last executing test programs: 42.820063954s ago: executing program 2 (id=1101): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0xfffffffffffffddf, &(0x7f0000000040)) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002024207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095000000000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) keyctl$setperm(0x5, 0x0, 0x0) keyctl$unlink(0x9, 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x2d, &(0x7f00000001c0)=0x4, 0x4) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r3, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r4, &(0x7f0000000100), 0xfecc) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r5, 0x0) write$bt_hci(r3, &(0x7f00000000c0)=ANY=[], 0x6) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, &(0x7f0000000340)=0xb1, 0x0, 0x1) bind$inet(0xffffffffffffffff, 0x0, 0x0) r6 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TIOCSETD(r6, 0x5423, &(0x7f00000000c0)=0xf) 41.725323764s ago: executing program 2 (id=1102): ioctl$SNDRV_PCM_IOCTL_DRAIN(0xffffffffffffffff, 0x4144, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) socket$inet_udp(0x2, 0x2, 0x0) ioctl$CEC_ADAP_S_LOG_ADDRS(0xffffffffffffffff, 0xc05c6104, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x2, 0x3, &(0x7f0000000040)=@framed, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000500)={r1, 0x0, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) socket$kcm(0x2, 0xa, 0x2) r2 = memfd_secret(0x0) ftruncate(r2, 0x51a9497) io_uring_setup(0x3c92, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r4 = socket(0x400000000010, 0x3, 0x0) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000080)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_RSC={0x10}}}]}, 0x44}}, 0x0) 34.47565786s ago: executing program 2 (id=1120): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000024c0)={0xa, 0x4e22}, 0x1c) listen(r0, 0x1) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x20044015, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @empty}, 0x1c) r2 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r2, &(0x7f0000000280)=[{&(0x7f0000000040)="580000001400192340834b80040d8c560a067fbc45ff81054e220000000058000b480400945f64009400050038925a01000000000000008004000000ffe809000000fff5dd000000100001000b080800418e00000004fc", 0x57}], 0x1) 33.542333339s ago: executing program 2 (id=1125): socket$inet6(0xa, 0x2, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x42}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000850000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8}, 0x48) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, 0xffffffffffffffff}) close(r7) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0xd, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x20000084, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r8], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r9}, 0x10) r10 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x2, 0x4, 0x5, 0x2, 0x1000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r10, @ANYBLOB="0000000000000000b7080000000010007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r11 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r5}, &(0x7f0000000240), &(0x7f00000003c0)=r11}, 0x20) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r6, r3, 0x25, 0x2, @val=@tcx}, 0x40) syz_emit_ethernet(0x5a, &(0x7f0000000340)={@local, @dev, @val={@void, {0x8100, 0x0, 0x0, 0x1}}, {@canfd={0xd, {{}, 0x0, 0x0, 0x0, 0x0, "ec7ab49f42266b558197758939c3a67064eb2413deb6d588b153902f5348321b2aa24fcea6549a091e651e6c1d3053eef4b8f189054244df8c1353433e834d4c"}}}}, 0x0) 33.133042659s ago: executing program 2 (id=1128): bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340), 0x48) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x0, 0x5, 0x0, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1f, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000300), 0x80800, 0x0) ioctl$PTP_PIN_GETFUNC(r4, 0xc0603d06, &(0x7f0000000080)={'\x00', 0x5, 0x2, 0x9}) 31.335914512s ago: executing program 2 (id=1131): ioctl$SNDRV_PCM_IOCTL_DRAIN(0xffffffffffffffff, 0x4144, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) socket$inet_udp(0x2, 0x2, 0x0) ioctl$CEC_ADAP_S_LOG_ADDRS(0xffffffffffffffff, 0xc05c6104, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x2, 0x3, &(0x7f0000000040)=@framed, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000500)={r1, 0x0, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) socket$kcm(0x2, 0xa, 0x2) r2 = memfd_secret(0x0) ftruncate(r2, 0x51a9497) io_uring_setup(0x3c92, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r4 = socket(0x400000000010, 0x3, 0x0) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000080)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_RSC={0x10}}}]}, 0x44}}, 0x0) 26.087864441s ago: executing program 4 (id=1147): r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000500)={0x38, 0x1403, 0x6c08c44bda12f87d, 0x70bd29, 0x0, "", [{{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'sit0\x00'}}]}, 0x38}}, 0x0) 24.966439504s ago: executing program 0 (id=1149): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cast5-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000000c0)="2c385a4706", 0x5) r1 = accept4(r0, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r1) sendmsg$nl_route_sched(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f000000e0c0)=@newtaction={0x78, 0x30, 0x220, 0x0, 0x0, {}, [{0x64, 0x1, [@m_skbedit={0x60, 0x0, 0x0, 0x0, {{0xc}, {0x4}, {0x32, 0x6, "769f4f615bc3d2ebeb9eaadfc0dae4c22ba98da5b80964c0f2a18de9803271ba55faf9ca6409be186b9cf9b5ed05"}, {0xc}, {0xc}}}]}]}, 0x78}}, 0x0) 24.88406978s ago: executing program 4 (id=1150): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000060000000000000000850000000f000000c5000000a000020095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000200)='i2c_write\x00', r0}, 0x10) r1 = syz_open_dev$I2C(&(0x7f0000000800), 0x0, 0x0) ioctl$I2C_RDWR(r1, 0x707, &(0x7f00000002c0)={&(0x7f0000000840)=[{0x0, 0x0, 0x0, 0x0}, {0x800, 0x11, 0x0, 0x0}], 0x2}) 24.688084224s ago: executing program 4 (id=1153): symlinkat(0x0, 0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00') mkdirat(0xffffffffffffffff, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sigaltstack(0x0, 0x0) sigaltstack(&(0x7f0000000180)={0x0, 0x2}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setreuid(0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) write$tcp_mem(0xffffffffffffffff, 0x0, 0x0) r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x62181) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r3, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue0\x00'}) write$sndseq(r3, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32={[0x2600]}}], 0xffc8) mkdirat(0xffffffffffffffff, &(0x7f0000000180)='./file0/file0\x00', 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) socket$can_raw(0x1d, 0x3, 0x1) 22.699825801s ago: executing program 4 (id=1155): prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x420000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) r3 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r3, 0x7a7, &(0x7f00000002c0)=0xa0000) r4 = dup(r3) ioctl$IOCTL_VMCI_INIT_CONTEXT(r4, 0x7a0, &(0x7f0000000040)={@my=0x0}) syz_io_uring_setup(0x231, &(0x7f0000000180)={0x0, 0x0, 0x10100}, 0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(0x0, r5, 0x0) io_uring_enter(0xffffffffffffffff, 0x7a98, 0x0, 0x0, 0x0, 0x0) ioctl$IOCTL_VMCI_DATAGRAM_SEND(r4, 0x7ab, &(0x7f0000000080)={0x0}) 22.684201032s ago: executing program 0 (id=1156): socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) syz_usb_connect(0x0, 0x2d, 0x0, 0x0) syz_open_dev$vcsn(&(0x7f0000000040), 0x65, 0x103800) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)={0x2c, 0x13, 0x821, 0x0, 0x0, "", [@typed={0x8, 0x0, 0x0, 0x0, @fd=r1}, @typed={0x6, 0x0, 0x0, 0x0, @str='\xa1K'}, @typed={0xc, 0x1, 0x0, 0x0, @u64}]}, 0x2c}], 0x1}, 0x0) 21.410085497s ago: executing program 4 (id=1158): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1/file3\x00', 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0) setreuid(0x0, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r4, 0xc0045516, &(0x7f0000000000)=0xffb) accept$alg(0xffffffffffffffff, 0x0, 0x0) dup(0xffffffffffffffff) setsockopt(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) r5 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$inet6_int(r5, 0x29, 0x19, &(0x7f0000000000), 0x4) sendmmsg$inet6(r5, 0x0, 0x0, 0x0) ioctl$TIOCSWINSZ(r0, 0x5414, &(0x7f0000000100)={0x6, 0x5, 0x0, 0xf7d6}) close_range(r0, r0, 0x2) ioctl$TIOCL_PASTESEL(r0, 0x541c, &(0x7f0000000000)) 20.392666591s ago: executing program 0 (id=1162): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0x14, &(0x7f0000000080)=0xfff, 0x4) sendmmsg(r0, &(0x7f0000000440)=[{{&(0x7f0000000cc0)=@ieee802154={0x24, @long={0x3, 0x3, {0xaaaaaaaaaaaa0302}}}, 0x80, &(0x7f00000004c0)=[{&(0x7f00000002c0)=';', 0x1}], 0x1, 0x0, 0x0, 0x2f00}}], 0x1, 0x0) 20.260571422s ago: executing program 4 (id=1164): r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) ioctl$AUTOFS_IOC_ASKUMOUNT(r2, 0x80049370, &(0x7f0000000000)) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000032680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r4 = socket(0xf, 0x3, 0x2) write(r4, &(0x7f0000a97ff0)="020baf040200000000067bbc8e1d4b48", 0x10) r5 = syz_open_procfs(0x0, 0x0) preadv(r5, 0x0, 0x0, 0x0, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000d00)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000010000000900010073797a30000000002c000000030a01020000000000000000010000020900010073797a30000000000900030073797a320000000064000000060a010400000000000000000100000008000b40000000003c000480140001800c000100636f756e7465720004000280240001800b000100657874686472000014000280080005400000000108000640000000010900010073797a30"], 0x40c}}, 0x0) read$hidraw(r0, 0x0, 0x0) prlimit64(0x0, 0x7, &(0x7f0000000440), 0x0) socket$vsock_stream(0x28, 0x1, 0x0) 19.943987665s ago: executing program 0 (id=1165): symlinkat(0x0, 0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00') mkdirat(0xffffffffffffffff, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sigaltstack(0x0, 0x0) sigaltstack(&(0x7f0000000180)={0x0, 0x2}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setreuid(0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) write$tcp_mem(0xffffffffffffffff, &(0x7f0000000000), 0x48) r3 = openat$sndseq(0xffffffffffffff9c, 0x0, 0x62181) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r3, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue0\x00'}) write$sndseq(r3, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32={[0x2600]}}], 0xffc8) mkdirat(0xffffffffffffffff, &(0x7f0000000180)='./file0/file0\x00', 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) socket$can_raw(0x1d, 0x3, 0x1) 18.504515141s ago: executing program 0 (id=1166): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cast5-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000000c0)="2c385a4706", 0x5) r1 = accept4(r0, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r1) sendmsg$nl_route_sched(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f000000e0c0)=@newtaction={0x78, 0x30, 0x220, 0x0, 0x0, {}, [{0x64, 0x1, [@m_skbedit={0x60, 0x0, 0x0, 0x0, {{0xc}, {0x4}, {0x32, 0x6, "769f4f615bc3d2ebeb9eaadfc0dae4c22ba98da5b80964c0f2a18de9803271ba55faf9ca6409be186b9cf9b5ed05"}, {0xc}, {0xc}}}]}]}, 0x78}}, 0x0) 16.435594234s ago: executing program 0 (id=1171): ioctl$SNDRV_PCM_IOCTL_DRAIN(0xffffffffffffffff, 0x4144, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) socket$inet_udp(0x2, 0x2, 0x0) ioctl$CEC_ADAP_S_LOG_ADDRS(0xffffffffffffffff, 0xc05c6104, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x2, 0x3, &(0x7f0000000040)=@framed, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000500)={r1, 0x0, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) socket$kcm(0x2, 0xa, 0x2) ftruncate(0xffffffffffffffff, 0x51a9497) io_uring_setup(0x3c92, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r3 = socket(0x400000000010, 0x3, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000080)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_RSC={0x10}}}]}, 0x44}}, 0x0) 11.08908784s ago: executing program 3 (id=1178): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000200)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) mmap(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = add_key$keyring(&(0x7f0000000080), 0x0, 0x0, 0x0, 0xfffffffffffffffe) r5 = add_key$keyring(0x0, &(0x7f00000002c0)={'syz', 0x0}, 0x0, 0x0, r4) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r4, &(0x7f0000000140)='asymmetric\x00', &(0x7f0000000340)=@keyring={'key_or_keyring:', r5}) 9.311826241s ago: executing program 3 (id=1180): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0xfffffffffffffddf, &(0x7f0000000040)) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002024207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095000000000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0, r3}, 0x10) keyctl$setperm(0x5, 0x0, 0x0) keyctl$unlink(0x9, 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x2d, &(0x7f00000001c0)=0x4, 0x4) r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r4, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r5, &(0x7f0000000100), 0xfecc) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r6, 0x0) write$bt_hci(r4, &(0x7f00000000c0)=ANY=[], 0x6) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, &(0x7f0000000340)=0xb1, 0x0, 0x1) bind$inet(0xffffffffffffffff, 0x0, 0x0) r7 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TIOCSETD(r7, 0x5423, &(0x7f00000000c0)=0xf) 7.934060423s ago: executing program 3 (id=1183): syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000000)='./bus\x00', 0xa04254, &(0x7f0000000080)=ANY=[], 0x8, 0x2fd, &(0x7f0000000c40)="$eJzs3M9rE1sUwPGTNE2TlCZZPN7jPXj0ohvdDG10LQZpQQxY2kZsBWHaTjRkTEomVCJideVW/CNclC67K6j/QDfudOPGXTeCC4uII5kfbdKmqU5N0x/fD5S5mXPO9F4mLWdCZjZvv3hQKlhaQa9JOKYkJCKyJZKWsPhC3jbsjKPS7KlcHPzy/v+pmdkb2VxubFKp8ez0pYxSKjn8+uHjuJe2PiAb6bubnzOfNv7e+Hfzx/T9oqWKlipXakpXc5WPNX3ONNRC0SppSk2Yhm4Zqli2jKobr7jxgllZXKwrvbwwlFisGpal9HJdlYy6qlVUrVpX+j29WFaapqmhhOAg+ZXJST0bsHj+D08GQX2zbbtDuFrN6n0iEt8Tya90dV4AAOBY2t3/hxstfaD+X5JO/99I3un/V8+9rQ3eWkt6/f96tF3/f/mDe6yW/j8mIl3v//d2RCfe8u8kH6r/x/EwHN2zK9TyqtH/J7y/X8ezO6sjzoD+HwAAAAAAAAAAAAAAAAAAAACAk2DLtlO2baf8rf+zcwuB9xqn0n7nf0BEYo2zb3P+T7OpmVmJOTfuRZIi5vOl/FLe3XpxP3FEUvLdeT94GmP/ziPVkJY35rJXv7yU73Mi2YIUxRRDRiUl6d31tj1+PTc2qlyt9f2SaK7PSEr+al+faVsflQvnm+o1Scm7eamIKQvO+3qn/smoUtdu5nbVx508AAAAAABOA01ta3v9rmn7xd367evrtp8PuNfXI22vzyOp/yK9XTsAAAAAAGeFVX9U0k3TqHYYxOXgnOCDSLDy/k45fU0r/NUDRp3vu4h0b6UdBv4XKVpCMW9nsCP76+/OnMMSpGq4MR912N/uf2y0X45M9OAMOoN/Xr76Gqw85D21tzl0ZS12wEq7Nug/iv89AAAAAI6W3/THLX/P1d5OCAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAM+goHifW6zUCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAx8XPAAAA//+JzwPM") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000080), 0x1, 0x0) syz_open_dev$sndctrl(&(0x7f0000000000), 0x1, 0x0) setsockopt$sock_int(r3, 0x1, 0x3c, &(0x7f00000000c0)=0x1, 0x4) setsockopt$SO_TIMESTAMPING(r3, 0x1, 0x25, 0x0, 0x0) sendmmsg$inet(r3, 0x0, 0x0, 0x4000800) syz_mount_image$ext4(&(0x7f0000000440)='ext4\x00', &(0x7f0000000480)='./file0\x00', 0x0, &(0x7f0000002140)={[{@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0x3}}]}, 0x0, 0x46b, &(0x7f00000014c0)="$eJzs289vFFUcAPDvzLaUX7UV8Qc/1FU0Nv5oaUHlYGI0mnAxMdEDHmspBCnU0JoIaaQag0fDX6AeTfwLPOnFqCeNV70bE2J6AT2YNbM7099buttut7CfTzLw3s6bfd83bx7zZh4bQMcqZ38kEXsj4veI6KtllxYo1/66NTcz9s/czFgSlcpbfyfVcjfnZsaKosVxe/LMQBqRfprEoVXqnbp85fzoxMT4pTw/NH3h/aGpy1eeO3dh9Oz42fGLIydOHD82/OILI89vSjt7s1gPfjR5+MDJd66/MXbq+rs/fZPFuzfff3NuZsfSI/o3XGc5ykvP5SJPbvjbt5feRemkq42B0JBSRGTd1V0d/31RioXO64vXP2lrcEBLVSqVSk8tWVr4dD45WwHuYkm0OwKgPYobffYcX2xbPAVpqxuv1B6Asnbfyrfanq5Is2f4/tqzUW+L6i9HxKnZf7/Itlj2PgUAoBW+y+Y/z642/0vjgUXl7snXhvoj4t6I2BcR90XE/oi4P6Ja9sGIeKjB+svL8ivnP7/uaqph65TN/17K17aWzv/Sokh/Kc/1VtvfnZw5NzF+ND8nA9Hdk+WH16jj+9d++7zevsXzv2zL6i/mgnkcf3X1LD3m9Oj0pq2w3Pg44mDXau1P5lcCkog4EBEHm/j+7Jyde/rrw/X23779a9iEs1D5KuKpWv/PxrL2F5K11yeHdsbE+NGh4qpY6edfrr1Zr/4NtX8TZP2/e9Xrf779/cni9dqpxuu49sdndZ9pmrz+R3ckb1fTxaLth6PT05eGI3Yksys/H1k4tsgX5bP2DxxZffzvi/jvy/y4QxGRXcQPR8QjEfFoHvtjEfF4RBxZo/0/vvrEe823v7Wy9p9uqP8bT5TO//BtvfrL+Xrx2v1/vJoayD/J+v927apVvjPP1Q+w2fMGAAAAd5K0+n/gk3RwPr1gf+xOJyanpp85M/nBxdO1ff3RnRZvuvoWvQ8dzt8NF/mRZflj1ffGlUqlsquaHxybnGjVmjqwPntWjP80HRys7fuztLTsy22JEGiphtbR6v2iDbgj+b0mdK51jH93fbhLNX3/n93cOICtZ/4PnWu18X814lYbQgG2mPs/dC7jHzqX8Q+dy/iHjrSR3/Wvldh3slXffLclStsjjIYTkW6LMJpLpNsjjFqiJyLWW/hqbFVg7f6XCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYHP8HwAA//+/OuLi") prctl$PR_SET_PTRACER(0x59616d61, r0) ioctl$FS_IOC_ENABLE_VERITY(0xffffffffffffffff, 0x8004587d, &(0x7f0000000140)={0x2, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0}) r4 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) getdents(r4, &(0x7f0000000100)=""/155, 0x9b) 6.580991363s ago: executing program 3 (id=1184): syz_mount_image$jfs(&(0x7f0000000700), &(0x7f0000000000)='./file0\x00', 0x2010880, &(0x7f0000000600)=ANY=[@ANYBLOB='gid=', @ANYRESHEX=0x0, @ANYBLOB=',noquota,nodiscard,iocharset=macturkish,errors=continue,iocharset=iso8859-6,iocharset=default\x00gid=', @ANYRESHEX=0x0, @ANYBLOB="2c71756f74612c696f636861727365743d6370b737352c726573697a652c6769643d", @ANYRESHEX=0x0, @ANYBLOB=',discard,noquota,noquota,\x00'], 0x1, 0x60a5, &(0x7f0000006400)="$eJzs3UuPHFfZB/Cnr3PxG2eURZTXQmjihEsI8TUYQ4AkC1iwyQJ5i2xNJpGFA8g2yIksPNFsWLDiE4CQWCLEErHgA2TBlh0rVliykUBZUahmzvFUt7vdY8bT1Z7z+0njqqdO9fSp+Xf1xVXVJwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA+O53vne2ExGXf5oWrEX8X/QiuhErdb0eESvra3n9fkS8EDvN8XxEDJYi6tvv/PNsxOsR8cnxiHv3b2/Ui8/tsx/f/v1ff/P9Y+/85XeD0//+w83eG9PWu3XrF//6452DbTMAAACUpqqqqpM+5p9In++7bXcKAJiL/PpfJXn5ka9/+fd3/rRI/VGr1Wq1eg51UzXZnWYREVvN29TvGRyOB4CnzFZ82nYXaJH8i9aPiGNtdwJYaJ22O8ChuHf/9kYn5dtpvh6s77bnc0FG8t/qPLi+Y9p0lvFzTOb1+NqOXjw3pT8rc+rDIsn5d8fzv7zbPkzrHXb+8zIt/+HupU/Fyfn3xvMfc3Ty707Mv1Q5//5j5d+TPwAAAAAALLD8//9rLR//XTr4puzLo47/rs+pDwAAAAAAAADwpB10/L8HjP8HAAAAC6v+rF771fG9ZdO+i61efqkT8czY+kBh0sUyq233AwAAAAAAAAAAAABK0t89h/dSJ2IQEc+srlZVVf80jdeP66C3f9qVvv1Qsraf5AEAYNcnx8eu5e9ELEfEpfRdf4PV1dWqWl5ZrVarlaX8fna4tFytND7X5mm9bGm4jzfE/WFV/7Llxu2aZn1entU+/vvq+xpWvX107AkZpL/mlOaWwgaAZPfV6J5XpCOmqp6d9uYDRtj/jx77P/vR9uMUAAAAOHxVVVWd9HXeJ9Ix/27bnQIA5iK//o8fFziUOuJwf79arVar1epH1k3VZHeaRURsNW9Tv2cwHD8APGW24tO2u0CL5F+0fkS80HYngIXWabsDHIp7929vdFK+nebrQRrfPZ8LMpL/Vmfndvn2k6azjJ9jMq/H13b04rkp/Xl+Tn1YJDn/7nj+l3fbh2m9w85/XqblX2/nWgv9aVvOvzee/5ijk393Yv6lyvn3Hyv/nvwBAAAAAGCB5f//X3P8N28yAAAAAAAAADx17t2/vZGve83H/z8zYT3Xfx5NOf+O/IuU8++O5f/FsfV6jfm7b+/l/8/7tzd+e/Mf/5+n+81/Kc900iOrkx4RnXRPnX6aHmTrHrY96A3rexp0ur1+OuenGrwXV+NabMaZkXW76e+x1352pL3u6WCk/dxIe/+h9vMj7YP0vQPVSm4/FRvxo7gW7+60121LM7Z/eUZ7NaM959+z/xcp599v/NT5r6b2zti0dvfj7kP7fXM66X7euvrZn585/M2ZaTt6D7atqd6+ky30Z+dvcmwYP7mxef3UrSs3b14/G2kysvRcpMkTlvMf7Pws7T3/v7Tbnp/3m/vr3Y+Hj53/otiO/tT8X2rM19v7ypz71oac/zD95PzfTe2T9/+nOf/p+/+rLfQHAAAAAAAAAAAAAAAAHqWqqp1LRN+KiAvp+p+2rs0EAOYrv/5XSV6uVqvVarX66NVN1WRvNouI+HPzNvV7hp9N+mUAwCL7T0T8re1O0Br5Fyx/3189fbntzgBzdePDj35w5dq1zes32u4JAAAAAAAAAPC/yuN/rjfGf345ItbG1hsZ//XtWD/o+J/9PPNggNEnPND3FNvdYa/bGG78xdgZn/vUtPG/T8ajx//uz7i/wYz24Yz2pRntyxOX7qU18UKPhpz/i43xzuv8T4wNv17C+K/jY96XIOd/svF4rvP/wth6zfyrXy9c/lv7XXE7uiP5n775wY9P3/jwo9eufnDl/c33N394/uzZM+cvXLh48eLp965e2zyz++/h9HoB5Pzz2NfOAy1Lzj9nLv+y5Pw/l2r5lyXn//lUy78sOf/8fk/+Zcn5588+8i9Lzv+VVMu/LDn/L6Va/mXJ+b+aavmXJef/5VTLvyw5/9dSLf+y5PxPpVr+Zcn5n071PvL39fBHSM4/H+Gy/5cl55/PbJB/WXL+51It/7Lk/M+nWv5lyfm/nmr5lyXn/5VUy78sOf8LqZZ/WXL+X021/MuS87+YavmXJef/tVTLvyw5/6+nWv5lyfm/kWr5lyXn/41Uy78sOf9vplr+Zcn5fyvV8i9Lzv/NVMu/LHvf/2/GjBkzeabtZyYAAAAAAAAAAAAAYNw8TiduexsBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID/sgMHAgAAAABA/q+NUFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYUdOBAAAAAAAPJ/bYSqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqoq7N1djFxnfT/wM/tirx1CDITg5G9gk5gQkiW7thO/8K+LCa8NUAokFPqC7XrXZsFveO0SKJJNAyUSRkUVVdOLtoBQG6mqsCouaEVpLqq+XJX2gt5UVJWQGlUBBSSktqJsNXOe5/HM7OycXe94PXuez0eKf96dM3POnHlmdr/rfHcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABod+cb5z7bKIqi+V/rj21F8YLm37dMbmt97nU3+ggBAACAtfrf1p/P35I+cWgFV2rb5u9e8Y9fX1xcXCzeP/q7419cXEwXTBbF+OaiaF0WXfn3DzTatwmeKCYaI20fj1TsfrTi8rGKy8crLt9UcfnmissnKi5fcgKW2FL+PKZ1Yztbf91WntLi1mK8ddnOHtd6orF5ZCT+LKel0brO4vjxYr44WcwVMx3bl9s2Wtt/887mvt5WxH2NtO1rR3OF/PCTx+IxNMI53tmxr6u3GX3/DcXkj374yWN/fP6523vNytPQcXvlcd57V/M4Px0+Ux5ro9iczkk8zpG249zR4zEZ7TjORut6zb93H+fzKzzO0auHua66H/OJYqT192+3ztNY+4/10nnaET73X3cXRXHp6mF3b7NkX8VIsbXjMyNXH5+JckU2b6O5lF5cjK1qnd65gnXanLM7O9dp93MiPv53huuNLXMM7Q/T9z+1acnjvtp1GjXv9XLPle41OOjnyrCswbguvt2600/2XIM7w/3/5D3Lr8Gea6fHGkz3u20N3lW1Bkc2jbaOOT0IjdZ1rq7BXR3bj7b21GjNZ+/pvwanz586O73w8U+8dv7U0RNzJ+ZO79m1a2bP3r379++fPj5/cm6m/PMaz/bw21qMpOfAXeHcxefAq7u2bV+qi18e3PNwos/zcFvXtoN+Ho5137nG+jwhl67p8rnxaPOkT1weKZZ5jrUen/vW/jxM97vteTjW9jzs+TWlx/NwbAXPw+Y2Z+9b2fcsY23/9TqG6/W1YFvbGuz+fqR7DQ76+5FhWYMTYV38633Lfy3YEY73yanVfj8yumQNprsbXnuan0nf70/sb41e6/KO5gU3bSouLMyde+Dxo+fPn9tVhLEuXtK2VrrX69a2+1QsWa8jq16vh+Zf8eQdPT6/LZyridc2/5hY9rFqbvPgA/0fq9ZXt97ns+Ozu4swBmy9z2evr+bN85myZJ/z2dzm09Nr/1485dK219/xZV5/Y+7/abm/dFNPjI6Plc/f0XR2xjtejzsfqrHWa1ejte/np1f2ejwe/lvv1+Nb+7web+/adtCvx+Pddy6+HjeqftqxNt2P50RYJydn+r8eN7fZvnu1a3Ks7+vx3WE2wvl/TUgKKRe1rZ3l1m3a19jYeLhfY3EPnet0T8f24yGbNff19O5rW6f33l3e1mi6d1et1zqd7Np20Os0vV4tt04bVT99uzbdj+dEWBe37um/TpvbPPPg2l87t8S/tr12bqpag+Ojm5rHPJ4WYfl6v7glrsEHimPFmeJkMdu6dFNrPTVa+5p6aGVrcFP4b71fK7f3WYP3dm076DWYvo4tt/YaY0vv/AB0P54TYV089VD/Ndjc5k37Bvu9673hM2mbtu9du3++ttzPvO7oOk3X82dezeP8m339fzbb3Obk/tXmzP7n6f7wmZt6nKfu5+9yz6nZYn3O0/ZwnM/tX/48NY+nuc0XD6xwPR0qiuLiRx9u/bw3/PvKn1/4ztc7/t2l17/pXPzowz+4+fjfrub4Adj4flqOreXXurZ/mVrJv/8DAAAAG0LM/SNhJvI/AAAA1EbM/fH/Ck/kfwAAAKiNmPvHwkwyyf/b3/Tc/E8vFqmZvxjEy9NpeKTcLnZcZ8LHk4tXNT//8FfnfvyXF1e275GiKH7yyG/03H77I/G4SpPhOK+8ufPzS694cUX7P/LY1e3a++tfCrcf789Kl0GvCu5MURTfvOXzrf1MfuByaz7zyJHWfM+lJ59obvP8gfLjeP1nX1Ju/weh/Hvo+NGO6z8bzsP3wpx5e+/zEa/3tcuv2bHvfVf3F6/XuOuFrbv91AfL242/J+cLT5Tbx/O83PH/1eee/lpz+8df1fv4L470Pv6nw+1+Ncz/fnm5fftj0Pw4Xu8z4fjj/uL1HvjKt3oe/5XPltuffUu53ZEw4/7vDR/vfMtz8+3n6/HG0Y77Vby13C7uf+Y7v926PN5evP3u4584fLnjfHSvj2f+ubyd6a7t4+fjfqK/6Np/83ba12fc/9O/daTjPFft/8p7nn1583a7939/13ajXdfv/o1Nf/iZz/fcXzyeQ392tuP+HHp3eB6H/T/1wbAew+X/c+XzHfuNjry78/Unbv+lbRc77k/0th+V+7/y+hOt+R+TP/79m15w8wsvvbJ57ori2+8tb69q/yf+6EzH8X/5tvtaj0e8PHb0u/e/nLj/cx+bOn1m4cL8bNtZbf3unHeUx7N5YsvW5vHeEl5buz8+fOb8h+bOTc5MzhTFZH1/hd41+0qYPyjHpdVe/77HwuN5x+99c+s9//S5+Pl/ebT8/OW3l1+3Xh22+0L4/Lby8VtsrHH/T915W+v53Xim/Lijxz4AO3b+5/4VbRjuf/f3BXG9n33ph1rnoXlZ6+tGfF6v8fi/O1vezjfCeV0Mv5n5rtuu7q99+/i7ES6/t3y+r/n8hZe5+Lj+SXi83/m98vbjccX7+93wfcy3tne+3sX18Y2LI9233/otHpfC60lxqbw8bhXP9+Xnb+t5ePH3kBSXbm99/Dvpdm5f1d1czsLHF6ZPzp++8Pj0+bmF89MLH//E4VNnLpw+f7j1uzwPf7jq+ldfn7a2Xp9m5/Y+WMxsKYriTDGzDi9Y1+f4m39b2fGffezY7L6Ze2bnjh+9cPz8Y2fnzp04trBwbG524Z6jx4/Pfazq+vOzB3ftPrBn3+6pE/OzB/cfOLDnwNT86TPNwygPqsLemY9MnT53uHWVhYMPHtj10EMPzkydOjM7d3DfzMzUharrt742TTWv/etT5+ZOHj0/f2puamH+E3MHdx3Yu3d35W8DPHX2+MLk9LkLp6cvLMydmy7vy+T51qebX/uqrk89Lfxb+f1st0b5i/iKd92/N/1+1qavfmrZmyo36foFos+F30XzDy86u38lH8fcPx5mkkn+BwAAgBzE3L8pzET+BwAAgNqIuX9zmIn8DwAAALURc/9EmEkm+V//X/9/Zf3/8nL9/7z6/2c/WvZKN3r/P/bn9f/zcIP7/2vev/6//n/9+v8r789v9OPX/9f/Z6lh6//H3L+lKLLM/wAAAJCDmPu3hpnI/wAAAFAbMfffFGYi/wMAAEBtxNz/gjCTTPK//v+K+v+7qwpX9e//e/9//f9iY/b/44Oj/5+NVffv3/dox4f6/4H+v/6//r/+v/4/aza+7CU3qv8fc//NYSaZ5H8AAADIQcz9Lwwzkf8BAACgNmLuvyXMRP4HAACA2oi5f1uYSSb5X//f+//r/+v/17r/v9b3/287GP3/jcH7//en/1/hmvv/E/r/G7H/Pz7Y4x/u/n/l4ev/c10M2/v/x9z/ojCTTPI/AAAA5CDm/heHmcj/AAAAUBsx978kzET+BwAAgNqIuf/WMJNM8r/+v/6//r/+v/5/7/1Xv/9/+Tf9/+Gi/9+f/n8F7/+fV/9/wMc/3P3/Qb////ibu6+v/08vw9b/j7n/pWEmmeR/AAAAyEHM/beFmcj/AAAAUBsx978szET+BwAAgNqIuX97mEkm+V//X/9f/1//X/+/9/6r+/8l/f/hov/fn/5/Bf1//X/9/5X1/3t886v/Ty/D1v+Puf/2MJNM8j8AAADkIOb+O8JM5H8AAACojZj7/1+YifwPAAAAtRFz/44wk0zyv/6//r/+f179//s36f/r/9eb/n9/+v8V9P/1//X/V/j+/0utpv+/uerGqI1h6//H3P/yMJNM8j8AAADkIOb+V4SZyP8AAABQGzH3vzLMRP4HAACA2oi5fzLMJJP8r/9fr/7/n/71U68s9P/1/yv2X9P+f1wG+v+Z0//vT/+/gv6//r/+/7r0/8nHsPX/Y+6/M8wkk/wPAAAAOYi5/64wE/kfAAAAaiPm/rvDTOR/AAAAqI2Y+3eGmWSS//X/69X/j/T/9f/77b+m/f9E/z9v+v89tD1J9f8r6P/r/2ff/4/f/er/MxjD1v+Puf9VYSaZ5H8AAADIQcz994SZyP8AAABQGzH3vzrMRP4HAACA2oi5/94wk0zyv/6//r/+v/6//n/v/ev/b0z6//3p/1fQ/9f/z77/7/3/Gaxh6//H3P+aMJNM8j8AAADkIOb++8JM5H8AAACojfj/b5b/36v8DwAAAHUUc/9UmEkm+V//X/8/p/5/Q/9f/1//v/b0//vT/6+g/6//r/+v/89ADVv/P+b+14aZZJL/AQAAIAcx9z8QZiL/AwAAQG3E3D8dZiL/AwAAQG3E3D8TZpJJ/tf/1//Pqf/v/f/1//X/60//vz/9/wr6//r/dev/F4X+PzfUsPX/Y+7fFWaSSf4HAACAHMTcvzvMRP4HAACA2oi5f0+YifwPAAAAtRFz/4NhJpnkf/1//X/9f/1//f/e+9f/35j0//vT/6+g/6//X7f+v/f/5wYbtv5/zP0PhZlkkv8BAAAgBzH37w0zkf8BAACgNmLu3xdmIv8DAABAbcTcvz/MJJP8r/9fk/7/b/59x771//X/++1/MP3/Lfr/Yer/D5ea9v+7nxbXTP+/gv6//r/+v/4/AzVs/f+Y+w+EmWSS/wEAACAHMfe/LsxE/gcAAIDaiLn//4eZyP8AAABQGzH3/0yYSSb5X/+/Jv3/Lvr/+v/99u/9//X/66ym/f+B0f+voP+v/6//r//PQF3//n/828r6/zH3HwwzyST/AwAAQA5i7v/ZMBP5HwAAAGoj5v7Xh5nI/wAAAFAbMfcfCjPJJP/r/+v/6//r/1+f/v/ri27D2P9vLh79/3rR/+9P/7+C/r/+v/6//j8DNWzv/x9z/xvCTDLJ/wAAAJCDmPsfDjOR/wEAAKA2Yu5/Y5iJ/A8AAAC1EXP/m8JMMsn/+v/6//r/+v/e/7/3/vX/Nyb9//70/yvo/+v/6//r/zNQw9b/j7n/zWEmmeR/AAAAyEHM/W8JM5H/AQAAoDZi7n9rmIn8DwAAALURc//bwkwyyf/6//r/+v/6//r/vfev/78x6f/3p/9fQf9f/1//X/+fgRq2/n/M/T8XZpJJ/gcAAIAcxNz/SJiJ/A8AAAC1EXP/28NM5H8AAACojZj73xFmkkn+1//X/9f/1//X/++9f/3/jUn/vz/9/wr6//r/+v/6/wzUsPX/Y+5/Z5hJJvkfAAAAchBz/8+Hmcj/AAAAUBsx978rzET+BwAAgNqIuf8Xwkwyyf/6//r/+v/6/1n0/5tX0v/Pgv5/f/r/FXr0/zfr/+v/6//r/3PNhq3/H3P/u8NMMsn/AAAAkIOY+98TZiL/AwAAQG3E3P/eMBP5HwAAAGoj5v5Hw0wyyf/6/1n2/9Nd1v8v6f9n0P/3/v/Z0P/vT/+/gvf/1//X/9f/Z6CGrf8fc/9jYSaZ5H8AAADIQcz97wszkf8BAACgNmLu/8UwE/kfAAAAaiPm/veHmWSS//X/s+z/e///dev/j3Wsj5z6/xNtj2dal/r/+v/rQP+/P/3/Cvr/+v/D3P8Pq3nLMtfX/2cYDVv/P+b+D4SZZJL/AQAAIAcx9/9SmIn8DwAAALURc/8vh5nI/wAAAFAbMff/SphJJvlf/1//X//f+/97///e+9f/35j0//vT/6+g/6//P8z9/wr6/wyjYev/x9z/q2EmmeR/AAAAyEHM/R8MM5H/AQAAoDZi7j8cZiL/AwAAQG3E3H8kzCST/K//393/j++oqv+v/6//r/+v/78RDa7//7Kbi0L/X/9f/1//X/9f/5+1GLb+f8z9R8NMMsn/AAAAkIOY+38tzET+BwAAgNqIuf9YmIn8DwAAALURc/9smEkm+V//3/v/D6r//xP9f/3/QP+/N/3/9eH9//vT/6+g/6//r/+v/89ADVv/P+b+uTCTTPI/AAAA1Fj6cXDM/cfDTOR/AAAAqI2Y+0+Emcj/AAAAUBsx938ozCST/K//r//v/f9vRP9/rGN7/f+S/r/+/yDo//en/19B/1//X/9f/5+BGrb+f8z982EmmeR/AAAAyEHM/R8OM5H/AQAAoDZi7v9ImIn8DwAAALURc//JMJNM8r/+v/5/7v3/RlFc8v7/+v+99q//vzHp//en/19B/1//X/9f/5+BGrb+f8z9p8JMMsn/AAAAkIOY+0+Hmcj/AAAAUBsx958JM5H/AQAAoDZi7j8bZpJJ/tf/1//Pvf9f3JD3/+/cXv+/pP+v/z8IS/r3Y6u7/rL9//9j7z6a9DirPg4/r8u2pNXLR2DNiiWs+Aps2VHFmgVgcjAmZzA5B5NzzsnknHM2OUcTDVWiGJ1zLGked8tWa6b7Pte1OUiFeUbWYOqP6lf3He901d31//p//f8k/b/+X//P+dbW/+fuv1fc0mT/AwAAQAe5++8dt9j/AAAAMIzc/feJW+x/AAAAGEbu/qvilib7X/+v/9f/6//P6f+v1//r/7fN+//T9P8z9P/6f/2//p9Fra3/z91/37ilyf4HAACADnL33y9usf8BAABgGLn77x+32P8AAAAwjNz9D4hbmux//b/+X/+v//f+//7P1/9vk/5/mv5/hv5f/6//1/+zqLX1/7n7Hxi3NNn/AAAA0EHu/gfFLfY/AAAADCN3/4PjFvsfAAAAhpG7/yFxS5P9r//X/+v/9f/6//2fr//fput2N/8zQf9/mP5/xkz/v9vp/6dccD+//5e3na//Fuj/9f8ctrb+P3f/Q+OWJvsfAAAAOsjd/7C4xf4HAACAYeTuvzpusf8BAABgGLn7Hx63NNn/+n/9v/5f/6//3//5+v9t8v7/tIvv/+9wu3veo2//7/3/ad7/1//r/znf2vr/3P3XxC1N9j8AAAB0kLv/EXGL/Q8AAADDyN3/yLjF/gcAAIBh5O5/VNzSZP/r/9v0/we1i/5f/6//1/+PTv8/zfv/Mw7+MXeqfqj/1//r//X/XJy19f+5+x8dtzTZ/wAAANBB7v7HxC32PwAAAAwjd/9j4xb7HwAAAIaRu/9xcUuT/a//b9P/e/9f/6//1/+3oP+fpv+fMcr7/7fxu+a4+/mLddxfv/5f/89ha+v/c/c/Pm5psv8BAACgg9z9T4hb7H8AAAAYRu7+J8Yt9j8AAAAMI3f/k+KWJvtf/6//30b/n5+g/9f/6//1/9P0/9P0/zNG6f9vo+Pu57f+9ev/9f8ctrb+P3f/k+OWJvsfAAAAOsjd/5S4xf4HAACAYeTuf2rcYv8DAADAMHL3Py1uabL/9f/6/230/97/1//r//X/F0b/P03/P0P/r//X/+v/WdTa+v/c/dfGLU32PwAAAHSQu//pcYv9DwAAAMPI3f+MuMX+BwAAgGHk7n9m3NJk/+v/9f/6f/2//n//5+v/t0n/P03/P0P/r//X/+v/WdSK+v+z/qqTu2fFLU32PwAAAHSQu//ZcYv9DwAAAMPI3f+cuMX+BwAAgGHk7n9u3NJk/+v/V9P/H+R8Y/X/p3a7nf5/17T/P3XW72d9X+r/9f9HQP8/Tf8/Q/+v/9f/6/9Z1Ir6/4Mf5+5/XtzSZP8DAABAB7n7nx+32P8AAAAwjNz9L4hb7H8AAAAYRu7+F8YtTfa//n81/f+Bsfp/7/+f//3Rqf/3/v9h+v+jof+fpv+fof/X/+v/9f8sam39f+7+F8VNV15xm3+JAAAAwMrk7n9x3NLkz/8BAACgg9z9L4lb7H8AAADYqGsP/Uzu/pfGLU32v/5/2f7/yrN+Tv+v/z//+0P/r//X/196+v9p+v8Z+n/9v/5f/8+i1tb/5+5/WdzSZP8DAABAB7n7r4tb7H8AAAAYRu7+l8ct9j8AAAAMI3f/K+KWJvtf/+/9f/2//l//v//z9f/bpP+fpv+fof/X/x9v/3/i5n+p/2cMt6L/P3369NWXvP/P3f/KuKXJ/gcAAIAOcve/Km6x/wEAAGAYuftfHbfY/wAAADCM3P2viVua7H/9f9P+P7/V9f8H9P/6/32fr//fJv3/NP3/DP2//t/7//p/FrW29/9z9782bmmy/wEAAKCD3P2vi1vsfwAAABhG7v7Xxy32PwAAAAwjd/8b4pYm+1//37T/9/6//l//f9T9/007/f+R2ET/f+qWP3/t/f81+n/9/4R2/f9d73zOD/X/+n8OW1v/n7v/jXFLk/0PAAAAHeTuf1PcYv8DAADAMHL3vzlusf8BAABgGLn73xI3Xd5k/+v/9f/6f/2//n//5x/x+/9X7nY7/f8CNtH/T1h7/+/9f/3/lHb9/3n0//p/Dltb/5+7/61xS5P9DwAAAB3k7n9b3GL/AwAAwDBy9789brH/AQAAYBi5+98RtzTZ//p//b/+X/8/fP9/zSb6f+//L0T/P03/P0P/r//X/+v/ORLH1f/n7n9n3NJk/wMAAEAHufvfFbfY/wAAADCM3P3vjlvsfwAAABhG7v73xC1N9r/+X/+v/9f/n1hd/3/ynP+8Ju//6/8Xov+fpv+fof/X/+v/r9X/s6S1vf+fu/+9cUuT/Q8AAAAd5O5/X9z6v27tfwAAABhG7v73xy32PwAAAAwjd/8H4pYm+1//r//X/+v/h3//X//fiv5/mv5/hv5f/6//9/4/i1pb/5+7/4NxS5P9DwAAAB3k7v9Q3GL/AwAAwDBy9384brH/AQAAYBi5+6+PW5rsf/2//l//r//X/5/5PdT/j0H/P+1o+v9T+n/9f/Xz/xf/LdD/6//n/nrGtLb+P3f/R+KWJvsfAAAAOsjd/9G4xf4HAACAYeTu/1jcYv8DAADAJl2+5+dy9388bmmy//X/+n/9v/5f/7//8/X/26T/n+b9/xn6/1vZz9/+nB9t7f3/8//3S/+v/2d5a+v/c/d/Im5psv8BAACgg9z9n4xb7H8AAAAYRu7+T8Ut9j8AAAAMI3f/p+OWJvtf/6//1//r//X/+z9f/79N+v9p+v8Z+v9jfT9/61+//l//z2Fr6/9z938mbmmy/wEAAKCD3P2fjVvsfwAAABhG7v7PxS32PwAAAAzjYPdnXNZw/+v/9f/6f/2//n//5+v/t0n/P03/P0P/r//X/+v/WdTa+v/PH/xVJ3dfiFua7H8AAADoIHf/F+MW+x8AAACGkbv/S3GL/Q8AAADDyN3/5bilyf7X/+v/t9H/nz59+mr9v/7/3F/Pzf3/Dfp/iv5/mv5/hv5f/6//1/+zqLX1/7n7vxK3NNn/AAAA0EHu/q/GLfY/AAAADCN3/9fiFvsfAAAAhpG7/+txS5P9r/9fQf9/Uv/v/X/9/877//r/hej/p+n/Z4zY/5+88F/+cffzF+u4v379v/6fw9bW/+fu/0bc0mT/AwAAQAe5+78Zt9j/AAAAMIzc/d+KW+x/AAAAGEbu/m/HLU32v/7/6Pr///296/L+/6nd/q9f/6//1//r/y81/f80/f+MEfv/W+G4+/mtf/36f/0/h62t/8/d/524pcn+BwAAgA5y9383brH/AQAAYBi5+78Xt9j/AAAAMIzc/d+PW5rsf/3/Ct7/H7D/9/7//u8P/f+q+//L9P9j0P9P0//P0P/r//X/C/X/+d2s/+9ubf1/7v4fxC1N9j8AAAB0kLv/h3GL/Q8AAADDyN3/o7jF/gcAAIBh5O6/IW45a//va7tHof/X/+v/9f/6//2fr//fJv3/tAvt/0/sLq7/T/p//b/+v2v/7/1/zlhb/5+7/8dxiz//BwAAgM254hZ+Pnf/T+IW+x8AAACGkbv/p3GL/Q8AAADDyN3/s7jlxsuO60s6Uvp//b/+X/+v/9//+fr/bdL/T/P+/wz9/xL9/F30/2P0/7ud/p+Lt7b+P3f/z+MWf/4PAAAAw8jd/4u4xf4HAACAYeTu/2XcYv8DAADAMHL3/ypuabL/9f/6/4vs/w/STP3/Gfr/M/T/++n/j4b+f5r+f4b+3/v/+n/v/7OotfX/uft/Hbc02f8AAADQQe7+38Qt9j8AAAAMI3f/b+MW+x8AAACGkbv/d3FLk/1/bP1//K3W/2++//f+v/5f/6//XxX9/zT9/wz9v/5f/6//Z1Fr6/9z9/8+bmmy/wEAAKCD3P1/iFvsfwAAABhG7v4/xi32PwAAAAwjd/+f4pYm+9/7//p//b/+X/+///P1/9uk/5+m/9+vfqP0//p//b/+n0Wtrf/P3f/nuKXJ/gcAAIAOcvf/JW6x/wEAAGAYuftvjFvsfwAAABhG7v6/xi1N9r/+X/+v/9f/6//3f77+f5v0/9OOs/+/2//Pf6z3/4+9/88vQf+v/9f/s4i19f+5+/8WtzTZ/wAAANBB7v6/xy32PwAAAAwjd/8/4hb7HwAAAIaRu/+fcUuT/T/T/5+of6P+f5L+/9yvX/+///tD/6//1/9fevr/ad7/n6H/9/6//l//z6LW1v/n7v9X3NJk/wMAAEAHuftvilvsfwAAABhG7v5/xy32PwAAAAwjd/9/4pYm+9/7//p//b/+X/+///P1/9uk/5+m/5+h/9f/6//1/yxqbf1/7v7/BgAA//+GT2Bf") syz_mount_image$vfat(&(0x7f00000002c0), &(0x7f0000000280)='./bus\x00', 0x2029c1b, 0x0, 0x1, 0x0, &(0x7f0000000080)) chdir(&(0x7f00000003c0)='./bus\x00') mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f00000004c0)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) 4.46398925s ago: executing program 1 (id=1188): fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46900) syz_io_uring_setup(0x0, 0x0, 0x0, 0x0) r0 = syz_mount_image$btrfs(&(0x7f0000000000), &(0x7f00000015c0)='./file0\x00', 0x0, &(0x7f0000001600), 0x0, 0x559e, &(0x7f0000005680)="$eJzs3X9sVeX9B/BzWwoN+C39jhUYfxAgBoMkyJYtjqB4MQa24eKlgsKcCEQlBivYRDcYqUWSZcaghU4EF5GQaDJjscM/FMywy7CMZfzY5hZjs4JSaZZsAzVrHDG69N77XO49l9tembNOXy/SnvPcz3me+9yT88d9X/qcGwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAURUcSc9+d0f3i0ZE1X77/Hz+e+OjGn4zfvX/roVvu23T/gjMjbto5a1nf+mlN8zdsbDjS/PS+ObdGUSLdL5Htf9u136q/88bbvlsdBly+MLOtrS31lJmuJzON4QUP9vcr/FkRRVFVbIDK7PbV7E5FwQC53cbiAQf0Tuui6O7J8ya1dT01bklyYU/xS6df9VBPYKhkr6ue89dSMv27InZErp136SUKLtFM//gF96m8CADgY5mZSm9yb0ezb3Fz7eZ4PdZOxtotsXZ4h9CS37gYmXGHl5rnpHh9iOaZzESFESXnGatnz3+unYr3j7VjUeNjzLPw0GykqS41z7Wx+lDNEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOCzZOzxo2tWtD2y575fdtQceff9OVc+8KWOw22LT4y8eunKHWum/HTWsr7105rmb9jYcKT56X1zbo2i2nS/RKZ74kTL5b9NjZ3fvXfcG427n6vpq8yOG7bD8g6OXg87s0ZH0cq8Sk8Y9q81UZQqLKSb0Y7iwl3pnW+HAgAAAJ8nX0n/rsi1M3GwqqCdSKfJRPpfkAmL77Quiu6ePG9SW9dT45YkF/Zc/HipEuMlLzherl17/ieRF4xD/I2Pd74eDm0sGmdg8RHjef7SMWPefmty/eSvT5v7xA3PjOru+r8nZ2xJ/bGu5oUrru+tf/a6ovxfO3D+D2dO/gcAAOA/If/HxxnYYPn/jqVTt7z+i2Grft3a8MTB+h1/bv3OMzsXneq54Ud9L09N3v7o1UX5f1LBUxbl/zDjkP8roovL/wAAAPBZ9t/O/8micQY2WP5vONM3+wcHX6vr+PucxXt+9dAVi8+e/tv8U7t3DV9zR8v6uoeuLMr/M8vL/8Pypx0e/F2Y8OrRUTSz/JMKAAAAFAj/737+o4WQ1zOfHMTz+rX/vKp5380ffPMbD97zpzff/s2xA7MnrdteN/PgyzfVf1j5ve3dRfk/WV7+r/p0Xi4AAABQhuePrpw773jPucfPvtB18vDu3pMznjyzrqnvdOslLatXbTr2WlH+T5WX/0cMzcsBAAAALuDeO59bsfnVl/oe2H/X2Ck9FVc1XpK4ZduOqU0TPuq8tPfy7VuL8v/y8vL/yOw2u/Ih06kz/BVC6+goqu7fWZspHIparskVAAAAgE9IyOlbP1ixbOzOsb3jj59+rObQG4dn/2Vt55yN13RXdW/uXNZ4WdH9AkJiL3X//3Cng7D+v+D+f0Xr//MKmbv+zXZjAAAAAL6Iitfzh9vjZ765oNT375e7/n9J3cQTiba33lv11XMHzo1ZsP/7129aV9/be8+El37/wz9M/6i6KP83l5f/K/O3n+T3/wEAAMBF+F/7/r+lReMMbLD7/zdV9DWsWrd3+uota7csTCw7UH3qwdV731+w5l9Tb36+qea6A0X5v6W8/B+2o/JfXkc4P5tGR9H4/p3s3QR/Hqa7OlZor8orZE58rMeNoUe20D4ir5C2Ntbja6OjaHL/TnOs8P+h0BIrnK3JFnbFCsdCIXs95Ap7YoWOcKVtq8lON154MRSyCyzawwqKUbklEbEe75Xq0V+4YI+u3JMDAAB8oYTwnM2yVYXNKB5l2xODHTBysAMqBjugcrADhsUOiB9Y6vFoeWEhPH575yMbNjVMSb7y8NzHfvbms40T9j1+WV3v5g9f2XbvxJ3TW6YW5f9d5eX/cCqGZzal1v9HYf1/9nsNc+v/l4dCbazQHgqp+B0DUuE5MmH34fActalsj7PjcwUAAAD4XAufC1QO8TwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/s3evcdJVd0JAj/d9INumqaNE9GMk3TUgGakaWwNw+AoaoxGRZpZddxkNBBoEGmE8FgFURtQZxziZ3ztrJnoCAoiu+qHGFeDwUhcxIw6iWLiA/Cxjq7r+h6VGM2E/XTfOkXVrS67EFDa+X7/6DpVv/O89eg69946FwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/xjuPfjlk4YunP0PHzace8nqqqmL/kfH6Mv+cNW3vvjUPy5b9G9h/i9GnLll3kEXHjd/wbR/6Vi++ogzQmjtKleWFC977oqvPtS613HP3jFw48wbb63fUpWpNxMP/Tr/lGfuXBxbfbF/CHeXhVCRDgypSwKVmft1sb5960LYI2wLZEu01SYl0g2HB2pCWBK2BbJVra4JoS4ncMqG+++7vDNxTU0IXwkhVKfbeKY6aaMmHRhUlQRq04HpFUngt1sT2cBPypMA7LD4Zsi+6Fe15mdo6L5ckddf5U7r2KcrPbw+MdFQPN/rR+3iTuWoSj/QukNPW0F17BIFb4+13m294N1WsJ2v8LTlfpHKfEPZui1UHcontk0aP6d9dnykPDQ19SlW0y56np9+e/6E7Un3mtdh7EDDTnkdXvrYiun9lo2+9OrNvxqz4ayaA3a0m0/lbNLc9K5WHTKvuV7zPEajfJ70grdfwbekRl+6Qghbzz17xtfnTDz7iD63PLnu1QcfrNty9pwFvzhz4nmLLj55w7/Pf6lg/t/w0fP/+HKOt+V5uWOrH9Ync/P4SF1MvFmfzM0BAACg1+gNe01Xnv/6X73+/bWtMxed/u23Dj73w71afz3i/gFVB7yxrqn1/I2ff6Vg/t9Y2vH/eMi/Lne0a0MY1ZVYNCCEvbseTwIrY3e+OyCEL3elWvMDR6UCa0PYpytxULaqVIm+sURjKvByfSYwKhVYHwOtqcDyGLgiFbg4BlalAhNiYG0qcHQMhCn54/hqfWYcJQdqYmBcshFXxbMQ3qmPraW21aZsVQAAADtJZnZYmX8351yHHc0Qp5eranrKEM/ALpqhOlVDegabnVYVraGipxrKe6ohO+6Ojx5+Qc1lPdVccBpGWX6GG9f85X2LXjzsC2P3mvj5xUMvmPKz8eGst++uerx5yYtv7XvEzesK5v/NHz3/r+6mI2UFx/9DGNv1N+Yuz0Tas/FxrXkZAAAAgB1w0R//xR61Lw85oGHT+2X3zl/7xKMrfrl5j1NOf3/c8a//8PCaxnsL5v+jSjv/P+4T6ZOTOTwSd0NMHRBCc34gqXZkYSA56t0vEwAAAIDeIHs8PnssfErmNjlFOz2fLszfup3544H/Ud3m//09/7P2jq3/+mLZBd89d0TNgKX/9GrHhBNOPvqW47/1zj4VB/yyvGD+31ra+f+1+bdJJ9bHXlw9IIS+OYEHYy87A10aY+D5I/MDmfGvjxtgcawqc2JCtqrFscS4GGhOBZYUK/FotsTe+YHMk5VtfFF2HFMyJXICAAAA8ImLuwPicfl4/n/LGSNO++vvzfrbha88eN7qCy75q+Ed80eedP/THzbMvXJp2PTmEQXz/3Hbd/5/1zy44PT+9n4hDK0IoU/6hwGP1CYLA8ZAXVkmcW9tUlefdFULa0MY2TmwdFUvZNb/r0ivMfh4TVJVDOy93y1vD+pMLKsJYWhu4IlvLz2sMzEnFcg2flpNCF/qHG268bv6Jo1Xphu/tm8IX8wJZKua0DeEzsaq0lX9r+rMdQzSVa2qDmHPnEC2quHVIcwNAPRW8X/pxNwHZ82dN3V8e3vbzF2YiDvxa8KkKe1tTROmt0+sLtKniak+561jtKBwTKVe+mZTZo2ixSsnV5aSzv5QsDm3rcyO/IIzBzP345ehyq5xHlKZd7clPeQD9y9sIuR8lSo25PJdPOTa3Eq2PYkF9cf8VaFf6DtnVtvMpvPGz549c1jyt9TshyR/43GmZFsNS2+r2u76VsLLo+hyWSkfd1sNyq1k6OxpM4bOmjtvyJRp4ye3TW47p+XQP2sZMXz410YM7RxUc/K3h5EO6q7m1Ei3Li1xWDtxpF+oyKnkk/jQkJCQ6G2J/f7L5odH77n+nOt/9tqPz+/3zdPu3fvImT889KqpD1Xve/ji24ccWDD/n/HR8//4qRM/+DPrMxQ7/t8QD/Mnj287zD8uBpaUevy/odjR/OyJAY2pQEcMdDjMDwAAwGdD3B0Z92bGndKbb1m/buOSlrk/aHin5dY17Utvuum+U39y58ATvjQ47LXhuhM+VzD/7yjt9/87af3/7NL1JxRb5v+gWKK52Pr/6WX+s+v/dxRb/z+9zH92/f8ln8L6/3OygdQmecf6/wAAwGfBJ7f+f4/L+6cvEFCQocfl/dMXCCjI0OMy/qVeIGC71/9f8+Bff6Wq35g7/qTlN/WXvPZ39xzWeuS6zTP/5Etb10+877qxt6wpmP9fUdr838L9AAAAsPv4z5ddU3H02Xff0bJu6sZxbw5+98m3lgzq80HF0Q+3j3xh4Bu3nlcw/19S2vz/k1//LxQ7/7+xWKC12MKA1v8DAACglyq2/t89Q1sa/zCm/x+eHvab5Q/ePPqnj/z898v3+/mJPyvfZ8Gxz8+8bFLB/H9VafP/eNpFeV7u2JsP65M17UJ6Tbs367M/GQAAAIDeoTw0NVWWmDdvYdSjPn6bT2eWAv2odK7vvXLt2ZtfmH7c46ev+7uaEwbvOWHaBasa/2b4gXd+ftQley7ddGrB/H9tafP/vN9lXPrYiun9lo2+9MOrN/9qzIazag7YdvwfAAAA2HVK3S8BAAAAAAAAAAAAAAB8+s7tWHzhI8uOfe+bt//F/kcseXXwbXcd+Lsh/V664qoHJq1648zJXy/4/X8Y21Wu2O//43X/4u8L/igvd2y15/X/MvdPOfH2uV1LFj5SH8L+uYGpC6fuETLX5h+cG7jvjIMGdiYWpkusefbolzoT30kHjh/yuS2dicNTgXFxkcR90oF4VcUt/VOBuLzi4+lA3B6r0oGqTOCy/sk4ytLb6pW6ZFuVpbfVxroQBuQEstvq7rqkjbL0AK9JBbID/F46EAd4ciZQnu7V7f2SXsVAXSx6Q7+kVwAA7Lbit8DKMGlKe1tz/Aofb79QkX8b5S1ZtqCw2rISm9+UWZps8crJlaWk+6S/i2671nhlqO4cwrCCr6u5Wcq6Rrlzaulh0/1RkSH3tNpbeZFyadu76aqKj6gmGVHThOntEyt7HHhLz1kOqegxy7CCyU5ulvKuTVpCLSX0pYQRlbhtSuhyvF8empr6pHL9eQw2hDw9vSJK/b1+7jp/xV4FuXluO/TKt758zE+f++CfP/9E/2+cVnP7rO+/e+KvX7//wEOOuG5C05otBfP/htLm/9W549qSuRhAR7yy3sgBIYwrcUQAAADw2XfbRbfecfr09a9MWlvx5GOPTS0fc3rl1vl3zp93ycZ7Fx9/2cErdjR+2Fm//f5vBu//b89e9dJPR+7zwA03/58nD3v8z3//8I8eeqduZZ+x7xXM/xtLm//HPViZQ8HJ3o618fr/iwaE0HVp/YYksDIO97sDQvhyV6o1lkguqH9CLNGcBFbGHSYHxRLjWvOr6hsDq1KBl+szgbWpwPoYyOyluCVkduVcWR/CYV2psfklZsQSDanAmBhoTAWaYqA5FegfA6NSgdf6ZwKtqcDDMRCm5G+rH/fPbCsAAIDtkZlnVebfDel53qqKnjKU9ZShtqcM5T1lqO4pQ7FRxPt3xAyVqZNXynIyVaZrrUnVUpAhXgx/u/tVkCE8mp8zXbCg6Xj+QfZ8g7L8DFf+4NlT1w+e/tDqzcd8beBt/zhkz4Obp9e9t+CGp3475pzrnv/TQQXz/+bS5v+1+bdJ6+vj/H/b9f+SwIOxe1fHU8cbY+D5I/MDmR0D6+Nkd3G2qtZMicykfXEsMSoGGlOBGTEwKhUYNzYTWDIwP5CZaWcbX5RtfEqmRE4AAAAAPnFxB0HcTRPn/zce9YOr3x8wccuyeTPvH9vyxMmjv3H1XT+6d/9ld767YvCAce99p2D+P6q0+X9sr19uYxfH3rzYP4S7y7b1JhsYUpcE4n6Muvjz+H3rQtgjZwdHtkRbbVKiKtVweKAm+YV6Vbqq1TXJGgPx/ikb7r/v8s7ENTUhfCVn70u2jWeqkzZq0oFBVUmgNh2YXpEE4p6fbOAn5UkAdlh2r2B8QWVOdclq6L5ckdffZ+WaoOnhFewD7SZfd7+52lWq0w9k9qlmbd/TVlAdu0TB22Otd1tvfLc1eLflfpHKfEPZui1UHcontk0aP6d9dnwk95esBXbR85z7K9VS0jvhddjx8Xvbs+p0B5pTHx/N3Zfr/nVYFqu79LEV0/stG33p1Zt/NWbDWTUHlNyNIuIPhX+05X9XPpWzeXe16pB5zfW6z5NWnye98d9Ao6cthHDZ9cfsu+TdX+/33A3Pnbqu7Maxr/7lrHs2Lf+bysNHrXv/yaGjLy+Y/7eWNv+vSN12+V3cmLMGhHBgzsZ9JG7+YwYkn4M5geRTcs/CQHLI/V/ri35yAgAAwM6W3d2R3V8wJXObnBCenicX5m/dzvxxf8WobvOX2u9j121cedLQN6474G8vOPGNv7/28Kceuv6ysnXL//vYD1avuXzxe08UzP/HffT8v2+qm47/O/7PLuL4f7d2913RfdMPdOzQruiC6tglHP/v1u7+bnP8v1uO/zv+3x3H/3vg+H+3dvenreBb0gxfujonwdff+fPfTbzpg7mN+x180lPPHDrxun+6quXuu0555b+de9601761uWD+P6O0+b/1/7pftC+7/t+4Yuv/zSi2/l+H9f8AAIBdqshCc+l5XsHqfQUZ0qv3FWTocYHAHpcYtP7fdq//t3Dkv1904Q+fb7n2nTvHXb5m07Fnvvr0utXPzFpx3Lnnv9V6112tBfP/jtLm//Hl0C+39d6y/l/j2CJVXREDMywMCAAAwO6o2A4CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPl2HnvbO+5d8/R/aBv1ixc1/f+v/+7/P1q594JvfuGn4L6f86RllazZcM+LMLfMOuvC4+Qum/UvH8tVHnBHClK5yZUnxsueu+OpDrXsd9+wdAzfOvPHW+i3VmXorM7d/nJc7tvphfQhLch6pi4k36zvvbAuccuLtcys6E4/Uh7B/bmDqwql7dCaW14cwODdw3xkHDexMLEyXWPPs0S91Jr6TDhw/5HNbOhOHZwJl6e5e1z/pblm6u5f3D2FATiDb3bP751eVbeO4TKA83caKuqSNGKiLRa+tS9qIgfZYYkrfEIZWhNAnXdU/VydV9UlXdU91UlWfdFUXVYcwMoRQka7quaqkqor0yB+tSqqKgb33u+XtQZ2JpVUhDM0NPPHtpYd1JmamAtnG/1NVCF/qfMmkG/9xZdJ4Zbrx/1oZwhdDCFXpEu9VJCWq0iVeqAhhz5zAto1YEcLcwGdD/PSZmPvgrLnzpo5vb2+buQsTVZm2asKkKe1tTROmt0+sTvWpmLKc9NYFH3/sm96eP6HzdvHKyZWlpCsy5Sq7unxIZd7dlt2997FftbmVbHs+CuqP+atCv9B3zqy2mU3njZ89e+aw5G+p2Q9J/vbJRJNtNay3bKtBuZUMnT1txtBZc+cNmTJt/OS2yW3ntBz6Zy0jhg//2oihnYNqTv7ujJEu/eRH+oWKnEo+ife/hIREb0uU5326Ne/un+MFX/S3dbQyVHd9QBdMK3KzlHWNcmcM+qiPOeKP8zWlxxENK5g4FGQ5pOcsLQWTiW1ZapIsXV/rCiaHuTWVd23SeL88NDX1KbYdGvLv5m7e13dg8z6d2XSlpgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+P/swIEAAAAAAJD/ayNUVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYQcOBAAAAACA/F8boaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqgo7cCwAAAAAIMzfOoyeDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4FAAA//8fSxmR") ioctl$BTRFS_IOC_BALANCE_V2(r0, 0xc4009420, &(0x7f0000000c40)={0xd, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @struct, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, @struct}}) chdir(&(0x7f0000000100)='./file0\x00') statfs(&(0x7f00000000c0)='./file2\x00', 0x0) creat(&(0x7f00000000c0)='./bus\x00', 0x0) syz_mount_image$msdos(&(0x7f0000000f40), &(0x7f0000000f00)='.\x00', 0x1a4a438, &(0x7f0000000280)=ANY=[], 0x8, 0x0, &(0x7f0000000000)) 4.029881532s ago: executing program 3 (id=1189): symlinkat(0x0, 0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00') mkdirat(0xffffffffffffffff, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sigaltstack(0x0, 0x0) sigaltstack(&(0x7f0000000180)={0x0, 0x2}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setreuid(0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) write$tcp_mem(0xffffffffffffffff, &(0x7f0000000000), 0x48) r3 = openat$sndseq(0xffffffffffffff9c, 0x0, 0x62181) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r3, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue0\x00'}) write$sndseq(r3, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32={[0x2600]}}], 0xffc8) mkdirat(0xffffffffffffffff, &(0x7f0000000180)='./file0/file0\x00', 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) socket$can_raw(0x1d, 0x3, 0x1) 3.131089288s ago: executing program 1 (id=1190): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'geneve1\x00', 0x0}) sendto$packet(r0, &(0x7f00000002c0)="05031400d3fc120000004788031c09102c", 0x11, 0x4, &(0x7f0000000140)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @multicast}, 0x14) 2.724564278s ago: executing program 1 (id=1191): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0xfffffffffffffddf, &(0x7f0000000040)) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002024207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095000000000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) keyctl$setperm(0x5, 0x0, 0x0) keyctl$unlink(0x9, 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x2d, 0x0, 0x0) r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r4, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r5, &(0x7f0000000100), 0xfecc) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r6, 0x0) write$bt_hci(r4, &(0x7f00000000c0)=ANY=[], 0x6) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, &(0x7f0000000340)=0xb1, 0x0, 0x1) bind$inet(0xffffffffffffffff, 0x0, 0x0) r7 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TIOCSETD(r7, 0x5423, &(0x7f00000000c0)=0xf) 1.709949183s ago: executing program 1 (id=1192): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) socket$inet_smc(0x2b, 0x1, 0x0) r0 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route_sched(r0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0x13f}}, 0x20) semget$private(0x0, 0x1, 0x105) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b640104c50000006d000000060000000000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=@newtaction={0x6c, 0x30, 0xffff, 0x0, 0x0, {}, [{0x58, 0x1, [@m_ife={0x54, 0x1, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}, @TCA_IFE_METALST={0xc, 0x6, [@IFE_META_PRIO={0x5}]}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x6c}}, 0x0) 1.07404126s ago: executing program 1 (id=1193): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)) r0 = openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) preadv(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) io_uring_setup(0x0, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, "000080f100df000000a7d9de16c708db7200"}) socket$inet_udp(0x2, 0x2, 0x0) r2 = getpid() ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'wlan1\x00'}) process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) process_vm_readv(0x0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x36}], 0x1, &(0x7f0000008640)=[{0x0}], 0x1, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='devtmpfs\x00', 0x0, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CAP_SPLIT_IRQCHIP(r4, 0x4068aea3, &(0x7f0000000140)) connect(r0, &(0x7f00000001c0)=@generic={0x28, "509a93969579c25bfad565f6aa04767d52e231e121ad1f23f524f756254438a5e696240ce71ee7bbc9450af18f00a64d5bb06dd304f6fdd6bd0d1c245f4ffe97c2d77460a46ed6ba576816bd400ef5c97a22d007b4511fb83a26677a6a049e6958e794e87ea1ae0b511f9456991a7356a3be7e32497988d4d46ec67691ea"}, 0x80) mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0) fchmodat(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x0) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000040)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x200000], 0x0, 0x80200}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000240)) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) r5 = openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0) getdents64(r5, &(0x7f00000000c0)=""/61, 0xfec4) 388.509581ms ago: executing program 3 (id=1194): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)={0x68, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x1}, @CTA_SEQ_ADJ_REPLY={0x4}]}, 0x68}}, 0x0) 0s ago: executing program 1 (id=1196): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x1e7d, 0x30d4, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x7}}}}]}}]}}, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={0x0, r1}, 0x10) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000080)={0x24, 0x0, 0x0, &(0x7f00000000c0)={0x0, 0x22, 0x7, {[@main=@item_4={0x3, 0x0, 0x0, "f81d36c1"}, @main, @local]}}, 0x0}, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000740)={0x84, &(0x7f0000000280)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) kernel console output (not intermixed with test programs): 6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 78.626208][ T3704] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 78.639344][ T3704] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 78.651141][ T3704] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 78.680703][ T3639] device veth0_vlan entered promiscuous mode [ 78.692263][ T61] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 78.707798][ T61] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 78.720874][ T61] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 78.734688][ T61] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 78.745113][ T3648] device veth0_vlan entered promiscuous mode [ 78.754208][ T3647] device veth1_vlan entered promiscuous mode [ 78.776842][ T3639] device veth1_vlan entered promiscuous mode [ 78.811447][ T3640] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 78.829124][ T61] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 78.840963][ T61] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 78.851988][ T61] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 78.863785][ T61] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 78.874176][ T61] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 78.922316][ T3648] device veth1_vlan entered promiscuous mode [ 78.953284][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 78.965068][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 78.978554][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 78.990570][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 79.027024][ T3647] device veth0_macvtap entered promiscuous mode [ 79.065367][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 79.078975][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 79.093625][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 79.105376][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 79.121573][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 79.133493][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 79.152488][ T3647] device veth1_macvtap entered promiscuous mode [ 79.199795][ T3648] device veth0_macvtap entered promiscuous mode [ 79.229481][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 79.239860][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 79.249606][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 79.260004][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 79.272861][ T3647] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 79.285396][ T3647] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 79.300567][ T3647] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 79.312896][ T3648] device veth1_macvtap entered promiscuous mode [ 79.323959][ T3639] device veth0_macvtap entered promiscuous mode [ 79.337368][ T3639] device veth1_macvtap entered promiscuous mode [ 79.350486][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 79.359163][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 79.361554][ T3704] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 79.377165][ T3704] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 79.377612][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 79.394388][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 79.403635][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 79.415222][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 79.428405][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 79.437463][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 79.454920][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 79.465085][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 79.477658][ T3647] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 79.488408][ T3647] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 79.500274][ T3647] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 79.517389][ T3647] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.530888][ T3647] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.541254][ T3647] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.550937][ T3647] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.574996][ T3640] device veth0_vlan entered promiscuous mode [ 79.584076][ T3704] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 79.595066][ T3704] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 79.614105][ T3648] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 79.626847][ T3648] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 79.640459][ T3648] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 79.657781][ T3648] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 79.671729][ T3648] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 79.697094][ T3648] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 79.708736][ T3648] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 79.721731][ T3648] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 79.735388][ T3648] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 79.750781][ T3648] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 79.767899][ T3704] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 79.779902][ T3704] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 79.790737][ T3704] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 79.802390][ T3704] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 79.830428][ T3639] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 79.842421][ T3639] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 79.853643][ T48] Bluetooth: hci0: command tx timeout [ 79.854714][ T3639] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 79.859447][ T48] Bluetooth: hci3: command tx timeout [ 79.877301][ T3657] Bluetooth: hci2: command tx timeout [ 79.878408][ T48] Bluetooth: hci1: command tx timeout [ 79.882780][ T3657] Bluetooth: hci4: command tx timeout [ 79.901881][ T3639] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 79.913628][ T3639] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 79.931145][ T3639] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 79.944236][ T3639] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 79.976889][ T3704] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 79.988214][ T3704] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 80.001355][ T3648] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.021922][ T3648] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.035096][ T3648] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.046278][ T3648] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.063351][ T3640] device veth1_vlan entered promiscuous mode [ 80.088316][ T61] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 80.092463][ T3639] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 80.110691][ T3639] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.112765][ T61] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 80.123311][ T3639] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 80.145047][ T3639] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.156738][ T3639] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 80.168635][ T3639] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.180667][ T3639] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 80.198504][ T3704] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 80.217682][ T3704] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 80.228189][ T3704] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 80.247182][ T3639] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.260956][ T3639] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.271658][ T3639] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.281831][ T3639] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.397713][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 80.413056][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 80.449705][ T3640] device veth0_macvtap entered promiscuous mode [ 80.466268][ T3704] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 80.522614][ T3640] device veth1_macvtap entered promiscuous mode [ 80.543826][ T26] audit: type=1326 audit(1725119898.191:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3725 comm="syz.2.3" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f0ad0779eb9 code=0x0 [ 80.636601][ T3704] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 80.646580][ T3704] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 80.668611][ T3640] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 80.680348][ T3640] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.693138][ T3640] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 80.708151][ T3640] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.725416][ T3640] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 80.748742][ T3640] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.765196][ T3640] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 80.783330][ T3640] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.803378][ T3640] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 80.822815][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 80.832802][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 80.856538][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 80.899851][ T3640] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 80.914342][ T33] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 80.920624][ T3640] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.930953][ T33] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 80.940679][ T3640] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 80.956396][ T3640] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.968300][ T3640] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 80.979431][ T3640] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.990158][ T3640] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 81.000915][ T3640] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 81.019711][ T3640] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 81.030150][ T3704] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 81.035030][ T3640] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.052990][ T3640] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.056415][ T3704] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 81.063280][ T3640] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.079559][ T3640] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.102301][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 81.110903][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 81.120286][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 81.130542][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 81.185473][ T33] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 81.202573][ T33] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 81.240132][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 81.266014][ T46] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 81.299963][ T46] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 81.308685][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 81.326388][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 81.345910][ T3704] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 81.356927][ T3704] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 81.404507][ T3704] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 81.435473][ T3704] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 81.521898][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 81.573884][ T33] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 81.607185][ T152] cfg80211: failed to load regulatory.db [ 81.631408][ T33] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 81.694112][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 81.737764][ T3733] loop0: detected capacity change from 0 to 512 [ 81.865797][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 81.875625][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 81.902056][ T3733] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 81.967348][ T3733] ext4 filesystem being mounted at /0/file0 supports timestamps until 2038 (0x7fffffff) [ 82.889438][ T3759] loop2: detected capacity change from 0 to 512 [ 82.933954][ T3733] Quota error (device loop0): find_tree_dqentry: Cycle in quota tree detected: block 2 index 0 [ 82.940703][ T3759] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 83.017506][ T3733] Quota error (device loop0): qtree_read_dquot: Can't read quota structure for id 64512 [ 83.029566][ T3733] EXT4-fs error (device loop0): ext4_acquire_dquot:6800: comm syz.0.1: Failed to acquire dquot type 0 [ 83.055139][ T3755] EXT4-fs error (device loop0): ext4_search_dir:1549: inode #2: block 3: comm syz.0.1: bad entry in directory: rec_len is smaller than minimal - offset=16444, inode=113, rec_len=0, size=2048 fake=0 [ 83.107901][ T3759] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 83.205897][ T3690] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 83.257641][ T3759] EXT4-fs (loop2): 1 orphan inode deleted [ 83.277432][ T3762] EXT4-fs (loop0): re-mounted. Quota mode: writeback. [ 83.295268][ T3759] EXT4-fs (loop2): 1 truncate cleaned up [ 83.296998][ T3733] Quota error (device loop0): find_tree_dqentry: Cycle in quota tree detected: block 2 index 0 [ 83.301250][ T3759] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 83.379249][ T3733] Quota error (device loop0): qtree_read_dquot: Can't read quota structure for id 0 [ 83.442442][ T3733] EXT4-fs error (device loop0): ext4_acquire_dquot:6800: comm syz.0.1: Failed to acquire dquot type 0 [ 83.515801][ T3690] usb 5-1: Using ep0 maxpacket: 16 [ 83.557570][ T3650] EXT4-fs (loop2): unmounting filesystem. [ 83.666996][ T3690] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 83.683880][ T3690] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 83.730817][ T3690] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 83.782884][ T3769] Zero length message leads to an empty skb [ 83.796281][ T3647] EXT4-fs (loop0): unmounting filesystem. [ 83.965933][ T3690] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 83.984116][ T3690] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 84.017207][ T3690] usb 5-1: Product: syz [ 84.029801][ T3690] usb 5-1: Manufacturer: syz [ 84.052852][ T3690] usb 5-1: SerialNumber: syz [ 84.271699][ T3778] netlink: 24 bytes leftover after parsing attributes in process `syz.2.13'. [ 84.672698][ T3782] No such timeout policy "syz1" [ 84.681734][ C0] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 85.606538][ T0] NOHZ tick-stop error: local softirq work is pending, handler #20a!!! [ 85.803159][ T3784] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 85.973582][ T3789] capability: warning: `syz.2.15' uses 32-bit capabilities (legacy support in use) [ 86.234688][ T3792] process 'syz.3.16' launched './file0' with NULL argv: empty string added [ 86.385858][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 86.391341][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 86.394770][ T0] NOHZ tick-stop error: local softirq work is pending, handler #300!!! [ 86.756019][ T3690] usb 5-1: 2:1 : format type 0 is detected, processed as PCM [ 86.763762][ T3690] usb 5-1: 2:1 : sample bitwidth 89 in over sample bytes 2 [ 86.845447][ T3690] usb 5-1: 2:1 : invalid UAC_FORMAT_TYPE desc [ 87.055702][ T3690] usb 5-1: USB disconnect, device number 2 [ 87.287472][ T3722] udevd[3722]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 87.584086][ T3803] syz.4.18 uses obsolete (PF_INET,SOCK_PACKET) [ 87.694512][ T3803] netlink: 20 bytes leftover after parsing attributes in process `syz.4.18'. [ 89.055155][ T3825] netlink: 24 bytes leftover after parsing attributes in process `syz.1.24'. [ 90.096836][ T3652] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0 [ 90.105774][ T3652] Bluetooth: hci4: Injecting HCI hardware error event [ 90.114593][ T3652] Bluetooth: hci4: hardware error 0x00 [ 92.175700][ T3652] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 93.915745][ T3876] netlink: 4 bytes leftover after parsing attributes in process `syz.1.36'. [ 94.003290][ T3876] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 94.082942][ T3876] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 94.162180][ T3876] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 94.194292][ T3876] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 95.505312][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 95.696056][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 95.811751][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 96.436483][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 97.276301][ T3897] netlink: 'syz.4.42': attribute type 12 has an invalid length. [ 99.051401][ T3918] netlink: 72 bytes leftover after parsing attributes in process `syz.1.49'. [ 99.401197][ T3927] device syzkaller1 entered promiscuous mode [ 99.530093][ T3927] netlink: 20 bytes leftover after parsing attributes in process `syz.2.50'. [ 101.065449][ T3933] netlink: 'syz.4.52': attribute type 3 has an invalid length. [ 101.075409][ T3933] netlink: 'syz.4.52': attribute type 3 has an invalid length. [ 103.023752][ T26] audit: type=1326 audit(1725119920.671:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3953 comm="syz.2.58" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ad0779eb9 code=0x7ffc0000 [ 103.164692][ T26] audit: type=1326 audit(1725119920.671:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3953 comm="syz.2.58" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ad0779eb9 code=0x7ffc0000 [ 103.263268][ T26] audit: type=1326 audit(1725119920.721:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3953 comm="syz.2.58" exe="/root/syz-executor" sig=0 arch=c000003e syscall=200 compat=0 ip=0x7f0ad0779eb9 code=0x7ffc0000 [ 103.352567][ T3956] hub 9-0:1.0: USB hub found [ 103.363447][ T26] audit: type=1326 audit(1725119920.731:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3953 comm="syz.2.58" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ad0779eb9 code=0x7ffc0000 [ 103.413090][ T3956] hub 9-0:1.0: 8 ports detected [ 103.519475][ T26] audit: type=1326 audit(1725119920.731:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3953 comm="syz.2.58" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ad0779eb9 code=0x7ffc0000 [ 103.627809][ T26] audit: type=1326 audit(1725119920.731:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3953 comm="syz.2.58" exe="/root/syz-executor" sig=0 arch=c000003e syscall=261 compat=0 ip=0x7f0ad0779eb9 code=0x7ffc0000 [ 103.720892][ T26] audit: type=1326 audit(1725119920.731:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3953 comm="syz.2.58" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ad0779eb9 code=0x7ffc0000 [ 103.839942][ T26] audit: type=1326 audit(1725119920.731:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3953 comm="syz.2.58" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ad0779eb9 code=0x7ffc0000 [ 103.872239][ T3964] __vm_enough_memory: pid: 3964, comm: syz.2.60, no enough memory for the allocation [ 103.995687][ T26] audit: type=1326 audit(1725119920.741:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3953 comm="syz.2.58" exe="/root/syz-executor" sig=0 arch=c000003e syscall=288 compat=0 ip=0x7f0ad0779eb9 code=0x7ffc0000 [ 104.040105][ T3965] netlink: 20 bytes leftover after parsing attributes in process `syz.2.60'. [ 104.165932][ T26] audit: type=1326 audit(1725119920.741:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3953 comm="syz.2.58" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ad0779eb9 code=0x7ffc0000 [ 104.349633][ T3977] netlink: 'syz.1.63': attribute type 3 has an invalid length. [ 104.371398][ T3977] netlink: 'syz.1.63': attribute type 3 has an invalid length. [ 106.261772][ T3987] syz.2.68 (3987) used greatest stack depth: 19512 bytes left [ 111.678788][ T4024] netlink: 16 bytes leftover after parsing attributes in process `syz.3.77'. [ 111.693316][ T4024] netlink: 16 bytes leftover after parsing attributes in process `syz.3.77'. [ 113.635840][ T4070] Bluetooth: MGMT ver 1.22 [ 113.755281][ T4047] loop3: detected capacity change from 0 to 40427 [ 113.832300][ T4047] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 113.874380][ T4047] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 113.894455][ T4047] F2FS-fs (loop3): invalid crc value [ 113.923365][ T4047] F2FS-fs (loop3): Found nat_bits in checkpoint [ 114.130737][ T4047] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 114.148466][ T4047] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 114.418922][ T46] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 114.450909][ T46] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 115.785202][ T3652] Bluetooth: hci0: Malformed Event: 0x13 [ 118.162858][ T4137] netlink: 'syz.4.117': attribute type 12 has an invalid length. [ 119.526371][ T4153] binder: 4152:4153 ioctl 4018620d 0 returned -22 [ 119.573164][ T4151] device vlan2 entered promiscuous mode [ 119.603097][ T4151] device wlan1 entered promiscuous mode [ 120.429163][ T4180] netlink: 'syz.0.132': attribute type 12 has an invalid length. [ 121.301912][ T4188] binder: 4186:4188 ioctl 4018620d 0 returned -22 [ 121.978731][ T4209] loop2: detected capacity change from 0 to 2048 [ 122.014247][ T4211] device syzkaller1 entered promiscuous mode [ 122.089789][ T4209] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 122.156288][ T4211] netlink: 20 bytes leftover after parsing attributes in process `syz.4.142'. [ 122.484901][ T4221] usb usb8: usbfs: process 4221 (syz.2.143) did not claim interface 0 before use [ 123.067547][ T3650] EXT4-fs (loop2): unmounting filesystem. [ 123.730257][ T4235] binder: 4234:4235 ioctl 4018620d 0 returned -22 [ 124.409534][ T4256] vhci_hcd: default hub control req: 6012 v0002 i0006 l0 [ 124.892953][ T4262] device syzkaller1 entered promiscuous mode [ 124.997142][ T4262] netlink: 20 bytes leftover after parsing attributes in process `syz.4.158'. [ 125.126371][ T3766] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 125.406392][ T3766] usb 3-1: Using ep0 maxpacket: 32 [ 125.545669][ T3766] usb 3-1: config 0 has no interfaces? [ 125.736007][ T3766] usb 3-1: New USB device found, idVendor=04b4, idProduct=1002, bcdDevice=9c.e2 [ 125.751788][ T4275] netlink: 8 bytes leftover after parsing attributes in process `syz.3.163'. [ 125.765732][ T3766] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 125.784333][ T3766] usb 3-1: Product: syz [ 125.803457][ T3766] usb 3-1: Manufacturer: syz [ 125.821128][ T3766] usb 3-1: SerialNumber: syz [ 125.853498][ T3766] usb 3-1: config 0 descriptor?? [ 126.181786][ T3691] usb 3-1: USB disconnect, device number 2 [ 127.185347][ T4319] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 127.430511][ T4319] vhci_hcd: default hub control req: 6012 v0002 i0006 l0 [ 127.944972][ T4337] loop4: detected capacity change from 0 to 4096 [ 128.012519][ T4337] ntfs3: loop4: Different NTFS' sector size (2048) and media sector size (512) [ 128.121279][ T4337] ntfs3: loop4: Mark volume as dirty due to NTFS errors [ 128.302418][ T46] ntfs3: loop4: ntfs3_write_inode r=5 failed, -22. [ 128.414629][ T3648] ntfs3: loop4: ntfs_evict_inode r=5 failed, -22. [ 129.262238][ T4356] netlink: 'syz.4.192': attribute type 1 has an invalid length. [ 129.431006][ T4356] 8021q: adding VLAN 0 to HW filter on device bond1 [ 129.550277][ T4358] bond1: (slave ip6gretap1): Enslaving as an active interface with an up link [ 129.641611][ T4359] device vlan3 entered promiscuous mode [ 129.686728][ T4359] device bond1 entered promiscuous mode [ 129.692384][ T4359] device ip6gretap1 entered promiscuous mode [ 129.910066][ T3704] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready [ 132.405679][ T3652] Bluetooth: hci2: command 0x0406 tx timeout [ 132.597749][ T4403] netlink: 'syz.3.207': attribute type 1 has an invalid length. [ 132.651520][ T4403] 8021q: adding VLAN 0 to HW filter on device bond1 [ 132.736731][ T4405] bond1: (slave ip6gretap1): Enslaving as an active interface with an up link [ 132.785611][ T4403] device vlan2 entered promiscuous mode [ 132.801850][ T4383] loop1: detected capacity change from 0 to 40427 [ 132.804057][ T4403] device bond1 entered promiscuous mode [ 132.825926][ T1271] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.832679][ T1271] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.850308][ T4383] F2FS-fs (loop1): Invalid SB checksum offset: 0 [ 132.862853][ T4383] F2FS-fs (loop1): Can't find valid F2FS filesystem in 2th superblock [ 132.873019][ T4403] device ip6gretap1 entered promiscuous mode [ 132.890273][ T3730] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready [ 132.932926][ T4383] F2FS-fs (loop1): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 133.092778][ T4412] netlink: 16 bytes leftover after parsing attributes in process `syz.3.208'. [ 133.119967][ T4383] F2FS-fs (loop1): Try to recover 2th superblock, ret: 0 [ 133.120977][ T4412] netlink: 16 bytes leftover after parsing attributes in process `syz.3.208'. [ 133.137884][ T4383] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 133.545691][ T4419] netlink: 104 bytes leftover after parsing attributes in process `syz.3.211'. [ 134.726509][ T3652] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 134.737876][ T3652] Bluetooth: hci3: Injecting HCI hardware error event [ 134.750254][ T3657] Bluetooth: hci3: hardware error 0x00 [ 135.071760][ T4437] loop3: detected capacity change from 0 to 256 [ 135.153230][ T4437] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 136.806045][ T3657] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 137.203401][ T4473] loop2: detected capacity change from 0 to 256 [ 137.273384][ T4473] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 139.943185][ T4515] loop4: detected capacity change from 0 to 256 [ 140.002936][ T4515] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 141.452603][ T4532] net veth1_virt_wifi ªªªªªª: renamed from virt_wifi0 [ 142.776611][ T4550] ======================================================= [ 142.776611][ T4550] WARNING: The mand mount option has been deprecated and [ 142.776611][ T4550] and is ignored by this kernel. Remove the mand [ 142.776611][ T4550] option from the mount to silence this warning. [ 142.776611][ T4550] ======================================================= [ 143.385591][ T7] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 144.515992][ T7] usb 5-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c [ 145.419072][ T7] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 145.435002][ T7] usb 5-1: config 0 descriptor?? [ 146.865910][ T7] pegasus: probe of 5-1:0.0 failed with error -71 [ 146.876068][ T7] usb 5-1: USB disconnect, device number 3 [ 147.520611][ T4588] loop1: detected capacity change from 0 to 2048 [ 147.656514][ T4588] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 147.793377][ T4602] netlink: 'syz.3.272': attribute type 1 has an invalid length. [ 147.926123][ T4602] 8021q: adding VLAN 0 to HW filter on device bond2 [ 148.027824][ T4611] usb usb8: usbfs: process 4611 (syz.1.268) did not claim interface 0 before use [ 148.293595][ T4605] device vlan3 entered promiscuous mode [ 148.319229][ T4605] device bond2 entered promiscuous mode [ 148.607700][ T3639] EXT4-fs (loop1): unmounting filesystem. [ 148.842223][ T4622] binder: 4621:4622 ioctl c0306201 0 returned -14 [ 149.654582][ T4622] binder: BINDER_SET_CONTEXT_MGR already set [ 149.696295][ T4622] binder: 4621:4622 ioctl 4018620d 20000040 returned -16 [ 150.756604][ T4641] netlink: 'syz.0.281': attribute type 12 has an invalid length. [ 151.690882][ T4650] loop1: detected capacity change from 0 to 2048 [ 151.812633][ T4650] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 152.234395][ T4662] usb usb8: usbfs: process 4662 (syz.1.286) did not claim interface 0 before use [ 153.017507][ T3639] EXT4-fs (loop1): unmounting filesystem. [ 153.114739][ T4667] binder: 4666:4667 ioctl c0306201 0 returned -14 [ 154.407095][ T4682] loop0: detected capacity change from 0 to 256 [ 154.429064][ T4682] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 154.449074][ T4677] device syzkaller1 entered promiscuous mode [ 154.631904][ T4677] netlink: 20 bytes leftover after parsing attributes in process `syz.3.292'. [ 155.919607][ T4692] syz.2.298[4692] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 155.919740][ T4692] syz.2.298[4692] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 156.258125][ T4697] loop4: detected capacity change from 0 to 2048 [ 156.364002][ T4697] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 156.668932][ T4702] usb usb8: usbfs: process 4702 (syz.4.300) did not claim interface 0 before use [ 157.231365][ T3648] EXT4-fs (loop4): unmounting filesystem. [ 160.571353][ T4725] loop0: detected capacity change from 0 to 256 [ 160.594160][ T4725] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 161.375530][ T4743] netlink: 'syz.0.311': attribute type 12 has an invalid length. [ 162.252250][ T4745] loop4: detected capacity change from 0 to 2048 [ 162.447480][ T4745] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 163.587819][ T4754] usb usb8: usbfs: process 4754 (syz.4.313) did not claim interface 0 before use [ 164.966750][ T3648] EXT4-fs (loop4): unmounting filesystem. [ 166.045644][ T4766] loop4: detected capacity change from 0 to 1764 [ 166.085077][ T4774] loop2: detected capacity change from 0 to 256 [ 166.155825][ T4774] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 167.394059][ T4788] loop1: detected capacity change from 0 to 2048 [ 168.616585][ T4788] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 168.927992][ T4810] usb usb8: usbfs: process 4810 (syz.1.326) did not claim interface 0 before use [ 169.438162][ T3639] EXT4-fs (loop1): unmounting filesystem. [ 171.395484][ C0] sched: RT throttling activated [ 171.631974][ T4823] loop1: detected capacity change from 0 to 1764 [ 171.784536][ T4828] loop1: detected capacity change from 0 to 256 [ 171.808483][ T4828] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 173.021943][ T4849] loop1: detected capacity change from 0 to 2048 [ 173.161201][ T4849] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 175.088334][ T4862] usb usb8: usbfs: process 4862 (syz.1.341) did not claim interface 0 before use [ 175.739085][ T3639] EXT4-fs (loop1): unmounting filesystem. [ 176.029828][ T4872] loop1: detected capacity change from 0 to 1764 [ 176.120871][ T4874] loop2: detected capacity change from 0 to 256 [ 176.167580][ T4874] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 179.032018][ T4895] loop3: detected capacity change from 0 to 2048 [ 179.254130][ T4895] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 180.052231][ T4906] usb usb8: usbfs: process 4906 (syz.3.355) did not claim interface 0 before use [ 181.882673][ T3640] EXT4-fs (loop3): unmounting filesystem. [ 182.217650][ T4917] loop4: detected capacity change from 0 to 256 [ 182.248724][ T4917] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 191.369252][ T4948] loop3: detected capacity change from 0 to 2048 [ 192.337853][ T4948] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 192.517203][ T3652] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 192.532654][ T3652] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 192.541291][ T3652] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 192.554948][ T3652] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 193.358371][ T4972] usb usb8: usbfs: process 4972 (syz.3.371) did not claim interface 0 before use [ 193.775833][ T48] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 193.817078][ T48] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 193.908559][ T3640] EXT4-fs (loop3): unmounting filesystem. [ 193.998369][ T3704] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 194.263126][ T1271] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.271796][ T1271] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.053247][ T3704] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 195.085932][ T3655] Bluetooth: hci2: Malformed Event: 0x13 [ 195.206144][ T3704] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 195.429038][ T3704] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 195.492168][ T4995] netlink: 8 bytes leftover after parsing attributes in process `syz.2.381'. [ 195.841987][ T4964] chnl_net:caif_netlink_parms(): no params data found [ 195.925793][ T3655] Bluetooth: hci3: command tx timeout [ 196.576846][ T3652] Bluetooth: hci1: command 0x0406 tx timeout [ 196.583673][ T3652] Bluetooth: hci0: command 0x0406 tx timeout [ 197.459357][ T4964] bridge0: port 1(bridge_slave_0) entered blocking state [ 197.488832][ T4964] bridge0: port 1(bridge_slave_0) entered disabled state [ 197.522429][ T4964] device bridge_slave_0 entered promiscuous mode [ 197.569405][ T4964] bridge0: port 2(bridge_slave_1) entered blocking state [ 197.596291][ T5015] loop4: detected capacity change from 0 to 2048 [ 197.610140][ T4964] bridge0: port 2(bridge_slave_1) entered disabled state [ 197.621359][ T4964] device bridge_slave_1 entered promiscuous mode [ 198.512853][ T48] Bluetooth: hci3: command tx timeout [ 198.539826][ T5015] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 198.668108][ T4964] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 198.702642][ T4964] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 198.829075][ T4964] team0: Port device team_slave_0 added [ 198.909172][ T5022] usb usb8: usbfs: process 5022 (syz.4.386) did not claim interface 0 before use [ 199.341549][ T3648] EXT4-fs (loop4): unmounting filesystem. [ 199.470308][ T4964] team0: Port device team_slave_1 added [ 199.635815][ T4964] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 200.532836][ T4964] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 200.567645][ T48] Bluetooth: hci3: command tx timeout [ 200.569144][ T4964] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 200.604989][ T4964] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 200.612240][ T4964] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 200.638655][ T4964] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 201.464852][ T5043] netlink: 16 bytes leftover after parsing attributes in process `syz.3.392'. [ 201.651647][ T4964] device hsr_slave_0 entered promiscuous mode [ 201.694898][ T4964] device hsr_slave_1 entered promiscuous mode [ 201.718410][ T4964] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 201.734319][ T4964] Cannot create hsr debugfs directory [ 201.922328][ T5050] loop3: detected capacity change from 0 to 2048 [ 202.368753][ T5050] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 202.646043][ T3655] Bluetooth: hci3: command tx timeout [ 202.963333][ T5061] usb usb8: usbfs: process 5061 (syz.3.396) did not claim interface 0 before use [ 203.742129][ T3640] EXT4-fs (loop3): unmounting filesystem. [ 203.749258][ T3704] device hsr_slave_0 left promiscuous mode [ 203.782886][ T3704] device hsr_slave_1 left promiscuous mode [ 203.811949][ T3704] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 203.832088][ T3704] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 203.854701][ T3704] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 203.876068][ T3704] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 203.892402][ T3704] device bridge_slave_1 left promiscuous mode [ 203.903379][ T3704] bridge0: port 2(bridge_slave_1) entered disabled state [ 203.918590][ T3704] device bridge_slave_0 left promiscuous mode [ 203.924938][ T3704] bridge0: port 1(bridge_slave_0) entered disabled state [ 203.960243][ T3704] device veth1_macvtap left promiscuous mode [ 203.966940][ T3704] device veth0_macvtap left promiscuous mode [ 203.973168][ T3704] device veth1_vlan left promiscuous mode [ 203.981256][ T3704] device veth0_vlan left promiscuous mode [ 207.473160][ T3704] team0 (unregistering): Port device team_slave_1 removed [ 207.522008][ T3704] team0 (unregistering): Port device team_slave_0 removed [ 207.563796][ T3704] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 207.611150][ T3704] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 207.847486][ T5084] netlink: 16 bytes leftover after parsing attributes in process `syz.3.402'. [ 208.036144][ T5089] loop1: detected capacity change from 0 to 256 [ 208.080282][ T5089] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 208.432333][ T3704] bond0 (unregistering): Released all slaves [ 208.677646][ T5097] netlink: 28 bytes leftover after parsing attributes in process `syz.2.408'. [ 208.852403][ T48] Bluetooth: hci1: Malformed Event: 0x13 [ 209.774223][ T5106] netlink: 'syz.3.412': attribute type 1 has an invalid length. [ 209.799918][ T5110] netlink: 16 bytes leftover after parsing attributes in process `syz.4.413'. [ 209.843336][ T5106] 8021q: adding VLAN 0 to HW filter on device bond3 [ 209.879820][ T5108] device vlan4 entered promiscuous mode [ 209.900623][ T5108] device bond3 entered promiscuous mode [ 210.223226][ T5119] loop3: detected capacity change from 0 to 256 [ 210.355081][ T5119] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 211.523025][ T4964] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 211.624393][ T4964] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 211.638896][ T4964] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 212.138444][ T4964] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 212.883621][ T4964] 8021q: adding VLAN 0 to HW filter on device bond0 [ 212.930177][ T5134] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 212.945302][ T5134] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 212.968896][ T4964] 8021q: adding VLAN 0 to HW filter on device team0 [ 213.041828][ T5134] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 213.058746][ T5134] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 213.089922][ T5134] bridge0: port 1(bridge_slave_0) entered blocking state [ 213.097158][ T5134] bridge0: port 1(bridge_slave_0) entered forwarding state [ 213.173122][ T5134] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 213.355758][ T5144] netlink: 8 bytes leftover after parsing attributes in process `syz.2.424'. [ 213.362590][ T5134] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 214.287706][ T5134] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 214.506436][ T5134] bridge0: port 2(bridge_slave_1) entered blocking state [ 214.513590][ T5134] bridge0: port 2(bridge_slave_1) entered forwarding state [ 214.553922][ T5134] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 214.571434][ T5157] loop1: detected capacity change from 0 to 256 [ 214.582053][ T5134] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 214.602484][ T3754] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 214.612341][ T3754] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 214.631989][ T5157] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 214.821509][ T3754] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 214.832394][ T3754] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 214.848124][ T3754] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 216.465789][ T3704] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 216.493172][ T3704] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 216.512843][ T48] Bluetooth: hci0: Malformed Event: 0x13 [ 216.573730][ T3704] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 216.641025][ T3704] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 216.810945][ T5179] netlink: 8 bytes leftover after parsing attributes in process `syz.3.436'. [ 217.701337][ T4964] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 218.510823][ T5193] loop2: detected capacity change from 0 to 256 [ 218.579878][ T5193] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 220.549615][ T5134] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 220.558221][ T5134] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 220.620820][ T4964] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 220.727866][ T3748] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 220.760410][ T5218] netlink: 8 bytes leftover after parsing attributes in process `syz.1.447'. [ 220.767060][ T3748] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 220.902718][ T4964] device veth0_vlan entered promiscuous mode [ 220.935391][ T4964] device veth1_vlan entered promiscuous mode [ 220.974610][ T3748] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 220.989743][ T3748] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 221.002858][ T3748] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 221.201686][ T3748] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 221.334556][ T3748] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 221.469400][ T3748] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 221.829935][ T3748] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 221.848596][ T3748] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 221.876936][ T4964] device veth0_macvtap entered promiscuous mode [ 221.888594][ T4964] device veth1_macvtap entered promiscuous mode [ 222.594059][ T4964] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 222.688120][ T4964] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 222.698136][ T4964] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 222.708946][ T4964] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 222.718887][ T4964] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 222.729636][ T4964] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 222.742076][ T4964] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 222.753044][ T4964] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 222.763766][ T4964] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 222.782429][ T4964] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 222.827336][ T4964] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 222.868069][ T4964] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 222.914258][ T4964] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 222.932028][ T5238] loop4: detected capacity change from 0 to 256 [ 223.014373][ T4964] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 224.398325][ T5238] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 224.407087][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 224.496743][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 224.507010][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 224.516159][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 224.525214][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 224.540136][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 224.571962][ T4964] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 224.599825][ T4964] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 224.619017][ T4964] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 224.648014][ T4964] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 225.002846][ T3704] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 225.014002][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 225.037315][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 225.038187][ T3704] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 225.066134][ T3704] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 226.643452][ T4674] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 227.351889][ T5271] loop3: detected capacity change from 0 to 256 [ 227.419256][ T5271] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 227.555927][ T48] Bluetooth: hci0: Malformed Event: 0x13 [ 231.426923][ T5296] netlink: 'syz.3.472': attribute type 1 has an invalid length. [ 231.449551][ T5296] 8021q: adding VLAN 0 to HW filter on device bond4 [ 231.468298][ T5296] device vlan5 entered promiscuous mode [ 231.473903][ T5296] device bond4 entered promiscuous mode [ 232.662879][ T5315] loop2: detected capacity change from 0 to 256 [ 232.756809][ T48] Bluetooth: hci0: Malformed Event: 0x13 [ 232.778196][ T5315] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 234.310384][ T5336] netlink: 'syz.1.485': attribute type 12 has an invalid length. [ 234.851583][ T5347] binder: 5345:5347 ioctl 4018620d 0 returned -22 [ 236.262852][ T48] Bluetooth: hci3: Malformed Event: 0x13 [ 236.377431][ T5360] device syzkaller1 entered promiscuous mode [ 236.429781][ T5360] netlink: 20 bytes leftover after parsing attributes in process `syz.1.493'. [ 236.449341][ T5373] loop0: detected capacity change from 0 to 256 [ 236.499339][ T5373] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 236.763626][ T5384] binder: 5383:5384 ioctl 4018620d 0 returned -22 [ 236.908921][ T5386] netlink: 16 bytes leftover after parsing attributes in process `syz.3.502'. [ 236.964621][ T5386] netlink: 40 bytes leftover after parsing attributes in process `syz.3.502'. [ 237.235342][ T5391] netlink: 'syz.0.504': attribute type 12 has an invalid length. [ 237.949223][ T5396] netlink: 'syz.3.506': attribute type 1 has an invalid length. [ 238.657099][ T5396] 8021q: adding VLAN 0 to HW filter on device bond5 [ 239.048008][ T5404] device vlan6 entered promiscuous mode [ 239.053678][ T5404] device bond5 entered promiscuous mode [ 239.085968][ T48] Bluetooth: hci0: Malformed Event: 0x13 [ 239.199326][ T5416] binder: 5415:5416 ioctl 4018620d 0 returned -22 [ 239.382214][ T5424] netlink: 16 bytes leftover after parsing attributes in process `syz.1.516'. [ 239.428241][ T5424] netlink: 40 bytes leftover after parsing attributes in process `syz.1.516'. [ 240.828168][ T48] Bluetooth: hci3: Malformed Event: 0x13 [ 240.922921][ T5449] netlink: 'syz.4.522': attribute type 12 has an invalid length. [ 241.067663][ T5453] binder: 5452:5453 ioctl c0306201 0 returned -14 [ 241.188108][ T5459] loop3: detected capacity change from 0 to 1764 [ 243.034958][ T48] Bluetooth: hci2: Malformed Event: 0x13 [ 244.311401][ T5494] binder: 5493:5494 ioctl c0306201 0 returned -14 [ 244.787241][ T5505] netlink: 'syz.2.542': attribute type 12 has an invalid length. [ 245.389573][ T5500] loop1: detected capacity change from 0 to 1764 [ 245.601456][ T5509] netlink: 'syz.3.544': attribute type 1 has an invalid length. [ 245.791805][ T5509] 8021q: adding VLAN 0 to HW filter on device bond6 [ 245.949977][ T5515] device vlan7 entered promiscuous mode [ 245.968940][ T5515] device bond6 entered promiscuous mode [ 246.965574][ T5525] netlink: 48 bytes leftover after parsing attributes in process `syz.3.547'. [ 247.973476][ T5532] netlink: 80 bytes leftover after parsing attributes in process `syz.1.552'. [ 247.985126][ T5535] binder: 5533:5535 ioctl c0306201 0 returned -14 [ 248.460445][ T5543] loop2: detected capacity change from 0 to 1764 [ 248.653229][ T5545] netlink: 'syz.1.556': attribute type 12 has an invalid length. [ 248.752092][ T5548] netlink: 'syz.0.557': attribute type 1 has an invalid length. [ 248.822398][ T5548] device vlan2 entered promiscuous mode [ 248.845634][ T5548] device veth1_virt_wifi entered promiscuous mode [ 249.043613][ T5555] netlink: 48 bytes leftover after parsing attributes in process `syz.3.560'. [ 250.667392][ T5568] netlink: 80 bytes leftover after parsing attributes in process `syz.0.565'. [ 251.047902][ T5579] loop4: detected capacity change from 0 to 1764 [ 251.269672][ T5581] netlink: 'syz.2.571': attribute type 12 has an invalid length. [ 251.620021][ T5593] netlink: 48 bytes leftover after parsing attributes in process `syz.4.574'. [ 254.424959][ T5613] netlink: 80 bytes leftover after parsing attributes in process `syz.1.580'. [ 254.728240][ T5620] loop1: detected capacity change from 0 to 1764 [ 255.729830][ T1271] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.740864][ T1271] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.815611][ T3691] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 256.640638][ T5648] netlink: 80 bytes leftover after parsing attributes in process `syz.2.594'. [ 256.732729][ T3691] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 256.743984][ T3691] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 256.758339][ T3691] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 256.767897][ T3691] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 256.778144][ T3691] usb 5-1: config 0 descriptor?? [ 256.796823][ T5652] loop1: detected capacity change from 0 to 1764 [ 257.279789][ T3691] plantronics 0003:047F:FFFF.0001: No inputs registered, leaving [ 257.404316][ T3691] plantronics 0003:047F:FFFF.0001: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 259.007899][ T3714] usb 5-1: USB disconnect, device number 4 [ 259.268757][ T5690] netlink: 16 bytes leftover after parsing attributes in process `syz.4.611'. [ 259.301598][ T5690] netlink: 36 bytes leftover after parsing attributes in process `syz.4.611'. [ 259.499576][ T5695] loop2: detected capacity change from 0 to 1764 [ 261.668517][ T5722] netlink: 16 bytes leftover after parsing attributes in process `syz.0.624'. [ 261.683142][ T5722] netlink: 36 bytes leftover after parsing attributes in process `syz.0.624'. [ 261.908605][ T5726] loop2: detected capacity change from 0 to 1764 [ 261.958291][ T5728] netlink: 104 bytes leftover after parsing attributes in process `syz.0.627'. [ 264.914223][ T5759] netlink: 16 bytes leftover after parsing attributes in process `syz.2.639'. [ 264.935496][ T5759] netlink: 36 bytes leftover after parsing attributes in process `syz.2.639'. [ 265.010873][ T5768] loop0: detected capacity change from 0 to 1764 [ 268.516728][ T5785] device syzkaller1 entered promiscuous mode [ 268.585216][ T5785] netlink: 20 bytes leftover after parsing attributes in process `syz.2.644'. [ 269.310298][ T5803] binder: 5802:5803 ioctl c0306201 0 returned -14 [ 270.778358][ T5812] loop0: detected capacity change from 0 to 1764 [ 272.530245][ T5829] netlink: 104 bytes leftover after parsing attributes in process `syz.0.658'. [ 273.554032][ T5836] netlink: 16 bytes leftover after parsing attributes in process `syz.4.662'. [ 273.563136][ T5836] netlink: 52 bytes leftover after parsing attributes in process `syz.4.662'. [ 273.617269][ T5839] binder: 5837:5839 ioctl c0306201 0 returned -14 [ 273.674275][ T5843] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 274.975114][ T5843] vhci_hcd: default hub control req: 6012 v0002 i0006 l0 [ 275.090461][ T5859] loop0: detected capacity change from 0 to 1764 [ 275.342585][ T5870] netlink: 16 bytes leftover after parsing attributes in process `syz.0.674'. [ 275.374677][ T5870] netlink: 48 bytes leftover after parsing attributes in process `syz.0.674'. [ 275.508741][ T5873] binder: 5872:5873 ioctl c0306201 0 returned -14 [ 275.540137][ T5875] netlink: 104 bytes leftover after parsing attributes in process `syz.0.676'. [ 276.526018][ T3691] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 277.127146][ T3691] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 277.137477][ T3691] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 277.210381][ T3691] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 277.293640][ T3691] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 277.916731][ T3691] usb 5-1: config 0 descriptor?? [ 277.968691][ T3691] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 278.154472][ T5899] loop2: detected capacity change from 0 to 1764 [ 278.168866][ T5901] netlink: 16 bytes leftover after parsing attributes in process `syz.3.686'. [ 278.182289][ T5901] netlink: 48 bytes leftover after parsing attributes in process `syz.3.686'. [ 278.275663][ T3691] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 278.380571][ T5909] netlink: 104 bytes leftover after parsing attributes in process `syz.2.690'. [ 279.151711][ T3691] usb 1-1: Using ep0 maxpacket: 32 [ 279.335802][ T3691] usb 1-1: config 0 has no interfaces? [ 279.391390][ T4893] usb 5-1: USB disconnect, device number 5 [ 279.660735][ T3691] usb 1-1: New USB device found, idVendor=04b4, idProduct=1002, bcdDevice=9c.e2 [ 279.680322][ T3691] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 279.713820][ T3691] usb 1-1: Product: syz [ 279.727611][ T3691] usb 1-1: Manufacturer: syz [ 279.739919][ T3691] usb 1-1: SerialNumber: syz [ 279.747761][ T3691] usb 1-1: config 0 descriptor?? [ 279.840201][ T5930] loop4: detected capacity change from 0 to 1764 [ 279.958046][ T5935] netlink: 16 bytes leftover after parsing attributes in process `syz.4.699'. [ 279.968720][ T5935] netlink: 48 bytes leftover after parsing attributes in process `syz.4.699'. [ 279.990833][ T3691] usb 1-1: USB disconnect, device number 2 [ 283.802012][ T5962] netlink: 16 bytes leftover after parsing attributes in process `syz.4.710'. [ 283.842354][ T5962] netlink: 40 bytes leftover after parsing attributes in process `syz.4.710'. [ 284.336608][ T5981] netlink: 'syz.0.717': attribute type 12 has an invalid length. [ 286.228211][ T26] kauditd_printk_skb: 12 callbacks suppressed [ 286.228228][ T26] audit: type=1326 audit(1725120103.881:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5991 comm="syz.0.722" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc217b79eb9 code=0x7ffc0000 [ 286.407572][ T26] audit: type=1326 audit(1725120103.881:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5991 comm="syz.0.722" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc217b79eb9 code=0x7ffc0000 [ 286.483165][ T26] audit: type=1326 audit(1725120103.881:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5991 comm="syz.0.722" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc217b79eb9 code=0x7ffc0000 [ 286.580661][ T26] audit: type=1326 audit(1725120103.881:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5991 comm="syz.0.722" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc217b79eb9 code=0x7ffc0000 [ 286.676881][ T26] audit: type=1326 audit(1725120103.881:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5991 comm="syz.0.722" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc217b79eb9 code=0x7ffc0000 [ 286.742799][ T26] audit: type=1326 audit(1725120103.881:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5991 comm="syz.0.722" exe="/root/syz-executor" sig=0 arch=c000003e syscall=79 compat=0 ip=0x7fc217b79eb9 code=0x7ffc0000 [ 286.784694][ T6005] 9pnet: Could not find request transport: fd0xffffffffffffffff [ 286.814438][ T26] audit: type=1326 audit(1725120103.881:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5991 comm="syz.0.722" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc217b79eb9 code=0x7ffc0000 [ 286.904403][ T6009] netlink: 16 bytes leftover after parsing attributes in process `syz.3.726'. [ 286.955662][ T6009] netlink: 40 bytes leftover after parsing attributes in process `syz.3.726'. [ 287.164555][ T6014] netlink: 104 bytes leftover after parsing attributes in process `syz.3.729'. [ 287.923334][ T6023] syz.3.732[6023] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 287.924399][ T6023] syz.3.732[6023] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 288.579451][ T6027] netlink: 'syz.4.733': attribute type 12 has an invalid length. [ 289.708364][ T6040] netlink: 16 bytes leftover after parsing attributes in process `syz.0.739'. [ 289.755519][ T6040] netlink: 40 bytes leftover after parsing attributes in process `syz.0.739'. [ 290.052146][ T6054] netlink: 104 bytes leftover after parsing attributes in process `syz.0.742'. [ 291.212915][ T6029] loop2: detected capacity change from 0 to 32768 [ 291.366160][ T26] audit: type=1326 audit(1725120109.021:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6061 comm="syz.3.746" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4f12179eb9 code=0x7ffc0000 [ 292.050499][ T26] audit: type=1326 audit(1725120109.021:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6061 comm="syz.3.746" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4f12179eb9 code=0x7ffc0000 [ 292.106252][ T6067] netlink: 'syz.1.747': attribute type 12 has an invalid length. [ 292.213973][ T26] audit: type=1326 audit(1725120109.731:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6061 comm="syz.3.746" exe="/root/syz-executor" sig=0 arch=c000003e syscall=424 compat=0 ip=0x7f4f12179eb9 code=0x7ffc0000 [ 292.332065][ T26] audit: type=1326 audit(1725120109.731:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6061 comm="syz.3.746" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4f12179eb9 code=0x7ffc0000 [ 292.431239][ T26] audit: type=1326 audit(1725120109.731:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6061 comm="syz.3.746" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4f12179eb9 code=0x7ffc0000 [ 292.538460][ T26] audit: type=1326 audit(1725120110.111:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6070 comm="syz.4.748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef2c379eb9 code=0x7ffc0000 [ 292.645534][ T26] audit: type=1326 audit(1725120110.181:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6070 comm="syz.4.748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fef2c379eb9 code=0x7ffc0000 [ 292.679689][ T6071] loop4: detected capacity change from 0 to 8192 [ 292.741455][ T6071] ldm_parse_privhead(): Cannot find PRIVHEAD structure. LDM database is corrupt. Aborting. [ 292.750574][ T26] audit: type=1326 audit(1725120110.181:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6070 comm="syz.4.748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef2c379eb9 code=0x7ffc0000 [ 292.781831][ T6071] ldm_validate_privheads(): Cannot find PRIVHEAD 1. [ 292.808377][ T6071] loop4: p2 p3 p4 [ 292.812579][ T6071] loop4: partition table partially beyond EOD, truncated [ 292.823563][ T26] audit: type=1326 audit(1725120110.181:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6070 comm="syz.4.748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef2c379eb9 code=0x7ffc0000 [ 292.839021][ T6071] loop4: p2 start 452985600 is beyond EOD, [ 292.876880][ T26] audit: type=1326 audit(1725120110.181:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6070 comm="syz.4.748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=55 compat=0 ip=0x7fef2c379eb9 code=0x7ffc0000 [ 292.888641][ T6071] truncated [ 292.932918][ T6071] loop4: p3 size 33554432 extends beyond EOD, truncated [ 292.960440][ T6071] loop4: p4 start 8388607 is beyond EOD, truncated [ 293.032308][ T6089] netlink: 104 bytes leftover after parsing attributes in process `syz.0.755'. [ 293.365276][ T6101] loop0: detected capacity change from 0 to 1764 [ 293.525059][ T6104] device syzkaller1 entered promiscuous mode [ 294.011027][ T6109] netlink: 'syz.0.762': attribute type 12 has an invalid length. [ 295.385701][ T6126] netlink: 104 bytes leftover after parsing attributes in process `syz.4.768'. [ 295.958629][ T6134] loop4: detected capacity change from 0 to 512 [ 296.018241][ T6134] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 296.126218][ T6134] EXT4-fs (loop4): 1 orphan inode deleted [ 296.134611][ T6134] EXT4-fs (loop4): 1 truncate cleaned up [ 296.172666][ T6134] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 296.439438][ T3648] EXT4-fs (loop4): unmounting filesystem. [ 296.648142][ T6147] netlink: 'syz.1.775': attribute type 12 has an invalid length. [ 297.660951][ T6157] netlink: 104 bytes leftover after parsing attributes in process `syz.1.781'. [ 297.820728][ T6160] device syzkaller1 entered promiscuous mode [ 297.879503][ T6160] netlink: 20 bytes leftover after parsing attributes in process `syz.4.780'. [ 299.295481][ T3714] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 299.682986][ T3714] usb 1-1: Using ep0 maxpacket: 32 [ 299.906632][ T3714] usb 1-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 300.995568][ T3714] usb 1-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xE3, skipping [ 301.076921][ T3714] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0 [ 301.097197][ T3714] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 0 [ 301.124385][ T3714] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 301.148917][ T3714] usb 1-1: config 0 interface 0 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3 [ 302.541991][ T6190] netlink: 'syz.4.791': attribute type 12 has an invalid length. [ 304.682261][ T6192] netlink: 104 bytes leftover after parsing attributes in process `syz.2.793'. [ 304.729800][ T6194] loop0: detected capacity change from 0 to 512 [ 304.736469][ T3714] usb 1-1: New USB device found, idVendor=0572, idProduct=cafe, bcdDevice=55.01 [ 304.759357][ T3714] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 304.798485][ T3714] usb 1-1: config 0 descriptor?? [ 304.825813][ T3714] usb 1-1: can't set config #0, error -71 [ 304.836675][ T3714] usb 1-1: USB disconnect, device number 3 [ 304.845325][ T6194] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 304.895198][ T6194] ext4 filesystem being mounted at /76/file0 supports timestamps until 2038 (0x7fffffff) [ 305.088743][ T6194] EXT4-fs error (device loop0): ext4_add_entry:2484: inode #2: comm syz.0.794: Directory hole found for htree leaf block 0 [ 305.309269][ T4964] EXT4-fs (loop0): unmounting filesystem. [ 305.461612][ T6209] device syzkaller1 entered promiscuous mode [ 305.594344][ T6209] netlink: 20 bytes leftover after parsing attributes in process `syz.4.798'. [ 305.611269][ T6212] netdevsim netdevsim2: loading /lib/firmware/. failed with error -22 [ 305.639111][ T6212] netdevsim netdevsim2: Direct firmware load for . failed with error -22 [ 305.709534][ T6212] netdevsim netdevsim2: Falling back to sysfs fallback for: . [ 305.960378][ T6220] syz.0.803[6220] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 305.960498][ T6220] syz.0.803[6220] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 306.162450][ T6225] netlink: 104 bytes leftover after parsing attributes in process `syz.1.805'. [ 306.222914][ T26] kauditd_printk_skb: 45 callbacks suppressed [ 306.222926][ T26] audit: type=1326 audit(1725120123.871:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6226 comm="syz.0.806" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc217b79eb9 code=0x7ffc0000 [ 306.340519][ T26] audit: type=1326 audit(1725120123.911:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6226 comm="syz.0.806" exe="/root/syz-executor" sig=0 arch=c000003e syscall=33 compat=0 ip=0x7fc217b79eb9 code=0x7ffc0000 [ 306.412509][ T26] audit: type=1326 audit(1725120123.911:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6226 comm="syz.0.806" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc217b79eb9 code=0x7ffc0000 [ 307.568553][ T6234] netlink: 'syz.2.808': attribute type 12 has an invalid length. [ 310.398556][ T26] audit: type=1326 audit(1725120128.051:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6243 comm="syz.0.814" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc217b79eb9 code=0x7ffc0000 [ 310.484113][ T26] audit: type=1326 audit(1725120128.081:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6243 comm="syz.0.814" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc217b79eb9 code=0x7ffc0000 [ 310.609371][ T26] audit: type=1326 audit(1725120128.081:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6243 comm="syz.0.814" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc217b79eb9 code=0x7ffc0000 [ 310.714654][ T26] audit: type=1326 audit(1725120128.081:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6243 comm="syz.0.814" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc217b79eb9 code=0x7ffc0000 [ 310.836358][ T26] audit: type=1326 audit(1725120128.081:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6243 comm="syz.0.814" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc217b79eb9 code=0x7ffc0000 [ 310.861711][ T6260] netlink: 104 bytes leftover after parsing attributes in process `syz.2.819'. [ 310.953494][ T26] audit: type=1326 audit(1725120128.081:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6243 comm="syz.0.814" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc217b79eb9 code=0x7ffc0000 [ 310.991984][ T26] audit: type=1326 audit(1725120128.081:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6243 comm="syz.0.814" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc217b79eb9 code=0x7ffc0000 [ 311.458151][ T6267] device syzkaller1 entered promiscuous mode [ 311.574473][ T6266] netlink: 20 bytes leftover after parsing attributes in process `syz.2.821'. [ 311.891909][ T6269] loop3: detected capacity change from 0 to 256 [ 311.931672][ T6269] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 312.540779][ T6281] netlink: 'syz.3.828': attribute type 7 has an invalid length. [ 312.557838][ T6279] loop0: detected capacity change from 0 to 1024 [ 312.793126][ T6279] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 312.846800][ T6291] netlink: 104 bytes leftover after parsing attributes in process `syz.4.831'. [ 312.854068][ T6288] netlink: 'syz.2.829': attribute type 12 has an invalid length. [ 312.872024][ T6289] netlink: 8 bytes leftover after parsing attributes in process `syz.3.830'. [ 314.716415][ T26] kauditd_printk_skb: 6 callbacks suppressed [ 314.716430][ T26] audit: type=1326 audit(1725120132.371:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6296 comm="syz.3.833" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f4f12179eb9 code=0x0 [ 314.858608][ T4964] EXT4-fs (loop0): unmounting filesystem. [ 315.255717][ T3714] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 315.465524][ T3714] usb 1-1: device descriptor read/64, error -71 [ 315.759002][ T6311] device syzkaller1 entered promiscuous mode [ 315.778743][ T6311] netlink: 20 bytes leftover after parsing attributes in process `syz.2.839'. [ 315.805888][ T3714] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 316.007817][ T6320] netlink: 104 bytes leftover after parsing attributes in process `syz.4.842'. [ 316.807728][ T3714] usb 1-1: device descriptor read/64, error -71 [ 316.935915][ T3714] usb usb1-port1: attempt power cycle [ 317.129300][ T1271] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.137707][ T1271] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.415981][ T3714] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 317.646695][ T3714] usb 1-1: device descriptor read/8, error -71 [ 317.787251][ T6330] netlink: 'syz.2.845': attribute type 12 has an invalid length. [ 317.946606][ T3714] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 318.625614][ T3714] usb 1-1: device descriptor read/8, error -71 [ 318.885583][ T3714] usb usb1-port1: unable to enumerate USB device [ 319.208262][ T48] Bluetooth: hci3: command 0x0406 tx timeout [ 322.004421][ T6349] netlink: 104 bytes leftover after parsing attributes in process `syz.2.854'. [ 322.023580][ T6348] ptrace attach of "./syz-executor exec"[3648] was attempted by "./syz-executor exec"[6348] [ 322.306105][ T48] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 322.318935][ T48] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 322.328817][ T48] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 322.339828][ T48] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 322.348917][ T48] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 322.358339][ T48] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 322.444879][ T6354] device syzkaller1 entered promiscuous mode [ 322.533572][ T6356] netlink: 20 bytes leftover after parsing attributes in process `syz.2.855'. [ 323.015540][ T155] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 323.176278][ T6353] chnl_net:caif_netlink_parms(): no params data found [ 323.215488][ T155] usb 5-1: device descriptor read/64, error -71 [ 323.505547][ T155] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 323.522471][ T6353] bridge0: port 1(bridge_slave_0) entered blocking state [ 323.576288][ T6353] bridge0: port 1(bridge_slave_0) entered disabled state [ 323.585324][ T6353] device bridge_slave_0 entered promiscuous mode [ 323.612063][ T6353] bridge0: port 2(bridge_slave_1) entered blocking state [ 323.647000][ T6353] bridge0: port 2(bridge_slave_1) entered disabled state [ 323.705888][ T155] usb 5-1: device descriptor read/64, error -71 [ 323.710586][ T6353] device bridge_slave_1 entered promiscuous mode [ 323.937139][ T155] usb usb5-port1: attempt power cycle [ 324.406083][ T3655] Bluetooth: hci5: command tx timeout [ 324.492524][ T6370] netlink: 'syz.2.857': attribute type 12 has an invalid length. [ 324.538685][ T6353] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 324.583420][ T6353] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 324.682250][ T6353] team0: Port device team_slave_0 added [ 324.691649][ T6353] team0: Port device team_slave_1 added [ 324.720562][ T6353] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 324.755550][ T6353] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 324.795625][ T155] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 324.840790][ T6353] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 324.867628][ T6353] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 324.874685][ T6353] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 324.900354][ T155] usb 5-1: device descriptor read/8, error -71 [ 324.940027][ T6353] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 325.039174][ T6353] device hsr_slave_0 entered promiscuous mode [ 325.046678][ T6353] device hsr_slave_1 entered promiscuous mode [ 325.132105][ T6353] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 325.154132][ T6353] Cannot create hsr debugfs directory [ 325.358265][ T155] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 325.476525][ T155] usb 5-1: device descriptor read/8, error -71 [ 326.085867][ T155] usb usb5-port1: unable to enumerate USB device [ 326.216429][ T6392] device syzkaller1 entered promiscuous mode [ 326.321200][ T6393] netlink: 20 bytes leftover after parsing attributes in process `syz.0.866'. [ 326.485547][ T3655] Bluetooth: hci5: command tx timeout [ 326.605649][ T155] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 326.682520][ T6353] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 326.855520][ T155] usb 5-1: Using ep0 maxpacket: 32 [ 326.975591][ T155] usb 5-1: config 0 has no interfaces? [ 327.105294][ T6353] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 327.136161][ T155] usb 5-1: New USB device found, idVendor=04b4, idProduct=1002, bcdDevice=9c.e2 [ 327.155923][ T155] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 327.164069][ T155] usb 5-1: Product: syz [ 327.181037][ T155] usb 5-1: Manufacturer: syz [ 327.192025][ T155] usb 5-1: SerialNumber: syz [ 327.248259][ T155] usb 5-1: config 0 descriptor?? [ 327.375192][ T6353] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 327.526536][ T4893] usb 5-1: USB disconnect, device number 10 [ 327.631460][ T6353] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 327.782870][ T6403] loop2: detected capacity change from 0 to 32768 [ 327.812225][ T6403] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 scanned by syz.2.870 (6403) [ 327.828549][ T26] audit: type=1326 audit(1725120145.481:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6407 comm="syz.3.872" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4f12179eb9 code=0x0 [ 327.902489][ T6403] BTRFS info (device loop2): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 327.921995][ T6353] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 327.929158][ T6403] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 327.940472][ T6403] BTRFS info (device loop2): setting nodatacow, compression disabled [ 327.950250][ T6353] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 327.958548][ T6403] BTRFS info (device loop2): setting datacow [ 327.964751][ T6403] BTRFS info (device loop2): doing ref verification [ 327.977125][ T6353] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 327.984417][ T6403] BTRFS info (device loop2): force clearing of disk cache [ 328.000845][ T6353] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 328.011231][ T6403] BTRFS info (device loop2): turning off barriers [ 328.031811][ T6403] BTRFS info (device loop2): disabling tree log [ 328.045960][ T6409] dccp_close: ABORT with 104 bytes unread [ 328.058220][ T6403] BTRFS info (device loop2): using free space tree [ 328.193784][ T6353] 8021q: adding VLAN 0 to HW filter on device bond0 [ 328.229586][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 328.243940][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 328.261458][ T6353] 8021q: adding VLAN 0 to HW filter on device team0 [ 328.315369][ T3753] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 328.365265][ T6403] BTRFS info (device loop2): rebuilding free space tree [ 328.374257][ T3753] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 328.394879][ T3753] bridge0: port 1(bridge_slave_0) entered blocking state [ 328.403029][ T3753] bridge0: port 1(bridge_slave_0) entered forwarding state [ 328.462418][ T3753] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 328.515827][ T3753] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 328.556528][ T3753] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 328.565504][ T3655] Bluetooth: hci5: command tx timeout [ 328.595801][ T3753] bridge0: port 2(bridge_slave_1) entered blocking state [ 328.602995][ T3753] bridge0: port 2(bridge_slave_1) entered forwarding state [ 328.660816][ T3753] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 328.717119][ T3753] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 328.759759][ T3753] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 328.807095][ T3753] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 328.833374][ T3753] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 328.879713][ T3753] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 328.903784][ T3753] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 328.921438][ T3751] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 328.934310][ T3751] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 328.958958][ T6353] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 328.981054][ T6353] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 328.997421][ T3751] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 329.036419][ T3751] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 329.098906][ T3691] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 329.290235][ T3650] BTRFS info (device loop2): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 329.357359][ T3691] usb 4-1: Using ep0 maxpacket: 16 [ 329.646701][ T3691] usb 4-1: New USB device found, idVendor=12d6, idProduct=0444, bcdDevice=6c.de [ 329.656236][ T3691] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 329.664616][ T3691] usb 4-1: Product: syz [ 329.668931][ T3691] usb 4-1: Manufacturer: syz [ 329.673554][ T3691] usb 4-1: SerialNumber: syz [ 329.680566][ T3691] usb 4-1: config 0 descriptor?? [ 329.726470][ T3691] ems_usb 4-1:0.0 (unnamed net_device) (uninitialized): couldn't initialize controller: -22 [ 329.742956][ T3691] ems_usb: probe of 4-1:0.0 failed with error -22 [ 329.750396][ T3753] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 329.781557][ T3753] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 329.800716][ T6353] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 329.823612][ T6434] loop0: detected capacity change from 0 to 32768 [ 329.843043][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 329.859937][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 329.892735][ T3751] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 329.903455][ T3751] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 329.916610][ T6353] device veth0_vlan entered promiscuous mode [ 329.933807][ T6451] usb 4-1: USB disconnect, device number 2 [ 329.941224][ T3751] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 329.953813][ T3751] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 329.970759][ T6353] device veth1_vlan entered promiscuous mode [ 330.057816][ T6452] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 330.265609][ T6452] usb 5-1: device descriptor read/64, error -71 [ 330.948540][ T48] Bluetooth: hci5: command tx timeout [ 330.950161][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 330.965253][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 331.182939][ T6461] netlink: 'syz.0.879': attribute type 12 has an invalid length. [ 331.271418][ T6452] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 331.380869][ T3753] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 331.398103][ T3753] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 331.408863][ T6353] device veth0_macvtap entered promiscuous mode [ 331.458799][ T6353] device veth1_macvtap entered promiscuous mode [ 331.526010][ T6353] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 331.538281][ T6353] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 331.548609][ T6353] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 331.564435][ T6353] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 331.574742][ T6353] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 331.580115][ T6452] usb 5-1: device descriptor read/64, error -71 [ 331.585611][ T6353] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 331.608758][ T6353] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 331.628996][ T6353] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 331.659645][ T6353] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 331.669761][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 331.678899][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 331.687899][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 331.702951][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 331.722115][ T6353] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 331.735748][ T6452] usb usb5-port1: attempt power cycle [ 331.747425][ T6353] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 331.757767][ T6353] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 331.769785][ T6353] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 331.781362][ T6353] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 331.792218][ T6353] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 331.802856][ T6353] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 331.813552][ T6353] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 331.837829][ T6353] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 331.849044][ T3753] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 331.862473][ T3753] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 331.892224][ T6353] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 331.902686][ T6353] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 331.914384][ T6353] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 331.915516][ T3691] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 331.925997][ T6353] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 332.042483][ T5480] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 332.071579][ T5480] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 332.120590][ T3753] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 332.145674][ T6452] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 332.158095][ T5480] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 332.167172][ T5480] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 332.185619][ T3691] usb 3-1: Using ep0 maxpacket: 32 [ 332.212159][ T3753] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 332.256611][ T6452] usb 5-1: device descriptor read/8, error -71 [ 332.305730][ T3691] usb 3-1: config 0 has no interfaces? [ 332.465839][ T3691] usb 3-1: New USB device found, idVendor=04b4, idProduct=1002, bcdDevice=9c.e2 [ 332.475042][ T3691] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 332.524727][ T3691] usb 3-1: Product: syz [ 332.529328][ T3691] usb 3-1: Manufacturer: syz [ 332.534583][ T3691] usb 3-1: SerialNumber: syz [ 332.546008][ T6452] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 332.558699][ T3691] usb 3-1: config 0 descriptor?? [ 332.635629][ T6452] usb 5-1: device descriptor read/8, error -71 [ 332.673858][ T6479] loop0: detected capacity change from 0 to 1024 [ 332.767285][ T6452] usb usb5-port1: unable to enumerate USB device [ 333.743578][ T6451] usb 3-1: USB disconnect, device number 3 [ 334.107809][ T6491] netlink: 32 bytes leftover after parsing attributes in process `syz.0.885'. [ 335.052300][ T5480] hfsplus: b-tree write err: -5, ino 4 [ 335.973542][ T6508] netlink: 80 bytes leftover after parsing attributes in process `syz.2.894'. [ 336.366673][ T6496] loop1: detected capacity change from 0 to 32768 [ 336.472019][ T6512] netlink: 'syz.3.892': attribute type 12 has an invalid length. [ 337.628918][ T6521] netlink: 104 bytes leftover after parsing attributes in process `syz.2.901'. [ 337.795606][ T3714] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 338.025664][ T3714] usb 1-1: device descriptor read/64, error -71 [ 338.306133][ T3714] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 338.545494][ T3714] usb 1-1: device descriptor read/64, error -71 [ 338.665865][ T3714] usb usb1-port1: attempt power cycle [ 339.115514][ T3714] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 339.215938][ T3714] usb 1-1: device descriptor read/8, error -71 [ 339.495538][ T3714] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 339.605703][ T3714] usb 1-1: device descriptor read/8, error -71 [ 339.735625][ T3714] usb usb1-port1: unable to enumerate USB device [ 339.840795][ T6544] netlink: 80 bytes leftover after parsing attributes in process `syz.1.906'. [ 341.643169][ T6564] netlink: 104 bytes leftover after parsing attributes in process `syz.3.912'. [ 342.747849][ T6550] loop1: detected capacity change from 0 to 32768 [ 343.182879][ T6581] netlink: 'syz.2.914': attribute type 12 has an invalid length. [ 343.570760][ T6585] netlink: 80 bytes leftover after parsing attributes in process `syz.1.919'. [ 343.709017][ T6589] loop4: detected capacity change from 0 to 16 [ 343.773496][ T6589] erofs: (device loop4): mounted with root inode @ nid 36. [ 344.126293][ T6452] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 344.789914][ T6602] erofs: (device loop4): z_erofs_extent_lookback: bogus lookback distance @ nid 36 [ 344.803848][ T6602] erofs: (device loop4): z_erofs_lz4_decompress_mem: failed to decompress -7 in[50, 4046] out[1851] [ 344.815595][ T6602] erofs: (device loop4): z_erofs_read_folio: failed to read, err [-117] [ 344.830265][ T6602] erofs: (device loop4): z_erofs_extent_lookback: bogus lookback distance @ nid 36 [ 344.839714][ T6602] erofs: (device loop4): z_erofs_lz4_decompress_mem: failed to decompress -7 in[50, 4046] out[1851] [ 344.852059][ T6602] erofs: (device loop4): z_erofs_read_folio: failed to read, err [-117] [ 344.935751][ T6452] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 345.061120][ T6452] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 345.085472][ T6452] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 345.094597][ T6452] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 345.118141][ T6452] usb 4-1: config 0 descriptor?? [ 345.621833][ T6609] netlink: 104 bytes leftover after parsing attributes in process `syz.0.928'. [ 345.975880][ T6452] usb 4-1: string descriptor 0 read error: -71 [ 345.983373][ T6452] usb 4-1: USB disconnect, device number 3 [ 346.132919][ T6625] netlink: 80 bytes leftover after parsing attributes in process `syz.1.934'. [ 347.345647][ T6642] netlink: 104 bytes leftover after parsing attributes in process `syz.1.940'. [ 347.529061][ T6643] netlink: 'syz.3.933': attribute type 12 has an invalid length. [ 348.045524][ T6452] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 348.277734][ T6661] netlink: 80 bytes leftover after parsing attributes in process `syz.0.948'. [ 348.400951][ T6667] netlink: 104 bytes leftover after parsing attributes in process `syz.0.951'. [ 348.416465][ T6452] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 349.246098][ T6452] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 349.257613][ T6452] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 349.267061][ T6452] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 349.276937][ T6452] usb 2-1: config 0 descriptor?? [ 349.459448][ T6682] device geneve2 entered promiscuous mode [ 349.846380][ T6693] netlink: 80 bytes leftover after parsing attributes in process `syz.2.961'. [ 349.990349][ T6694] netlink: 'syz.3.959': attribute type 12 has an invalid length. [ 350.095552][ T6452] usb 2-1: string descriptor 0 read error: -71 [ 350.105896][ T6452] usb 2-1: USB disconnect, device number 2 [ 350.161818][ T6699] mmap: syz.2.963 (6699) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 351.560992][ T6710] netlink: 104 bytes leftover after parsing attributes in process `syz.0.966'. [ 352.515974][ T6726] netlink: 80 bytes leftover after parsing attributes in process `syz.3.972'. [ 352.865647][ T7] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 352.949724][ T6746] netlink: 104 bytes leftover after parsing attributes in process `syz.0.979'. [ 353.305843][ T7] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 353.873784][ T7] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 353.893165][ T7] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 353.955790][ T7] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 354.000563][ T7] usb 3-1: config 0 descriptor?? [ 354.542095][ T6767] netlink: 80 bytes leftover after parsing attributes in process `syz.1.987'. [ 354.922578][ T6774] netlink: 'syz.0.982': attribute type 12 has an invalid length. [ 355.841597][ T52] block nbd1: Attempted send on invalid socket [ 355.848398][ T52] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 355.990678][ T6776] efs: cannot read volume header [ 356.045609][ T7] usb 3-1: string descriptor 0 read error: -71 [ 356.070186][ T7] usb 3-1: USB disconnect, device number 4 [ 356.122334][ T6786] netlink: 104 bytes leftover after parsing attributes in process `syz.2.992'. [ 356.429949][ T6792] loop3: detected capacity change from 0 to 1024 [ 357.764191][ T6805] netlink: 80 bytes leftover after parsing attributes in process `syz.3.999'. [ 359.186819][ T6452] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 359.245999][ T6819] netlink: 104 bytes leftover after parsing attributes in process `syz.3.1004'. [ 359.525601][ T3691] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 359.575867][ T6452] usb 2-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config [ 359.601485][ T6452] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21 [ 359.625014][ T6452] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 359.643921][ T6452] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 359.759780][ T6834] netlink: 80 bytes leftover after parsing attributes in process `syz.2.1011'. [ 359.842931][ T6836] loop0: detected capacity change from 0 to 16 [ 359.854697][ T6836] erofs: (device loop0): mounted with root inode @ nid 36. [ 359.863297][ T6452] usb 2-1: config 0 descriptor?? [ 359.976255][ T6452] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 359.986187][ T3691] usb 5-1: Using ep0 maxpacket: 32 [ 360.040527][ T6837] syz.0.1009: attempt to access beyond end of device [ 360.040527][ T6837] loop0: rw=524288, sector=8, nr_sectors = 16 limit=16 [ 360.054899][ T6837] syz.0.1009: attempt to access beyond end of device [ 360.054899][ T6837] loop0: rw=524288, sector=16, nr_sectors = 16 limit=16 [ 360.096726][ T6838] syz.0.1009: attempt to access beyond end of device [ 360.096726][ T6838] loop0: rw=0, sector=8, nr_sectors = 16 limit=16 [ 360.285918][ T3691] usb 5-1: config 0 has no interfaces? [ 360.456451][ T3691] usb 5-1: New USB device found, idVendor=04b4, idProduct=1002, bcdDevice=9c.e2 [ 360.472776][ T3691] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 360.563957][ T3691] usb 5-1: Product: syz [ 360.568366][ T3691] usb 5-1: Manufacturer: syz [ 360.573139][ T3691] usb 5-1: SerialNumber: syz [ 360.582522][ T3691] usb 5-1: config 0 descriptor?? [ 360.614155][ T6835] netlink: 'syz.3.1006': attribute type 12 has an invalid length. [ 360.961866][ T3691] usb 5-1: USB disconnect, device number 15 [ 361.887320][ T6853] netlink: 104 bytes leftover after parsing attributes in process `syz.0.1016'. [ 361.956662][ T3724] usb 2-1: USB disconnect, device number 3 [ 362.005545][ T3655] Bluetooth: hci5: command tx timeout [ 362.026207][ T6855] loop2: detected capacity change from 0 to 1024 [ 362.088653][ T6855] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 363.030701][ T3650] EXT4-fs (loop2): unmounting filesystem. [ 363.308442][ T6879] netlink: 80 bytes leftover after parsing attributes in process `syz.4.1022'. [ 364.617532][ T6900] netlink: 104 bytes leftover after parsing attributes in process `syz.2.1027'. [ 364.835590][ T7] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 364.895483][ T3724] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 365.195489][ T7] usb 5-1: Using ep0 maxpacket: 32 [ 365.355985][ T7] usb 5-1: config 0 has no interfaces? [ 365.426939][ T3724] usb 2-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config [ 365.452518][ T3724] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21 [ 365.494492][ T3724] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 365.526592][ T7] usb 5-1: New USB device found, idVendor=04b4, idProduct=1002, bcdDevice=9c.e2 [ 365.572094][ T7] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 365.607414][ T3724] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 365.664388][ T7] usb 5-1: Product: syz [ 365.706901][ T7] usb 5-1: Manufacturer: syz [ 365.753073][ T3724] usb 2-1: config 0 descriptor?? [ 365.782127][ T6916] netlink: 80 bytes leftover after parsing attributes in process `syz.3.1036'. [ 365.794133][ T7] usb 5-1: SerialNumber: syz [ 365.868342][ T3724] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 365.888213][ T7] usb 5-1: config 0 descriptor?? [ 366.168314][ T7] usb 5-1: USB disconnect, device number 16 [ 366.254078][ T6921] netlink: 'syz.3.1037': attribute type 12 has an invalid length. [ 368.338371][ T6937] netlink: 104 bytes leftover after parsing attributes in process `syz.3.1041'. [ 368.443176][ T3691] usb 2-1: USB disconnect, device number 4 [ 368.514298][ T6942] loop3: detected capacity change from 0 to 1024 [ 368.721657][ T6946] IPVS: stopping backup sync thread 6947 ... [ 369.025567][ T3724] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 369.762955][ T7] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 370.047443][ T6960] netlink: 'syz.0.1051': attribute type 12 has an invalid length. [ 370.087453][ T7] usb 3-1: Using ep0 maxpacket: 32 [ 370.095868][ T3724] usb 2-1: Using ep0 maxpacket: 8 [ 370.606894][ T7] usb 3-1: config 0 has no interfaces? [ 370.875999][ T3724] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 370.905614][ T3724] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 370.915747][ T3724] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 370.926216][ T7] usb 3-1: New USB device found, idVendor=04b4, idProduct=1002, bcdDevice=9c.e2 [ 370.935822][ T3724] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 370.949413][ T7] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 370.957801][ T7] usb 3-1: Product: syz [ 370.963130][ T3724] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 371.040475][ T7] usb 3-1: Manufacturer: syz [ 371.045233][ T7] usb 3-1: SerialNumber: syz [ 371.049985][ T3724] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 371.059708][ T7] usb 3-1: config 0 descriptor?? [ 371.605247][ T6973] netlink: 104 bytes leftover after parsing attributes in process `syz.3.1055'. [ 371.616631][ T3724] usb 2-1: GET_CAPABILITIES returned 0 [ 371.622205][ T3724] usbtmc 2-1:16.0: can't read capabilities [ 371.644669][ T3724] usb 3-1: USB disconnect, device number 5 [ 372.417371][ T3691] usb 2-1: USB disconnect, device number 5 [ 372.463604][ T6982] loop4: detected capacity change from 0 to 1024 [ 375.156392][ T7002] netlink: 'syz.4.1064': attribute type 12 has an invalid length. [ 375.863198][ T7009] netlink: 104 bytes leftover after parsing attributes in process `syz.3.1066'. [ 377.155447][ T3724] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 377.303749][ T7021] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1071'. [ 377.415533][ T3724] usb 1-1: Using ep0 maxpacket: 16 [ 377.545663][ T3724] usb 1-1: config 9 has an invalid interface number: 60 but max is 0 [ 377.564237][ T3724] usb 1-1: config 9 has no interface number 0 [ 377.570606][ T3724] usb 1-1: config 9 interface 60 has no altsetting 0 [ 377.625866][ T7] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 377.745637][ T3724] usb 1-1: New USB device found, idVendor=06cd, idProduct=0104, bcdDevice=f3.14 [ 377.773442][ T3724] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 377.788045][ T3724] usb 1-1: Product: syz [ 377.792422][ T3724] usb 1-1: Manufacturer: syz [ 377.799480][ T3724] usb 1-1: SerialNumber: syz [ 378.557258][ T7] usb 2-1: Using ep0 maxpacket: 32 [ 378.567828][ T1271] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.574237][ T1271] ieee802154 phy1 wpan1: encryption failed: -22 [ 378.636640][ T3724] keyspan_pda 1-1:9.60: required endpoints missing [ 378.649420][ T3724] usb 1-1: USB disconnect, device number 12 [ 378.675582][ T7] usb 2-1: config 0 has no interfaces? [ 378.846062][ T7] usb 2-1: New USB device found, idVendor=04b4, idProduct=1002, bcdDevice=9c.e2 [ 378.886273][ T7] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 378.933879][ T7] usb 2-1: Product: syz [ 378.952950][ T7] usb 2-1: Manufacturer: syz [ 378.970182][ T7] usb 2-1: SerialNumber: syz [ 378.996822][ T7] usb 2-1: config 0 descriptor?? [ 379.263649][ T7] usb 2-1: USB disconnect, device number 6 [ 380.407221][ T7043] netlink: 'syz.4.1078': attribute type 12 has an invalid length. [ 380.773216][ T7029] loop3: detected capacity change from 0 to 32768 [ 383.785470][ T6452] usb 4-1: new full-speed USB device number 4 using dummy_hcd [ 384.812891][ T7059] loop0: detected capacity change from 0 to 32768 [ 384.849780][ T26] audit: type=1800 audit(1725120202.501:105): pid=7059 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1084" name="bus" dev="loop0" ino=7 res=0 errno=0 [ 384.895675][ T6452] usb 4-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.32 [ 384.915468][ T7] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 384.931631][ T6452] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 384.961222][ T6452] usb 4-1: config 0 descriptor?? [ 385.026830][ T6452] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state. [ 385.165463][ T7] usb 3-1: Using ep0 maxpacket: 32 [ 385.291181][ T7] usb 3-1: config 0 has no interfaces? [ 385.626003][ T7] usb 3-1: New USB device found, idVendor=04b4, idProduct=1002, bcdDevice=9c.e2 [ 385.641421][ T7] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 385.649728][ T7] usb 3-1: Product: syz [ 385.654155][ T7] usb 3-1: Manufacturer: syz [ 385.658979][ T7] usb 3-1: SerialNumber: syz [ 386.127630][ T3714] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 386.200822][ T6452] gp8psk: usb out operation failed. [ 386.207790][ T7] usb 3-1: config 0 descriptor?? [ 386.229457][ T6452] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter) [ 386.369156][ T6452] dvb-usb: Genpix SkyWalker-1 DVB-S receiver error while loading driver (-19) [ 386.380158][ T6452] usb 4-1: USB disconnect, device number 4 [ 386.675596][ T3714] usb 2-1: Using ep0 maxpacket: 8 [ 386.688997][ T152] usb 3-1: USB disconnect, device number 6 [ 386.779100][ T7099] netlink: 'syz.4.1095': attribute type 12 has an invalid length. [ 386.795917][ T3714] usb 2-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 386.809955][ T3714] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 386.824306][ T3714] usb 2-1: config 0 descriptor?? [ 387.163205][ T7112] netdevsim0 speed is unknown, defaulting to 1000 [ 387.170282][ T7112] netdevsim0 speed is unknown, defaulting to 1000 [ 387.179123][ T7112] netdevsim0 speed is unknown, defaulting to 1000 [ 387.190052][ T7112] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 387.202497][ T7112] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 387.229225][ T7112] netdevsim0 speed is unknown, defaulting to 1000 [ 387.237842][ T7112] netdevsim0 speed is unknown, defaulting to 1000 [ 387.245790][ T7112] netdevsim0 speed is unknown, defaulting to 1000 [ 387.252892][ T7112] netdevsim0 speed is unknown, defaulting to 1000 [ 387.260270][ T7112] netdevsim0 speed is unknown, defaulting to 1000 [ 387.267492][ T7112] netdevsim0 speed is unknown, defaulting to 1000 [ 387.526329][ T3714] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 387.675242][ T3714] asix: probe of 2-1:0.0 failed with error -71 [ 387.696533][ T3714] usb 2-1: USB disconnect, device number 7 [ 390.247025][ T7139] loop3: detected capacity change from 0 to 2048 [ 390.344028][ T7146] loop4: detected capacity change from 0 to 16 [ 390.351645][ T7146] erofs: (device loop4): mounted with root inode @ nid 36. [ 390.368741][ T7139] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 390.785481][ T152] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 391.009144][ T7150] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 391.025289][ T7150] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 10 with max blocks 1 with error 28 [ 391.038848][ T7150] EXT4-fs (loop3): This should not happen!! Data will be lost [ 391.038848][ T7150] [ 391.048653][ T7150] EXT4-fs (loop3): Total free blocks count 0 [ 391.054691][ T7150] EXT4-fs (loop3): Free/Dirty block details [ 391.060772][ T7150] EXT4-fs (loop3): free_blocks=2415919104 [ 391.066676][ T7150] EXT4-fs (loop3): dirty_blocks=16 [ 391.071912][ T7150] EXT4-fs (loop3): Block reservation details [ 391.078007][ T7150] EXT4-fs (loop3): i_reserved_data_blocks=1 [ 391.164731][ T7151] syz.4.1109: attempt to access beyond end of device [ 391.164731][ T7151] loop4: rw=524288, sector=8, nr_sectors = 16 limit=16 [ 391.245538][ T152] usb 2-1: Using ep0 maxpacket: 32 [ 391.293442][ T3748] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 391.357299][ T7151] syz.4.1109: attempt to access beyond end of device [ 391.357299][ T7151] loop4: rw=524288, sector=16, nr_sectors = 16 limit=16 [ 391.371948][ T152] usb 2-1: config 0 has no interfaces? [ 391.545763][ T152] usb 2-1: New USB device found, idVendor=04b4, idProduct=1002, bcdDevice=9c.e2 [ 391.585559][ T152] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 392.482322][ T152] usb 2-1: Product: syz [ 392.486972][ T152] usb 2-1: Manufacturer: syz [ 392.491609][ T152] usb 2-1: SerialNumber: syz [ 392.508719][ T152] usb 2-1: config 0 descriptor?? [ 392.759591][ T7] usb 2-1: USB disconnect, device number 8 [ 392.796422][ T7165] loop3: detected capacity change from 0 to 512 [ 392.853559][ T7165] EXT4-fs error (device loop3): ext4_orphan_get:1396: inode #15: comm syz.3.1115: casefold flag without casefold feature [ 392.966535][ T7167] netlink: 'syz.4.1114': attribute type 12 has an invalid length. [ 393.063892][ T7165] EXT4-fs error (device loop3): ext4_xattr_inode_iget:404: inode #12: comm syz.3.1115: missing EA_INODE flag [ 393.427902][ T7165] EXT4-fs error (device loop3): ext4_xattr_inode_iget:409: comm syz.3.1115: error while reading EA inode 12 err=-117 [ 393.512276][ T7165] EXT4-fs (loop3): 1 orphan inode deleted [ 393.519277][ T7165] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 393.683210][ T26] audit: type=1800 audit(1725120211.331:106): pid=7168 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1115" name="file0" dev="loop3" ino=15 res=0 errno=0 [ 394.391731][ T7161] loop0: detected capacity change from 0 to 32768 [ 394.424453][ T7174] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 394.435971][ T26] audit: type=1800 audit(1725120212.091:107): pid=7161 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1113" name="bus" dev="loop0" ino=7 res=0 errno=0 [ 394.521815][ T7161] ERROR: (device loop0): dbAlloc: the hint is outside the map [ 394.521815][ T7161] [ 394.681337][ T7161] ERROR: (device loop0): remounting filesystem as read-only [ 395.585572][ T7161] ialloc: diAlloc returned -5! [ 395.614518][ T3640] EXT4-fs (loop3): unmounting filesystem. [ 396.994340][ T7204] netdevsim0 speed is unknown, defaulting to 1000 [ 398.104651][ T7211] netlink: 'syz.1.1126': attribute type 12 has an invalid length. [ 398.303951][ T7220] netlink: 'syz.4.1129': attribute type 10 has an invalid length. [ 398.344314][ T7220] batman_adv: batadv0: Adding interface: team0 [ 398.355903][ T7220] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 398.426279][ T7220] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 400.603062][ T7238] loop4: detected capacity change from 0 to 2048 [ 400.722367][ T7238] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 400.771638][ T7238] ext4 filesystem being mounted at /223/bus supports timestamps until 2038 (0x7fffffff) [ 401.632449][ T3648] EXT4-fs (loop4): unmounting filesystem. [ 404.203872][ T7275] netlink: 'syz.3.1143': attribute type 12 has an invalid length. [ 410.079892][ T7331] netlink: 'syz.1.1161': attribute type 12 has an invalid length. [ 410.209319][ T3655] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 410.220368][ T3655] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 410.229764][ T3655] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 410.238999][ T3655] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 410.247067][ T3655] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 410.251605][ T7335] loop3: detected capacity change from 0 to 2048 [ 410.270064][ T3655] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 410.299533][ T7335] EXT4-fs: Ignoring removed i_version option [ 410.416862][ T7335] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 412.062432][ T7345] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm ext4lazyinit: bg 0: block 234: padding at end of block bitmap is not set [ 412.088120][ T7334] netdevsim0 speed is unknown, defaulting to 1000 [ 412.295328][ T9] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 104 with error 28 [ 412.322280][ T3687] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 412.333966][ T48] Bluetooth: hci6: command tx timeout [ 412.352468][ T9] EXT4-fs (loop3): This should not happen!! Data will be lost [ 412.352468][ T9] [ 412.365521][ T9] EXT4-fs (loop3): Total free blocks count 0 [ 412.378817][ T9] EXT4-fs (loop3): Free/Dirty block details [ 412.390450][ T9] EXT4-fs (loop3): free_blocks=0 [ 412.402864][ T9] EXT4-fs (loop3): dirty_blocks=112 [ 412.408454][ T9] EXT4-fs (loop3): Block reservation details [ 412.414558][ T9] EXT4-fs (loop3): i_reserved_data_blocks=7 [ 412.448063][ T3640] EXT4-fs (loop3): unmounting filesystem. [ 412.624351][ T3687] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 413.852061][ T3687] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 414.455622][ T48] Bluetooth: hci6: command tx timeout [ 414.786053][ T3687] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 415.067175][ T7334] chnl_net:caif_netlink_parms(): no params data found [ 415.165612][ T6452] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 415.385609][ T6452] usb 2-1: device descriptor read/64, error -71 [ 415.460778][ T7334] bridge0: port 1(bridge_slave_0) entered blocking state [ 415.469090][ T7334] bridge0: port 1(bridge_slave_0) entered disabled state [ 415.991096][ T7334] device bridge_slave_0 entered promiscuous mode [ 416.450224][ T6452] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 416.485480][ T48] Bluetooth: hci6: command tx timeout [ 416.735540][ T6452] usb 2-1: device descriptor read/64, error -71 [ 417.394346][ T7334] bridge0: port 2(bridge_slave_1) entered blocking state [ 417.553276][ T7334] bridge0: port 2(bridge_slave_1) entered disabled state [ 417.554640][ T6452] usb usb2-port1: attempt power cycle [ 417.563652][ T7334] device bridge_slave_1 entered promiscuous mode [ 418.258557][ T7334] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 418.294161][ T7334] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 418.632174][ T7334] team0: Port device team_slave_0 added [ 418.662257][ T7334] team0: Port device team_slave_1 added [ 418.759064][ T7334] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 418.792842][ T7334] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 418.863102][ T7334] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 418.871058][ T48] Bluetooth: hci6: command tx timeout [ 419.056198][ T7334] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 419.063398][ T7334] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 419.089336][ C0] vkms_vblank_simulate: vblank timer overrun [ 419.350730][ T7334] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 422.144217][ T7334] device hsr_slave_0 entered promiscuous mode [ 422.364726][ T7334] device hsr_slave_1 entered promiscuous mode [ 422.418496][ T7334] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 422.446161][ T7418] loop3: detected capacity change from 0 to 128 [ 422.475547][ T7334] Cannot create hsr debugfs directory [ 423.201188][ T3655] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 423.212907][ T3655] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 423.222987][ T3655] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 423.706465][ T3652] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 423.715846][ T3652] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 423.725892][ T3652] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 423.884445][ T7419] netdevsim0 speed is unknown, defaulting to 1000 [ 425.626259][ T3687] device hsr_slave_0 left promiscuous mode [ 425.643076][ T3687] device hsr_slave_1 left promiscuous mode [ 425.686494][ T7437] netlink: 104 bytes leftover after parsing attributes in process `syz.1.1187'. [ 425.701099][ T3687] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 425.719062][ T3687] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 425.741082][ T3687] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 425.762457][ T3687] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 425.769901][ T48] Bluetooth: hci2: command tx timeout [ 425.786508][ T3687] device bridge_slave_1 left promiscuous mode [ 425.803036][ T3687] bridge0: port 2(bridge_slave_1) entered disabled state [ 425.828596][ T3652] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 425.839812][ T3652] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 425.849447][ T3687] device bridge_slave_0 left promiscuous mode [ 425.855751][ T3652] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 425.865596][ T3652] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 425.876739][ T3652] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 425.884219][ T3652] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 425.892102][ T3687] bridge0: port 1(bridge_slave_0) entered disabled state [ 425.914425][ T7426] loop3: detected capacity change from 0 to 32768 [ 425.995020][ T3687] device veth1_macvtap left promiscuous mode [ 426.019143][ T7426] overlayfs: upper fs needs to support d_type. [ 426.029679][ T3687] device veth0_macvtap left promiscuous mode [ 426.040540][ T3687] device veth1_vlan left promiscuous mode [ 426.047707][ T7426] overlayfs: upper fs does not support tmpfile. [ 426.061872][ T3687] device veth0_vlan left promiscuous mode [ 426.092009][ T7426] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 426.259831][ T7441] loop1: detected capacity change from 0 to 32768 [ 426.279254][ T7441] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 scanned by syz.1.1188 (7441) [ 426.305294][ T7441] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 426.324870][ T7441] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 426.333652][ T7441] BTRFS info (device loop1): using free space tree [ 426.485835][ T7441] BTRFS info (device loop1): enabling ssd optimizations [ 426.603105][ T7441] BTRFS info (device loop1): balance: start -f -d -m [ 426.714009][ T7441] BTRFS info (device loop1): relocating block group 6881280 flags data|metadata [ 426.941203][ T7441] BTRFS info (device loop1): relocating block group 5242880 flags data|metadata [ 427.024300][ T7441] BTRFS info (device loop1): balance: canceled [ 427.044977][ T3687] team0 (unregistering): Port device team_slave_1 removed [ 427.104777][ T6353] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 427.119287][ T3687] team0 (unregistering): Port device team_slave_0 removed [ 427.212439][ T3687] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 427.398876][ T3687] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 427.847247][ T3652] Bluetooth: hci2: command tx timeout [ 427.937182][ T3652] Bluetooth: hci3: command tx timeout [ 428.902866][ T3687] bond0 (unregistering): Released all slaves [ 429.004334][ T7419] chnl_net:caif_netlink_parms(): no params data found [ 429.195232][ T7438] netdevsim0 speed is unknown, defaulting to 1000 [ 429.277176][ T4964] syz-executor (4964) used greatest stack depth: 18984 bytes left [ 429.430610][ T7419] bridge0: port 1(bridge_slave_0) entered blocking state [ 429.440164][ T7419] bridge0: port 1(bridge_slave_0) entered disabled state [ 429.449489][ T7419] device bridge_slave_0 entered promiscuous mode [ 429.465051][ T7419] bridge0: port 2(bridge_slave_1) entered blocking state [ 429.482445][ T7419] bridge0: port 2(bridge_slave_1) entered disabled state [ 429.492877][ T7419] device bridge_slave_1 entered promiscuous mode [ 429.612150][ T7334] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 429.647659][ T7419] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 429.695286][ T7334] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 429.713856][ T7419] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 429.756897][ T7334] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 429.794041][ T7334] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 429.829128][ T7438] chnl_net:caif_netlink_parms(): no params data found [ 429.899350][ T7419] team0: Port device team_slave_0 added [ 429.914611][ T7419] team0: Port device team_slave_1 added [ 429.925885][ T3652] Bluetooth: hci2: command tx timeout [ 430.005532][ T3652] Bluetooth: hci3: command tx timeout [ 430.356557][ T7419] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 430.363649][ T7419] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 430.425486][ T7419] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 430.440728][ T7438] bridge0: port 1(bridge_slave_0) entered blocking state [ 430.451959][ T7438] bridge0: port 1(bridge_slave_0) entered disabled state [ 430.468574][ T48] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 430.469482][ T7438] device bridge_slave_0 entered promiscuous mode [ 430.481351][ T48] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 430.492096][ T48] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 430.497326][ T7419] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 430.500286][ T48] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 430.514077][ T48] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 430.515883][ T7419] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 430.523525][ T3655] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 430.555282][ T7419] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 430.621781][ T3687] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 430.635594][ T7438] bridge0: port 2(bridge_slave_1) entered blocking state [ 430.642780][ T7438] bridge0: port 2(bridge_slave_1) entered disabled state [ 430.652516][ T7438] device bridge_slave_1 entered promiscuous mode [ 430.715742][ T6452] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 430.718852][ T3687] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 430.746340][ T7438] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 430.760255][ T7438] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 430.833890][ T3687] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 430.861204][ T7419] device hsr_slave_0 entered promiscuous mode [ 430.870771][ T7419] device hsr_slave_1 entered promiscuous mode [ 430.877879][ T7419] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 430.885692][ T7419] Cannot create hsr debugfs directory [ 430.892797][ T7484] netdevsim0 speed is unknown, defaulting to 1000 [ 430.922938][ T7438] team0: Port device team_slave_0 added [ 430.948712][ T3687] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 430.981181][ T7438] team0: Port device team_slave_1 added [ 430.989375][ T7] netdevsim0 speed is unknown, defaulting to 1000 [ 431.012301][ T7] ================================================================== [ 431.020422][ T7] BUG: KASAN: use-after-free in siw_query_port+0x342/0x430 [ 431.027682][ T7] Read of size 4 at addr ffff88802428c0e0 by task kworker/0:0/7 [ 431.029490][ T7334] 8021q: adding VLAN 0 to HW filter on device bond0 [ 431.035325][ T7] [ 431.035349][ T7] CPU: 0 PID: 7 Comm: kworker/0:0 Not tainted 6.1.107-syzkaller #0 [ 431.035371][ T7] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 431.035385][ T7] Workqueue: infiniband ib_cache_event_task [ 431.035418][ T7] Call Trace: [ 431.035431][ T7] [ 431.035439][ T7] dump_stack_lvl+0x1e3/0x2cb [ 431.079259][ T7] ? nf_tcp_handle_invalid+0x642/0x642 [ 431.084762][ T7] ? panic+0x764/0x764 [ 431.085779][ T6452] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 431.088846][ T7] ? _printk+0xd1/0x111 [ 431.088875][ T7] ? __virt_addr_valid+0x17f/0x530 [ 431.109022][ T7] ? __virt_addr_valid+0x17f/0x530 [ 431.114263][ T7] print_report+0x15f/0x4f0 [ 431.118798][ T7] ? __virt_addr_valid+0x17f/0x530 [ 431.123950][ T7] ? __virt_addr_valid+0x17f/0x530 [ 431.129100][ T7] ? __virt_addr_valid+0x45b/0x530 [ 431.130430][ T6452] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 431.134250][ T7] ? __phys_addr+0xb6/0x170 [ 431.148573][ T7] ? siw_query_port+0x342/0x430 [ 431.153460][ T7] kasan_report+0x136/0x160 [ 431.157993][ T7] ? siw_query_port+0x342/0x430 [ 431.162871][ T7] siw_query_port+0x342/0x430 [ 431.167568][ T7] ? ib_query_port+0x344/0x7c0 [ 431.172386][ T7] ib_cache_update+0x1a8/0xaf0 [ 431.177196][ T7] ? ib_cache_setup_one+0x5a0/0x5a0 [ 431.182438][ T7] ? read_lock_is_recursive+0x10/0x10 [ 431.185638][ T6452] usb 2-1: New USB device found, idVendor=1e7d, idProduct=30d4, bcdDevice= 0.00 [ 431.187918][ T7] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 431.203026][ T7] ? print_irqtrace_events+0x210/0x210 [ 431.208533][ T7] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 431.214466][ T7] ib_cache_event_task+0xef/0x1e0 [ 431.219525][ T7] ? process_one_work+0x7a9/0x11d0 [ 431.224662][ T7] process_one_work+0x8a9/0x11d0 [ 431.229640][ T7] ? worker_detach_from_pool+0x260/0x260 [ 431.235312][ T7] ? _raw_spin_lock_irqsave+0x120/0x120 [ 431.235602][ T6452] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 431.240867][ T7] ? kthread_data+0x4e/0xc0 [ 431.253376][ T7] ? wq_worker_running+0x97/0x190 [ 431.258442][ T7] worker_thread+0xa47/0x1200 [ 431.263166][ T7] kthread+0x28d/0x320 [ 431.267260][ T7] ? worker_clr_flags+0x190/0x190 [ 431.272324][ T7] ? kthread_blkcg+0xd0/0xd0 [ 431.276952][ T7] ret_from_fork+0x1f/0x30 [ 431.281417][ T7] [ 431.284484][ T7] [ 431.286841][ T7] Allocated by task 3640: [ 431.291178][ T7] kasan_set_track+0x4b/0x70 [ 431.295778][ T7] __kasan_kmalloc+0x97/0xb0 [ 431.300445][ T7] __kmalloc_node+0xb3/0x230 [ 431.305027][ T7] kvmalloc_node+0x6e/0x180 [ 431.309538][ T7] alloc_netdev_mqs+0x85/0xeb0 [ 431.314320][ T7] nsim_create+0x78/0x3f0 [ 431.318656][ T7] __nsim_dev_port_add+0x6ba/0xb10 [ 431.323776][ T7] nsim_dev_port_add_all+0x33/0xe0 [ 431.328903][ T7] nsim_drv_probe+0x80e/0xb20 [ 431.333586][ T7] really_probe+0x2ab/0xcb0 [ 431.338096][ T7] __driver_probe_device+0x1a2/0x3d0 [ 431.343392][ T7] driver_probe_device+0x50/0x420 [ 431.348448][ T7] __device_attach_driver+0x2cf/0x510 [ 431.353831][ T7] bus_for_each_drv+0x183/0x200 [ 431.358697][ T7] __device_attach+0x359/0x570 [ 431.363501][ T7] bus_probe_device+0xba/0x1e0 [ 431.368283][ T7] device_add+0xb48/0xfd0 [ 431.372639][ T7] new_device_store+0x3e5/0x800 [ 431.377596][ T7] kernfs_fop_write_iter+0x3a2/0x4f0 [ 431.382894][ T7] vfs_write+0x857/0xbc0 [ 431.387138][ T7] ksys_write+0x19c/0x2c0 [ 431.391464][ T7] do_syscall_64+0x3b/0xb0 [ 431.395903][ T7] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 431.401832][ T7] [ 431.404158][ T7] Freed by task 3687: [ 431.408133][ T7] kasan_set_track+0x4b/0x70 [ 431.412734][ T7] kasan_save_free_info+0x27/0x40 [ 431.417763][ T7] ____kasan_slab_free+0xd6/0x120 [ 431.422854][ T7] __kmem_cache_free+0x25c/0x3c0 [ 431.427797][ T7] device_release+0x91/0x1c0 [ 431.432392][ T7] kobject_put+0x224/0x460 [ 431.436899][ T7] __nsim_dev_port_del+0x153/0x1b0 [ 431.442020][ T7] nsim_dev_reload_destroy+0x286/0x490 [ 431.447501][ T7] nsim_dev_reload_down+0x94/0xc0 [ 431.452531][ T7] devlink_reload+0x1eb/0x6a0 [ 431.457215][ T7] devlink_pernet_pre_exit+0x14e/0x2c0 [ 431.462695][ T7] cleanup_net+0x59c/0xb60 [ 431.467145][ T7] process_one_work+0x8a9/0x11d0 [ 431.472099][ T7] worker_thread+0xa47/0x1200 [ 431.476783][ T7] kthread+0x28d/0x320 [ 431.480851][ T7] ret_from_fork+0x1f/0x30 [ 431.485292][ T7] [ 431.487621][ T7] The buggy address belongs to the object at ffff88802428c000 [ 431.487621][ T7] which belongs to the cache kmalloc-cg-8k of size 8192 [ 431.501937][ T7] The buggy address is located 224 bytes inside of [ 431.501937][ T7] 8192-byte region [ffff88802428c000, ffff88802428e000) [ 431.515303][ T7] [ 431.517627][ T7] The buggy address belongs to the physical page: [ 431.524075][ T7] page:ffffea000090a200 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x24288 [ 431.534247][ T7] head:ffffea000090a200 order:3 compound_mapcount:0 compound_pincount:0 [ 431.542575][ T7] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 431.550570][ T7] raw: 00fff00000010200 0000000000000000 dead000000000001 ffff888017c4c3c0 [ 431.559242][ T7] raw: 0000000000000000 0000000000020002 00000001ffffffff 0000000000000000 [ 431.567822][ T7] page dumped because: kasan: bad access detected [ 431.574245][ T7] page_owner tracks the page as allocated [ 431.579952][ T7] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd60c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_RETRY_MAYFAIL|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 3639, tgid 3639 (syz-executor), ts 74823734647, free_ts 74728646730 [ 431.603074][ T7] post_alloc_hook+0x18d/0x1b0 [ 431.607842][ T7] get_page_from_freelist+0x322e/0x33b0 [ 431.613390][ T7] __alloc_pages+0x28d/0x770 [ 431.617980][ T7] alloc_slab_page+0x6a/0x150 [ 431.622680][ T7] new_slab+0x84/0x2d0 [ 431.626772][ T7] ___slab_alloc+0xc20/0x1270 [ 431.631542][ T7] __kmem_cache_alloc_node+0x19f/0x260 [ 431.637007][ T7] __kmalloc_node+0xa2/0x230 [ 431.641599][ T7] kvmalloc_node+0x6e/0x180 [ 431.646105][ T7] alloc_netdev_mqs+0x85/0xeb0 [ 431.650878][ T7] nsim_create+0x78/0x3f0 [ 431.655231][ T7] __nsim_dev_port_add+0x6ba/0xb10 [ 431.660352][ T7] nsim_dev_port_add_all+0x33/0xe0 [ 431.665469][ T7] nsim_drv_probe+0x80e/0xb20 [ 431.670150][ T7] really_probe+0x2ab/0xcb0 [ 431.674683][ T7] __driver_probe_device+0x1a2/0x3d0 [ 431.679974][ T7] page last free stack trace: [ 431.684647][ T7] free_unref_page_prepare+0xf63/0x1120 [ 431.690196][ T7] free_unref_page+0x33/0x3e0 [ 431.694873][ T7] __unfreeze_partials+0x1b7/0x210 [ 431.699992][ T7] put_cpu_partial+0x17b/0x250 [ 431.704765][ T7] qlist_free_all+0x76/0xe0 [ 431.709273][ T7] kasan_quarantine_reduce+0x156/0x170 [ 431.714736][ T7] __kasan_slab_alloc+0x1f/0x70 [ 431.719590][ T7] slab_post_alloc_hook+0x52/0x3a0 [ 431.724705][ T7] kmem_cache_alloc+0x10c/0x2d0 [ 431.729561][ T7] fib_table_insert+0x600/0x1f20 [ 431.734505][ T7] fib_add_ifaddr+0xc24/0x1730 [ 431.739271][ T7] fib_netdev_event+0x620/0x730 [ 431.744122][ T7] raw_notifier_call_chain+0xd0/0x170 [ 431.749496][ T7] __dev_notify_flags+0x304/0x610 [ 431.754525][ T7] dev_change_flags+0xe7/0x190 [ 431.759292][ T7] do_setlink+0xcf4/0x3de0 [ 431.763739][ T7] [ 431.766065][ T7] Memory state around the buggy address: [ 431.771703][ T7] ffff88802428bf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 431.779784][ T7] ffff88802428c000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 431.787844][ T7] >ffff88802428c080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 431.795919][ T7] ^ [ 431.803132][ T7] ffff88802428c100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 431.811197][ T7] ffff88802428c180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 431.819257][ T7] ================================================================== [ 431.852225][ T7] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 431.859486][ T7] CPU: 0 PID: 7 Comm: kworker/0:0 Not tainted 6.1.107-syzkaller #0 [ 431.867404][ T7] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 431.877578][ T7] Workqueue: infiniband ib_cache_event_task [ 431.883534][ T7] Call Trace: [ 431.886838][ T7] [ 431.889795][ T7] dump_stack_lvl+0x1e3/0x2cb [ 431.894508][ T7] ? nf_tcp_handle_invalid+0x642/0x642 [ 431.896473][ T6452] usb 2-1: config 0 descriptor?? [ 431.904938][ T7] ? panic+0x764/0x764 [ 431.909039][ T7] ? preempt_schedule_common+0xa6/0xd0 [ 431.914556][ T7] ? vscnprintf+0x59/0x80 [ 431.918914][ T7] panic+0x318/0x764 [ 431.922845][ T7] ? check_panic_on_warn+0x1d/0xa0 [ 431.927993][ T7] ? memcpy_page_flushcache+0xfc/0xfc [ 431.933399][ T7] ? _raw_spin_unlock_irqrestore+0x128/0x130 [ 431.939417][ T7] ? _raw_spin_unlock+0x40/0x40 [ 431.944295][ T7] ? print_report+0x4a3/0x4f0 [ 431.949027][ T7] check_panic_on_warn+0x7e/0xa0 [ 431.953998][ T7] ? siw_query_port+0x342/0x430 [ 431.958876][ T7] end_report+0x66/0x110 [ 431.963145][ T7] kasan_report+0x143/0x160 [ 431.967722][ T7] ? siw_query_port+0x342/0x430 [ 431.972612][ T7] siw_query_port+0x342/0x430 [ 431.977318][ T7] ? ib_query_port+0x344/0x7c0 [ 431.982110][ T7] ib_cache_update+0x1a8/0xaf0 [ 431.986901][ T7] ? ib_cache_setup_one+0x5a0/0x5a0 [ 431.992127][ T7] ? read_lock_is_recursive+0x10/0x10 [ 431.997530][ T7] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 432.003541][ T7] ? print_irqtrace_events+0x210/0x210 [ 432.009028][ T7] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 432.014948][ T7] ib_cache_event_task+0xef/0x1e0 [ 432.019998][ T7] ? process_one_work+0x7a9/0x11d0 [ 432.025129][ T7] process_one_work+0x8a9/0x11d0 [ 432.030101][ T7] ? worker_detach_from_pool+0x260/0x260 [ 432.035770][ T7] ? _raw_spin_lock_irqsave+0x120/0x120 [ 432.041357][ T7] ? kthread_data+0x4e/0xc0 [ 432.045957][ T7] ? wq_worker_running+0x97/0x190 [ 432.051005][ T7] worker_thread+0xa47/0x1200 [ 432.055697][ T7] kthread+0x28d/0x320 [ 432.059783][ T7] ? worker_clr_flags+0x190/0x190 [ 432.064801][ T7] ? kthread_blkcg+0xd0/0xd0 [ 432.069385][ T7] ret_from_fork+0x1f/0x30 [ 432.073910][ T7] [ 432.077233][ T7] Kernel Offset: disabled [ 432.081582][ T7] Rebooting in 86400 seconds..