˆoÖw¿úÕ?£'Ê%ÐKAq‰f»CÖê¨Âz¿e­Sb3L)Hyúo¤¶ÿÿÿÿÿÿÿ÷ǤÜYšM¤¨ìó¤h‡E$ [ 269.263634][ T8143] ' (ret=-3): failed [ 269.727333][ T8158] loop1: detected capacity change from 0 to 512 [ 269.741873][ T8157] loop4: detected capacity change from 0 to 8 [ 269.764554][ T8158] EXT4-fs: Ignoring removed mblk_io_submit option [ 269.812970][ T8158] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 269.995749][ T8161] loop0: detected capacity change from 0 to 4096 [ 270.058183][ T8158] EXT4-fs (loop1): 1 truncate cleaned up [ 270.084528][ T8172] syz.2.974 uses obsolete (PF_INET,SOCK_PACKET) [ 270.582700][ T8161] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 270.886633][ T8158] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 271.154833][ T7116] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 271.190812][ T8161] ntfs3: loop0: Failed to initialize $Extend/$Reparse. [ 271.365838][ T8185] libceph: resolve '. [ 271.365838][ T8185] #)|.زf͹Dza×ïÅ2sˆoÖw¿úÕ?£'Ê%ÐKAq‰f»CÖê¨Âz¿e­Sb3L)Hyúo¤¶ÿÿÿÿÿÿÿ÷ǤÜYšM¤¨ìó¤h‡E$ [ 271.365838][ T8185] ' (ret=-3): failed [ 271.502180][ T2811] ntfs3: loop0: ino=1a, ntfs3_write_inode failed, -22. [ 271.569487][ T6607] ntfs3: loop0: ino=1a, ntfs_sync_fs failed, -22. [ 272.325737][ T8196] futex_wake_op: syz.1.984 tries to shift op by 32; fix this program [ 272.620026][ T8176] loop4: detected capacity change from 0 to 32768 [ 272.632871][ T8176] BTRFS: device fsid 34a2da50-e117-4d40-8878-8e0fb0127b5f devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.978 (8176) [ 272.670419][ T8176] BTRFS info (device loop4): first mount of filesystem 34a2da50-e117-4d40-8878-8e0fb0127b5f [ 272.711053][ T8176] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm [ 272.734199][ T8176] BTRFS info (device loop4): using free-space-tree [ 272.872381][ T8207] loop1: detected capacity change from 0 to 4096 [ 272.903298][ T8207] ntfs3: loop1: Mark volume as dirty due to NTFS errors [ 272.914904][ T8207] ntfs3: loop1: Failed to load $MFT (-2). [ 273.316772][ T8236] Invalid ELF header len 9 [ 273.465815][ T7405] BTRFS info (device loop4): last unmount of filesystem 34a2da50-e117-4d40-8878-8e0fb0127b5f [ 274.321334][ T8243] futex_wake_op: syz.3.998 tries to shift op by 32; fix this program [ 275.069311][ T8255] loop2: detected capacity change from 0 to 8 [ 276.452095][ T8263] loop3: detected capacity change from 0 to 2048 [ 276.532867][ T8271] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 276.695500][ T8267] loop4: detected capacity change from 0 to 4096 [ 276.742585][ T8267] ntfs3: loop4: Mark volume as dirty due to NTFS errors [ 276.763161][ T8267] ntfs3: loop4: Failed to load $MFT (-2). [ 276.921595][ T8276] Cannot find map_set index 0 as target [ 277.139779][ T8281] Invalid ELF header len 9 [ 277.844893][ T8277] xt_CT: You must specify a L4 protocol and not use inversions on it [ 278.241978][ T8269] loop1: detected capacity change from 0 to 32768 [ 278.270012][ T8295] netlink: 1 bytes leftover after parsing attributes in process `syz.3.1016'. [ 278.283143][ T8269] BTRFS: device fsid 34a2da50-e117-4d40-8878-8e0fb0127b5f devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.1006 (8269) [ 278.337311][ T8295] gretap0: entered promiscuous mode [ 278.355788][ T8269] BTRFS info (device loop1): first mount of filesystem 34a2da50-e117-4d40-8878-8e0fb0127b5f [ 278.373306][ T8295] netlink: 'syz.3.1016': attribute type 3 has an invalid length. [ 278.381120][ T8295] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1016'. [ 278.399229][ T8269] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm [ 278.415197][ T8269] BTRFS info (device loop1): using free-space-tree [ 278.449414][ T8301] loop2: detected capacity change from 0 to 1764 [ 278.654836][ T8322] overlay: ./file0 is not a directory [ 279.009684][ T7116] BTRFS info (device loop1): last unmount of filesystem 34a2da50-e117-4d40-8878-8e0fb0127b5f [ 280.177681][ T8331] loop0: detected capacity change from 0 to 256 [ 281.144772][ T8342] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 281.163087][ T5147] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 281.184267][ T8342] x_tables: ip6_tables: TCPOPTSTRIP target: only valid for protocol 6 [ 281.472988][ T5147] usb 5-1: Using ep0 maxpacket: 32 [ 281.477648][ T8354] xt_CT: You must specify a L4 protocol and not use inversions on it [ 281.497074][ T5147] usb 5-1: New USB device found, idVendor=d5ff, idProduct=0066, bcdDevice=d8.b0 [ 281.525458][ T5147] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 281.550485][ T5147] usb 5-1: config 0 descriptor?? [ 281.569543][ T8357] netlink: 1 bytes leftover after parsing attributes in process `syz.1.1032'. [ 281.593384][ T5147] rndis_host 5-1:0.0: probe with driver rndis_host failed with error -22 [ 281.609420][ T8357] gretap0: entered promiscuous mode [ 281.639356][ T8357] netlink: 'syz.1.1032': attribute type 3 has an invalid length. [ 281.658294][ T8357] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1032'. [ 281.749646][ T8361] UBIFS error (pid: 8361): cannot open "./file0", error -22 [ 281.973679][ T29] audit: type=1800 audit(1719520793.464:191): pid=8363 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1035" name="bus" dev="sda1" ino=1988 res=0 errno=0 [ 282.071774][ T29] audit: type=1804 audit(1719520793.474:192): pid=8363 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.1035" name="/root/syzkaller.Kz7N6k/109/bus" dev="sda1" ino=1988 res=1 errno=0 [ 282.153813][ T29] audit: type=1804 audit(1719520793.474:193): pid=8363 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.1035" name="/root/syzkaller.Kz7N6k/109/bus" dev="sda1" ino=1988 res=1 errno=0 [ 284.081525][ T5098] Bluetooth: hci0: command 0x0406 tx timeout [ 284.280717][ T8383] loop0: detected capacity change from 0 to 1764 [ 284.383022][ T5145] usb 5-1: USB disconnect, device number 6 [ 284.510395][ T8383] overlay: ./file0 is not a directory [ 284.526744][ T8389] loop2: detected capacity change from 0 to 2048 [ 284.633413][ T8398] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 285.975169][ T29] audit: type=1800 audit(1719520797.474:194): pid=8405 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1048" name="bus" dev="sda1" ino=1984 res=0 errno=0 [ 286.063253][ T29] audit: type=1804 audit(1719520797.504:195): pid=8405 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.1048" name="/root/syzkaller.w0uJgZ/48/bus" dev="sda1" ino=1984 res=1 errno=0 [ 286.101638][ T8407] loop3: detected capacity change from 0 to 2048 [ 286.116812][ T8413] x_tables: ip6_tables: TCPOPTSTRIP target: only valid for protocol 6 [ 286.128752][ T29] audit: type=1804 audit(1719520797.504:196): pid=8405 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.1048" name="/root/syzkaller.w0uJgZ/48/bus" dev="sda1" ino=1984 res=1 errno=0 [ 286.183070][ T8407] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 287.779172][ T7325] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 287.970067][ T8413] xt_CT: You must specify a L4 protocol and not use inversions on it [ 288.190673][ T29] audit: type=1326 audit(1719520799.684:197): auid=4294967295 uid=0 gid=60929 ses=4294967295 subj=unconfined pid=8416 comm="syz.4.1052" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f69e2775b29 code=0x0 [ 288.272944][ T8439] loop0: detected capacity change from 0 to 164 [ 288.679348][ T25] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 288.806276][ T8439] iso9660: Unknown parameter '000000000000000000000008' [ 289.046336][ T25] usb 4-1: Using ep0 maxpacket: 32 [ 289.402843][ T25] usb 4-1: New USB device found, idVendor=d5ff, idProduct=0066, bcdDevice=d8.b0 [ 289.412225][ T25] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 289.462528][ T25] usb 4-1: config 0 descriptor?? [ 289.689967][ T25] rndis_host 4-1:0.0: probe with driver rndis_host failed with error -22 [ 289.764005][ T8447] loop1: detected capacity change from 0 to 8 [ 290.336697][ T8439] loop0: detected capacity change from 0 to 40427 [ 290.389494][ T8439] F2FS-fs (loop0): Wrong SIT boundary, start(1536) end(50334208) blocks(1024) [ 290.401053][ T8439] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 290.832346][ T8439] F2FS-fs (loop0): invalid crc value [ 290.846058][ T8439] F2FS-fs (loop0): Found nat_bits in checkpoint [ 290.930254][ T8439] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 290.937628][ T8439] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 291.722285][ T8455] ubi0: attaching mtd0 [ 291.733642][ T8455] ubi0: scanning is finished [ 291.738779][ T8455] ubi0: empty MTD device detected [ 291.973785][ T29] audit: type=1800 audit(1719520803.474:198): pid=8460 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1063" name="bus" dev="sda1" ino=1998 res=0 errno=0 [ 292.021230][ T8454] loop4: detected capacity change from 0 to 1764 [ 292.029851][ T8455] ubi0 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt0d", error -4 [ 292.581622][ T29] audit: type=1804 audit(1719520803.494:199): pid=8460 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.1063" name="/root/syzkaller.0w6JwS/62/bus" dev="sda1" ino=1998 res=1 errno=0 [ 292.776814][ T29] audit: type=1804 audit(1719520803.504:200): pid=8460 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.1063" name="/root/syzkaller.0w6JwS/62/bus" dev="sda1" ino=1998 res=1 errno=0 [ 292.834600][ T8454] overlay: ./file0 is not a directory [ 293.123556][ T8473] loop1: detected capacity change from 0 to 256 [ 293.646245][ T5147] usb 4-1: USB disconnect, device number 5 [ 294.964037][ T8494] loop3: detected capacity change from 0 to 164 [ 294.981908][ T8495] x_tables: ip6_tables: TCPOPTSTRIP target: only valid for protocol 6 [ 294.990060][ T8494] iso9660: Unknown parameter '000000000000000000000008' [ 295.014371][ T29] audit: type=1800 audit(1719520806.504:201): pid=8497 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1076" name="bus" dev="sda1" ino=1997 res=0 errno=0 [ 295.052757][ T29] audit: type=1804 audit(1719520806.514:202): pid=8497 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.1076" name="/root/syzkaller.w0uJgZ/52/bus" dev="sda1" ino=1997 res=1 errno=0 [ 295.193352][ T29] audit: type=1804 audit(1719520806.534:203): pid=8497 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.1076" name="/root/syzkaller.w0uJgZ/52/bus" dev="sda1" ino=1997 res=1 errno=0 [ 295.682461][ T8494] loop3: detected capacity change from 0 to 40427 [ 296.429928][ T8494] F2FS-fs (loop3): Wrong SIT boundary, start(1536) end(50334208) blocks(1024) [ 296.443293][ T8494] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 296.777175][ T8494] F2FS-fs (loop3): invalid crc value [ 296.793599][ T8494] F2FS-fs (loop3): Found nat_bits in checkpoint [ 296.838349][ T8494] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 296.848519][ T8494] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 296.863129][ T8495] xt_CT: You must specify a L4 protocol and not use inversions on it [ 297.080713][ T8509] loop2: detected capacity change from 0 to 2048 [ 297.366946][ T8517] ubi0: attaching mtd0 [ 297.384838][ T8517] ubi0: scanning is finished [ 297.808098][ T8517] ubi0 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt0d", error -4 [ 297.825163][ T8509] NILFS (loop2): invalid segment: Inconsistency found [ 297.831995][ T8509] NILFS (loop2): trying rollback from an earlier position [ 297.938023][ T8508] loop0: detected capacity change from 0 to 1764 [ 297.959774][ T8509] NILFS (loop2): recovery complete [ 298.023042][ T8519] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 298.093783][ T8508] overlay: ./file0 is not a directory [ 298.217408][ T8523] loop1: detected capacity change from 0 to 256 [ 298.232001][ T8523] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x0a42a509, utbl_chksum : 0xe619d30d) [ 298.253626][ T8523] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 298.391690][ T8527] loop4: detected capacity change from 0 to 256 [ 298.443028][ T5147] usb 3-1: new full-speed USB device number 8 using dummy_hcd [ 298.477138][ T8530] fscrypt (sda1, inode 1993): Sub-block data units not yet supported with IV_INO_LBLK_32 [ 299.240205][ T5147] usb 3-1: unable to get BOS descriptor or descriptor too short [ 299.287765][ T5147] usb 3-1: not running at top speed; connect to a high speed hub [ 299.298567][ T5146] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 299.321624][ T5147] usb 3-1: config 243 has too many interfaces: 239, using maximum allowed: 32 [ 299.343072][ T5147] usb 3-1: config 243 contains an unexpected descriptor of type 0x1, skipping [ 299.365576][ T5147] usb 3-1: config 243 has an invalid descriptor of length 1, skipping remainder of the config [ 299.395047][ T5147] usb 3-1: config 243 has 0 interfaces, different from the descriptor's value: 239 [ 299.429298][ T8545] loop1: detected capacity change from 0 to 164 [ 299.441637][ T8545] iso9660: Unknown parameter '000000000000000000000008' [ 299.458947][ T5147] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 299.469098][ T5147] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 299.478640][ T5147] usb 3-1: Product: syz [ 299.492405][ T5147] usb 3-1: Manufacturer: syz [ 299.590349][ T8551] loop0: detected capacity change from 0 to 256 [ 299.629842][ T8551] exFAT-fs (loop0): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 299.924201][ T8545] loop1: detected capacity change from 0 to 40427 [ 299.932552][ T8545] F2FS-fs (loop1): Wrong SIT boundary, start(1536) end(50334208) blocks(1024) [ 299.941557][ T8545] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 299.952549][ T5146] usb 4-1: Using ep0 maxpacket: 32 [ 299.960367][ T5147] usb 3-1: SerialNumber: syz [ 299.966193][ T8545] F2FS-fs (loop1): invalid crc value [ 299.975960][ T5146] usb 4-1: New USB device found, idVendor=d5ff, idProduct=0066, bcdDevice=d8.b0 [ 299.988088][ T5146] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 299.988321][ T5147] usb 3-1: can't set config #243, error -71 [ 300.006258][ T8545] F2FS-fs (loop1): Found nat_bits in checkpoint [ 300.073142][ T8545] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 300.080244][ T8545] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 300.090523][ T5146] usb 4-1: config 0 descriptor?? [ 300.097483][ T5147] usb 3-1: USB disconnect, device number 8 [ 300.106304][ T5146] rndis_host 4-1:0.0: probe with driver rndis_host failed with error -22 [ 300.898547][ T8560] ubi0: attaching mtd0 [ 300.904372][ T8560] ubi0: scanning is finished [ 300.937838][ T8560] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 300.948755][ T8560] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 300.956135][ T8560] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 300.963225][ T8560] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 300.970651][ T8560] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 300.977583][ T8560] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 300.985730][ T8560] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 715630432 [ 300.996063][ T8560] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 301.025415][ T8565] ubi0: background thread "ubi_bgt0d" started, PID 8565 [ 301.111120][ T8567] loop4: detected capacity change from 0 to 256 [ 301.210244][ T8567] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x0a42a509, utbl_chksum : 0xe619d30d) [ 301.244325][ T8567] exFAT-fs (loop4): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 301.440778][ T8573] bridge0: port 2(bridge_slave_1) entered disabled state [ 301.684372][ T8579] loop4: detected capacity change from 0 to 256 [ 301.829955][ T8556] loop2: detected capacity change from 0 to 40427 [ 301.856841][ T8585] loop1: detected capacity change from 0 to 256 [ 301.878356][ T8556] F2FS-fs (loop2): Found nat_bits in checkpoint [ 301.929598][ T8585] exFAT-fs (loop1): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 301.936861][ T8589] loop0: detected capacity change from 0 to 2048 [ 301.972604][ T8589] NILFS (loop0): invalid segment: Inconsistency found [ 301.998832][ T8589] NILFS (loop0): trying rollback from an earlier position [ 302.024580][ T8556] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 302.038070][ T8589] NILFS (loop0): recovery complete [ 302.059606][ T8594] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 302.387542][ T5146] usb 1-1: new full-speed USB device number 12 using dummy_hcd [ 302.653004][ T5142] usb 4-1: USB disconnect, device number 6 [ 302.701956][ T8605] loop3: detected capacity change from 0 to 164 [ 302.769620][ T8606] Invalid ELF header len 9 [ 302.776534][ T8605] iso9660: Unknown parameter '000000000000000000000008' [ 303.445840][ T8605] loop3: detected capacity change from 0 to 40427 [ 303.461292][ T8605] F2FS-fs (loop3): Wrong SIT boundary, start(1536) end(50334208) blocks(1024) [ 303.470316][ T8605] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 303.488568][ T5146] usb 1-1: unable to get BOS descriptor or descriptor too short [ 303.504926][ T8605] F2FS-fs (loop3): invalid crc value [ 303.522561][ T5146] usb 1-1: not running at top speed; connect to a high speed hub [ 303.522770][ T8605] F2FS-fs (loop3): Found nat_bits in checkpoint [ 303.574732][ T5146] usb 1-1: config 243 has too many interfaces: 239, using maximum allowed: 32 [ 303.598190][ T8605] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 303.606673][ T8605] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 303.623528][ T5146] usb 1-1: config 243 contains an unexpected descriptor of type 0x1, skipping [ 303.672818][ T5146] usb 1-1: config 243 has an invalid descriptor of length 1, skipping remainder of the config [ 303.686200][ T8614] loop2: detected capacity change from 0 to 256 [ 303.706545][ T5146] usb 1-1: config 243 has 0 interfaces, different from the descriptor's value: 239 [ 303.730418][ T5146] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 303.742705][ T5146] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 303.769466][ T8616] bridge0: port 2(bridge_slave_1) entered disabled state [ 303.777592][ T5146] usb 1-1: Product: syz [ 303.781839][ T5146] usb 1-1: Manufacturer: syz [ 303.808633][ T5146] usb 1-1: SerialNumber: syz [ 303.870213][ T8614] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x0a42a509, utbl_chksum : 0xe619d30d) [ 303.947336][ T8614] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 304.000586][ T8621] loop1: detected capacity change from 0 to 256 [ 304.482372][ T8623] ubi: mtd0 is already attached to ubi0 [ 305.309162][ T8631] loop2: detected capacity change from 0 to 256 [ 305.372091][ T8631] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 305.957923][ T8640] Invalid ELF header len 9 [ 306.808864][ T5146] usb 1-1: USB disconnect, device number 12 [ 307.365235][ T8649] loop1: detected capacity change from 0 to 40427 [ 307.373599][ T8649] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 307.381448][ T8649] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 307.402575][ T8649] F2FS-fs (loop1): Found nat_bits in checkpoint [ 307.455957][ T8649] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 307.463166][ T8649] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 307.471307][ T25] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 307.752690][ T25] usb 4-1: Using ep0 maxpacket: 32 [ 307.759901][ T25] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0 [ 307.786749][ T25] usb 4-1: New USB device found, idVendor=0959, idProduct=2bd0, bcdDevice= 2.ae [ 308.116497][ T25] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 308.136521][ T25] usb 4-1: Product: syz [ 308.150989][ T25] usb 4-1: Manufacturer: syz [ 308.155804][ T25] usb 4-1: SerialNumber: syz [ 308.189023][ T25] usb 4-1: config 0 descriptor?? [ 308.203815][ T25] HFC-S_USB 4-1:0.0: probe with driver HFC-S_USB failed with error -5 [ 308.390505][ T8662] loop0: detected capacity change from 0 to 256 [ 308.418589][ T5146] usb 4-1: USB disconnect, device number 7 [ 308.481740][ T8664] loop2: detected capacity change from 0 to 256 [ 308.559404][ T8664] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x0a42a509, utbl_chksum : 0xe619d30d) [ 308.573117][ T8664] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 308.778549][ T8667] loop0: detected capacity change from 0 to 164 [ 308.806411][ T8667] iso9660: Unknown parameter '000000000000000000000008' [ 309.283703][ T8667] loop0: detected capacity change from 0 to 40427 [ 309.391101][ T8667] F2FS-fs (loop0): Wrong SIT boundary, start(1536) end(50334208) blocks(1024) [ 309.400111][ T8667] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 309.411525][ T8667] F2FS-fs (loop0): invalid crc value [ 309.445325][ T8667] F2FS-fs (loop0): Found nat_bits in checkpoint [ 310.331795][ T8667] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 310.338966][ T8667] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 310.644772][ T8684] loop1: detected capacity change from 0 to 2048 [ 311.383325][ T8691] ubi: mtd0 is already attached to ubi0 [ 311.631040][ T8690] loop4: detected capacity change from 0 to 64 [ 311.655184][ T8684] NILFS (loop1): invalid segment: Inconsistency found [ 311.662198][ T8684] NILFS (loop1): trying rollback from an earlier position [ 311.929174][ T8684] NILFS (loop1): recovery complete [ 311.955462][ T8693] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 312.372902][ T9] usb 2-1: new full-speed USB device number 8 using dummy_hcd [ 312.785253][ T9] usb 2-1: unable to get BOS descriptor or descriptor too short [ 312.861679][ T8702] loop0: detected capacity change from 0 to 40427 [ 312.902279][ T8702] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 312.910185][ T8702] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 312.985474][ T8702] F2FS-fs (loop0): Found nat_bits in checkpoint [ 313.080593][ T9] usb 2-1: not running at top speed; connect to a high speed hub [ 313.197179][ T9] usb 2-1: config 243 has too many interfaces: 239, using maximum allowed: 32 [ 313.583925][ T9] usb 2-1: config 243 contains an unexpected descriptor of type 0x1, skipping [ 313.631395][ T9] usb 2-1: config 243 has an invalid descriptor of length 1, skipping remainder of the config [ 313.774246][ T8702] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 313.781434][ T8702] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 313.880358][ T9] usb 2-1: config 243 has 0 interfaces, different from the descriptor's value: 239 [ 313.891252][ T9] usb 2-1: string descriptor 0 read error: -71 [ 313.901080][ T9] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 313.910661][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 314.010661][ T8718] Invalid ELF header len 9 [ 314.681627][ T9] usb 2-1: can't set config #243, error -71 [ 314.691405][ T9] usb 2-1: USB disconnect, device number 8 [ 314.740429][ T8724] loop2: detected capacity change from 0 to 164 [ 315.025148][ T8724] iso9660: Unknown parameter '000000000000000000000008' [ 315.130049][ T8730] loop3: detected capacity change from 0 to 64 [ 315.406242][ T8724] loop2: detected capacity change from 0 to 40427 [ 315.432599][ T8724] F2FS-fs (loop2): Wrong SIT boundary, start(1536) end(50334208) blocks(1024) [ 315.442519][ T8724] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 315.452913][ T8724] F2FS-fs (loop2): invalid crc value [ 315.476644][ T8724] F2FS-fs (loop2): Found nat_bits in checkpoint [ 315.528761][ T8724] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 315.535963][ T8724] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 315.563297][ T8733] 9pnet_fd: Insufficient options for proto=fd [ 317.297570][ T8748] ubi: mtd0 is already attached to ubi0 [ 317.564616][ T1248] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.570991][ T1248] ieee802154 phy1 wpan1: encryption failed: -22 [ 318.470553][ T8760] Invalid ELF header len 9 [ 319.535274][ T8771] loop0: detected capacity change from 0 to 64 [ 319.730606][ T8768] loop3: detected capacity change from 0 to 40427 [ 319.770150][ T5098] Bluetooth: hci4: command 0x0406 tx timeout [ 319.885918][ T8768] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 319.893869][ T8768] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 319.977588][ T8768] F2FS-fs (loop3): Found nat_bits in checkpoint [ 320.380224][ T8777] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1166'. [ 320.422965][ T8768] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 320.430074][ T8768] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 323.814849][ T8810] loop4: detected capacity change from 0 to 64 [ 323.904023][ T8814] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1183'. [ 325.566410][ T8828] loop4: detected capacity change from 0 to 40427 [ 325.575169][ T8828] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 325.583565][ T8828] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 325.624955][ T8801] loop2: detected capacity change from 0 to 40427 [ 325.664007][ T8828] F2FS-fs (loop4): Found nat_bits in checkpoint [ 325.737737][ T8801] F2FS-fs (loop2): Found nat_bits in checkpoint [ 325.745965][ T8828] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 325.753137][ T8828] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 325.902007][ T8801] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 326.143725][ T8853] Invalid ELF header len 9 [ 326.920322][ T8854] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1196'. [ 327.578319][ T8873] loop1: detected capacity change from 0 to 256 [ 327.603132][ T9] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 327.630928][ T8873] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x1aabf3fb, utbl_chksum : 0xe619d30d) [ 327.810081][ T9] usb 4-1: Using ep0 maxpacket: 32 [ 327.884005][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0 [ 327.909206][ T9] usb 4-1: New USB device found, idVendor=0959, idProduct=2bd0, bcdDevice= 2.ae [ 327.922419][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 327.937085][ T9] usb 4-1: Product: syz [ 327.941465][ T9] usb 4-1: Manufacturer: syz [ 327.946271][ T9] usb 4-1: SerialNumber: syz [ 327.954439][ T9] usb 4-1: config 0 descriptor?? [ 327.962288][ T9] HFC-S_USB 4-1:0.0: probe with driver HFC-S_USB failed with error -5 [ 328.190046][ T8877] netlink: 'syz.2.1205': attribute type 10 has an invalid length. [ 328.246421][ T9] usb 4-1: USB disconnect, device number 8 [ 328.280152][ T8877] bridge0: port 2(bridge_slave_1) entered disabled state [ 328.287806][ T8877] bridge0: port 1(bridge_slave_0) entered disabled state [ 328.349274][ T8877] bridge0: port 2(bridge_slave_1) entered blocking state [ 328.357632][ T8877] bridge0: port 2(bridge_slave_1) entered forwarding state [ 328.365277][ T8877] bridge0: port 1(bridge_slave_0) entered blocking state [ 328.372437][ T8877] bridge0: port 1(bridge_slave_0) entered forwarding state [ 329.397543][ T8877] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 329.680981][ T8890] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1208'. [ 329.923223][ T8899] loop3: detected capacity change from 0 to 256 [ 329.980811][ T5147] ------------[ cut here ]------------ [ 329.987251][ T5147] WARNING: CPU: 0 PID: 5147 at io_uring/io_uring.c:703 io_cqring_event_overflow+0x442/0x660 [ 329.987292][ T5147] Modules linked in: [ 329.987321][ T5147] CPU: 0 UID: 0 PID: 5147 Comm: kworker/0:6 Not tainted 6.10.0-rc5-next-20240627-syzkaller #0 [ 329.987349][ T5147] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 329.987364][ T5147] Workqueue: events io_fallback_req_func [ 329.987396][ T5147] RIP: 0010:io_cqring_event_overflow+0x442/0x660 [ 329.987422][ T5147] Code: 0f 95 c0 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc e8 ed 1f ee fc 90 0f 0b 90 e9 c5 fc ff ff e8 df 1f ee fc 90 <0f> 0b 90 e9 6e fc ff ff e8 d1 1f ee fc c6 05 59 1d f4 0a 01 90 48 [ 329.987442][ T5147] RSP: 0018:ffffc90004187a08 EFLAGS: 00010293 [ 329.987462][ T5147] RAX: ffffffff84a55e81 RBX: 0000000000000000 RCX: ffff888028a90000 [ 329.987480][ T5147] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 329.987496][ T5147] RBP: 0000000000000000 R08: ffffffff84a55ae4 R09: 0000000000000000 [ 329.987513][ T5147] R10: dffffc0000000000 R11: ffffffff84a98540 R12: ffff888064d24000 [ 329.987530][ T5147] R13: 0000000000000000 R14: ffff888064d24000 R15: 0000000000000000 [ 329.987547][ T5147] FS: 0000000000000000(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000 [ 329.987568][ T5147] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 329.987586][ T5147] CR2: 00007f2e8bffa350 CR3: 000000000e132000 CR4: 00000000003506f0 [ 329.987607][ T5147] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 329.987622][ T5147] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 329.987639][ T5147] Call Trace: [ 329.987648][ T5147] [ 329.987658][ T5147] ? __warn+0x168/0x4e0 [ 329.987681][ T5147] ? io_cqring_event_overflow+0x442/0x660 [ 329.987711][ T5147] ? report_bug+0x2b3/0x500 [ 329.987744][ T5147] ? io_cqring_event_overflow+0x442/0x660 [ 329.987776][ T5147] ? handle_bug+0x3e/0x70 [ 329.987801][ T5147] ? exc_invalid_op+0x1a/0x50 [ 329.987826][ T5147] ? asm_exc_invalid_op+0x1a/0x20 [ 329.987859][ T5147] ? __pfx_io_msg_tw_complete+0x10/0x10 [ 329.987896][ T5147] ? io_cqring_event_overflow+0xa4/0x660 [ 329.987917][ T5147] ? io_cqring_event_overflow+0x441/0x660 [ 329.987953][ T5147] ? io_cqring_event_overflow+0x442/0x660 [ 329.987980][ T5147] ? io_cqring_event_overflow+0x441/0x660 [ 329.988001][ T5147] ? io_get_cqe_overflow+0x57f/0x590 [ 329.988031][ T5147] io_add_aux_cqe+0x27c/0x320 [ 329.988059][ T5147] ? io_fallback_req_func+0x71/0x1c0 [ 329.988091][ T5147] ? __pfx_io_add_aux_cqe+0x10/0x10 [ 329.988126][ T5147] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 329.988159][ T5147] io_msg_tw_complete+0x9d/0x4d0 [ 329.988192][ T5147] ? percpu_ref_get_many+0x1f/0x1d0 [ 329.988226][ T5147] io_fallback_req_func+0xce/0x1c0 [ 329.988263][ T5147] ? process_scheduled_works+0x945/0x1830 [ 329.988290][ T5147] process_scheduled_works+0xa2c/0x1830 [ 329.988354][ T5147] ? __pfx_process_scheduled_works+0x10/0x10 [ 329.988394][ T5147] ? assign_work+0x364/0x3d0 [ 329.988429][ T5147] worker_thread+0x86d/0xd40 [ 329.988469][ T5147] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 329.988503][ T5147] ? __kthread_parkme+0x169/0x1d0 [ 329.988537][ T5147] ? __pfx_worker_thread+0x10/0x10 [ 329.988566][ T5147] kthread+0x2f0/0x390 [ 329.988598][ T5147] ? __pfx_worker_thread+0x10/0x10 [ 329.988626][ T5147] ? __pfx_kthread+0x10/0x10 [ 329.988660][ T5147] ret_from_fork+0x4b/0x80 [ 329.988690][ T5147] ? __pfx_kthread+0x10/0x10 [ 329.988722][ T5147] ret_from_fork_asm+0x1a/0x30 [ 329.988773][ T5147] [ 329.988785][ T5147] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 330.330986][ T5147] CPU: 0 UID: 0 PID: 5147 Comm: kworker/0:6 Not tainted 6.10.0-rc5-next-20240627-syzkaller #0 [ 330.341263][ T5147] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 330.351359][ T5147] Workqueue: events io_fallback_req_func [ 330.357054][ T5147] Call Trace: [ 330.360361][ T5147] [ 330.363324][ T5147] dump_stack_lvl+0x241/0x360 [ 330.368050][ T5147] ? __pfx_dump_stack_lvl+0x10/0x10 [ 330.373339][ T5147] ? __pfx__printk+0x10/0x10 [ 330.377985][ T5147] ? vscnprintf+0x5d/0x90 [ 330.382384][ T5147] panic+0x349/0x870 [ 330.386334][ T5147] ? __warn+0x177/0x4e0 [ 330.390528][ T5147] ? __pfx_panic+0x10/0x10 [ 330.395005][ T5147] ? ret_from_fork_asm+0x1a/0x30 [ 330.399989][ T5147] __warn+0x34b/0x4e0 [ 330.404089][ T5147] ? io_cqring_event_overflow+0x442/0x660 [ 330.409853][ T5147] report_bug+0x2b3/0x500 [ 330.414227][ T5147] ? io_cqring_event_overflow+0x442/0x660 [ 330.419986][ T5147] handle_bug+0x3e/0x70 [ 330.424181][ T5147] exc_invalid_op+0x1a/0x50 [ 330.428721][ T5147] asm_exc_invalid_op+0x1a/0x20 [ 330.433608][ T5147] RIP: 0010:io_cqring_event_overflow+0x442/0x660 [ 330.439972][ T5147] Code: 0f 95 c0 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc e8 ed 1f ee fc 90 0f 0b 90 e9 c5 fc ff ff e8 df 1f ee fc 90 <0f> 0b 90 e9 6e fc ff ff e8 d1 1f ee fc c6 05 59 1d f4 0a 01 90 48 [ 330.459632][ T5147] RSP: 0018:ffffc90004187a08 EFLAGS: 00010293 [ 330.465734][ T5147] RAX: ffffffff84a55e81 RBX: 0000000000000000 RCX: ffff888028a90000 [ 330.473738][ T5147] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 330.481741][ T5147] RBP: 0000000000000000 R08: ffffffff84a55ae4 R09: 0000000000000000 [ 330.489746][ T5147] R10: dffffc0000000000 R11: ffffffff84a98540 R12: ffff888064d24000 [ 330.497838][ T5147] R13: 0000000000000000 R14: ffff888064d24000 R15: 0000000000000000 [ 330.505845][ T5147] ? __pfx_io_msg_tw_complete+0x10/0x10 [ 330.511438][ T5147] ? io_cqring_event_overflow+0xa4/0x660 [ 330.517103][ T5147] ? io_cqring_event_overflow+0x441/0x660 [ 330.522876][ T5147] ? io_cqring_event_overflow+0x441/0x660 [ 330.528630][ T5147] ? io_get_cqe_overflow+0x57f/0x590 [ 330.533973][ T5147] io_add_aux_cqe+0x27c/0x320 [ 330.538690][ T5147] ? io_fallback_req_func+0x71/0x1c0 [ 330.544021][ T5147] ? __pfx_io_add_aux_cqe+0x10/0x10 [ 330.549273][ T5147] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 330.555302][ T5147] io_msg_tw_complete+0x9d/0x4d0 [ 330.560286][ T5147] ? percpu_ref_get_many+0x1f/0x1d0 [ 330.565527][ T5147] io_fallback_req_func+0xce/0x1c0 [ 330.570687][ T5147] ? process_scheduled_works+0x945/0x1830 [ 330.576449][ T5147] process_scheduled_works+0xa2c/0x1830 [ 330.582066][ T5147] ? __pfx_process_scheduled_works+0x10/0x10 [ 330.588109][ T5147] ? assign_work+0x364/0x3d0 [ 330.592743][ T5147] worker_thread+0x86d/0xd40 [ 330.597381][ T5147] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 330.603323][ T5147] ? __kthread_parkme+0x169/0x1d0 [ 330.608404][ T5147] ? __pfx_worker_thread+0x10/0x10 [ 330.613557][ T5147] kthread+0x2f0/0x390 [ 330.617667][ T5147] ? __pfx_worker_thread+0x10/0x10 [ 330.622819][ T5147] ? __pfx_kthread+0x10/0x10 [ 330.627448][ T5147] ret_from_fork+0x4b/0x80 [ 330.631912][ T5147] ? __pfx_kthread+0x10/0x10 [ 330.636546][ T5147] ret_from_fork_asm+0x1a/0x30 [ 330.641369][ T5147] [ 330.644645][ T5147] Kernel Offset: disabled [ 330.649106][ T5147] Rebooting in 86400 seconds..