last executing test programs: 13.759098697s ago: executing program 1: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0xfff, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000000df1f00000000000700000018190000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000024"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)) mount$tmpfs(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000400), 0x0, &(0x7f00000002c0)={[{@huge_always}]}) chdir(&(0x7f0000000140)='./file0\x00') r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='rss_stat\x00', r1}, 0x10) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x28011, r2, 0x0) 12.478388023s ago: executing program 1: r0 = openat$binder_debug(0xffffffffffffff9c, 0x0, 0x0, 0x0) read$snddsp(r0, &(0x7f0000000740)=""/56, 0x38) 11.257326266s ago: executing program 1: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180800000000000000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fe}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xb, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x1000007, 0x10, 0xffffffffffffffff, 0x0) r3 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r3, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) 8.975560106s ago: executing program 3: openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0) pipe(&(0x7f0000000100)) write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd600a843500140600fe80000000000000e5000000", @ANYRES32=0x41424344], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000327000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000200)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473ba6100b021ee66b9800000c00f146635004000000f300f20e06635800000000f22e0f30fa6c8", 0x54}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10) ioctl$KVM_RUN(r3, 0xae80, 0x0) 8.90936972s ago: executing program 2: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff, 0x7}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000009007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r1}, 0x10) r2 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000001440)=@newtaction={0x850, 0x31, 0x1, 0x0, 0x0, {}, [{0x83c, 0x1, [@m_police={0x838, 0x0, 0x0, 0x0, {{0xb}, {0x80c, 0x2, 0x0, 0x1, [[@TCA_POLICE_PEAKRATE={0x404}, @TCA_POLICE_RATE={0x404}]]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x850}}, 0x0) 7.628332911s ago: executing program 2: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008000000000000001c2df6f270000000fad413ec50000000f00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='netlink_extack\x00', r0}, 0x10) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYBLOB="3c00000010001fff001201000006000043be4354", @ANYRES32=0x0, @ANYBLOB="ff7f000000000000140012800a00010076786c616e000000"], 0x3c}, 0x1, 0x8000a0ffffffff}, 0x0) r1 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f00000000c0), 0x492492492492627, 0x0) 6.705251635s ago: executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001140)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr(aes-aesni)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000000680)=[{{0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000080)=""/42, 0x2a}, {&(0x7f0000000000)=""/32, 0x20}], 0x2}}], 0x1, 0x0, 0x0) sendmsg$nl_route(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000040)=ANY=[], 0x38}}, 0x0) 6.534014511s ago: executing program 2: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000300)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) read$snddsp(0xffffffffffffffff, &(0x7f0000000740)=""/56, 0x38) 5.813894389s ago: executing program 0: write$rfkill(0xffffffffffffffff, &(0x7f00000033c0)={0x1}, 0x8) socket(0x0, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x2000000, &(0x7f0000000080), 0x1, 0x4f5, &(0x7f0000000740)="$eJzs3U9rJGkZAPCnKunZZCZr96rIuuLu4q5kFp3uZOPuBpF1BdHTgjreY0w6IaSTDunOOAmDZj6BIKKCJ09eBD+AIPMRRBjQu+CoiM7owYNOSVdXdJLpTlryp8fO7wc19b5VXfU8bw15u6rrpSqAS+vViHgvIj4WEW9ERLlYnhbTQqey3/3co4d3ljpTEll28y9JJMWyg3116uMRca27SUxExNe+HPHN5Om4rd299cVGo75d1Gvtja1aa3fvxtrG4mp9tb45Nzf79vw782/Nz2SFU7WzEhHvfvHBD7770y+9+8tPf+t3C3+6/u1OWp/7SDfviFg6VYA+uvsu5cfiQOcYbZ9HsCEYK9pTGnYiAAAMpHOO/8GI+ER+/l+OsfxsDgAAABgl2een4p9JRAYAAACMrDQipiJJq8VYgKlI02q1O4b3w3E1bTRb7U+tNHc2lzvrIipRSlfWGvWZYqxwJUpJpz5bjLE9qL95pD4XES9ExPfLk3m9utRsLA/7xw8AAAC4JK69cvj6/+/lNC8DAAAAI6bStwIAAACMCpf8AAAAMPoGvv7/Q/l8EwEAAADOw1fef78zZQfv8V6+tbuz3rx1Y7neWq9u7CxVl5rbW9XVZnM1f2bfxkn7azSbW5+JzZ3btXa91a61dvcWNpo7m+2FtUOvwAYAAAAu0Auv3PttEhH7n53MpyieAwhwyO+HnQBwlsaGnQAwNOPDTgAYmtIT5d7nAnoIGHXJCev7Dt751ZH65NnkAwAAnL3pjz59//9Ksa401MyA82asDwBcPu7uweVVMgIQLr0PdGfP9Vs/8P3/vrLsf04KAAA4U1P5lKTV4l7gVKRptRrxfP5agFKystaozxTXB78pl57r1GfzLZMTxwwDAAAAAAAAAAAAAAAAAAAAAAAAAF1ZlkQGAAAAjLSI9I9J/jT/iOny61NHfx+4kvyjHA+Kyo9v/vD2Yru9PdtZ/tdyvj4i2j8qlr+ZeSUAAAAAPAO61+nFfHbY2QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwah49vLN0MF1k3D9/ISIqveKPx0Q+n4hSRFz9WxLjT2yXRMTYGcTfvxsRL/aKn8TjLMsqRRa94k+ec/xKfmh6x08j4toZxIfL7F6n/3mv199fGq/m895/f+PFdFr9+7/0P/3fWJ/+5/kBY7x0/+e1vvHvRrw03rv/OYif9In/2oDxv/H1vb1+67KfREz3/P5JDsWqtTe2aq3dvRtrG4ur9dX65tzc7Nvz78y/NT9TW1lr1It/e8b43sd/8fi49l/tE79yQvtfH7D9/7p/++GHusVSr/jXX+v9/ftiN372nSPx0+K775NFuZPL9EF5v1t+0ss/+/XLx7V/uU/7T/r/vz5g+9/46pUBPwkAXITW7t76YqNR3z6mMDHAZxT+HwoRsf8MpNGjkJ/kRsTp9nPKzZ8qZMM+LEMsDLtnAgAAztp/T/qHnQkAAAAAAAAAAAAAAAAAAABcXhfxOLGjMfeH01QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgGP9OwAA///MZN36") sendto(0xffffffffffffffff, 0x0, 0x0, 0x4004000, 0x0, 0x0) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, 0x0) ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000b80)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}) read$FUSE(0xffffffffffffffff, &(0x7f0000002140)={0x2020}, 0x2100) syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'wlan0\x00'}) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r1, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eded8e4a093f0adf33c9f7b986", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 5.447324421s ago: executing program 2: r0 = socket$inet(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000000100)={@multicast2, @local}, 0xc) bpf$ENABLE_STATS(0x20, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000000400)=ANY=[@ANYBLOB="bf16000000000000b70700000100e0ff5070000028000000770000000000000095000200000000007ae9413df8ff0af5aa35339f4b382c4cad9db6fa7a9b857b72abaca100af1ba23d699b89e890c10500000000000000000000000000ac0e064c27bdfbd301150500000000000000bfdc995279d64072aacbb0595b95060000009ad3bf16a461e48e955a772d4062093f4cb1c3d9532abad2085401f098eb039ae4f4103699b9e079227e98cc07c09c1a72cb6d47cef1595e84d21951010f0274b1445a2ad6a7ad73827cccc21842599e0ae7b91f0b878b9267aa0b28d69a74ffdea613e892f0f9ff94e690b6ad68e4cb6dd65fd7bf3124702c6b1c2aea53ee0cb83ff1807459c7cba77cedca0bff6d8370c33e2bd9cebd29c152ff9dc8c2772fe552fecfcd1778b0838100000031d521207e5223d86508416780983c2f380bc01cefe9773a9a5cd5b24aa24a561e72393c0ce2bf44825b05c138779fe74f884c2472ab45c2af60289cb199963312dd1929096c6f49d116f1612a7b97f77169fa5e8a66a372ef8e3ee7167f7d2a26fc6c3cfa4dc5860277223d6eb3460e3b10a0dc9495635a9fca19d7beb5e700498b43bdadc916c01264d22d7969530633f94b257fbc5da7a96820e31444c0b0f62619c9e351996185e4015510875b774666ba5c0ba9845ad25b578d"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x15}, 0x48) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f0000000040)=r1, 0x4) syz_emit_ethernet(0xd2, &(0x7f0000000900)=ANY=[], 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.current\x00', 0x275a, 0x0) syz_emit_ethernet(0x36, &(0x7f0000001800)={@link_local, @dev, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x2, 0x0, @empty, @multicast2}, @timestamp_reply={0x11, 0x0, 0x0, 0xe000, 0x2}}}}}, 0x0) 5.353797483s ago: executing program 4: futex(&(0x7f0000000700)=0x2, 0x0, 0x2, &(0x7f0000000740)={0x0, 0x3938700}, 0x0, 0x0) rt_sigreturn() syz_read_part_table(0x401f, &(0x7f0000000000)="$eJzs0DEOAUEUBuB/NqKgUbuERk2UjrKNTqLRuIrKMSQaB3EBJ9CMZElIVuv7mvlnMjMv741vp1WSMttu2l1eNJ28bJKSZF73Jf/nvedrsjgnGfX5pDvUtPcvNycfzveHGoZ96j4N6ro+Ti+/vAcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAe7MCBAAAAAACQ/2sjVFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVWEHDgQAAAAAgPxfG6GqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqoKO3AgAwAAACDM3zqP9gMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwEsBAAD//4IoCls=") sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000001180)={0xa, 0x4e21, 0x405, @private1}, 0x1c) r0 = eventfd(0x0) r1 = fcntl$dupfd(r0, 0x0, r0) socket$unix(0x1, 0x1, 0x0) bind$unix(0xffffffffffffffff, 0x0, 0x0) write$P9_RSTATFS(r1, &(0x7f0000000080)={0x43, 0x9, 0x0, {0x1ff}}, 0x43) write$FUSE_DIRENT(r1, &(0x7f0000004080)=ANY=[@ANYBLOB="30000000f5ffffff", @ANYRES64=0x0, @ANYBLOB="024d37ed35d17d09147900000000000000020000000000000001000000090000002d00000000000000"], 0x30) 4.628024061s ago: executing program 3: r0 = semget$private(0x0, 0x4, 0x0) semop(r0, &(0x7f00000000c0)=[{0x0, 0x5}, {}], 0x2) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000001100)={0xffffffffffffffff}) write$binfmt_script(r1, &(0x7f0000000340), 0xffffff46) rt_sigreturn() write(r1, &(0x7f0000001140)='x', 0x1) semctl$SETALL(r0, 0x0, 0x11, &(0x7f0000002240)=[0x7fff]) 4.267277001s ago: executing program 2: mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) r0 = syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000280)='./file0\x00', 0x480, &(0x7f00000000c0)=ANY=[], 0x0, 0x25d, &(0x7f0000000c00)="$eJzs3E+LG2UcB/Cf27q73dJmDyIoiA960cvQ3b6CIC2IC8raiHoQpu6shh2TJRMiEbG9efV1FI/eBPUN7MWbd297Ebz0IEY2f7axRrRl11Hz+UB4fuHJlzyTTMJv5vAcv/3FRwf7Vbaf92NlPcVKxN24H7F5Uk09MR1XxvVqzLsbL1/++Yfn3nzn3deaOzs3dlO62bx1fTuldPX5bz7+9MsXvutffuurq1+vxdHme8c/bf949PTRM8e/3vqwXaV2lTrdfsrT7W539m7VQZbSG2WRV0Vqd6qiN53v57fLIu2X3cPDYco7e1c2DntFVaW8M0wHxTD1u6nfG6b8g7zdSVmWpSsbwV9p3dvdzZt1r4Lz1es18wsRcekPM60LtSwIAKjVWfX/q7P+/2T6Mfr/SX+/1/5H+//rZ/1p/tfo/5fBSf+/Mf39/l7rXi0LAgAAAAAAAAAAAAAAHsn90agxGo0as3H2WIuI9YiYPa97nZwP3/9ym9u4Yz2i/HzQGrQm42S+uR/tKKOIa9GIX8bnw9Skvvnqzo1raWwzvi3vTPN3BtOtBU7zW9GIzcX5rUk+zeej9WRszOe3oxFPLc5vL8gPWqvx0otz+Swa8f370Y0y9sbn9YP8Z1spvfL6zkP5S+PXAQAAwP9Blk4tvH7Psj+bn+Qf4f7AQ9fXF+PZi/UeOwAAACyLavjJQV6WRU+hUChOi7r/mQAAgLP2oOmveyUAAAAAAAAAAAAAAAAAAACwvB5rh7DR2iT8N1N1HyMAAAAAAAAAAAAAAAAAAAAAAAD8W/wWAAD//ySDKGU=") r1 = openat(r0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0) ioctl$VFAT_IOCTL_READDIR_BOTH(r1, 0x82307202, &(0x7f0000000f00)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) 4.204906903s ago: executing program 0: unshare(0x4040600) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000140)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0xfffffff7}) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000100), 0xfecc) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r0, 0x0) r1 = syz_open_dev$I2C(&(0x7f0000004300), 0x0, 0x0) ioctl$I2C_SMBUS(r1, 0x720, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0}) 4.058528231s ago: executing program 4: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = dup(r2) ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB="3b00000000000800020100c0"]) 3.518064074s ago: executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000980)=ANY=[], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x90) r0 = syz_open_dev$evdev(0x0, 0x0, 0x0) syz_usb_disconnect(r0) syz_usb_connect$hid(0x0, 0x0, 0x0, 0x0) ioctl$EVIOCRMFF(0xffffffffffffffff, 0x4004550e, 0x0) openat$vnet(0xffffffffffffff9c, 0x0, 0x2, 0x0) syz_open_dev$amidi(0x0, 0x0, 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(0xffffffffffffffff, 0xc0305710, &(0x7f0000000040)) arch_prctl$ARCH_SHSTK_DISABLE(0x5003, 0x0) r1 = gettid() r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) read(r2, &(0x7f0000000200)=""/209, 0xd1) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r2, 0x4040534e, &(0x7f0000000080)={0x335}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f00000003c0)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r2, 0xc0605345, &(0x7f0000000300)) tkill(r1, 0x7) 3.099511348s ago: executing program 2: syz_mount_image$bcachefs(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x10, &(0x7f00000000c0)=ANY=[@ANYBLOB="6261636b67726f756e645f636f6d7072657373696f6e3d6e6f6e652c6261636b67726f756e644c636f6d7072657373696f6e3d7a7374642c7374725f686173683d63726336342c7374725f68616372633332632c646174615f636865636b73756d3d63726336342c646174615f636865636b7375003d6372eee532632c7374725f686173683d736970686173682c6261636b67726f756e645f636f6d7072657373696f6e3d6e6f6e652c00000000"], 0x1, 0x5b22, &(0x7f0000000280)="$eJzs3Q2MHNWdIPCq7hnPjMc2YxLAMR8ewPgMF2CMyQEWEQOnALnEhEBikkCwHTw2Q/wBHjsGJ8QGKSQiHGfpTgkXKQihROKEELlDl8vHRSZaQrRho1jKsia7myWCRBt2RRwRSLwYxauZqZrprqnXVdPd4xj4/WRPTVW//r/3f/Wmpup1TXcEAADA28LTXxj541UL3/eTu4de23Xl9zbdFfVWx7Z3pwX6kuXtf6kWciR1dSwYW2bHxZ7BWU9fct8Hn/v6J7/5wovzly77xi2XH7ptzsp77x38+QWHfvrnO4vipuPpzMn1+OU4ik7+2dKv3POjZ04Y3RZHUVSN+3ZH0fy48sP5cSbEwOtRFK2baGf9g0+8tnz96HL3l7vqth+TCWK8v711J+Psiz/YctJvz7n8ub2/uOy1ge7Xt+6eLBJ314ynKJq3pvb5nVEU9ST/R6WjbUH65GR5dRRFs2ued2FBu04r2f6zA+sLk+WsZNlbECd9/NTMemfJdnRklt0ln9esygzHT6X7b84M1589uGXrmZ8sv50sz5xm/Gr6P44qcdQxUd3GeHKMRDX7LY7isX0/uV6pGwtxZmzEURRn1iuZ9WpnJq+xepOBVo3j+u1pucz2/mR7R7L91IKxdm1g+7vSfJMf1IOZ/LNBe6d8M5HXmLRdv2rQliOhUnMMytuetrc72Rm9ybbe+NgpzzmcI31s1Yv3P/7CzgcX9wXaEX8rTuLHTcV/dtNF+5fs/OWBBaH4aypJ/EpT8UfOeeWxl6758QnB+HvS+NWm4j9//pKvfn/XjoPB/vl92j8dTcWvrjjr0LK7B1YF2/9QGr+7qfgPX/bo1+a956nHgu0fSPunp7n+Gd7+xvWPHHcgGD9K489uKv6lrx5/xootj24Ixn8y7Z/epuI/MzK88p6bF+3oD8Xfl8af21T80359w/V79w89H2z/YNo/fU3Ff+/iS69eeWDzfaFjZ7z7SP2GBXhrekdyjvWlZL3Z68xW1VwvPNAXj5/zzUn+z622s6Z6o/XMm7nwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALxNPdy3bujP3z3ljY5kvSv55pTq+DLdPiuK4p4oika2rd26bXjzhv5btmzfunntxv612/qHNm/bekf/+e/u3zp068a1d4w+OnD28vHnHRvF48v45Cl1Hz58+HClr35bWt+nL/jvT/Sfsv/vo2jguJ+f0hFs/4fuXPif5+d8zYgHD2/8b2fc+NKcv94+vqEvaVdfoF1RoF0XP/Lyit9+r+e/RtHA8Y3a9c9Lr/hRXYPGNkzGSVS6osrYN13x7Nx2TLQ6aU/aXx3rhzcODRT3bzWQx28O/p+P7hi5afd4/3YH8yjZvz2Dh/+0+TtP3nTxzqvHNxyt+72ov9Ms0val/ded9Pe8JK95gbw6Anndc8ap//R3/3PTy7ujgY4/LJpad1FenckA6IzfVaretIbZcX2fdCfl0z2ePu/cbZtuPXfkjp1nD29au2Fow9Dm5cuXX3j+8vMuOO8/nTuW+vjXtuWf1v8fSuZ/ZMbTlgsGh9Ov5cZTUbuK+mO0XcX9Udui0M/fOz9yxT/c9X/3XDO+oWicp6UnjifJcvbobl4W1Yy3qX2Vl1dRP3QG+mHDtb3/69X+Lf9WdByq3TO1XzPiwcN/GP6bS+bsPf3G8Q1H5Dhf26Amj/MTrU7a01l73Fl29PZvV1RN8urNbdfpd7/ysb/9btw/0b5Zs6Lb127btnXZ+NcjlNc7r/1ce/O6cMm/3rZzzV3zp+R13vjXOUlL58Qn5rYruzXNa9HY12qUdEu6iLor+fl1RuPty/5eSJ+X7dXe5LHe+NjcvLLSx1a9eP/jL+x8cHGop+NvjdfYE80dX8YnBUpuzDyxOtHgvPqLxkcURWtqt6X9+OR3/kf/3p/M31Q4PsZHxpSv2fQGD3/+ojm/Gblu38rxDUfmuFLToCaPKxOtnmzPWH+NHVfOO3ry+Mvt57ofrHjw8N6T3r1h+f/flvzYF/XvROm8/l0eRUXHgUWZ9Zk6DmTrmSyfH68/s94bVZs6bjx//pKvfn/XjoPB48bvyx43Ple3Vm3xuBEHxtP+z//vP312/7Pvb99x4/1Lqp/4x0XLkw49Wn7eupNx3R0Y1xOtTtoT147rc27asnHd+Paj9/w3WRZc/6S/v0fu2PnptRs3Dm0dKZdX2fOStJ5sLzd7XpL+9B1bkFe6vybzmrlvyvRX2Z+3tP3rsv3V5M8b5OmN4qZ+nz276aL9S3b+8kBfIG68ppLErzQVf+ScVx576ZofnxCMvyeN39FU/OqKsw4tu3tgVTD+Q3ESv7up+A9f9ujX5r3nqceC8QfS9vc0dz4xvP2N6x85Ltz/URq/t6n4z4wMr7zn5kU7gvH3xUk9o+d2UfTEa8vXj6/HUWdyHE7b0VnXrii7HmfWK5n1au16ZXwOfqKCahzXb0/LJdtPrWlLnuuiKNrXNXV7evbYvWB8eTBdj7LfNN5+tKnUnBPkbS86vwaAt5L09f/0XCN9/X9R8gux5vX/8WU8q+75C5LzqQWTm8au8+7qH/9FOt15vbQd2Xm9NP7S0+tjNDuvVzQvd1pmPW3XoqRX0vY0OG+YE5WYl5taT+N5uUz6xfNm/V/KbOgYm9sL7bfOZKYi73XmTHvnjEZo9Tx7QX6rJ86zQ+MuO9+Rvk4flxx32fsi0v2bvS8ijb8wM4HW7H0RrY67dFqjwbgby6x4PnXquIga9OvkuMiPlh0X0xhHfePjaGZfl3rzX+/P7Pz722Y+Idpd3z8l5xOO9uv9dHt6fOgoOQ+wKrC9XfMA6eEibdevGrTlSDAPAACT1//pOcXo9f/o7+r+zHl+0XVL9iojjRe8j6Wa356i69+p97PNbuq88tJXjz9jxZZHNwTPi58se1/KrXVrswvuSynqx8WZ9cJ+DNwKUjTvsCRTvjea21Q/nvbrG67fu3/o+WA/Do6fSBX34566tbkt9uPSzHphP3bmt6qoH7P1FI3fMzPrvckdQdPt9/cuvvTqlQc23xfs991l+/2hurW+gn53nR6I7zr9LfG6f9F85F9sHiCZt56peYBrA9unOw/QO+WbibzGvOnmAQK/FwDgzSy9/p+4Xz65/v+rTLlWrw+D522D7bmfNXjeNnFe29p5ebD9E+flrV0XBeNPXBe1dt0S7J+J65bWrruC8Seuu1qbpwn2z5Np/0w9799VIn563h/6c4H0vP/Nf100s/MMrouS9Sj7zTjXRQAAHA3S6//0dDW9//+pZD17bjzz17kzfR0609fRMz3PMNPzJG/269wjP89QJn75eYaZnmczD2AeoJh5AACAt4b3JcsbS5bvGLuHOIo+ddPN561eN/SZ1eu3Dg2N3Lr2pqHVw5uHt02U6xy78pp6n3SovqL7pPPKz25QfnUwfn17Lg+UD2k1/1B9RfnnlW+U/5pg/Pr2XBEoH9Jq/qH6ivKvLX9JifzXBuPXt+fKQPmQVvMP1VeUf175Rvl/Khi/vj3vD5QPaTX/UH1F+eeVb5T/TcH49e35L4HyIa3mH6qvKP+88o3yz75fZij/DwTKh7Saf6i+ovzzyjfKfygYv749HwyUD2k1/1B9RfnnlW+U//pg/Pr2rAyUD2k1/1B9RfnnlW+U/4Zg/Pr2XBUoH9Jq/qH6ivLPK98o/5uD8evb86FA+ZBW8w/VV5R/XvlG+Q8H49e35+pA+To1E8et5h+qryj/vPKN8r8lGL++PR8OlA9pNf9QfUX555VvlP+ng/Hr23NNoHxIq/mH6ivKP698o/w3BuPXt+faQPmQVvMP1VeUf175RvlvCsavb89HAuVDWs0/VF9R/nnlG+W/ORi/vj0fDZQPaTX/UH1F+eeVb5T/lmD8+vasCpQPaTX/UH1F+eeVb5T/rcH49e25LlA+pNX8Q/UV5Z9XvlH+twXj17fnY4HyIa3mH6qvKP+88o3y3xqMX9+ejwfKh7Saf6i+ovzzyjfKfyQYv749nwiUD2k1/1B9RfnnlW+U/7Zg/Pr2XB8oH9Jq/qH6ivLPK98o/+3B+PXtuSFQPqTV/EP1FeWfV75R/p8Jxq9vzycD5UNazT9UX1H+eeUb5b8jGL++PTcGyoe0mn+ovqL888o3yv/2YPz69qwOlA+ZyH/b1qGh1dtvXbd229DqzVvWDY2s3rF1eNu2oeRErdX7EoP3lSX3JXZGHQ3zX5hZPyZ5f6BjAu8PlC2fhj1x7Jup7w+Urbaj4H1yivZXtv6i9xnKK5833kL7t+h4UHY8ZNX9fIwPkuHNI0Nbpx6/exr2R+2YiMZum+sZX8bHlyqffbvOQDWFyufT3TCf7Oau5EbArvi4UuWjwOfBTVf5fOJgPnntmO7n2KVhp/U5dpkvU+S8R2tdvutHxg7Sw2s3Du8cmtr+2UdB+8v04+62t6MypR1F+z/O9Mf8pCXzQ5/3Fui/Hd/+l4d/97v/94EoGjiuelJL/RcPHl5z8PhP/ezirnNH219p2P6JkunnKhd8/mG2fJpPx8YtI9v+4/ot2zfnv4KW3u9cmVifofudkzyrJe9fDt3vMd37l+Mp3xydyt6/DAAA8HaR/v1/er26IPkb1PmZKYLy88Ct/X10cB54X7l54OxsRNE8cLZ8mnbZeeDeFueBs/WH5mkrDco3et2l7DzwJwLlp6v8OGntfQCC4yTpqaJxkv07/KJxki0/3XHS0+I4ydZfNE7yyjd6fbrsOLkuUD6k/Hho4n0n+iffdyI4HgbKjYfs52oWjYds+emOh+4Wx0O2/qLxkFe+0f06ZcfDRwLlyyo/Plp7X5jg+FhTbnxkPy+laHxky093fMQtjo9s/UXjI698o/sZy46PDwfKp8rv/9betye4//eU2//Zz20p2v/Z8tPd/5UW93+2/qL9n1e+0f3cZff/VYHyqfr9P7rjx/b70OodW7bW3gM905/bElK+fTP7uTXNKt/+mX3fp5lv/8y+r9TMt7+166Zg+/e19kpX+fbP7OcSNeuIvR6b/M1Q0ftPFb1O+/HA9um+TjtryjdHJ6/TAgAAwMxLX/9PP44/fX/4LyfLwMf0N+3N//nePn87N36bPn+7aB7TfF6Dyo4C5vMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADao6tjwdjy6S+M/PGqhe/7yd1Dr+268nub7tozOOvpS+774HNf/+Q3X3hx/tJl37jl8kO3zVl5772DP7/g0E//fGdh4L7xxZnJancUxS/HUXTyz5Z+5Z4fPXPC6LY4iqJq3Lc7iubHlR/G2QgDr0dRtG6infUPPvHa8vWjy91f7qrbfkwmSDavqLeatqeundHthRnxJtSdjLMv/mDLSb895/Ln9v7istcGul/funuySNxdM56iaN6a2ud3RlHUk/wflY62BemTk+XVURTNrnnehQXtOq1k+88OrC9MlrOSZW9BnPTxUzPrnSXb0ZFZdpd8XrMqMxw/le6/OTNc/5SjW6ae+cny28nyzGnGr6b/46gSRx0T1W2MJ8dIVLPf4ige2/eT65W6sRBnxkYcRXFmvZJZr3Zm8hqrNxlo1Tiu356Wy2zvT7Z3JNtPLRhr1wa2vyvNN/lBPZjJPxu0d8o3E3mNSdv1qwZtORIqNcegvO1pe7uTndGbbOuNj53ynMM50sdWvXj/4y/sfHBxX6C++FtxEj9uKv6zmy7av2TnLw8sCOQZr6kk8StNxR8555XHXrrmxycE4+9J41ebiv/8+Uu++v1dOw72heL/Pu2fjqbiV1ecdWjZ3QOrgu1/KI3f3VT8hy979Gvz3vPUY8H2D6T909Nc/wxvf+P6R447EIwfpfFnNxX/0lePP2PFlkc3BOM/mfZPb1PxnxkZXnnPzYt29Ifi70vjz20q/mm/vuH6vfuHng+2fzDtn76m4r938aVXrzyw+b7QsTPefaR+wwK8Nb0jOcf6UrLe7HVmq2quFx7oi8fP+eYk/+e2s6KM0XrmzWB8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADemoaueGDXFftWX9kRR1EcKHM4R/pYddbgYH8T9VZXnHVo2d0Dq2q3LWgiDgAAAFAsvQ6vTGzpjhZEO+Ke6MTc8ukcwYnpWly/PTuH0DNZsi1xKm2KU21TnI42xelsU5xZbYrT1aY43QVxuqNycXoaxqmUbs/sNsXpbVOcOW2KM7dNcea1Kc4xbYrT1zBO+XE4v01xjm1TnHe0Kc472xTnuDbFOb5NcU5oU5zsnPJ0x+HcpOTCUJyxb6qFcTri6sQDefPpaT0nZ55XmWY9vSXryc7ZT7eenpL1nN5iPd0l61nSYj1xyXrObLGeSkE96bi9Pdu+tJ50reT4v6NNcXa2Kc5n2xTnc22Kc2eb4ny+TXF2tRgHoKz0+n/yurEv6uq4OJqdHHGyswDp9e6i8WdPOR51Zy/QE2m8kzLbZxXFy16oZ+ItanP7Tsts76yL1zFx3tQgXl9tvMWZBwvzzU4oZNq3dLrxshMLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADCDhq54YNcV+1ZfGcXR6L9ch3Okj1VnDQ72N1Hvqhfvf/yFnQ8urt3W1dFEIAAAAKBQeh3eObGlO+rqODeaFc/6d3btL0auqn4A+Lk7szPDtvCb/gJ1IIWOLF0xIi1dlD+p4aIPs8SgBDAaMN0tZVg3bHeR3aawImt9ID5oINHE1SfDE4bwoAZFJVkeNAYlYRPFJoLyIlE0QAIk1MRkzO7cO/8601lGtAU/n4d77j3ne873ntmmyffMtMUVknOAQvKcKdbbqDy00Y5E204an03idy8eumv3wr1LH545dGC6Ol2dGx8fv/Ly8b1X7P3o7jtmZqt76teQ77PecLLewr1Ldx6Yna3evVB/7nzvUjKv1OyaWr8cTd77//vkiZL4Zp7/3E3/vxYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJxa1crKcmVtcmIkCiHqEVPrIh3L5OK4PEDea9/cvuvq+UenW/vy2QEWAgAAAPpK6/DhRk8h5LOZkAnnbjxd2AwthtCs+wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgP891crKcmVtcmJLFELUI6bWRTqWycVxeYC8v1mYuf6BL+w80tpXGmAdAAAAoL+0Dh9q9BRCKYyG4ejctrj0bOC8jvmdcek6528yrvPsoFfc6CbjxjYZ98E+cZ9K2nvqzXPXBAAAAHj3Suv/bKOnGPLZM3vW//3q+jRuZ0dcJmkH+a0AAAAA8O9J6/9co6cU8tlSo17fbL1/YUdcOr/f9/bp/H7f26dxF/fI0/l9PgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABw+qpWVpYra5MTmSiEqEdMrYt0LJOL4/IAeV+8fOzbP18+cry1L58dYCEAAACgr7QOb5behZDPjoThsGWj7r9y7O9fXJo6um24mAzncuGeA4uLd++tX9O40a++/rnf/TQqnxB3Wf16SjYHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC8o6qVleXK2uTEGVEIUY+YWhfpWCYXx+UB8r44c/iftz5yzmutfaUB1gEAAAD6S+vwZu1fCKWQC7mwfeOptdZfN9Qxv9eZAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDesXDv0p0HZmerd7tx48ZN4+ZU/88EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACcLqqVleXK2uREIQoh6hFT6yIdy+TiuDxA3oc//uh3z/rILx5r7SsNsA4AAADQX1qHN2v/QiiF4TAcztl46nYmsFH/F/+LLwkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJwWqpWV5cra5MSZUQhRj5haF+lYJhfH5QHyXvjnz9+6eqz6YmtfPjvAQgAAAEBfaR2ea/QUQj57WciHHcnzbPuEKJO03c8FmvPuaps2sul597XNy2x63tc6dpZNdlOfV0jXK9bbxrzyifPKIYRSMq/UHJhqmxceapt15qbf83tt84p95gUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4DVUrK8uVtcmJKAoh6hFT6yIdy+TiuDxA3ucOXXVsbOmPr7X2lQZYBwAAAOgvrcObtX8hlML54axw/kbdH4rt8WncvkdeufqvPzvjGyHs2f7bC7I91//LxZVfdl5CGGoPGgrh/5J8UY98R378t4dfffUnnwxhzzmZHW83X/uScW3q+Pbbnt2X332SDwYAAADeQ9L6f7jRUwz57FzP+j+tvN9W/T9/9k33bUuuSUXeMWOomOQb6pHvziu++aPyBcf+sF7/nyzfp7983ie2hfkr4pn0Wu/pEMW12Qd37X9569OH013X82c68qefy0vHf/iZIwsHv1LPXwiFpP+8bLf8J147nBHX3pp74qmD+5ZuaM+f7bH/B3a9/0+//86hV9bzv7FzpJH/AyfZ/8nzn31z5fmjjz90Y3v+4R75p2/a8v03y/P/6Nz/SMfCySdf/4O3/BU6RHHtjZlnrtm6Orq/PX8IYao1MP38n3riW+XVX287lOZPfyty8WhH/pZ/aq3XjjOnKK6t7rhkevzJxS3t+aOO/On+j93/g7e+dOy56zr3f3vn/nvm79z/dWOZW17YOT7Ij2cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN4FqpWV5cra5ETIhBD1iKl1kY5lcnFcHiDvxy669obrX5v7emtfPjvAQgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMA7plpZWa6sTU4MRSFEPWJqXaRjmVwclwfIu3Dp64+9fOOv3tfaVxpgHQAAAKC/tA5v1v6FUAq5kAsjG3X/1PHttz27L787FOujUdJmZ+cXFj90x/zhudtP0ZsDAAAAm5XW/9lGTzHksxeF4aT+X91xyfT4k4tb0vo/hDC1fincMTNbHQ+Nc4LrxjK3vLBzvNw4J2iNu/Tg/GxyTJCue/9VW19a+Oza9V3X3duMe2PmmWu2ro7uT+OGk3Yj7rJm3OyDu/a/vPXpw2ncUHpOsR63pxn31twTTx3ct3RDOp5pXa8l7uybK88fffyhGxvrJO1IkhcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+xQ4cCAAAAAAA+b82QlVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVRX26yjEqiKOA/DMvbt69a7bblFuUqRiokGyUlEJ0SokPbQhBb5Y4ENWRia1hCGEm5CFSfhUERQRBYFIQdBDERaUQRIFEdpDGNpDPcRGtCFuVOzuzO7do6fdTq2CfB8cxplzz2/+Z8549l4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg/Jrb1jPWHn564Pc7F932+e4tw7tuf3/bU/v75hy+dd8dx165980TJ7tXrH7jofUjj3b0793b9/WNI1/8+eS0wU+MNytTtxFC/DmGcOWXK17Y8+mRhaNjMYRQj12DIXTH2sfdsZDQezqEcN9EnVNPvjt83f2j7eBzc6eMX1QIKd5XaNZzPeO6ptbLhaWR9tkzH26/4sdV648d+nbdcG/j9GODkx+JjZb9FELn5tbr20MI89IxKu+2nnxxajeEEOa3XHfTNHUtnWH915b0F6V2Tmqb0+Tk80sK/fYZ1tFWaBszvK6q2iznZ/n5dczy/MWXW3Ge7tS+l9qV/zK/no8YajG0TUz3cJzcI6HlucUQx579ZL82ZS/Ewt6IIcRCv1bo19sL9zU2b9po9RinjufPFcYXp/G2NL5kmr12d8n45fl+03/UU4X7L4Y2z/jHxH2NyXV9/w+1nAu1lnfQ2cZzvY30MJpprBkvPuOav84in9t48vm3T+x8dVlXSR3xnZjyY6X8b7bdfHT5zu+GesryN9dSfq1S/sCqXw/+dNdnC0vz9+f8eqX849cvf/GDXTtOla7PL3l92irl19dcM7J6d+/G0vpfy/mNSvmvrzvwcucNnxwsrb83r8+8auuz9fE/Nr116VBpfsj58yvlr/3tsqvXbD/wQGn+R3l9mpXyjwxs7d/z4FU7Fpflf5XzF1TKX/rDPZsOHd1yvLT+vrw+XZXyb1m2dkP/0CP7yt6dcfBc/YUFuDBdkr5jPZv6VX9n/lctvxde6orj3/k60rHg/5yoYHSezlnMBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIC/2YEDEgAAAABB/1+3I1AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4KkAAAD///jJWGs=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x40142, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000005dc0)={'#! ', './file1', [], 0xa, "6d5710629424cea434a7782b21bc5d4008989b28cb4f33d28d322978289518807785b0fc52bd7d"}, 0x32) copy_file_range(r1, &(0x7f00000001c0), r0, 0x0, 0xffffffffa003e45c, 0x700000000000000) 2.995925899s ago: executing program 0: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008000000000000001c2df6f270000000fad413ec50000000f00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='netlink_extack\x00', r0}, 0x10) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYBLOB="3c00000010001fff001201000006000043be4354", @ANYRES32=0x0, @ANYBLOB="ff7f000000000000140012800a00010076786c616e000000"], 0x3c}, 0x1, 0x8000a0ffffffff}, 0x0) r1 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f00000000c0), 0x492492492492627, 0x0) 2.989664503s ago: executing program 1: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0xfff, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000000df1f00000000000700000018190000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000024"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)) mount$tmpfs(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000400), 0x0, &(0x7f00000002c0)={[{@huge_always}]}) chdir(&(0x7f0000000140)='./file0\x00') r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='rss_stat\x00', r1}, 0x10) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x28011, r2, 0x0) 2.881825852s ago: executing program 4: openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000300)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) read$snddsp(0xffffffffffffffff, &(0x7f0000000740)=""/56, 0x38) 2.075042428s ago: executing program 4: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd(0x0) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f00000005c0)={0x0, 0x0, 0x0, r2}) r3 = eventfd2(0x0, 0x0) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000180)={0x0, 0x0, 0x0, r3, 0x4}) 1.934614424s ago: executing program 0: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) getsockopt$bt_BT_VOICE(r0, 0x112, 0xb, 0x0, &(0x7f0000001140)) 1.920878326s ago: executing program 1: r0 = io_uring_setup(0x511f, &(0x7f0000000180)={0x0, 0x0, 0x2}) io_uring_register$IORING_REGISTER_IOWQ_AFF(r0, 0x11, &(0x7f0000000040)="e9", 0x1) 1.57304274s ago: executing program 3: syz_open_dev$radio(&(0x7f0000000040), 0x2, 0x2) getrandom(&(0x7f0000000040)=""/25, 0x19, 0x0) 1.140398669s ago: executing program 0: mknod(&(0x7f0000000200)='./file0\x00', 0x8000, 0x287e) open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) msgget$private(0x0, 0x208) socket(0x11, 0x3, 0x0) mknod(&(0x7f00000000c0)='./bus\x00', 0x8000, 0x44002802) open(&(0x7f0000000280)='./bus\x00', 0x0, 0x0) 909.201273ms ago: executing program 4: r0 = socket(0x18, 0x3, 0x0) getsockname(r0, 0x0, 0xffffffffffffffff) 797.373481ms ago: executing program 1: bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@struct={0x0, 0x1, 0x0, 0x10, 0x0, 0x0, [{}]}]}}, &(0x7f0000000280)=""/246, 0x32, 0xf6, 0x1}, 0x20) write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfd14) fallocate(0xffffffffffffffff, 0x100000003, 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000000)={0x0, 0x0}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.stat\x00', 0x275a, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000180)='./file0/file0\x00', 0x80000c, &(0x7f00000003c0)=ANY=[@ANYBLOB="706172743d3078300002a27f9edc6b44900000c63d5f852c6769643d", @ANYRESOCT, @ANYRESOCT, @ANYRES64=0x0, @ANYRESOCT=r0, @ANYRES8, @ANYBLOB="2c6e03d465636f6d706f73652c6769643d29ab72f4a2f73b811c7fd9bae7ecd520839bd791f81b6637f549a77ac6cb621635f9c08b2615964a3c43b727df50d049dc760465dea7349206240e6fb4756f276c72f20bab7d507fe4853b18ebe583cbf9009044b021249834326e80399ca072639251325e38177eef4f05093acfe76553919ecca99460ea4ebdbcef9c4e0ed3f10f86889116979b7aa52b38442546b806d6b8964f99a04195ad43adb611", @ANYRES16=r0, @ANYBLOB="459b"], 0x1, 0x701, &(0x7f00000009c0)="$eJzs3UtoHOcdAPD/rFaPVcGREz/SEsgSQ1oqaksWSqte6pZSdAglpIeeF1uOF6/lIClFNqVR+rj3kFNP6UG30ENJ74b23BAo6VHHQCGXnHRTmdmZ3Vlptbuy9Yrz+4mZ+Wa+x3zzn52ZfSC+AL6xlmej+iSSWJ59czNd39leaI1tL0zm2a2ImIiISkQ1Ikk3JauR5d7Kp/h25Dml5QEfNpfe/vyrnS/aa9V8yspXBtXrY+Lgpq18inpEjOXLg8YPafGT/bvvae/2oe2NKukcYRqwa0Xg4i/P1Co8s70Dtjp5H/8nm3fK9Kl+lOsWOKeS9nMz173UZyKmI2Iqov3Uz+8OldPv4fHaOusOAAAAwFHVjl7lhd3Yjc24cBLdAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgOdVPv5/kk+VIl2PpBj/fyLfFnn6HBo+EOJnk+3lk5PvDAAAAAAAAACcuFd3Yzc240Kxvpdkv/m/VvqN/1vxXqzHSqzF9diMRmzERqzFfETMlBqa2GxsbKzNZzUjLg2oeTM+7VPz5uF9vNW7mhzHcQMAAAAAAADAOTY1JP/++MFtv4/l7u//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwHiQRY+1FNl0q0jNRqUbEVFFuK+LTiJg4294eSdJv45PT7wcAAAA8k6ne1WRqhDovvB+7sRkXivW9JPvMfyX7vDwV78VqbEQzNqIVK3En/wydfuqv7GwvtHa2Fx6k08F2f/rlkbqetRjt7x767/nlrEQt7kYz23I9bkcSe5lK3srLO9sL6fJB/359kPYp+UluQG/GSuk76ezqJ1n6z73fIlSPdIgj2t9o5dCSM1nueCcic3nf0hoXiwj0j8TQs1MduKf5qHS++bk0eE/9Y/7B4L1P7yvV95ubM7E/Ejej0jlDVwZHIuK7//j41/daq/fv3V2fPT+H1Nf7Q0vsj8RCKRJXn6NIDDeXReJyZ305fhG/itn4cvKtWItm/CYasREr9SK/kb+e0/nM4Eh9Nl1ee2tYT9Jrst65f/XrUz16+hT1+HmWasRr2Tm9EM1I4mFErMQb2d/NmO/cDbpn+PIIV31lhDttybXvZYtOmKJ2eNm/jdbkcUnjerEU1/I9dybLK2/pRunFvlEqnnWjP49Kqt/JE2kLfxj4fDht+yMxX4rES4e9Xtoh/eteOl9vrd5fu9d4d8T9vZ4v0+voTwOeEifymB4oPcMvxlR+cBezeZJdU3NZ3kudXhXx+m8zYj7Lu9RppfeJm+Zd7tRrX6m/jIdxp+dK/WEsxmIsZaWvZKXHDzyx0ryrnZZ67+FpXvpOq9r5Yaf8futhtNrvhyK2vva3bYDn2fT3pydq/6v9u/ZR7Y+1e7U3p342+aPJVyZi/F/jP67Ojb1eeSX5e3wUv+t+/gcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJ7e+qPH9xut1spa/0Slf1YyuFajtVcMJDagTE8iyYfKGaFwsv7o8d7QBgcnJvPuPWX140wUozUOL1w/wW4kW/vP19Twc1GM8jTCLpJ8mMrSSysinrrPxZ67W8bPwancn6gfuVb9wHHlieIFWyp89Fdvrd/5GouIfoWH3DjGjuHmA5ypGxsP3r2x/ujxD5oPGu+svLOyOr64uDS3tPjGwo27zdbKXHteqnD6o+oBJ6T8dqJjIiJeHV53wECtAAAAAAAAAAAAwAk6jf+FOOtjBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAL7elmej+iSSmJ+7Ppeu72wvtNKpSHdLViOiEhHJbyOSf0bcivYUM6XmksP282Fz6e3Pv9r5ottWtShfidg6tN6gNru28inqETGWL59BT3u3h7c30U1O9slOOkeRBuxaETg4a/8PAAD//9qm8z8=") ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x41, 0x0, 0x0) clock_adjtime(0x0, &(0x7f00000004c0)={0xc7}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 666.554834ms ago: executing program 3: r0 = inotify_init1(0x0) r1 = dup(r0) readv(r1, &(0x7f00000000c0)=[{&(0x7f0000000bc0)=""/210, 0xd2}], 0x1) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6}]}) 37.731377ms ago: executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x301, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x10042, 0x0) pwrite64(r1, &(0x7f0000000000)="19", 0xffffff18, 0x9) sendfile(r0, r1, 0x0, 0x1002000000002) timer_settime(0x0, 0x0, 0x0, 0x0) pipe2(0x0, 0x0) r2 = signalfd4(0xffffffffffffffff, &(0x7f0000000140), 0x8, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x0, 0x0) dup3(r3, r2, 0x0) 0s ago: executing program 0: r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) fchdir(r0) mount(&(0x7f0000000100)=@filename='\x00', &(0x7f0000000040)='./cgroup/file0\x00', &(0x7f00000000c0)='proc\x00', 0x0, 0x0) statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) getresuid(0x0, 0x0, 0x0) setresuid(0xee01, 0x0, 0xee01) kernel console output (not intermixed with test programs): d [ 414.124968][ T7389] BTRFS info (device loop2): using sha256 (sha256-generic) checksum algorithm [ 414.136594][ T7389] BTRFS info (device loop2): using free-space-tree [ 414.689617][ T7420] loop1: detected capacity change from 0 to 1024 [ 414.789542][ T7420] EXT4-fs: Ignoring removed orlov option [ 414.795825][ T7420] EXT4-fs: Ignoring removed nomblk_io_submit option [ 414.944423][ T7420] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 415.204302][ T29] audit: type=1804 audit(1717044378.101:178): pid=7389 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir1199615156/syzkaller.49mH78/127/bus/cgroup.controllers" dev="loop2" ino=263 res=1 errno=0 [ 415.578501][ T5076] BTRFS info (device loop2): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 415.766883][ T7425] loop4: detected capacity change from 0 to 512 [ 415.839418][ T5077] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 415.934318][ T7425] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -13 [ 415.972970][ T7425] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #13: comm syz-executor.4: invalid indirect mapped block 2683928664 (level 1) [ 415.999288][ T7425] EXT4-fs (loop4): Remounting filesystem read-only [ 416.019321][ T7425] EXT4-fs (loop4): 1 truncate cleaned up [ 416.025621][ T7425] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 416.100667][ T5170] usb 1-1: USB disconnect, device number 11 [ 416.106178][ T7425] overlayfs: missing 'lowerdir' [ 416.237149][ T7428] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'. [ 416.392230][ T7428] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 416.610391][ T7428] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 416.915710][ T7428] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 417.023865][ T5086] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 417.050509][ T3018] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 417.154943][ T7428] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 417.255961][ T3018] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 417.374801][ T3018] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 417.476580][ T7428] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 417.513666][ T7428] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 417.540201][ T7428] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 417.566664][ T7428] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 417.642263][ T3018] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 417.954901][ T3018] bridge_slave_1: left allmulticast mode [ 417.961160][ T3018] bridge_slave_1: left promiscuous mode [ 417.968131][ T3018] bridge0: port 2(bridge_slave_1) entered disabled state [ 417.989089][ T3018] bridge_slave_0: left allmulticast mode [ 417.995453][ T3018] bridge_slave_0: left promiscuous mode [ 418.002314][ T3018] bridge0: port 1(bridge_slave_0) entered disabled state [ 418.502156][ T7441] loop2: detected capacity change from 0 to 1024 [ 418.580648][ T3018] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 418.657194][ T3018] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 418.687375][ T3018] bond0 (unregistering): Released all slaves [ 418.744193][ T7438] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 419.216988][ T3018] hsr_slave_0: left promiscuous mode [ 419.228441][ T3018] hsr_slave_1: left promiscuous mode [ 419.243697][ T3018] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 419.251375][ T3018] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 419.274749][ T3018] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 419.283387][ T3018] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 419.292489][ T11] hfsplus: b-tree write err: -5, ino 4 [ 419.305760][ T3018] veth1_macvtap: left promiscuous mode [ 419.312300][ T3018] veth0_macvtap: left promiscuous mode [ 419.318401][ T3018] veth1_vlan: left promiscuous mode [ 419.324157][ T3018] veth0_vlan: left promiscuous mode [ 420.714451][ T3018] team0 (unregistering): Port device team_slave_1 removed [ 420.793470][ T7456] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 420.857525][ T3018] team0 (unregistering): Port device team_slave_0 removed [ 421.074282][ T7454] loop0: detected capacity change from 0 to 32768 [ 421.187132][ T7454] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor.0 (7454) [ 421.223749][ T7454] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 421.234470][ T7454] BTRFS info (device loop0): using sha256 (sha256-generic) checksum algorithm [ 421.245912][ T7454] BTRFS info (device loop0): using free-space-tree [ 421.260088][ T50] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 421.437449][ T50] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 421.453099][ T50] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 421.475247][ T50] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 421.496294][ T50] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 421.506001][ T50] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 421.821891][ T779] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 422.206612][ T779] usb 4-1: config 0 has an invalid descriptor of length 188, skipping remainder of the config [ 422.217342][ T779] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 422.226854][ T779] usb 4-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00 [ 422.236330][ T779] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 422.312924][ T779] usb 4-1: config 0 descriptor?? [ 422.417229][ T7459] chnl_net:caif_netlink_parms(): no params data found [ 422.589021][ T29] audit: type=1804 audit(1717044385.491:179): pid=7454 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir4189600340/syzkaller.qltzyk/135/bus/cgroup.controllers" dev="loop0" ino=263 res=1 errno=0 [ 422.706763][ T7486] loop1: detected capacity change from 0 to 512 [ 422.878682][ T7486] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -13 [ 422.888684][ T7486] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #13: comm syz-executor.1: invalid indirect mapped block 2683928664 (level 1) [ 422.939980][ T7486] EXT4-fs (loop1): Remounting filesystem read-only [ 422.949854][ T7486] EXT4-fs (loop1): 1 truncate cleaned up [ 422.956137][ T7486] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 423.001146][ T7486] overlay: Unknown parameter '/' [ 423.084781][ T5072] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 423.562942][ T50] Bluetooth: hci3: command tx timeout [ 423.826844][ T7459] bridge0: port 1(bridge_slave_0) entered blocking state [ 423.835302][ T7459] bridge0: port 1(bridge_slave_0) entered disabled state [ 423.850686][ T7459] bridge_slave_0: entered allmulticast mode [ 423.859961][ T7459] bridge_slave_0: entered promiscuous mode [ 423.912976][ T5077] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 423.938961][ T7498] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 423.978718][ T7459] bridge0: port 2(bridge_slave_1) entered blocking state [ 423.986711][ T7459] bridge0: port 2(bridge_slave_1) entered disabled state [ 423.994668][ T7459] bridge_slave_1: entered allmulticast mode [ 424.004041][ T7459] bridge_slave_1: entered promiscuous mode [ 424.244199][ T7459] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 424.313235][ T7459] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 424.543004][ T7459] team0: Port device team_slave_0 added [ 424.576356][ T7459] team0: Port device team_slave_1 added [ 424.713336][ T7459] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 424.720505][ T7459] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 424.746996][ T7459] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 424.798016][ T7459] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 424.805411][ T7459] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 424.832294][ T7459] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 425.032142][ T779] usb 4-1: USB disconnect, device number 6 [ 425.067112][ T7459] hsr_slave_0: entered promiscuous mode [ 425.121840][ T7459] hsr_slave_1: entered promiscuous mode [ 425.148785][ T7459] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 425.156936][ T7459] Cannot create hsr debugfs directory [ 425.646098][ T50] Bluetooth: hci3: command tx timeout [ 425.815624][ T3018] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 425.923017][ T3018] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 425.949017][ T7504] A link change request failed with some changes committed already. Interface ip6gretap0 may have been left with an inconsistent configuration, please check. [ 426.077791][ T3018] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 426.134189][ T7509] loop3: detected capacity change from 0 to 64 [ 426.238787][ T3018] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 426.315529][ T7509] hfs: unable to read volume bitmap [ 426.321264][ T7509] hfs: can't find a HFS filesystem on dev loop3 [ 426.440553][ T3018] bridge_slave_1: left allmulticast mode [ 426.447829][ T3018] bridge_slave_1: left promiscuous mode [ 426.456376][ T3018] bridge0: port 2(bridge_slave_1) entered disabled state [ 426.487300][ T3018] bridge_slave_0: left allmulticast mode [ 426.494836][ T3018] bridge_slave_0: left promiscuous mode [ 426.502149][ T3018] bridge0: port 1(bridge_slave_0) entered disabled state [ 427.293265][ T3018] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 427.358848][ T3018] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 427.396903][ T3018] bond0 (unregistering): Released all slaves [ 427.601579][ T4429] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 427.621046][ T4429] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 427.665139][ T4429] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 427.742784][ T4429] Bluetooth: hci3: command tx timeout [ 427.745926][ T5082] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 427.761741][ T5082] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 427.771259][ T5082] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 427.994152][ T7459] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 428.066671][ T7459] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 428.188656][ T7459] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 428.266835][ T7459] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 428.417171][ T3018] hsr_slave_0: left promiscuous mode [ 428.434221][ T3018] hsr_slave_1: left promiscuous mode [ 428.465985][ T3018] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 428.474214][ T3018] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 428.521368][ T3018] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 428.530287][ T3018] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 428.570428][ T3018] veth1_macvtap: left promiscuous mode [ 428.577077][ T3018] veth0_macvtap: left promiscuous mode [ 428.583128][ T3018] veth1_vlan: left promiscuous mode [ 428.588687][ T3018] veth0_vlan: left promiscuous mode [ 429.541705][ T7535] loop0: detected capacity change from 0 to 32768 [ 429.587829][ T3018] team0 (unregistering): Port device team_slave_1 removed [ 429.613032][ T7535] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor.0 (7535) [ 429.648571][ T7535] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 429.654274][ T3018] team0 (unregistering): Port device team_slave_0 removed [ 429.659162][ T7535] BTRFS info (device loop0): using sha256 (sha256-generic) checksum algorithm [ 429.677552][ T7535] BTRFS info (device loop0): using free-space-tree [ 429.806223][ T5082] Bluetooth: hci3: command tx timeout [ 429.885787][ T5082] Bluetooth: hci1: command tx timeout [ 430.742720][ T29] audit: type=1804 audit(1717044393.661:180): pid=7535 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir4189600340/syzkaller.qltzyk/138/bus/cgroup.controllers" dev="loop0" ino=263 res=1 errno=0 [ 430.993061][ T7459] 8021q: adding VLAN 0 to HW filter on device bond0 [ 431.016794][ T7522] chnl_net:caif_netlink_parms(): no params data found [ 431.209045][ T5072] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 431.300999][ T7459] 8021q: adding VLAN 0 to HW filter on device team0 [ 431.388173][ T5123] bridge0: port 1(bridge_slave_0) entered blocking state [ 431.396028][ T5123] bridge0: port 1(bridge_slave_0) entered forwarding state [ 431.482007][ T7560] loop3: detected capacity change from 0 to 512 [ 431.555270][ T5123] bridge0: port 2(bridge_slave_1) entered blocking state [ 431.563026][ T5123] bridge0: port 2(bridge_slave_1) entered forwarding state [ 431.604574][ T7561] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.2'. [ 431.701196][ T7560] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -13 [ 431.742889][ T7560] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #13: comm syz-executor.3: invalid indirect mapped block 2683928664 (level 1) [ 431.798404][ T7560] EXT4-fs (loop3): Remounting filesystem read-only [ 431.807017][ T7560] EXT4-fs (loop3): 1 truncate cleaned up [ 431.813196][ T7560] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 431.841979][ T7561] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 431.956030][ T7565] overlay: Unknown parameter '/' [ 431.966784][ T5082] Bluetooth: hci1: command tx timeout [ 431.973197][ T7561] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 432.107669][ T7561] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 432.310120][ T7561] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 432.576845][ T7522] bridge0: port 1(bridge_slave_0) entered blocking state [ 432.584985][ T7522] bridge0: port 1(bridge_slave_0) entered disabled state [ 432.592933][ T7522] bridge_slave_0: entered allmulticast mode [ 432.602067][ T7522] bridge_slave_0: entered promiscuous mode [ 432.761239][ T7522] bridge0: port 2(bridge_slave_1) entered blocking state [ 432.769207][ T7522] bridge0: port 2(bridge_slave_1) entered disabled state [ 432.777957][ T7522] bridge_slave_1: entered allmulticast mode [ 432.787171][ T7522] bridge_slave_1: entered promiscuous mode [ 432.832884][ T7561] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 432.863848][ T7561] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 432.893806][ T7561] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 433.074714][ T7561] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 433.129427][ T5089] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 433.194611][ T7522] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 433.330197][ T7522] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 433.499434][ T7522] team0: Port device team_slave_0 added [ 433.550506][ T7522] team0: Port device team_slave_1 added [ 433.768498][ T7522] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 433.779005][ T7522] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 433.806538][ T7522] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 433.903959][ T29] audit: type=1326 audit(1717044396.791:181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7570 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc4bd47cee9 code=0x7ffc0000 [ 433.928039][ T29] audit: type=1326 audit(1717044396.811:182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7570 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc4bd47cee9 code=0x7ffc0000 [ 433.951599][ T29] audit: type=1326 audit(1717044396.821:183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7570 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc4bd47cee9 code=0x7ffc0000 [ 433.974967][ T29] audit: type=1326 audit(1717044396.821:184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7570 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc4bd47cee9 code=0x7ffc0000 [ 433.991972][ T7522] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 434.002553][ T29] audit: type=1326 audit(1717044396.821:185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7570 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc4bd47cee9 code=0x7ffc0000 [ 434.005048][ T7522] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 434.028201][ T29] audit: type=1326 audit(1717044396.831:186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7570 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fc4bd47bc2f code=0x7ffc0000 [ 434.028424][ T29] audit: type=1326 audit(1717044396.851:187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7570 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc4bd47cee9 code=0x7ffc0000 [ 434.054562][ T7522] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 434.111676][ T5082] Bluetooth: hci1: command tx timeout [ 434.116402][ T29] audit: type=1326 audit(1717044396.861:188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7570 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fc4bd47bae0 code=0x7ffc0000 [ 434.144501][ T29] audit: type=1326 audit(1717044396.951:189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7570 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7fc4bd47e677 code=0x7ffc0000 [ 434.421602][ T3018] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 434.505112][ T7459] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 434.880033][ T3018] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 435.017747][ T7522] hsr_slave_0: entered promiscuous mode [ 435.093067][ T7522] hsr_slave_1: entered promiscuous mode [ 435.142457][ T3018] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 435.332034][ T7577] loop2: detected capacity change from 0 to 32768 [ 435.362945][ T3018] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 435.379961][ T7577] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor.2 (7577) [ 435.469884][ T7577] BTRFS info (device loop2): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 435.480618][ T7577] BTRFS info (device loop2): using sha256 (sha256-generic) checksum algorithm [ 435.492384][ T7577] BTRFS info (device loop2): using free-space-tree [ 435.813255][ T3018] bridge_slave_1: left allmulticast mode [ 435.819246][ T3018] bridge_slave_1: left promiscuous mode [ 435.828384][ T3018] bridge0: port 2(bridge_slave_1) entered disabled state [ 435.853629][ T3018] bridge_slave_0: left allmulticast mode [ 435.859525][ T3018] bridge_slave_0: left promiscuous mode [ 435.866304][ T3018] bridge0: port 1(bridge_slave_0) entered disabled state [ 436.110865][ T29] kauditd_printk_skb: 58 callbacks suppressed [ 436.110936][ T29] audit: type=1800 audit(1717044399.071:248): pid=7577 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="loop2" ino=263 res=0 errno=0 [ 436.157305][ T5082] Bluetooth: hci1: command tx timeout [ 436.453857][ T3018] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 436.511642][ T3018] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 436.567524][ T3018] bond0 (unregistering): Released all slaves [ 437.062036][ T779] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 437.240785][ T7459] veth0_vlan: entered promiscuous mode [ 437.285620][ T5076] BTRFS info (device loop2): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 437.332530][ T779] usb 1-1: Using ep0 maxpacket: 32 [ 437.506037][ T779] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 437.517632][ T779] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 437.528114][ T779] usb 1-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 437.537609][ T779] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 437.618675][ T779] hub 1-1:4.0: USB hub found [ 437.666766][ T7459] veth1_vlan: entered promiscuous mode [ 437.683111][ T50] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 437.712288][ T50] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 437.740592][ T50] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 437.757250][ T50] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 437.778418][ T50] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 437.788877][ T50] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 437.831911][ T3018] hsr_slave_0: left promiscuous mode [ 437.868121][ T3018] hsr_slave_1: left promiscuous mode [ 437.911913][ T779] hub 1-1:4.0: config failed, can't read hub descriptor (err -22) [ 437.912099][ T3018] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 437.927892][ T3018] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 437.947579][ T3018] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 437.955431][ T3018] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 437.964768][ T779] usb 1-1: USB disconnect, device number 12 [ 437.999501][ T3018] veth1_macvtap: left promiscuous mode [ 438.005598][ T3018] veth0_macvtap: left promiscuous mode [ 438.011691][ T3018] veth1_vlan: left promiscuous mode [ 438.017313][ T3018] veth0_vlan: left promiscuous mode [ 438.633136][ T3018] team0 (unregistering): Port device team_slave_1 removed [ 438.672187][ T3018] team0 (unregistering): Port device team_slave_0 removed [ 439.465095][ T7459] veth0_macvtap: entered promiscuous mode [ 439.501366][ T7459] veth1_macvtap: entered promiscuous mode [ 439.561141][ T7459] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 439.573211][ T7459] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 439.583548][ T7459] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 439.594399][ T7459] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 439.609251][ T7459] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 439.636795][ T7522] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 439.673674][ T7522] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 439.753243][ T7459] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 439.764049][ T7459] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 439.774261][ T7459] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 439.784997][ T7459] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 439.799645][ T7459] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 439.825241][ T7522] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 439.882941][ T50] Bluetooth: hci4: command tx timeout [ 439.907390][ T7522] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 439.940753][ T7459] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 439.949898][ T7459] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 439.959083][ T7459] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 439.968264][ T7459] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 440.479524][ T7605] chnl_net:caif_netlink_parms(): no params data found [ 441.089824][ T7522] 8021q: adding VLAN 0 to HW filter on device bond0 [ 441.235985][ T7522] 8021q: adding VLAN 0 to HW filter on device team0 [ 441.352081][ T4552] bridge0: port 1(bridge_slave_0) entered blocking state [ 441.359892][ T4552] bridge0: port 1(bridge_slave_0) entered forwarding state [ 441.478579][ T4552] bridge0: port 2(bridge_slave_1) entered blocking state [ 441.486401][ T4552] bridge0: port 2(bridge_slave_1) entered forwarding state [ 441.961884][ T50] Bluetooth: hci4: command tx timeout [ 442.180379][ T7605] bridge0: port 1(bridge_slave_0) entered blocking state [ 442.188338][ T7605] bridge0: port 1(bridge_slave_0) entered disabled state [ 442.197879][ T7605] bridge_slave_0: entered allmulticast mode [ 442.207237][ T7605] bridge_slave_0: entered promiscuous mode [ 442.324067][ T7605] bridge0: port 2(bridge_slave_1) entered blocking state [ 442.332787][ T7605] bridge0: port 2(bridge_slave_1) entered disabled state [ 442.340566][ T7605] bridge_slave_1: entered allmulticast mode [ 442.350248][ T7605] bridge_slave_1: entered promiscuous mode [ 442.854240][ T7605] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 442.967520][ T7638] loop2: detected capacity change from 0 to 512 [ 443.038941][ T7605] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 443.041970][ T7635] loop0: detected capacity change from 0 to 32768 [ 443.147517][ T7635] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor.0 (7635) [ 443.179405][ T7638] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -13 [ 443.196833][ T7635] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 443.208054][ T7635] BTRFS info (device loop0): using sha256 (sha256-generic) checksum algorithm [ 443.219462][ T7635] BTRFS info (device loop0): using free-space-tree [ 443.300685][ T7638] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz-executor.2: invalid indirect mapped block 2683928664 (level 1) [ 443.348033][ T7605] team0: Port device team_slave_0 added [ 443.359232][ T7638] EXT4-fs (loop2): Remounting filesystem read-only [ 443.403786][ T7605] team0: Port device team_slave_1 added [ 443.418182][ T7638] EXT4-fs (loop2): 1 truncate cleaned up [ 443.424360][ T7638] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 443.528238][ T7638] overlay: Unknown parameter '/' [ 443.626703][ T7605] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 443.635734][ T7605] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 443.664638][ T7605] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 443.837785][ T7522] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 443.858248][ T7605] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 443.865693][ T7605] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 443.892505][ T7605] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 444.077165][ T50] Bluetooth: hci4: command tx timeout [ 444.114026][ T29] audit: type=1804 audit(1717044407.071:249): pid=7635 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir4189600340/syzkaller.qltzyk/143/bus/cgroup.controllers" dev="loop0" ino=263 res=1 errno=0 [ 444.457214][ T7605] hsr_slave_0: entered promiscuous mode [ 444.467483][ T7605] hsr_slave_1: entered promiscuous mode [ 444.478592][ T7605] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 444.485752][ T5072] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 444.486460][ T7605] Cannot create hsr debugfs directory [ 444.949642][ T5076] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 444.954974][ T3018] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 445.032591][ T7522] veth0_vlan: entered promiscuous mode [ 445.098364][ T3018] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 445.201863][ T3018] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 445.357348][ T3018] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 445.457401][ T7522] veth1_vlan: entered promiscuous mode [ 445.853569][ T3018] bridge_slave_1: left allmulticast mode [ 445.859470][ T3018] bridge_slave_1: left promiscuous mode [ 445.866247][ T3018] bridge0: port 2(bridge_slave_1) entered disabled state [ 445.906904][ T3018] bridge_slave_0: left allmulticast mode [ 445.914114][ T3018] bridge_slave_0: left promiscuous mode [ 445.920720][ T3018] bridge0: port 1(bridge_slave_0) entered disabled state [ 446.143566][ T50] Bluetooth: hci4: command tx timeout [ 446.512288][ T3018] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 446.543626][ T3018] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 446.564654][ T3018] bond0 (unregistering): Released all slaves [ 446.767334][ T787] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 446.860268][ T5136] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 446.868665][ T5136] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 447.096975][ T992] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 447.105753][ T992] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 447.118605][ T787] usb 1-1: no configurations [ 447.124904][ T787] usb 1-1: can't read configurations, error -22 [ 447.333573][ T787] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 447.384838][ T7522] veth0_macvtap: entered promiscuous mode [ 447.551087][ T3018] hsr_slave_0: left promiscuous mode [ 447.574094][ T3018] hsr_slave_1: left promiscuous mode [ 447.609670][ T3018] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 447.618137][ T3018] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 447.664297][ T3018] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 447.672494][ T3018] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 447.683289][ T5082] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 447.693082][ T5082] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 447.698394][ T787] usb 1-1: no configurations [ 447.704081][ T5082] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 447.707257][ T787] usb 1-1: can't read configurations, error -22 [ 447.720182][ T5082] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 447.737320][ T787] usb usb1-port1: attempt power cycle [ 447.737615][ T3018] veth1_macvtap: left promiscuous mode [ 447.749398][ T3018] veth0_macvtap: left promiscuous mode [ 447.751600][ T5082] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 447.755358][ T3018] veth1_vlan: left promiscuous mode [ 447.767684][ T3018] veth0_vlan: left promiscuous mode [ 447.770893][ T5082] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 448.161874][ T787] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 448.325675][ T787] usb 1-1: no configurations [ 448.330704][ T787] usb 1-1: can't read configurations, error -22 [ 448.443598][ T3018] team0 (unregistering): Port device team_slave_1 removed [ 448.472729][ T3018] team0 (unregistering): Port device team_slave_0 removed [ 448.739440][ T787] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 448.806715][ T7522] veth1_macvtap: entered promiscuous mode [ 449.057607][ T787] usb 1-1: no configurations [ 449.062684][ T787] usb 1-1: can't read configurations, error -22 [ 449.070998][ T787] usb usb1-port1: unable to enumerate USB device [ 449.253630][ T7522] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 449.264679][ T7522] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 449.275147][ T7522] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 449.285908][ T7522] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 449.300658][ T7522] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 449.327280][ T7605] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 449.420126][ T7522] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 449.431612][ T7522] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 449.444134][ T7522] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 449.455369][ T7522] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 449.470140][ T7522] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 449.485325][ T7605] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 449.540054][ T7522] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 449.550552][ T7522] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 449.560920][ T7522] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 449.570131][ T7522] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 449.690223][ T7605] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 449.779629][ T7605] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 449.883245][ T5082] Bluetooth: hci2: command tx timeout [ 450.053197][ T7673] chnl_net:caif_netlink_parms(): no params data found [ 451.252130][ T7695] loop4: detected capacity change from 0 to 32768 [ 451.352645][ T7695] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor.4 (7695) [ 451.424942][ T7695] BTRFS info (device loop4): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 451.437298][ T7695] BTRFS info (device loop4): using sha256 (sha256-generic) checksum algorithm [ 451.449054][ T7695] BTRFS info (device loop4): using free-space-tree [ 451.524003][ T7605] 8021q: adding VLAN 0 to HW filter on device bond0 [ 451.614375][ T7605] 8021q: adding VLAN 0 to HW filter on device team0 [ 451.664805][ T5119] bridge0: port 1(bridge_slave_0) entered blocking state [ 451.672608][ T5119] bridge0: port 1(bridge_slave_0) entered forwarding state [ 451.755944][ T5119] bridge0: port 2(bridge_slave_1) entered blocking state [ 451.763769][ T5119] bridge0: port 2(bridge_slave_1) entered forwarding state [ 451.962051][ T5082] Bluetooth: hci2: command tx timeout [ 452.099827][ T29] audit: type=1800 audit(1717044414.961:250): pid=7695 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="loop4" ino=263 res=0 errno=0 [ 452.405227][ T7673] bridge0: port 1(bridge_slave_0) entered blocking state [ 452.416973][ T7673] bridge0: port 1(bridge_slave_0) entered disabled state [ 452.425167][ T7673] bridge_slave_0: entered allmulticast mode [ 452.434824][ T7673] bridge_slave_0: entered promiscuous mode [ 452.591358][ T7673] bridge0: port 2(bridge_slave_1) entered blocking state [ 452.599170][ T7673] bridge0: port 2(bridge_slave_1) entered disabled state [ 452.608256][ T7673] bridge_slave_1: entered allmulticast mode [ 452.622033][ T7673] bridge_slave_1: entered promiscuous mode [ 453.012778][ T7673] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 453.049155][ T7459] BTRFS info (device loop4): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 453.145016][ T7673] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 453.415152][ T7673] team0: Port device team_slave_0 added [ 453.468904][ T7673] team0: Port device team_slave_1 added [ 453.688542][ T7673] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 453.697227][ T7673] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 453.724120][ T7673] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 453.807446][ T7673] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 453.816446][ T7673] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 453.842851][ T7673] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 454.041860][ T5082] Bluetooth: hci2: command tx timeout [ 454.289119][ T7673] hsr_slave_0: entered promiscuous mode [ 454.325867][ T7673] hsr_slave_1: entered promiscuous mode [ 454.374482][ T7673] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 454.382577][ T7673] Cannot create hsr debugfs directory [ 454.640640][ T7605] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 455.300098][ T7605] veth0_vlan: entered promiscuous mode [ 455.459145][ T7605] veth1_vlan: entered promiscuous mode [ 455.757985][ T7605] veth0_macvtap: entered promiscuous mode [ 455.769394][ T7673] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 455.821826][ T7673] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 455.857128][ T7605] veth1_macvtap: entered promiscuous mode [ 455.867682][ T7673] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 455.913546][ T7673] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 456.059703][ T7605] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 456.071967][ T7605] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 456.082256][ T7605] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 456.093110][ T7605] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 456.104277][ T7605] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 456.115357][ T7605] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 456.130809][ T7605] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 456.160607][ T5082] Bluetooth: hci2: command tx timeout [ 456.279992][ T7605] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 456.290885][ T7605] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 456.301006][ T7605] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 456.315412][ T7605] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 456.326470][ T7605] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 456.337890][ T7605] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 456.353250][ T7605] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 456.465400][ T25] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 456.473636][ T25] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 456.476365][ T7605] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 456.491296][ T7605] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 456.500456][ T7605] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 456.510810][ T7605] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 456.657232][ T992] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 456.666645][ T992] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 457.102556][ T7750] loop4: detected capacity change from 0 to 512 [ 457.380190][ T7750] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -13 [ 457.484873][ T7750] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #13: comm syz-executor.4: invalid indirect mapped block 2683928664 (level 1) [ 457.501115][ T7748] loop0: detected capacity change from 0 to 32768 [ 457.553704][ T7750] EXT4-fs (loop4): Remounting filesystem read-only [ 457.577394][ T7748] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor.0 (7748) [ 457.601642][ T7748] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 457.612264][ T7748] BTRFS info (device loop0): using sha256 (sha256-generic) checksum algorithm [ 457.624280][ T7748] BTRFS info (device loop0): using free-space-tree [ 457.679809][ T7750] EXT4-fs (loop4): 1 truncate cleaned up [ 457.686593][ T7750] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 457.700257][ T7673] 8021q: adding VLAN 0 to HW filter on device bond0 [ 457.814961][ T7673] 8021q: adding VLAN 0 to HW filter on device team0 [ 457.885966][ T779] bridge0: port 1(bridge_slave_0) entered blocking state [ 457.893827][ T779] bridge0: port 1(bridge_slave_0) entered forwarding state [ 457.968025][ T5123] bridge0: port 2(bridge_slave_1) entered blocking state [ 457.975850][ T5123] bridge0: port 2(bridge_slave_1) entered forwarding state [ 458.391065][ T7775] loop1: detected capacity change from 0 to 1024 [ 458.584031][ T7768] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 458.773986][ T29] audit: type=1804 audit(1717044421.651:251): pid=7748 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir4189600340/syzkaller.qltzyk/149/bus/cgroup.controllers" dev="loop0" ino=263 res=1 errno=0 [ 459.098985][ T7459] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 459.209069][ T1090] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 459.244173][ T5072] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 459.416611][ T1090] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 459.613038][ T1090] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 459.760568][ T3516] hfsplus: b-tree write err: -5, ino 4 [ 459.809975][ T1090] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 460.214058][ T7673] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 460.318592][ T1090] bridge_slave_1: left allmulticast mode [ 460.326657][ T1090] bridge_slave_1: left promiscuous mode [ 460.333338][ T1090] bridge0: port 2(bridge_slave_1) entered disabled state [ 460.406266][ T1090] bridge_slave_0: left allmulticast mode [ 460.412317][ T1090] bridge_slave_0: left promiscuous mode [ 460.418900][ T1090] bridge0: port 1(bridge_slave_0) entered disabled state [ 461.085947][ T1090] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 461.145419][ T1090] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 461.195466][ T1090] bond0 (unregistering): Released all slaves [ 461.660625][ T7673] veth0_vlan: entered promiscuous mode [ 461.868044][ T7673] veth1_vlan: entered promiscuous mode [ 462.018563][ T1090] hsr_slave_0: left promiscuous mode [ 462.052631][ T1090] hsr_slave_1: left promiscuous mode [ 462.148668][ T1090] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 462.156831][ T1090] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 462.181231][ T1090] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 462.189170][ T1090] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 462.228486][ T1090] veth1_macvtap: left promiscuous mode [ 462.234446][ T1090] veth0_macvtap: left promiscuous mode [ 462.240340][ T1090] veth1_vlan: left promiscuous mode [ 462.249539][ T1090] veth0_vlan: left promiscuous mode [ 463.136557][ T50] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 463.152624][ T50] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 463.165910][ T50] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 463.180829][ T50] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 463.200761][ T1090] team0 (unregistering): Port device team_slave_1 removed [ 463.204607][ T50] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 463.236581][ T50] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 463.249775][ T1090] team0 (unregistering): Port device team_slave_0 removed [ 463.739174][ T7673] veth0_macvtap: entered promiscuous mode [ 463.908558][ T7673] veth1_macvtap: entered promiscuous mode [ 464.295942][ T7673] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 464.306859][ T7673] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 464.317012][ T7673] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 464.327734][ T7673] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 464.337958][ T7673] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 464.348744][ T7673] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 464.363774][ T7673] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 464.470728][ T7673] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 464.483183][ T7673] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 464.494702][ T7673] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 464.506553][ T7673] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 464.517243][ T7673] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 464.528053][ T7673] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 464.543227][ T7673] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 464.593477][ T7673] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 464.604174][ T7673] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 464.613781][ T7673] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 464.623122][ T7673] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 464.789355][ T7803] chnl_net:caif_netlink_parms(): no params data found [ 464.876204][ T1220] ieee802154 phy0 wpan0: encryption failed: -22 [ 464.883044][ T1220] ieee802154 phy1 wpan1: encryption failed: -22 [ 465.401960][ T50] Bluetooth: hci3: command tx timeout [ 465.452573][ T4552] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 465.460632][ T4552] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 465.571333][ T992] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 465.579850][ T992] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 466.413129][ T7803] bridge0: port 1(bridge_slave_0) entered blocking state [ 466.420843][ T7803] bridge0: port 1(bridge_slave_0) entered disabled state [ 466.428980][ T7803] bridge_slave_0: entered allmulticast mode [ 466.438333][ T7803] bridge_slave_0: entered promiscuous mode [ 466.488242][ T7803] bridge0: port 2(bridge_slave_1) entered blocking state [ 466.497699][ T7803] bridge0: port 2(bridge_slave_1) entered disabled state [ 466.505761][ T7803] bridge_slave_1: entered allmulticast mode [ 466.515265][ T7803] bridge_slave_1: entered promiscuous mode [ 466.523553][ T787] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 466.823608][ T7803] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 466.943810][ T7803] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 466.959103][ T787] usb 4-1: config 220 has too many interfaces: 184, using maximum allowed: 32 [ 466.968463][ T787] usb 4-1: config 220 has 1 interface, different from the descriptor's value: 184 [ 466.978172][ T787] usb 4-1: New USB device found, idVendor=0c45, idProduct=8008, bcdDevice=e1.85 [ 466.987668][ T787] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 467.145352][ T787] gspca_main: sn9c2028-2.14.0 probing 0c45:8008 [ 467.283946][ T7803] team0: Port device team_slave_0 added [ 467.434110][ T7803] team0: Port device team_slave_1 added [ 467.451997][ T787] gspca_sn9c2028: read1 error -32 [ 467.481624][ T50] Bluetooth: hci3: command tx timeout [ 467.503876][ T787] gspca_sn9c2028: read1 error 0 [ 467.736553][ T787] gspca_sn9c2028: read1 error -71 [ 467.742373][ T787] sn9c2028 4-1:220.0: probe with driver sn9c2028 failed with error -71 [ 467.760115][ T787] usb 4-1: USB disconnect, device number 7 [ 467.787874][ T7803] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 467.795203][ T7803] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 467.823060][ T7803] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 467.943993][ T7803] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 467.951167][ T7803] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 467.982032][ T7803] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 468.295641][ T7803] hsr_slave_0: entered promiscuous mode [ 468.345399][ T7803] hsr_slave_1: entered promiscuous mode [ 468.376618][ T7803] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 468.384639][ T7803] Cannot create hsr debugfs directory [ 469.022414][ T7851] loop0: detected capacity change from 0 to 512 [ 469.240536][ T7851] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -13 [ 469.292305][ T7851] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #13: comm syz-executor.0: invalid indirect mapped block 2683928664 (level 1) [ 469.437009][ T7851] EXT4-fs (loop0): Remounting filesystem read-only [ 469.454003][ T7850] loop1: detected capacity change from 0 to 32768 [ 469.480740][ T7851] EXT4-fs (loop0): 1 truncate cleaned up [ 469.487177][ T7851] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 469.504446][ T7850] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor.1 (7850) [ 469.534552][ T7850] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 469.545327][ T7850] BTRFS info (device loop1): using sha256 (sha256-generic) checksum algorithm [ 469.556720][ T7850] BTRFS info (device loop1): using free-space-tree [ 469.581746][ T50] Bluetooth: hci3: command tx timeout [ 470.225180][ T29] audit: type=1804 audit(1717044433.171:252): pid=7850 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir3818307259/syzkaller.FgS3UU/5/bus/cgroup.controllers" dev="loop1" ino=263 res=1 errno=0 [ 470.497851][ T5072] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 470.544449][ T7803] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 470.599243][ T7599] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 470.703865][ T7803] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 470.835366][ T7599] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 470.891210][ T7522] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 470.908195][ T7803] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 470.979120][ T7803] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 471.038665][ T7599] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 471.196171][ T7599] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 471.318283][ T7716] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 471.328685][ T7716] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 471.599071][ T992] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 471.608036][ T992] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 471.658945][ T50] Bluetooth: hci3: command tx timeout [ 471.725038][ T7599] bridge_slave_1: left allmulticast mode [ 471.730920][ T7599] bridge_slave_1: left promiscuous mode [ 471.737770][ T7599] bridge0: port 2(bridge_slave_1) entered disabled state [ 471.813089][ T7599] bridge_slave_0: left allmulticast mode [ 471.819108][ T7599] bridge_slave_0: left promiscuous mode [ 471.826581][ T7599] bridge0: port 1(bridge_slave_0) entered disabled state [ 472.468223][ T7599] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 472.525692][ T7599] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 472.560539][ T7599] bond0 (unregistering): Released all slaves [ 473.344424][ T7599] hsr_slave_0: left promiscuous mode [ 473.368084][ T7599] hsr_slave_1: left promiscuous mode [ 473.388082][ T7599] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 473.397095][ T7599] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 473.446698][ T7599] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 473.455026][ T7599] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 473.519751][ T7599] veth1_macvtap: left promiscuous mode [ 473.525721][ T7599] veth0_macvtap: left promiscuous mode [ 473.532070][ T7599] veth1_vlan: left promiscuous mode [ 473.537726][ T7599] veth0_vlan: left promiscuous mode [ 474.223697][ T5082] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 474.243634][ T5082] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 474.262122][ T5082] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 474.280513][ T5082] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 474.292842][ T5082] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 474.302735][ T5082] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 474.368847][ T7599] team0 (unregistering): Port device team_slave_1 removed [ 474.519199][ T7599] team0 (unregistering): Port device team_slave_0 removed [ 474.930887][ T7892] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.1'. [ 475.258481][ T7803] 8021q: adding VLAN 0 to HW filter on device bond0 [ 475.531227][ T7803] 8021q: adding VLAN 0 to HW filter on device team0 [ 475.618782][ T25] bridge0: port 1(bridge_slave_0) entered blocking state [ 475.626586][ T25] bridge0: port 1(bridge_slave_0) entered forwarding state [ 475.740565][ T5119] bridge0: port 2(bridge_slave_1) entered blocking state [ 475.748945][ T5119] bridge0: port 2(bridge_slave_1) entered forwarding state [ 476.219771][ T7803] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 476.522008][ T5082] Bluetooth: hci0: command tx timeout [ 476.869595][ T7893] chnl_net:caif_netlink_parms(): no params data found [ 477.739429][ T7914] loop2: detected capacity change from 0 to 128 [ 477.855018][ T7803] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 477.886750][ T7914] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 478.110381][ T7918] loop1: detected capacity change from 0 to 512 [ 478.261792][ T7920] warning: `syz-executor.2' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 478.299944][ T7893] bridge0: port 1(bridge_slave_0) entered blocking state [ 478.307831][ T7893] bridge0: port 1(bridge_slave_0) entered disabled state [ 478.315837][ T7893] bridge_slave_0: entered allmulticast mode [ 478.331608][ T7893] bridge_slave_0: entered promiscuous mode [ 478.448180][ T7918] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -13 [ 478.493840][ T7918] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #13: comm syz-executor.1: invalid indirect mapped block 2683928664 (level 1) [ 478.506815][ T7893] bridge0: port 2(bridge_slave_1) entered blocking state [ 478.519679][ T7893] bridge0: port 2(bridge_slave_1) entered disabled state [ 478.533773][ T7893] bridge_slave_1: entered allmulticast mode [ 478.543168][ T7893] bridge_slave_1: entered promiscuous mode [ 478.602039][ T5082] Bluetooth: hci0: command tx timeout [ 478.631555][ T7918] EXT4-fs (loop1): Remounting filesystem read-only [ 478.639100][ T7918] EXT4-fs (loop1): 1 truncate cleaned up [ 478.645138][ T7918] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 478.863805][ T7893] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 478.917554][ T7893] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 479.186809][ T7893] team0: Port device team_slave_0 added [ 479.232310][ T7893] team0: Port device team_slave_1 added [ 479.389087][ T7893] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 479.397485][ T7893] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 479.424210][ T7893] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 479.459680][ T7893] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 479.467140][ T7893] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 479.493822][ T7893] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 479.835675][ T7893] hsr_slave_0: entered promiscuous mode [ 479.890890][ T7893] hsr_slave_1: entered promiscuous mode [ 479.914978][ T7522] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 479.917424][ T7893] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 479.933641][ T7893] Cannot create hsr debugfs directory [ 480.536236][ T7599] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 480.685203][ T5082] Bluetooth: hci0: command tx timeout [ 480.750762][ T7599] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 480.960542][ T7599] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 481.071168][ T7803] veth0_vlan: entered promiscuous mode [ 481.137750][ T7937] loop2: detected capacity change from 0 to 32768 [ 481.198822][ T7599] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 481.233996][ T7937] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor.2 (7937) [ 481.258644][ T7937] BTRFS info (device loop2): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 481.269437][ T7937] BTRFS info (device loop2): using sha256 (sha256-generic) checksum algorithm [ 481.280857][ T7937] BTRFS info (device loop2): using free-space-tree [ 481.660922][ T7803] veth1_vlan: entered promiscuous mode [ 481.684318][ T7599] bridge_slave_1: left allmulticast mode [ 481.690250][ T7599] bridge_slave_1: left promiscuous mode [ 481.703671][ T7599] bridge0: port 2(bridge_slave_1) entered disabled state [ 481.718864][ T7599] bridge_slave_0: left allmulticast mode [ 481.726129][ T7599] bridge_slave_0: left promiscuous mode [ 481.732864][ T7599] bridge0: port 1(bridge_slave_0) entered disabled state [ 482.339046][ T7599] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 482.380291][ T7599] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 482.406601][ T7599] bond0 (unregistering): Released all slaves [ 482.526370][ T7673] BTRFS info (device loop2): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 482.765463][ T5082] Bluetooth: hci0: command tx timeout [ 483.641997][ T7599] hsr_slave_0: left promiscuous mode [ 483.672475][ T7599] hsr_slave_1: left promiscuous mode [ 483.682623][ T50] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 483.696065][ T50] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 483.705259][ T7599] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 483.705617][ T50] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 483.713296][ T7599] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 483.752696][ T50] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 483.767390][ T7599] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 483.775408][ T7599] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 483.784300][ T50] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 483.813387][ T50] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 483.823021][ T7599] veth1_macvtap: left promiscuous mode [ 483.828784][ T7599] veth0_macvtap: left promiscuous mode [ 483.834888][ T7599] veth1_vlan: left promiscuous mode [ 483.840445][ T7599] veth0_vlan: left promiscuous mode [ 484.710939][ T7599] team0 (unregistering): Port device team_slave_1 removed [ 484.737709][ T7599] team0 (unregistering): Port device team_slave_0 removed [ 484.972139][ T7963] loop3: detected capacity change from 0 to 32768 [ 485.311269][ T7963] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 485.397311][ T7893] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 485.450887][ T7803] veth0_macvtap: entered promiscuous mode [ 485.461775][ T7893] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 485.515469][ T7893] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 485.583343][ T7803] veth1_macvtap: entered promiscuous mode [ 485.615093][ T7893] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 485.875276][ T7803] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 485.886073][ T7803] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 485.896227][ T7803] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 485.906966][ T7803] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 485.922479][ T7803] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 485.968850][ T5082] Bluetooth: hci1: command tx timeout [ 485.996962][ T7963] XFS (loop3): Ending clean mount [ 486.037760][ T7803] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 486.050700][ T7803] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 486.061251][ T7803] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 486.072155][ T7803] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 486.088495][ T7803] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 486.115216][ T7963] XFS (loop3): Quotacheck needed: Please wait. [ 486.227125][ T7963] XFS (loop3): Quotacheck: Done. [ 486.276954][ T7803] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 486.286182][ T7803] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 486.295338][ T7803] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 486.304480][ T7803] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 486.387230][ T7964] chnl_net:caif_netlink_parms(): no params data found [ 486.594822][ T7982] nbd2: detected capacity change from 0 to 2199023255570 [ 486.841943][ T7605] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 486.990817][ T7893] 8021q: adding VLAN 0 to HW filter on device bond0 [ 487.189502][ T7893] 8021q: adding VLAN 0 to HW filter on device team0 [ 487.233387][ T7983] block nbd2: shutting down sockets [ 487.326265][ T4552] bridge0: port 1(bridge_slave_0) entered blocking state [ 487.334144][ T4552] bridge0: port 1(bridge_slave_0) entered forwarding state [ 487.428075][ T4552] bridge0: port 2(bridge_slave_1) entered blocking state [ 487.435924][ T4552] bridge0: port 2(bridge_slave_1) entered forwarding state [ 487.706198][ T7964] bridge0: port 1(bridge_slave_0) entered blocking state [ 487.715871][ T7964] bridge0: port 1(bridge_slave_0) entered disabled state [ 487.723891][ T7964] bridge_slave_0: entered allmulticast mode [ 487.733060][ T7964] bridge_slave_0: entered promiscuous mode [ 487.785646][ T7964] bridge0: port 2(bridge_slave_1) entered blocking state [ 487.793543][ T7964] bridge0: port 2(bridge_slave_1) entered disabled state [ 487.801670][ T7964] bridge_slave_1: entered allmulticast mode [ 487.810815][ T7964] bridge_slave_1: entered promiscuous mode [ 488.041992][ T5082] Bluetooth: hci1: command tx timeout [ 488.093687][ T7964] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 488.225680][ T7964] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 488.505356][ T7964] team0: Port device team_slave_0 added [ 488.567382][ T7964] team0: Port device team_slave_1 added [ 488.820379][ T7964] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 488.828750][ T7964] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 488.855109][ T7964] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 488.960496][ T7964] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 488.967862][ T7964] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 488.995996][ T7964] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 489.235038][ T5119] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 489.466280][ T7964] hsr_slave_0: entered promiscuous mode [ 489.527976][ T7964] hsr_slave_1: entered promiscuous mode [ 489.673714][ T5119] usb 3-1: config 220 has too many interfaces: 184, using maximum allowed: 32 [ 489.683106][ T5119] usb 3-1: config 220 has 1 interface, different from the descriptor's value: 184 [ 489.692744][ T5119] usb 3-1: New USB device found, idVendor=0c45, idProduct=8008, bcdDevice=e1.85 [ 489.702210][ T5119] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 489.859769][ T5119] gspca_main: sn9c2028-2.14.0 probing 0c45:8008 [ 490.018144][ T7893] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 490.081130][ T7999] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 490.090933][ T7999] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 490.141776][ T5082] Bluetooth: hci1: command tx timeout [ 490.167872][ T5119] gspca_sn9c2028: read1 error -32 [ 490.218469][ T5119] gspca_sn9c2028: read1 error -32 [ 490.469801][ T5136] usb 3-1: USB disconnect, device number 5 [ 490.725660][ T7893] veth0_vlan: entered promiscuous mode [ 490.890684][ T7964] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 490.925011][ T7893] veth1_vlan: entered promiscuous mode [ 490.938126][ T7964] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 491.000943][ T7964] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 491.143466][ T7964] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 491.343030][ T7893] veth0_macvtap: entered promiscuous mode [ 491.475789][ T7893] veth1_macvtap: entered promiscuous mode [ 491.590500][ T7893] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 491.601281][ T7893] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 491.611698][ T7893] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 491.622528][ T7893] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 491.633936][ T7893] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 491.644971][ T7893] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 491.660400][ T7893] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 491.723692][ T7893] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 491.734732][ T7893] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 491.744884][ T7893] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 491.755611][ T7893] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 491.766802][ T7893] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 491.777569][ T7893] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 491.792945][ T7893] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 492.014678][ T7893] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 492.024816][ T7893] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 492.034032][ T7893] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 492.045509][ T7893] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 492.150581][ T1090] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 492.159333][ T1090] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 492.224292][ T5082] Bluetooth: hci1: command tx timeout [ 492.358973][ T7964] 8021q: adding VLAN 0 to HW filter on device bond0 [ 492.412476][ T8020] loop2: detected capacity change from 0 to 512 [ 492.473663][ T4312] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 492.481981][ T4312] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 492.491828][ T7964] 8021q: adding VLAN 0 to HW filter on device team0 [ 492.574830][ T4552] bridge0: port 1(bridge_slave_0) entered blocking state [ 492.582671][ T4552] bridge0: port 1(bridge_slave_0) entered forwarding state [ 492.674319][ T8020] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -13 [ 492.698253][ T8020] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz-executor.2: invalid indirect mapped block 2683928664 (level 1) [ 492.734673][ T8020] EXT4-fs (loop2): Remounting filesystem read-only [ 492.748235][ T4552] bridge0: port 2(bridge_slave_1) entered blocking state [ 492.756126][ T4552] bridge0: port 2(bridge_slave_1) entered forwarding state [ 492.771333][ T8021] loop3: detected capacity change from 0 to 2048 [ 492.807131][ T8020] EXT4-fs (loop2): 1 truncate cleaned up [ 492.813719][ T8020] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 492.953322][ T8021] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities [ 493.345323][ T8021] loop3: detected capacity change from 0 to 1024 [ 493.539597][ T8021] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 494.161610][ T8028] loop4: detected capacity change from 0 to 32768 [ 494.276164][ T8028] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor.4 (8028) [ 494.474308][ T8028] BTRFS info (device loop4): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 494.485764][ T8028] BTRFS info (device loop4): using sha256 (sha256-generic) checksum algorithm [ 494.501850][ T8028] BTRFS info (device loop4): using free-space-tree [ 494.527829][ T7673] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 494.673505][ T7599] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 494.790215][ T7599] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 494.913851][ T7605] EXT4-fs error (device loop3): ext4_empty_dir:3083: inode #11: comm syz-executor.3: invalid size [ 494.980067][ T7605] EXT4-fs error (device loop3): ext4_empty_dir:3083: inode #11: comm syz-executor.3: invalid size [ 495.030325][ T7599] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 495.042396][ T29] audit: type=1800 audit(1717044457.911:253): pid=8028 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="loop4" ino=263 res=0 errno=0 [ 495.060831][ T7605] EXT4-fs error (device loop3): ext4_empty_dir:3083: inode #11: comm syz-executor.3: invalid size [ 495.064270][ T29] audit: type=1800 audit(1717044457.921:254): pid=8028 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="loop4" ino=263 res=0 errno=0 [ 495.153523][ T7605] EXT4-fs error (device loop3): ext4_empty_dir:3083: inode #11: comm syz-executor.3: invalid size [ 495.213454][ T7605] EXT4-fs error (device loop3): ext4_empty_dir:3083: inode #11: comm syz-executor.3: invalid size [ 495.282670][ T7605] EXT4-fs error (device loop3): ext4_empty_dir:3083: inode #11: comm syz-executor.3: invalid size [ 495.292239][ T7599] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 495.333417][ T7605] EXT4-fs error (device loop3): ext4_empty_dir:3083: inode #11: comm syz-executor.3: invalid size [ 495.403204][ T7605] EXT4-fs error (device loop3): ext4_empty_dir:3083: inode #11: comm syz-executor.3: invalid size [ 495.453412][ T7605] EXT4-fs error (device loop3): ext4_empty_dir:3083: inode #11: comm syz-executor.3: invalid size [ 495.459521][ T7964] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 495.581096][ T7605] EXT4-fs error (device loop3): ext4_empty_dir:3083: inode #11: comm syz-executor.3: invalid size [ 495.685533][ T7599] bridge_slave_1: left allmulticast mode [ 495.692675][ T7599] bridge_slave_1: left promiscuous mode [ 495.699318][ T7599] bridge0: port 2(bridge_slave_1) entered disabled state [ 495.751158][ T7599] bridge_slave_0: left allmulticast mode [ 495.757431][ T7599] bridge_slave_0: left promiscuous mode [ 495.764141][ T7599] bridge0: port 1(bridge_slave_0) entered disabled state [ 495.808025][ T7803] BTRFS info (device loop4): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 496.436759][ T7599] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 496.494840][ T7599] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 496.558053][ T7599] bond0 (unregistering): Released all slaves [ 497.175308][ T7964] veth0_vlan: entered promiscuous mode [ 497.428811][ T7964] veth1_vlan: entered promiscuous mode [ 497.857582][ T50] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 497.912729][ T50] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 497.927705][ T50] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 497.947676][ T50] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 497.976416][ T7599] hsr_slave_0: left promiscuous mode [ 497.979785][ T50] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 498.004969][ T50] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 498.016206][ T7599] hsr_slave_1: left promiscuous mode [ 498.024592][ T7605] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 498.059020][ T7599] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 498.068232][ T7599] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 498.092448][ T7599] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 498.100160][ T7599] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 498.126435][ T7599] veth1_macvtap: left promiscuous mode [ 498.132320][ T7599] veth0_macvtap: left promiscuous mode [ 498.138239][ T7599] veth1_vlan: left promiscuous mode [ 498.143957][ T7599] veth0_vlan: left promiscuous mode [ 499.180422][ T8067] loop4: detected capacity change from 0 to 32768 [ 499.203621][ T7599] team0 (unregistering): Port device team_slave_1 removed [ 499.236131][ T7599] team0 (unregistering): Port device team_slave_0 removed [ 499.438473][ T8067] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor.4 (8067) [ 499.574015][ T8067] BTRFS info (device loop4): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 499.592237][ T8067] BTRFS info (device loop4): using sha256 (sha256-generic) checksum algorithm [ 499.614336][ T8067] BTRFS info (device loop4): using free-space-tree [ 499.932811][ T7964] veth0_macvtap: entered promiscuous mode [ 499.957000][ T7964] veth1_macvtap: entered promiscuous mode [ 500.133711][ T50] Bluetooth: hci2: command tx timeout [ 500.272256][ T7964] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 500.283143][ T7964] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 500.293552][ T7964] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 500.304628][ T7964] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 500.314749][ T7964] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 500.325748][ T7964] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 500.342288][ T7964] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 500.401845][ T7964] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 500.413048][ T7964] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 500.423232][ T7964] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 500.434328][ T7964] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 500.445621][ T7964] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 500.456890][ T7964] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 500.472148][ T7964] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 500.720673][ T7964] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 500.730920][ T7964] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 500.740122][ T7964] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 500.752556][ T7964] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 500.838767][ T8064] chnl_net:caif_netlink_parms(): no params data found [ 501.580130][ T992] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 501.588363][ T992] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 501.615003][ T7803] BTRFS info (device loop4): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 501.844913][ T992] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 501.853192][ T992] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 502.202922][ T50] Bluetooth: hci2: command tx timeout [ 502.388024][ T5082] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 502.402234][ T5082] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 502.430337][ T5082] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 502.457933][ T5082] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 502.496017][ T5082] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 502.537912][ T5082] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 502.708068][ T8064] bridge0: port 1(bridge_slave_0) entered blocking state [ 502.715986][ T8064] bridge0: port 1(bridge_slave_0) entered disabled state [ 502.723860][ T8064] bridge_slave_0: entered allmulticast mode [ 502.733136][ T8064] bridge_slave_0: entered promiscuous mode [ 502.903889][ T8064] bridge0: port 2(bridge_slave_1) entered blocking state [ 502.911819][ T8064] bridge0: port 2(bridge_slave_1) entered disabled state [ 502.916831][ T29] audit: type=1326 audit(1717044465.851:255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8100 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fafc7e7cee9 code=0x7ffc0000 [ 502.919564][ T8064] bridge_slave_1: entered allmulticast mode [ 502.942628][ T29] audit: type=1326 audit(1717044465.851:256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8100 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fafc7e7cee9 code=0x7ffc0000 [ 502.950990][ T8064] bridge_slave_1: entered promiscuous mode [ 503.154216][ T29] audit: type=1326 audit(1717044465.941:257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8100 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=33 compat=0 ip=0x7fafc7e7cee9 code=0x7ffc0000 [ 503.177551][ T29] audit: type=1326 audit(1717044465.941:258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8100 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fafc7e7cee9 code=0x7ffc0000 [ 503.201230][ T29] audit: type=1326 audit(1717044465.941:259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8100 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=72 compat=0 ip=0x7fafc7e7cee9 code=0x7ffc0000 [ 503.227471][ T29] audit: type=1326 audit(1717044465.941:260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8100 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fafc7e7cee9 code=0x7ffc0000 [ 503.252107][ T29] audit: type=1326 audit(1717044466.021:261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8100 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fafc7e7cee9 code=0x7ffc0000 [ 503.278419][ T29] audit: type=1326 audit(1717044466.031:262): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8100 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fafc7e7cee9 code=0x7ffc0000 [ 503.301768][ T29] audit: type=1326 audit(1717044466.051:263): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8100 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fafc7e7cee9 code=0x7ffc0000 [ 503.327292][ T29] audit: type=1326 audit(1717044466.051:264): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8100 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fafc7e7cee9 code=0x7ffc0000 [ 503.544785][ T8064] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 503.646247][ T8064] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 503.910877][ T8064] team0: Port device team_slave_0 added [ 504.009568][ T8064] team0: Port device team_slave_1 added [ 504.257629][ T8064] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 504.265293][ T8064] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 504.291816][ T8064] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 504.309531][ T5082] Bluetooth: hci2: command tx timeout [ 504.339381][ T8101] chnl_net:caif_netlink_parms(): no params data found [ 504.363059][ T8064] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 504.370236][ T8064] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 504.396706][ T8064] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 504.571703][ T787] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 504.601744][ T5082] Bluetooth: hci4: command tx timeout [ 504.827765][ T7599] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 504.873486][ T8064] hsr_slave_0: entered promiscuous mode [ 504.913217][ T8064] hsr_slave_1: entered promiscuous mode [ 504.925979][ T8064] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 504.934207][ T8064] Cannot create hsr debugfs directory [ 504.975488][ T7599] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 504.992521][ T787] usb 1-1: config 220 has too many interfaces: 184, using maximum allowed: 32 [ 505.002273][ T787] usb 1-1: config 220 has 1 interface, different from the descriptor's value: 184 [ 505.012339][ T787] usb 1-1: New USB device found, idVendor=0c45, idProduct=8008, bcdDevice=e1.85 [ 505.021889][ T787] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 505.142952][ T787] gspca_main: sn9c2028-2.14.0 probing 0c45:8008 [ 505.173545][ T7599] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 505.230463][ T8121] loop4: detected capacity change from 0 to 1024 [ 505.376840][ T8114] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 505.386023][ T8114] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 505.409890][ T7599] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 505.498591][ T787] gspca_sn9c2028: read1 error -32 [ 505.602700][ T787] gspca_sn9c2028: read1 error -32 [ 505.806513][ T8101] bridge0: port 1(bridge_slave_0) entered blocking state [ 505.814611][ T8101] bridge0: port 1(bridge_slave_0) entered disabled state [ 505.822629][ T8101] bridge_slave_0: entered allmulticast mode [ 505.832054][ T8101] bridge_slave_0: entered promiscuous mode [ 505.876038][ T7599] bridge_slave_1: left allmulticast mode [ 505.884583][ T7599] bridge_slave_1: left promiscuous mode [ 505.893223][ T7599] bridge0: port 2(bridge_slave_1) entered disabled state [ 505.915952][ T4552] usb 1-1: USB disconnect, device number 17 [ 505.939124][ T8121] EXT4-fs: Ignoring removed orlov option [ 505.954462][ T7599] bridge_slave_0: left allmulticast mode [ 505.957845][ T8121] EXT4-fs (loop4): Test dummy encryption mode enabled [ 505.960706][ T7599] bridge_slave_0: left promiscuous mode [ 505.981623][ T7599] bridge0: port 1(bridge_slave_0) entered disabled state [ 505.991816][ T8121] EXT4-fs (loop4): stripe (7) is not aligned with cluster size (16), stripe is disabled [ 506.182595][ T8121] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 506.242252][ T8121] fscrypt: AES-256-CBC-CTS using implementation "cts(cbc(ecb(aes-fixed-time)))" [ 506.367303][ T5082] Bluetooth: hci2: command tx timeout [ 506.462889][ T7599] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 506.486310][ T7599] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 506.506244][ T7599] bond0 (unregistering): Released all slaves [ 506.566551][ T5136] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 506.655015][ T8101] bridge0: port 2(bridge_slave_1) entered blocking state [ 506.662909][ T8101] bridge0: port 2(bridge_slave_1) entered disabled state [ 506.670684][ T8101] bridge_slave_1: entered allmulticast mode [ 506.680239][ T8101] bridge_slave_1: entered promiscuous mode [ 506.704258][ T5082] Bluetooth: hci4: command tx timeout [ 506.913751][ T5136] usb 5-1: Using ep0 maxpacket: 32 [ 507.028891][ T8101] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 507.033279][ T5136] usb 5-1: config index 0 descriptor too short (expected 35577, got 27) [ 507.047524][ T5136] usb 5-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 507.055948][ T8101] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 507.057044][ T5136] usb 5-1: config 1 has an invalid interface number: 196 but max is 91 [ 507.075204][ T5136] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 507.088790][ T5136] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 507.102555][ T5136] usb 5-1: config 1 has no interface number 0 [ 507.108963][ T5136] usb 5-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 507.119378][ T5136] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 507.460390][ T8101] team0: Port device team_slave_0 added [ 507.519147][ T8101] team0: Port device team_slave_1 added [ 507.626951][ T8121] overlayfs: failed to resolve './file1': -2 [ 507.688291][ T7599] hsr_slave_0: left promiscuous mode [ 507.701602][ T7599] hsr_slave_1: left promiscuous mode [ 507.738509][ T7599] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 507.746682][ T7599] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 507.770697][ T7599] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 507.778699][ T7599] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 507.863468][ T7599] veth1_macvtap: left promiscuous mode [ 507.869333][ T7599] veth0_macvtap: left promiscuous mode [ 507.875410][ T7599] veth1_vlan: left promiscuous mode [ 507.880970][ T7599] veth0_vlan: left promiscuous mode [ 508.290540][ T787] usb 5-1: USB disconnect, device number 9 [ 508.498890][ T7599] team0 (unregistering): Port device team_slave_1 removed [ 508.529942][ T7599] team0 (unregistering): Port device team_slave_0 removed [ 508.761798][ T5082] Bluetooth: hci4: command tx timeout [ 509.117878][ T8101] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 509.125193][ T8101] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 509.154347][ T8101] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 509.164846][ T7803] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 509.201140][ T5128] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 509.209295][ T5128] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 509.317496][ T8101] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 509.326834][ T8101] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 509.354625][ T8101] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 509.391583][ T5136] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 509.399646][ T5136] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 509.427118][ T8064] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 509.476718][ T8064] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 509.566094][ T8064] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 509.737763][ T8064] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 509.893540][ T8101] hsr_slave_0: entered promiscuous mode [ 509.934451][ T8101] hsr_slave_1: entered promiscuous mode [ 509.981840][ T8101] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 509.990184][ T8101] Cannot create hsr debugfs directory [ 510.448479][ T8149] netlink: 'syz-executor.0': attribute type 9 has an invalid length. [ 510.566162][ T8151] loop4: detected capacity change from 0 to 512 [ 510.775275][ T8151] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -13 [ 510.799354][ T8151] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #13: comm syz-executor.4: invalid indirect mapped block 2683928664 (level 1) [ 510.848327][ T5082] Bluetooth: hci4: command tx timeout [ 510.880103][ T8151] EXT4-fs (loop4): Remounting filesystem read-only [ 510.970689][ T8151] EXT4-fs (loop4): 1 truncate cleaned up [ 510.977819][ T8151] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 511.307369][ T8064] 8021q: adding VLAN 0 to HW filter on device bond0 [ 511.450423][ T8101] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 511.483960][ T8101] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 511.530717][ T8101] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 511.609240][ T8064] 8021q: adding VLAN 0 to HW filter on device team0 [ 511.618464][ T8101] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 511.715910][ T4552] bridge0: port 1(bridge_slave_0) entered blocking state [ 511.723768][ T4552] bridge0: port 1(bridge_slave_0) entered forwarding state [ 511.800475][ T4552] bridge0: port 2(bridge_slave_1) entered blocking state [ 511.808321][ T4552] bridge0: port 2(bridge_slave_1) entered forwarding state [ 511.956696][ T8160] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 512.225107][ T8162] netlink: 120 bytes leftover after parsing attributes in process `syz-executor.0'. [ 512.276931][ T7803] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 512.365747][ T8160] netlink: 120 bytes leftover after parsing attributes in process `syz-executor.0'. [ 512.470102][ T8064] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 512.481139][ T8064] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 512.795632][ T8163] loop1: detected capacity change from 0 to 32768 [ 512.948921][ T8163] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor.1 (8163) [ 512.979745][ T8163] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 512.990835][ T8163] BTRFS info (device loop1): using sha256 (sha256-generic) checksum algorithm [ 513.002465][ T8163] BTRFS info (device loop1): using free-space-tree [ 513.420810][ T29] kauditd_printk_skb: 8 callbacks suppressed [ 513.420889][ T29] audit: type=1800 audit(1717044476.313:273): pid=8163 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="loop1" ino=263 res=0 errno=0 [ 513.450403][ T29] audit: type=1800 audit(1717044476.313:274): pid=8163 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="loop1" ino=263 res=0 errno=0 [ 513.687478][ T8101] 8021q: adding VLAN 0 to HW filter on device bond0 [ 513.802407][ T5082] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 513.898906][ T8101] 8021q: adding VLAN 0 to HW filter on device team0 [ 514.033971][ T7599] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 514.156317][ T7964] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 514.192317][ T7599] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 514.264762][ T4552] bridge0: port 1(bridge_slave_0) entered blocking state [ 514.272653][ T4552] bridge0: port 1(bridge_slave_0) entered forwarding state [ 514.399145][ T7599] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 514.461517][ T4552] bridge0: port 2(bridge_slave_1) entered blocking state [ 514.469256][ T4552] bridge0: port 2(bridge_slave_1) entered forwarding state [ 514.573000][ T7599] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 514.907264][ T8064] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 515.048450][ T7599] bridge_slave_1: left allmulticast mode [ 515.054731][ T7599] bridge_slave_1: left promiscuous mode [ 515.061307][ T7599] bridge0: port 2(bridge_slave_1) entered disabled state [ 515.124676][ T7599] bridge_slave_0: left allmulticast mode [ 515.130590][ T7599] bridge_slave_0: left promiscuous mode [ 515.137522][ T7599] bridge0: port 1(bridge_slave_0) entered disabled state [ 516.154093][ T7599] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 516.254513][ T7599] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 516.319416][ T7599] bond0 (unregistering): Released all slaves [ 516.465127][ T5082] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 516.475386][ T5082] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 516.485939][ T5082] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 516.527352][ T8186] loop0: detected capacity change from 0 to 32768 [ 516.544359][ T5082] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 516.555995][ T5082] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 516.570846][ T5082] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 516.646520][ T8186] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor.0 (8186) [ 516.706235][ T8186] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 516.716981][ T8186] BTRFS info (device loop0): using sha256 (sha256-generic) checksum algorithm [ 516.734650][ T8186] BTRFS info (device loop0): using free-space-tree [ 517.445414][ T8064] veth0_vlan: entered promiscuous mode [ 517.541272][ T7599] hsr_slave_0: left promiscuous mode [ 517.579025][ T7599] hsr_slave_1: left promiscuous mode [ 517.608714][ T7599] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 517.616737][ T7599] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 517.655341][ T7599] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 517.664919][ T7599] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 517.681297][ T7599] veth1_macvtap: left promiscuous mode [ 517.687915][ T7599] veth0_macvtap: left promiscuous mode [ 517.694034][ T7599] veth1_vlan: left promiscuous mode [ 517.699928][ T7599] veth0_vlan: left promiscuous mode [ 517.782106][ T7893] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 518.552822][ T7599] team0 (unregistering): Port device team_slave_1 removed [ 518.590771][ T7599] team0 (unregistering): Port device team_slave_0 removed [ 518.683824][ T50] Bluetooth: hci3: command tx timeout [ 518.861331][ T5130] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 519.142777][ T8064] veth1_vlan: entered promiscuous mode [ 519.378749][ T8101] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 519.422661][ T5130] usb 2-1: config 220 has too many interfaces: 184, using maximum allowed: 32 [ 519.432782][ T5130] usb 2-1: config 220 has 1 interface, different from the descriptor's value: 184 [ 519.442469][ T5130] usb 2-1: New USB device found, idVendor=0c45, idProduct=8008, bcdDevice=e1.85 [ 519.452001][ T5130] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 519.599045][ T5130] gspca_main: sn9c2028-2.14.0 probing 0c45:8008 [ 519.649467][ T8064] veth0_macvtap: entered promiscuous mode [ 519.735260][ T8187] chnl_net:caif_netlink_parms(): no params data found [ 519.785290][ T8215] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 519.797057][ T8215] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 519.821778][ T8064] veth1_macvtap: entered promiscuous mode [ 519.899387][ T8101] veth0_vlan: entered promiscuous mode [ 519.957525][ T5130] gspca_sn9c2028: read1 error -32 [ 520.009432][ T5130] gspca_sn9c2028: read1 error -32 [ 520.118361][ T8101] veth1_vlan: entered promiscuous mode [ 520.151303][ T8064] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 520.163726][ T8064] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 520.174013][ T8064] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 520.184866][ T8064] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 520.201246][ T8064] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 520.284595][ T5119] usb 2-1: USB disconnect, device number 7 [ 520.368746][ T8101] veth0_macvtap: entered promiscuous mode [ 520.395202][ T8064] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 520.407885][ T8064] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 520.418422][ T8064] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 520.430336][ T8064] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 520.445495][ T8064] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 520.473660][ T8101] veth1_macvtap: entered promiscuous mode [ 520.538619][ T8064] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 520.547804][ T8064] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 520.557028][ T8064] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 520.566161][ T8064] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 520.749475][ T8101] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 520.760446][ T8101] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 520.770650][ T50] Bluetooth: hci3: command tx timeout [ 520.777781][ T8101] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 520.789610][ T8101] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 520.799836][ T8101] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 520.810692][ T8101] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 520.827046][ T8101] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 521.066284][ T8101] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 521.077364][ T8101] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 521.089213][ T8101] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 521.100119][ T8101] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 521.111621][ T8101] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 521.123438][ T8101] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 521.138691][ T8101] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 521.445318][ T8101] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 521.454558][ T8101] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 521.463743][ T8101] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 521.473148][ T8101] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 521.505616][ T8187] bridge0: port 1(bridge_slave_0) entered blocking state [ 521.513439][ T8187] bridge0: port 1(bridge_slave_0) entered disabled state [ 521.521200][ T8187] bridge_slave_0: entered allmulticast mode [ 521.531887][ T8187] bridge_slave_0: entered promiscuous mode [ 521.610434][ T8187] bridge0: port 2(bridge_slave_1) entered blocking state [ 521.618276][ T8187] bridge0: port 2(bridge_slave_1) entered disabled state [ 521.626359][ T8187] bridge_slave_1: entered allmulticast mode [ 521.637250][ T8187] bridge_slave_1: entered promiscuous mode [ 521.912348][ T8187] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 522.030656][ T8187] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 522.414231][ T8187] team0: Port device team_slave_0 added [ 522.538118][ T8187] team0: Port device team_slave_1 added [ 522.833565][ T8187] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 522.840750][ T8187] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 522.868614][ T8187] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 522.874808][ T50] Bluetooth: hci3: command tx timeout [ 522.901000][ T8187] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 522.911967][ T8187] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 522.939246][ T8187] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 523.123219][ T8187] hsr_slave_0: entered promiscuous mode [ 523.138800][ T8187] hsr_slave_1: entered promiscuous mode [ 523.149555][ T8187] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 523.157876][ T8187] Cannot create hsr debugfs directory [ 524.499624][ T8187] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 524.538269][ T8187] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 524.592938][ T8187] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 524.652866][ T8187] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 524.926024][ T50] Bluetooth: hci3: command tx timeout [ 524.951805][ T8263] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.0'. [ 526.089074][ T8187] 8021q: adding VLAN 0 to HW filter on device bond0 [ 526.094053][ T8267] loop1: detected capacity change from 0 to 32768 [ 526.193202][ T8267] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor.1 (8267) [ 526.235995][ T8187] 8021q: adding VLAN 0 to HW filter on device team0 [ 526.255320][ T8267] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 526.267464][ T8267] BTRFS info (device loop1): using sha256 (sha256-generic) checksum algorithm [ 526.278990][ T8267] BTRFS info (device loop1): using free-space-tree [ 526.324661][ T1220] ieee802154 phy0 wpan0: encryption failed: -22 [ 526.331787][ T1220] ieee802154 phy1 wpan1: encryption failed: -22 [ 526.555254][ T4552] bridge0: port 1(bridge_slave_0) entered blocking state [ 526.563109][ T4552] bridge0: port 1(bridge_slave_0) entered forwarding state [ 526.668088][ T5128] bridge0: port 2(bridge_slave_1) entered blocking state [ 526.675928][ T5128] bridge0: port 2(bridge_slave_1) entered forwarding state [ 526.745342][ T29] audit: type=1800 audit(1717044489.673:275): pid=8267 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="loop1" ino=263 res=0 errno=0 [ 526.767933][ T29] audit: type=1800 audit(1717044489.683:276): pid=8267 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="loop1" ino=263 res=0 errno=0 [ 527.091809][ T8187] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 527.520343][ T3420] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 527.528790][ T3420] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 527.531139][ T7964] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 527.725591][ T5119] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 527.733893][ T5119] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 528.423156][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 528.431230][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 528.631189][ T992] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 528.639388][ T992] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 528.763024][ T8187] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 529.898240][ T8309] loop0: detected capacity change from 0 to 32768 [ 529.980030][ T8309] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor.0 (8309) [ 530.019229][ T8309] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 530.033747][ T8309] BTRFS info (device loop0): using sha256 (sha256-generic) checksum algorithm [ 530.046508][ T8309] BTRFS info (device loop0): using free-space-tree [ 530.776712][ T29] audit: type=1804 audit(1717044493.683:277): pid=8334 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir3623999246/syzkaller.EdIep0/12/bus/cgroup.controllers" dev="loop0" ino=263 res=1 errno=0 [ 531.248110][ T7893] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 531.249355][ T8187] veth0_vlan: entered promiscuous mode [ 531.386380][ T8187] veth1_vlan: entered promiscuous mode [ 531.685114][ T8187] veth0_macvtap: entered promiscuous mode [ 531.753629][ T8187] veth1_macvtap: entered promiscuous mode [ 531.889784][ T8187] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 531.902871][ T8187] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 531.913505][ T8187] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 531.924243][ T8187] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 531.937096][ T8187] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 531.947947][ T8187] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 531.958862][ T8187] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 531.969624][ T8187] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 531.990069][ T8187] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 532.160033][ T8187] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 532.170958][ T8187] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 532.185288][ T8187] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 532.197199][ T8187] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 532.209474][ T8187] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 532.222063][ T8187] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 532.232338][ T8187] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 532.243149][ T8187] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 532.258344][ T8187] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 532.519235][ T8187] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 532.528514][ T8187] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 532.537929][ T8187] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 532.547183][ T8187] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 535.277489][ T8356] loop0: detected capacity change from 0 to 2048 [ 535.479834][ T8360] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 535.684135][ T8362] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. [ 536.088722][ T8364] loop2: detected capacity change from 0 to 4096 [ 538.104295][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 538.112685][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 538.474848][ T3420] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 538.483134][ T3420] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 538.746697][ T8381] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 539.600021][ T8386] loop4: detected capacity change from 0 to 2048 [ 539.698348][ T8386] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 541.438707][ T8402] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 541.587751][ T8405] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.2'. [ 541.632733][ T8397] kvm: kvm [8396]: vcpu0, guest rIP: 0x20e Unhandled WRMSR(0x11e) = 0x800 [ 542.510375][ T8391] loop1: detected capacity change from 0 to 40427 [ 542.635245][ T8391] F2FS-fs (loop1): invalid crc value [ 542.716598][ T8391] F2FS-fs (loop1): Found nat_bits in checkpoint [ 543.325173][ T8419] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 543.335323][ T8419] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 543.441912][ T5170] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 543.823300][ T5170] usb 5-1: New USB device found, idVendor=1d50, idProduct=6089, bcdDevice=d0.1d [ 543.832842][ T5170] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 543.883913][ T5170] usb 5-1: config 0 descriptor?? [ 544.378653][ T5170] hackrf 5-1:0.0: Board ID: 00 [ 544.385073][ T5170] hackrf 5-1:0.0: Firmware version: [ 544.419954][ T5170] hackrf 5-1:0.0: Registered as swradio16 [ 544.449861][ T5170] hackrf 5-1:0.0: Registered as swradio17 [ 544.456357][ T5170] hackrf 5-1:0.0: SDR API is still slightly experimental and functionality changes may follow [ 544.654648][ T5170] usb 5-1: USB disconnect, device number 10 [ 545.497542][ T779] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 545.862948][ T779] usb 2-1: New USB device found, idVendor=0582, idProduct=00c4, bcdDevice=ac.5f [ 545.872596][ T779] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 545.894272][ T779] usb 2-1: config 0 descriptor?? [ 546.011865][ T5170] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 546.131033][ T8435] binder_alloc: 8434: binder_alloc_buf size -552 failed, no address space [ 546.145559][ T8435] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192) [ 546.160877][ T8435] binder: 8434:8435 ioctl c0306201 20000380 returned -14 [ 546.272652][ T5170] usb 3-1: Using ep0 maxpacket: 8 [ 546.361943][ T779] usb 2-1: USB disconnect, device number 8 [ 546.432199][ T5170] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 546.443661][ T5170] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 546.453952][ T5170] usb 3-1: New USB device found, idVendor=04d8, idProduct=f372, bcdDevice= 0.00 [ 546.463420][ T5170] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 546.515086][ T5170] usb 3-1: config 0 descriptor?? [ 546.962606][ T8438] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.4'. [ 547.094109][ T5170] hid-led 0003:04D8:F372.0002: hidraw0: USB HID v0.00 Device [HID 04d8:f372] on usb-dummy_hcd.2-1/input0 [ 547.141236][ T5170] hid-led 0003:04D8:F372.0002: Greynut Luxafor initialized [ 547.219589][ T5170] usb 3-1: USB disconnect, device number 6 [ 547.263583][ T779] leds luxafor0:blue:led5: Setting an LED's brightness failed (-38) [ 547.303809][ T779] leds luxafor0:green:led5: Setting an LED's brightness failed (-38) [ 547.323873][ T779] leds luxafor0:red:led5: Setting an LED's brightness failed (-38) [ 547.365818][ T779] leds luxafor0:blue:led4: Setting an LED's brightness failed (-38) [ 547.410039][ T779] leds luxafor0:green:led4: Setting an LED's brightness failed (-38) [ 547.455221][ T779] leds luxafor0:red:led4: Setting an LED's brightness failed (-38) [ 547.524853][ T779] leds luxafor0:blue:led3: Setting an LED's brightness failed (-38) [ 547.560935][ T779] leds luxafor0:green:led3: Setting an LED's brightness failed (-38) [ 547.588757][ T779] leds luxafor0:red:led3: Setting an LED's brightness failed (-38) [ 547.634477][ T779] leds luxafor0:blue:led2: Setting an LED's brightness failed (-38) [ 547.687544][ T779] leds luxafor0:green:led2: Setting an LED's brightness failed (-38) [ 547.707547][ T779] leds luxafor0:red:led2: Setting an LED's brightness failed (-38) [ 547.763090][ T779] leds luxafor0:blue:led1: Setting an LED's brightness failed (-38) [ 547.813356][ T779] leds luxafor0:green:led1: Setting an LED's brightness failed (-38) [ 547.832945][ T779] leds luxafor0:red:led1: Setting an LED's brightness failed (-38) [ 547.876769][ T779] leds luxafor0:blue:led0: Setting an LED's brightness failed (-38) [ 547.914721][ T779] leds luxafor0:green:led0: Setting an LED's brightness failed (-38) [ 547.929852][ T779] leds luxafor0:red:led0: Setting an LED's brightness failed (-38) [ 548.760681][ T8442] kvm: kvm [8440]: vcpu0, guest rIP: 0x20e Unhandled WRMSR(0x11e) = 0x800 [ 549.251619][ T29] audit: type=1326 audit(1717044512.163:278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8448 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1b947cee9 code=0x7ffc0000 [ 549.275266][ T29] audit: type=1326 audit(1717044512.173:279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8448 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1b947cee9 code=0x7ffc0000 [ 549.301660][ T29] audit: type=1326 audit(1717044512.183:280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8448 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=123 compat=0 ip=0x7fe1b947cee9 code=0x7ffc0000 [ 549.309664][ T8449] loop3: detected capacity change from 0 to 2048 [ 549.332258][ T29] audit: type=1326 audit(1717044512.183:281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8448 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1b947cee9 code=0x7ffc0000 [ 549.358851][ T29] audit: type=1326 audit(1717044512.183:282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8448 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1b947cee9 code=0x7ffc0000 [ 549.551306][ T8449] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024) [ 549.716704][ T8451] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 549.728303][ T8449] syz-executor.3: attempt to access beyond end of device [ 549.728303][ T8449] loop3: rw=524288, sector=33554430, nr_sectors = 2 limit=2048 [ 549.815697][ T8449] syz-executor.3: attempt to access beyond end of device [ 549.815697][ T8449] loop3: rw=0, sector=33554430, nr_sectors = 2 limit=2048 [ 549.830353][ T8449] NILFS (loop3): I/O error reading meta-data file (ino=6, block-offset=3) [ 549.839734][ T8449] NILFS (loop3): error -5 reading inode: ino=12 [ 551.862649][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 552.032441][ T8464] loop1: detected capacity change from 0 to 2048 [ 552.140214][ T8464] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 552.693889][ T8473] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 552.703869][ T8473] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 553.925503][ T8482] kvm: kvm [8480]: vcpu0, guest rIP: 0x20e Unhandled WRMSR(0x11e) = 0x800 [ 556.204010][ T8512] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 556.213637][ T8512] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 557.506407][ T8526] kvm: kvm [8522]: vcpu0, guest rIP: 0x20e Unhandled WRMSR(0x11e) = 0x800 [ 557.876881][ T8530] kvm: kvm [8529]: vcpu0, guest rIP: 0x20e Unhandled WRMSR(0x11e) = 0x800 [ 558.028936][ T8538] loop0: detected capacity change from 0 to 128 [ 558.130330][ T8538] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256 [ 558.177254][ T8539] loop1: detected capacity change from 0 to 128 [ 558.239323][ T8538] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 559.380447][ T8549] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 559.390361][ T8549] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 559.430460][ T8548] syz-executor.1[8548] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 559.442110][ T8548] syz-executor.1[8548] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 561.727348][ T8552] process 'syz-executor.3' launched './file1' with NULL argv: empty string added [ 562.971591][ T8575] loop2: detected capacity change from 0 to 128 [ 564.906200][ T8580] kvm: kvm [8577]: vcpu0, guest rIP: 0x20e Unhandled WRMSR(0x11e) = 0x800 [ 565.556724][ T8589] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 565.570377][ T8589] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 566.136041][ T8591] syz-executor.0[8591] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 566.136595][ T8591] syz-executor.0[8591] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 567.579005][ T8610] loop0: detected capacity change from 0 to 512 [ 567.769164][ T8610] EXT4-fs (loop0): blocks per group (95) and clusters per group (32768) inconsistent [ 568.811771][ T8623] loop2: detected capacity change from 0 to 128 [ 569.950581][ T8638] syz-executor.1[8638] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 569.951132][ T8638] syz-executor.1[8638] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 570.074122][ T8642] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 570.095844][ T8642] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 571.718164][ T8640] loop2: detected capacity change from 0 to 32768 [ 571.942956][ T8640] bcachefs (loop2): mounting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=crc64,str_hash=crc64,nojournal_transaction_names [ 571.959093][ T8640] bcachefs (loop2): recovering from clean shutdown, journal seq 8 [ 572.128657][ T8640] bcachefs (loop2): alloc_read... done [ 572.135455][ T8640] bcachefs (loop2): stripes_read... done [ 572.151104][ T8640] bcachefs (loop2): snapshots_read... done [ 572.257001][ T8640] bcachefs (loop2): journal_replay... done [ 572.264535][ T8640] bcachefs (loop2): resume_logged_ops... done [ 572.282783][ T8640] bcachefs (loop2): going read-write [ 572.305436][ T8640] bcachefs (loop2): done starting filesystem [ 572.407623][ T8665] ===================================================== [ 572.415110][ T8665] BUG: KMSAN: uninit-value in bch2_dirent_invalid+0x1ea/0xa30 [ 572.422999][ T8665] bch2_dirent_invalid+0x1ea/0xa30 [ 572.434365][ T8665] bch2_bkey_val_invalid+0x24f/0x380 [ 572.439868][ T8665] validate_bset_keys+0x12d8/0x25d0 [ 572.445411][ T8665] validate_bset_for_write+0x1dd/0x340 [ 572.451061][ T8665] __bch2_btree_node_write+0x5383/0x67c0 [ 572.457045][ T8665] bch2_btree_node_write+0xa5/0x2e0 [ 572.462524][ T8665] __btree_node_flush+0x4d0/0x640 [ 572.467720][ T8665] bch2_btree_node_flush0+0x35/0x60 [ 572.473191][ T8665] journal_flush_pins+0xce6/0x1780 [ 572.478465][ T8665] __bch2_journal_reclaim+0xd88/0x1610 [ 572.484269][ T8665] bch2_journal_reclaim_thread+0x18e/0x760 [ 572.490245][ T8665] kthread+0x3e2/0x540 [ 572.494602][ T8665] ret_from_fork+0x6d/0x90 [ 572.499180][ T8665] ret_from_fork_asm+0x1a/0x30 [ 572.504211][ T8665] [ 572.506612][ T8665] Uninit was stored to memory at: [ 572.512075][ T8665] bch2_sort_keys+0x1b4d/0x2cb0 [ 572.517140][ T8665] __bch2_btree_node_write+0x3acd/0x67c0 [ 572.523183][ T8665] bch2_btree_node_write+0xa5/0x2e0 [ 572.533691][ T8665] __btree_node_flush+0x4d0/0x640 [ 572.538921][ T8665] bch2_btree_node_flush0+0x35/0x60 [ 572.545542][ T8665] journal_flush_pins+0xce6/0x1780 [ 572.550831][ T8665] __bch2_journal_reclaim+0xd88/0x1610 [ 572.556554][ T8665] bch2_journal_reclaim_thread+0x18e/0x760 [ 572.562647][ T8665] kthread+0x3e2/0x540 [ 572.566896][ T8665] ret_from_fork+0x6d/0x90 [ 572.571550][ T8665] ret_from_fork_asm+0x1a/0x30 [ 572.576500][ T8665] [ 572.578903][ T8665] Uninit was created at: [ 572.583468][ T8665] __kmalloc_large_node+0x231/0x370 [ 572.588816][ T8665] __kmalloc_node+0xb10/0x10c0 [ 572.593814][ T8665] kvmalloc_node+0xc0/0x2d0 [ 572.598469][ T8665] bch2_btree_node_read_done+0x4e68/0x75e0 [ 572.605454][ T8665] btree_node_read_work+0x8a5/0x1eb0 [ 572.610987][ T8665] bch2_btree_node_read+0x3d42/0x4b50 [ 572.616722][ T8665] bch2_btree_root_read+0xa6c/0x13d0 [ 572.622380][ T8665] read_btree_roots+0x454/0xee0 [ 572.627403][ T8665] bch2_fs_recovery+0x7b6a/0x93e0 [ 572.637114][ T8665] bch2_fs_start+0x7b2/0xbd0 [ 572.643005][ T8665] bch2_fs_open+0x152a/0x15f0 [ 572.647881][ T8665] bch2_mount+0x90d/0x1d90 [ 572.652605][ T8665] legacy_get_tree+0x114/0x290 [ 572.657549][ T8665] vfs_get_tree+0xa7/0x570 [ 572.662264][ T8665] do_new_mount+0x71f/0x15e0 [ 572.667033][ T8665] path_mount+0x742/0x1f20 [ 572.671732][ T8665] __se_sys_mount+0x725/0x810 [ 572.676586][ T8665] __x64_sys_mount+0xe4/0x150 [ 572.681550][ T8665] x64_sys_call+0x2bf4/0x3b50 [ 572.686412][ T8665] do_syscall_64+0xcf/0x1e0 [ 572.691097][ T8665] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 572.697522][ T8665] [ 572.699943][ T8665] CPU: 0 PID: 8665 Comm: bch-reclaim/loo Not tainted 6.9.0-syzkaller-02707-g614da38e2f7a #0 [ 572.710276][ T8665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 572.720540][ T8665] ===================================================== [ 572.727824][ T8665] Disabling lock debugging due to kernel taint [ 572.738428][ T8665] Kernel panic - not syncing: kmsan.panic set ... [ 572.744945][ T8665] CPU: 0 PID: 8665 Comm: bch-reclaim/loo Tainted: G B 6.9.0-syzkaller-02707-g614da38e2f7a #0 [ 572.756615][ T8665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 572.766770][ T8665] Call Trace: [ 572.770125][ T8665] [ 572.773127][ T8665] dump_stack_lvl+0x216/0x2d0 [ 572.777957][ T8665] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 572.783904][ T8665] dump_stack+0x1e/0x30 [ 572.788201][ T8665] panic+0x4e2/0xcd0 [ 572.792239][ T8665] ? kmsan_get_metadata+0xf1/0x1d0 [ 572.797492][ T8665] kmsan_report+0x2d5/0x2e0 [ 572.802118][ T8665] ? kmsan_get_metadata+0x146/0x1d0 [ 572.807450][ T8665] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 572.813387][ T8665] ? __msan_warning+0x95/0x120 [ 572.818263][ T8665] ? bch2_dirent_invalid+0x1ea/0xa30 [ 572.823676][ T8665] ? bch2_bkey_val_invalid+0x24f/0x380 [ 572.829288][ T8665] ? validate_bset_keys+0x12d8/0x25d0 [ 572.834815][ T8665] ? validate_bset_for_write+0x1dd/0x340 [ 572.840598][ T8665] ? __bch2_btree_node_write+0x5383/0x67c0 [ 572.846560][ T8665] ? bch2_btree_node_write+0xa5/0x2e0 [ 572.852081][ T8665] ? __btree_node_flush+0x4d0/0x640 [ 572.857400][ T8665] ? bch2_btree_node_flush0+0x35/0x60 [ 572.862895][ T8665] ? journal_flush_pins+0xce6/0x1780 [ 572.868310][ T8665] ? __bch2_journal_reclaim+0xd88/0x1610 [ 572.874072][ T8665] ? bch2_journal_reclaim_thread+0x18e/0x760 [ 572.880189][ T8665] ? kthread+0x3e2/0x540 [ 572.884569][ T8665] ? ret_from_fork+0x6d/0x90 [ 572.889282][ T8665] ? ret_from_fork_asm+0x1a/0x30 [ 572.894360][ T8665] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 572.900301][ T8665] ? kmsan_get_metadata+0x146/0x1d0 [ 572.905625][ T8665] ? kmsan_get_metadata+0x146/0x1d0 [ 572.910956][ T8665] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 572.916894][ T8665] ? kmsan_get_metadata+0x146/0x1d0 [ 572.922218][ T8665] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 572.928163][ T8665] ? bch2_bkey_ptrs_invalid+0x250d/0x2d40 [ 572.934057][ T8665] ? kmsan_get_metadata+0x146/0x1d0 [ 572.939381][ T8665] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 572.945321][ T8665] __msan_warning+0x95/0x120 [ 572.950021][ T8665] bch2_dirent_invalid+0x1ea/0xa30 [ 572.955260][ T8665] ? kmsan_get_metadata+0x146/0x1d0 [ 572.960587][ T8665] ? __pfx_bch2_dirent_invalid+0x10/0x10 [ 572.966346][ T8665] bch2_bkey_val_invalid+0x24f/0x380 [ 572.971800][ T8665] validate_bset_keys+0x12d8/0x25d0 [ 572.977199][ T8665] validate_bset_for_write+0x1dd/0x340 [ 572.982821][ T8665] __bch2_btree_node_write+0x5383/0x67c0 [ 572.988603][ T8665] ? kmsan_get_metadata+0x146/0x1d0 [ 572.993991][ T8665] bch2_btree_node_write+0xa5/0x2e0 [ 572.999340][ T8665] __btree_node_flush+0x4d0/0x640 [ 573.004491][ T8665] ? __btree_node_flush+0xd1/0x640 [ 573.009728][ T8665] ? __pfx_bch2_btree_node_flush0+0x10/0x10 [ 573.015750][ T8665] bch2_btree_node_flush0+0x35/0x60 [ 573.021077][ T8665] journal_flush_pins+0xce6/0x1780 [ 573.026352][ T8665] __bch2_journal_reclaim+0xd88/0x1610 [ 573.031968][ T8665] ? kmsan_get_metadata+0x146/0x1d0 [ 573.037321][ T8665] bch2_journal_reclaim_thread+0x18e/0x760 [ 573.043284][ T8665] kthread+0x3e2/0x540 [ 573.047493][ T8665] ? __pfx_bch2_journal_reclaim_thread+0x10/0x10 [ 573.053976][ T8665] ? __pfx_kthread+0x10/0x10 [ 573.058707][ T8665] ret_from_fork+0x6d/0x90 [ 573.063244][ T8665] ? __pfx_kthread+0x10/0x10 [ 573.067974][ T8665] ret_from_fork_asm+0x1a/0x30 [ 573.072894][ T8665] [ 574.445958][ T8665] Shutting down cpus with NMI [ 574.451008][ T8665] Kernel Offset: disabled [ 574.455397][ T8665] Rebooting in 86400 seconds..