last executing test programs: 6.685312043s ago: executing program 1: syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000040)='./bus\x00', 0x800002, &(0x7f00000065c0)=ANY=[], 0x1, 0x554d, &(0x7f00000006c0)="$eJzs3EtvG1UUAOA7TtPSJxFiwa4jVUiJVFt12lSwC9CKh0gV8ViwAsd2LLe2J4odJ2SFBEvEgn+CQGLFkt/AgjU7xALEDgnkuWNKKI9WduKk/T5pfGbujM+cO7ISnRnLAXhiLaS//pyES+FsCGEuhHAhCfl6Uiy51RieCyFcDiGU/rIkxfifA6dDCOdCCJdGyWPOpNj1+dXhlZWf3vjlm+/OnDr/xdffz27WwKw9H0LobsX13W6MWSvGu8V4bdjOY/fGsIhxR/desZ3FuNvcyDPs1sbH1fJ4vRWPz7Z2+qO42anVR7HV3szHt3rxhP1ha5wnf8Pd2na+3Whu5LHdz/LY2o917e3Hv237/UHM0yjyfZinD4PBOMbx5l4zzmfrXh7rvUExHvNmjebeKA6LWJwu1LNOI69jY5Irfby92e7t7KXD5na/nfXSlUr1hUr1Zrm6nTWag+aNcq3buHkjXWx1RoeVB81ad7WVZa1Os1LPukvpYqteL1er6eKt5ka71kur1cr1yrXyylKxdjV99c67aaeRLo7iy+3ezul2p59uZttpfMdSuly5/uJSeqWavr22nq6/dfv22vo77996785La6+/Uhz0QFnp4vK15eVy9Vp5ubp0DOY/+r/7kPMfTDL/T4qiH2H+yWSXB/6bDxjAI3ug/w/6f+DwnfT+P0yz/x+1VPr//+9/S5P3/xP1v8e1/z/B84eJ6P8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJ5YP8x/+Vq+shC3zxfjF4uhZ4rtJIRQCiH8/g/mwukDOeeKPPP/cvz832r4Ngl5htE5zhTLuRDCarH89vRhXwUAAAB4fH310eXPYrceXxZmXRBHKd60KV34YEr5khDC/MKPU8pWGr08O6Vk+ef7VNibUrb8BtZTU0oWb7mdmla2hzI3Dh9fvD+YTyiJoXSk5QAAAEdi7kA42i4EAACAo/TprAtgNpIwfpQ5fhacf/P+/qPNswf2AQAAACdQMusCAAAAgEOX9/9+/w8AAAAeb/H3/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4g537S1EbiOMA/ks0av9RKX3vVfqmx+gR+ljoS/UAvYRHsFfoBTyD+7ZHWHQxGYQsBgQnG1Y+H8jEych3ZjQvM4EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPTpodou//359vfWnMPxNnlmAwAAAFyyr7bL+sO8qX9I1z+lS19SvYiIMiIurd1HMWlljlJO1fH96sUY/kfUCac+pul4HxHf0/H0ue9fAQAAAO7Xbr1ZNKv1ppgPPSBeU7NpU378kSmviIhq/pgprTwVXzOF1ff3OH5lSqs3sGaZwpott/HltkmuTtpGrVOayWxV/4l1reynXwAAYEjtlUDHKgQAAIA78HPoATCM4lycnzNOm1N6IPiuVQMAAADeoGLoAQAAAAC9q9f/3v8HAAAA9615/x8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB92lfb5W69WXS1r67MORyv8DsiOpryzQgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4Zn/eUSAEwiAM9q7vTOb+h5UGDY1NqkD4+BuDAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgze/+8n9iapxJ5l4bS88jydqpsXVq7J0bR38YX78GAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICL/XlJgRAIgiiYM/530vc/rCToGUSIgIZHFbVoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPii3/3yf2JqnEnmThtLxyPJ2lVj66qx96Bx9GC8/RsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICLnbvnjaMIAwA8t3t7+QCEMegKAwoSBTTEvoRASihAFgU/AclyzsFwIZC4IJEFcgMVch0hISgRQgKZLv8hNZbShC6FCyNRUQTNfjjrD+AUJbsX+3mk2Xl3vZ59Z+9k+fWsDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoLL1dnghKeM0bqaKuDr2+/bqYuw39/TRzfXbM7HFuLNv5HT37tdvPZoJTK4X6zun+rWdL5tPBgAAgKMhrVXkd7KN+dgnU3n9n1XnxJr/+6eKuKrn99b9m9urx8svzVT1/2+/3n1u50JTxXXioEvLo+Hc/lS6j2iKE+/p/z2jm9/5/G8vaf6CJO+tPbuV5fez882tW+/08vBYE9kCAA/idNWXQfX7UOwHbSYGwJHRrRXeVf2fTrWbEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEATttbCE1XcCSHMdO/H0eb26uJB/c312zNVe+PGjfX6mHGILISwtDwaZg3OZdJdvXb944XRaHil+eBUCKG9q5fBB2OcE8J/n1O+PUN7s/j3oDMZabQaJOXrMyn5PMygeu89/JFb+oEEAMChlZUt1vV3so35eKwzHcK9H3bX/69Ucb84PE79f/fDv+8Viu+t1/+Dxmc6uWZXLn06e/Xa9deWLy1cHF4cfvL6mcGbg7Pnz507Pxvv1dzsUkiGc22nCQAAwGOic8CxXtnq9X8yvX/9/+SeMcap/z/7bvBFefq3cZOq/w90f9Gv7UwAAACOot5O9MxLf/15UO3c6fXC5wsrK1cGxXZn/0yxbTTdB3SsbPX6P51uOysAAACgCVtrnV3r/xdqcRhz/f/JH5//uT5mGkI4EcLlEMLw9OLl0YXmpjPRmvhH5fxCvbZnCgAAQFtOlK2+/p/lz/8nO488JCGEV18u4uqzrsap/9N3v/qpfq368/9nm5viREr6xf3I+34I3X7bGQEAAHCYHS9bLPb/yDbmP/rl5Ps9z/8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANO2fAAAA//8Nujoo") r0 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000001c0)=0x20000008) r1 = open(&(0x7f0000000180)='./bus\x00', 0x14d27e, 0x0) mknod(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000040)='./bus\x00') ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(r1, 0x80489439, &(0x7f0000000080)) 6.606453012s ago: executing program 4: prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1) r0 = socket$igmp(0x2, 0x3, 0x2) getsockopt$MRT(r0, 0x0, 0x53, 0xffffffffffffffff, &(0x7f0000000000)=0xff00) 6.309571075s ago: executing program 4: ioperm(0x0, 0x4, 0x7) io_pgetevents(0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd) 5.485984285s ago: executing program 4: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r0, 0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000200000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000850000000700000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r2}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0) 5.223022417s ago: executing program 4: pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x80000) bind$alg(r1, &(0x7f0000000880)={0x26, 'aead\x00', 0x0, 0x0, 'rfc4543(gcm(aes))\x00'}, 0x58) r2 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000040341a02080000000000010902240001000000000904000002030000000000"], 0x0) syz_usb_control_io$hid(r2, 0x0, 0x0) syz_usb_control_io$hid(r2, &(0x7f0000000500)={0x24, 0x0, 0x0, &(0x7f0000000200)={0x0, 0x22, 0xb, {[@local=@item_4={0x3, 0x2, 0x0, "00000500"}, @local, @local=@item_4={0x3, 0x2, 0x1, "c2ad9929"}]}}, 0x0}, 0x0) syz_usb_connect$uac1(0x2, 0x87, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x75, 0x3, 0x1, 0x0, 0xd0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0xc9, 0x4}, [@extension_unit={0xa, 0x24, 0x8, 0x6, 0x0, 0x2a, "990989"}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x20, 0x16, 0x1, 0xd0, {0x7, 0x25, 0x1, 0x82, 0x3, 0xffff}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_discrete={0xc, 0x24, 0x2, 0x1, 0x80, 0x2, 0x0, 0x80, "eb375863"}]}, {{0x9, 0x5, 0x82, 0x9, 0x20, 0x7, 0x6, 0x0, {0x7, 0x25, 0x1, 0x1, 0x3f, 0x1}}}}}}}]}}, &(0x7f0000000440)={0xa, &(0x7f00000001c0)={0xa, 0x6, 0x300, 0x5, 0x1, 0x0, 0x40, 0x3}, 0x10, &(0x7f0000000240)={0x5, 0xf, 0x10, 0x1, [@wireless={0xb, 0x10, 0x1, 0xc, 0x0, 0x0, 0x65, 0x0, 0x9}]}, 0x5, [{0x4, &(0x7f0000000280)=@lang_id={0x4}}, {0xb4, &(0x7f00000002c0)=@string={0xb4, 0x3, "fd81a614df59639bec7ec61afb0ae706a1a2063fb6b47fcfc02a43614aa40c7c9477ea3004948df0114f0279de188a15d58c1d58278331746bf39efdd1be2a3d7fc29d6365f0887322613780bf93585ad773b0b7700c47dde15bc81aa918656e95739c9cfea7368c4d812d92fa55ee0135bb8e669b79c15158ff41192bf68aaadcd2ce016e44c9450c7053204f51aae66990229442c7beab7fef17131a9c37262eaab167e2925cd7e7a0f61db71f90e3894c"}}, {0x4, &(0x7f0000000380)=@lang_id={0x4, 0x3, 0x436}}, {0x4, &(0x7f00000003c0)=@lang_id={0x4, 0x3, 0x1c0a}}, {0x9, &(0x7f0000000400)=@string={0x9, 0x3, "f142c5d2210ce0"}}]}) close_range(r0, 0xffffffffffffffff, 0x0) 4.998693746s ago: executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)={0x3c, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @crypto_settings=[@NL80211_ATTR_SOCKET_OWNER={0x4}, @NL80211_ATTR_CONTROL_PORT_NO_PREAUTH={0x4}, @NL80211_ATTR_CIPHER_SUITES_PAIRWISE={0x8, 0x49, [0x0]}, @NL80211_ATTR_CONTROL_PORT_OVER_NL80211={0x4}]]}, 0x3c}}, 0x0) 4.252262394s ago: executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) syz_mount_image$msdos(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0x2000c8, &(0x7f00000004c0)={[{@nodots}, {@fat=@nfs}, {@dots}, {@fat=@nocase}, {@fat=@check_normal}, {@fat=@allow_utime}, {@fat=@errors_remount}, {@dots}, {@dots}, {@dots}, {@fat=@discard}, {@dots}, {@fat=@fmask={'fmask', 0x3d, 0x1}}, {@fat=@gid}, {@fat=@sys_immutable}, {@dots}, {@dots}, {@dots}, {@dots}, {@fat=@dos1xfloppy}, {@nodots}, {@dots}]}, 0x1, 0x1bf, &(0x7f0000000300)="$eJzs3TGL02AYB/Cn9bzmnG4TRCHg4nSon+BEThADgtJBJ4XT5SqCt0SX9mP4Af0A0qmLRGrSxkaHWmxS6++39En/edvnHZp26ZNXN99dnL+/fPvl+udIkl70T+M0Zr04jn4sTAIA2CezooivRanrXgCAdqzx/f+t5ZYAgC17/uLlkwdZdvYsTZOI6SQf5sPyscwfPc7O7qY/HNerpnk+vLLM76XN3w7z/Gpcq/L75fp0NT+MO7fLfJ49fJo18kGcb3frAAAAAAAAAAAAAAAAAAAAAADQmVuRLvx2vs/JSTM/qvLy6Kf5QI35PQdx46A6rMcDFeM2NgUAAAAAAAAAAAAAAAAAAAD/mMuPny5ej0ZvPtTFICJWn/mTole98IbL2y76sRNtKP5qke5GG6MNPwWHEbGtxmZFUax1cn2NGHR1cQIAAAAAAAAAAAAAAAAAgP9M/affX7Oki4YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoAP1/f83KMYRscbJyzc76nSrAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7LHvAQAA///DgjXa") ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000000)={'team0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000040)=@newneigh={0x38, 0x1c, 0x413, 0x0, 0x0, {0xa, 0x0, 0x0, r2}, [@NDA_DST_IPV6={0x14, 0x1, @private2}, @NDA_FLAGS_EXT={0x8, 0xf, 0x1}]}, 0x38}}, 0x0) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x6000000, &(0x7f0000000180)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f848100000005e0c0000000000000e000a001400000002800000121f", 0x2e}], 0x1}, 0x0) 4.186382561s ago: executing program 0: madvise(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x17) madvise(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x8) madvise(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x8) 4.18334233s ago: executing program 3: r0 = mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x5d031, 0xffffffffffffffff, 0x0) syz_io_uring_submit(r0, 0x0, 0x0) r1 = syz_open_procfs$pagemap(0xffffffffffffffff, &(0x7f0000000080)) ioctl$PAGEMAP_SCAN(r1, 0xc0606610, &(0x7f0000000100)={0x60, 0x0, &(0x7f00001c9000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000040)=[{}], 0xb3c, 0x0, 0x0, 0x0, 0x0, 0x2}) 4.143226458s ago: executing program 0: r0 = socket(0xa, 0x1, 0x0) close(r0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000020c0)=[@in6={0xa, 0x0, 0x0, @remote, 0x34}]}, &(0x7f0000002100)=0x10) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x85, 0x0, &(0x7f0000003c00)) 4.022909446s ago: executing program 3: syz_mount_image$udf(&(0x7f0000000400), &(0x7f0000000100)='./file0\x00', 0x800c48, &(0x7f00000001c0)=ANY=[], 0x1, 0x4b1, &(0x7f0000001200)="$eJzs201sVNUbx/HfM3c6TIf+/5YXCxgCTTSxgkBfsEBqYnix0YQXLVQj8SWVTrHSdkinKCUgLNWdC5Yu3bpwZdwaEpfGhcEYFibIxs2sxB3m3LlvM5TOjG1nKP1+CJx7zzx3OOc8c+ecM5kRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACQjrx6uLfPWt0KAADQTCdPj/QOMP8DALCmnGH/DwAAsJaYPP0u054LJTvhn5dlj0/OXLo8emx44cvaTaaUPD/e/c329Q/sf2nwwMGwXPz65bZNp06fOdx9tDB9cTZfLObHu0dnJs8VxvN1P8NSr6+2yx+A7ukLl8YnJord/XsHKh6+3Hlv3fquzqHB945mwtjRY8PDpxMx6bb//L8/5FEr/Iw8vSDTx99/ayclpbT0sajx2llp7X4ndvmdGD027HdkanJsZs49aKkgKlU5JplwjJqQiyVJSa5dllmePVubPP0g05F9JTslyQvHYbf/wXBd7WmFtNu6SurRKsjZY2ydPH0g0619nXojGFc//xnpaqsbhxWXDu7/gpXsTf/9wN1P7m3z+Fvdr89MFBKxlgruqNU+PzTTY/7elJWnU/4dX7IR7Wx1c9Bk7fI0LVPmq0/8dYX8delTQwd27DyUXGFsqfE8LnZvcHPVMye3BUsHS7k/y98v1Cdrnv6U6f5vWf+8J5wDpBsPFrvwj6Y0DyvNPE3J9M+1klnVvtRL7O8jq33uX9n2t2ePFi7Oz06e/2huwcdz2cMfFudmx84t/HB57+ola2rtY6ulGtuS5ay84/v801J0XbAH+F/5LG7NN1fj10JPVRlKvn7qOa57F9vAOsq1yczTXZkm3t9anmeUa3hs1gKX/2GZiqWfLcx0kP90+SyR/5fj8ctaZRnxc/v/8uda4Vpi29nNj6pfify7Nrn8vyPTkb+3Bp9plPPvVcW6uC6Z3r25PYhLZVxcOuxO+RknJqfyvS72gUwbfwpj5cfmgthNcWyfiy3K9MWtytj1QezmOLbfxd6W6c6vC8c+HccOuNh5l6873WFszsXuCGK74ti95wpT47WG1eW/X6a3r79mYZ8fmf/E/X+jqow8lPPFj5cr/52JuhtBXs8G+U/XyP+XMs3/tT3stz/24ctqg/9vnH+3Vv7uZmVsuKHcGMf21dutVnP53yDTvVduR30O+hacxhlK5v+ZdGUZjWuL8r8hUdcZtCvT4FisRcX5KxfGpqbysxxwwAEH0UGr35nQDG7+H3Gz+qBn4TommP87ymfxiun+Z/H8P1RVRlo0/29M1A0Fq5a2tJSdm77YtkXKFuev7JmcHjufP5+fGdg/2Nt/aH/vwMG2TLi4i4/qHrsngcv/bpmu/fhLtI+pXP8tvP7PVZWRFuV/U7JPFeuauodiTXL575Bp8O7taL+52Po/3P/3PFtZRvdfi/K/OVHXGbSro8GxAAAAAAAAAAAAAAAAAIDVJGeenpPp8siLFv6GqJ7v/41XlZHl//5X+YfJNb7/1ZWoG2/S7xoaGmgAAAAAAAAAAIAmScnT1zI9r5JddxUd0olkiSfavwEAAP//G6xIAA==") bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x8, 0x0, 0x0}, 0x90) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000002d80)={0x0, 0x0, &(0x7f0000002d40)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000000203010200000000000000000000000009000200000000470200000008000340000000000800010001"], 0x30}}, 0x0) sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="20000000020305000000000000000000000000000900"], 0x20}}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000140)=ANY=[@ANYBLOB="1c000000120021030000000000bc61682a00968008001d001d"], 0x1c}], 0x1}, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000240), r4) recvmmsg(r4, &(0x7f00000077c0)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}], 0x1}}, {{0x0, 0x0, 0x0}, 0x9}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000004340)=""/193, 0xc1}, 0x9}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x7, 0x0, 0x0) r5 = fsopen(&(0x7f0000000300)='tmpfs\x00', 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='cgroup.controllers\x00', 0x275a, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) r6 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r6, &(0x7f00000020c0)={0x0, 0x0, &(0x7f0000002080)={&(0x7f0000001f80)={0x2, 0x5, 0x0, 0x0, 0x2}, 0x10}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r7, 0x1, 0x1a, &(0x7f0000000040)={0x2, &(0x7f0000000140)=[{0x20}, {0x6}]}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004bc311ec8500000075000000a70000000900000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0xe, 0x4, 0x4, 0x3}, 0x48) r8 = socket$inet6(0xa, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(r8, 0x8946, &(0x7f0000000080)={'veth0_macvtap\x00', &(0x7f0000000040)=@ethtool_channels={0x3d, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1}}) fsmount(r5, 0x0, 0x0) 3.634202976s ago: executing program 4: sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000004c0)=@newtaction={0xb4c, 0x30, 0x0, 0x0, 0x0, {}, [{0xb38, 0x1, [@m_vlan={0x54, 0x0, 0x0, 0x0, {{0x9}, {0x28, 0x2, 0x0, 0x1, [@TCA_VLAN_PUSH_VLAN_ID={0x6}, @TCA_VLAN_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}, @m_sample={0xae0, 0x0, 0x0, 0x0, {{0xb}, {0x14, 0x2, 0x0, 0x1, [@TCA_SAMPLE_RATE={0x8}, @TCA_SAMPLE_TRUNC_SIZE={0x8}]}, {0xaa1, 0x6, "448d490e57b516d2a6f86f6d6df5434c6ae4926ce104592679f0977c49b7da8394e4fab23bce103745b3decf7a818e9c7d51c5eb6e3d0cba773a72981187b6830cab1dc7058594f06cea3eab5ddf07a58ac88db8cf705057ac548d96d5b8704bef172e5699df39683628b6577ea6e9c1112ca1558509e2e7e4ce2f6bf8cf533f72df46a42a25e17714931163f6ada4c23f8eab5dca9e91f91592d9f105a2d8f02ffbbeb98b63944f7463c4d8a9e6916e9749aeaaa45d6dd8966912c4f464a22abe377037d9d653ebf29957b45477840ea073d40da70745bb3f1b64946ac16043e56c5c03118c9a2101a5f7314c01b67e27fdc62de49439d3669ae25f2bcfb4d46e041c552639a4529c04e73c004614761ba598896355eea941b3ad392b0e3815c73cc3f3c9518b27fc8319fbafcbfe71c5596f8383ecbb91379d15ec732890a237788ec53036eaacca9137b9287b9afd89d0c904dc1d45fe71439def01d19640fdbca611c5f54a1b504a7bfbe6fa1dc9b479887fcc9eff5985c996d83eef7cd4f8d00b5d07286968a0dd89c6036720da522cf2df730e80cd2cedc3d3de83613a7d82442e9381f0aca98a3a67853f9eca0cbec99f6a892e9009c6ad514fe7d8f146c0050afdcbb98fdf52eff624ef326796dab655446826aab677264953deeb18c7ef2b6d8874ad68963104a6f1ef992361d589eadf5c0920a4e4b81e6f2670a0ebe8faed2fa3162bf622d14b8048cf3902c7f4256b6b5daea9b934c3194665ef4c36d58f1a2910487297e829209b0b380f4071ef6a30ca7f7b43853d56001253f6cdb01b963d4e863b0eaa39971ba23a1856ebdf3ed607ca517cd619aef739df8bd3df21b9f3f0ebf7e0b00be4451e0024902888161f1bc40ce8c7c4b2c07db1adae2bc44dddd5450d6398115acc8cf926bebb7a9b14e2e0a212759a4eb9eb2d8670f4f86407ffecb86a9820b3e528eb030b3b139fe4d89d0137211020f68b8ee23a14627fa4f165b9bf1d2bf738a8ea1ee7168a13dfb39e5d0fbde8c5772fa546dd7ee17a25df3b3ec8db1cf7f7a12ba6724df50b196ec3fb70230948c9dfc91e208f144d74ab7e8468bc6105019407e99a939f4a9c7cac9508e6c6af22738e7172fecefcbe574f47016e893b9e55066321447d9760e44f64d72b52ea81def0a56b44827c0451cb247374d13e0d7f3951bcfa94b0d010b5211e6ed6094cf0103f34ab1118e329a4ce39b9d65fc26e5484235d4376a79d329ea41adb191c5ae63ce783f1daa147174725e47690b031420a1c32aeb1086f0de222500b3aea6fc371b483ebb086c1ac72dacb9e15e8b774fd5074d015aa06702f55599af2492526a7aa1c0008ea0029e77c32070a3dbf40076abae1017efd772f50985b1a730da1ba2a451eb27c47547ce6d6c04fe65282d139bcf1f0faf20b29019cb9a058321eadeaa0e077fbc6184e35d8a849e694ec87e7bffa9e7c05b44431b90b49ddf3dac8eea4906a042b5cfe85ff0ab6e289096827c8423622690ec76d4ac16826b61cf58e8eccf244c87b80697e1c4184a540c62e5624df8625f5afdc91e4f7afad6b224ca92938c6fc06d7f369ee1fd985f2d7335a177d7691d35d03fcd21dc4b2ba8b5ab3776c86f010c986ce3b7724556927aed7ed21a421c25acc633a77a2042710bb38c9ec008faa1b8d5be827dc2587195d94c1c2b850132948f37a964ec84248dd712ec30695fd51df603edf114a4ab6d033321f24ae0c11ae41e4c787ee6cee322e07bfd6c40adbc762f228a66d345f75a5e133955dea66f181247a3a13d8f2c53121f9efe7aa76c2224f9fc9443629e8fe3fc55099c74f6f46f89ed57577279b4a3e9e8fe2be73625cb144f2c712c2de79b86f1ea2896cbc6dc581e688cfe6e6084367165ea8d6a28a42b909515d8e42849ae66108c4eca373c6e6214dc3615543a3988a05a95e6c3e96e58bb69705b5ebf3c6b573910fbdba19109267f665d50156d6d4c6d8d4cb8c387172ca15dccfd74ad850d555e7f4d9b8bd5615fad56c3053f2726f4535cf9ea247f7dc55e40b50e899fcb5b1c88a63653417ec64bcc56eaca4ec5c1f4ce31f523d04a34c66a520e7d5603834a26cbb7a5a3af887313ac10dd4663bf631f525d194f9caf98921e1e0102ee3a62d2bd39cdc9769dfe9e2615667f442cfc43290960d32af1128679647cb00601700cf5c1598c5efece046e9072ac5798044817650365e157ce1e17d4bbd9b07110f0bbd77255293823c07fc2b35b6721e6f427dbdabd3685a09a2d8f93e592287aa725c2a9beb27fe472f23fc96ac7956fac44cbdad7b0ed5ab214fe1209d3f49db18788773d8667e85aa4556f7f21171160fc871fc999ccf1e2e1738793fe28d461f8cf55e278fc0a46a9cca8ea1cc56be65111b3d6297db292c910fda17681f22c7b49551f562ffa18d3588af95038ca53278833eba0ac39716dceb2336bfba2249b63c17efbf2ea6191d8c6dc67101bb70a7339fb0a420350928e2b1f62996c394309d749821dbb4c1eacee0a0d8ff338813fb78021e833c7da4240eb8076c18b8ac26e5d574f8ee9a955a4d61fdb2f6610d3c27e20fa6bc1379092bd8d18a2f85653ed824cb03af10e83c2182a6e2d872fee51d9386f2f7e1e92fc092a1d910f067f7f8beac5b203bc4d2e92504984accc2fbf3df2151e7466fe84c2f73c8c540bdeb9222f23571f55fed71025cb3ac37cabc793bea285dfe62b5749a7b7d2d84d44a57856983b627717e4ed7e8b930d16145feb0841e022905822b9765b8fa322cf83d8b25f8306dcf2a9adfc1c78b605d9a21078c68b48c81fb3e2227124a604c8916a5b17098996db2c0ea0f9385af8127afe1059bfe7e64f5dd431b58f69428648ab4ab798c655c1a55213b5f666136789451ee05e605a984ca9551a18997ee48136466db48ab2a49106bd7534f380be92a8921db9d0f816bbb86959f1eb2dc68761f6a41e07e204d7066cf02805457fa37a31d542491f0f96a0528d30dac0eda7d877370d5593750230362660ca0877429a8d0d5c2b6828fd2493c0568a6e25ac0e3cc0297d04d99adc5afb84a3c91f349a79ed416ee401d8978136cbf69aef00f0cbd2730592a976ce7b8ebc0aa42801ebfdf73268f20afd8705f922c8cfbfc3126afcc4e26259b2fa5ed5f7d47efd9734b60d019804ff0c8d9299cdf03e8d17388861212fae279ee4f943e2213d14823b275cf9eafd1e7f2a27756b312a4df4f3ea2aa069b48f396aa9adabe08af66c62190d5a61e753732be405e261af7886df65090931b8e5919cd22f7d4021a2c021d27fef224964d80d025fa9c057522d9eab7c8f5ba9cef322c87500fc5e67b191a409f4a0960d24499fd9297b0f2cc93587ed2150f5fd09943045c5c21a786dd9c0bafed797d46092b6f7b1fb8c76c499ea0be6f5810d0f0d0fb336775e3093dd089881510da79727f50df3eaf7b6a1814ab4ee4ff2b629f2f5becdebd4fcc8396ffb5091a88eb2a0dc1c8db27a23a3fca1affaeea6109d4dd08a95fee88efdc52779612bd0f72cba36eb3a03b3281fc6581d1c6796dc1f2248cd5d4aac0620c5eb1e31175b0571369cdc2c2f65d28ce8d352bf70f2e20beda5ba8271458a38fd45da5d30b1e748afc62950deb00edf1ec1ac14276480f16f485ccbf83b5198ff95e051d1417cc7b41e06c57208b30d1b48ec0975fd757378f63abaa1d2c2404df85b64659b07a334e847ee4382a7030c494cc05a724b6f37ff863f4ce28861d815e65d7bf932966ebe58df44a6abaeb4377535b17c38eb2e07ebeb32aa2f1f56b7a3dcef1c4cb5685701ae643de5a29"}, {0xc}, {0xc}}}]}]}, 0xb4c}}, 0x0) prctl$PR_SET_MM(0x23, 0x8, &(0x7f0000001000/0x4000)=nil) r0 = inotify_init1(0x0) fcntl$setown(r0, 0x8, 0xffffffffffffffff) fcntl$getownex(r0, 0x10, &(0x7f0000000040)={0x0, 0x0}) ptrace$setopts(0x4206, r1, 0x0, 0x0) 2.727195069s ago: executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x3, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x63, 0x11, 0x8}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x5}, @exit], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0xa, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x6}, 0x70) 2.608743479s ago: executing program 3: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000040)={0x13, 0x65, 0xffff, 0x1000, 0x6, '9P2000'}, 0x13) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_DIRENT(r2, &(0x7f0000000000)=ANY=[@ANYBLOB="58000000000000009fed2788c5532994414b47034801d524faf416638217", @ANYRES32], 0x58) mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) chdir(&(0x7f0000000100)='./file0\x00') read$FUSE(r0, &(0x7f0000002380)={0x2020}, 0x2020) mknodat$loop(0xffffffffffffff9c, &(0x7f0000000180)='./file2\x00', 0x6000, 0x1) 2.457347622s ago: executing program 0: r0 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000a80)=@raw={'raw\x00', 0x8, 0x3, 0x528, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x458, 0xffffffff, 0xffffffff, 0x458, 0xffffffff, 0x3, 0x0, {[{{@uncond, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@uncond, 0x0, 0x358, 0x388, 0x0, {}, [@common=@inet=@policy={{0x158}, {[{@ipv4=@multicast1, [], @ipv4=@multicast2}, {@ipv4=@multicast1, [], @ipv6=@local}, {@ipv6=@private1, [], @ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}}, {@ipv6=@mcast2, [], @ipv4=@loopback}], 0x2, 0x2000}}, @common=@inet=@hashlimit3={{0x158}, {'veth0_virt_wifi\x00'}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x588) 2.395831995s ago: executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000a00), 0xffffffffffffffff) sendmsg$NL802154_CMD_NEW_SEC_KEY(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x60, r1, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_SEC_KEY={0x40, 0x30, 0x0, 0x1, [@NL802154_KEY_ATTR_USAGE_FRAMES={0x5}, @NL802154_KEY_ATTR_ID={0x20, 0x1, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_IMPLICIT={0x14, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x3}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6}]}, @NL802154_KEY_ID_ATTR_MODE={0x8}]}, @NL802154_KEY_ATTR_BYTES={0x14, 0x4, "4955cdc66fbb790ed48fbe945d8908e6"}]}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x60}}, 0x0) 2.252904076s ago: executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)={0x3c, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @crypto_settings=[@NL80211_ATTR_SOCKET_OWNER={0x4}, @NL80211_ATTR_CONTROL_PORT_NO_PREAUTH={0x4}, @NL80211_ATTR_CIPHER_SUITES_PAIRWISE={0x8, 0x49, [0x0]}, @NL80211_ATTR_CONTROL_PORT_OVER_NL80211={0x4}]]}, 0x3c}}, 0x0) 2.193721127s ago: executing program 1: socket$pppl2tp(0x18, 0x1, 0x1) r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TUNSETOFFLOAD(r1, 0x400454ce, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000180)={'pimreg0\x00', 0x1}) r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) bind$bt_sco(r2, &(0x7f0000000100), 0x12) getsockopt$bt_BT_DEFER_SETUP(r2, 0x112, 0x7, 0x0, &(0x7f0000000340)) syz_emit_ethernet(0x3e, &(0x7f0000000140)=ANY=[@ANYBLOB="0180c200000050a245d5cde088a8340081002600080045000028000000000002907800000100ffffffff11e090780000000062ea00"/62], 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000880)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r3 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r3, 0xc4c85513, &(0x7f0000000280)={{0x2, 0x0, 0x0, 0x0, 'syz1\x00'}, 0x0, [0xffffffffffffffff]}) 2.183100549s ago: executing program 2: r0 = epoll_create1(0x0) r1 = syz_io_uring_setup(0x5169, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=0x0, &(0x7f0000000240)=0x0) syz_io_uring_submit(r2, r3, &(0x7f00000001c0)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd=r0}) io_uring_enter(r1, 0x9f7, 0x0, 0x0, 0x0, 0x0) r4 = syz_io_uring_setup(0x320e, &(0x7f0000000280), &(0x7f0000000180), &(0x7f0000000000)) r5 = socket$phonet_pipe(0x23, 0x5, 0x2) listen(r5, 0x0) accept$phonet_pipe(r5, 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r4, &(0x7f0000000400)={0x20000004}) 2.102227838s ago: executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$SNDRV_TIMER_IOCTL_START(0xffffffffffffffff, 0x54a0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8}, 0x48) r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x3, 0xf, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r5}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {{0x5, 0x0, 0x3}, {0x95, 0x0, 0x0, 0xffffff85}}, [], {{0x6, 0x1, 0x5, 0x8}, {0x6, 0x0, 0x5, 0x9}, {0x85, 0x0, 0x0, 0x5}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e8500000001000000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r7 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_int(r7, 0x0, 0xb, &(0x7f00000000c0)=0x4, 0x4) syz_emit_ethernet(0x76, &(0x7f0000000180)={@broadcast, @empty, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x68, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0xc, 0x0, 0x0, 0x3, 0x0, 0x0, {0x13, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @private, @dev, {[@timestamp_addr={0x44, 0x14, 0x0, 0x1, 0x0, [{@local}, {@loopback}]}, @cipso={0x86, 0x21, 0x0, [{0x0, 0x8, "0100f2fcb6ba"}, {0x0, 0x11, "4eb8a616e1992a157e49878192645b"}, {0x0, 0x2}]}]}}}}}}}, 0x0) recvfrom(r7, 0x0, 0x0, 0x2040, 0x0, 0x0) recvmmsg(r7, &(0x7f0000006240)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000300)='sys_enter\x00'}, 0x10) preadv2(r6, &(0x7f00000003c0)=[{&(0x7f0000002b40)=""/4096, 0x1000}], 0x1, 0x10001, 0xf415, 0x1c) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80800) write$P9_RVERSION(r8, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x15) r9 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r9, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r9, 0xc0306201, &(0x7f0000000300)={0x8, 0x0, &(0x7f0000000180)=[@increfs], 0x0, 0x0, 0x0}) 2.090121835s ago: executing program 0: syz_mount_image$f2fs(&(0x7f0000000680), &(0x7f0000000200)='./file2\x00', 0x0, &(0x7f00000002c0)={[{@alloc_mode_def}, {@resgid}, {@noinline_dentry}, {@resgid}]}, 0x1, 0x54fc, &(0x7f000000ab40)="$eJzs3M1rI2UYAPAn7Xa/XYt48LYDi9DCJjT9WPRWdRc/sEtZ9eBJ0yQN2U0ypUnT2pMHj+LB/0QUPHn0b/Dg2Zt4ULwJSmamutUVhCaN3f5+MHnmffPmmecNy8IzUxLAuTWf/PpzKW7ElYiYjYjrETEXEaXiyKzn4YWIuBkRM48dpWL+z4mLEXE1Im6Mkuc5S8Vbn98e3lr76a1fvvnu0oVrX3z9/fR2DUzbixHR3cnP97t5TFt5fFjM14btLHZXh0XM3+g+KsZpHvebW1mG/drRuloWV1r5+nRnrz+K251afRRb7e1sfqeXX7A/bB3lyT7wsLabjRvNrSy2+2kWW4d5XQeH+f9th/1BnqdR5PsoSx+DwVHM55sHzXw/O4+yWO8Nivk8b9poHozisIjF5aKedhpZHVsn+ab/395u9/YOkmFzt99Oe8lapfpSpXqnXN1NG81Bc7Vc6zburCYLrc5oWXnQrHXXW2na6jQr9bS7mCy06vVytZos3G1utWu9pFqtrFSWymuLxdnt5PX77yWdRrIwiq+2e3uDdqefbKe7Sf6JxWS5svLyYnKrmryzsZlsPrh3b2Pz3Q/uvn//lY03XysW/aOsZGF5aXm5XF0qL1cXz9H+PymKHuP+4URK0y4A4Ox5Uv9/Rf8PTNjk+v/dBxGT7/9D/z8WZ6r/Pe/9/wT2Dyei/wcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOLd+mPvyjexkPh9fK+afKaaeK8aliJiJiN+fYDYuHss5W+SZ+5f1c3+r4dtSZBlG17hUHFcjYr04fnt20t8CAAAAPL2++vjmZ3m3nr/MT7sgTlN+02bm+odjyleKiLn5H8eUbWb08vyYkmX/vi/EwZiyZTewLo8pWX7L7cK4sv0ns8fC5cdCKQ8zp1oOAABwKo53AqfbhQAAAHCaPp12AUxHKY4eZR49C87+8v6vB4JXjo0AAACAM6g07QIAAACAicv6f7//BwAAAE+3/Pf/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+YOd+bhMHojgAPxu8sP+0aLX3bWVvUMaWsMc9RhSQJiiBtJAGqIHcUkIEER4HhYhEkTy2FfR9khnGgh8zCA7zRhoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAunRXrRc3V7+v2+bs9u3kmQ0AAABwzrZaL+ons9T/2tz/3tz62fSLiCgj4tzafRSfTjJHTU71yuurF2O4jagTDp8xaa4vEfGnuR5+dP0tAAAAwOXaLFfztFpPD7OhB0SfUtGm/PY3U14REdXsPlNaecj7lSms/n2P43+mtLqANc0Ulkpu41xp71L/3Y9Vu+mzpkhN+fb7s80dAADo0eik6XcVAgAAQJ/+DT0AhlHE01bmcStwkppme+/zSQ8AAAD4gIqhBwAAAAB0rl7/O/8PAAAALls6/w8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAubav1YrNczdvm7Pbt5JkNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAj+zPOwqEQBiEwd71ncnc/7DSoKmpSRUIH39jMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJvf/eX/xNQ4k8y9NpaeR5K1U2Pr1Ng7N47+ML5+DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwsT8vKRACQRAFc8b/Tvr+h5UEPYMIEdDwqKIWDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwRb/75f/E1DiTzJ02lo5HkrWrxtZVY+9B4+jBePs3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwsXM/r3FUcQDA38zsbG1VXKPsISIKHvRit9va2pt4UIIH/wQhpNsau/VHm4MtRcjFm+Sci+hRRFDiLf9DzgnkEm857CGCZ2VmZ5LJD3D90ZlN8vnAm/fdYZj3fbMQ8p33EgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACiN3j2Ik+zQGcdxcW5z7/FC1m8d6TPrK9uzWcviqM6kT4eXqx+ibnOJAAAAcH4kZX0fQthJ1+ayPu7k9X9aXpPV/N89O47Lev5o3V/2Ze2ftV9/2X1xf6DOeJzsprcXh4Mrx1NpPblZTrfn/vaKVv7k83cvSf6FxB8svzBK8+cZfbOx8V47Dy/UkS0A8G9cLvsiKH8fyvp+k4kBcG60KoV3Wf8nnWZzAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKjDaDk8XcZRCGG2dRBntvYeL5zUr69sz5btxurqSvWe2S3SEMLtxeHgSo1zmXYPHj66Oz8cDu7XH7wSQmhq9HeK6d/9aIKLQ2jk+Qj+pyAuvuxpyed0BA3+UAIA4ExKi5bV9Tvp2lx2LpoJ4c/vD9f/r1fiMGH9v/vxjc3qWNX6v1/bDKdfb+ne570HDx+9uXhv/s7gzuDTt6723+5fu3n9+s1e/q6k540JAAAA/027aNX6P545vv5/qRKHCev/L77tf1UdK1H/n+hg0a/pTAAAAM6351/94/fohPNRux2+nF9aut8fH/c/Xx0fG0j1H7tQtGr9n8w0nRUAAABQh9FydGj9/1YlDhOu/z/zw0s/Ve+ZhBAuFuv/lxc+G96qbzpTrY4/J256jgAAADTrYtGq6/9pvv8/3t/yEIcQ3nhtHBf/BnCi+j95/+sfq2NV9/9fq2+KUynujp9H3ndDaHWbzggAAICz7KmiZcX+b+na3Cc/X/qwbf8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQN3+CgAA///quD5a") mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) syz_mount_image$msdos(&(0x7f0000000180), &(0x7f0000000100)='.\x00', 0x61, &(0x7f00000001c0)=ANY=[], 0x1, 0x0, &(0x7f0000000000)) mount$overlay(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) 1.756639512s ago: executing program 1: prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1) r0 = socket$igmp(0x2, 0x3, 0x2) getsockopt$MRT(r0, 0x0, 0x53, 0xffffffffffffffff, &(0x7f0000000000)=0xff00) 1.124486953s ago: executing program 1: bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0}, 0x10) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) recvmsg$unix(0xffffffffffffffff, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x4, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180200000002000000000000000000008500000027000000850000002a00000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x0, 0xe, 0x0, &(0x7f0000000900)="e02742e8680d85ff9782762f0800", 0x0, 0x1fffc, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 1.094973109s ago: executing program 2: prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00', r0}, 0x10) process_madvise(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x2) 825.074527ms ago: executing program 2: r0 = socket$kcm(0x10, 0x2, 0x4) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000780)={0xffffffffffffffff, 0x20, &(0x7f00000006c0)={&(0x7f0000000640)=""/52, 0x34, 0x0, &(0x7f0000000680)=""/43, 0x2b}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x13, 0x0, 0x0, &(0x7f0000000140)='GPL\x00', 0x4, 0x99, &(0x7f0000000180)=""/153}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0xb, 0xb, &(0x7f0000000300)=ANY=[@ANYRESOCT=r0], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x6e0dacdea1cdcfed, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r2}, 0x10) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="0403"], 0x7) sendmsg$kcm(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000580)="89000000120081ae08060cdc030000007f1be3f74001000000e2ffca1b1f0000000004c00e72f750375ed08a56331dbf9ed7815e381ad6e747033a0093b837dc6cc01e32efaec8c7a6ec00123d000140060404000a0400009bbc7a46e3988285dcdf12f21308f868fece01955fed0009d78f0a947ee2b49e33538afa8af92347514f0b56a21e842f70", 0x89}], 0x1}, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000001c0)={'bridge0\x00', 0x0}) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r3, &(0x7f0000000400)) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000000)=0xf3f, 0x4) sendto$packet(r3, &(0x7f00000000c0), 0x0, 0x0, &(0x7f0000000540)={0xc9, 0x0, r4, 0x1, 0x0, 0x6, @multicast}, 0x14) r5 = openat$smackfs_logging(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0xef, 0x62, 0x14, 0x40, 0x413, 0x6f00, 0xd83f, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x7, 0x1a, 0x5c}}]}}]}}, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x4, 0x28011, r6, 0x0) r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x1e, &(0x7f0000000980)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x6ed, 0x0, 0x0, 0x0, 0x5}, {{0x18, 0x1, 0x1, 0x0, r6}}, {}, [@map_idx_val={0x18, 0x0, 0x6, 0x0, 0x7, 0x0, 0x0, 0x0, 0x200}, @printk={@s, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x80000000}}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x5}, @map_fd={0x18, 0x0, 0x1, 0x0, r6}, @map_idx={0x18, 0x6}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f00000000c0)='syzkaller\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r7}, 0x10) r8 = socket$inet(0x2, 0x3, 0x33) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) getsockopt$inet_mreqsrc(r8, 0x0, 0x53, &(0x7f0000000000)={@dev, @local, @broadcast}, &(0x7f0000000040)=0x28) r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='net_prio.prioidx\x00', 0x275a, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x0, 0x3, &(0x7f0000000400)=ANY=[], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x91, &(0x7f0000000100)=""/145}, 0x90) write$binfmt_script(r9, &(0x7f0000000040), 0xfea7) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r9, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000200)={&(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000004000/0x1000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000000/0xb000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, 0x0}, 0x68) ftruncate(r6, 0x796c) write$smackfs_logging(r5, &(0x7f00000000c0), 0x14) 672.993349ms ago: executing program 3: bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000840)={&(0x7f00000007c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@enum]}}, 0x0, 0x26, 0x0, 0xa}, 0x20) 348.62964ms ago: executing program 1: r0 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, &(0x7f0000001380)) 163.222751ms ago: executing program 1: syz_mount_image$minix(&(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x0, &(0x7f0000000040)=ANY=[@ANYRES64=0x0], 0xfd, 0x187, &(0x7f0000000200)="$eJzs289q4lAUx/Hf9e+M8//fZlYDMzCzGTM60LS7+iiiqZXGVmo3SqH4KH2gvkGhL6DQvkBTGsU2wWJIMbH6/YDkHuFwzl1cPXcRAdhYHyUZGeUleZ53tv/L6EfaTQFIhKdbD8Cmyl6n3QGAdIxrWX8O6Eq6ujltjKaffMT5YVzL+M9dSaNH+YWo+UPjP7/ngvlFSa+izC/nk/zfofqvjXkq5fJiTv1SKL8Uuf/J/v/8DOa/kfRW0jsjvZf0YXrX+iTp85z6zVD9bxHrA89hVA7HgS8y2mu7zr9ZnPfjyiwu+HE1FP+fxUU/LjeO3OaytgAgpsyC858Nnf9c6PwDeLl6/cFB3XWd4w1dDBMuOpS0KnuPuZBWog0Wixb39+f46Wn/MgFYNuuk07V6/cHfdqfeclrOYdXese3KdmXLtvzJ3wrO/wDWx8OfftqdAAAAAAAAAAAAAACAuL5I+pp2EwAAAAASkcTbSGnvEQAAAAAAAAAAAAAAAAAAAFgXdwEAAP//xZ5OgA==") chdir(&(0x7f0000000080)='./file0\x00') rename(&(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='./file1\x00') 63.864364ms ago: executing program 2: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000100)={0x3, 0x40, 0xfa00, {{0x2, 0x4e21, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, {0xa, 0x0, 0x0, @mcast2}, r1}}, 0x48) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000180)={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f00000000c0)=0x1, r1, 0x0, 0x1, 0x4}}, 0x20) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000400)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f0000000380)={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f0000000000)=0x1, r3, 0x0, 0x1, 0x4}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, &(0x7f0000000100)={0x3, 0x40, 0xfa00, {{0xa, 0x4e21, 0x0, @loopback}, {0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, r3}}, 0x48) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f0000002380)={0x7, 0x8, 0xfa00, {r1}}, 0x10) 0s ago: executing program 2: socket$pppl2tp(0x18, 0x1, 0x1) r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TUNSETOFFLOAD(r1, 0x400454ce, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000180)={'pimreg0\x00', 0x1}) r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) bind$bt_sco(r2, &(0x7f0000000100), 0x12) getsockopt$bt_BT_DEFER_SETUP(r2, 0x112, 0x7, 0x0, &(0x7f0000000340)) syz_emit_ethernet(0x3e, &(0x7f0000000140)=ANY=[@ANYBLOB="0180c200000050a245d5cde088a8340081002600080045000028000000000002907800000100ffffffff11e090780000000062ea00"/62], 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000880)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r3 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r3, 0xc4c85513, &(0x7f0000000280)={{0x2, 0x0, 0x0, 0x0, 'syz1\x00'}, 0x0, [0xffffffffffffffff]}) kernel console output (not intermixed with test programs): 7.372711][ T5287] ? __fget_files+0x29/0x470 [ 87.377327][ T5287] __x64_sys_preadv+0x1c7/0x2d0 [ 87.382190][ T5287] ? __pfx___x64_sys_preadv+0x10/0x10 [ 87.387572][ T5287] ? do_syscall_64+0x100/0x230 [ 87.392368][ T5287] ? do_syscall_64+0xb6/0x230 [ 87.397063][ T5287] do_syscall_64+0xf3/0x230 [ 87.401763][ T5287] ? clear_bhb_loop+0x35/0x90 [ 87.406457][ T5287] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 87.412382][ T5287] RIP: 0033:0x7f130067cea9 [ 87.416813][ T5287] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 87.436448][ T5287] RSP: 002b:00007f13013dd0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 87.444881][ T5287] RAX: ffffffffffffffda RBX: 00007f13007b3f80 RCX: 00007f130067cea9 [ 87.452878][ T5287] RDX: 0000000000000002 RSI: 0000000020000600 RDI: 0000000000000005 [ 87.460909][ T5287] RBP: 00007f13006ebff4 R08: 0000000000000000 R09: 0000000000000000 [ 87.468899][ T5287] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 87.476881][ T5287] R13: 000000000000000b R14: 00007f13007b3f80 R15: 00007ffdc5306bc8 [ 87.484878][ T5287] [ 87.538652][ T5290] bcachefs (loop0): bch2_journal_replay(): error ERESTARTSYS [ 87.547427][ T5290] bcachefs (loop0): bch2_fs_recovery(): error ERESTARTSYS [ 87.566787][ T5290] bcachefs (loop0): bch2_fs_start(): error starting filesystem ERESTARTSYS [ 87.606791][ T5290] bcachefs (loop0): shutting down [ 87.606804][ T5188] bcachefs (loop0): going read-only [ 87.622901][ T5188] bcachefs (loop0): finished waiting for writes to stop [ 87.633253][ T5188] bcachefs (loop0): flushing journal and stopping allocators, journal seq 13 [ 87.645815][ T5188] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 13 [ 88.833722][ T5350] warning: `syz-executor.1' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 89.188423][ T5356] loop1: detected capacity change from 0 to 512 [ 89.375064][ T5356] EXT4-fs (loop1): Test dummy encryption mode enabled [ 89.427775][ T5356] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -13 [ 89.443695][ T5358] loop3: detected capacity change from 0 to 1024 [ 89.489623][ T5356] EXT4-fs error (device loop1): ext4_clear_blocks:883: inode #13: comm syz-executor.1: attempt to clear invalid blocks 2 len 1 [ 89.523249][ T5356] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters [ 89.588958][ T5356] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #13: comm syz-executor.1: invalid indirect mapped block 1819239214 (level 0) [ 89.627272][ T5356] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #13: comm syz-executor.1: invalid indirect mapped block 1819239214 (level 1) [ 89.651816][ T5356] EXT4-fs (loop1): 1 truncate cleaned up [ 89.662296][ T5356] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 89.755401][ T5356] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000 ro. Quota mode: writeback. [ 89.785208][ T5358] hfsplus: bad catalog entry type [ 89.809583][ T5358] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 89.822898][ T5358] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 89.832861][ T5358] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 89.856404][ T5103] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 89.900015][ T5358] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 90.447888][ T5390] loop2: detected capacity change from 0 to 128 [ 90.584516][ T5390] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 90.606749][ T5390] ext4 filesystem being mounted at /root/syzkaller-testdir2846915294/syzkaller.Aj7u3l/14/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 91.704394][ T5111] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 91.795165][ T5382] loop4: detected capacity change from 0 to 40427 [ 91.811434][ T5382] F2FS-fs (loop4): Mismatch start address, segment0(512) cp_blkaddr(175702528) [ 91.827855][ T5382] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 91.851187][ T5382] F2FS-fs (loop4): invalid crc value [ 91.871460][ T5382] F2FS-fs (loop4): Found nat_bits in checkpoint [ 91.926888][ T5386] loop1: detected capacity change from 0 to 40427 [ 91.956649][ T5386] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 91.968607][ T5386] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 92.003821][ T5382] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 92.016617][ T5386] F2FS-fs (loop1): Found nat_bits in checkpoint [ 92.018746][ T5382] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4 [ 92.076413][ T5382] syz-executor.4: attempt to access beyond end of device [ 92.076413][ T5382] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 92.095884][ T5382] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 92.135945][ T5386] F2FS-fs (loop1): Try to recover 1th superblock, ret: -30 [ 92.155043][ T5386] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 93.555001][ T5429] loop1: detected capacity change from 0 to 1024 [ 93.569080][ T5121] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 93.579000][ T5121] Bluetooth: hci2: Injecting HCI hardware error event [ 93.587790][ T5115] Bluetooth: hci2: hardware error 0x00 [ 93.668686][ T5429] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 93.785604][ T5429] EXT4-fs error (device loop1): ext4_expand_extra_isize_ea:2786: inode #2: comm syz-executor.1: corrupted in-inode xattr: bad e_name length [ 93.807821][ T5429] EXT4-fs warning (device loop1): ext4_expand_extra_isize_ea:2856: Unable to expand inode 2. Delete some EAs or run e2fsck. [ 93.833678][ T5439] EXT4-fs error (device loop1): ext4_get_inode_usage:883: inode #2: comm syz-executor.1: corrupted in-inode xattr: bad e_name length [ 94.191669][ T5444] Zero length message leads to an empty skb [ 94.870296][ T5103] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 94.935234][ T5441] loop3: detected capacity change from 0 to 4096 [ 95.648080][ T5115] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 96.654626][ T29] kauditd_printk_skb: 151 callbacks suppressed [ 96.654646][ T29] audit: type=1800 audit(1718296428.754:239): pid=5441 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="loop3" ino=33 res=0 errno=0 [ 96.742374][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 96.947200][ T0] NOHZ tick-stop error: local softirq work is pending, handler #242!!! [ 98.727553][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 98.857803][ T8] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 99.067214][ T8] usb 2-1: Using ep0 maxpacket: 16 [ 99.079745][ T8] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 99.131854][ T8] usb 2-1: New USB device found, idVendor=056a, idProduct=0319, bcdDevice= 0.40 [ 99.155669][ T8] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 99.187579][ T8] usb 2-1: Product: syz [ 99.204995][ T8] usb 2-1: Manufacturer: syz [ 99.225096][ T8] usb 2-1: SerialNumber: syz [ 99.281151][ T5481] loop4: detected capacity change from 0 to 32768 [ 99.284988][ T8] usbhid 2-1:1.0: couldn't find an input interrupt endpoint [ 99.306610][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 99.329546][ T5481] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor.4 (5481) [ 99.424466][ T5481] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 99.451307][ T5481] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm [ 99.488644][ T5157] usb 2-1: USB disconnect, device number 2 [ 99.518375][ T5481] BTRFS info (device loop4): using free-space-tree [ 99.827292][ T8] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 99.991195][ T5106] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 100.042342][ T8] usb 3-1: Using ep0 maxpacket: 32 [ 100.068248][ T8] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 100.089947][ T8] usb 3-1: New USB device found, idVendor=04cb, idProduct=0123, bcdDevice=88.b9 [ 100.108089][ T8] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 100.116674][ T8] usb 3-1: Product: syz [ 100.121085][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 100.127696][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 100.139143][ T8] usb 3-1: Manufacturer: syz [ 100.147441][ T8] usb 3-1: SerialNumber: syz [ 100.158005][ T8] usb 3-1: config 0 descriptor?? [ 100.167944][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 100.216915][ T8] gspca_main: finepix-2.14.0 probing 04cb:0123 [ 100.331606][ T5519] loop1: detected capacity change from 0 to 4096 [ 100.341833][ T5519] ntfs3: loop1: Different NTFS sector size (1024) and media sector size (512). [ 100.392638][ T5519] ntfs3: loop1: Failed to initialize $Extend/$ObjId. [ 100.419009][ T25] usb 3-1: USB disconnect, device number 2 [ 100.644652][ T5525] 9pnet: Could not find request transport: 0xffffffffffffffff0000000000000000000000000000000000000000 [ 102.227194][ T785] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 102.417068][ T785] usb 3-1: Using ep0 maxpacket: 16 [ 102.426634][ T785] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 102.452773][ T5559] 9pnet: Could not find request transport: 0xffffffffffffffff0000000000000000000000000000000000000000 [ 102.459903][ T785] usb 3-1: New USB device found, idVendor=056a, idProduct=0319, bcdDevice= 0.40 [ 102.487045][ T785] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 102.495105][ T785] usb 3-1: Product: syz [ 102.511395][ T785] usb 3-1: Manufacturer: syz [ 102.516056][ T785] usb 3-1: SerialNumber: syz [ 102.548715][ T785] usbhid 3-1:1.0: couldn't find an input interrupt endpoint [ 102.642078][ T5540] loop1: detected capacity change from 0 to 32768 [ 102.657228][ T5540] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor.1 (5540) [ 102.695974][ T5540] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 102.713604][ T5540] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 102.734975][ T5540] BTRFS info (device loop1): using free-space-tree [ 102.802452][ T5577] loop4: detected capacity change from 0 to 256 [ 102.815612][ T785] usb 3-1: USB disconnect, device number 3 [ 102.847307][ T5577] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 102.906792][ T5577] Process accounting resumed [ 102.916546][ T5103] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 103.333044][ T5599] loop1: detected capacity change from 0 to 256 [ 103.368897][ T5599] exfat: Deprecated parameter 'namecase' [ 103.409500][ T5599] exFAT-fs (loop1): failed to load upcase table (idx : 0x00017f3e, chksum : 0x0b83170a, utbl_chksum : 0xe619d30d) [ 103.657305][ T5612] trusted_key: syz-executor.3 sent an empty control message without MSG_MORE. [ 103.996611][ T5626] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 104.028997][ T5626] syz-executor.4 (pid 5626) is setting deprecated v1 encryption policy; recommend upgrading to v2. [ 104.104136][ T5626] mmap: syz-executor.4 (5626) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 104.226443][ T5634] loop1: detected capacity change from 0 to 2048 [ 104.270998][ T5634] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 104.829344][ T5157] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 106.371263][ T5103] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 106.407214][ T5650] netlink: 277 bytes leftover after parsing attributes in process `syz-executor.2'. [ 106.748435][ T5659] netlink: 240 bytes leftover after parsing attributes in process `syz-executor.4'. [ 107.017079][ T5157] usb 4-1: Using ep0 maxpacket: 16 [ 107.026671][ T5157] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 107.042584][ T5157] usb 4-1: New USB device found, idVendor=056a, idProduct=0319, bcdDevice= 0.40 [ 107.052372][ T5157] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 107.061041][ T5157] usb 4-1: Product: syz [ 107.065712][ T5157] usb 4-1: Manufacturer: syz [ 107.070475][ T5157] usb 4-1: SerialNumber: syz [ 107.112914][ T5157] usbhid 4-1:1.0: couldn't find an input interrupt endpoint [ 107.739392][ T2527] usb 4-1: USB disconnect, device number 2 [ 107.943332][ T5674] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 108.322908][ T5693] loop2: detected capacity change from 0 to 512 [ 108.339683][ T5693] EXT4-fs: Ignoring removed bh option [ 108.351034][ T5693] EXT4-fs: Ignoring removed nobh option [ 108.376475][ T5693] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 108.390139][ T5693] EXT4-fs (loop2): can't mount with both data=journal and delalloc [ 108.617734][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 108.618986][ T5709] fuse: Unknown parameter 'dont_measure' [ 108.627601][ T0] NOHZ tick-stop error: local softirq work is pending, handler #2c2!!! [ 108.875298][ T5158] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 109.177401][ T5158] usb 4-1: Using ep0 maxpacket: 16 [ 109.273250][ T5158] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 109.400887][ T5158] usb 4-1: New USB device found, idVendor=056a, idProduct=0319, bcdDevice= 0.40 [ 109.764713][ T5158] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 109.772949][ T5158] usb 4-1: Product: syz [ 109.780324][ T5158] usb 4-1: Manufacturer: syz [ 109.785050][ T5158] usb 4-1: SerialNumber: syz [ 109.798232][ T5158] usbhid 4-1:1.0: couldn't find an input interrupt endpoint [ 110.014679][ T5160] usb 4-1: USB disconnect, device number 3 [ 110.309803][ T5736] netlink: 64 bytes leftover after parsing attributes in process `syz-executor.2'. [ 110.324092][ T5736] netlink: 64 bytes leftover after parsing attributes in process `syz-executor.2'. [ 110.550696][ T5746] loop2: detected capacity change from 0 to 512 [ 110.574654][ T5746] EXT4-fs (loop2): 1 truncate cleaned up [ 110.582838][ T5746] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 110.643955][ T5111] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 110.893964][ T5760] loop2: detected capacity change from 0 to 512 [ 110.903856][ T5760] EXT4-fs: Ignoring removed bh option [ 110.922317][ T5760] EXT4-fs: Ignoring removed nobh option [ 110.930411][ T5760] EXT4-fs (loop2): can't mount with both data=journal and delalloc [ 111.106250][ T5160] usb 5-1: new full-speed USB device number 2 using dummy_hcd [ 111.185430][ T5760] fuse: Unknown parameter 'dont_measure' [ 111.333932][ T5160] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 111.361614][ T5160] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 111.393443][ T5160] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40 [ 111.412130][ T5160] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 111.420762][ T5160] usb 5-1: SerialNumber: syz [ 111.456528][ T5160] cdc_ether 5-1:1.0: probe with driver cdc_ether failed with error -22 [ 111.508046][ T5160] usb-storage 5-1:1.0: USB Mass Storage device detected [ 111.573545][ T5763] loop3: detected capacity change from 0 to 32768 [ 111.579363][ T5160] usb-storage 5-1:1.0: Quirks match for vid 0525 pid a4a5: 10000 [ 111.621695][ T5763] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor.3 (5763) [ 111.638209][ T5160] scsi host1: usb-storage 5-1:1.0 [ 111.665801][ T5758] netlink: 64 bytes leftover after parsing attributes in process `syz-executor.4'. [ 111.678025][ T5763] BTRFS info (device loop3): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 111.688509][ T5763] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 111.699374][ T5763] BTRFS info (device loop3): using free-space-tree [ 111.892726][ T5796] Cannot find add_set index 0 as target [ 111.922163][ T5104] BTRFS info (device loop3): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 112.136103][ T29] audit: type=1800 audit(1718296444.234:240): pid=5774 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor.1" name="/" dev="fuse" ino=1 res=0 errno=0 [ 112.286399][ T5806] loop1: detected capacity change from 0 to 128 [ 112.323590][ T5806] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 112.346843][ T29] audit: type=1804 audit(1718296444.444:241): pid=5808 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir1016739159/syzkaller.LLaRhc/52/file0" dev="sda1" ino=1966 res=1 errno=0 [ 112.352168][ T5806] ext4 filesystem being mounted at /root/syzkaller-testdir973381039/syzkaller.ViHP5r/47/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 112.609434][ T5103] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 112.895141][ T2527] usb 5-1: USB disconnect, device number 2 [ 113.007651][ T5812] loop3: detected capacity change from 0 to 32768 [ 113.863240][ T5844] loop1: detected capacity change from 0 to 24 [ 113.884632][ T5844] MTD: Attempt to mount non-MTD device "/dev/loop1" [ 113.912402][ T5844] romfs: bad initial checksum on dev loop1. [ 113.953340][ T5831] loop2: detected capacity change from 0 to 32768 [ 114.179699][ T5835] loop3: detected capacity change from 0 to 32768 [ 114.186575][ T5831] bcachefs (loop2): mounting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,nocow [ 114.208580][ T5835] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor.3 (5835) [ 114.230837][ T5831] bcachefs (loop2): recovering from clean shutdown, journal seq 10 [ 114.265886][ T5835] BTRFS info (device loop3): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 114.282411][ T5831] bcachefs (loop2): alloc_read... done [ 114.294123][ T5835] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 114.295171][ T5831] bcachefs (loop2): stripes_read... [ 114.305060][ T5835] BTRFS info (device loop3): using free-space-tree [ 114.317805][ T5831] done [ 114.324898][ T5831] bcachefs (loop2): snapshots_read... done [ 114.345627][ T5831] bcachefs (loop2): journal_replay... done [ 114.364051][ T5831] bcachefs (loop2): resume_logged_ops... done [ 114.397257][ T5831] bcachefs (loop2): going read-write [ 114.423751][ T5831] bcachefs (loop2): done starting filesystem [ 114.692121][ T5104] BTRFS info (device loop3): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 114.724164][ T64] bcachefs (loop2 inum 1073741825 offset 0): data data checksum error, type chacha20_poly1305_80: got 6b55c2f38f6b316a4c68 should be 3f9e892ceabd1d47b0c2 [ 114.811038][ T64] bcachefs (loop2 inum 1073741825 offset 0): no device to read from [ 114.965794][ T64] bcachefs (loop2 inum 1073741825 offset 0): read error 3 from btree lookup [ 115.470672][ T64] bcachefs (loop2 inum 1073741825 offset 0): data data checksum error, type chacha20_poly1305_80: got 6b55c2f38f6b316a4c68 should be 3f9e892ceabd1d47b0c2 [ 115.570343][ T64] bcachefs (loop2 inum 1073741825 offset 0): no device to read from [ 115.636468][ T64] bcachefs (loop2 inum 1073741825 offset 0): read error 3 from btree lookup [ 115.724095][ T5853] loop1: detected capacity change from 0 to 32768 [ 115.739696][ T29] audit: type=1800 audit(1718296447.844:242): pid=5831 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor.2" name="file0" dev="loop2" ino=1073741825 res=0 errno=0 [ 115.906898][ T5831] syz-executor.2 (5831) used greatest stack depth: 16976 bytes left [ 116.018716][ T5111] bcachefs (loop2): shutting down [ 116.024272][ T5111] bcachefs (loop2): going read-only [ 116.107071][ T5111] bcachefs (loop2): finished waiting for writes to stop [ 116.180189][ T5111] bcachefs (loop2): flushing journal and stopping allocators, journal seq 11 [ 116.220507][ T5121] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 116.237823][ T5121] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 116.245863][ T5121] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 116.254557][ T5121] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 116.263588][ T5121] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 116.270828][ T5111] bcachefs (loop2): flushing journal and stopping allocators complete, journal seq 12 [ 116.280913][ T5121] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 116.309187][ T5891] loop4: detected capacity change from 0 to 1024 [ 116.317339][ T5891] EXT4-fs: Ignoring removed nomblk_io_submit option [ 116.336461][ T5111] bcachefs (loop2): shutdown complete, journal seq 13 [ 116.370901][ T5891] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a042c018, mo2=0002] [ 116.380160][ T5111] bcachefs (loop2): marking filesystem clean [ 116.406061][ T5891] System zones: 0-1, 3-12 [ 116.461423][ T5891] EXT4-fs (loop4): mounted filesystem 00000000-0500-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 116.552745][ T5111] bcachefs (loop2): shutdown complete [ 116.626790][ T5904] netlink: 64 bytes leftover after parsing attributes in process `syz-executor.1'. [ 116.647417][ T5904] netlink: 64 bytes leftover after parsing attributes in process `syz-executor.1'. [ 116.788527][ T5106] EXT4-fs (loop4): unmounting filesystem 00000000-0500-0000-0000-000000000000. [ 116.867186][ T5888] chnl_net:caif_netlink_parms(): no params data found [ 117.033001][ T5912] loop1: detected capacity change from 0 to 24 [ 117.055875][ T5912] MTD: Attempt to mount non-MTD device "/dev/loop1" [ 117.112965][ T5912] romfs: bad initial checksum on dev loop1. [ 117.238784][ T5888] bridge0: port 1(bridge_slave_0) entered blocking state [ 117.246038][ T5888] bridge0: port 1(bridge_slave_0) entered disabled state [ 117.267625][ T5888] bridge_slave_0: entered allmulticast mode [ 117.287225][ T5888] bridge_slave_0: entered promiscuous mode [ 117.314696][ T5888] bridge0: port 2(bridge_slave_1) entered blocking state [ 117.344473][ T5888] bridge0: port 2(bridge_slave_1) entered disabled state [ 117.358376][ T5888] bridge_slave_1: entered allmulticast mode [ 117.368660][ T5888] bridge_slave_1: entered promiscuous mode [ 117.475836][ T5888] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 117.521160][ T5888] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 117.604759][ T5902] loop3: detected capacity change from 0 to 32768 [ 117.646815][ T5902] bcachefs (/dev/loop3): error reading default superblock: checksum error, type crc32c_nonzero: got 2859f616 should be 29d2fb78 [ 117.754400][ T5888] team0: Port device team_slave_0 added [ 117.759085][ T5929] xt_hashlimit: overflow, try lower: 1125899906842624/8 [ 117.788982][ T5888] team0: Port device team_slave_1 added [ 117.828055][ T5902] bcachefs (1e246536-b1b3-4f86-83c2-3dfcc2979a4c): filesystem UUID already open [ 117.839487][ T5902] bcachefs (1e246536-b1b3-4f86-83c2-3dfcc2979a4c): shutdown complete [ 117.899464][ T5888] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 117.906465][ T5888] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 117.944527][ T5888] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 117.959030][ T5938] xt_bpf: check failed: parse error [ 117.984619][ T5888] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 117.992118][ T5888] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 118.018528][ T785] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 118.046662][ T5888] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 118.193180][ T5888] hsr_slave_0: entered promiscuous mode [ 118.227883][ T5888] hsr_slave_1: entered promiscuous mode [ 118.234305][ T785] usb 3-1: New USB device found, idVendor=0c4b, idProduct=0100, bcdDevice=eb.74 [ 118.254867][ T785] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 118.267150][ T5888] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 118.274754][ T5888] Cannot create hsr debugfs directory [ 118.289423][ T785] usb 3-1: Product: syz [ 118.293736][ T785] usb 3-1: Manufacturer: syz [ 118.303873][ T785] usb 3-1: SerialNumber: syz [ 118.317575][ T785] usb 3-1: config 0 descriptor?? [ 118.326009][ T785] cyberjack 3-1:0.0: required endpoints missing [ 118.369545][ T5121] Bluetooth: hci5: command tx timeout [ 118.565749][ T9] usb 3-1: USB disconnect, device number 4 [ 118.762424][ T5888] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 118.942611][ T5888] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 119.079631][ T5946] loop4: detected capacity change from 0 to 32768 [ 119.101218][ T2819] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 119.117658][ T5946] bcachefs (/dev/loop4): error reading default superblock: checksum error, type crc32c_nonzero: got 46c1343f should be 29d2fb78 [ 119.311136][ T5888] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 119.347550][ T5946] bcachefs (1e246536-b1b3-4f86-83c2-3dfcc2979a4c): filesystem UUID already open [ 119.377807][ T5946] bcachefs (1e246536-b1b3-4f86-83c2-3dfcc2979a4c): shutdown complete [ 119.486600][ T2819] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 119.527381][ T5957] loop2: detected capacity change from 0 to 4096 [ 119.657258][ T5957] ntfs3: loop2: Different NTFS sector size (4096) and media sector size (512). [ 119.766488][ T5888] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 119.777180][ T5957] ntfs3: loop2: mft corrupted [ 119.777322][ T5957] ntfs3: loop2: Failed to load $Extend (-22). [ 119.798944][ T5957] ntfs3: loop2: Failed to initialize $Extend. [ 119.893319][ T5957] Driver unsupported XDP return value 0 on prog (id 44) dev N/A, expect packet loss! [ 119.895931][ T2819] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 120.065230][ T2819] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 120.067940][ T5115] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 120.085939][ T5115] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 120.097379][ T5115] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 120.107114][ T5115] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 120.115373][ T5115] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 120.123016][ T5115] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 120.201750][ T5972] loop4: detected capacity change from 0 to 256 [ 120.210965][ T5972] FAT-fs (loop4): bogus logical sector size 8 [ 120.217676][ T5972] FAT-fs (loop4): Can't find a valid FAT filesystem [ 120.239473][ T5888] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 120.281157][ T5888] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 120.363306][ T5888] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 120.457227][ T5115] Bluetooth: hci5: command tx timeout [ 120.465619][ T5888] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 121.054257][ T2819] bridge_slave_1: left allmulticast mode [ 121.472139][ T29] audit: type=1800 audit(1718296453.574:243): pid=5977 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor.4" name="/" dev="fuse" ino=1 res=0 errno=0 [ 121.517659][ T2819] bridge_slave_1: left promiscuous mode [ 121.549153][ T2819] bridge0: port 2(bridge_slave_1) entered disabled state [ 121.633823][ T2819] bridge_slave_0: left allmulticast mode [ 121.649285][ T2819] bridge_slave_0: left promiscuous mode [ 121.658536][ T2819] bridge0: port 1(bridge_slave_0) entered disabled state [ 122.164955][ T5996] syz-executor.1 uses obsolete (PF_INET,SOCK_PACKET) [ 122.197199][ T5115] Bluetooth: hci0: command tx timeout [ 122.217070][ T5997] delete_channel: no stack [ 122.452186][ T2819] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 122.479677][ T2819] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 122.513227][ T2819] bond0 (unregistering): Released all slaves [ 122.517275][ T5115] Bluetooth: hci5: command tx timeout [ 122.635180][ T5996] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 122.693319][ T6003] loop2: detected capacity change from 0 to 256 [ 123.914830][ T5888] 8021q: adding VLAN 0 to HW filter on device bond0 [ 124.289627][ T5115] Bluetooth: hci0: command tx timeout [ 124.391364][ T5888] 8021q: adding VLAN 0 to HW filter on device team0 [ 124.521625][ T2819] hsr_slave_0: left promiscuous mode [ 124.533990][ T2819] hsr_slave_1: left promiscuous mode [ 124.545541][ T2819] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 124.555157][ T2819] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 124.567249][ T2819] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 124.574995][ T2819] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 124.597374][ T5115] Bluetooth: hci5: command tx timeout [ 124.615072][ T2819] veth1_macvtap: left promiscuous mode [ 124.621389][ T2819] veth0_macvtap: left promiscuous mode [ 124.629835][ T2819] veth1_vlan: left promiscuous mode [ 124.636903][ T2819] veth0_vlan: left promiscuous mode [ 125.262421][ T6025] loop4: detected capacity change from 0 to 128 [ 125.279147][ T6025] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 125.293986][ T6025] ext4 filesystem being mounted at /root/syzkaller-testdir702275069/syzkaller.Gn4tSq/64/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 126.362056][ T5115] Bluetooth: hci0: command tx timeout [ 126.621804][ T2819] team0 (unregistering): Port device team_slave_1 removed [ 126.708605][ T5106] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 126.726879][ T6039] loop2: detected capacity change from 0 to 1024 [ 126.736547][ T2819] team0 (unregistering): Port device team_slave_0 removed [ 126.744016][ T6039] EXT4-fs: Ignoring removed nomblk_io_submit option [ 126.782513][ T6039] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a042c018, mo2=0002] [ 126.791329][ T6039] System zones: 0-1, 3-12 [ 126.797687][ T6039] EXT4-fs (loop2): mounted filesystem 00000000-0500-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 126.928481][ T6043] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 126.962936][ T5111] EXT4-fs (loop2): unmounting filesystem 00000000-0500-0000-0000-000000000000. [ 127.369246][ T6054] loop2: detected capacity change from 0 to 256 [ 127.458830][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 127.465993][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 127.599145][ T2527] bridge0: port 2(bridge_slave_1) entered blocking state [ 127.606401][ T2527] bridge0: port 2(bridge_slave_1) entered forwarding state [ 127.633710][ T5969] chnl_net:caif_netlink_parms(): no params data found [ 128.176466][ T5969] bridge0: port 1(bridge_slave_0) entered blocking state [ 128.194259][ T5969] bridge0: port 1(bridge_slave_0) entered disabled state [ 128.213650][ T5969] bridge_slave_0: entered allmulticast mode [ 128.232522][ T5969] bridge_slave_0: entered promiscuous mode [ 128.287720][ T5969] bridge0: port 2(bridge_slave_1) entered blocking state [ 128.294907][ T5969] bridge0: port 2(bridge_slave_1) entered disabled state [ 128.335650][ T5969] bridge_slave_1: entered allmulticast mode [ 128.343586][ T5969] bridge_slave_1: entered promiscuous mode [ 128.438687][ T5115] Bluetooth: hci0: command tx timeout [ 128.445659][ T6070] vlan2: entered promiscuous mode [ 128.464772][ T6070] dummy0: entered promiscuous mode [ 128.513230][ T6070] team0: Port device vlan2 added [ 128.585187][ T5969] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 128.671691][ T5969] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 128.853278][ T5969] team0: Port device team_slave_0 added [ 128.883429][ T5969] team0: Port device team_slave_1 added [ 129.073240][ T5969] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 129.095865][ T5969] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 129.116066][ T6086] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 129.141463][ T5969] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 129.177403][ T6088] loop2: detected capacity change from 0 to 2048 [ 129.179224][ T5969] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 129.201122][ T5969] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 129.236651][ T5969] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 129.249782][ T6088] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 129.278477][ T6088] EXT4-fs (loop2): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 129.340349][ T6088] [EXT4 FS bs=2048, gc=1, bpg=262144, ipg=32, mo=a002e01c, mo2=0002] [ 129.360190][ T6088] System zones: 0-19 [ 129.381342][ T6088] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 129.448771][ T6094] loop1: detected capacity change from 0 to 256 [ 129.481189][ T5969] hsr_slave_0: entered promiscuous mode [ 129.495738][ T5969] hsr_slave_1: entered promiscuous mode [ 129.506759][ T5969] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 129.526615][ T5969] Cannot create hsr debugfs directory [ 129.580742][ T5111] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 129.615689][ T5888] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 129.623763][ T6094] syz-executor.1: attempt to access beyond end of device [ 129.623763][ T6094] loop1: rw=2049, sector=256, nr_sectors = 128 limit=256 [ 129.954372][ T29] audit: type=1800 audit(1718296462.054:244): pid=6105 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.4" name="file0" dev="sda1" ino=1952 res=0 errno=0 [ 129.999817][ T5888] veth0_vlan: entered promiscuous mode [ 130.053353][ T6107] input: syz0 as /devices/virtual/input/input5 [ 130.106109][ T5888] veth1_vlan: entered promiscuous mode [ 130.269789][ T6112] loop1: detected capacity change from 0 to 128 [ 130.316152][ T6112] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 130.365440][ T5888] veth0_macvtap: entered promiscuous mode [ 130.382908][ T6112] ext4 filesystem being mounted at /root/syzkaller-testdir973381039/syzkaller.ViHP5r/81/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 130.444076][ T5888] veth1_macvtap: entered promiscuous mode [ 130.510313][ T6100] loop2: detected capacity change from 0 to 40427 [ 130.540341][ T6115] overlay: ./file0 is not a directory [ 130.548389][ T5888] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 130.565530][ T6100] F2FS-fs (loop2): Found nat_bits in checkpoint [ 130.566778][ T5888] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 130.595474][ T5888] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 130.606881][ T5888] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 130.617654][ T5888] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 130.628321][ T5888] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 130.642266][ T5888] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 130.660751][ T5888] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 130.696027][ T5888] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 130.745520][ T6100] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 130.749951][ T5888] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 130.773152][ T5888] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 130.799804][ T5888] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 130.817136][ T5888] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 130.827358][ T5888] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 130.842714][ T5888] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 130.856264][ T5888] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 130.867181][ T5888] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 130.880364][ T5888] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 130.907423][ T5888] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 130.916383][ T5888] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 130.926584][ T5888] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 130.937007][ T5888] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 131.335220][ T5103] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 131.358183][ T5969] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 131.388486][ T64] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 131.402543][ T64] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 131.423184][ T5969] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 131.457526][ T5969] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 131.473577][ T5969] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 131.490522][ T51] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 131.520314][ T51] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 131.775313][ T5969] 8021q: adding VLAN 0 to HW filter on device bond0 [ 131.839020][ T5969] 8021q: adding VLAN 0 to HW filter on device team0 [ 131.872034][ T25] bridge0: port 1(bridge_slave_0) entered blocking state [ 131.879286][ T25] bridge0: port 1(bridge_slave_0) entered forwarding state [ 131.906865][ T2527] bridge0: port 2(bridge_slave_1) entered blocking state [ 131.914135][ T2527] bridge0: port 2(bridge_slave_1) entered forwarding state [ 131.921997][ T5158] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 132.134810][ T5158] usb 5-1: New USB device found, idVendor=0c4b, idProduct=0100, bcdDevice=eb.74 [ 132.154560][ T5158] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 132.180804][ T5158] usb 5-1: Product: syz [ 132.190932][ T5158] usb 5-1: Manufacturer: syz [ 132.201913][ T5158] usb 5-1: SerialNumber: syz [ 132.218207][ T5158] usb 5-1: config 0 descriptor?? [ 132.225872][ T5158] cyberjack 5-1:0.0: required endpoints missing [ 132.501635][ T6133] loop1: detected capacity change from 0 to 32768 [ 132.516645][ T5158] usb 5-1: USB disconnect, device number 3 [ 132.540048][ T6133] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor.1 (6133) [ 132.566747][ T6133] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 132.577551][ T6133] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 132.594807][ T6133] BTRFS info (device loop1): using free-space-tree [ 132.633261][ T5969] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 132.806447][ T5969] veth0_vlan: entered promiscuous mode [ 132.872069][ T5969] veth1_vlan: entered promiscuous mode [ 132.992978][ T5969] veth0_macvtap: entered promiscuous mode [ 133.019407][ T5969] veth1_macvtap: entered promiscuous mode [ 133.048680][ T5969] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 133.060131][ T5969] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 133.088589][ T1248] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.095882][ T1248] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.152213][ T5969] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 133.161002][ T6133] BTRFS info (device loop1): setting incompat feature flag for SIMPLE_QUOTA (0x10000) [ 133.198345][ T5969] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 133.225893][ T5969] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 133.231641][ T6170] loop4: detected capacity change from 0 to 256 [ 133.251378][ T5969] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 133.266707][ T5969] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 133.291574][ T5969] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 133.321986][ T5969] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 133.336652][ T5969] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 133.337919][ T6170] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 133.362309][ T5969] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 133.386865][ T5969] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 133.405200][ T6170] FAT-fs (loop4): Filesystem has been set read-only [ 133.410231][ T5969] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 133.423809][ T6170] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 133.445884][ T5969] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 133.459282][ T6170] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 133.468488][ T5969] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 133.482477][ T5969] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 133.505890][ T5969] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 133.527256][ T29] audit: type=1800 audit(1718296465.624:245): pid=6170 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor.4" name="file1" dev="loop4" ino=1048609 res=0 errno=0 [ 133.528596][ T5969] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 133.591879][ T5969] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 133.659712][ T5103] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 133.670226][ T5969] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 133.681068][ T5969] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 133.693802][ T5969] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 133.699721][ T6184] loop2: detected capacity change from 0 to 64 [ 133.730933][ T6184] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 133.753348][ T5969] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 133.775556][ T5969] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 133.783362][ T6184] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 133.802821][ T5969] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 133.834285][ T5969] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 133.844839][ T6184] CIFS: Unable to determine destination address [ 134.272034][ T64] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 134.297079][ T64] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 134.409921][ T51] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 134.437402][ T51] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 134.625497][ T6209] xt_bpf: check failed: parse error [ 134.645704][ T6200] overlay: ./file0 is not a directory [ 134.649883][ T6207] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 135.305312][ T6236] loop3: detected capacity change from 0 to 512 [ 135.344322][ T6236] EXT4-fs: Ignoring removed bh option [ 135.360767][ T6236] EXT4-fs: Ignoring removed nobh option [ 135.383833][ T6236] EXT4-fs (loop3): can't mount with both data=journal and delalloc [ 135.501957][ T6241] program syz-executor.4 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 135.812591][ T6236] fuse: Unknown parameter 'dont_measure' [ 135.813711][ T6257] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.0'. [ 137.005371][ T6276] input: syz0 as /devices/virtual/input/input6 [ 137.201528][ T6278] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 137.302371][ T6282] program syz-executor.1 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 137.304747][ T6259] loop2: detected capacity change from 0 to 32768 [ 137.352236][ T6259] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor.2 (6259) [ 137.385148][ T6280] loop3: detected capacity change from 0 to 2048 [ 137.413092][ T6259] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 137.432520][ T6259] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 137.460518][ T6259] BTRFS info (device loop2): using free-space-tree [ 137.483385][ T6280] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 137.530771][ T6280] EXT4-fs (loop3): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 137.593430][ T6280] [EXT4 FS bs=2048, gc=1, bpg=262144, ipg=32, mo=a002e01c, mo2=0002] [ 137.604012][ T6280] System zones: 0-19 [ 137.698002][ T6280] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 137.801596][ T6259] BTRFS info (device loop2): setting incompat feature flag for SIMPLE_QUOTA (0x10000) [ 137.951804][ T5969] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 138.292114][ T29] audit: type=1326 audit(1718296470.394:246): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6269 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc33f67cea9 code=0x7ffc0000 [ 138.367063][ T29] audit: type=1326 audit(1718296470.394:247): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6269 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc33f67cea9 code=0x7ffc0000 [ 138.448559][ T29] audit: type=1326 audit(1718296470.394:248): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6269 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc33f67cea9 code=0x7ffc0000 [ 138.573188][ T29] audit: type=1326 audit(1718296470.394:249): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6269 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc33f67cea9 code=0x7ffc0000 [ 138.657866][ T29] audit: type=1326 audit(1718296470.394:250): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6269 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc33f67cea9 code=0x7ffc0000 [ 138.712615][ T29] audit: type=1326 audit(1718296470.414:251): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6269 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc33f67cea9 code=0x7ffc0000 [ 138.736232][ T6310] vlan2: entered promiscuous mode [ 138.739381][ T29] audit: type=1326 audit(1718296470.414:252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6269 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fc33f67a627 code=0x7ffc0000 [ 138.767744][ T6310] dummy0: entered promiscuous mode [ 138.782728][ T5111] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 138.813739][ T29] audit: type=1326 audit(1718296470.414:253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6269 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fc33f640309 code=0x7ffc0000 [ 138.832028][ T6310] team0: Port device vlan2 added [ 138.875691][ T29] audit: type=1326 audit(1718296470.454:254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6269 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=217 compat=0 ip=0x7fc33f67cea9 code=0x7ffc0000 [ 138.936770][ T6316] capability: warning: `syz-executor.3' uses deprecated v2 capabilities in a way that may be insecure [ 138.968369][ T29] audit: type=1326 audit(1718296470.454:255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6269 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fc33f67a627 code=0x7ffc0000 [ 138.973222][ T6297] loop1: detected capacity change from 0 to 32768 [ 139.052455][ T6297] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor.1 (6297) [ 139.400885][ T6297] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 139.445416][ T6297] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 139.472902][ T6297] BTRFS info (device loop1): using free-space-tree [ 139.965138][ T6352] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 140.014893][ T2527] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 140.903200][ T6297] BTRFS error (device loop1): open_ctree failed [ 140.947562][ T2527] usb 1-1: Using ep0 maxpacket: 16 [ 140.957705][ T2527] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 140.988549][ T2527] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 141.033428][ T2527] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 141.057994][ T2527] usb 1-1: New USB device found, idVendor=17ef, idProduct=6062, bcdDevice= 0.00 [ 141.085866][ T2527] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 141.126639][ T2527] usb 1-1: config 0 descriptor?? [ 141.509655][ T6376] cifs: Bad value for 'source' [ 141.591454][ T2527] lenovo 0003:17EF:6062.0001: unknown main item tag 0x0 [ 141.625552][ T2527] lenovo 0003:17EF:6062.0001: hidraw0: USB HID v0.00 Device [HID 17ef:6062] on usb-dummy_hcd.0-1/input0 [ 141.653467][ T6380] loop1: detected capacity change from 0 to 1024 [ 141.698946][ T6380] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 141.714686][ T6382] loop4: detected capacity change from 0 to 1024 [ 141.722933][ T6382] EXT4-fs: Ignoring removed orlov option [ 141.728894][ T6382] EXT4-fs: Ignoring removed nomblk_io_submit option [ 141.767461][ T5160] usb 1-1: USB disconnect, device number 2 [ 141.814794][ T6382] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 141.956881][ T5103] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 142.256559][ T6398] loop2: detected capacity change from 0 to 1024 [ 142.263447][ T5158] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 142.549838][ T5158] usb 5-1: Using ep0 maxpacket: 32 [ 142.570916][ T5158] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 142.581387][ T6411] x_tables: ip6_tables: rpfilter match: used from hooks POSTROUTING, but only valid from PREROUTING [ 142.602136][ T5158] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 142.636891][ T5158] usb 5-1: New USB device found, idVendor=0421, idProduct=00a0, bcdDevice=c8.e1 [ 142.656735][ T5158] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 142.684515][ T5158] usb 5-1: config 0 descriptor?? [ 142.697140][ T5158] usb 5-1: bad CDC descriptors [ 143.827238][ T6455] x_tables: ip6_tables: rpfilter match: used from hooks POSTROUTING, but only valid from PREROUTING [ 143.892407][ T6449] loop1: detected capacity change from 0 to 4096 [ 144.221769][ T6462] netlink: 'syz-executor.3': attribute type 2 has an invalid length. [ 144.853588][ T5158] usb 5-1: USB disconnect, device number 4 [ 144.978916][ T5106] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 145.117113][ T5160] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 145.317097][ T5160] usb 1-1: Using ep0 maxpacket: 16 [ 145.348139][ T5160] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 145.371302][ T6481] loop3: detected capacity change from 0 to 256 [ 145.387929][ T5160] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 145.427163][ T5160] usb 1-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.40 [ 145.452855][ T5160] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 145.476380][ T6481] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x1aabf3fb, utbl_chksum : 0xe619d30d) [ 145.533373][ T6485] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 145.547294][ T5160] usb 1-1: config 0 descriptor?? [ 145.564305][ T6476] loop1: detected capacity change from 0 to 8192 [ 145.970916][ T5160] cp2112 0003:10C4:EA90.0002: unknown main item tag 0x0 [ 146.000221][ T5160] cp2112 0003:10C4:EA90.0002: unknown main item tag 0x0 [ 146.019435][ T5160] cp2112 0003:10C4:EA90.0002: unknown main item tag 0x0 [ 146.029586][ T5160] cp2112 0003:10C4:EA90.0002: unknown main item tag 0x0 [ 146.036625][ T5160] cp2112 0003:10C4:EA90.0002: unknown main item tag 0x0 [ 146.060058][ T6492] loop4: detected capacity change from 0 to 2048 [ 146.071171][ T5160] cp2112 0003:10C4:EA90.0002: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.0-1/input0 [ 146.120999][ T6492] UDF-fs: error (device loop4): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 146.204884][ T6492] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 146.230004][ T5160] cp2112 0003:10C4:EA90.0002: Part Number: 0x00 Device Version: 0x00 [ 146.446507][ T29] kauditd_printk_skb: 2 callbacks suppressed [ 146.446527][ T29] audit: type=1804 audit(1718296478.544:258): pid=6492 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir702275069/syzkaller.Gn4tSq/100/file0/bus" dev="loop4" ino=1367 res=1 errno=0 [ 146.535757][ T6504] netlink: 260 bytes leftover after parsing attributes in process `syz-executor.2'. [ 146.583355][ T6506] loop3: detected capacity change from 0 to 4096 [ 146.668710][ T29] audit: type=1800 audit(1718296478.594:259): pid=6492 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="loop4" ino=1367 res=0 errno=0 [ 146.690850][ T6507] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 146.703974][ T6504] netlink: 56 bytes leftover after parsing attributes in process `syz-executor.2'. [ 146.761475][ T29] audit: type=1804 audit(1718296478.594:260): pid=6492 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir702275069/syzkaller.Gn4tSq/100/file0/bus" dev="loop4" ino=1367 res=1 errno=0 [ 147.125913][ T5160] cp2112 0003:10C4:EA90.0002: error reading lock byte: -71 [ 147.225862][ T29] audit: type=1800 audit(1718296478.594:261): pid=6492 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="loop4" ino=1367 res=0 errno=0 [ 147.268149][ T5160] usb 1-1: USB disconnect, device number 3 [ 147.309197][ T6513] x_tables: ip6_tables: rpfilter match: used from hooks POSTROUTING, but only valid from PREROUTING [ 147.511122][ T6521] devtmpfs: Too few inodes for current use [ 147.929040][ T29] audit: type=1804 audit(1718296479.724:262): pid=6522 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir973381039/syzkaller.ViHP5r/102/bus" dev="sda1" ino=1963 res=1 errno=0 [ 150.519421][ T6524] sched: RT throttling activated [ 150.994172][ T6538] loop4: detected capacity change from 0 to 2048 [ 151.061220][ T6531] loop3: detected capacity change from 0 to 8192 [ 151.075602][ T6538] UDF-fs: error (device loop4): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 151.085568][ T6539] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 151.121676][ T6538] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 151.246841][ T29] audit: type=1804 audit(1718296483.344:263): pid=6538 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir702275069/syzkaller.Gn4tSq/104/file0/bus" dev="loop4" ino=1367 res=1 errno=0 [ 151.338639][ T29] audit: type=1800 audit(1718296483.384:264): pid=6538 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="loop4" ino=1367 res=0 errno=0 [ 151.399737][ T29] audit: type=1804 audit(1718296483.434:265): pid=6544 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir702275069/syzkaller.Gn4tSq/104/file0/bus" dev="loop4" ino=1367 res=1 errno=0 [ 151.489762][ T29] audit: type=1800 audit(1718296483.434:266): pid=6544 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="loop4" ino=1367 res=0 errno=0 [ 151.808968][ T6554] devtmpfs: Too few inodes for current use [ 151.941085][ T6558] vivid-002: disconnect [ 151.966239][ T6557] vivid-002: reconnect [ 152.035925][ T6563] xt_HMARK: spi-set and port-set can't be combined [ 152.199626][ T29] audit: type=1804 audit(1718296484.294:267): pid=6567 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir702275069/syzkaller.Gn4tSq/105/bus" dev="sda1" ino=1945 res=1 errno=0 [ 153.620135][ T6593] devtmpfs: Too few inodes for current use [ 153.804885][ T6597] vivid-002: disconnect [ 153.832511][ T6596] vivid-002: reconnect [ 154.158359][ T6619] loop3: detected capacity change from 0 to 256 [ 154.859057][ T6632] netlink: 'syz-executor.4': attribute type 2 has an invalid length. [ 155.493694][ T6635] vivid-004: disconnect [ 155.512562][ T6633] vivid-004: reconnect [ 155.542592][ T6636] netlink: 124 bytes leftover after parsing attributes in process `syz-executor.0'. [ 155.667413][ T6640] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 155.874797][ T6650] xt_addrtype: both incoming and outgoing interface limitation cannot be selected [ 155.925609][ T6647] loop1: detected capacity change from 0 to 1024 [ 156.008122][ T6647] hfsplus: bad catalog entry type [ 156.017744][ T6647] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 156.052676][ T6647] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 156.090609][ T6647] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 156.216416][ T6639] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 156.781110][ T6672] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.2'. [ 156.803193][ T6672] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.2'. [ 156.834468][ T6672] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.2'. [ 156.836097][ T6674] netlink: 124 bytes leftover after parsing attributes in process `syz-executor.1'. [ 156.900197][ T6676] loop3: detected capacity change from 0 to 512 [ 156.911939][ T6676] EXT4-fs: Ignoring removed oldalloc option [ 156.935619][ T6676] EXT4-fs (loop3): fragment/cluster size (4096) != block size (1024) [ 157.031741][ T6678] bridge0: port 2(bridge_slave_1) entered disabled state [ 157.043211][ T6678] bridge0: port 1(bridge_slave_0) entered disabled state [ 158.821942][ T6717] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3674286185 (3674286185 ns) > initial count (3039597216 ns). Using initial count to start timer. [ 158.866052][ T6717] loop2: detected capacity change from 0 to 128 [ 158.887274][ T29] audit: type=1800 audit(1718296490.984:268): pid=6721 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=1969 res=0 errno=0 [ 158.916450][ T6717] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256 [ 158.936504][ T29] audit: type=1800 audit(1718296491.034:269): pid=6721 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=1969 res=0 errno=0 [ 158.961174][ T6717] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 159.256564][ T6725] loop2: detected capacity change from 0 to 8 [ 159.288861][ T6725] MTD: Attempt to mount non-MTD device "/dev/loop2" [ 159.316057][ T6718] loop1: detected capacity change from 0 to 32768 [ 159.336541][ T5115] block nbd0: Unexpected reply (0) 0000000000000000 [ 159.358109][ T5115] block nbd0: Receive control failed (result -32) [ 159.368428][ T6718] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor.1 (6718) [ 159.396653][ T6718] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 159.407523][ T6718] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm [ 159.417561][ T6718] BTRFS info (device loop1): using free-space-tree [ 159.438036][ T6726] block nbd0: shutting down sockets [ 159.621400][ T29] audit: type=1800 audit(1718296491.724:270): pid=6718 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="loop1" ino=263 res=0 errno=0 [ 159.706903][ T6756] bridge0: port 2(bridge_slave_1) entered disabled state [ 159.714813][ T6756] bridge0: port 1(bridge_slave_0) entered disabled state [ 159.802675][ T5103] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 160.298060][ T6773] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 160.576791][ T6779] block nbd4: shutting down sockets [ 160.791679][ T6782] loop1: detected capacity change from 0 to 4096 [ 160.881273][ T6787] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 160.945294][ T6768] loop2: detected capacity change from 0 to 32768 [ 160.978931][ T6768] XFS: ikeep mount option is deprecated. [ 160.998710][ T6768] XFS: ikeep mount option is deprecated. [ 161.085031][ T6768] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 161.345017][ T6811] netlink: 'syz-executor.3': attribute type 29 has an invalid length. [ 161.365806][ T6814] loop4: detected capacity change from 0 to 512 [ 161.404165][ T6814] EXT4-fs error (device loop4): ext4_orphan_get:1420: comm syz-executor.4: bad orphan inode 17 [ 161.420265][ T6811] netlink: 'syz-executor.3': attribute type 29 has an invalid length. [ 161.432745][ T6768] XFS (loop2): Ending clean mount [ 161.452489][ T6814] ext4_test_bit(bit=16, block=4) = 1 [ 161.455191][ T6817] netlink: 'syz-executor.3': attribute type 29 has an invalid length. [ 161.458066][ T6814] is_bad_inode(inode)=0 [ 161.473517][ T6814] NEXT_ORPHAN(inode)=0 [ 161.478034][ T6814] max_ino=32 [ 161.481270][ T6814] i_nlink=1 [ 161.497894][ T6814] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 161.501840][ T6768] XFS (loop2): Quotacheck needed: Please wait. [ 161.512484][ T6820] netlink: 'syz-executor.3': attribute type 29 has an invalid length. [ 161.525059][ T6811] netlink: 'syz-executor.3': attribute type 29 has an invalid length. [ 161.631926][ T6824] loop3: detected capacity change from 0 to 128 [ 161.635447][ T6768] XFS (loop2): Quotacheck: Done. [ 161.657342][ T5106] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 161.742656][ T6824] VFS: Found a Xenix FS (block size = 512) on device loop3 [ 161.761795][ T5121] block nbd1: Unexpected reply (0) 0000000000000000 [ 161.776145][ T5115] block nbd1: Receive control failed (result -32) [ 161.786840][ T6822] block nbd1: shutting down sockets [ 161.792030][ T6824] sysv_free_block: trying to free block not in datazone [ 162.052136][ T5969] sysv_free_inode: inode 0,1,2 or nonexistent inode [ 162.377643][ T5111] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 162.798205][ T6853] block nbd4: shutting down sockets [ 162.884978][ T29] audit: type=1800 audit(1718296494.984:271): pid=6858 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.0" name="memory.events" dev="sda1" ino=1944 res=0 errno=0 [ 162.922375][ T6860] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 162.925882][ T29] audit: type=1804 audit(1718296495.014:272): pid=6858 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir190971717/syzkaller.YyiqAY/52/memory.events" dev="sda1" ino=1944 res=1 errno=0 [ 162.961535][ T6860] __nla_validate_parse: 1 callbacks suppressed [ 162.961557][ T6860] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 163.635838][ T6893] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 163.661079][ T6895] block nbd4: shutting down sockets [ 163.726248][ T6893] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. [ 163.887709][ T6904] loop4: detected capacity change from 0 to 4096 [ 163.908208][ T6905] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 164.435628][ T6919] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 165.033509][ T6938] loop1: detected capacity change from 0 to 4096 [ 165.065655][ T6941] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 165.587834][ T6945] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3674286185 (3674286185 ns) > initial count (3039597216 ns). Using initial count to start timer. [ 165.594703][ T6917] loop3: detected capacity change from 0 to 32768 [ 165.632497][ T6950] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 165.645771][ T6945] loop4: detected capacity change from 0 to 128 [ 165.665595][ T6917] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor.3 (6917) [ 165.680448][ T6945] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256 [ 165.706296][ T6917] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 165.738214][ T6917] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 165.767985][ T6945] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 165.777093][ T6917] BTRFS info (device loop3): using free-space-tree [ 165.920854][ T5969] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 168.248785][ T7001] loop1: detected capacity change from 0 to 32768 [ 168.259351][ T7001] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor.1 (7001) [ 168.283483][ T7001] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 168.294264][ T7001] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm [ 168.303174][ T7001] BTRFS info (device loop1): using free-space-tree [ 168.557573][ T5103] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 169.655769][ T29] audit: type=1804 audit(1718296501.754:273): pid=7038 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir973381039/syzkaller.ViHP5r/146/bus" dev="sda1" ino=1968 res=1 errno=0 [ 169.681569][ T29] audit: type=1804 audit(1718296501.784:274): pid=7038 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir973381039/syzkaller.ViHP5r/146/bus" dev="sda1" ino=1968 res=1 errno=0 [ 169.706417][ T29] audit: type=1804 audit(1718296501.804:275): pid=7038 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir973381039/syzkaller.ViHP5r/146/bus" dev="sda1" ino=1968 res=1 errno=0 [ 169.732666][ T29] audit: type=1804 audit(1718296501.834:276): pid=7038 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir973381039/syzkaller.ViHP5r/146/bus" dev="sda1" ino=1968 res=1 errno=0 [ 169.815904][ T29] audit: type=1804 audit(1718296501.914:277): pid=7039 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir973381039/syzkaller.ViHP5r/146/bus" dev="sda1" ino=1968 res=1 errno=0 [ 171.051340][ T7042] loop2: detected capacity change from 0 to 32768 [ 171.250023][ T7042] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor.2 (7042) [ 171.324944][ T7042] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 171.340615][ T7068] loop4: detected capacity change from 0 to 256 [ 171.382790][ T7042] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 171.414293][ T7070] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 171.424160][ T7042] BTRFS info (device loop2): using free-space-tree [ 171.447891][ T29] audit: type=1800 audit(1718296503.544:278): pid=7068 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.4" name="file1" dev="loop4" ino=1048614 res=0 errno=0 [ 171.665044][ T29] audit: type=1804 audit(1718296503.764:279): pid=7091 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir973381039/syzkaller.ViHP5r/149/bus" dev="sda1" ino=1960 res=1 errno=0 [ 171.748197][ T29] audit: type=1804 audit(1718296503.844:280): pid=7094 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir973381039/syzkaller.ViHP5r/149/bus" dev="sda1" ino=1960 res=1 errno=0 [ 171.807766][ T29] audit: type=1804 audit(1718296503.844:281): pid=7091 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir973381039/syzkaller.ViHP5r/149/bus" dev="sda1" ino=1960 res=1 errno=0 [ 171.852785][ T29] audit: type=1804 audit(1718296503.844:282): pid=7091 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir973381039/syzkaller.ViHP5r/149/bus" dev="sda1" ino=1960 res=1 errno=0 [ 171.887760][ T5111] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 172.759507][ T7109] loop2: detected capacity change from 0 to 256 [ 173.049178][ T5121] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 173.064020][ T5121] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 173.077551][ T5121] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 173.107269][ T5121] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 173.124145][ T5121] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 173.140499][ T5121] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 173.417678][ T7105] loop1: detected capacity change from 0 to 32768 [ 173.807590][ T7113] chnl_net:caif_netlink_parms(): no params data found [ 173.938760][ T7119] loop2: detected capacity change from 0 to 32768 [ 173.963493][ T7130] loop4: detected capacity change from 0 to 4096 [ 174.047891][ T7130] ntfs3: loop4: Failed to load $Extend (-22). [ 174.085293][ T7130] ntfs3: loop4: Failed to initialize $Extend. [ 174.108228][ T7113] bridge0: port 1(bridge_slave_0) entered blocking state [ 174.115397][ T7113] bridge0: port 1(bridge_slave_0) entered disabled state [ 174.146796][ T7119] bcachefs (loop2): mounting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,nocow [ 174.165105][ T7113] bridge_slave_0: entered allmulticast mode [ 174.173033][ T7113] bridge_slave_0: entered promiscuous mode [ 174.189008][ T7113] bridge0: port 2(bridge_slave_1) entered blocking state [ 174.207833][ T7113] bridge0: port 2(bridge_slave_1) entered disabled state [ 174.215119][ T7113] bridge_slave_1: entered allmulticast mode [ 174.232336][ T7119] bcachefs (loop2): recovering from clean shutdown, journal seq 10 [ 174.238818][ T7113] bridge_slave_1: entered promiscuous mode [ 174.335387][ T7113] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 174.350679][ T7119] bcachefs (loop2): alloc_read... done [ 174.356255][ T7119] bcachefs (loop2): stripes_read... done [ 174.402793][ T7113] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 174.412054][ T7119] bcachefs (loop2): snapshots_read... done [ 174.421146][ T7119] bcachefs (loop2): journal_replay... done [ 174.447091][ T7119] bcachefs (loop2): resume_logged_ops... done [ 174.453325][ T7119] bcachefs (loop2): going read-write [ 174.507415][ T7119] bcachefs (loop2): done starting filesystem [ 174.545858][ T7113] team0: Port device team_slave_0 added [ 174.599899][ T7113] team0: Port device team_slave_1 added [ 174.631426][ T7147] loop3: detected capacity change from 0 to 8192 [ 174.700203][ T5111] bcachefs (loop2): shutting down [ 174.705290][ T5111] bcachefs (loop2): going read-only [ 174.724471][ T5111] bcachefs (loop2): finished waiting for writes to stop [ 174.785431][ T5111] bcachefs (loop2): flushing journal and stopping allocators, journal seq 12 [ 174.825646][ T5111] bcachefs (loop2): flushing journal and stopping allocators complete, journal seq 13 [ 174.873937][ T5111] bcachefs (loop2): shutdown complete, journal seq 14 [ 174.898583][ T5111] bcachefs (loop2): marking filesystem clean [ 174.929979][ T7142] loop1: detected capacity change from 0 to 32768 [ 174.940139][ T7142] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor.1 (7142) [ 174.969792][ T7142] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 174.997175][ T7142] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 175.006192][ T7142] BTRFS info (device loop1): using free-space-tree [ 175.023028][ T5111] bcachefs (loop2): shutdown complete [ 175.238008][ T5115] Bluetooth: hci5: command tx timeout [ 175.264759][ T7142] BTRFS info (device loop1): rebuilding free space tree [ 175.921311][ T5103] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 176.815854][ T7185] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 177.014556][ T29] kauditd_printk_skb: 1 callbacks suppressed [ 177.014577][ T29] audit: type=1804 audit(1718296509.114:284): pid=7188 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir973381039/syzkaller.ViHP5r/156/bus" dev="sda1" ino=1961 res=1 errno=0 [ 177.327083][ T5115] Bluetooth: hci5: command tx timeout [ 177.868466][ T7190] loop1: detected capacity change from 0 to 512 [ 177.896080][ T7190] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 177.936553][ T7190] EXT4-fs (loop1): 1 truncate cleaned up [ 177.954002][ T7190] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 177.998866][ T29] audit: type=1800 audit(1718296510.104:285): pid=7190 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="loop1" ino=18 res=0 errno=0 [ 178.121075][ T5103] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 178.924418][ T7113] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 178.931811][ T7113] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 178.958051][ T7113] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 178.976013][ T7168] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 179.022218][ T7113] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 179.045433][ T7113] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 179.087435][ T7113] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 179.143218][ T7204] loop2: detected capacity change from 0 to 256 [ 179.185081][ T7204] exFAT-fs (loop2): failed to load upcase table (idx : 0x00011eee, chksum : 0x5374553f, utbl_chksum : 0xe619d30d) [ 179.267175][ T7113] hsr_slave_0: entered promiscuous mode [ 179.290348][ T7113] hsr_slave_1: entered promiscuous mode [ 179.303247][ T7210] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 179.316365][ T7113] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 179.331263][ T7113] Cannot create hsr debugfs directory [ 179.404940][ T7214] loop1: detected capacity change from 0 to 128 [ 179.437302][ T7214] ADFS-fs (loop1): error: can't find an ADFS filesystem on dev loop1. [ 179.697402][ T7219] loop4: detected capacity change from 0 to 8192 [ 179.717056][ T5115] Bluetooth: hci5: command tx timeout [ 179.810791][ T29] audit: type=1326 audit(1718296511.914:286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7228 comm="syz-executor.1" exe="/root/syz-executor.1" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f07b3a7cea9 code=0x0 [ 179.946105][ T7232] loop1: detected capacity change from 0 to 2048 [ 179.946196][ T7113] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 180.026123][ T7232] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 180.234403][ T7113] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 180.405348][ T7113] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 180.701775][ T5103] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 180.948594][ T5103] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 181.125490][ T7269] netlink: 'syz-executor.4': attribute type 6 has an invalid length. [ 181.794164][ T7113] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 181.801388][ T5115] Bluetooth: hci5: command tx timeout [ 181.872183][ T7113] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 181.904874][ T7113] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 181.949704][ T7113] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 182.013562][ T7279] loop1: detected capacity change from 0 to 128 [ 182.176850][ T7286] loop4: detected capacity change from 0 to 128 [ 182.223973][ T7286] ADFS-fs (loop4): error: can't find an ADFS filesystem on dev loop4. [ 182.280943][ T7113] 8021q: adding VLAN 0 to HW filter on device bond0 [ 182.343320][ T7292] loop3: detected capacity change from 0 to 256 [ 182.359389][ T7113] 8021q: adding VLAN 0 to HW filter on device team0 [ 182.401389][ T5157] bridge0: port 1(bridge_slave_0) entered blocking state [ 182.408633][ T5157] bridge0: port 1(bridge_slave_0) entered forwarding state [ 182.464063][ T5157] bridge0: port 2(bridge_slave_1) entered blocking state [ 182.471298][ T5157] bridge0: port 2(bridge_slave_1) entered forwarding state [ 182.534247][ T7292] syz-executor.3: attempt to access beyond end of device [ 182.534247][ T7292] loop3: rw=2049, sector=256, nr_sectors = 128 limit=256 [ 182.613649][ T7113] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 183.175841][ T7113] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 183.211229][ T7318] netlink: 'syz-executor.2': attribute type 8 has an invalid length. [ 183.366375][ T7113] veth0_vlan: entered promiscuous mode [ 183.411020][ T7113] veth1_vlan: entered promiscuous mode [ 183.520882][ T7113] veth0_macvtap: entered promiscuous mode [ 183.555524][ T7294] loop4: detected capacity change from 0 to 32768 [ 183.566022][ T7113] veth1_macvtap: entered promiscuous mode [ 183.583611][ T7294] btrfs: Unknown parameter 'fsmagic' [ 183.613945][ T7113] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 183.645305][ T7113] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 183.667865][ T7113] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 183.703310][ T7113] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 183.732978][ T7113] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 183.742587][ T7336] loop2: detected capacity change from 0 to 256 [ 183.753882][ T7113] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 183.772076][ T7113] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 183.795054][ T7113] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 183.812218][ T7113] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 183.838365][ T7113] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 183.842106][ T7336] syz-executor.2: attempt to access beyond end of device [ 183.842106][ T7336] loop2: rw=2049, sector=256, nr_sectors = 128 limit=256 [ 183.864700][ T7113] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 183.907020][ T7113] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 183.930958][ T7113] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 183.956803][ T7113] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 184.008720][ T7113] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 184.037422][ T7113] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 184.067067][ T7113] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 184.087025][ T7113] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 184.105305][ T7113] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 184.127590][ T7113] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 184.147152][ T7113] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 184.168373][ T7113] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 184.187266][ T7113] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 184.220579][ T7113] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 184.241877][ T7113] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 184.267899][ T7113] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 184.308191][ T7113] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 184.320442][ T7113] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 184.347035][ T7113] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 184.356500][ T7113] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 184.476454][ T7351] loop1: detected capacity change from 0 to 64 [ 184.627195][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 184.656171][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 184.791960][ T61] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 184.812444][ T61] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 184.979429][ T7370] loop1: detected capacity change from 0 to 256 [ 185.095240][ T7370] syz-executor.1: attempt to access beyond end of device [ 185.095240][ T7370] loop1: rw=2049, sector=256, nr_sectors = 128 limit=256 [ 185.151529][ T29] audit: type=1804 audit(1718296517.254:287): pid=7379 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir4277941855/syzkaller.iaMyIm/1/file0" dev="sda1" ino=1952 res=1 errno=0 [ 185.352903][ T7386] loop2: detected capacity change from 0 to 128 [ 185.377314][ T7386] ADFS-fs (loop2): error: can't find an ADFS filesystem on dev loop2. [ 185.439161][ T7388] netlink: 64 bytes leftover after parsing attributes in process `syz-executor.1'. [ 185.563181][ T7392] ieee802154 phy0 wpan0: encryption failed: -90 [ 185.630133][ T7392] nfs: Unknown parameter 'sm' [ 185.760064][ T7400] loop3: detected capacity change from 0 to 512 [ 185.799612][ T7400] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 185.857756][ T7400] EXT4-fs (loop3): 1 truncate cleaned up [ 185.868590][ T7400] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 185.925224][ T7407] loop1: detected capacity change from 0 to 256 [ 186.002749][ T29] audit: type=1804 audit(1718296518.064:288): pid=7411 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir702275069/syzkaller.Gn4tSq/160/bus" dev="sda1" ino=1970 res=1 errno=0 [ 186.787431][ T29] audit: type=1800 audit(1718296518.844:289): pid=7400 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="loop3" ino=18 res=0 errno=0 [ 186.901706][ T5969] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 186.917687][ T7407] syz-executor.1: attempt to access beyond end of device [ 186.917687][ T7407] loop1: rw=2049, sector=256, nr_sectors = 128 limit=256 [ 187.006851][ T7418] netlink: 64 bytes leftover after parsing attributes in process `syz-executor.2'. [ 187.117241][ T7419] loop4: detected capacity change from 0 to 2048 [ 187.174592][ T7424] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 187.346089][ T7430] ieee802154 phy0 wpan0: encryption failed: -90 [ 187.353135][ T7424] NILFS (loop4): vblocknr = 23 has abnormal lifetime: start cno (= 4294967298) > current cno (= 3) [ 187.395300][ T7424] NILFS error (device loop4): nilfs_bmap_propagate: broken bmap (inode number=4) [ 187.418736][ T7430] nfs: Unknown parameter 'sm' [ 187.446778][ T7424] Remounting filesystem read-only [ 187.486886][ T7428] NILFS (loop4): mounting fs with errors [ 187.632771][ T7424] NILFS (loop4): vblocknr = 23 has abnormal lifetime: start cno (= 4294967298) > current cno (= 3) [ 187.674728][ T7424] NILFS error (device loop4): nilfs_bmap_propagate: broken bmap (inode number=4) [ 187.702784][ T7424] Remounting filesystem read-only [ 187.737063][ T11] NILFS (loop4): discard dirty page: offset=4096, ino=6 [ 187.754948][ T11] NILFS (loop4): discard dirty block: blocknr=39, size=1024 [ 187.789605][ T11] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 187.807215][ T11] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 187.845912][ T11] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 187.869962][ T11] NILFS (loop4): discard dirty page: offset=0, ino=2 [ 187.876830][ T11] NILFS (loop4): discard dirty block: blocknr=18, size=1024 [ 187.902813][ T11] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 187.920695][ T11] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 187.940840][ T11] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 187.961814][ T11] NILFS (loop4): discard dirty page: offset=0, ino=5 [ 187.969547][ T29] audit: type=1804 audit(1718296520.074:290): pid=7437 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir4277941855/syzkaller.iaMyIm/3/file0" dev="sda1" ino=1969 res=1 errno=0 [ 187.976571][ T11] NILFS (loop4): discard dirty block: blocknr=41, size=1024 [ 188.026237][ T7435] loop3: detected capacity change from 0 to 512 [ 188.034162][ T11] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 188.053839][ T11] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 188.066640][ T7435] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 188.078184][ T11] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 188.094434][ T11] NILFS (loop4): discard dirty page: offset=0, ino=3 [ 188.101546][ T11] NILFS (loop4): discard dirty block: blocknr=42, size=1024 [ 188.111595][ T11] NILFS (loop4): discard dirty block: blocknr=43, size=1024 [ 188.125590][ T11] NILFS (loop4): discard dirty block: blocknr=44, size=1024 [ 188.133344][ T11] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 188.142573][ T11] NILFS (loop4): discard dirty page: offset=196608, ino=3 [ 188.149876][ T11] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 188.159178][ T11] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 188.168731][ T11] NILFS (loop4): discard dirty block: blocknr=49, size=1024 [ 188.176274][ T11] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 188.189608][ T11] NILFS (loop4): discard dirty page: offset=0, ino=4 [ 188.196410][ T11] NILFS (loop4): discard dirty block: blocknr=40, size=1024 [ 188.204421][ T11] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 188.208894][ T7435] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #16: comm syz-executor.3: invalid indirect mapped block 83886080 (level 1) [ 188.213713][ T11] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 188.239530][ T11] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 188.259312][ T7435] EXT4-fs (loop3): Remounting filesystem read-only [ 188.268186][ T5106] NILFS (loop4): disposed unprocessed dirty file(s) when stopping log writer [ 188.291810][ T7435] EXT4-fs (loop3): 1 orphan inode deleted [ 188.311990][ T7435] EXT4-fs (loop3): 1 truncate cleaned up [ 188.317555][ T5106] NILFS (loop4): discard dirty page: offset=0, ino=6 [ 188.333084][ T7435] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 188.351168][ T5106] NILFS (loop4): discard dirty block: blocknr=35, size=1024 [ 188.359052][ T5106] NILFS (loop4): discard dirty block: blocknr=36, size=1024 [ 188.371924][ T7426] loop2: detected capacity change from 0 to 40427 [ 188.379581][ T5106] NILFS (loop4): discard dirty block: blocknr=37, size=1024 [ 188.394580][ T5106] NILFS (loop4): discard dirty block: blocknr=38, size=1024 [ 188.432988][ T7426] F2FS-fs (loop2): Found nat_bits in checkpoint [ 188.512270][ T7422] ext4: Unknown parameter '€' [ 188.597533][ T7426] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 188.712459][ T5969] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 188.945895][ T7464] netlink: 168 bytes leftover after parsing attributes in process `syz-executor.3'. [ 188.946060][ T7457] loop4: detected capacity change from 0 to 8192 [ 188.968015][ T7457] REISERFS warning (device loop4): super-6510 reiserfs_parse_options: journal device was already specified to be ./file0 [ 189.570965][ T7494] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 189.601811][ T7493] 9pnet_fd: Insufficient options for proto=fd [ 189.734850][ T7492] loop2: detected capacity change from 0 to 1764 [ 189.942636][ T29] audit: type=1800 audit(1718296522.044:291): pid=7500 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.0" name="file2" dev="sda1" ino=1969 res=0 errno=0 [ 190.145469][ T7487] loop1: detected capacity change from 0 to 65536 [ 190.153953][ T7487] XFS (loop1): no-recovery mounts must be read-only. [ 190.353071][ T7504] loop2: detected capacity change from 0 to 512 [ 190.463109][ T7504] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 190.497219][ T7504] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002] [ 190.535550][ T7504] System zones: 0-1, 15-15, 18-18, 34-34 [ 190.563276][ T7504] EXT4-fs (loop2): orphan cleanup on readonly fs [ 190.603586][ T7504] Quota error (device loop2): v2_read_header: Failed header read: expected=8 got=0 [ 190.650976][ T7504] EXT4-fs warning (device loop2): ext4_enable_quotas:7078: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 190.717134][ T7504] EXT4-fs (loop2): Cannot turn on quotas: error -22 [ 190.726544][ T7504] EXT4-fs error (device loop2): ext4_orphan_get:1420: comm syz-executor.2: bad orphan inode 16 [ 190.952112][ T7504] ext4_test_bit(bit=15, block=18) = 1 [ 191.236113][ T7504] is_bad_inode(inode)=0 [ 191.251096][ T7504] NEXT_ORPHAN(inode)=0 [ 191.270916][ T7504] max_ino=32 [ 191.274208][ T7504] i_nlink=2 [ 191.313018][ T7504] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 191.553200][ T7488] loop3: detected capacity change from 0 to 40427 [ 191.616100][ T7488] F2FS-fs (loop3): Found nat_bits in checkpoint [ 191.707745][ T7488] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 191.730110][ T7533] netlink: 168 bytes leftover after parsing attributes in process `syz-executor.0'. [ 191.759298][ T5111] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 192.379236][ T29] audit: type=1804 audit(1718296524.194:292): pid=7547 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir973381039/syzkaller.ViHP5r/198/bus" dev="sda1" ino=1959 res=1 errno=0 [ 192.922289][ T29] audit: type=1804 audit(1718296525.024:293): pid=7550 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir973381039/syzkaller.ViHP5r/199/bus" dev="sda1" ino=1955 res=1 errno=0 [ 192.995808][ T29] audit: type=1804 audit(1718296525.074:294): pid=7552 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir973381039/syzkaller.ViHP5r/199/bus" dev="sda1" ino=1955 res=1 errno=0 [ 193.032018][ T7553] xt_l2tp: v2 tid > 0xffff: 2013396992 [ 193.070176][ T29] audit: type=1804 audit(1718296525.074:295): pid=7552 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir973381039/syzkaller.ViHP5r/199/bus" dev="sda1" ino=1955 res=1 errno=0 [ 193.094443][ T29] audit: type=1804 audit(1718296525.124:296): pid=7550 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir973381039/syzkaller.ViHP5r/199/bus" dev="sda1" ino=1955 res=1 errno=0 [ 193.157752][ T29] audit: type=1804 audit(1718296525.234:297): pid=7555 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir973381039/syzkaller.ViHP5r/199/bus" dev="sda1" ino=1955 res=1 errno=0 [ 193.762460][ T7589] xt_l2tp: v2 tid > 0xffff: 2013396992 [ 193.963466][ T7597] loop2: detected capacity change from 0 to 512 [ 193.994075][ T7597] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 194.025216][ T7597] ext4 filesystem being mounted at /root/syzkaller-testdir2846915294/syzkaller.Aj7u3l/190/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 194.256868][ T5111] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 194.432933][ T7577] loop3: detected capacity change from 0 to 32768 [ 194.455330][ T7577] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor.3 (7577) [ 194.493267][ T7577] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 194.514050][ T7577] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 194.545873][ T1248] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.557042][ T1248] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.557500][ T7577] BTRFS info (device loop3): using free-space-tree [ 195.418059][ T7645] ieee802154 phy0 wpan0: encryption failed: -22 [ 195.683925][ T5969] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 196.614878][ T5112] Bluetooth: hci3: command 0x0406 tx timeout [ 196.621023][ T5108] Bluetooth: hci1: command 0x0406 tx timeout [ 196.621052][ T53] Bluetooth: hci4: command 0x0406 tx timeout [ 196.771941][ T7671] netlink: 'syz-executor.3': attribute type 3 has an invalid length. [ 196.892096][ T7673] loop2: detected capacity change from 0 to 256 [ 196.927728][ T7642] loop1: detected capacity change from 0 to 32768 [ 196.948513][ T7642] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor.1 (7642) [ 196.972887][ T7673] exFAT-fs (loop2): failed to load upcase table (idx : 0x00011f41, chksum : 0xf6e84b2e, utbl_chksum : 0xe619d30d) [ 197.017494][ T7642] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 197.050640][ T7642] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm [ 197.062143][ T7680] loop4: detected capacity change from 0 to 512 [ 197.068593][ T7642] BTRFS info (device loop1): using free-space-tree [ 197.159933][ T7680] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 197.185721][ T7680] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002] [ 197.218607][ T7680] System zones: 0-1, 15-15, 18-18, 34-34 [ 197.224624][ T7680] EXT4-fs (loop4): orphan cleanup on readonly fs [ 197.269012][ T7680] Quota error (device loop4): v2_read_header: Failed header read: expected=8 got=0 [ 197.307046][ T7680] EXT4-fs warning (device loop4): ext4_enable_quotas:7078: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 197.367258][ T7680] EXT4-fs (loop4): Cannot turn on quotas: error -22 [ 197.389220][ T7680] EXT4-fs error (device loop4): ext4_orphan_get:1420: comm syz-executor.4: bad orphan inode 16 [ 197.429861][ T7680] ext4_test_bit(bit=15, block=18) = 1 [ 197.435303][ T7680] is_bad_inode(inode)=0 [ 197.451586][ T7680] NEXT_ORPHAN(inode)=0 [ 197.455702][ T7680] max_ino=32 [ 197.469116][ T5103] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 197.479443][ T7680] i_nlink=2 [ 197.480810][ T7680] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 197.931159][ T5106] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 198.193733][ T7713] loop3: detected capacity change from 0 to 1764 [ 198.245648][ T7701] loop2: detected capacity change from 0 to 32768 [ 198.461666][ T7701] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor.2 (7701) [ 199.297779][ T7701] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 199.354762][ T7701] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 199.405071][ T7701] BTRFS info (device loop2): using free-space-tree [ 199.423070][ T7729] syz-executor.3 (7729): /proc/7727/oom_adj is deprecated, please use /proc/7727/oom_score_adj instead. [ 199.571838][ T7729] loop3: detected capacity change from 0 to 512 [ 199.591653][ T7729] UDF-fs: warning (device loop3): udf_load_vrs: No VRS found [ 199.613251][ T7729] UDF-fs: Scanning with blocksize 512 failed [ 199.634509][ T7729] UDF-fs: warning (device loop3): udf_load_vrs: No VRS found [ 199.695039][ T7729] UDF-fs: Scanning with blocksize 1024 failed [ 199.722604][ T7729] UDF-fs: warning (device loop3): udf_load_vrs: No VRS found [ 199.730834][ T7760] syz-executor.4 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 199.755092][ T7729] UDF-fs: Scanning with blocksize 2048 failed [ 199.780391][ T7729] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256 [ 199.799810][ T29] audit: type=1804 audit(1718296531.894:298): pid=7761 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir2846915294/syzkaller.Aj7u3l/200/file0/bus" dev="loop2" ino=263 res=1 errno=0 [ 199.875476][ T7729] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 199.903172][ T29] audit: type=1326 audit(1718296531.964:299): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7758 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41dca7cea9 code=0x7ffc0000 [ 199.983019][ T29] audit: type=1326 audit(1718296531.964:300): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7758 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41dca7cea9 code=0x7ffc0000 [ 200.343187][ T29] audit: type=1326 audit(1718296531.974:301): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7758 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f41dca7cea9 code=0x7ffc0000 [ 200.607502][ T29] audit: type=1326 audit(1718296531.974:302): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7758 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41dca7cea9 code=0x7ffc0000 [ 200.728259][ T7767] loop1: detected capacity change from 0 to 512 [ 200.740998][ T29] audit: type=1326 audit(1718296531.974:303): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7758 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f41dca7cea9 code=0x7ffc0000 [ 200.857514][ T29] audit: type=1326 audit(1718296531.974:304): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7758 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41dca7cea9 code=0x7ffc0000 [ 200.879911][ T29] audit: type=1326 audit(1718296531.974:305): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7758 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f41dca7cea9 code=0x7ffc0000 [ 200.890956][ T5111] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 200.903704][ T29] audit: type=1326 audit(1718296531.974:306): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7758 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41dca7cea9 code=0x7ffc0000 [ 200.919456][ T7767] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 201.011059][ T7767] ext4 filesystem being mounted at /root/syzkaller-testdir973381039/syzkaller.ViHP5r/212/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 202.466754][ T7767] EXT4-fs error (device loop1): ext4_search_dir:1548: inode #2: block 3: comm syz-executor.1: bad entry in directory: rec_len is smaller than minimal - offset=16444, inode=113, rec_len=0, size=2048 fake=0 [ 202.561435][ T7784] loop3: detected capacity change from 0 to 512 [ 202.598587][ T7784] EXT4-fs: Ignoring removed mblk_io_submit option [ 202.637930][ T7784] EXT4-fs (loop3): Test dummy encryption mode enabled [ 202.692818][ T7784] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a064e01c, mo2=0102] [ 202.730473][ T7784] System zones: 1-12 [ 202.748505][ T7784] EXT4-fs error (device loop3): ext4_orphan_get:1394: inode #15: comm syz-executor.3: casefold flag without casefold feature [ 202.796722][ T7790] loop2: detected capacity change from 0 to 1024 [ 202.826323][ T7784] EXT4-fs error (device loop3): ext4_orphan_get:1399: comm syz-executor.3: couldn't read orphan inode 15 (err -117) [ 202.858815][ T5103] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 202.906798][ T7784] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 203.082867][ T7798] loop2: detected capacity change from 0 to 8 [ 203.107651][ T7798] unable to read id index table [ 203.206494][ T7784] fscrypt: AES-256-CBC-CTS using implementation "cts-cbc-aes-aesni" [ 203.211024][ T7798] tmpfs: Bad value for 'mpol' [ 203.273050][ T7784] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 203.333548][ T29] kauditd_printk_skb: 60 callbacks suppressed [ 203.333567][ T29] audit: type=1326 audit(1718296535.434:367): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7806 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3db287cea9 code=0x7ffc0000 [ 203.392954][ T29] audit: type=1326 audit(1718296535.464:368): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7806 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3db287cea9 code=0x7ffc0000 [ 203.430244][ T29] audit: type=1326 audit(1718296535.464:369): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7806 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f3db287cea9 code=0x7ffc0000 [ 203.467590][ T29] audit: type=1326 audit(1718296535.464:370): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7806 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3db287cea9 code=0x7ffc0000 [ 203.492936][ T29] audit: type=1326 audit(1718296535.464:371): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7806 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3db287cea9 code=0x7ffc0000 [ 203.529237][ T29] audit: type=1326 audit(1718296535.464:372): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7806 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3db287cea9 code=0x7ffc0000 [ 203.554388][ T29] audit: type=1326 audit(1718296535.464:373): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7806 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3db287cea9 code=0x7ffc0000 [ 203.592098][ T29] audit: type=1326 audit(1718296535.464:374): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7806 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3db287cea9 code=0x7ffc0000 [ 203.622609][ T29] audit: type=1326 audit(1718296535.484:375): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7806 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3db287cea9 code=0x7ffc0000 [ 203.660444][ T29] audit: type=1326 audit(1718296535.484:376): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7806 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3db287cea9 code=0x7ffc0000 [ 205.035263][ T7820] loop1: detected capacity change from 0 to 512 [ 205.124195][ T7820] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 205.173244][ T7820] ext4 filesystem being mounted at /root/syzkaller-testdir973381039/syzkaller.ViHP5r/214/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 205.445374][ T5103] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 206.602272][ T7844] loop2: detected capacity change from 0 to 128 [ 206.714324][ T7844] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (16076!=39978) [ 206.765620][ T7846] netlink: 'syz-executor.1': attribute type 1 has an invalid length. [ 206.792414][ T7844] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 ro without journal. Quota mode: none. [ 206.831022][ T7846] netlink: 224 bytes leftover after parsing attributes in process `syz-executor.1'. [ 206.953998][ T5111] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 207.779962][ T7878] loop2: detected capacity change from 0 to 512 [ 207.820944][ T7878] EXT4-fs: quotafile must be on filesystem root [ 208.119911][ T7888] loop1: detected capacity change from 0 to 128 [ 208.185782][ T7888] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (16076!=39978) [ 208.222518][ T7888] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 ro without journal. Quota mode: none. [ 208.898630][ T5103] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 209.216214][ T29] kauditd_printk_skb: 1046 callbacks suppressed [ 209.216234][ T29] audit: type=1326 audit(1718296541.314:1423): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7910 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f130067cea9 code=0x7ffc0000 [ 209.327208][ T29] audit: type=1326 audit(1718296541.354:1424): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7910 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f130067cea9 code=0x7ffc0000 [ 209.389784][ T29] audit: type=1326 audit(1718296541.354:1425): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7910 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f130067cea9 code=0x7ffc0000 [ 209.442859][ T29] audit: type=1326 audit(1718296541.354:1426): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7910 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f130067cea9 code=0x7ffc0000 [ 209.493645][ T29] audit: type=1326 audit(1718296541.364:1427): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7910 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f130067cea9 code=0x7ffc0000 [ 209.575829][ T29] audit: type=1326 audit(1718296541.364:1428): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7910 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f130067cea9 code=0x7ffc0000 [ 209.635178][ T29] audit: type=1326 audit(1718296541.364:1429): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7910 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f130067cea9 code=0x7ffc0000 [ 209.716981][ T29] audit: type=1326 audit(1718296541.404:1430): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7910 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f130067cea9 code=0x7ffc0000 [ 209.757132][ T29] audit: type=1326 audit(1718296541.404:1431): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7910 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f130067cea9 code=0x7ffc0000 [ 209.821189][ T29] audit: type=1326 audit(1718296541.404:1432): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7910 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f130067cea9 code=0x7ffc0000 [ 210.218946][ T7912] loop1: detected capacity change from 0 to 32768 [ 210.256206][ T7912] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor.1 (7912) [ 210.327038][ T7912] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 210.336987][ T7943] netlink: zone id is out of range [ 210.346570][ T7912] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 210.362669][ T7912] BTRFS info (device loop1): using free-space-tree [ 210.372122][ T7943] netlink: set zone limit has 4 unknown bytes [ 210.792426][ T5103] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 210.817321][ T7965] vlan3: entered promiscuous mode [ 210.822526][ T7965] netdevsim netdevsim4 netdevsim0: entered promiscuous mode [ 210.876870][ T7965] netdevsim netdevsim4 netdevsim0: left promiscuous mode [ 211.499097][ T7975] tmpfs: Bad value for 'mpol' [ 213.139147][ T8016] 9p: Unknown uid 00000000004294967295 [ 213.155049][ T8013] vlan2: entered promiscuous mode [ 213.177171][ T8013] netdevsim netdevsim1 netdevsim0: entered promiscuous mode [ 213.227633][ T8013] netdevsim netdevsim1 netdevsim0: left promiscuous mode [ 213.488029][ T8021] netlink: zone id is out of range [ 213.537569][ T8021] netlink: set zone limit has 4 unknown bytes [ 214.578004][ T8042] 9pnet_fd: Insufficient options for proto=fd [ 214.618434][ T8042] loop1: detected capacity change from 0 to 256 [ 214.633326][ T8042] FAT-fs (loop1): Unrecognized mount option "./file0" or missing value [ 214.668102][ T8038] 9pnet_fd: Insufficient options for proto=fd [ 215.101499][ T8052] vlan2: entered promiscuous mode [ 215.106599][ T8052] netdevsim netdevsim1 netdevsim0: entered promiscuous mode [ 215.177615][ T8052] netdevsim netdevsim1 netdevsim0: left promiscuous mode [ 215.437818][ T8064] EXT4-fs warning (device sda1): verify_group_input:137: Cannot add at group 1 (only 8 groups) [ 217.318652][ T5220] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 217.563060][ T5220] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 217.604068][ T5220] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 217.649110][ T5220] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 217.697210][ T5220] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 217.714699][ T5220] usb 2-1: config 0 descriptor?? [ 217.758212][ T8118] EXT4-fs warning (device sda1): verify_group_input:137: Cannot add at group 1 (only 8 groups) [ 218.719665][ T8093] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 218.763401][ T8093] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 220.589472][ T5220] usb 2-1: string descriptor 0 read error: -71 [ 220.607466][ T8146] Cannot find set identified by id 0 to match [ 220.795445][ T5220] uclogic 0003:256C:006D.0003: failed retrieving string descriptor #200: -71 [ 220.860365][ T5220] uclogic 0003:256C:006D.0003: failed retrieving pen parameters: -71 [ 220.919415][ T5220] uclogic 0003:256C:006D.0003: failed probing pen v2 parameters: -71 [ 220.979886][ T5220] uclogic 0003:256C:006D.0003: failed probing parameters: -71 [ 221.009671][ T5220] uclogic 0003:256C:006D.0003: probe with driver uclogic failed with error -71 [ 221.059659][ T5220] usb 2-1: USB disconnect, device number 3 [ 221.551376][ T8177] syz-executor.4[8177] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 221.552091][ T8177] syz-executor.4[8177] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 222.629161][ T8199] loop1: detected capacity change from 0 to 1764 [ 222.693077][ T8199] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. [ 223.274554][ T8230] ptrace attach of "/root/syz-executor.3 exec"[5969] was attempted by "\x0c "[8230] [ 223.305886][ T8232] netlink: 72 bytes leftover after parsing attributes in process `syz-executor.4'. [ 223.860222][ T8267] netlink: 72 bytes leftover after parsing attributes in process `syz-executor.4'. [ 223.950516][ T8269] ptrace attach of "/root/syz-executor.2 exec"[5111] was attempted by "\x0c "[8269] [ 224.224559][ T8277] loop1: detected capacity change from 0 to 1024 [ 224.339164][ T8283] x_tables: ip_tables: REDIRECT target: used from hooks POSTROUTING, but only usable from PREROUTING/OUTPUT [ 224.550442][ T8277] hfsplus: extend alloc file! (8192,65536,366) [ 225.236146][ T8275] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3832186367 (7664372734 ns) > initial count (393216 ns). Using initial count to start timer. [ 225.297704][ T8293] netlink: 72 bytes leftover after parsing attributes in process `syz-executor.4'. [ 225.414793][ T8299] netlink: 'syz-executor.3': attribute type 10 has an invalid length. [ 225.456235][ T8299] batman_adv: batadv0: Adding interface: team0 [ 225.477656][ T8299] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 225.507538][ T8299] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 225.863795][ T8325] loop1: detected capacity change from 0 to 64 [ 225.920247][ T8325] Trying to free block not in datazone [ 225.926490][ T8325] Trying to free block not in datazone [ 226.154577][ T8337] netlink: 'syz-executor.0': attribute type 10 has an invalid length. [ 226.248390][ T8337] batman_adv: batadv0: Adding interface: team0 [ 226.278564][ T8337] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 226.354800][ T8337] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 227.775917][ T8369] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 227.822348][ T8369] netlink: 130984 bytes leftover after parsing attributes in process `syz-executor.0'. [ 228.599413][ T8376] xt_policy: too many policy elements [ 228.874274][ T8379] netlink: 'syz-executor.4': attribute type 10 has an invalid length. [ 228.970393][ T8379] batman_adv: batadv0: Adding interface: team0 [ 228.976831][ T8379] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 229.057350][ T8379] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 229.300650][ T8395] ptrace attach of "/root/syz-executor.4 exec"[5106] was attempted by "\x0c "[8395] [ 230.538973][ T8407] xt_policy: too many policy elements [ 230.969659][ T5123] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 230.980381][ T5123] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 230.990452][ T5123] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 230.999492][ T5123] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 231.009705][ T5123] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 231.017272][ T5123] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 231.196722][ T8425] syz-executor.3[8425] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 231.196980][ T8425] syz-executor.3[8425] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 231.872165][ T8041] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 231.931576][ T29] kauditd_printk_skb: 309 callbacks suppressed [ 231.931597][ T29] audit: type=1326 audit(1718296564.034:1742): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8430 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f130067cea9 code=0x7ffc0000 [ 232.087404][ T29] audit: type=1326 audit(1718296564.034:1743): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8430 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f130067cea9 code=0x7ffc0000 [ 232.173267][ T5115] Bluetooth: hci3: unexpected event 0x03 length: 4 < 11 [ 232.214872][ T29] audit: type=1326 audit(1718296564.074:1744): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8430 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f130067cea9 code=0x7ffc0000 [ 232.297461][ T29] audit: type=1326 audit(1718296564.074:1745): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8430 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f130067cea9 code=0x7ffc0000 [ 232.408455][ T29] audit: type=1326 audit(1718296564.074:1746): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8430 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f130067cea9 code=0x7ffc0000 [ 232.468130][ T29] audit: type=1326 audit(1718296564.084:1747): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8430 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f130067cea9 code=0x7ffc0000 [ 232.540821][ T8041] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 232.576305][ T29] audit: type=1326 audit(1718296564.084:1748): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8430 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f130067cea9 code=0x7ffc0000 [ 232.654463][ T29] audit: type=1326 audit(1718296564.084:1749): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8430 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f130067a627 code=0x7ffc0000 [ 232.732765][ T29] audit: type=1326 audit(1718296564.084:1750): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8430 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f1300640309 code=0x7ffc0000 [ 232.758555][ T29] audit: type=1326 audit(1718296564.084:1751): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8430 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=440 compat=0 ip=0x7f130067cea9 code=0x7ffc0000 [ 232.877532][ T8442] loop1: detected capacity change from 0 to 64 [ 232.917221][ T30] INFO: task kworker/0:8:5188 blocked for more than 143 seconds. [ 232.926924][ T30] Not tainted 6.10.0-rc3-syzkaller-00044-g2ccbdf43d5e7 #0 2024/06/13 16:36:05 SYZFATAL: failed to recv *flatrpc.HostMessageRaw: EOF [ 233.006994][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 233.015767][ T30] task:kworker/0:8 state:D stack:23864 pid:5188 tgid:5188 ppid:2 flags:0x00004000 [ 233.077323][ T5115] Bluetooth: hci2: command tx timeout [ 233.104103][ T30] Workqueue: events_long bch2_fs_read_only_work [ 233.137446][ T30] Call Trace: [ 233.141763][ T30] [ 233.144739][ T30] __schedule+0x1796/0x49d0 [ 233.157921][ T8442] Trying to free block not in datazone [ 233.163433][ T8442] Trying to free block not in datazone [ 233.188498][ T30] ? __pfx___schedule+0x10/0x10 [ 233.193434][ T30] ? __pfx_lock_release+0x10/0x10 [ 233.199572][ T30] ? do_raw_spin_lock+0x14f/0x370 [ 233.204652][ T30] ? kthread_data+0x52/0xd0 [ 233.226973][ T30] ? wq_worker_sleeping+0x66/0x240 [ 233.232164][ T30] ? schedule+0x90/0x320 [ 233.236454][ T30] schedule+0x14b/0x320 [ 233.261977][ T30] journal_quiesce+0x205/0x2e0 [ 233.266836][ T30] ? bch2_fs_journal_stop+0xdd/0x520 [ 233.287133][ T30] ? __pfx_journal_quiesce+0x10/0x10 [ 233.292494][ T30] ? __pfx_autoremove_wake_function+0x10/0x10 [ 233.307141][ T30] bch2_fs_journal_stop+0x33b/0x520 [ 233.312422][ T30] ? __pfx_bch2_fs_journal_stop+0x10/0x10 [ 233.323191][ T30] ? __pfx___bch2_print+0x10/0x10 [ 233.328529][ T30] ? __bch2_btree_flush_all+0x6dc/0x700 [ 233.334109][ T30] ? __bch2_btree_flush_all+0x6f/0x700 [ 233.339643][ T30] __bch2_fs_read_only+0x30c/0x430 [ 233.346150][ T30] bch2_fs_read_only+0xb52/0x1210 [ 233.351506][ T30] ? __pfx_bch2_fs_read_only+0x10/0x10 [ 233.357075][ T30] ? __down_write_common+0x162/0x200 [ 233.362413][ T30] ? __pfx___down_write_common+0x10/0x10 [ 233.368312][ T30] ? process_scheduled_works+0x945/0x1830 [ 233.374087][ T30] bch2_fs_read_only_work+0x2d/0x40 [ 233.379365][ T30] process_scheduled_works+0xa2c/0x1830 [ 233.384977][ T30] ? __pfx_process_scheduled_works+0x10/0x10 [ 233.391249][ T30] ? assign_work+0x364/0x3d0 [ 233.395882][ T30] worker_thread+0x86d/0xd70 [ 233.400958][ T30] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 233.408909][ T30] ? __kthread_parkme+0x169/0x1d0 [ 233.413998][ T30] ? __pfx_worker_thread+0x10/0x10 [ 233.419180][ T30] kthread+0x2f0/0x390 [ 233.423356][ T30] ? __pfx_worker_thread+0x10/0x10 [ 233.428716][ T30] ? __pfx_kthread+0x10/0x10 [ 233.433355][ T30] ret_from_fork+0x4b/0x80 [ 233.438928][ T30] ? __pfx_kthread+0x10/0x10 [ 233.443558][ T30] ret_from_fork_asm+0x1a/0x30 [ 233.449355][ T30] [ 233.503591][ T30] INFO: task syz-executor.0:5290 blocked for more than 143 seconds. [ 233.510186][ T8041] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 233.522094][ T30] Not tainted 6.10.0-rc3-syzkaller-00044-g2ccbdf43d5e7 #0 [ 233.560989][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 233.586965][ T30] task:syz-executor.0 state:D stack:18488 pid:5290 tgid:5288 ppid:5120 flags:0x00004006 [ 233.617016][ T30] Call Trace: [ 233.620371][ T30] [ 233.623328][ T30] __schedule+0x1796/0x49d0 [ 233.657169][ T30] ? __pfx___schedule+0x10/0x10 [ 233.662141][ T30] ? __pfx_lock_release+0x10/0x10 [ 233.697115][ T30] ? schedule+0x90/0x320 [ 233.701444][ T30] schedule+0x14b/0x320 [ 233.705733][ T30] schedule_preempt_disabled+0x13/0x30 [ 233.736968][ T30] rwsem_down_write_slowpath+0xeeb/0x13b0 [ 233.742782][ T30] ? rwsem_down_write_slowpath+0xa06/0x13b0 [ 233.786387][ T30] ? __pfx_rwsem_down_write_slowpath+0x10/0x10 [ 233.797386][ T30] ? __pfx_lock_acquire+0x10/0x10 [ 233.802481][ T30] __down_write_common+0x1af/0x200 [ 233.846996][ T30] ? __pfx___bch2_print+0x10/0x10 [ 233.852126][ T30] ? __pfx___down_write_common+0x10/0x10 [ 233.888425][ T30] ? wake_up_q+0xdc/0x120 [ 233.892843][ T30] __bch2_fs_stop+0xfd/0x540 [ 233.917222][ T30] ? __pfx_up_write+0x10/0x10 [ 233.921998][ T30] ? __pfx___bch2_fs_stop+0x10/0x10 [ 233.937015][ T30] ? llist_reverse_order+0x72/0x90 [ 233.942200][ T30] ? bch2_fs_start+0x2c7/0x5b0 [ 233.952349][ T30] bch2_fs_open+0xb4f/0xdf0 [ 233.957114][ T30] ? __pfx_bch2_fs_open+0x10/0x10 [ 233.963313][ T30] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 233.976963][ T30] ? __pfx_bch2_test_super+0x10/0x10 [ 233.982311][ T30] ? sget+0x2b8/0x620 [ 233.986330][ T30] ? __pfx_bch2_noset_super+0x10/0x10 [ 234.005229][ T30] bch2_mount+0x6b0/0x13a0 [ 234.009918][ T30] ? __pfx_bch2_mount+0x10/0x10 [ 234.014835][ T30] ? vfs_parse_fs_string+0x190/0x230 [ 234.029121][ T30] ? kfree+0x4e/0x360 [ 234.033204][ T30] ? vfs_parse_fs_string+0x190/0x230 [ 234.045864][ T30] ? __pfx_vfs_parse_fs_string+0x10/0x10 [ 234.051609][ T30] ? cap_capable+0x1b4/0x250 [ 234.056239][ T30] legacy_get_tree+0xee/0x190 [ 234.066958][ T30] ? __pfx_bch2_mount+0x10/0x10 [ 234.071903][ T30] vfs_get_tree+0x90/0x2a0 [ 234.076352][ T30] do_new_mount+0x2be/0xb40 [ 234.088502][ T30] ? __pfx_do_new_mount+0x10/0x10 [ 234.093843][ T30] __se_sys_mount+0x2d9/0x3c0 [ 234.098881][ T30] ? __pfx___se_sys_mount+0x10/0x10 [ 234.104112][ T30] ? do_syscall_64+0x100/0x230 [ 234.115710][ T30] ? __x64_sys_mount+0x20/0xc0 [ 234.122287][ T30] do_syscall_64+0xf3/0x230 [ 234.126838][ T30] ? clear_bhb_loop+0x35/0x90 [ 234.139259][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 234.145309]