last executing test programs: 21.167779914s ago: executing program 1: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x4, 0x5, &(0x7f0000000240)=@framed={{0x18, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, [@call={0x85, 0x0, 0x0, 0x87}, @call={0x85, 0x0, 0x0, 0x7}]}, &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x0, 0x28, 0x0, &(0x7f0000000900)="e02742e8680d85ff9782762f86dd", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) 21.033492765s ago: executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)={0x1c, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}}, 0x1c}}, 0x0) 20.928193451s ago: executing program 1: ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'sit0\x00', &(0x7f00000002c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x35, 0x4, 0x0, 0x0, 0xd4, 0x0, 0x0, 0x0, 0x29, 0x0, @broadcast, @remote, {[@timestamp={0x44, 0x1c, 0x0, 0x0, 0x9, [0x401, 0x1000, 0x5, 0x0, 0x5, 0x4]}, @timestamp_prespec={0x44, 0x3c, 0xc0, 0x3, 0x0, [{@private=0xa010100}, {@multicast1, 0x5}, {@remote}, {@dev={0xac, 0x14, 0x14, 0x32}, 0x659}, {@broadcast, 0x8000}, {@empty}, {@multicast1, 0xffd200}]}, @timestamp_prespec={0x44, 0x3c, 0x0, 0x3, 0x8, [{@dev={0xac, 0x14, 0x14, 0x16}}, {@remote, 0x4}, {@multicast2, 0x7}, {@private=0xa010101}, {@rand_addr=0x64010101}, {@broadcast, 0x52b1}, {@multicast2}]}, @noop, @noop, @noop, @lsrr={0x83, 0xf, 0xdc, [@private=0xa010102, @rand_addr, @multicast1]}, @rr={0x7, 0x17, 0x0, [@dev, @remote, @multicast1, @private, @remote]}]}}}}}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000240), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r2, 0x0) r3 = dup(r1) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000}) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_RUN(r4, 0xae80, 0x0) 19.015013122s ago: executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000480)=@ipv4_newaddr={0x34, 0x14, 0x509, 0x0, 0x0, {0x2, 0x18, 0x0, 0x0, r2}, [@IFA_LOCAL={0x8, 0x2, @broadcast}, @IFA_CACHEINFO={0x14, 0x6, {0x0, 0x7}}]}, 0x34}}, 0x0) 18.960041131s ago: executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$batadv(&(0x7f00000005c0), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000700)={0x0, 0x3000000, &(0x7f00000006c0)={&(0x7f0000000640)={0x1c, r1, 0x703, 0x0, 0x0, {0xb}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r2}]}, 0x1c}}, 0x0) 18.918419807s ago: executing program 1: r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = socket$inet(0x2, 0x3, 0x102) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000200)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000040)={0x1d, r2}, 0x18) sendmsg$can_j1939(r0, &(0x7f00000002c0)={&(0x7f00000000c0)={0x1d, 0x0, 0x0, {0x0, 0x1ee}}, 0x18, &(0x7f0000000000)={&(0x7f0000000140)='\x00', 0x1}}, 0x0) 16.751252938s ago: executing program 4: unshare(0x62040200) syz_mount_image$btrfs(&(0x7f0000000000), &(0x7f00000015c0)='./file0\x00', 0x2280001, &(0x7f0000001600), 0x1, 0x55b9, &(0x7f0000014340)="$eJzs3X9sVeX9B/BzWwoN+C39jhUYfxAgBoMkyJYtjqB4MQa24eKlgsKcCEQlBivYRDcYqUWSZcaghU4EF5GQaDJjscM/FMywy7CMZfzY5hZjs4JSaZZsAzVrHDG69N77XO49l9tembNOXy/SnvPcz3me+9yT88d9X/qcGwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAURUcSc9+d0f3i0ZE1X77/Hz+e+OjGn4zfvX/roVvu23T/gjMjbto5a1nf+mlN8zdsbDjS/PS+ObdGUSLdL5Htf9u136q/88bbvlsdBly+MLOtrS31lJmuJzON4QUP9vcr/FkRRVFVbIDK7PbV7E5FwQC53cbiAQf0Tuui6O7J8ya1dT01bklyYU/xS6df9VBPYKhkr6ue89dSMv27InZErp136SUKLtFM//gF96m8CADgY5mZSm9yb0ezb3Fz7eZ4PdZOxtotsXZ4h9CS37gYmXGHl5rnpHh9iOaZzESFESXnGatnz3+unYr3j7VjUeNjzLPw0GykqS41z7Wx+lDNEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOCzZOzxo2tWtD2y575fdtQceff9OVc+8KWOw22LT4y8eunKHWum/HTWsr7105rmb9jYcKT56X1zbo2i2nS/RKZ74kTL5b9NjZ3fvXfcG427n6vpq8yOG7bD8g6OXg87s0ZH0cq8Sk8Y9q81UZQqLKSb0Y7iwl3pnW+HAgAAAJ8nX0n/rsi1M3GwqqCdSKfJRPpfkAmL77Quiu6ePG9SW9dT45YkF/Zc/HipEuMlLzherl17/ieRF4xD/I2Pd74eDm0sGmdg8RHjef7SMWPefmty/eSvT5v7xA3PjOru+r8nZ2xJ/bGu5oUrru+tf/a6ovxfO3D+D2dO/gcAAOA/If/HxxnYYPn/jqVTt7z+i2Grft3a8MTB+h1/bv3OMzsXneq54Ud9L09N3v7o1UX5f1LBUxbl/zDjkP8roovL/wAAAPBZ9t/O/8micQY2WP5vONM3+wcHX6vr+PucxXt+9dAVi8+e/tv8U7t3DV9zR8v6uoeuLMr/M8vL/8Pypx0e/F2Y8OrRUTSz/JMKAAAAFAj/737+o4WQ1zOfHMTz+rX/vKp5380ffPMbD97zpzff/s2xA7MnrdteN/PgyzfVf1j5ve3dRfk/WV7+r/p0Xi4AAABQhuePrpw773jPucfPvtB18vDu3pMznjyzrqnvdOslLatXbTr2WlH+T5WX/0cMzcsBAAAALuDeO59bsfnVl/oe2H/X2Ck9FVc1XpK4ZduOqU0TPuq8tPfy7VuL8v/y8vL/yOw2u/Ih06kz/BVC6+goqu7fWZspHIparskVAAAAgE9IyOlbP1ixbOzOsb3jj59+rObQG4dn/2Vt55yN13RXdW/uXNZ4WdH9AkJiL3X//3Cng7D+v+D+f0Xr//MKmbv+zXZjAAAAAL6Iitfzh9vjZ765oNT375e7/n9J3cQTiba33lv11XMHzo1ZsP/7129aV9/be8+El37/wz9M/6i6KP83l5f/K/O3n+T3/wEAAMBF+F/7/r+lReMMbLD7/zdV9DWsWrd3+uota7csTCw7UH3qwdV731+w5l9Tb36+qea6A0X5v6W8/B+2o/JfXkc4P5tGR9H4/p3s3QR/Hqa7OlZor8orZE58rMeNoUe20D4ir5C2Ntbja6OjaHL/TnOs8P+h0BIrnK3JFnbFCsdCIXs95Ap7YoWOcKVtq8lON154MRSyCyzawwqKUbklEbEe75Xq0V+4YI+u3JMDAAB8oYTwnM2yVYXNKB5l2xODHTBysAMqBjugcrADhsUOiB9Y6vFoeWEhPH575yMbNjVMSb7y8NzHfvbms40T9j1+WV3v5g9f2XbvxJ3TW6YW5f9d5eX/cCqGZzal1v9HYf1/9nsNc+v/l4dCbazQHgqp+B0DUuE5MmH34fActalsj7PjcwUAAAD4XAufC1QO8TwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/s3evcdJVd0JAj/d9INumqaNE9GMk3TUgGakaWwNw+AomodGQ2hmjeMmo4FAg0gTCI9VCGoD6oxD/IyvnTUTHUFBZFf9EONqMBiJi5hRJyomPgAf6+i6ru9RidFM2E/3rVNU3eqyC6GRdr7fP7pO1e88bz26zr23zgUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4D+Guw5/8WvDF8/9h/cbzr5wbdX0Jf+jY+zFf7j8m59+4h9XLPm3sPCXo87YtuCw805YuGjGv3SsXHvM6SG0dpUrS4qXPXPp5+9v3e+Ep28dvHn2dTfVb6vK1JuJhwGdf8ozdy6IrT4/MIQ7ykKoSAeG1SWBysz9uljfgXUh7BN2BLIl2mqTEumGw701ISwLOwLZqtbWhFCXEzhl0z13X9KZuLImhM+FEKrTbTxVnbRRkw4MqUoCtenAzIok8NvtiWzgp+VJAHZZfDNkX/RrWvMzNHRfrsjrr3K3deyjlR5ev5hoKJ7v1eN6uVM5qtIPtO7S01ZQHb2i4O2x3rutD7zbCrbzpZ623C9SmW8o28P2GKoO5ZPbpkyc1z43PlIempr6Faupl57nJ99cOGln0n3mdRg70LBbXocXPbJq5oAVYy+6YutD4zadWXPIrnbziZxNmpvubdUh85rrM89jNMbnSR94+xV8S2r0pSuEsP3ss2Z9ad7ks47pd+PjG16+7766bWfNW/TLMyafs+SCr2/694UvFMz/Gz54/h9fzvG2PC93bPX9+mRuHh+pi4nX65O5OQAAAPQZfWGv6ervv/pXr/5gfevsJad9643Dz35/v9Zfj7pnUNUhr21oav3+5k++VDD/byzt+H885F+XO9r1IYzpSiwZFML+XY8ngdWxO98ZFMJnu1Kt+YHjUoH1IRzQlTgsW1WqRP9YojEVeLE+ExiTCmyMgdZUYGUMXJoKXBADa1KBSTGwPhU4PgbCtPxxfL4+M46SAzUxMCHZiGviWQhv1cfWUttqS7YqAACA3SQzO6zMv5tzrsOuZojTyzU1PWWIZ2AXzVCdqiE9g81Oq4rWUNFTDeU91ZAdd8cHD7+g5rKeai44DaMsP8N16/7y7iXPH/Wp8ftN/uTS4edO+/nEcOabd1Q92rzs+TcOPOaGDQXz/+YPnv9Xd9ORsoLj/yGM7/obc5dnIu3Z+ITWvAwAAADALjj/j/9in9oXhx3SsOXdsrsWrn/s4VW/2rrPKae9O+HEV390dE3jXQXz/zGlnf8f94n0y8kcHoy7IaYPCqE5P5BUO7owkBz1HpAJAAAAQF+QPR6fPRY+LXObnKKdnk8X5m/dyfzxwP+YbvP//s7/WXvr9n99vuzc75w9qmbQ8n96uWPSSV8//sYTv/nWARWH/Kq8YP7fWtr5/7X5t0knNsZeXDEohP45gftiLzsDXRpj4Nlj8wOZ8W+MG2BprCpzYkK2qqWxxIQYaE4FlhUr8XC2xP75gcyTlW18SXYc0zIlcgIAAACwx8XdAfG4fDz/v+X0Uaf+9ffm/O3il+47Z+25F/7VyI6Fo792z5PvN8y/bHnY8voxBfP/CTt3/n/XPLjg9P72ASEMrwihX/qHAQ/WJgsDxkBdWSZxV21SV790VYtrQxjdObB0Vc9l1v+vSK8x+GhNUlUM7H/QjW8O6UysqAlheG7gsW8tP6ozMS8VyDZ+ak0In+kcbbrx2/snjVemG7+qfwifzglkq5rUP4TOxqrSVf2v6sx1DNJVrakOYd+cQLaqkdUhzA8A9FXxf+nk3AfnzF8wfWJ7e9vsXkzEnfg1Ycq09ramSTPbJ1cX6dPkVJ/z1jFaVDimUi99syWzRtHS1VMrS0lnfyjYnNtWZkd+wZmDmfvxy1Bl1ziPqMy725Ie8qEHFzYRcr5KFRtyeS8PuTa3kh1PYkH9MX9VGBD6z5vTNrvpnIlz584ekfwtNfsRyd94nCnZViPS26q2u76V8PIoulxWyofdVkNyKxk+d8as4XPmLxg2bcbEqW1T277bcuSftYwaOfILo4Z3Dqo5+dvDSId0V3NqpNuXlzis3TjST1XkVLInPjQkJCR6PfHQ7q3woP+y9YGx+2787jU/f+Un3x/w1VPv2v/Y2T868vLp91cfePTSW4YdWjD/n/XB8//4qRM/+DPrMxQ7/t8QD/Mnj+84zD8hBpaVevy/odjR/OyJAY2pQEcMdDjMDwAAwMdD3B0Z92bGndJbb9y4YfOylvk/bHir5aZ17cuvv/7ub/z0tsEnfWZo2G/T1Sd9omD+31Ha7/930/r/2aXrTyq2zP9hsURzsfX/08v8Z9f/7yi2/n96mf/s+v/LPoL1/+dlA6lN8pb1/wEAgI+DPbf+f4/L+6cvEFCQocfl/dMXCCjI0OMy/qVeIGCn1/9fd99ff65qwLhb/6TlN/UXvvJ3dx7VeuyGrbP/5DPbN06+++rxN64rmP9fWtr838L9AAAAsPf4zxdfWXH8WXfc2rJh+uYJrw99+/E3lg3p917F8Q+0j35u8Gs3nVMw/19W2vx/z6//F4qd/99YLNBabGFA6/8BAADQRxVb/+/O4S2Nfxg38A9PjvjNyvtuGPuzB3/x+5UH/eLkn5cfsOjLz86+eErB/H9NafP/eNpFeV7u2Jv365M17UJ6TbvX67M/GQAAAIC+oTw0NVWWmDdvYdTjPnybT2aWAv2gdK7vvXTVWVufm3nCo6dt+Luak4buO2nGuWsa/2bkobd9csyF+y7f8o2C+f/60ub/eb/LuOiRVTMHrBh70ftXbH1o3KYzaw7ZcfwfAAAA6D2l7pcAAAAAAAAAAAAAAAA+emd3LD3vwRVffuert/zFwccse3nozbcf+rthA1649PJ7p6x57YypXyr4/X8Y31Wu2O//43X/4u8L/igvd2y15/X/MvdPOfmW+V1LFj5YH8LBuYHpi6fvEzLX5h+aG7j79MMGdyYWp0use/r4FzoT304HThz2iW2diaNTgQlxkcQD0oF4VcVtA1OBuLzio+lA3B5r0oGqTODigck4ytLb6qW6ZFuVpbfV5roQBuUEstvqjrqkjbL0AK9MBbID/F46EAf49UygPN2rWwYkvYqBulj02gFJrwAA2GvFb4GVYcq09rbm+BU+3n6qIv82yluybFFhtWUlNr8lszTZ0tVTK0tJ90t/F91xrfHKUN05hBEFX1dzs5R1jXL31NLDpvujIkPuabW38iLl0nZ201UVH1FNMqKmSTPbJ1f2OPCWnrMcUdFjlhEFk53cLOVdm7SEWkroSwkjKnHblNDleL88NDX1S+X68xhsCHl6ekX0+Hv9zHJ6uev8FXsV5Oa5+cjL3vjsF3/2zHv//MnHBn7l1Jpb5vzg7ZN//eo9hx5xzNWTmtZtK5j/N5Q2/6/OHde2zMUAOuKV9UYPCmFCTyMCAACA/zBuPv+mW0+bufGlKesrHn/kkenl406r3L7wtoULLtx819ITLz581a7Gjzrztz/4zdCD/+3py1/42egD7r32hv/z+FGP/vnvH/jx/W/Vre43/p2C+X9jafP/uAcrcyg42duxPl7/f8mgELourd+QBFbH4X5nUAif7Uq1xhLJBfVPiiWak8DquMPksFhiQmt+Vf1jYE0q8GJ9JrA+FdgYA5m9FDeGzK6cy+pDOKorNT6/xKxYoiEVGBcDjalAUww0pwIDY2BMKvDKwEygNRV4IAbCtPxt9ZOBmW0FAACwMzLzrMr8uyE9z1tT0VOGsp4y1PaUobynDNU9ZSg2inj/1pihMnXySllOpsp0rTWpWgoyxIvh73S/CjKEh/NzpgsWNB3PP8ieb1CWn+GyHz79jY1DZ96/dusXvzD45n8ctu/hzTPr3ll07RO/Hffdq5/90yEF8//m0ub/tfm3Sesb4/x/x/X/ksB9sXtXxFPHG2Pg2WPzA5kdAxvjZHdptqrWTInMpH1pLDEmBhpTgVkxMCYVmDA+E1g2OD+QmWlnG1+SbXxapkROAAAAAPa4uIMg7qaJ8//rjvvhFe8OmrxtxYLZ94xveezrY79yxe0/vuvgFbe9vWrooAnvfLtg/j+mtPl/bG9AbmMXxN48PzCEO8p29CYbGFaXBOJ+jLr48/gD60LYJ2cHR7ZEW21SoirVcLi3JvmFelW6qrU1yRoD8f4pm+65+5LOxJU1IXwuZ+9Lto2nqpM2atKBIVVJoDYdmFmRBOKen2zgp+VJAHZZdq9gfEFlTnXJaui+XJHX38flmqDp4RXsA+0mX3e/ueot1ekHMvtUs3buaSuojl5R8PZY793WF99tDd5tuV+kMt9Qtu8IVYfyyW1TJs5rnxsfyf0la4Feep5zf6VaSno3vA47Pnxve1ad7kBz6uOjufty3b8Oy2J1Fz2yauaAFWMvumLrQ+M2nVlzSMndKCL+UPjH2/535RM5m7e3VYfMa67PfZ60+jzpi/8GGj1tIYSLr/nigcve/vVBz1z7zDc2lF03/uW/nHPnlpV/U3n0mA3vPj587CUF8//W0ub/FanbLr+LG3POoBAOzdm4D8bN/8VByedgTiD5lNy3MJAccv/X+qKfnAAAALC7ZXd3ZPcXTMvcJieEp+fJhflbdzJ/3F8xptv8pfb7yxs2r/7a8NeuPuRvzz35tb+/6ugn7r/m4rINK//7+PfWrrtk6TuPFcz/J3zw/L9/qpuO/zv+Ty9x/L9bZan1c3vYFX3JG3t4V3T/9AMdu7QruqA6eoXj/93qcwd+HP8Pjv932z/H/x3/75Hj/93a25+2gm9Js3zp6pwEX3PbL343+fr35jcedPjXnnjqyMlX/9PlLXfcfspL/+3sc2a88s2tBfP/WaXN/63/1/2ifdn1/yYUW/9vVrH1/zqs/wcAAPSqIgvNped5Bav3FWRIr95XkKHHBQJ7XGLQ+n87vf7f4tH/fv55P3q25aq3bptwybotXz7j5Sc3rH1qzqoTzv7+G623395aMP/vKG3+H18OA3Jb7yvr/zWOL1LVpTEwy8KAAAAA7I2K7SAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgo3XkqW+9e+GX/qFtyC9X3fD3N/2///t07fp7v/qV60f+atqfnl62btOVo87YtuCw805YuGjGv3SsXHvM6SFM6ypXlhQve+bSz9/fut8JT986ePPs626q31adqbcyc/vHebljq+/Xh7As55G6mHi9vvPOjsApJ98yv6Iz8WB9CAfnBqYvnr5PZ2JlfQhDcwN3n37Y4M7E4nSJdU8f/0Jn4tvpwInDPrGtM3F0JlCW7u7VA5PulqW7e8nAEAblBLLdPWtgflXZNk7IBMrTbayqS9qIgbpY9Kq6pI0YaI8lpvUPYXhFCP3SVf1zdVJVv3RVd1YnVfVLV3V+dQijQwgV6aqeqUqqqkiP/OGqpKoY2P+gG98c0plYXhXC8NzAY99aflRnYnYqkG38P1WF8JnOl0y68Z9UJo1Xphv/r5UhfDqEUJUu8U5FUqIqXeK5ihD2zQns2IgVIcwPfDzET5/JuQ/Omb9g+sT29rbZvZioyrRVE6ZMa29rmjSzfXJ1qk/FlOWkty/68GPf8ubCSZ23S1dPrSwlXZEpV9nV5SMq8+627O29j/2qza1kx/NRUH/MXxUGhP7z5rTNbjpn4ty5s0ckf0vNfkTyt18mmmyrEX1lWw3JrWT43Bmzhs+Zv2DYtBkTp7ZNbftuy5F/1jJq5MgvjBreOajm5O/uGOnyPT/ST1XkVLIn3v99IXHs3tENCYm9JFGe9+nWvLd/jhd80d/R0cpQ3fUBXTCtyM1S1jXK3THo4z7kiD/M15QeRzSiYOJQkOWInrO0FEwmdmSpSbJ0fa0rmBzm1lTetUnj/fLQ1NSv2HZoyL+bu3lf3YXN+2Rm05WaBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg/7MDBwIAAAAAQP6vjVBVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVWFHTgQAAAAAADyf22EqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqKuzAsQAAAACAMH/rMHo2AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBSAAAA//+/qhxI") r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0xc0241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000580)=ANY=[@ANYBLOB="034886dd0300800e030030000000600000000100290081e949b93897bc3b0000000000007d01ff020000000000000000000000000001"], 0xfdef) 16.136058745s ago: executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0xffffffff, 0x1, 0x1}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r0}, 0x38) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000940)={&(0x7f0000000640)='console\x00', r1}, 0x10) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'pim6reg0\x00', 0x2}) ioctl$TUNSETOFFLOAD(r2, 0x400454c9, 0x3) ioctl$TUNSETLINK(r2, 0x400454cd, 0x0) 15.835297702s ago: executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001140)={0x30, r1, 0x439, 0x0, 0x0, {{}, {@void, @val={0xc}}}, [@NL80211_ATTR_HE_OBSS_PD={0x10, 0x111, 0x0, 0x1, [@NL80211_HE_OBSS_PD_ATTR_PARTIAL_BSSID_BITMAP={0xc, 0x5, '\a\x00'}]}]}, 0x30}}, 0x0) 15.705263082s ago: executing program 3: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, 0x0) r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000180), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f0000000040)={{0x1}}) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_TEST(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={0x0}, 0x1, 0x0, 0x0, 0x50000000}, 0x20000000) ioctl$SNDRV_TIMER_IOCTL_STOP(r1, 0x54a1) capset(&(0x7f0000000100)={0x20080522}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x81, 0xfffffffb}) io_getevents(0x0, 0x0, 0x0, 0x0, 0x0) mount$tmpfs(0x0, &(0x7f0000000080)='./file0/../file0/../file0\x00', 0x0, 0x0, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setreuid(0x0, r4) r5 = syz_open_dev$tty1(0xc, 0x4, 0x1) init_module(0x0, 0x0, 0x0) fsetxattr$system_posix_acl(r5, &(0x7f0000000000)='system.posix_acl_access\x00', &(0x7f0000000600), 0x24, 0x0) r6 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0xb, 0x1c, &(0x7f00000004c0)=@ringbuf={{}, {}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r6}}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r6}, {}, {0x85, 0x0, 0x0, 0x8}}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 15.65570609s ago: executing program 3: syz_mount_image$fuse(0x0, &(0x7f0000000080)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') r0 = inotify_init1(0x0) fcntl$setown(r0, 0x8, 0xffffffffffffffff) fcntl$getownex(r0, 0x10, &(0x7f0000000380)={0x0, 0x0}) setpgid(0x0, r1) openat$binderfs(0xffffffffffffff9c, &(0x7f00000006c0)='./binderfs2/custom0\x00', 0x0, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) 15.540852418s ago: executing program 0: r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000020000000000000000ee000095"], &(0x7f00000002c0)='syzkaller\x00'}, 0x80) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xd, 0x0, &(0x7f0000000000)="259a53f271a76d2610054c6560", 0x0, 0x0, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) 15.424789416s ago: executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x3c, 0x10, 0x581, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_PROTO={0x5, 0x9, 0x89}]}}}]}, 0x3c}}, 0x0) 14.919205336s ago: executing program 0: bpf$PROG_LOAD(0x5, 0x0, 0x0) bind$bt_hci(0xffffffffffffffff, &(0x7f0000000040), 0x6) ftruncate(0xffffffffffffffff, 0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r1, &(0x7f0000000040)=ANY=[], 0x4240a2a0) socket(0x0, 0x3, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000940)={0x26, 'hash\x00', 0x0, 0x0, 'crct10dif-generic\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) splice(r0, 0x0, r3, 0x0, 0x1e8640, 0x0) 14.831949819s ago: executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) ioctl$UI_DEV_CREATE(r0, 0x5501) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_TID_CONFIG(r2, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000004fc0)={0x38, r1, 0x10ada85e65c25349, 0x0, 0x0, {{0x5}, {@val={0x8}, @val={0xc}}}, [@NL80211_ATTR_TID_CONFIG={0x10, 0x11d, 0x0, 0x1, [{0x5, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TX_RATE={0x8, 0xd, 0x0, 0x1, [@NL80211_BAND_2GHZ={0x4}]}]}]}]}, 0x38}}, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x864c42, 0x0) fallocate(r3, 0x0, 0x0, 0x10001) preadv2(r3, &(0x7f00000004c0)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/116, 0x74}], 0x3, 0x0, 0x0, 0x0) sendmsg$NL80211_CMD_NEW_STATION(r3, &(0x7f0000000340)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x50, r1, 0x100, 0x70bd29, 0x25dfdbfd, {{}, {@void, @void}}, [@NL80211_ATTR_STA_SUPPORTED_RATES={0x23, 0x13, [{0x6c, 0x1}, {0x48}, {0x43, 0x1}, {0x36}, {0x36}, {0x1}, {0xc}, {0x4e}, {0xb}, {0xb}, {0x60, 0x1}, {0x60}, {0x18}, {0x4}, {0x30}, {0x3, 0x1}, {0x2, 0x1}, {0xc, 0x1}, {0xc}, {0x1, 0x1}, {0x60}, {0x1, 0x1}, {0x2, 0x1}, {0x60, 0x1}, {0x16}, {0x2}, {0x30}, {0xc, 0x1}, {0x6, 0x1}, {0x12}, {0xb, 0x1}]}, @NL80211_ATTR_VLAN_ID={0x6, 0x11a, 0x2}, @NL80211_ATTR_STA_EXT_CAPABILITY={0xe, 0xac, "95d738203922d90e0541"}]}, 0x50}, 0x1, 0x0, 0x0, 0x4000094}, 0x8000) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000080)={{0xd8c, 0x9, 0x8000, 0xddf6}, 'syz1\x00', 0xa}) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) writev(r0, &(0x7f0000000300)=[{&(0x7f0000000200)="b20b0b64a12b8587108cdb10ab38198a9b75ba4b98f40048cdb263ab9e24328b06403132cef69c8b5f6e182c660723f1b05ff63010c921bccc5c4b441ba9c55f516e7a2f8154", 0x45c}, {&(0x7f0000000280)="f907700b32880c95bb8e3787b0576f2b12f6540c73202b4f8fc9c0e2d8e23c747f2d7f1d4bffa5cb6d7a885f681a2f84f114ee2a2606af36f9bf139bb672c16eb952efec18f7287ba2b1ea125ff0d3e5d0e504f1678a4b24e3c8733883cf039e392bbb7995fdf0f031360284e15ce1eff7e40c47822dae245a89ad7c75ec", 0x7e}, {&(0x7f0000000800)="4e454de6695c7e5d2dd3a2a040cb82acbf452d85aedfe25e3a55951adf8b9902ab2a50c3a0fc95a5719fe2a0835994b34aecf5693f446d2147ea5da525be28b980bcc04eb61264916548b822cb8d114ecf4812e9812ea23589f33dd766b2821ee49df408a0a025cfbc64273d42253fbd57047f1469576cd669fdf92105dae1f2c6f465cc5720c7ed9845ac262332504d3a207a9f75a3a1af7cf10752561f1d64885436527c92a7e4f7479755dd5230df3c37f9b9488823639fc0152b83fdbccb32b77114e343c1b747b9fccdd5d6b1a9bfc0cba568876e711cd3fa20cde2c65556aac620b9590c9b4295", 0xea}], 0x3) 14.756700901s ago: executing program 3: syz_mount_image$btrfs(&(0x7f0000000100), &(0x7f0000005140)='./file0\x00', 0x0, &(0x7f0000000200)={[{@compress}]}, 0x1, 0x50ed, &(0x7f0000005180)="$eJzs3U+IVWUfB/Dnzp1x5lVw7isEtsoikGrh4CYioqtMUFF0y8VgBE4tgnThJEi0EMQW/Vt4S4paSK6kFsksjKA2LqQwArehYS7cKAaSi3Yac8957pz7HO+5d0ZtTD8fmTnnOb/zPOe5l7O43+uccwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACEEF74/bNDVfVT16bPnJtp7jywZebyvul1p0OodbbX8vqOrc++8ua2HS9OxA6zL2fLRqPfkFnX81ljVc/GhX69P6+HEMaSAer58pk1pVGLq3vKA1a6fnH30U17mxuPH27Xr146e7L80lkwsdITWCn5eXVh8Vxqdn6PJHt024VTr9Zzimb90xPuX3kRAMCSTLU6i+7H0fwjbre9P60n7WbSbift+AmhXWwsRzbuqn7z3JDWV2iezSwqjPedZ1LP3/9uu5X2T9pJ1FjCPHt3zSPNRL95ziX1lZonAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJ3kkbdHH6qqn7o2febcTHPngS0zl/dNrzsdQqOzvZaVa6vfP9z869utxw78uPmr4xeef6ye94vL0cLO4be48sRkCG8UKhfisBfXhtDqLXSa4cty4a3OynOxAAAAwN3k/s7vkW47i4NjPe1aJ03WOv+iLCxev7j76Ka9zY3HD7frVy+dPbn88Vp9xmvecLxuu7H4UysE4xh/0/EW63HXPaVxqqUjpnn+8fNTf1f1L+X/RnX+j++c/A8AAMDNkP/TcaoNyv/fvfbHJ1X9S/l/Q88hS/k/zjjm/5GwvPwPAAAAd7Lbnf+bpXGqDcr/4y+NfV3Vv5T/p4bL/6PFaceNv8YJ75oMYWrQ1AEAAIA+4v+7L361EPN69s1BmtefevTguarxSvm/OVz+H7ulrwoAAAC4GUe+2P5wVb2U/1vD5f/x2zprAAAAYCne+XDig6p6Kf/PDpf/V+fL/MqHrNNP8a8QDk2GMLGwMpcVfg7tp7sFAAAA4BaJOf3PT3f+ULVfKf/PVd//P97pIF7/33P/v9L1/4VCdte/J90YAAAAgHtR+Xr+eHv87MkF/Z6/P+z1/w/87+CrVccv5f/9w+X/enF5K5//BwAAAMvwX3v+3/bSONUG3f//vo/e/aWqfyn/t4fL/3G5pvjyTsT3573JENYvrOR3E/wmHm5XUpgfKxQ6WkmPbbFHXpgfLxQ65pIemydDeHBhZX9S+H8stJPClbV54UhSOB0L+fnQLRxLCifimfb52ny6aeH7WMgvsJiPV1Cs6V4SkfS42q/HQuGGPc52Dw4AAHBPieE5z7Jjvc2QRtn52qAdVg/aYWTQDvVBO4wmO6Q79tseZnsLcXv7zMalPf//yHD5P74Vq7JFv+v/Q7z+P3+uYff6/9lYaCSF+VhopXcMaMVjZGH343iMRivvcWV9twAAAAB3tfi9QH2F5wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAP+zda4xc1X0A8LPP8T68XkiqEBolm6TGcROv1zaQqKXKmlI1IqVZNxRURRQbe00WL9ixTYlRiIxNRCMEpQ1S8qEIoyiq+QC1AhFJAeEixREqj4iqKIBAoTVEQaSUJCJNkEI1e++ZvXPuzsOPNV76+0neOTP/87zz8Jx775wLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPD/w8GvXPO3zeKP/va8Z1+4ePyKPWsvfvW68059MoSJmcc7snBH/423j//87nPv2fPA6jvuO3z+R3vzcnk8DFT/dOZ3boi1Hl4cwv0dIXSngRWDWaAnvz8Y63vfYAinhNlArcRkf1YibTh8vy+EfWE2UKvqe30hDBYCFz71yMM3VxO39YWwNIRQSdt4vpK10ZcGzujNAv1pYGt3FvjVW5la4LudWQCOWXwz1F70BybqMwzPXa7B66/nuHXs7ZUOrysmhhvn+9naee5UQW/6wMQxPW2l6pgXpbfHQe+2BfBuK23nWz1txS9S+TeUt2ZDldC5aXLzhqund8ZHOsPoaFejmubpeX7m9S9tPJL0gnkdxg4MH5fX4S1PLL27a/kFj9+3YunL+z+295Vj7eaPCpu0mJ5vlZC/5hbM8xiN+zxZAG+/0rekEV+6QgibP/97n2kWL83/h5vP/+PLOd521uWOtb45lM3N4yODMfHaUDY3BwAAgAVjIew13Tr60Cea1Vea/4+0d/w/HvLPJ/PZaA+GMD6T2LskhNNmHs8Cd8XmLlsSwgdnUhP1gbVJ4GAI751JLK9VlZRYFEuMJIGfDOWB8SRwKAYmksC3YuDWJHBDDBxIAhtj4GASODcGwlT9OH5/KB9H24G+GFifbcQD8SyEXwzF1pJt9VytKgAAgOMknx321N8tnOtwrBni9PJAX6sM8QzshhkqSQ3pDLY2rWpYQ3erGjpb1VAb9+7mwy/V3NGq5tJpGB31GW7/5d98NjRRmv+PNZ//V+boSEfp+H8I62b+xtydeWS6Fl8/UZcBAAAAOAYD//viN5vFS/P/8fbO/4/7RLoKmcNjcTfEliUhjNUHsmr/sBzIjnoP5AEAAABYCGrH42vHwqfy2+wU7XQ+Xc4/cYT544H/8Tnz9x58cH2z/pbm/xPtnf/fX3+bdeJQ7MXXloSwqBD4QexlNTBjJAZ+/Mn6QD7+Q3ED3BSryk9MqFV1UyyxPgbGksC+RiV+WCtxWn0gf7Jqje+tjWMqL1EIAAAAwAkXdwfE4/Lx/P8P/Wb1Nc3Kleb/64/s/P+ZeXDp9P7pgRBWdofQlf4w4LH+bGHAGBjsyBMP9Wd1daVVXd8fwjnVgaVVvZiv/9+drjH4VF9WVQyc9qH9r59RTXyzL4SVxcDTn7vzrGpiZxKoNf6XfSF8oDratPHvLMoa70kb//qiEN5fCNSqumxRCNXGetOqHqnk1zFIq/rnSgjvKgRqVZ1dCWFXAGCBiv+Vbio+uGPXtVs2TE9Pbp/HRNyH3xc2T01Pjm7cOr2p0qBPm5I+1y1jdH15TO1e+ea5fImii+5dN9hOuvY7wbFiW/l+/NKJg/n9+F2oZ2acq3vq7q5Jh/yRD5ebCIVvUo2G3DnPQ+4vVjL7JJbqj/l7w0BYdPWOye2jX9ywc+f2VdnfdrOvzv7Gw0zZtlqVbqv+ufrWxsuj4WpZiaPdVsuKlazceeW2lTt2Xbti6soNl09ePnnVqrNXj505tmbs42eurI5qLPvbYqjL5qo6Gepbd7Y5ruM41NO7C5WciE8NCQmJhZbYOrCs6f/Jpfn/tubz//ipEz/58/UZGh3/H46H+bPHZw/zr4+Bfe0e/x9udDS/dmLASBLYHQO7HeYHAADgnSFO8uPezLhX+qfLv/Nys3Kl+f/u9n7/f5zW/68tXX9+o2X+l8cSY43W/0+X+a+t/7+70fr/6TL/tfX/970N6/9fXQskm+QX1v8HAADeCU7c+v8tl/dPLxBQytByef/0AgGlDC2X8W/3AgFHvP7/8//5V/8dmijN/29tb/5v4X4AAAA4eXz5z675nWbx0vx/X3vz/xO//l9odP7/SKPARKOFAa3/BwAAwALVaP2/4Rv7L21WrjT/P9De/D+edtFZlzvW+uZQtqZdSNe0e22o9pMBAAAAWBg6w+hoT5t561ZGXXv0bT6TLwXaLF304p8cPrLz/w+2N/+v+13GLU8svbtr+QWPv3nfiqUv7//Y3ldmj/8DAAAA86fd/RIAAAAAAAAAAAAAAMDb78X/2LOmWbz0+/+wbubxRr//j9f9i78veHdd7lhr6/X/8vsXfvqeXTNLFj42FMKHi4Ete7acEvJr8y8rBh6+ZPl7qok9aYkHXzj3pWri0jTwqRWnvlFNnJME1sdFEt+bBuJVFd9YnATi8or/ngbi9jiQBnrzwFcXZ+PoSLfVTwezbdWRbqtnB0NYUgjUttX9g1kbHekAb0sCtQF+IQ3EAf55HuhMe3XPQNarGBiMRe8YyHoFAMBJK34L7Ambp6Ynx+JX+Hh7enf9bVS3ZNn15Wo72mz+uXxpsovuXTfYTror/S46e63xnlCpDmFV6etqMUvHzCiPTy0tNt27Gwy51WpvnQ3KpY500/U2HlFfNqLRjVunN/W0HPia1llWd7fMsqo02Slm6ZzZpG3U0kZf2hhRm9umjS7H+51hdLQryfUHMTgc6rR6RbT7e/3iOn+NXgXFPFcd3vurZvWV5v/D7c3/K8VxvZFfDGB3vLLe3y2xzD8AAADMr6+u/fU34r/P3vjo083ylub/I+3N/+MerPxQcLa342C8/v/eJSHMXFp/OAvcFZu7bEkIH5xJTcQS2QX1z48lxrLAXXGHyfJYYv1EfVWLYuBAEvjJUB44mAQOxUC+l2J/yHfl/P1QCGfNpNbVl9gWSwwngc/EwEgSGI2BsSSwOAbGk8Cri/PARBL4txgIU/Xb6t7F+bYCAAA4Evk8q6f+bkjneQe6W2XoaJWhv1WGzlYZKq0yNBpFvP/tmKEnOXmlo5CpJ621L6mllCFeDP+I+1XKEH5YnzMtWGo6nn9QO9+goz7DA5/oroQmSvP/sfbm//31t1nrh+L8f/b6f1ngB7F7X4unjo/EwI8/WR/IdwwcipPdm2pVTeQl8kn7TbHEeAyMJIFtMTCeBNavywP73lMfyGfatcb31hqfyksUAgAAAHDCxR0EcTdNnP/fseMrA83Kleb/4+3N/2N7A8XGboi1Hl4cwv0ds72pBVYMZoG4H2Mw/jz+fYMhnFLYwVErMdmflehNGg7f78t+od6bVvW9vuzHB/H+hU898vDN1cRtfSEsLex9qbXxfCVroy8NnNGbBfrTwNbuLBD3/NQC3+3MAnDMansF4wsqP9WlZnjucg1ef++Ua4KmwyvtA50j31y/uZovpR2u+T7VmiN72pruv+W4Kb09Dnq3LcR327B3W/GLVP4N5a3ZUCV0bprcvOHq6Z3xkeIvWUvm6Xku/kq1nfRxeB3uPvretlZJOzCWfHyMzV1u7tdhR6zulieW3t21/ILH71ux9OX9H9v7StvdaCD+UPiR6/518EeFzTvfKiF/zS24z5MJnycL8b+BEU9bCGHdq1+/qVm8NP+faG/+353czvh13Jg7loTwkcLGfSxu/j9ekn0OFgLZp+S7yoHskPt/DTX85AQAAIDjrba7o7a/YCq/zU4IT+fJ5fwTR5g/7q8YnzN/u/3u/+tLljaLl+b/65vP/xcl3XT83/F/5onj/3M62XdFL0of2H1Mu6JL1TEvHP+f08n+bnP8f06O/zv+PxfH/1tw/H9OJ/vTVvqWtM2XrhDCy3/00LPN4qX5/7b25v/W/5t70b7a+n/rG63/t63R+n+7rf8HAADMqwYLzaXzvNLqfaUM6ep9pQwtFwhsucSg9f+OeP2/l05//jehidL8f3d78//4chgotr5Q1v8bWdegqltjYJuFAQEAADgZNdpBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwNvrgX/4n03N4o/+9rxnX7h4/Io9ay9+9brzTn0yhKmZxzuycEf/jbeP//zuc+/Z88DqO+47fP5HK3m5nvz2d+tyx1rfHAphX+GRwZh4bah6ZzZw4afv2dVdTTw2FMKHi4Ete7acUk18ayiEZcXAw5csf081sSct8eAL575UTVyaBj614tQ3qolz8kBH2t1/XJx1tyPt7s2LQ1hSCNS6e8Xi+qpqbfxpHuhM2/inwayNGBiMRb8xmLURA9OxxNSiEFZ2h9CVVvVoJauqK63qXypZVV1pVV+uhHBOCKE7reqF3qyq7nTkT/ZmVcXAaR/a//oZ1cS+3hBWFgNPf+7Os6qJLySBWuN/0RvCB6ovmbTxb/dkjfekjd/WE8L7Qwi9aYlfdmcletMSL3aH8K5CoNb457tD2BV4R4gfPnWfaDt2Xbtlw/T05PZ5TPTmbfWFzVPTk6Mbt05vqiR9aqSjkH7r+qMf+3Ovf2lj9faie9cNtpPuzsv1zHR5dU/d3TUne+9jv/qLlcw+H6X6Y/7eMBAWXb1jcvvoFzfs3Ll9Vfa33eyrs79deTTbVqsWyrZaVqxk5c4rt63csevaFVNXbrh88vLJq1advXrszLE1Yx8/c2V1VGPZ3+Mx1DtP/FBP7y5UciI+ACQkJBZaorPu023sZP8gL33Rn+1oT6jMfECXphXFLB0zozweg157lCM+mu8pLUe0qjRxKGVZ3TrLmtJkYjZLX5Zl5ntdaXJYrKlzZpPG+51hdLSr0XYYrr9b3Lw/O4bN+0y+6dpNAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwf+zAgQAAAAAAkP9rI1RVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVhBw4EAAAAAID8XxuhqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqCjtwLAAAAAAgzN86jJ4NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALgUAAD//wNUIwc=") open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f00000006c0)={0x0, 0x4}) 14.748133923s ago: executing program 4: syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000ff4ae0086d04dd08f4ff080203010902120001000000000904"], 0x0) 14.292179754s ago: executing program 2: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x10001, 0x9, 0x1}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000001540)=""/155}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r1}, 0x10) rt_sigpending(0x0, 0x0) 14.202867728s ago: executing program 2: syz_open_dev$MSR(&(0x7f0000001180), 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') writev(r0, &(0x7f000001a580)=[{&(0x7f0000019180)='O', 0x1}], 0x1) 14.117147032s ago: executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_TYPE(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x34, 0xd, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_TYPENAME={0xe, 0x3, 'bitmap:ip\x00'}]}, 0x34}}, 0x0) 14.008073809s ago: executing program 2: r0 = socket(0x11, 0x800000003, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000600)={'team0\x00', 0x0}) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000340)=@newqdisc={0xa4, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x74, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [], 0x0, [0x8, 0x4], [0x0, 0x8]}}, @TCA_TAPRIO_ATTR_SCHED_CLOCKID={0x8}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x10, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x800}]}]}]}}]}, 0xa4}}, 0x0) 14.004670739s ago: executing program 0: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18"], 0x0}, 0x90) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'netdevsim0\x00', 0x0}) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x1, 0x3, 0x261, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', r1}, 0x48) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000001400)={r2, &(0x7f0000000000), &(0x7f0000001440)}, 0x20) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000d80)={{r2}, &(0x7f0000000d00), &(0x7f0000000d40)='%+9llu \x00'}, 0x20) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000040)={r2}, 0x20) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000280)={r2, &(0x7f00000001c0), 0x0}, 0x20) 13.369395099s ago: executing program 2: syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f0000000740)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, &(0x7f00000006c0), 0xfe, 0x246, &(0x7f0000000ac0)="$eJzs3T9oM2UcB/DvXRJf+75BXnURxD8gIloor5vg8rooFKQUEUGFioiL0gq1xa1xcnHQWaWTSxE3q6N0KS6K4FS1Q10ELQ4WBx0iybVS24ja1Jz0Ph+43l3vee73HLnvkyyXBGisq0muJ2klmU7SSVIcb3B3tVw93F2f2l5I+v0nfiqG7ar9ylG/K0l6SR5KslUWeamdrG4+s/fLzmP3vbnSuff9zaenJnqRh/b3dh8/eG/ujY9mH1z94qsf5opcT/dP13X+ihH/axfJLf9Fsf+Jol33CPgn5l/78OtB7m9Ncs8w/52UqV68t5Zv2OrkgXf/qu/bP355+yTHCpy/fr8zeA/s9YHGKZN0U5QzSartspyZqT7Df9O6XL68tPzq9ItLK4sv1D1TAeelm+w++smlj6+cyP/3rSr/wMU1yP+T8xvfDrYPWnWPBpiIO6rVIP/Tz63dH/mHxpF/aC75h+aSf2gu+Yfmkn9oLvmHC6xztNEbeVj+obnkH5pL/qG5jucfAGiW/qW6n0AG6lL3/AMAAAAAAAAAAAAAAAAAAJy2PrW9cLRMquZn7yT7jyRpj6rfGv4ecXLj8O/ln4tBsz8UVbexPHvXmCcY0wc1P31903f11v/8znrrry0mvdeTXGu3T99/xeH9d3Y3/83xzvNjFviXihP7Dz812fon/bZRb/3ZneTTwfxzbdT8U+a24Xr0/NM9/hXLZ/TKr2OeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIn5PQAA//8PK23M") creat(&(0x7f0000000e00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x1) link(&(0x7f0000001240)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000bc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') rename(&(0x7f0000000600)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000f40)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') r0 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) getdents(r0, &(0x7f0000000000)=""/149, 0x95) socket$igmp(0x2, 0x3, 0x2) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0) syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r2}, 0x10) setsockopt$IP_VS_SO_SET_STARTDAEMON(0xffffffffffffffff, 0x0, 0x60, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) lseek(r0, 0x7ff, 0x1) getdents64(r0, 0x0, 0x10) 13.286121952s ago: executing program 0: r0 = creat(&(0x7f00000005c0)='./file0\x00', 0x0) close(r0) r1 = socket$xdp(0x2c, 0x3, 0x0) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$XDP_RX_RING(r1, 0x11b, 0x2, &(0x7f00000002c0)=0x100, 0x4) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000280)={'batadv_slave_1\x00', 0x0}) setsockopt$XDP_UMEM_FILL_RING(r1, 0x11b, 0x5, &(0x7f0000000140)=0x1, 0x4) r4 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_COMPLETION_RING(r1, 0x11b, 0x6, &(0x7f00000001c0)=0x100, 0x4) setsockopt$XDP_UMEM_REG(r4, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c) setsockopt$XDP_UMEM_COMPLETION_RING(r4, 0x11b, 0x6, &(0x7f0000000080)=0x1, 0x4) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$XDP_RX_RING(r4, 0x11b, 0x2, &(0x7f0000001980)=0x100, 0x4) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r5, 0x8933, &(0x7f0000000580)={'batadv_slave_0\x00', 0x0}) setsockopt$XDP_UMEM_FILL_RING(r4, 0x11b, 0x5, &(0x7f0000000300)=0x1, 0x4) bind$xdp(r4, &(0x7f0000000100)={0x2c, 0x0, r6}, 0x10) bind$xdp(r1, &(0x7f0000000240)={0x2c, 0x1, r3, 0x0, r4}, 0x10) r7 = socket$packet(0x11, 0x2, 0x300) mount$9p_fd(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000000000)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r7}}) syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), r0) 10.078046596s ago: executing program 4: syz_mount_image$fuse(0x0, &(0x7f0000000080)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') r0 = inotify_init1(0x0) fcntl$setown(r0, 0x8, 0xffffffffffffffff) fcntl$getownex(r0, 0x10, &(0x7f0000000380)={0x0, 0x0}) setpgid(0x0, r1) openat$binderfs(0xffffffffffffff9c, &(0x7f00000006c0)='./binderfs2/custom0\x00', 0x0, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) 10.076763247s ago: executing program 4: r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'ip6_vti0\x00', 0x0}) sendto$packet(r0, &(0x7f00000000c0)="3f050e0029e9120006001e0089e9aaa911d7c229", 0x14, 0x0, &(0x7f0000000540)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @multicast}, 0x14) 10.021131185s ago: executing program 2: r0 = fsopen(&(0x7f0000000200)='mqueue\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) mknodat(r1, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0) renameat2(r1, &(0x7f0000000040)='./file0\x00', r1, &(0x7f0000000100)='./file1\x00', 0x4) symlinkat(&(0x7f0000000240)='./file1\x00', r1, &(0x7f0000000280)='./file1\x00') mkdirat(r1, &(0x7f0000000000)='./file0\x00', 0x0) getsockopt$EBT_SO_GET_INIT_ENTRIES(r1, 0x0, 0x83, &(0x7f0000000140)={'broute\x00', 0x0, 0x4, 0xc9, [0x200, 0x9, 0xfffe0, 0x2, 0xd8, 0x1], 0x1, &(0x7f0000000000)=[{}], &(0x7f0000000040)=""/201}, &(0x7f00000001c0)=0x78) set_mempolicy_home_node(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x0, 0x0) 9.999482169s ago: executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112}) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x2, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="e80000006c00010029bd7000fcdbdf2500000000", @ANYRES32, @ANYBLOB="001000008000000008000f002000000014003500726f7365300000000000000000000000a40034801400350070696d367265673000000020000000001400350076657468305f6d614176746170000000140035006d61637674617030020000000000000014003500677265300000000000000000000000001400350076657468305f746f5f626174616476001400350001657468315f6d6163767461700000001400350067726530000000000000000000000000140035006261746164765f736c6176655f31000008000f"], 0xe8}}, 0x0) close(r0) 9.940469778s ago: executing program 0: pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, 0x0, &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x0) splice(r0, 0x0, r2, 0x0, 0xfdef, 0x0) mount$9p_fd(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000280), 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) 0s ago: executing program 4: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000000c0), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000300)={{0x0, 0x2}}) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f00000003c0)={0x0, 0x0, 0x0, 'queue0\x00'}) unshare(0x2040400) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r1, 0x40605346, &(0x7f0000000280)={0x0, 0x0, {0x3}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r0, 0x40505412, &(0x7f0000000340)) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) kernel console output (not intermixed with test programs): [ 211.798714][ T7637] device veth1_vlan entered promiscuous mode [ 211.854895][ T4883] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 211.866679][ T4883] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 211.881868][ T4883] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 211.896915][ T4883] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 211.908083][ T7637] device veth0_macvtap entered promiscuous mode [ 211.914754][ T3577] Bluetooth: hci0: command tx timeout [ 211.955221][ T7637] device veth1_macvtap entered promiscuous mode [ 212.015196][ T7637] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 212.062426][ T7637] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 212.112324][ T7637] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 212.142471][ T7637] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 212.172267][ T7637] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 212.192319][ T7637] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 212.235755][ T7637] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 212.276182][ T7637] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 212.298875][ T7637] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 212.337986][ T4922] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 212.352870][ T4922] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 212.380480][ T4922] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 212.400651][ T4922] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 212.445989][ T7637] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 212.479576][ T7637] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 212.524693][ T7637] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 212.548863][ T7637] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 212.577043][ T7637] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 212.611936][ T7637] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 212.638900][ T7637] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 212.649660][ T7894] netlink: 'syz-executor.2': attribute type 7 has an invalid length. [ 212.672080][ T7637] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 212.691555][ T7881] kvm: emulating exchange as write [ 212.706588][ T7637] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 212.728271][ T7896] loop3: detected capacity change from 0 to 1024 [ 212.758905][ T5031] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 212.776554][ T5031] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 212.806032][ T7637] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 212.838135][ T7637] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 212.868767][ T7637] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 212.878895][ T7902] trusted_key: encrypted_key: hex blob is missing [ 212.910335][ T7637] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 212.929766][ T3979] hfsplus: b-tree write err: -5, ino 4 [ 213.037804][ T7900] loop2: detected capacity change from 0 to 1764 [ 213.047216][ T7900] ISOFS: unable to read i-node block [ 213.052969][ T7900] isofs_fill_super: get root inode failed [ 213.078802][ T7911] loop3: detected capacity change from 0 to 256 [ 213.427024][ T27] audit: type=1326 audit(2000000032.187:453): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7922 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f69c5a7cee9 code=0x0 [ 213.450051][ T27] audit: type=1800 audit(2000000032.217:454): pid=7920 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz-executor.2" name="/" dev="fuse" ino=1 res=0 errno=0 [ 213.503486][ T7926] loop2: detected capacity change from 0 to 1024 [ 213.511298][ T7926] EXT4-fs (loop2): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors [ 213.522965][ T7926] EXT4-fs (loop2): ext4_check_descriptors: Block bitmap for group 0 not in group (block 2)! [ 213.535025][ T7926] EXT4-fs (loop2): group descriptors corrupted! [ 213.796437][ T7905] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 213.854381][ T3764] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 213.879826][ T3764] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 213.892282][ T22] usb 3-1: new full-speed USB device number 9 using dummy_hcd [ 213.941139][ T4026] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 213.952777][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 213.971693][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 213.993835][ T3577] Bluetooth: hci0: command tx timeout [ 214.005205][ T5033] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 214.040948][ T7932] loop4: detected capacity change from 0 to 4096 [ 214.050184][ T7932] ntfs3: loop4: Different NTFS' sector size (1024) and media sector size (512) [ 214.275758][ T7941] loop1: detected capacity change from 0 to 1024 [ 214.572990][ T22] usb 3-1: config 1 has an invalid descriptor of length 64, skipping remainder of the config [ 214.689441][ T22] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 214.820426][ T3715] hfsplus: b-tree write err: -5, ino 4 [ 214.992531][ T22] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 215.001594][ T22] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 215.037420][ T22] usb 3-1: Product: syz [ 215.041670][ T22] usb 3-1: Manufacturer: syz [ 215.063558][ T22] usb 3-1: SerialNumber: syz [ 215.112801][ T7930] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 215.187780][ T27] audit: type=1804 audit(2000000033.947:455): pid=7968 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir723906268/syzkaller.Laz5S2/4/file0" dev="sda1" ino=1966 res=1 errno=0 [ 215.266947][ T7971] loop4: detected capacity change from 0 to 256 [ 215.289598][ T7971] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 215.310601][ T27] audit: type=1326 audit(2000000034.067:456): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7972 comm="syz-executor.3" exe="/root/syz-executor.3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe1f507cee9 code=0x0 [ 215.339233][ T7971] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 215.363655][ T22] usb 3-1: selecting invalid altsetting 1 [ 215.392380][ T22] cdc_ncm 3-1:1.0: bind() failure [ 215.444741][ T22] hub 3-1:1.1: bad descriptor, ignoring hub [ 215.450799][ T22] hub: probe of 3-1:1.1 failed with error -5 [ 215.461214][ T7978] loop0: detected capacity change from 0 to 2048 [ 215.475217][ T7978] EXT4-fs error (device loop0): ext4_orphan_get:1422: comm syz-executor.0: bad orphan inode 8192 [ 215.496823][ T7978] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 215.498520][ T22] usb 3-1: USB disconnect, device number 9 [ 215.646941][ T7041] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2213: inode #15: comm syz-executor.0: corrupted in-inode xattr [ 215.669922][ T7041] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2213: inode #15: comm syz-executor.0: corrupted in-inode xattr [ 215.965597][ T7041] EXT4-fs (loop0): unmounting filesystem. [ 216.043758][ T7994] loop2: detected capacity change from 0 to 4096 [ 216.054185][ T3715] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 216.076888][ T7994] ntfs3: loop2: Different NTFS' sector size (1024) and media sector size (512) [ 216.166337][ T3715] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 216.331568][ T3715] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 216.345643][ T7997] loop3: detected capacity change from 0 to 512 [ 216.364629][ T7997] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2802e028, mo2=0002] [ 216.378195][ T7997] System zones: 1-12 [ 216.386154][ T7997] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #11: comm syz-executor.3: invalid indirect mapped block 8 (level 2) [ 216.406280][ T7997] EXT4-fs (loop3): Remounting filesystem read-only [ 216.421336][ T7997] EXT4-fs (loop3): 1 truncate cleaned up [ 216.569180][ T7997] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 216.728598][ T3715] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 217.098606][ T6209] EXT4-fs (loop3): unmounting filesystem. [ 217.129288][ T8002] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 217.184452][ T8004] input: syz0 as /devices/virtual/input/input8 [ 217.220002][ T8006] loop3: detected capacity change from 0 to 256 [ 217.244225][ T8006] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 217.275994][ T8006] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 217.431973][ T8011] loop2: detected capacity change from 0 to 1024 [ 217.448107][ T8009] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 217.479366][ T3576] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 217.480895][ T8011] EXT4-fs (loop2): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors [ 217.502920][ T3576] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 217.510909][ T8011] EXT4-fs (loop2): ext4_check_descriptors: Block bitmap for group 0 not in group (block 2)! [ 217.521386][ T3576] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 217.531859][ T3576] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 217.539630][ T3576] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 217.548881][ T3576] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 217.595872][ T8011] EXT4-fs (loop2): group descriptors corrupted! [ 217.603424][ T8019] netlink: 'syz-executor.3': attribute type 7 has an invalid length. [ 218.212385][ T26] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 218.443796][ T8014] chnl_net:caif_netlink_parms(): no params data found [ 218.622542][ T8028] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 218.685582][ T8032] loop3: detected capacity change from 0 to 4096 [ 218.725404][ T8032] ntfs: (device loop3): check_mft_mirror(): Incomplete multi sector transfer detected in mft mirror record 0. [ 218.742425][ T8032] ntfs: (device loop3): load_system_files(): $MFTMirr does not match $MFT. Mounting read-only. Run ntfsfix and/or chkdsk. [ 218.755454][ T3715] device hsr_slave_0 left promiscuous mode [ 218.776475][ T8032] ntfs: (device loop3): ntfs_read_locked_inode(): $DATA attribute is missing. [ 218.779304][ T8040] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 218.785464][ T8032] ntfs: (device loop3): ntfs_read_locked_inode(): Failed with error code -2. Marking corrupt inode 0xa as bad. Run chkdsk. [ 218.785523][ T8032] ntfs: (device loop3): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 218.801135][ T3715] device hsr_slave_1 left promiscuous mode [ 218.827682][ T8032] ntfs: volume version 3.1. [ 218.838198][ T3715] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 218.856540][ T3715] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 218.893597][ T3715] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 218.921854][ T3715] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 218.946549][ T3715] device bridge_slave_1 left promiscuous mode [ 218.960890][ T3715] bridge0: port 2(bridge_slave_1) entered disabled state [ 219.003855][ T3715] device bridge_slave_0 left promiscuous mode [ 219.013433][ T3715] bridge0: port 1(bridge_slave_0) entered disabled state [ 219.059131][ T3715] device veth1_macvtap left promiscuous mode [ 219.065940][ T3715] device veth0_macvtap left promiscuous mode [ 219.094056][ T3715] device veth1_vlan left promiscuous mode [ 219.100024][ T3715] device veth0_vlan left promiscuous mode [ 219.100229][ T8051] loop1: detected capacity change from 0 to 512 [ 219.122099][ T8051] EXT4-fs: Ignoring removed nobh option [ 219.164858][ T8051] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -13 [ 219.174120][ T8051] EXT4-fs error (device loop1): ext4_clear_blocks:883: inode #13: comm syz-executor.1: attempt to clear invalid blocks 2 len 1 [ 219.190465][ T8051] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters [ 219.207344][ T8051] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #13: comm syz-executor.1: invalid indirect mapped block 1819239214 (level 0) [ 219.224059][ T8051] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #13: comm syz-executor.1: invalid indirect mapped block 1819239214 (level 1) [ 219.239920][ T8051] EXT4-fs (loop1): 1 truncate cleaned up [ 219.245879][ T8051] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 219.531401][ T8065] EXT4-fs error (device loop1): ext4_find_dest_de:2112: inode #2: block 13: comm syz-executor.1: bad entry in directory: rec_len % 4 != 0 - offset=108, inode=4294901777, rec_len=65535, size=1024 fake=0 [ 219.602521][ T3576] Bluetooth: hci1: command tx timeout [ 219.715789][ T8066] EXT4-fs error (device loop1): ext4_find_dest_de:2112: inode #2: block 13: comm syz-executor.1: bad entry in directory: rec_len % 4 != 0 - offset=108, inode=4294901777, rec_len=65535, size=1024 fake=0 [ 220.225133][ T7637] EXT4-fs (loop1): unmounting filesystem. [ 220.320950][ T8079] loop1: detected capacity change from 0 to 128 [ 220.368962][ T3715] team0 (unregistering): Port device team_slave_1 removed [ 220.393788][ T3715] team0 (unregistering): Port device team_slave_0 removed [ 220.416937][ T3715] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 220.441583][ T3715] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 220.483464][ T8086] loop2: detected capacity change from 0 to 4096 [ 220.504536][ T8086] ntfs: (device loop2): check_mft_mirror(): Incomplete multi sector transfer detected in mft mirror record 0. [ 220.521710][ T8086] ntfs: (device loop2): load_system_files(): $MFTMirr does not match $MFT. Mounting read-only. Run ntfsfix and/or chkdsk. [ 220.535867][ T8086] ntfs: (device loop2): ntfs_read_locked_inode(): $DATA attribute is missing. [ 220.547981][ T8086] ntfs: (device loop2): ntfs_read_locked_inode(): Failed with error code -2. Marking corrupt inode 0xa as bad. Run chkdsk. [ 220.561721][ T8057] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 220.581851][ T8086] ntfs: (device loop2): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 220.624454][ T8086] ntfs: volume version 3.1. [ 220.667020][ T8094] loop3: detected capacity change from 0 to 1024 [ 220.690901][ T3715] bond0 (unregistering): Released all slaves [ 220.834287][ T8091] device syzkaller0 entered promiscuous mode [ 220.904829][ T3764] hfsplus: b-tree write err: -5, ino 4 [ 220.964230][ T8107] mmap: syz-executor.2 (8107) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 221.045634][ T8014] bridge0: port 1(bridge_slave_0) entered blocking state [ 221.058296][ T8014] bridge0: port 1(bridge_slave_0) entered disabled state [ 221.070377][ T8014] device bridge_slave_0 entered promiscuous mode [ 221.086634][ T8014] bridge0: port 2(bridge_slave_1) entered blocking state [ 221.106913][ T8014] bridge0: port 2(bridge_slave_1) entered disabled state [ 221.120948][ T8014] device bridge_slave_1 entered promiscuous mode [ 221.192613][ T8014] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 221.218260][ T8014] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 221.290802][ T8014] team0: Port device team_slave_0 added [ 221.296908][ T4922] usb 4-1: new full-speed USB device number 9 using dummy_hcd [ 221.311902][ T8014] team0: Port device team_slave_1 added [ 221.337106][ T8014] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 221.344976][ T8014] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 221.373365][ T8014] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 221.385648][ T8014] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 221.392642][ T8014] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 221.418840][ T8014] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 221.480679][ T8014] device hsr_slave_0 entered promiscuous mode [ 221.497757][ T8014] device hsr_slave_1 entered promiscuous mode [ 221.512803][ T8014] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 221.529518][ T8014] Cannot create hsr debugfs directory [ 221.678404][ T3576] Bluetooth: hci1: command tx timeout [ 221.782520][ T4922] usb 4-1: config 1 has an invalid descriptor of length 64, skipping remainder of the config [ 221.808845][ T4922] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 221.850473][ T8130] binder: transaction release 41 bad object at offset 16, size 72 [ 221.896892][ T8128] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 222.002454][ T4922] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 222.021568][ T4922] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 222.045445][ T4922] usb 4-1: Product: syz [ 222.049657][ T4922] usb 4-1: Manufacturer: syz [ 222.062261][ T4922] usb 4-1: SerialNumber: syz [ 222.092548][ T8109] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 222.209465][ T8014] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 222.235289][ T8014] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 222.255077][ T8014] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 222.289020][ T8014] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 222.353324][ T4922] usb 4-1: selecting invalid altsetting 1 [ 222.372706][ T4922] cdc_ncm 4-1:1.0: bind() failure [ 222.412628][ T4922] hub 4-1:1.1: bad descriptor, ignoring hub [ 222.418610][ T4922] hub: probe of 4-1:1.1 failed with error -5 [ 222.466197][ T8014] 8021q: adding VLAN 0 to HW filter on device bond0 [ 222.487596][ T4922] usb 4-1: USB disconnect, device number 9 [ 222.495242][ T5031] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 222.510214][ T5031] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 222.524149][ T8014] 8021q: adding VLAN 0 to HW filter on device team0 [ 222.558512][ T5031] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 222.568323][ T5031] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 222.584385][ T5031] bridge0: port 1(bridge_slave_0) entered blocking state [ 222.591542][ T5031] bridge0: port 1(bridge_slave_0) entered forwarding state [ 222.617823][ T8148] loop2: detected capacity change from 0 to 128 [ 222.621048][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 222.637526][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 222.658922][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 222.668186][ T14] bridge0: port 2(bridge_slave_1) entered blocking state [ 222.675355][ T14] bridge0: port 2(bridge_slave_1) entered forwarding state [ 222.688750][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 222.698816][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 222.708524][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 222.721166][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 222.743730][ T5033] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 222.794872][ T8148] device syzkaller0 entered promiscuous mode [ 222.805561][ T8014] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 222.821595][ T8014] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 222.850376][ T5033] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 222.889733][ T5033] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 222.893517][ T8153] loop4: detected capacity change from 0 to 512 [ 222.900892][ T5033] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 222.918649][ T8154] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 222.931324][ T5033] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 222.960654][ T5033] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 222.987711][ T8153] EXT4-fs error (device loop4): ext4_xattr_delete_inode:2926: inode #16: comm syz-executor.4: corrupted xattr block 8 [ 223.008721][ T5033] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 223.042828][ T8153] EXT4-fs warning (device loop4): ext4_evict_inode:299: xattr delete (err -117) [ 223.053958][ T8153] EXT4-fs (loop4): 1 orphan inode deleted [ 223.059732][ T8153] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 223.069093][ T8153] ext4 filesystem being mounted at /root/syzkaller-testdir4135717956/syzkaller.Iz3cHk/368/bus supports timestamps until 2038 (0x7fffffff) [ 223.109750][ T8153] EXT4-fs error (device loop4): ext4_get_first_dir_block:3562: inode #12: comm syz-executor.4: directory missing '..' [ 223.154240][ T8163] loop3: detected capacity change from 0 to 512 [ 223.160704][ T5033] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 223.190009][ T8163] EXT4-fs error (device loop3): __ext4_iget:5044: inode #15: block 1803188595: comm syz-executor.3: invalid block [ 223.215360][ T8163] EXT4-fs error (device loop3): ext4_orphan_get:1401: comm syz-executor.3: couldn't read orphan inode 15 (err -117) [ 223.235444][ T3568] EXT4-fs (loop4): unmounting filesystem. [ 223.251139][ T8163] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 223.335556][ T8163] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #13: comm syz-executor.3: invalid indirect mapped block 234881024 (level 0) [ 223.451826][ T6209] EXT4-fs (loop3): unmounting filesystem. [ 223.593445][ T8014] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 223.633205][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 223.641293][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 223.649023][ T8184] loop4: detected capacity change from 0 to 512 [ 223.677313][ T8184] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 223.706114][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 223.718642][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 223.752313][ T3576] Bluetooth: hci1: command tx timeout [ 223.778268][ T8184] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #16: comm syz-executor.4: invalid indirect mapped block 83886080 (level 1) [ 223.827773][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 223.836783][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 223.853895][ T8184] EXT4-fs (loop4): Remounting filesystem read-only [ 223.861750][ T8184] EXT4-fs (loop4): 1 orphan inode deleted [ 223.868458][ T8184] EXT4-fs (loop4): 1 truncate cleaned up [ 223.874857][ T8184] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 223.876964][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 223.909507][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 223.948809][ T8014] device veth0_vlan entered promiscuous mode [ 223.986071][ T8014] device veth1_vlan entered promiscuous mode [ 223.997212][ T3568] EXT4-fs error (device loop4): htree_dirblock_to_tree:1111: inode #2: block 13: comm syz-executor.4: bad entry in directory: rec_len is too small for name_len - offset=12, inode=2, rec_len=12, size=1024 fake=0 [ 224.033556][ T8198] loop2: detected capacity change from 0 to 512 [ 224.045882][ T3568] EXT4-fs (loop4): Remounting filesystem read-only [ 224.073693][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 224.089097][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 224.093097][ T8194] loop3: detected capacity change from 0 to 4096 [ 224.114218][ T8014] device veth0_macvtap entered promiscuous mode [ 224.117305][ T8198] EXT4-fs error (device loop2): ext4_xattr_delete_inode:2926: inode #16: comm syz-executor.2: corrupted xattr block 8 [ 224.132889][ T8014] device veth1_macvtap entered promiscuous mode [ 224.140922][ T3568] EXT4-fs (loop4): unmounting filesystem. [ 224.149275][ T8198] EXT4-fs warning (device loop2): ext4_evict_inode:299: xattr delete (err -117) [ 224.160559][ T8194] ntfs3: loop3: Different NTFS' sector size (4096) and media sector size (512) [ 224.182803][ T8198] EXT4-fs (loop2): 1 orphan inode deleted [ 224.228140][ T8204] loop1: detected capacity change from 0 to 4096 [ 224.238314][ T8198] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 224.254657][ T8204] __ntfs_error: 2 callbacks suppressed [ 224.254675][ T8204] ntfs: (device loop1): check_mft_mirror(): Incomplete multi sector transfer detected in mft mirror record 0. [ 224.269015][ T8198] ext4 filesystem being mounted at /root/syzkaller-testdir10166860/syzkaller.zhsiXK/321/bus supports timestamps until 2038 (0x7fffffff) [ 224.272128][ T8204] ntfs: (device loop1): load_system_files(): $MFTMirr does not match $MFT. Mounting read-only. Run ntfsfix and/or chkdsk. [ 224.304517][ T8204] ntfs: (device loop1): ntfs_read_locked_inode(): $DATA attribute is missing. [ 224.318056][ T8204] ntfs: (device loop1): ntfs_read_locked_inode(): Failed with error code -2. Marking corrupt inode 0xa as bad. Run chkdsk. [ 224.340527][ T8204] ntfs: (device loop1): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 224.388998][ T8014] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 224.393673][ T8204] ntfs: volume version 3.1. [ 224.407654][ T8014] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 224.420132][ T8014] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 224.436942][ T8014] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 224.448830][ T8014] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 224.449628][ T8198] EXT4-fs error (device loop2): ext4_get_first_dir_block:3562: inode #12: comm syz-executor.2: directory missing '..' [ 224.463470][ T8014] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 224.481924][ T8014] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 224.493376][ T8014] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 224.509192][ T6209] ntfs3: loop3: ntfs_sync_fs r=1a failed, -22. [ 224.518969][ T8014] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 224.532651][ T6209] ntfs3: loop3: ntfs_evict_inode r=1a failed, -22. [ 224.536784][ T8014] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 224.550023][ T6209] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 224.555063][ T8014] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 224.608210][ T8014] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 224.627102][ T8014] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 224.682204][ T8014] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 224.712305][ T8014] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 224.732182][ T8014] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 224.748743][ T8014] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 224.780786][ T8014] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 224.790531][ T3581] EXT4-fs (loop2): unmounting filesystem. [ 224.802278][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 224.810489][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 224.830277][ T8214] loop3: detected capacity change from 0 to 128 [ 224.846901][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 224.863228][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 224.874515][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 224.891600][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 224.951651][ T3715] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 224.976136][ T8014] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 224.993366][ T8014] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 225.011588][ T8014] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 225.025275][ T5033] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 225.028160][ T8014] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 225.125829][ T8218] device syzkaller0 entered promiscuous mode [ 225.157542][ T3715] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 225.183652][ T3577] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 225.200367][ T3577] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 225.210257][ T3577] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 225.220054][ T3577] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 225.227919][ T3577] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 225.235923][ T3577] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 225.320464][ T3715] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 225.403030][ T5033] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 225.426451][ T5033] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 225.439729][ T5033] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 225.449708][ T5033] usb 2-1: config 0 descriptor?? [ 225.457910][ T3715] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 225.498356][ T3710] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 225.549690][ T3710] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 225.572646][ T5033] usb 2-1: can't set config #0, error -71 [ 225.589269][ T4883] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 225.602741][ T5033] usb 2-1: USB disconnect, device number 7 [ 225.613068][ T3762] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 225.621251][ T3762] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 225.643114][ T8231] loop2: detected capacity change from 0 to 4096 [ 225.656402][ T8231] ntfs3: loop2: Different NTFS' sector size (4096) and media sector size (512) [ 225.692768][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 225.809392][ T3581] ntfs3: loop2: ntfs_sync_fs r=1a failed, -22. [ 225.829385][ T8224] chnl_net:caif_netlink_parms(): no params data found [ 225.842522][ T3577] Bluetooth: hci1: command tx timeout [ 225.849072][ T3581] ntfs3: loop2: ntfs_evict_inode r=1a failed, -22. [ 225.867666][ T3581] ntfs3: loop2: Mark volume as dirty due to NTFS errors [ 225.891722][ T8237] loop0: detected capacity change from 0 to 512 [ 225.956507][ T8240] loop3: detected capacity change from 0 to 512 [ 225.988591][ T8240] EXT4-fs error (device loop3): __ext4_iget:5044: inode #15: block 1803188595: comm syz-executor.3: invalid block [ 225.989443][ T8237] EXT4-fs error (device loop0): ext4_xattr_delete_inode:2926: inode #16: comm syz-executor.0: corrupted xattr block 8 [ 226.012211][ T8240] EXT4-fs error (device loop3): ext4_orphan_get:1401: comm syz-executor.3: couldn't read orphan inode 15 (err -117) [ 226.033302][ T8240] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 226.052039][ T8237] EXT4-fs warning (device loop0): ext4_evict_inode:299: xattr delete (err -117) [ 226.060162][ T8240] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #13: comm syz-executor.3: invalid indirect mapped block 234881024 (level 0) [ 226.091193][ T8224] bridge0: port 1(bridge_slave_0) entered blocking state [ 226.102411][ T8237] EXT4-fs (loop0): 1 orphan inode deleted [ 226.108913][ T8237] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 226.118466][ T8237] ext4 filesystem being mounted at /root/syzkaller-testdir499476686/syzkaller.vjSlNL/1/bus supports timestamps until 2038 (0x7fffffff) [ 226.131653][ T8224] bridge0: port 1(bridge_slave_0) entered disabled state [ 226.134456][ T6209] EXT4-fs (loop3): unmounting filesystem. [ 226.143495][ T8224] device bridge_slave_0 entered promiscuous mode [ 226.169226][ T8224] bridge0: port 2(bridge_slave_1) entered blocking state [ 226.186563][ T8224] bridge0: port 2(bridge_slave_1) entered disabled state [ 226.217754][ T8224] device bridge_slave_1 entered promiscuous mode [ 226.305591][ T8237] EXT4-fs error (device loop0): ext4_get_first_dir_block:3562: inode #12: comm syz-executor.0: directory missing '..' [ 226.311396][ T8224] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 226.393570][ T8224] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 226.425446][ T8014] EXT4-fs (loop0): unmounting filesystem. [ 226.579678][ T8224] team0: Port device team_slave_0 added [ 226.611980][ T8224] team0: Port device team_slave_1 added [ 226.704161][ T8224] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 226.711157][ T8224] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 226.790499][ T8268] loop3: detected capacity change from 0 to 4096 [ 226.796694][ T8224] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 226.801052][ T8268] ntfs3: loop3: Different NTFS' sector size (4096) and media sector size (512) [ 226.833655][ T8224] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 226.846254][ T8224] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 226.907296][ T6209] ntfs3: loop3: ntfs_sync_fs r=1a failed, -22. [ 226.921588][ T6209] ntfs3: loop3: ntfs_evict_inode r=1a failed, -22. [ 226.932822][ T8276] loop1: detected capacity change from 0 to 512 [ 226.934570][ T6209] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 226.939146][ T8224] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 226.990790][ T8276] EXT4-fs error (device loop1): __ext4_iget:5044: inode #15: block 1803188595: comm syz-executor.1: invalid block [ 227.032345][ T3614] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 227.055516][ T8276] EXT4-fs error (device loop1): ext4_orphan_get:1401: comm syz-executor.1: couldn't read orphan inode 15 (err -117) [ 227.084716][ T8252] loop2: detected capacity change from 0 to 32768 [ 227.092867][ T8276] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 227.110386][ T8252] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 scanned by syz-executor.2 (8252) [ 227.139309][ T8276] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #13: comm syz-executor.1: invalid indirect mapped block 234881024 (level 0) [ 227.170672][ T8224] device hsr_slave_0 entered promiscuous mode [ 227.178927][ T7637] EXT4-fs (loop1): unmounting filesystem. [ 227.191851][ T8252] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 227.209967][ T8224] device hsr_slave_1 entered promiscuous mode [ 227.219764][ T8252] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 227.233056][ T8224] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 227.240654][ T8224] Cannot create hsr debugfs directory [ 227.252231][ T8252] BTRFS info (device loop2): using free space tree [ 227.276841][ T3577] Bluetooth: hci2: command tx timeout [ 227.294974][ T3715] device hsr_slave_0 left promiscuous mode [ 227.324766][ T3715] device hsr_slave_1 left promiscuous mode [ 227.341501][ T3715] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 227.369645][ T3715] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 227.388688][ T8252] BTRFS info (device loop2): enabling ssd optimizations [ 227.396168][ T3614] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 227.397942][ T3715] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 227.420536][ T3715] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 227.430727][ T3715] device bridge_slave_1 left promiscuous mode [ 227.478258][ T3715] bridge0: port 2(bridge_slave_1) entered disabled state [ 227.490190][ T3715] device bridge_slave_0 left promiscuous mode [ 227.492500][ T3614] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 227.506208][ T3715] bridge0: port 1(bridge_slave_0) entered disabled state [ 227.511055][ T3614] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 227.524088][ T3614] usb 1-1: SerialNumber: syz [ 227.573358][ T3614] usb 1-1: bad CDC descriptors [ 227.579301][ T3715] device veth1_macvtap left promiscuous mode [ 227.602781][ T3715] device veth0_macvtap left promiscuous mode [ 227.608914][ T3715] device veth1_vlan left promiscuous mode [ 227.628450][ T3715] device veth0_vlan left promiscuous mode [ 227.672938][ T4883] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 227.720513][ T3581] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 227.798058][ T4727] usb 1-1: USB disconnect, device number 4 [ 228.056265][ T3715] team0 (unregistering): Port device team_slave_1 removed [ 228.084914][ T3715] team0 (unregistering): Port device team_slave_0 removed [ 228.105467][ T3715] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 228.129446][ T3715] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 228.211255][ T3715] bond0 (unregistering): Released all slaves [ 228.461806][ T8323] loop3: detected capacity change from 0 to 512 [ 228.511346][ T8323] EXT4-fs error (device loop3): __ext4_iget:5044: inode #15: block 1803188595: comm syz-executor.3: invalid block [ 228.558448][ T8323] EXT4-fs error (device loop3): ext4_orphan_get:1401: comm syz-executor.3: couldn't read orphan inode 15 (err -117) [ 228.631628][ T8323] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 228.699042][ T8323] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #13: comm syz-executor.3: invalid indirect mapped block 234881024 (level 0) [ 228.845145][ T6209] EXT4-fs (loop3): unmounting filesystem. [ 229.213816][ T8352] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 229.216354][ T8224] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 229.257544][ T8224] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 229.302928][ T8224] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 229.327562][ T8224] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 229.352939][ T3577] Bluetooth: hci2: command tx timeout [ 229.378623][ T8329] loop2: detected capacity change from 0 to 32768 [ 229.401239][ T8350] loop3: detected capacity change from 0 to 4096 [ 229.413960][ T8350] ntfs3: loop3: Different NTFS' sector size (4096) and media sector size (512) [ 229.446815][ T8329] XFS (loop2): Mounting V5 Filesystem [ 229.534446][ T8224] 8021q: adding VLAN 0 to HW filter on device bond0 [ 229.548807][ T5030] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 229.557803][ T5030] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 229.569585][ T8224] 8021q: adding VLAN 0 to HW filter on device team0 [ 229.583313][ T5030] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 229.592029][ T5030] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 229.597928][ T8329] XFS (loop2): Ending clean mount [ 229.601423][ T5030] bridge0: port 1(bridge_slave_0) entered blocking state [ 229.612441][ T5030] bridge0: port 1(bridge_slave_0) entered forwarding state [ 229.642801][ T5030] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 229.657101][ T5030] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 229.666569][ T8329] XFS (loop2): Metadata CRC error detected at xfs_agfl_read_verify+0x1ca/0x290, xfs_agfl block 0x3 [ 229.678725][ T5030] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 229.687470][ T8329] XFS (loop2): Unmount and run xfs_repair [ 229.695639][ T5030] bridge0: port 2(bridge_slave_1) entered blocking state [ 229.702896][ T5030] bridge0: port 2(bridge_slave_1) entered forwarding state [ 229.710381][ T8329] XFS (loop2): First 128 bytes of corrupted metadata buffer: [ 229.712956][ T6209] ntfs3: loop3: ntfs_sync_fs r=1a failed, -22. [ 229.722311][ T8329] 00000000: 58 41 46 4c 00 00 00 00 00 00 00 00 00 00 80 86 XAFL............ [ 229.743212][ T5030] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 229.750225][ T6209] ntfs3: loop3: ntfs_evict_inode r=1a failed, -22. [ 229.751968][ T5030] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 229.775389][ T8329] 00000010: af d4 a8 f7 47 a7 4b ab 00 00 00 00 00 00 00 00 ....G.K......... [ 229.777507][ T6209] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 229.813510][ T8329] 00000020: 5e fe 9e 73 ff ff ff ff 00 00 02 0a 00 00 02 0b ^..s............ [ 229.828861][ T5030] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 229.837530][ T8329] 00000030: 00 00 02 0c 00 00 02 0d 00 00 02 0e 00 00 02 0f ................ [ 229.850179][ T5030] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 229.858394][ T8329] 00000040: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 229.905197][ T8224] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 229.925973][ T8329] 00000050: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 229.939345][ T8224] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 229.963497][ T8329] 00000060: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 229.980700][ T1148] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 229.990509][ T1148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 230.007708][ T8329] 00000070: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 230.019780][ T1148] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 230.030990][ T8329] XFS (loop2): metadata I/O error in "xfs_alloc_read_agfl+0x250/0x430" at daddr 0x3 len 1 error 74 [ 230.053164][ T1148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 230.067580][ T1148] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 230.078635][ T8329] XFS (loop2): Metadata I/O Error (0x1) detected at xfs_trans_read_buf_map+0x6a5/0xb80 (fs/xfs/xfs_trans_buf.c:296). Shutting down filesystem. [ 230.083906][ T8378] loop1: detected capacity change from 0 to 512 [ 230.094360][ T1148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 230.108234][ T8329] XFS (loop2): Please unmount the filesystem and rectify the problem(s) [ 230.117459][ T1148] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 230.143175][ T3613] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 230.179957][ T3581] XFS (loop2): Unmounting Filesystem [ 230.205763][ T8378] EXT4-fs error (device loop1): __ext4_iget:5044: inode #15: block 1803188595: comm syz-executor.1: invalid block [ 230.263183][ T8378] EXT4-fs error (device loop1): ext4_orphan_get:1401: comm syz-executor.1: couldn't read orphan inode 15 (err -117) [ 230.281845][ T8378] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 230.301581][ T8378] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #13: comm syz-executor.1: invalid indirect mapped block 234881024 (level 0) [ 230.417720][ T7637] EXT4-fs (loop1): unmounting filesystem. [ 230.647069][ T1148] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 230.662394][ T1148] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 230.686428][ T8224] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 231.058895][ T8415] loop2: detected capacity change from 0 to 1024 [ 231.328187][ T3710] hfsplus: b-tree write err: -5, ino 4 [ 231.405925][ T5030] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 231.435263][ T5030] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 231.442666][ T3577] Bluetooth: hci2: command tx timeout [ 231.498801][ T8224] device veth0_vlan entered promiscuous mode [ 231.544770][ T5030] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 231.569827][ T5030] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 231.601027][ T8224] device veth1_vlan entered promiscuous mode [ 231.629245][ T1148] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 231.648063][ T1148] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 231.669833][ T1148] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 231.712040][ T3613] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 231.769243][ T8224] device veth0_macvtap entered promiscuous mode [ 231.794373][ T8438] loop0: detected capacity change from 0 to 512 [ 231.817878][ T4883] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 231.833739][ T4883] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 231.861403][ T8224] device veth1_macvtap entered promiscuous mode [ 231.894544][ T8438] EXT4-fs error (device loop0): ext4_xattr_delete_inode:2926: inode #16: comm syz-executor.0: corrupted xattr block 8 [ 231.917121][ T4727] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 231.933436][ T4727] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 231.942621][ T8420] loop3: detected capacity change from 0 to 32768 [ 231.957620][ T8438] EXT4-fs warning (device loop0): ext4_evict_inode:299: xattr delete (err -117) [ 231.967831][ T8438] EXT4-fs (loop0): 1 orphan inode deleted [ 231.973821][ T8438] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 231.991516][ T8438] ext4 filesystem being mounted at /root/syzkaller-testdir499476686/syzkaller.vjSlNL/22/bus supports timestamps until 2038 (0x7fffffff) [ 232.016393][ T8224] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 232.018024][ T8449] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 232.044077][ T8224] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 232.059049][ T8420] XFS (loop3): Mounting V5 Filesystem [ 232.067141][ T8224] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 232.086003][ T8224] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 232.107762][ T8438] EXT4-fs error (device loop0): ext4_get_first_dir_block:3562: inode #12: comm syz-executor.0: directory missing '..' [ 232.125114][ T8224] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 232.144926][ T8224] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 232.163134][ T8224] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 232.180977][ T8224] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 232.197895][ T8224] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 232.210237][ T1148] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 232.218962][ T8014] EXT4-fs (loop0): unmounting filesystem. [ 232.219578][ T1148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 232.236421][ T8224] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 232.238061][ T8420] XFS (loop3): Ending clean mount [ 232.255996][ T8224] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 232.268162][ T8224] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 232.292303][ T8224] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 232.317384][ T8224] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 232.328874][ T8420] XFS (loop3): Metadata CRC error detected at xfs_agfl_read_verify+0x1ca/0x290, xfs_agfl block 0x3 [ 232.339813][ T8224] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 232.354603][ T8420] XFS (loop3): Unmount and run xfs_repair [ 232.360687][ T8420] XFS (loop3): First 128 bytes of corrupted metadata buffer: [ 232.376083][ T8224] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 232.386822][ T8420] 00000000: 58 41 46 4c 00 00 00 00 00 00 00 00 00 00 80 86 XAFL............ [ 232.396593][ T8224] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 232.407833][ T8420] 00000010: af d4 a8 f7 47 a7 4b ab 00 00 00 00 00 00 00 00 ....G.K......... [ 232.430313][ T8224] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 232.438826][ T8420] 00000020: 5e fe 9e 73 ff ff ff ff 00 00 02 0a 00 00 02 0b ^..s............ [ 232.463439][ T1148] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 232.473009][ T1148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 232.484613][ T8224] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 232.493934][ T8420] 00000030: 00 00 02 0c 00 00 02 0d 00 00 02 0e 00 00 02 0f ................ [ 232.516331][ T8224] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 232.533587][ T8420] 00000040: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 232.545191][ T8224] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 232.565745][ T8224] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 232.604841][ T8420] 00000050: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 232.615651][ T8420] 00000060: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 232.706624][ T8420] 00000070: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 232.732807][ T8420] XFS (loop3): metadata I/O error in "xfs_alloc_read_agfl+0x250/0x430" at daddr 0x3 len 1 error 74 [ 232.769555][ T8420] XFS (loop3): Metadata I/O Error (0x1) detected at xfs_trans_read_buf_map+0x6a5/0xb80 (fs/xfs/xfs_trans_buf.c:296). Shutting down filesystem. [ 232.808119][ T38] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 232.823413][ T38] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 232.833958][ T8420] XFS (loop3): Please unmount the filesystem and rectify the problem(s) [ 232.868066][ T5030] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 232.902118][ T38] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 232.932605][ T6209] XFS (loop3): Unmounting Filesystem [ 232.936282][ T38] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 232.985297][ T5030] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 233.089164][ T8481] loop1: detected capacity change from 0 to 512 [ 233.120044][ T8481] EXT4-fs: Ignoring removed nobh option [ 233.146406][ T8484] Bluetooth: MGMT ver 1.22 [ 233.152390][ T8481] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -13 [ 233.183058][ T8481] EXT4-fs error (device loop1): ext4_clear_blocks:883: inode #13: comm syz-executor.1: attempt to clear invalid blocks 2 len 1 [ 233.214655][ T8481] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters [ 233.261575][ T8481] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #13: comm syz-executor.1: invalid indirect mapped block 1819239214 (level 0) [ 233.288028][ T8488] loop3: detected capacity change from 0 to 512 [ 233.302780][ T8488] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 233.329582][ T8488] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #16: comm syz-executor.3: invalid indirect mapped block 83886080 (level 1) [ 233.357880][ T8481] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #13: comm syz-executor.1: invalid indirect mapped block 1819239214 (level 1) [ 233.373731][ T8488] EXT4-fs (loop3): Remounting filesystem read-only [ 233.387889][ T8488] EXT4-fs (loop3): 1 orphan inode deleted [ 233.396367][ T8488] EXT4-fs (loop3): 1 truncate cleaned up [ 233.409423][ T8488] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 233.434823][ T8481] EXT4-fs (loop1): 1 truncate cleaned up [ 233.473767][ T8481] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 233.500539][ T6209] EXT4-fs error (device loop3): htree_dirblock_to_tree:1111: inode #2: block 13: comm syz-executor.3: bad entry in directory: rec_len is too small for name_len - offset=12, inode=2, rec_len=12, size=1024 fake=0 [ 233.531376][ T6209] EXT4-fs (loop3): Remounting filesystem read-only [ 233.556463][ T6209] EXT4-fs (loop3): unmounting filesystem. [ 233.599951][ T3576] Bluetooth: hci2: command tx timeout [ 233.809437][ T8481] EXT4-fs error (device loop1): ext4_find_dest_de:2112: inode #2: block 13: comm syz-executor.1: bad entry in directory: rec_len % 4 != 0 - offset=108, inode=4294901777, rec_len=65535, size=1024 fake=0 [ 234.053236][ T8499] EXT4-fs error (device loop1): ext4_find_dest_de:2112: inode #2: block 13: comm syz-executor.1: bad entry in directory: rec_len % 4 != 0 - offset=108, inode=4294901777, rec_len=65535, size=1024 fake=0 [ 234.417902][ T3873] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 234.491933][ T3873] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 234.540609][ T8508] loop2: detected capacity change from 0 to 128 [ 234.552504][ T7637] EXT4-fs (loop1): unmounting filesystem. [ 234.610470][ T3873] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 234.736563][ T8508] device syzkaller0 entered promiscuous mode [ 234.774900][ T3873] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 234.857340][ T8520] I/O error, dev loop1, sector 1 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 234.881324][ T8520] VFS: could not find a valid V7 on loop1. [ 234.974274][ T3580] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 234.987772][ T3580] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 234.999755][ T3580] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 235.010572][ T3580] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 235.018315][ T3580] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 235.025944][ T3580] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 235.224007][ T3580] Bluetooth: hci2: ISO packet for unknown connection handle 0 [ 235.272442][ T3580] Bluetooth: hci0: command 0x0c1a tx timeout [ 235.278792][ T3577] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 235.630569][ T8522] chnl_net:caif_netlink_parms(): no params data found [ 236.741867][ T8522] bridge0: port 1(bridge_slave_0) entered blocking state [ 236.762333][ T8522] bridge0: port 1(bridge_slave_0) entered disabled state [ 236.770521][ T8522] device bridge_slave_0 entered promiscuous mode [ 236.790648][ T3580] Bluetooth: hci1: ISO packet for unknown connection handle 0 [ 236.803282][ T8522] bridge0: port 2(bridge_slave_1) entered blocking state [ 236.810485][ T8522] bridge0: port 2(bridge_slave_1) entered disabled state [ 236.818781][ T8522] device bridge_slave_1 entered promiscuous mode [ 236.864772][ T8522] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 236.876917][ T8522] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 236.925572][ T8522] team0: Port device team_slave_0 added [ 236.941892][ T8522] team0: Port device team_slave_1 added [ 236.970266][ T8522] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 236.978578][ T8522] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 237.010838][ T8522] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 237.029666][ T8522] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 237.038669][ T8522] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 237.081756][ T8522] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 237.122734][ T3580] Bluetooth: hci3: command tx timeout [ 237.176263][ T8522] device hsr_slave_0 entered promiscuous mode [ 237.188027][ T8522] device hsr_slave_1 entered promiscuous mode [ 237.252008][ T3873] device hsr_slave_0 left promiscuous mode [ 237.266321][ T3873] device hsr_slave_1 left promiscuous mode [ 237.279846][ T3873] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 237.305117][ T3873] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 237.334082][ T3873] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 237.341623][ T3873] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 237.371346][ T3873] device bridge_slave_1 left promiscuous mode [ 237.396642][ T3873] bridge0: port 2(bridge_slave_1) entered disabled state [ 237.407960][ T8590] loop2: detected capacity change from 0 to 512 [ 237.418191][ T3873] device bridge_slave_0 left promiscuous mode [ 237.426712][ T3873] bridge0: port 1(bridge_slave_0) entered disabled state [ 237.448166][ T3873] device veth1_macvtap left promiscuous mode [ 237.458665][ T3873] device veth0_macvtap left promiscuous mode [ 237.483294][ T8590] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 237.484291][ T3873] device veth1_vlan left promiscuous mode [ 237.493237][ T8590] ext4 filesystem being mounted at /root/syzkaller-testdir10166860/syzkaller.zhsiXK/352/file0 supports timestamps until 2038 (0x7fffffff) [ 237.511217][ T3873] device veth0_vlan left promiscuous mode [ 237.621426][ T3581] EXT4-fs (loop2): unmounting filesystem. [ 237.866033][ T8615] loop2: detected capacity change from 0 to 512 [ 237.882801][ T8615] EXT4-fs: Ignoring removed nobh option [ 237.905464][ T8615] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -13 [ 237.921618][ T8615] EXT4-fs error (device loop2): ext4_clear_blocks:883: inode #13: comm syz-executor.2: attempt to clear invalid blocks 2 len 1 [ 237.954336][ T8615] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters [ 237.991564][ T3873] team0 (unregistering): Port device team_slave_1 removed [ 238.000521][ T8615] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz-executor.2: invalid indirect mapped block 1819239214 (level 0) [ 238.025845][ T3873] team0 (unregistering): Port device team_slave_0 removed [ 238.040883][ T3873] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 238.050358][ T8615] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz-executor.2: invalid indirect mapped block 1819239214 (level 1) [ 238.085913][ T3873] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 238.096428][ T8615] EXT4-fs (loop2): 1 truncate cleaned up [ 238.108208][ T8615] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 238.184513][ T3873] bond0 (unregistering): Released all slaves [ 238.313161][ T3580] Bluetooth: hci0: command 0x0c1a tx timeout [ 238.319274][ T3577] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 238.427958][ T8619] EXT4-fs error (device loop2): ext4_find_dest_de:2112: inode #2: block 13: comm syz-executor.2: bad entry in directory: rec_len % 4 != 0 - offset=108, inode=4294901777, rec_len=65535, size=1024 fake=0 [ 238.675761][ T8620] EXT4-fs error (device loop2): ext4_find_dest_de:2112: inode #2: block 13: comm syz-executor.2: bad entry in directory: rec_len % 4 != 0 - offset=108, inode=4294901777, rec_len=65535, size=1024 fake=0 [ 239.079350][ T3581] EXT4-fs (loop2): unmounting filesystem. [ 239.161321][ T8625] loop2: detected capacity change from 0 to 512 [ 239.197545][ T3577] Bluetooth: hci3: command tx timeout [ 239.206786][ T8625] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 239.329074][ T8625] EXT4-fs error (device loop2): ext4_orphan_get:1422: comm syz-executor.2: bad orphan inode 17 [ 239.640388][ T8625] ext4_test_bit(bit=16, block=4) = 1 [ 239.721005][ T8625] is_bad_inode(inode)=0 [ 239.818260][ T8625] NEXT_ORPHAN(inode)=1048336 [ 239.930684][ T8625] max_ino=32 [ 240.032114][ T8625] i_nlink=0 [ 240.036079][ T8625] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 240.113357][ T3581] EXT4-fs (loop2): unmounting filesystem. [ 240.440652][ T8643] loop0: detected capacity change from 0 to 128 [ 240.461898][ T8522] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 240.473172][ T8522] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 240.484498][ T4026] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 240.507668][ T8522] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 240.528085][ T8522] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 240.641256][ T8522] 8021q: adding VLAN 0 to HW filter on device bond0 [ 240.751484][ T3613] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 240.759999][ T3613] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 240.778582][ T8522] 8021q: adding VLAN 0 to HW filter on device team0 [ 240.816742][ T3613] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 240.827342][ T3613] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 240.851163][ T3613] bridge0: port 1(bridge_slave_0) entered blocking state [ 240.858661][ T3613] bridge0: port 1(bridge_slave_0) entered forwarding state [ 240.911963][ T3613] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 240.932736][ T3613] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 240.941770][ T3613] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 240.972792][ T3613] bridge0: port 2(bridge_slave_1) entered blocking state [ 240.980216][ T3613] bridge0: port 2(bridge_slave_1) entered forwarding state [ 240.992534][ T4026] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 241.007413][ T3613] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 241.011633][ T4026] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 241.031839][ T3613] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 241.064024][ T4026] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 241.102373][ T4026] usb 5-1: config 0 descriptor?? [ 241.107352][ T4921] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 241.134747][ T4921] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 241.156044][ T4921] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 241.193329][ T4921] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 241.201941][ T4921] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 241.242730][ T4921] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 241.251092][ T4921] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 241.272362][ T3580] Bluetooth: hci3: command tx timeout [ 241.292985][ T4921] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 241.302071][ T3613] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 241.325636][ T8522] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 241.633608][ T4026] keytouch 0003:0926:3333.0007: fixing up Keytouch IEC report descriptor [ 241.703630][ T4026] input: HID 0926:3333 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0926:3333.0007/input/input9 [ 241.861253][ T4026] keytouch 0003:0926:3333.0007: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.4-1/input0 [ 242.092896][ T1148] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 242.100938][ T1148] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 242.149979][ T8522] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 242.228789][ T1148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 242.248531][ T1148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 242.295439][ T3613] usb 5-1: USB disconnect, device number 8 [ 242.324414][ T8522] device veth0_vlan entered promiscuous mode [ 242.337027][ T3614] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 242.358139][ T3614] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 242.383523][ T8522] device veth1_vlan entered promiscuous mode [ 242.399744][ T3614] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 242.424183][ T3614] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 242.458210][ T3614] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 242.505858][ T4921] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 242.514787][ T4921] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 242.543106][ T4921] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 242.554171][ T8522] device veth0_macvtap entered promiscuous mode [ 242.578046][ T8522] device veth1_macvtap entered promiscuous mode [ 242.627890][ T27] audit: type=1800 audit(2000000061.387:459): pid=8680 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=1944 res=0 errno=0 [ 242.633364][ T8522] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 242.705666][ T8522] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 242.745534][ T8522] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 242.765364][ T8522] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 242.788636][ T8522] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 242.795979][ T8682] loop1: detected capacity change from 0 to 128 [ 242.807585][ T8522] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 242.817915][ T8522] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 242.851214][ T8522] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 242.889603][ T8522] batman_adv: batadv0: Interface activated: batadv_slave_0 acpid: input device has been disconnected, fd 10 [ 242.933960][ T3614] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 242.945734][ T3614] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 242.970458][ T8684] loop0: detected capacity change from 0 to 512 [ 242.973307][ T3614] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 242.990517][ T3614] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 243.008754][ T8522] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 243.041965][ T8522] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 243.058024][ T8684] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 243.066745][ T8522] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 243.083758][ T8684] ext4 filesystem being mounted at /root/syzkaller-testdir499476686/syzkaller.vjSlNL/47/file0 supports timestamps until 2038 (0x7fffffff) [ 243.095401][ T8522] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 243.149660][ T8522] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 243.162065][ T8522] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 243.177902][ T8522] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 243.190820][ T8522] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 243.228273][ T8522] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 243.289223][ T3614] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 243.320672][ T3614] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 243.325193][ T8698] loop4: detected capacity change from 0 to 256 [ 243.347647][ T8522] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 243.357322][ T3580] Bluetooth: hci3: command tx timeout [ 243.372437][ T8522] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 243.391933][ T8522] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 243.428109][ T8698] FAT-fs (loop4): Directory bread(block 64) failed [ 243.444770][ T8522] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 243.452365][ T8698] FAT-fs (loop4): Directory bread(block 65) failed [ 243.460982][ T8698] FAT-fs (loop4): Directory bread(block 66) failed [ 243.484153][ T8698] FAT-fs (loop4): Directory bread(block 67) failed [ 243.507437][ T8698] FAT-fs (loop4): Directory bread(block 68) failed [ 243.533938][ T8698] FAT-fs (loop4): Directory bread(block 69) failed [ 243.601862][ T8698] FAT-fs (loop4): Directory bread(block 70) failed [ 243.637029][ T8698] FAT-fs (loop4): Directory bread(block 71) failed [ 243.666081][ T8698] FAT-fs (loop4): Directory bread(block 72) failed [ 243.673441][ T3762] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 243.681785][ T3762] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 243.709495][ T8707] loop1: detected capacity change from 0 to 512 [ 243.715891][ T8698] FAT-fs (loop4): Directory bread(block 73) failed [ 243.731649][ T4921] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 243.767901][ T3762] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 243.798909][ T8014] EXT4-fs (loop0): unmounting filesystem. [ 243.805933][ T8707] EXT4-fs: Ignoring removed nobh option [ 243.811884][ T3762] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 243.874909][ T4921] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 243.885570][ T8707] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -13 [ 243.922079][ T8707] EXT4-fs error (device loop1): ext4_clear_blocks:883: inode #13: comm syz-executor.1: attempt to clear invalid blocks 2 len 1 [ 243.940730][ T8707] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters [ 243.963951][ T8707] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #13: comm syz-executor.1: invalid indirect mapped block 1819239214 (level 0) [ 243.994081][ T8707] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #13: comm syz-executor.1: invalid indirect mapped block 1819239214 (level 1) [ 244.044409][ T8707] EXT4-fs (loop1): 1 truncate cleaned up [ 244.073285][ T8707] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 244.138388][ T8721] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. [ 244.219112][ T8724] loop4: detected capacity change from 0 to 128 [ 244.457914][ T8726] EXT4-fs error (device loop1): ext4_find_dest_de:2112: inode #2: block 13: comm syz-executor.1: bad entry in directory: rec_len % 4 != 0 - offset=108, inode=4294901777, rec_len=65535, size=1024 fake=0 [ 244.698584][ T8727] EXT4-fs error (device loop1): ext4_find_dest_de:2112: inode #2: block 13: comm syz-executor.1: bad entry in directory: rec_len % 4 != 0 - offset=108, inode=4294901777, rec_len=65535, size=1024 fake=0 [ 245.118798][ T7637] EXT4-fs (loop1): unmounting filesystem. [ 245.147227][ T8732] loop2: detected capacity change from 0 to 256 [ 245.173666][ T8732] exfat: Deprecated parameter 'utf8' [ 245.266112][ T8734] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 245.286755][ T8732] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x36e00b20, utbl_chksum : 0xe619d30d) [ 245.369998][ T8717] loop3: detected capacity change from 0 to 32768 [ 245.379673][ T8717] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 scanned by syz-executor.3 (8717) [ 245.411060][ T8717] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 245.435815][ T8738] futex_wake_op: syz-executor.4 tries to shift op by -1; fix this program [ 245.476388][ T8717] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 245.486554][ T27] audit: type=1800 audit(2000000064.237:460): pid=8732 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="loop2" ino=1048683 res=0 errno=0 [ 245.579095][ T8717] BTRFS info (device loop3): using free space tree [ 245.633167][ T4727] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 246.165684][ T8717] BTRFS info (device loop3): enabling ssd optimizations [ 246.217450][ T8768] loop1: detected capacity change from 0 to 512 [ 246.259597][ T8768] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 246.293931][ T8773] loop2: detected capacity change from 0 to 512 [ 246.307395][ T8773] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 246.307579][ T8768] ext4 filesystem being mounted at /root/syzkaller-testdir723906268/syzkaller.Laz5S2/70/file0 supports timestamps until 2038 (0x7fffffff) [ 246.343440][ T4727] usb 1-1: New USB device found, idVendor=0582, idProduct=0023, bcdDevice=53.24 [ 246.377165][ T8773] EXT4-fs error (device loop2): ext4_orphan_get:1422: comm syz-executor.2: bad orphan inode 17 [ 246.407234][ T4727] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 246.426173][ T8773] ext4_test_bit(bit=16, block=4) = 1 [ 246.435969][ T8773] is_bad_inode(inode)=0 [ 246.440313][ T4727] usb 1-1: Product: syz [ 246.446074][ T8773] NEXT_ORPHAN(inode)=1048336 [ 246.469171][ T4727] usb 1-1: Manufacturer: syz [ 246.482098][ T4727] usb 1-1: SerialNumber: syz [ 246.490380][ T8773] max_ino=32 [ 246.497072][ T8773] i_nlink=0 [ 246.502265][ T4727] usb 1-1: config 0 descriptor?? [ 246.507581][ T8773] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 246.583128][ T8522] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 246.631248][ T3581] EXT4-fs (loop2): unmounting filesystem. [ 246.687829][ T4727] snd-usb-audio: probe of 1-1:0.0 failed with error -2 [ 246.862829][ T8778] loop4: detected capacity change from 0 to 32768 [ 246.891341][ T4880] usb 1-1: USB disconnect, device number 5 [ 246.905407][ T7637] EXT4-fs (loop1): unmounting filesystem. [ 246.909927][ T8778] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 scanned by syz-executor.4 (8778) [ 246.948810][ T8778] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 246.979000][ T8783] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 246.992002][ T8778] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm [ 247.011575][ T8778] BTRFS info (device loop4): setting nodatacow, compression disabled [ 247.042476][ T8778] BTRFS info (device loop4): turning on flush-on-commit [ 247.055285][ T8778] BTRFS info (device loop4): enabling auto defrag [ 247.070420][ T8778] BTRFS info (device loop4): max_inline at 0 [ 247.091771][ T8778] BTRFS info (device loop4): using free space tree [ 247.107752][ T8789] loop1: detected capacity change from 0 to 256 [ 247.146088][ T8789] exfat: Deprecated parameter 'utf8' [ 247.190596][ T8789] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x36e00b20, utbl_chksum : 0xe619d30d) [ 247.236625][ T27] audit: type=1800 audit(2000000065.997:461): pid=8789 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="loop1" ino=1048684 res=0 errno=0 [ 247.390220][ T8778] BTRFS info (device loop4): enabling ssd optimizations [ 247.544381][ T8819] futex_wake_op: syz-executor.2 tries to shift op by -1; fix this program [ 248.351400][ T8224] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 248.448745][ T8828] loop2: detected capacity change from 0 to 128 [ 248.497494][ T8830] loop1: detected capacity change from 0 to 256 [ 248.528963][ T8828] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 248.554963][ T8828] ext4 filesystem being mounted at /root/syzkaller-testdir10166860/syzkaller.zhsiXK/375/mnt supports timestamps until 2038 (0x7fffffff) [ 248.620990][ T8830] FAT-fs (loop1): Directory bread(block 64) failed [ 248.633844][ T8830] FAT-fs (loop1): Directory bread(block 65) failed [ 248.649388][ T8830] FAT-fs (loop1): Directory bread(block 66) failed [ 248.654391][ T8828] EXT4-fs error (device loop2): ext4_validate_inode_bitmap:106: comm syz-executor.2: Corrupt inode bitmap - block_group = 0, inode_bitmap = 7 [ 248.662941][ T8830] FAT-fs (loop1): Directory bread(block 67) failed [ 248.679123][ T8830] FAT-fs (loop1): Directory bread(block 68) failed [ 248.686429][ T8830] FAT-fs (loop1): Directory bread(block 69) failed [ 248.694485][ T8830] FAT-fs (loop1): Directory bread(block 70) failed [ 248.701214][ T8830] FAT-fs (loop1): Directory bread(block 71) failed [ 248.708001][ T8830] FAT-fs (loop1): Directory bread(block 72) failed [ 248.716186][ T8830] FAT-fs (loop1): Directory bread(block 73) failed [ 248.770782][ T3581] EXT4-fs (loop2): unmounting filesystem. [ 248.843694][ T8839] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 249.094606][ T8853] netlink: 'syz-executor.2': attribute type 4 has an invalid length. [ 249.164570][ T8857] netlink: 'syz-executor.2': attribute type 4 has an invalid length. [ 249.589263][ T8863] futex_wake_op: syz-executor.2 tries to shift op by -1; fix this program [ 250.448310][ T8868] loop4: detected capacity change from 0 to 512 [ 250.483443][ T8868] EXT4-fs: Ignoring removed nobh option [ 250.549264][ T8868] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -13 [ 250.585477][ T8868] EXT4-fs error (device loop4): ext4_clear_blocks:883: inode #13: comm syz-executor.4: attempt to clear invalid blocks 2 len 1 [ 250.610694][ T8868] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters [ 250.683468][ T8859] loop3: detected capacity change from 0 to 32768 [ 250.691798][ T8868] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #13: comm syz-executor.4: invalid indirect mapped block 1819239214 (level 0) [ 250.706875][ T8859] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 scanned by syz-executor.3 (8859) [ 250.720263][ T8868] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #13: comm syz-executor.4: invalid indirect mapped block 1819239214 (level 1) [ 250.750862][ T8859] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 250.764283][ T8868] EXT4-fs (loop4): 1 truncate cleaned up [ 250.770078][ T8868] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 250.771493][ T8881] loop1: detected capacity change from 0 to 764 [ 250.789204][ T8859] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 250.808173][ T8859] BTRFS info (device loop3): setting nodatacow, compression disabled [ 250.817387][ T8884] netlink: 'syz-executor.2': attribute type 4 has an invalid length. [ 250.828597][ T8859] BTRFS info (device loop3): turning on flush-on-commit [ 250.838917][ T8859] BTRFS info (device loop3): enabling auto defrag [ 250.847354][ T8881] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 250.869108][ T8859] BTRFS info (device loop3): max_inline at 0 [ 250.875272][ T8859] BTRFS info (device loop3): using free space tree [ 250.957849][ T8884] netlink: 'syz-executor.2': attribute type 4 has an invalid length. [ 251.080055][ T8859] BTRFS info (device loop3): enabling ssd optimizations [ 251.157835][ T8911] EXT4-fs error (device loop4): ext4_find_dest_de:2112: inode #2: block 13: comm syz-executor.4: bad entry in directory: rec_len % 4 != 0 - offset=108, inode=4294901777, rec_len=65535, size=1024 fake=0 [ 251.212868][ T8911] EXT4-fs error (device loop4): ext4_find_dest_de:2112: inode #2: block 13: comm syz-executor.4: bad entry in directory: rec_len % 4 != 0 - offset=108, inode=4294901777, rec_len=65535, size=1024 fake=0 [ 251.757744][ T8224] EXT4-fs (loop4): unmounting filesystem. [ 251.772918][ T8522] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 251.917519][ T8920] loop4: detected capacity change from 0 to 512 [ 251.927088][ T8916] loop0: detected capacity change from 0 to 8 [ 251.965550][ T8916] squashfs: Unknown parameter 'C' [ 252.057728][ T8920] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 252.087715][ T8920] ext4 filesystem being mounted at /root/syzkaller-testdir1519744059/syzkaller.rbNQW1/23/file0 supports timestamps until 2038 (0x7fffffff) [ 252.262789][ T8933] loop2: detected capacity change from 0 to 764 [ 252.295847][ T8933] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 252.409584][ T8224] EXT4-fs (loop4): unmounting filesystem. [ 252.436117][ T8938] loop2: detected capacity change from 0 to 256 [ 252.507786][ T8940] autofs4:pid:8940:autofs_fill_super: called with bogus options [ 252.581075][ T8947] loop1: detected capacity change from 0 to 256 [ 252.887513][ T8955] loop4: detected capacity change from 0 to 4096 [ 252.926442][ T8955] ntfs3: loop4: Different NTFS' sector size (2048) and media sector size (512) [ 252.979305][ T8966] loop1: detected capacity change from 0 to 8 [ 252.996803][ T8966] squashfs: Unknown parameter 'C' [ 253.073762][ T8971] loop3: detected capacity change from 0 to 764 [ 253.098098][ T8971] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 253.311746][ T8950] loop2: detected capacity change from 0 to 32768 [ 253.337038][ T8950] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz-executor.2 (8950) [ 253.368719][ T8984] loop3: detected capacity change from 0 to 256 [ 253.370511][ T8950] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 253.387994][ T8987] autofs4:pid:8987:autofs_fill_super: called with bogus options [ 253.399789][ T8950] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 253.417486][ T8950] BTRFS info (device loop2): setting nodatacow, compression disabled [ 253.430190][ T8950] BTRFS info (device loop2): turning on flush-on-commit [ 253.441003][ T8950] BTRFS info (device loop2): enabling auto defrag [ 253.450457][ T8950] BTRFS info (device loop2): max_inline at 0 [ 253.456894][ T8950] BTRFS info (device loop2): using free space tree [ 253.573692][ T9001] netlink: 'syz-executor.3': attribute type 1 has an invalid length. [ 253.626250][ T8950] BTRFS info (device loop2): enabling ssd optimizations [ 253.918235][ T3581] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 253.952063][ T9021] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 254.351121][ T9034] loop4: detected capacity change from 0 to 256 [ 254.618691][ T9044] loop0: detected capacity change from 0 to 128 [ 254.672409][ T9044] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 254.683473][ T9044] ext4 filesystem being mounted at /root/syzkaller-testdir499476686/syzkaller.vjSlNL/61/mnt supports timestamps until 2038 (0x7fffffff) [ 254.690029][ T9047] loop1: detected capacity change from 0 to 512 [ 254.717869][ T9044] EXT4-fs error (device loop0): ext4_validate_inode_bitmap:106: comm syz-executor.0: Corrupt inode bitmap - block_group = 0, inode_bitmap = 7 [ 254.744520][ T9047] EXT4-fs: Ignoring removed nobh option [ 254.779993][ T9047] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -13 [ 254.843896][ T9047] EXT4-fs error (device loop1): ext4_clear_blocks:883: inode #13: comm syz-executor.1: attempt to clear invalid blocks 2 len 1 [ 254.871949][ T8014] EXT4-fs (loop0): unmounting filesystem. [ 254.916791][ T9047] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters [ 254.994727][ T9047] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #13: comm syz-executor.1: invalid indirect mapped block 1819239214 (level 0) [ 255.015459][ T9047] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #13: comm syz-executor.1: invalid indirect mapped block 1819239214 (level 1) [ 255.018524][ T9062] loop4: detected capacity change from 0 to 64 [ 255.048546][ T9047] EXT4-fs (loop1): 1 truncate cleaned up [ 255.054522][ T9047] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 255.130911][ T9064] loop3: detected capacity change from 0 to 16 [ 255.158979][ T9064] erofs: (device loop3): mounted with root inode @ nid 36. [ 255.198833][ T9064] erofs: (device loop3): z_erofs_extent_lookback: bogus lookback distance @ nid 36 [ 255.222604][ T9064] erofs: (device loop3): z_erofs_lz4_decompress_mem: failed to decompress -32 in[46, 4050] out[1851] [ 255.241455][ T9064] erofs: (device loop3): z_erofs_read_folio: failed to read, err [-117] [ 255.593803][ T1246] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.593893][ T1246] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.101104][ T9077] EXT4-fs error (device loop1): ext4_find_dest_de:2112: inode #2: block 13: comm syz-executor.1: bad entry in directory: rec_len % 4 != 0 - offset=108, inode=4294901777, rec_len=65535, size=1024 fake=0 [ 256.145980][ T9077] EXT4-fs error (device loop1): ext4_find_dest_de:2112: inode #2: block 13: comm syz-executor.1: bad entry in directory: rec_len % 4 != 0 - offset=108, inode=4294901777, rec_len=65535, size=1024 fake=0 [ 256.906694][ T7637] EXT4-fs (loop1): unmounting filesystem. [ 257.349096][ T9095] loop1: detected capacity change from 0 to 128 [ 257.376661][ T9095] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 257.383616][ T9052] loop2: detected capacity change from 0 to 32768 [ 257.394761][ T9095] ext4 filesystem being mounted at /root/syzkaller-testdir723906268/syzkaller.Laz5S2/87/mnt supports timestamps until 2038 (0x7fffffff) [ 257.435340][ T9052] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz-executor.2 (9052) [ 257.536572][ T9052] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 257.538068][ T9095] EXT4-fs error (device loop1): ext4_validate_inode_bitmap:106: comm syz-executor.1: Corrupt inode bitmap - block_group = 0, inode_bitmap = 7 [ 257.550120][ T9052] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 257.570559][ T9052] BTRFS info (device loop2): setting nodatacow, compression disabled [ 257.578978][ T9052] BTRFS info (device loop2): turning on flush-on-commit [ 257.586269][ T9052] BTRFS info (device loop2): enabling auto defrag [ 257.593188][ T9052] BTRFS info (device loop2): max_inline at 0 [ 257.599400][ T9052] BTRFS info (device loop2): using free space tree [ 257.689215][ T7637] EXT4-fs (loop1): unmounting filesystem. [ 257.699829][ T9052] BTRFS error (device loop2): open_ctree failed [ 257.920937][ T9119] loop1: detected capacity change from 0 to 64 [ 257.944696][ T9121] loop3: detected capacity change from 0 to 512 [ 257.953174][ T9121] EXT4-fs: Ignoring removed nobh option [ 257.972280][ T4724] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 257.990646][ T9121] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -13 [ 258.035281][ T9121] EXT4-fs error (device loop3): ext4_clear_blocks:883: inode #13: comm syz-executor.3: attempt to clear invalid blocks 2 len 1 [ 258.097921][ T9121] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters [ 258.114608][ T9088] loop0: detected capacity change from 0 to 32768 [ 258.150231][ T9121] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #13: comm syz-executor.3: invalid indirect mapped block 1819239214 (level 0) [ 258.174206][ T9121] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #13: comm syz-executor.3: invalid indirect mapped block 1819239214 (level 1) [ 258.175196][ T9121] EXT4-fs (loop3): 1 truncate cleaned up [ 258.175231][ T9121] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 258.227643][ T9133] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 258.249485][ T9088] XFS (loop0): Mounting V5 Filesystem [ 258.489751][ T9145] EXT4-fs error (device loop3): ext4_find_dest_de:2112: inode #2: block 13: comm syz-executor.3: bad entry in directory: rec_len % 4 != 0 - offset=108, inode=4294901777, rec_len=65535, size=1024 fake=0 [ 258.543502][ T9145] EXT4-fs error (device loop3): ext4_find_dest_de:2112: inode #2: block 13: comm syz-executor.3: bad entry in directory: rec_len % 4 != 0 - offset=108, inode=4294901777, rec_len=65535, size=1024 fake=0 [ 258.599957][ T4724] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 258.756725][ T4724] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 259.105540][ T4724] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 259.135420][ T4724] usb 5-1: config 0 descriptor?? [ 259.169537][ T9088] XFS (loop0): Ending clean mount [ 259.238444][ T9088] XFS (loop0): Quotacheck needed: Please wait. [ 259.268177][ T8522] EXT4-fs (loop3): unmounting filesystem. [ 259.387146][ T9088] XFS (loop0): Quotacheck: Done. [ 259.421300][ T9161] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 259.534388][ T9166] loop3: detected capacity change from 0 to 256 [ 259.571849][ T8014] XFS (loop0): Unmounting Filesystem [ 259.574812][ T9166] FAT-fs (loop3): Directory bread(block 64) failed [ 259.588249][ T9166] FAT-fs (loop3): Directory bread(block 65) failed [ 259.597098][ T9166] FAT-fs (loop3): Directory bread(block 66) failed [ 259.606857][ T9166] FAT-fs (loop3): Directory bread(block 67) failed [ 259.613801][ T9166] FAT-fs (loop3): Directory bread(block 68) failed [ 259.620648][ T9166] FAT-fs (loop3): Directory bread(block 69) failed [ 259.627584][ T9166] FAT-fs (loop3): Directory bread(block 70) failed [ 259.634430][ T9166] FAT-fs (loop3): Directory bread(block 71) failed [ 259.641437][ T9166] FAT-fs (loop3): Directory bread(block 72) failed [ 259.648566][ T9166] FAT-fs (loop3): Directory bread(block 73) failed [ 259.714844][ T4724] keytouch 0003:0926:3333.0008: fixing up Keytouch IEC report descriptor [ 259.740763][ T4724] input: HID 0926:3333 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0926:3333.0008/input/input10 [ 259.757831][ T4878] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 259.838314][ T4724] keytouch 0003:0926:3333.0008: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.4-1/input0 [ 259.855329][ T9170] loop0: detected capacity change from 0 to 64 [ 259.999775][ T9180] loop3: detected capacity change from 0 to 128 [ 260.025392][ T9180] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 260.035405][ T9180] ext4 filesystem being mounted at /root/syzkaller-testdir336627253/syzkaller.FJLhx9/33/mnt supports timestamps until 2038 (0x7fffffff) [ 260.064583][ T9180] EXT4-fs error (device loop3): ext4_validate_inode_bitmap:106: comm syz-executor.3: Corrupt inode bitmap - block_group = 0, inode_bitmap = 7 [ 260.121163][ T8522] EXT4-fs (loop3): unmounting filesystem. [ 260.342438][ T4878] usb 2-1: New USB device found, idVendor=0582, idProduct=0023, bcdDevice=53.24 [ 260.362215][ T4878] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 260.370302][ T4878] usb 2-1: Product: syz [ 260.374685][ T4878] usb 2-1: Manufacturer: syz [ 260.377502][ T5031] usb 5-1: USB disconnect, device number 9 [ 260.379283][ T4878] usb 2-1: SerialNumber: syz [ 260.409525][ T4878] usb 2-1: config 0 descriptor?? [ 260.412315][ T9196] loop3: detected capacity change from 0 to 2048 acpid: input device has been disconnected, fd 3 [ 260.460793][ T9196] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 260.495871][ T9196] ext4 filesystem being mounted at /root/syzkaller-testdir336627253/syzkaller.FJLhx9/36/file0 supports timestamps until 2038 (0x7fffffff) [ 260.515921][ T4878] snd-usb-audio: probe of 2-1:0.0 failed with error -2 [ 260.562813][ T9202] loop2: detected capacity change from 0 to 64 [ 260.616097][ T8522] EXT4-fs (loop3): unmounting filesystem. [ 260.709360][ T5031] usb 2-1: USB disconnect, device number 8 [ 260.719505][ T9187] loop0: detected capacity change from 0 to 32768 [ 260.736173][ T9187] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz-executor.0 (9187) [ 260.777281][ T9187] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 260.788469][ T9187] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 260.798337][ T9187] BTRFS info (device loop0): using free space tree [ 260.854857][ T9187] BTRFS info (device loop0): enabling ssd optimizations [ 260.942466][ T8835] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 261.099270][ T8014] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 261.183601][ T8835] usb 4-1: Using ep0 maxpacket: 8 [ 261.472660][ T8835] usb 4-1: New USB device found, idVendor=046d, idProduct=08dd, bcdDevice=ff.f4 [ 261.485243][ T8835] usb 4-1: New USB device strings: Mfr=8, Product=2, SerialNumber=3 [ 261.500575][ T8835] usb 4-1: Product: syz [ 261.518925][ T8835] usb 4-1: Manufacturer: syz [ 261.530665][ T8835] usb 4-1: SerialNumber: syz [ 261.544724][ T8835] usb 4-1: config 0 descriptor?? [ 261.594566][ T8835] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08dd [ 261.617067][ T9261] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 261.698355][ T9265] bridge0: port 2(bridge_slave_1) entered disabled state [ 261.705881][ T9265] bridge0: port 1(bridge_slave_0) entered disabled state [ 261.738694][ T9265] bridge0: port 2(bridge_slave_1) entered blocking state [ 261.746057][ T9265] bridge0: port 2(bridge_slave_1) entered forwarding state [ 261.753527][ T9265] bridge0: port 1(bridge_slave_0) entered blocking state [ 261.760667][ T9265] bridge0: port 1(bridge_slave_0) entered forwarding state [ 261.770737][ T9265] device bridge0 entered promiscuous mode [ 261.812369][ T8835] gspca_zc3xx: reg_w_i err -71 [ 261.820681][ T8835] gspca_zc3xx: probe of 4-1:0.0 failed with error -71 [ 261.838329][ T8835] usb 4-1: USB disconnect, device number 11 [ 262.188777][ T9286] syz-executor.2 uses obsolete (PF_INET,SOCK_PACKET) [ 262.395125][ T9269] loop1: detected capacity change from 0 to 32768 [ 262.418855][ T9269] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 scanned by syz-executor.1 (9269) [ 262.465471][ T9269] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 262.494185][ T9269] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 262.523014][ T9269] BTRFS info (device loop1): using free space tree [ 262.632982][ T9312] bridge0: port 2(bridge_slave_1) entered disabled state [ 262.640181][ T9312] bridge0: port 1(bridge_slave_0) entered disabled state [ 262.651097][ T9312] device bridge0 left promiscuous mode [ 262.669266][ T9312] bridge0: port 2(bridge_slave_1) entered blocking state [ 262.676441][ T9312] bridge0: port 2(bridge_slave_1) entered forwarding state [ 262.683906][ T9312] bridge0: port 1(bridge_slave_0) entered blocking state [ 262.691032][ T9312] bridge0: port 1(bridge_slave_0) entered forwarding state [ 262.700653][ T9312] device bridge0 entered promiscuous mode [ 262.706952][ T9269] BTRFS info (device loop1): enabling ssd optimizations [ 262.732630][ T4878] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 262.964479][ T5030] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 263.624417][ T7637] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 263.842398][ T5030] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 263.857172][ T9340] loop0: detected capacity change from 0 to 1024 [ 263.908103][ T5030] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 263.917328][ T9340] hfsplus: invalid catalog entry type in lookup [ 263.957555][ T5030] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 264.019645][ T5030] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 264.049415][ T5030] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 264.069309][ T5030] usb 4-1: config 0 descriptor?? [ 264.088155][ T3764] hfsplus: b-tree write err: -5, ino 4 [ 264.092694][ T9314] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 264.159604][ T27] audit: type=1326 audit(2000000082.917:462): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9348 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f141047cee9 code=0x0 [ 264.375374][ T9366] loop0: detected capacity change from 0 to 256 [ 264.423274][ T9366] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 264.468846][ T9372] loop1: detected capacity change from 0 to 1024 [ 264.506148][ T9372] hfsplus: invalid catalog entry type in lookup [ 264.543568][ T27] audit: type=1804 audit(2000000083.287:463): pid=9366 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir499476686/syzkaller.vjSlNL/79/file2/bus" dev="loop0" ino=1048691 res=1 errno=0 [ 264.584588][ T5030] plantronics 0003:047F:FFFF.0009: unknown main item tag 0xd [ 264.605286][ T5030] plantronics 0003:047F:FFFF.0009: No inputs registered, leaving [ 264.618636][ T9376] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 264.651678][ T5030] plantronics 0003:047F:FFFF.0009: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 264.664341][ T27] audit: type=1800 audit(2000000083.357:464): pid=9366 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="loop0" ino=1048691 res=0 errno=0 [ 264.694752][ T56] hfsplus: b-tree write err: -5, ino 4 [ 264.738141][ T9379] loop2: detected capacity change from 0 to 64 [ 264.771077][ T9382] loop0: detected capacity change from 0 to 512 [ 264.831796][ T9382] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 264.831895][ T9382] ext4 filesystem being mounted at /root/syzkaller-testdir499476686/syzkaller.vjSlNL/80/file0 supports timestamps until 2038 (0x7fffffff) [ 264.855133][ T4879] usb 4-1: USB disconnect, device number 12 [ 265.138706][ T8014] EXT4-fs (loop0): unmounting filesystem. [ 265.175888][ T9364] loop4: detected capacity change from 0 to 40427 [ 265.220649][ T9364] F2FS-fs (loop4): invalid crc value [ 265.238743][ T9364] F2FS-fs (loop4): Found nat_bits in checkpoint [ 265.255683][ T9407] loop0: detected capacity change from 0 to 256 [ 265.271897][ T9407] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 265.291233][ T9405] loop1: detected capacity change from 0 to 1024 [ 265.337000][ T9405] hfsplus: invalid catalog entry type in lookup [ 265.343644][ T27] audit: type=1804 audit(2000000084.097:465): pid=9407 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir499476686/syzkaller.vjSlNL/82/file2/bus" dev="loop0" ino=1048692 res=1 errno=0 [ 265.387520][ T9364] F2FS-fs (loop4): recover fsync data on readonly fs [ 265.410988][ T9364] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 265.434887][ T27] audit: type=1800 audit(2000000084.097:466): pid=9407 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="loop0" ino=1048692 res=0 errno=0 [ 265.435398][ T9412] loop2: detected capacity change from 0 to 64 [ 265.466210][ T11] hfsplus: b-tree write err: -5, ino 4 [ 265.631780][ T9421] loop2: detected capacity change from 0 to 512 [ 265.709301][ T9421] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 265.737078][ T9421] ext4 filesystem being mounted at /root/syzkaller-testdir10166860/syzkaller.zhsiXK/427/file0 supports timestamps until 2038 (0x7fffffff) [ 266.008221][ T9431] loop0: detected capacity change from 0 to 2048 [ 267.361663][ T9433] loop3: detected capacity change from 0 to 16 [ 267.468181][ T9433] erofs: (device loop3): mounted with root inode @ nid 36. [ 267.501283][ T9433] erofs: (device loop3): z_erofs_extent_lookback: bogus lookback distance @ nid 36 [ 267.517079][ T9433] erofs: (device loop3): z_erofs_lz4_decompress_mem: failed to decompress -32 in[46, 4050] out[1851] [ 267.535271][ T9433] erofs: (device loop3): z_erofs_read_folio: failed to read, err [-117] [ 267.631506][ T9431] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 268.057363][ T27] audit: type=1326 audit(2000000086.817:467): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9443 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd9bae7cee9 code=0x7ffc0000 [ 268.095148][ T27] audit: type=1326 audit(2000000086.817:468): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9443 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd9bae7cee9 code=0x7ffc0000 [ 268.122460][ T27] audit: type=1326 audit(2000000086.817:469): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9443 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd9bae7cee9 code=0x7ffc0000 [ 268.155529][ T27] audit: type=1326 audit(2000000086.817:470): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9443 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd9bae7cee9 code=0x7ffc0000 [ 268.204805][ T27] audit: type=1326 audit(2000000086.817:471): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9443 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd9bae7cee9 code=0x7ffc0000 [ 268.231212][ T3581] EXT4-fs (loop2): unmounting filesystem. [ 268.403340][ T5502] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 268.498278][ T9452] loop1: detected capacity change from 0 to 256 [ 268.531524][ T9452] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 268.569070][ T9441] loop3: detected capacity change from 0 to 32768 [ 268.599233][ T9441] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 scanned by syz-executor.3 (9441) [ 268.634486][ T9441] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 268.659337][ T9441] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 268.676517][ T9441] BTRFS info (device loop3): using free space tree [ 268.702439][ T5502] usb 1-1: Using ep0 maxpacket: 16 [ 268.706155][ T9465] netlink: 92 bytes leftover after parsing attributes in process `syz-executor.1'. [ 268.801182][ T9441] BTRFS info (device loop3): enabling ssd optimizations [ 268.848180][ T9448] loop2: detected capacity change from 0 to 40427 [ 268.858151][ T9448] F2FS-fs (loop2): invalid crc value [ 268.866334][ T9448] F2FS-fs (loop2): Found nat_bits in checkpoint [ 268.892423][ T5502] usb 1-1: unable to get BOS descriptor or descriptor too short [ 268.929306][ T9448] F2FS-fs (loop2): recover fsync data on readonly fs [ 268.944594][ T9448] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 268.992461][ T5502] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 269.023473][ T5502] usb 1-1: config 1 interface 0 has no altsetting 0 [ 269.043633][ T8522] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 269.356590][ T9487] loop4: detected capacity change from 0 to 16 [ 269.373556][ T9487] erofs: (device loop4): mounted with root inode @ nid 36. [ 269.401288][ T9487] erofs: (device loop4): z_erofs_extent_lookback: bogus lookback distance @ nid 36 [ 269.412520][ T9487] erofs: (device loop4): z_erofs_lz4_decompress_mem: failed to decompress -32 in[46, 4050] out[1851] [ 269.431411][ T9487] erofs: (device loop4): z_erofs_read_folio: failed to read, err [-117] [ 269.491854][ T5502] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 269.529647][ T5502] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 269.584047][ T5502] usb 1-1: Product: syz [ 269.613686][ T5502] usb 1-1: Manufacturer: syz [ 269.642855][ T5502] usb 1-1: SerialNumber: syz [ 270.254199][ T9493] loop2: detected capacity change from 0 to 2048 [ 270.291676][ T9493] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 270.972947][ T5502] usb 1-1: bad CDC descriptors [ 270.981529][ T5502] usb 1-1: USB disconnect, device number 6 [ 271.302660][ T27] kauditd_printk_skb: 161 callbacks suppressed [ 271.302676][ T27] audit: type=1326 audit(2000000090.057:633): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9511 comm="syz-executor.3" exe="/root/syz-executor.3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f989fe7cee9 code=0x0 [ 271.325855][ T9513] overlayfs: metacopy with no lower data found - abort lookup (/file0) [ 271.336500][ T4920] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 271.721073][ T9495] loop4: detected capacity change from 0 to 32768 [ 271.732474][ T4920] usb 3-1: New USB device found, idVendor=0781, idProduct=0100, bcdDevice= 1.00 [ 271.741590][ T4920] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 271.779125][ T9495] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 scanned by syz-executor.4 (9495) [ 271.798950][ T4920] usb 3-1: config 0 descriptor?? [ 271.856780][ T4920] usb-storage 3-1:0.0: USB Mass Storage device detected [ 271.864054][ T9495] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 271.897864][ T9495] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm [ 271.912258][ T9495] BTRFS info (device loop4): metadata ratio 8 [ 271.920471][ T4920] usb-storage 3-1:0.0: Quirks match for vid 0781 pid 0100: 1 [ 271.928493][ T9495] BTRFS info (device loop4): force zlib compression, level 3 [ 271.964312][ T9495] BTRFS info (device loop4): turning off barriers [ 271.995365][ T9495] BTRFS info (device loop4): turning on barriers [ 272.009393][ T3577] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 272.025794][ T3577] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 272.033079][ T9495] BTRFS info (device loop4): enabling auto defrag [ 272.037125][ T3577] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 272.053353][ T3577] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 272.074362][ T3577] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 272.081928][ T3577] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 272.089838][ T9495] BTRFS info (device loop4): max_inline at 0 [ 272.092209][ T8835] usb 3-1: USB disconnect, device number 10 [ 272.132277][ T9495] BTRFS info (device loop4): using free space tree [ 272.168171][ T3710] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 272.303732][ T9519] loop3: detected capacity change from 0 to 32768 [ 272.312009][ T9519] BTRFS warning: duplicate device /dev/loop3 devid 1 generation 8 scanned by syz-executor.3 (9519) [ 272.319287][ T3710] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 272.343253][ T9495] BTRFS info (device loop4): enabling ssd optimizations [ 272.464903][ T3710] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 272.519563][ T8224] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 272.675301][ T27] audit: type=1804 audit(2000000091.437:634): pid=9519 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir336627253/syzkaller.FJLhx9/48/bus" dev="sda1" ino=1939 res=1 errno=0 [ 272.740765][ T9520] loop0: detected capacity change from 0 to 40427 [ 272.757995][ T9520] F2FS-fs (loop0): invalid crc value [ 272.778069][ T9520] F2FS-fs (loop0): Found nat_bits in checkpoint [ 272.808090][ T3710] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 272.914202][ T9520] F2FS-fs (loop0): recover fsync data on readonly fs [ 272.953633][ T9520] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 272.972806][ T9523] chnl_net:caif_netlink_parms(): no params data found [ 272.982238][ T8835] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 273.140131][ T27] audit: type=1326 audit(2000000091.897:635): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9559 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f362ca7cee9 code=0x0 [ 273.195046][ T9523] bridge0: port 1(bridge_slave_0) entered blocking state [ 273.202541][ T9523] bridge0: port 1(bridge_slave_0) entered disabled state [ 273.210776][ T9523] device bridge_slave_0 entered promiscuous mode [ 273.242249][ T8835] usb 3-1: Using ep0 maxpacket: 8 [ 273.308751][ T9523] bridge0: port 2(bridge_slave_1) entered blocking state [ 273.317181][ T9523] bridge0: port 2(bridge_slave_1) entered disabled state [ 273.334621][ T9523] device bridge_slave_1 entered promiscuous mode [ 273.420177][ T9523] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 273.438968][ T9523] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 273.460769][ T9570] loop0: detected capacity change from 0 to 512 [ 273.468735][ T9567] loop3: detected capacity change from 0 to 4096 [ 273.498365][ T9567] ntfs3: loop3: Different NTFS' sector size (4096) and media sector size (512) [ 273.518484][ T9567] ntfs3: loop3: Failed to load $Volume. [ 273.526698][ T8835] usb 3-1: New USB device found, idVendor=046d, idProduct=08dd, bcdDevice=ff.f4 [ 273.540471][ T8835] usb 3-1: New USB device strings: Mfr=8, Product=2, SerialNumber=3 [ 273.551292][ T9570] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 273.560257][ T8835] usb 3-1: Product: syz [ 273.560279][ T8835] usb 3-1: Manufacturer: syz [ 273.560294][ T8835] usb 3-1: SerialNumber: syz [ 273.575466][ T9570] ext4 filesystem being mounted at /root/syzkaller-testdir499476686/syzkaller.vjSlNL/87/file0 supports timestamps until 2038 (0x7fffffff) [ 273.597413][ T8835] usb 3-1: config 0 descriptor?? [ 273.608402][ T9523] team0: Port device team_slave_0 added [ 273.641206][ T9523] team0: Port device team_slave_1 added [ 273.645993][ T8835] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08dd [ 273.784755][ T9523] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 273.793927][ T9523] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 273.821312][ T9523] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 273.855292][ T8835] gspca_zc3xx: reg_w_i err -71 [ 273.860212][ T8835] gspca_zc3xx: probe of 3-1:0.0 failed with error -71 [ 273.867640][ T9523] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 273.881962][ T9523] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 273.901505][ T8835] usb 3-1: USB disconnect, device number 11 [ 273.941437][ T9523] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 273.962869][ T8014] EXT4-fs (loop0): unmounting filesystem. [ 274.038602][ T9578] pim6reg0: tun_chr_ioctl cmd 1074025677 [ 274.049522][ T9578] pim6reg0: linktype set to 0 [ 274.076669][ T9568] loop4: detected capacity change from 0 to 32768 [ 274.102879][ T9523] device hsr_slave_0 entered promiscuous mode [ 274.110361][ T9523] device hsr_slave_1 entered promiscuous mode [ 274.117499][ T9523] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 274.125452][ T9523] Cannot create hsr debugfs directory [ 274.152870][ T3580] Bluetooth: hci0: command tx timeout [ 274.454081][ T3710] device hsr_slave_0 left promiscuous mode [ 274.468871][ T3710] device hsr_slave_1 left promiscuous mode [ 274.482094][ T3710] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 274.491635][ T3710] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 274.501388][ T3710] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 274.512102][ T3710] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 274.523491][ T3710] device bridge_slave_1 left promiscuous mode [ 274.535422][ T3710] bridge0: port 2(bridge_slave_1) entered disabled state [ 274.545221][ T3710] device bridge_slave_0 left promiscuous mode [ 274.557055][ T3710] bridge0: port 1(bridge_slave_0) entered disabled state [ 274.584669][ T3710] device veth1_macvtap left promiscuous mode [ 274.606663][ T3710] device veth0_macvtap left promiscuous mode [ 274.623315][ T3710] device veth1_vlan left promiscuous mode [ 274.637750][ T3710] device veth0_vlan left promiscuous mode [ 274.896796][ T3710] team0 (unregistering): Port device team_slave_1 removed [ 274.910458][ T3710] team0 (unregistering): Port device team_slave_0 removed [ 274.923381][ T3710] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 274.938575][ T3710] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 275.007143][ T3710] bond0 (unregistering): Released all slaves [ 275.196782][ T9612] loop2: detected capacity change from 0 to 2048 [ 275.209648][ T27] audit: type=1800 audit(2000000093.967:636): pid=9616 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="sda1" ino=1960 res=0 errno=0 [ 275.293940][ T9612] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 275.412454][ T3581] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 275.446118][ T9523] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 275.456505][ T9523] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 275.466515][ T9523] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 275.476578][ T9523] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 275.501135][ T3581] EXT4-fs (loop2): unmounting filesystem. [ 275.558564][ T4920] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 275.603424][ T9523] 8021q: adding VLAN 0 to HW filter on device bond0 [ 275.660794][ T8835] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 275.676808][ T8835] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 275.691307][ T9523] 8021q: adding VLAN 0 to HW filter on device team0 [ 275.742545][ T5029] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 275.752766][ T5029] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 275.761427][ T5029] bridge0: port 1(bridge_slave_0) entered blocking state [ 275.768597][ T5029] bridge0: port 1(bridge_slave_0) entered forwarding state [ 275.792972][ T5029] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 275.814064][ T5029] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 275.822414][ T4920] usb 5-1: Using ep0 maxpacket: 8 [ 275.837484][ T5029] bridge0: port 2(bridge_slave_1) entered blocking state [ 275.844680][ T5029] bridge0: port 2(bridge_slave_1) entered forwarding state [ 275.871187][ T5029] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 275.905260][ T1148] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 275.919114][ T1148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 275.938422][ T1148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 275.966393][ T1148] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 275.996937][ T1148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 276.018343][ T1148] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 276.049895][ T9523] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 276.051586][ T9626] loop3: detected capacity change from 0 to 32768 [ 276.068324][ T9523] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 276.095123][ T9626] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 scanned by syz-executor.3 (9626) [ 276.132901][ C0] hrtimer: interrupt took 34807273 ns [ 276.147408][ T5029] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 276.155426][ T5029] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 276.163897][ T5029] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 276.606866][ T3580] Bluetooth: hci0: command tx timeout [ 276.607229][ T4920] usb 5-1: New USB device found, idVendor=046d, idProduct=08dd, bcdDevice=ff.f4 [ 276.622974][ T4920] usb 5-1: New USB device strings: Mfr=8, Product=2, SerialNumber=3 [ 276.631003][ T4920] usb 5-1: Product: syz [ 276.635177][ T4920] usb 5-1: Manufacturer: syz [ 276.639780][ T4920] usb 5-1: SerialNumber: syz [ 276.647784][ T4920] usb 5-1: config 0 descriptor?? [ 276.654172][ T5029] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 276.663217][ T5029] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 276.675111][ T8835] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 276.685983][ T9626] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 276.713725][ T9626] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 276.747204][ T9626] BTRFS info (device loop3): use zlib compression, level 3 [ 276.779460][ T9626] BTRFS info (device loop3): using free space tree [ 277.381412][ T9523] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 277.410214][ T9626] BTRFS info (device loop3): enabling ssd optimizations [ 277.418375][ T4725] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 277.430580][ T4725] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 277.477578][ T4725] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 277.498495][ T4725] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 277.539902][ T4725] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 277.560685][ T4725] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 277.581146][ T9523] device veth0_vlan entered promiscuous mode [ 277.599392][ T4881] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 277.610820][ T4881] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 277.633145][ T9523] device veth1_vlan entered promiscuous mode [ 277.699843][ T4725] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 277.714006][ T4725] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 277.733448][ T4725] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 277.757474][ T4725] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 277.778543][ T9523] device veth0_macvtap entered promiscuous mode [ 277.807785][ T9523] device veth1_macvtap entered promiscuous mode [ 277.859004][ T9523] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 277.881722][ T9523] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 277.908528][ T9523] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 277.931165][ T9523] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 277.959048][ T9523] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 277.981714][ T9523] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 278.021164][ T9523] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 278.050702][ T9523] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 278.076004][ T9523] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 278.102093][ T4881] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 278.115893][ T4881] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 278.134086][ T4881] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 278.158732][ T4881] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 278.181404][ T9523] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 278.207537][ T9523] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 278.228847][ T9523] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 278.266037][ T9523] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 278.303930][ T9523] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 278.339456][ T9523] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 278.379101][ T9523] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 278.428391][ T9523] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 278.460012][ T9523] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 278.480692][ T4725] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 278.505053][ T4725] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 278.527963][ T9523] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 278.551293][ T9523] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 278.570260][ T9523] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 278.595126][ T9523] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 278.632466][ T3577] Bluetooth: hci0: command tx timeout [ 279.938907][ T4920] usb 5-1: can't set config #0, error -71 [ 279.959220][ T4920] usb 5-1: USB disconnect, device number 10 [ 280.022499][ T8522] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 289.872803][ T3577] Bluetooth: hci0: command tx timeout [ 318.215171][ T1246] ieee802154 phy0 wpan0: encryption failed: -22 [ 318.221517][ T1246] ieee802154 phy1 wpan1: encryption failed: -22 [ 318.522398][ T56] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 318.530580][ T56] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 318.583570][ T9676] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 318.621634][ T56] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 318.630341][ T56] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 318.658767][ T9676] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 398.038021][ T1246] ieee802154 phy0 wpan0: encryption failed: -22 [ 398.059672][ T1246] ieee802154 phy1 wpan1: encryption failed: -22 [ 503.042167][ C1] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 503.049173][ C1] rcu: 0-...!: (1 GPs behind) idle=aa94/1/0x4000000000000000 softirq=28301/28312 fqs=3 [ 503.060620][ C1] (detected by 1, t=10502 jiffies, g=39869, q=829 ncpus=2) [ 503.067920][ C1] Sending NMI from CPU 1 to CPUs 0: [ 503.073147][ C0] NMI backtrace for cpu 0 [ 503.073168][ C0] CPU: 0 PID: 8835 Comm: kworker/0:19 Not tainted 6.1.92-syzkaller #0 [ 503.073184][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 503.073199][ C0] Workqueue: wg-kex-wg0 wg_packet_handshake_receive_worker [ 503.073226][ C0] RIP: 0010:lock_release+0x5d8/0xa20 [ 503.073247][ C0] Code: 8b 64 24 08 4c 8b 6c 24 20 4c 8d b4 24 90 00 00 00 48 c7 c7 40 13 ec 8a e8 55 94 20 09 b8 ff ff ff ff 65 0f c1 05 88 eb 97 7e <83> f8 01 0f 85 94 00 00 00 4c 89 f3 48 c1 eb 03 42 80 3c 3b 00 74 [ 503.073259][ C0] RSP: 0018:ffffc90000007b60 EFLAGS: 00000057 [ 503.073270][ C0] RAX: 0000000000000001 RBX: ffff88807c8a0ad0 RCX: ffffc90000007b03 [ 503.073281][ C0] RDX: 0000000000000003 RSI: ffffffff8aec1340 RDI: ffffffff8b3d45e0 [ 503.073290][ C0] RBP: ffffc90000007c90 R08: dffffc0000000000 R09: fffffbfff1ce712e [ 503.073301][ C0] R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff92000000f78 [ 503.073310][ C0] R13: 0000000000000046 R14: ffffc90000007bf0 R15: dffffc0000000000 [ 503.073321][ C0] FS: 0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 503.073333][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 503.073343][ C0] CR2: 00007f1410501700 CR3: 0000000061783000 CR4: 00000000003506f0 [ 503.073357][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 503.073365][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 503.073373][ C0] Call Trace: [ 503.073379][ C0] [ 503.073387][ C0] ? nmi_cpu_backtrace+0x3de/0x560 [ 503.073407][ C0] ? read_lock_is_recursive+0x10/0x10 [ 503.073426][ C0] ? nmi_trigger_cpumask_backtrace+0x3f0/0x3f0 [ 503.073444][ C0] ? nmi_handle+0x25/0x440 [ 503.073470][ C0] ? nmi_cpu_backtrace_handler+0x8/0x10 [ 503.073488][ C0] ? nmi_handle+0x12e/0x440 [ 503.073507][ C0] ? nmi_handle+0x25/0x440 [ 503.073524][ C0] ? lock_release+0x5d8/0xa20 [ 503.073541][ C0] ? default_do_nmi+0x62/0x150 [ 503.073554][ C0] ? exc_nmi+0xa8/0x100 [ 503.073566][ C0] ? end_repeat_nmi+0x16/0x31 [ 503.073589][ C0] ? lock_release+0x5d8/0xa20 [ 503.073606][ C0] ? lock_release+0x5d8/0xa20 [ 503.073623][ C0] ? lock_release+0x5d8/0xa20 [ 503.073640][ C0] [ 503.073644][ C0] [ 503.073651][ C0] ? debug_deactivate+0x1d/0x280 [ 503.073667][ C0] ? __rwlock_init+0x140/0x140 [ 503.073680][ C0] ? __lock_acquire+0x1f80/0x1f80 [ 503.073696][ C0] ? do_raw_spin_lock+0x14a/0x370 [ 503.073712][ C0] ? _raw_spin_lock_irqsave+0xdd/0x120 [ 503.073727][ C0] ? _raw_spin_lock+0x40/0x40 [ 503.073744][ C0] _raw_spin_unlock_irqrestore+0x75/0x130 [ 503.073759][ C0] ? _raw_spin_unlock+0x40/0x40 [ 503.073775][ C0] ? debug_object_deactivate+0x63/0x380 [ 503.073796][ C0] debug_deactivate+0x1d/0x280 [ 503.073812][ C0] __hrtimer_run_queues+0x334/0xe50 [ 503.073836][ C0] ? hrtimer_interrupt+0x980/0x980 [ 503.073857][ C0] hrtimer_interrupt+0x392/0x980 [ 503.073882][ C0] __sysvec_apic_timer_interrupt+0x156/0x580 [ 503.073899][ C0] sysvec_apic_timer_interrupt+0x8c/0xb0 [ 503.073915][ C0] [ 503.073919][ C0] [ 503.073924][ C0] asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 503.073941][ C0] RIP: 0010:_raw_spin_unlock_irqrestore+0xd4/0x130 [ 503.073958][ C0] Code: 9c 8f 44 24 20 42 80 3c 23 00 74 08 4c 89 f7 e8 f2 c1 4c f7 f6 44 24 21 02 75 4e 41 f7 c7 00 02 00 00 74 01 fb bf 01 00 00 00 d7 08 c9 f6 65 8b 05 48 24 6d 75 85 c0 74 3f 48 c7 04 24 0e 36 [ 503.073969][ C0] RSP: 0018:ffffc90004e878c0 EFLAGS: 00000206 [ 503.073981][ C0] RAX: 695649881143f200 RBX: 1ffff920009d0f1c RCX: ffffffff816acf0a [ 503.073992][ C0] RDX: dffffc0000000000 RSI: ffffffff8aec01c0 RDI: 0000000000000001 [ 503.074002][ C0] RBP: ffffc90004e87950 R08: dffffc0000000000 R09: fffffbfff2093861 [ 503.074012][ C0] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000 [ 503.074022][ C0] R13: 1ffff920009d0f18 R14: ffffc90004e878e0 R15: 0000000000000246 [ 503.074035][ C0] ? mark_lock+0x9a/0x340 [ 503.074056][ C0] ? _raw_spin_unlock+0x40/0x40 [ 503.074071][ C0] ? rcu_is_watching+0x11/0xb0 [ 503.074084][ C0] ? detach_timer+0x17d/0x380 [ 503.074099][ C0] timer_delete+0x25c/0x2f0 [ 503.074114][ C0] ? lock_timer_base+0x260/0x260 [ 503.074129][ C0] ? wg_packet_handshake_receive_worker+0xce/0xf00 [ 503.074146][ C0] wg_packet_handshake_receive_worker+0x795/0xf00 [ 503.074164][ C0] ? wg_packet_handshake_receive_worker+0x659/0xf00 [ 503.074182][ C0] ? wg_packet_purge_staged_packets+0x210/0x210 [ 503.074202][ C0] ? read_lock_is_recursive+0x10/0x10 [ 503.074226][ C0] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 503.074244][ C0] ? print_irqtrace_events+0x210/0x210 [ 503.074261][ C0] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 503.074277][ C0] ? do_raw_spin_unlock+0x137/0x8a0 [ 503.074294][ C0] ? process_one_work+0x7a9/0x11d0 [ 503.074309][ C0] process_one_work+0x8a9/0x11d0 [ 503.074331][ C0] ? worker_detach_from_pool+0x260/0x260 [ 503.074347][ C0] ? _raw_spin_lock_irqsave+0x120/0x120 [ 503.074362][ C0] ? kthread_data+0x4e/0xc0 [ 503.074382][ C0] ? wq_worker_running+0x97/0x190 [ 503.074402][ C0] worker_thread+0xa47/0x1200 [ 503.074422][ C0] ? _raw_spin_unlock+0x40/0x40 [ 503.074443][ C0] kthread+0x28d/0x320 [ 503.074454][ C0] ? worker_clr_flags+0x190/0x190 [ 503.074468][ C0] ? kthread_blkcg+0xd0/0xd0 [ 503.074481][ C0] ret_from_fork+0x1f/0x30 [ 503.074505][ C0] [ 503.075140][ C1] rcu: rcu_preempt kthread starved for 10487 jiffies! g39869 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1 [ 503.609993][ C1] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 503.619964][ C1] rcu: RCU grace-period kthread stack dump: [ 503.625849][ C1] task:rcu_preempt state:R running task stack:27032 pid:16 ppid:2 flags:0x00004000 [ 503.636632][ C1] Call Trace: [ 503.639907][ C1] [ 503.642846][ C1] __schedule+0x142d/0x4550 [ 503.647374][ C1] ? _raw_spin_unlock+0x40/0x40 [ 503.652237][ C1] ? __mod_timer+0x956/0xee0 [ 503.656851][ C1] ? __sched_text_start+0x8/0x8 [ 503.661715][ C1] ? lockdep_softirqs_off+0x420/0x420 [ 503.667089][ C1] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 503.672989][ C1] ? _raw_spin_unlock+0x40/0x40 [ 503.677857][ C1] schedule+0xbf/0x180 [ 503.681938][ C1] schedule_timeout+0x1b9/0x300 [ 503.686788][ C1] ? console_conditional_schedule+0x40/0x40 [ 503.692683][ C1] ? update_process_times+0x1b0/0x1b0 [ 503.698061][ C1] ? prepare_to_swait_event+0x329/0x350 [ 503.703705][ C1] rcu_gp_fqs_loop+0x2d2/0x1150 [ 503.708563][ C1] ? dyntick_save_progress_counter+0x2b0/0x2b0 [ 503.714720][ C1] ? lockdep_hardirqs_on+0x94/0x130 [ 503.719936][ C1] ? rcu_gp_init+0x15f0/0x15f0 [ 503.724711][ C1] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 503.730611][ C1] ? finish_swait+0xcf/0x1e0 [ 503.735210][ C1] rcu_gp_kthread+0xa3/0x3b0 [ 503.739806][ C1] ? rcu_report_qs_rsp+0x1a0/0x1a0 [ 503.744923][ C1] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 503.750827][ C1] ? __kthread_parkme+0x168/0x1c0 [ 503.755858][ C1] kthread+0x28d/0x320 [ 503.759953][ C1] ? rcu_report_qs_rsp+0x1a0/0x1a0 [ 503.765080][ C1] ? kthread_blkcg+0xd0/0xd0 [ 503.769706][ C1] ret_from_fork+0x1f/0x30 [ 503.774167][ C1] [ 503.777192][ C1] rcu: Stack dump where RCU GP kthread last ran: [ 503.783512][ C1] CPU: 1 PID: 3979 Comm: kworker/u4:13 Not tainted 6.1.92-syzkaller #0 [ 503.791749][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 503.801823][ C1] Workqueue: events_unbound toggle_allocation_gate [ 503.808346][ C1] RIP: 0010:smp_call_function_many_cond+0x1fb0/0x3460 [ 503.815114][ C1] Code: 2f 44 89 ee 83 e6 01 31 ff e8 ec 42 0b 00 41 83 e5 01 49 bd 00 00 00 00 00 fc ff df 75 0a e8 77 3f 0b 00 e9 1b ff ff ff f3 90 <42> 0f b6 04 2b 84 c0 75 14 41 f7 07 01 00 00 00 0f 84 fe fe ff ff [ 503.834730][ C1] RSP: 0018:ffffc9000a4675a0 EFLAGS: 00000293 [ 503.841063][ C1] RAX: ffffffff817f4dfb RBX: 1ffff1101730859d RCX: ffff888058c33b80 [ 503.849038][ C1] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 503.857008][ C1] RBP: ffffc9000a467980 R08: ffffffff817f4dc4 R09: fffffbfff2093845 [ 503.864987][ C1] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000800000000 [ 503.872960][ C1] R13: dffffc0000000000 R14: 0000000000000000 R15: ffff8880b9842ce8 [ 503.880929][ C1] FS: 0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 503.889857][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 503.896439][ C1] CR2: 00007f7e4d606bd0 CR3: 000000000ce8e000 CR4: 00000000003506e0 [ 503.904411][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 503.912383][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 503.920353][ C1] Call Trace: [ 503.923634][ C1] [ 503.926480][ C1] ? rcu_check_gp_kthread_starvation+0x1b8/0x220 [ 503.932823][ C1] ? print_other_cpu_stall+0x150c/0x1640 [ 503.938559][ C1] ? print_cpu_stall+0x5f0/0x5f0 [ 503.943514][ C1] ? rcu_sched_clock_irq+0xaf6/0x1200 [ 503.948891][ C1] ? rcutree_dead_cpu+0x20/0x20 [ 503.953744][ C1] ? hrtimer_run_queues+0x163/0x450 [ 503.958955][ C1] ? acct_account_cputime+0x26e/0x270 [ 503.964331][ C1] ? update_process_times+0x147/0x1b0 [ 503.969708][ C1] ? tick_sched_timer+0x386/0x550 [ 503.974737][ C1] ? tick_setup_sched_timer+0x2f0/0x2f0 [ 503.980284][ C1] ? __hrtimer_run_queues+0x5a7/0xe50 [ 503.985679][ C1] ? hrtimer_interrupt+0x980/0x980 [ 503.990815][ C1] ? ktime_get_update_offsets_now+0x407/0x420 [ 503.996907][ C1] ? hrtimer_interrupt+0x392/0x980 [ 504.002050][ C1] ? __sysvec_apic_timer_interrupt+0x156/0x580 [ 504.008226][ C1] ? sysvec_apic_timer_interrupt+0x8c/0xb0 [ 504.014038][ C1] [ 504.016970][ C1] [ 504.019904][ C1] ? asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 504.026069][ C1] ? smp_call_function_many_cond+0x1f94/0x3460 [ 504.032230][ C1] ? smp_call_function_many_cond+0x1fcb/0x3460 [ 504.038401][ C1] ? smp_call_function_many_cond+0x1fb0/0x3460 [ 504.044577][ C1] ? text_poke_sync+0x20/0x20 [ 504.049263][ C1] ? __text_poke+0x81a/0x9a0 [ 504.053873][ C1] ? mark_lock+0x9a/0x340 [ 504.058223][ C1] ? smp_call_function_many+0x30/0x30 [ 504.063622][ C1] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 504.069632][ C1] ? do_raw_spin_unlock+0x137/0x8a0 [ 504.074851][ C1] ? _raw_spin_unlock+0x24/0x40 [ 504.079712][ C1] ? kmem_cache_alloc_bulk+0x11a/0x4d0 [ 504.085188][ C1] ? __text_poke+0x81a/0x9a0 [ 504.089793][ C1] ? kmem_cache_alloc_bulk+0x11a/0x4d0 [ 504.095273][ C1] ? __text_poke+0x9a0/0x9a0 [ 504.099872][ C1] ? text_poke+0x90/0x90 [ 504.104119][ C1] ? preempt_schedule_common+0xa6/0xd0 [ 504.109586][ C1] ? preempt_schedule+0xd9/0xe0 [ 504.114442][ C1] ? schedule_preempt_disabled+0x20/0x20 [ 504.120083][ C1] ? __mutex_trylock_common+0x17e/0x2e0 [ 504.125635][ C1] ? perf_event_bpf_output+0x270/0x270 [ 504.131106][ C1] ? preempt_schedule_thunk+0x16/0x18 [ 504.136493][ C1] ? text_poke_sync+0x20/0x20 [ 504.141264][ C1] on_each_cpu_cond_mask+0x3b/0x80 [ 504.146385][ C1] text_poke_bp_batch+0x860/0x940 [ 504.151420][ C1] ? kmem_cache_alloc_bulk+0x11b/0x4d0 [ 504.156881][ C1] ? text_poke_loc_init+0x680/0x680 [ 504.162263][ C1] ? arch_jump_label_transform_queue+0x7d/0xd0 [ 504.168425][ C1] text_poke_finish+0x16/0x30 [ 504.173104][ C1] arch_jump_label_transform_apply+0x13/0x20 [ 504.179084][ C1] static_key_enable_cpuslocked+0x12e/0x250 [ 504.184983][ C1] ? process_one_work+0x7a9/0x11d0 [ 504.190106][ C1] static_key_enable+0x16/0x20 [ 504.194875][ C1] toggle_allocation_gate+0xbf/0x480 [ 504.200164][ C1] ? show_object+0xa0/0xa0 [ 504.204588][ C1] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 504.210577][ C1] ? print_irqtrace_events+0x210/0x210 [ 504.216050][ C1] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 504.221952][ C1] ? do_raw_spin_unlock+0x137/0x8a0 [ 504.227158][ C1] ? process_one_work+0x7a9/0x11d0 [ 504.232272][ C1] process_one_work+0x8a9/0x11d0 [ 504.237230][ C1] ? worker_detach_from_pool+0x260/0x260 [ 504.242869][ C1] ? _raw_spin_lock_irqsave+0x120/0x120 [ 504.248419][ C1] ? kthread_data+0x4e/0xc0 [ 504.252932][ C1] ? wq_worker_running+0x97/0x190 [ 504.257964][ C1] worker_thread+0xa47/0x1200 [ 504.262653][ C1] ? _raw_spin_unlock+0x40/0x40 [ 504.267518][ C1] kthread+0x28d/0x320 [ 504.271587][ C1] ? worker_clr_flags+0x190/0x190 [ 504.276613][ C1] ? kthread_blkcg+0xd0/0xd0 [ 504.281206][ C1] ret_from_fork+0x1f/0x30 [ 504.285643][ C1]