last executing test programs: 11.430217473s ago: executing program 1 (id=2625): syz_emit_ethernet(0xc6, &(0x7f0000000340)={@broadcast, @empty, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0xb8, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote}, @dest_unreach={0x5, 0x0, 0x0, 0x0, 0x0, 0x0, {0x27, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @local, {[@lsrr={0x83, 0x3}, @ssrr={0x89, 0x7, 0x6e, [@empty]}, @timestamp_prespec={0x44, 0xc, 0x0, 0x3, 0x0, [{@loopback=0x7f00002f}]}, @ssrr={0x89, 0xf, 0x0, [@private, @broadcast, @broadcast]}, @timestamp_addr={0x44, 0x4c, 0x0, 0x1, 0x0, [{@initdev={0xac, 0x1e, 0x0, 0x0}}, {@private}, {}, {@local}, {@loopback}, {@private}, {@multicast2}, {@broadcast}, {@broadcast}]}, @timestamp={0x44, 0x14, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0]}]}}}}}}}, 0x0) 11.410019594s ago: executing program 1 (id=2627): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c012500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000800000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x8, 0x8}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) syz_clone(0xc000000, 0x0, 0x0, 0x0, 0x0, 0x0) 11.0836138s ago: executing program 1 (id=2628): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000280)=ANY=[@ANYBLOB="020300020c0000002abd70000000000002000800080000006d0000000000000003000600000000000200000000000000000000000000000002000100000000000000080000000000030005000000000002"], 0x60}, 0x1, 0x7}, 0x0) 10.817563891s ago: executing program 1 (id=2632): sched_setscheduler(0x0, 0x1, 0x0) getpid() r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r0}, 0x10) syz_mount_image$bcachefs(&(0x7f0000002040), &(0x7f00000000c0)='./file1\x00', 0x0, &(0x7f0000000040)=ANY=[@ANYRESOCT], 0x1, 0x5b34, &(0x7f000000ac40)="$eJzs3Q2MHNWdIPCq7hm7x2ObMQngmA8PYHyGCzDG5ACLKAOnALnEhEBikkCwHTw2Q/wBnnEMTogNUkhEOM7SnRIuUhBCicQJIXKLNpuPjUy0hGjDRrGUZU12N0sEiTbsijgikHgxilczXdUzXdOvq6a7xzHw+8me6qp5/X/v/+pNTdXrmu4IAACAt4SnPj/yhysXvffHdw29uuuK726+M+otj2+vpAX6kuVtf64WciTN7lo4vsyOiz2Ds556z70fePZrn/jG8y8sWLb86zdfdujWuavuuWfwZxcc+smf7siLm46nMyfW45fiKDr5p8u+fPcPnz5hbFscRVE57tsdRQvi0g8WxOlzu5Lla1EUra+1sz7+46+u2DC23P2l2XXbj8m0w3h/a6sk4+wL39960m/OuezZvT+/9NWBymvbdk8UiSuTxlMUzV87+fndURT1JP/HpKNtYfrkZHlVFEVzJj3vwpx2nVaw/WcH1hcly1nJsjcnTvr9UzPr3QXb0ZVZVgo+r1WlGY6fSvff3BmuPw5sT+tZkCy/lSzPnGb8cvo/jkpx1FWrblM8MUaiSfstjuLxfT+xXqobC3FmbMRRFGfWS5n1cncmr/F6k4FWjuP67Wm5zPb+ZHtXsv3UnLF2TWD7O9J8kx/Ug5n8s0F7pzyo5TUubdcvm7TlSChNOgY12p62t5LsjN5kW2987JTnHG4g/d7qF+577PmdDyzpC7Qj/macxI9biv/M5ov2L935iwMLQ/HXlpL4pZbij5zz8qMvXv2jE4Lx96Txyy3Ff+78pV/53q4dB4P987u0f7pail9eedah5XcNrA62/8E0fqWl+A9d+shX57/ryUeD7R9I+6entf4Z3v76dQ8fdyAYP0rjz2kp/iWvHH/Gyq2PbAzGfyLtn96W4j89Mrzq7psW7+gPxd+Xxp/XUvzTfnX9dXv3Dz0XbP9g2j99LcV/95JLrlp1YMu9oWNnvPtI/YYFeHN6W3KO9cVkvdXrzHZNul64vy+unvPNTf7PK3eypnpj9cyfufAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvEU91Ld+6E/fOeX1rmR9dvLglHJ1mW6fFUVxTxRFI6Prto0Ob9nYf/PW7du2rNvUv260f2jL6Lbb+89/Z/+2oVs2rbt97LsDZ6+oPu/YKK4u45On1H348OHDpb76bWl9n7rgfz/ef8r+f4yigeN+dkpXsP0fvGPRf1/Q4GtGPHh40/8644YX5/7t9uqGvqRdfYF2RYF2XfzwSyt/892e/xlFA8c3a9e/Lrv8h3UNGt8wESdRmh2Vxh/Mjuc0bEet1Ul70v7q2jC8aWggv3/LgTx+ffAvPrJj5Mbd1f6tBPMo2L89g4f/uOXbT9x48c6rqhuO1v2e199pFmn70v6rJP09P8lrfiCvrkBed59x6r/8w//d/NLuaKDr94un1p2XV3cyALrjdxSqN61hTlzfJ5WkfLrH0+edO7r5lnNHbt959vDmdRuHNg5tWbFixYXnrzjvgvP+27njqVe/diz/tP7/UjD/uvEUx1Pq7cx42nrB4HD6tdh4yhvnef0x1q78/pjcotDP39s/fPk/3fmXe66ubsgb52np2vEkWc4Z283Lo0njbWpfNcorrx+6A/2w8Zre//dK/9b/yDsOTd4zk79mxIOHfz/8d++Zu/f0G6objshxfnKDWjzO11qdtKd78nFn+dHbv7OjcpJXb8N2nX7Xyx/9++/E/bX2zZoV3bZudHTb8urXI5TX26/5bGfzunDpv9+6c+2dC6bkdV7169ykpXPjExu2K7s1zWvx+NdylHRLuogqpcb5dUfV9mV/L6TPy/Zqb/K93vjYhnllpd9b/cJ9jz2/84EloZ6Ov1mtsSeaV13GJwVKbso8sVxrcKP688ZHFEVrJ29L+/GJb/+f/r0/XrA5d3xUR8aUr9n0Bg9/7qK5vx65dt+q6oYjc1yZ1KAWjyu1Vk+0Z7y/xo8r5x09efz59nPdD1Y8eHjvSe/cuOKvR5Mf+7z+rZVu1L8roijvOLA4sz5Tx4FsPRPlG8frz6z3RuWWjhvPnb/0K9/bteNg8Ljxu6LHjc/WrZXbPG7EgfG0/3P//4+f2f/M+zp33Hjf0vLH/3nxiqRDj5aft0oyriuBcV1rddKeePK4PufGrZvWV7cfvee/yTLn+if9/T1y+85Prdu0aWjbSLG8ip6XpPVke7nV85L0p+/YnLzS/TWR18w9KNJfRX/e0vavz/ZXiz9v0EhvFLf0++yZzRftX7rzFwf6AnHjtaUkfqml+CPnvPzoi1f/6IRg/D1p/K6W4pdXnnVo+V0Dq4PxH4yT+JWW4j906SNfnf+uJx8Nxh9I29/T2vnE8PbXr3v4uHD/R2n83pbiPz0yvOrumxbvCMbfFyf1jJ3bRdHjr67YUF2Po+7kOJy2o7uuXVF2Pc6slzLr5cnrpeocfK2CcjIHVtuelku2h89cqq6Nomjf7Knb07PHysLq8mC6HmUfNN9+tClNOidotD3v/BoA3kzS1//Tc4309f/FyS/ESa//V5fxrLrnL0zOpxZObBq/zruzv/qLdLrzemk7svN6afxlp9fHaHVeL29e7rTMetquxUmvpO1pct4wNyowLze1nubzcpn08+fN+r+Y2dA1PrcX2m/dyUxFo9eZM+2dOxah3fPshY1bXTvPDo277HxH+jp9XHDcZe+LSPdv9r6INP6izARaq/dFtDvu0mmNJuNuPLP8+dSp4yJq0q8T46JxtOy4mMY46quOo5l9XeqNf70/s/Pvb5n5hGh3ff8UnE842q/30+3p8aEr2X5qzqX56sD2Ts0DpIeLtF2/bNKWI8E8AABMXP+n5xRj1/9jv6v7M+f5edct2auMNF7wPpZy4/bkXf9OvZ9tTkvnlZe8cvwZK7c+sjF4XvxE0ftSbqlbm5NzX0pePy7JrOf2Y+BWkLx5h6WZ8r3RvJb68bRfXX/d3v1DzwX7cbB6IpXfj3vq1ua12Y/LMuu5/djduFV5/ZitJ2/8nplZ703uCJpuv797ySVXrTqw5d5gv+8u2u8P1q315fT7W+Y6ParUxXed/tZ43T9vPvLPNg+QzFvP1DzANYHt050H6J3yoJbXuDfcPEDg9wIAvJGl1/+1++WT6/+/yZRr9/oweN422Jn7WYPnbbXz2vbOy4Ptr52Xt3ddFIxfuy5q7/XFYP/Urlvau+4Kxq9dd7U3TxPsnyfS/pl63r+rQPz0vD/05wLpef8b/7poZucZXBcl61H2QZXrIgAAjgbp9X96upre//9ksp49N57569yZvg6d6evomZ5nmOl5kjf6de6Rn2coEr/4PEPn5tnqrp8HzQNE5gEKMw8AAPDm8N5keUPB8l3j9xBH0SdvvOm8NeuHPr1mw7ahoZFb1t04tGZ4y/BorVz3+JXX1PukQ/Xl3SfdqPycJuXXBOPXt+eyQPmQdvMP1ZeXf6PyzfJfG4xf357LA+VD2s0/VF9e/o3KN8t/XTB+fXuuCJQPaTf/UH15+Tcq3yz/Twbj17fnfYHyIe3mH6ovL/9G5Zvlf2Mwfn17/kegfEi7+Yfqy8u/Uflm+WffLzOU//sD5UPazL+S377i+TTLfygYvz7/DwTKh7S7/0P15eXfqHyz/DcE49e3Z1WgfEi7+Yfqy8u/Uflm+W8Mxq9vz5WB8iHt5h+qLy//RuWb5X9TMH59ez4YKB/Sbv6h+vLyb1S+Wf7Dwfj17bkqUL7OpInjdvMP1ZeXf6PyzfK/ORi/vj0fCpQPaTf/UH15+Tcq3yz/TwXj17fn6kD5kHbzD9WXl3+j8s3y3xSMX9+eawLlQ9rNP1RfXv6NyjfLf3Mwfn17PhwoH9Ju/qH68vJvVL5Z/luC8evb85FA+ZB28w/Vl5d/o/LN8t8ajF/fntWB8iHt5h+qLy//RuWb5X9LMH59e64NlA9pN/9QfXn5NyrfLP9bg/Hr2/PRQPmQdvMP1ZeXf6PyzfLfFoxf356PBcqHtJt/qL68/BuVb5b/SDB+fXs+Higf0m7+ofry8m9Uvln+o8H49e25LlA+pN38Q/Xl5d+ofLP8twfj17fn+kD5kHbzD9WXl3+j8s3y/3Qwfn17PhEoH9Ju/qH68vJvVL5Z/juC8evbc0OgfEi7+Yfqy8u/Uflm+d8WjF/fnjWB8iG1/Ee3DQ2t2X7L+nWjQ2u2bF0/NLJmx7bh0dGh5ESt3fsSg/eVJfcldkddTfNflFk/Jnl/oGMC7w+ULZ+GPXH8wdT3B8pW25XzPjl5+ytbf977DDUq32i8hfZv3vGg6HjIqvv5qA6S4S0jQ9umHr97mvbH5DERjU8c91SX8fGFymffrjNQTa7i+VSa5pPdPDuZCp8dH1eofBT4PLjpKp5PHMynUTum+zl2adhpfY5d5ssUDd6jtS7fDSPjB+nhdZuGdw5Nbf+co6D9Rfpxd8fbUZrSjrz9H2f6Y0HSkgWhz3sL9N+Ob/3bQ7/97V+9P4oGjiuf1Fb/xYOH1x48/pM/vXj2uWPtLzVtf61k+rnKDT7/sNSkfJpP16atI6P/dcPW7Vsav4KW3u9cqq3P0P3OSZ7lgvcvh+73mO79y/GUB0enovcvAwAAvFWkf/+fXq8uTP4GdUFmiqD4PHB7fx8dnAfeV2weODsbkTcPnC2fpl10Hri3zXngbP2hedpSk/LNXncpOg/88UD56So+Ttp7H4DgOEl6Km+cZP8OP2+cZMtPd5z0tDlOsvXnjZNG5Zu9Pl10nFwbKB9SfDy08L4T/RPvOxEcDwPFxkP2czXzxkO2/HTHQ6XN8ZCtP288NCrf7H6douPhw4HyRRUfH+29L0xwfKwtNj6yn5eSNz6y5ac7PuI2x0e2/rzx0ah8s/sZi46PDwXKp4rv//betye4//cU2//Zz23J2//Z8tPd/6U293+2/rz936h8s/u5i+7/KwPlU/X7f2zHj+/3oTU7tm6bfA/0TH++akjx9s3s59a0qnj7Z/Z9n2a+/TP7vlIz3/72rpuC7d8Xt/VSV/H2z+znErXqiL0em/zNUN77T+W9TvuxwPbpvk47a8qDo5PXaQEAAGDmpa//px/Hn74//JeSZeBj+lt21Hy+d4vzxD5/OxC/Q5+/3WQeM6nHfN7RzHweAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAZ8zuWji+fOrzI3+4ctF7f3zX0Ku7rvju5jv3DM566j33fuDZr33iG8+/sGDZ8q/ffNmhW+euuueewZ9dcOgnf7ojN3BfdXFmslqJovilOIpO/umyL9/9w6dPGNsWR1FUjvt2R9GCuPSDOBth4LUoitbX2ln/zcdfXbFhbLn7S7Prth+TCZLNK+otp+2pa2d0W25GvAFVknH2he9vPek351z27N6fX/rqQOW1bbsnisSVSeMpiuavnfz87iiKepL/Y9LRtjB9crK8KoqiOZOed2FOu04r2P6zA+uLkuWsZNmbEyf9/qmZ9e6C7ejKLCsFn9eq0gzHT6X7b+4M1z/l6JapZ0Gy/FayPHOa8cvp/zgqxVFXrbpN8cQYiSbttziKx/f9xHqpbizEmbERR1GcWS9l1svdmbzG600GWjmO67en5TLb+5PtXcn2U3PG2jWB7e9I801+UA9m8s8G7Z3yoJbXuLRdv2zSliOhNOkY1Gh72t5KsjN6k2298bFTnnO4gfR7q1+477Hndz6wpC9QX/zNOIkftxT/mc0X7V+68xcHFgbyjNeWkvilluKPnPPyoy9e/aMTgvH3pPHLLcV/7vylX/nerh0H+0Lxf5f2T1dL8csrzzq0/K6B1cH2P5jGr7QU/6FLH/nq/Hc9+Wiw/QNp//S01j/D21+/7uHjDgTjR2n8OS3Fv+SV489YufWRjcH4T6T909tS/KdHhlfdfdPiHf2h+PvS+PNain/ar66/bu/+oef66jtl4uFg2j99LcV/95JLrlp1YMu9oWNnvPtI/YYFeHN6W3KO9cVkvdXrzHZNul64vy+u/iqZm/yf18mKMsbqmT+D8QEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeHMauvz+XZfvW3NFVxxFcaDM4QbS75VnDQ72t1BveeVZh5bfNbB68raFLcQBAAAA8qXX4aXalkq0MNoR90QnNiyfzhGcmK7F9duzcwg9EyU7EqfUoTjlDsXp6lCc7g7FmdWhOLM7FKeSE6cSFYvT0zROqXB75nQoTm+H4sztUJx5HYozv0NxjulQnL6mcYqPwwUdinNsh+K8rUNx3t6hOMd1KM7xHYpzQofiZOeUpzsO5yUlF4XijD8o58bpisu1bzSaT0/rOTnzvNI06+ktWE92zn669fQUrOf0NuupFKxnaZv1xAXrObPNeko59aTj9rZs+9J60rWC4//2DsXZ2aE4n+lQnM92KM4dHYrzuQ7F2dVmHICi0uv/ievGvmh218XRnOSIk50FSK93F1efPeV4VMleoCfSeCdlts/Ki5e9UM/EW9zh9p2W2d5dF6+rdt7UJF7f5HhLMt/MzTc7oZBp37LpxstOLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADADBq6/P5dl+9bc0UUR2P/GjrcQPq98qzBwf4W6l39wn2PPb/zgSWTt83uaiEQAAAA/8mu/cXIVdUPAD935y/bwm/6C9SBFDpSWjEiLV2UP6nhog+zxKAEMBow3S1lWDdsd5HdprAia30gPmgg0cTVJ8MThvCgBkUlWR40BiVhE8UmgvIiUTRAAiTUxGTM7tw7/zrTWUa0BT+fh3PvPed7zvee2abJ98zAQGkdnmv2FEMhuzvko3xHXDE5Bygmz5lS4xpVRtavo9GWk8Znk/jdC4fu2j1/7+KHpw8dmKpN1WbHxsauvHxs7xV7P7r7jumZ2p5GGwoD1ssl683fu3jngZmZ2t3zjefu9y4n88qtrsm15mjy3v8/IE+UxLfy/OduBv+1AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg1KpVl5eqqxPjo1EIUZ+Yeg/pWCYfx5Uh8l775tadV889OtXeV8gOsRAAAAAwUFqH55o9xVDIZkImnLv+dGErtBRCq+4HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+99Sqy0vV1YnxTVEIUZ+Yeg/pWCYfx5Uh8v5mfvr6B76w/Uh7X3mIdQAAAIDB0jp8pNlTDOWwI+Siczvi0rOB87rmd8el65y/wbjus4N+cTs2GLdrg3EfHBD3qeR6TwAAAIB3v7T+zzZ7SqGQPbNv/T+ork/jtnfFZZLrML8VAAAAAP49af2fb/aUQyFbbtbrG633L+yKS+cP+t4+nT/oe/s07uI+ebq/zwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAATl+16vJSdXViPBOFEPWJqfeQjmXycVwZIu+Ll+/69s+Xjhxv7ytkh1gIAAAAGCitw1uldzEUsqMhFzat1/1X7vr7Fxcnj27JlZLhfD7cc2Bh4e69jTaN2/HV1z/3u59GlRPiLmu0p2RzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAO6pWXV6qrk6MnxGFEPWJqfeQjmXycVwZIu+L04f/eesj57zW3lceYh0AAABgsLQOb9X+xVAO+ZAPW9ef2mv9NSNd8/udGQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADvHfP3Lt55YGamdrcbN27cNG9O9f9MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA6aJWXV6qrk6MF6MQoj4x9R7SsUw+jitD5H34449+96yP/OKx9r7yEOsAAAAAg6V1eKv2L4ZyyIVcOGf9qdeZwHr9X/ovviQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHBaqFWXl6qrE+NnRiFEfWLqPaRjmXwcV4bIe+GfP3/ryrHai+19hewQCwEAAAADpXV4vtlTDIXsZaEQtiXPM50Tokxy7X0u0Jp3V8e00Q3Pu69jXmbD877WtbNsspvGvGK6Xqlxbc6rnDivEkIoJ/PKrYHJjnnhoY5ZZ274Pb/XMa80YF4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA01CturxUXZ0Yj6IQoj4x9R7SsUw+jitD5H3u0FXHdi3+8bX2vvIQ6wAAAACDpXV4q/YvhnI4P5wVzl+v+0OpMz6N2/fIK1f/9WdnfCOEPVt/e0G27/p/ubj6y+4mhJHOoJEQ/i/JF/XJd+THf3v41Vd/8skQ9pyT2fZ283UuGdcnj2+97dl9hd0n+WAAAADgPSSt/3PNnlIoZGf71v9p5f226v+5s2+6b0vSJhV514yRUpJvpE++O6/45o8qFxz7w1r9f7J8n/7yeZ/YEuauiKfTttHTJYrrMw/u3P/y5qcPp7tu5M905U8/l5eO//AzR+YPfqWRvxiKSf952V75T2y7nBHX35p94qmD+xZv6Myf7bP/B3a+/0+//86hV9byv7F9tJn/AyfZ/8nzn31z9fmjjz90Y2f+XJ/8Uzdt+v6blbl/dO9/tGvh5JNv/MHb/gpdorj+xvQz12xe2bG/M38IYbI9MP38n3riW5WVX285lOZPfyty8Y6u/G3/1NrbrjOnKK6vbLtkauzJhU2d+aOu/On+j93/g7e+dOy567r3f3v3/vvm797/dbsyt7ywfWyYH88AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALwL1KrLS9XVifGQCSHqE1PvIR3L5OO4MkTej1107Q3Xvzb79fa+QnaIhQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIB3TK26vFRdnRgfiUKI+sTUe0jHMvk4rgyRd/7S1x97+cZfva+9rzzEOgAAAMBgaR3eqv2LoRzyIR9G1+v+yeNbb3t2X2F3KDVGo+SanZmbX/jQHXOHZ28/RW8OAAAAbFRa/2ebPaVQyF4Uckn9v7LtkqmxJxc2pfV/CGFyrSneMT1TGwvNc4LrdmVueWH7WKV5TtAed+nBuZnkmCBd9/6rNr80/9nV63uuu7cV98b0M9dsXtmxP43LJdf1uMtacTMP7tz/8uanD6dxI+k5xVrcnlbcW7NPPHVw3+IN6Ximfb22uLNvrj5/9PGHbmyuk1xHk7wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwL3bgQAAAAAAAyP+1EaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwX0chVhVxHIBn7t3Vq3fddotykyIVEw2SlYpKiFYh6aENKfDFAh+yMjKpJQwh3IQsTMKniqCIKAhECoIeirCgDJIoiNAewtAe6iE2og1xo2J3Z3bvHj3tdmoV5PvgMM6ce37zP3PGs/cCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA59fctp6x9vDTA7/fuei2z3dvGd51+/vbntrfN+fwrfvuOPbKvW+eONm9YvUbD60febSjf+/evq9vHPnizyenDX5ivFmZuo0Q4s8xhCu/XPHCnk+PLBwdiyGEeuwaDKE71j7ujoWE3tMhhPsm6px68t3h6+4fbQefmztl/KJCSPG+QrOe6xnXNbVeLiyNtM+e+XD7FT+uWn/s0Lfrhnsbpx8bnPxIbLTspxA6N7de3x5CmJeOUXm39eSLU7shhDC/5bqbpqlr6Qzrv7akvyi1c1LbnCYnn19S6LfPsI62QtuY4XVV1WY5P8vPr2OW5y++3IrzdKf2vdSu/Jf59XzEUIuhbWK6h+PkHgktzy2GOPbsJ/u1KXshFvZGDCEW+rVCv95euK+xedNGq8c4dTx/rjC+OI23pfEl0+y1u0vGL8/3m/6jnircfzG0ecY/Ju5rTK7r+3+o5VyotbyDzjae622kh9FMY8148RnX/HUW+dzGk8+/fWLnq8u6SuqI78SUHyvlf7Pt5qPLd3431FOWv7mW8muV8gdW/Xrwp7s+W1iavz/n1yvlH79++Ysf7NpxqnR9fsnr01Ypv77mmpHVu3s3ltb/Ws5vVMp/fd2Blztv+ORgaf29eX3mVVufrY//semtS4dK80POn18pf+1vl129ZvuBB0rzP8rr06yUf2Rga/+eB6/asbgs/6ucv6BS/tIf7tl06OiW46X19+X16aqUf8uytRv6hx7ZV/bujIPn6i8swIXpkvQd69nUr/o7879q+b3wUlcc/87XkY4F/+dEBaPzdM5iPgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD8zQ4ckAAAAAAI+v+6HYECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAE8FAAD//xgLVJ0=") 7.358215165s ago: executing program 0 (id=2660): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r1 = mq_open(&(0x7f000084dff0)='!selinuxselinux\x00', 0x6e93ebbbcc0884f2, 0x0, &(0x7f0000000300)={0x0, 0x1, 0x7}) mq_timedsend(r1, 0x0, 0x0, 0x0, 0x0) mq_timedreceive(r1, &(0x7f0000000780)=""/117, 0x75, 0x0, 0x0) mq_timedreceive(r1, 0x0, 0x0, 0x0, 0x0) 7.228501351s ago: executing program 0 (id=2662): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x4000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff, 0x7}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000400007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='sched_switch\x00', r3}, 0x10) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000740)='./file0\x00', 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x10) r4 = openat2$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000080), 0x18) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r4, 0x800c6613, &(0x7f0000000000)=@v1={0x0, @adiantum, 0x0, @desc1}) getdents64(r4, 0x0, 0x0) 6.775133977s ago: executing program 4 (id=2664): ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = signalfd4(0xffffffffffffffff, &(0x7f0000000180)={[0x1]}, 0x4, 0x800) signalfd4(r0, &(0x7f0000000140), 0x8, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0, 0x0) pwrite64(r1, &(0x7f0000000580), 0x0, 0x800b5eb) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1000000000006) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/fscaps', 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') r3 = memfd_create(&(0x7f0000000340)='D\xa3\xd5Wj\x00\x00x0\xc1\xac\x1a\x1a\vG\xa9~vB\xbc\t\x00\x00\x00VoA\xaa\xbc\xee[\xe1\xa2\xe0\xff\x04\x00\x00\x00\\i\xcf\t\xb0\xa9 +H/\x1a\xe7\x95\xce\"\"\xbd\xf9!\xfd\xa4\xcaN\x84\xadS\x8bqE\x99\x01t\xb1\x1f|\x99PL\x92\x8f\xc2\xf9\xcd\x8cj\x03X\x05\x17mwI\xf0\x01\xe5z\xcdJ)\xc7\xfa)\xaa}\xef\xbb\xf5\xcd\xb1o5\x18\xd6\v\x85q\x98\x9bB\xb9\xea\xe7\xff\x7f\x00\x00T\xc0\xd2\t?\bpBl\xf4*8\xc6\xe5\x06P\xc11\f^\x7f\x8e\xc1\xd1Wra\x19)\xe3\x8f\xd9\x9f\x15\x1e\xf2\x18\r\xad\b\xe0\x96NH\x85\r+\xfc\xb3\xdd\xddhg \x03\xa7\x92\xff\x00+h\xb7@#K\x9cMY\xd3\x9b\b-G\xb1\xdaS\x81\xb2\x93\xb83\x8a\x94*\x8d\\\b\xff/\xa1\xc0\xf9&\xd3M\xf6\n\xff\x83k\xe6\rDa\x16\xbd\x1a\xb2w\b', 0x0) write(r3, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r3, 0x0) r4 = dup3(r2, r3, 0x0) fchdir(r4) openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) statfs(&(0x7f0000000040)='./file0/../file0\x00', 0x0) openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0) socket$nl_route(0x10, 0x3, 0x0) r5 = signalfd4(0xffffffffffffffff, &(0x7f0000000180), 0x8, 0x0) signalfd4(r5, &(0x7f0000000140), 0x8, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x10042, 0x0) ptrace(0x10, 0x1) waitid(0x1, 0x0, 0x0, 0x2, &(0x7f0000000100)) 6.274211984s ago: executing program 4 (id=2666): r0 = socket(0x1d, 0x2, 0x6) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000003c0)={'vxcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000040)={0x1d, r1, 0x3}, 0x18) r2 = socket(0x1d, 0x2, 0x6) socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'vxcan0\x00', 0x0}) bind$can_j1939(r2, &(0x7f00000000c0)={0x1d, r3, 0x1}, 0x18) 5.843006945s ago: executing program 1 (id=2668): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000007000000000000000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x3, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000200)='ext4_sync_file_enter\x00', r1}, 0x10) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.events\x00', 0x100002, 0x0) write$cgroup_int(r2, &(0x7f0000000680), 0x12) 5.590119805s ago: executing program 4 (id=2669): setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000000080)=@broute={'broute\x00', 0x20, 0x2, 0x230, [], 0x0, 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000050000000000000000000000000000feffffff0100000003"]}, 0xa9) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000400)=ANY=[], 0x8) connect$inet6(r0, &(0x7f00000003c0)={0xa, 0x4000, 0x0, @mcast2, 0x5}, 0x1c) write(r0, &(0x7f00000000c0)="8f2a0a65bd8c002b0304000e0580a7b6070d63e286a5cefe", 0x5ac) 5.376624875s ago: executing program 4 (id=2671): openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x40, 0x0) mount$9p_unix(&(0x7f0000000100)='./file0\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2001001, 0x0) mount$9p_tcp(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x894481, &(0x7f0000000340)) 5.193225948s ago: executing program 4 (id=2674): ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0x541b, 0x0) r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000440)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00", @ANYRES16], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x22, 0xf, {[@global=@item_4={0x3, 0x1, 0x0, "9b4d3948"}, @main=@item_012={0x1, 0x0, 0x8, "9f"}, @local=@item_4={0x3, 0x2, 0x0, "6d1fa409"}, @main=@item_012={0x2, 0x0, 0x0, "1a79"}]}}, 0x0}, 0x0) r1 = syz_open_dev$hiddev(&(0x7f0000000d40), 0x0, 0x0) ioctl$HIDIOCGUSAGE(r1, 0xc018480b, 0x0) ioctl$HIDIOCGUSAGE(r1, 0x4b47, 0x0) 4.408794126s ago: executing program 1 (id=2678): sched_setscheduler(0x0, 0x1, 0x0) getpid() bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='GPL\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_mount_image$bcachefs(&(0x7f0000002040), &(0x7f00000000c0)='./file1\x00', 0x0, &(0x7f0000000040)=ANY=[@ANYRESOCT], 0x1, 0x5b34, &(0x7f000000ac40)="$eJzs3Q2MHNWdIPCq7hm7x2ObMQngmA8PYHyGCzDG5ACLKAOnALnEhEBikkCwHTw2Q/wBnnEMTogNUkhEOM7SnRIuUhBCicQJIXKLNpuPjUy0hGjDRrGUZU12N0sEiTbsijgikHgxilczXdUzXdOvq6a7xzHw+8me6qp5/X/v/+pNTdXrmu4IAACAt4SnPj/yhysXvffHdw29uuuK726+M+otj2+vpAX6kuVtf64WciTN7lo4vsyOiz2Ds556z70fePZrn/jG8y8sWLb86zdfdujWuavuuWfwZxcc+smf7siLm46nMyfW45fiKDr5p8u+fPcPnz5hbFscRVE57tsdRQvi0g8WxOlzu5Lla1EUra+1sz7+46+u2DC23P2l2XXbj8m0w3h/a6sk4+wL39960m/OuezZvT+/9NWBymvbdk8UiSuTxlMUzV87+fndURT1JP/HpKNtYfrkZHlVFEVzJj3vwpx2nVaw/WcH1hcly1nJsjcnTvr9UzPr3QXb0ZVZVgo+r1WlGY6fSvff3BmuPw5sT+tZkCy/lSzPnGb8cvo/jkpx1FWrblM8MUaiSfstjuLxfT+xXqobC3FmbMRRFGfWS5n1cncmr/F6k4FWjuP67Wm5zPb+ZHtXsv3UnLF2TWD7O9J8kx/Ug5n8s0F7pzyo5TUubdcvm7TlSChNOgY12p62t5LsjN5kW2987JTnHG4g/d7qF+577PmdDyzpC7Qj/macxI9biv/M5ov2L935iwMLQ/HXlpL4pZbij5zz8qMvXv2jE4Lx96Txyy3Ff+78pV/53q4dB4P987u0f7pail9eedah5XcNrA62/8E0fqWl+A9d+shX57/ryUeD7R9I+6entf4Z3v76dQ8fdyAYP0rjz2kp/iWvHH/Gyq2PbAzGfyLtn96W4j89Mrzq7psW7+gPxd+Xxp/XUvzTfnX9dXv3Dz0XbP9g2j99LcV/95JLrlp1YMu9oWNnvPtI/YYFeHN6W3KO9cVkvdXrzHZNul64vy+unvPNTf7PK3eypnpj9cyfufAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvEU91Ld+6E/fOeX1rmR9dvLglHJ1mW6fFUVxTxRFI6Prto0Ob9nYf/PW7du2rNvUv260f2jL6Lbb+89/Z/+2oVs2rbt97LsDZ6+oPu/YKK4u45On1H348OHDpb76bWl9n7rgfz/ef8r+f4yigeN+dkpXsP0fvGPRf1/Q4GtGPHh40/8644YX5/7t9uqGvqRdfYF2RYF2XfzwSyt/892e/xlFA8c3a9e/Lrv8h3UNGt8wESdRmh2Vxh/Mjuc0bEet1Ul70v7q2jC8aWggv3/LgTx+ffAvPrJj5Mbd1f6tBPMo2L89g4f/uOXbT9x48c6rqhuO1v2e199pFmn70v6rJP09P8lrfiCvrkBed59x6r/8w//d/NLuaKDr94un1p2XV3cyALrjdxSqN61hTlzfJ5WkfLrH0+edO7r5lnNHbt959vDmdRuHNg5tWbFixYXnrzjvgvP+27njqVe/diz/tP7/UjD/uvEUx1Pq7cx42nrB4HD6tdh4yhvnef0x1q78/pjcotDP39s/fPk/3fmXe66ubsgb52np2vEkWc4Z283Lo0njbWpfNcorrx+6A/2w8Zre//dK/9b/yDsOTd4zk79mxIOHfz/8d++Zu/f0G6objshxfnKDWjzO11qdtKd78nFn+dHbv7OjcpJXb8N2nX7Xyx/9++/E/bX2zZoV3bZudHTb8urXI5TX26/5bGfzunDpv9+6c+2dC6bkdV7169ykpXPjExu2K7s1zWvx+NdylHRLuogqpcb5dUfV9mV/L6TPy/Zqb/K93vjYhnllpd9b/cJ9jz2/84EloZ6Ov1mtsSeaV13GJwVKbso8sVxrcKP688ZHFEVrJ29L+/GJb/+f/r0/XrA5d3xUR8aUr9n0Bg9/7qK5vx65dt+q6oYjc1yZ1KAWjyu1Vk+0Z7y/xo8r5x09efz59nPdD1Y8eHjvSe/cuOKvR5Mf+7z+rZVu1L8roijvOLA4sz5Tx4FsPRPlG8frz6z3RuWWjhvPnb/0K9/bteNg8Ljxu6LHjc/WrZXbPG7EgfG0/3P//4+f2f/M+zp33Hjf0vLH/3nxiqRDj5aft0oyriuBcV1rddKeePK4PufGrZvWV7cfvee/yTLn+if9/T1y+85Prdu0aWjbSLG8ip6XpPVke7nV85L0p+/YnLzS/TWR18w9KNJfRX/e0vavz/ZXiz9v0EhvFLf0++yZzRftX7rzFwf6AnHjtaUkfqml+CPnvPzoi1f/6IRg/D1p/K6W4pdXnnVo+V0Dq4PxH4yT+JWW4j906SNfnf+uJx8Nxh9I29/T2vnE8PbXr3v4uHD/R2n83pbiPz0yvOrumxbvCMbfFyf1jJ3bRdHjr67YUF2Po+7kOJy2o7uuXVF2Pc6slzLr5cnrpeocfK2CcjIHVtuelku2h89cqq6Nomjf7Knb07PHysLq8mC6HmUfNN9+tClNOidotD3v/BoA3kzS1//Tc4309f/FyS/ESa//V5fxrLrnL0zOpxZObBq/zruzv/qLdLrzemk7svN6afxlp9fHaHVeL29e7rTMetquxUmvpO1pct4wNyowLze1nubzcpn08+fN+r+Y2dA1PrcX2m/dyUxFo9eZM+2dOxah3fPshY1bXTvPDo277HxH+jp9XHDcZe+LSPdv9r6INP6izARaq/dFtDvu0mmNJuNuPLP8+dSp4yJq0q8T46JxtOy4mMY46quOo5l9XeqNf70/s/Pvb5n5hGh3ff8UnE842q/30+3p8aEr2X5qzqX56sD2Ts0DpIeLtF2/bNKWI8E8AABMXP+n5xRj1/9jv6v7M+f5edct2auMNF7wPpZy4/bkXf9OvZ9tTkvnlZe8cvwZK7c+sjF4XvxE0ftSbqlbm5NzX0pePy7JrOf2Y+BWkLx5h6WZ8r3RvJb68bRfXX/d3v1DzwX7cbB6IpXfj3vq1ua12Y/LMuu5/djduFV5/ZitJ2/8nplZ703uCJpuv797ySVXrTqw5d5gv+8u2u8P1q315fT7W+Y6ParUxXed/tZ43T9vPvLPNg+QzFvP1DzANYHt050H6J3yoJbXuDfcPEDg9wIAvJGl1/+1++WT6/+/yZRr9/oweN422Jn7WYPnbbXz2vbOy4Ptr52Xt3ddFIxfuy5q7/XFYP/Urlvau+4Kxq9dd7U3TxPsnyfS/pl63r+rQPz0vD/05wLpef8b/7poZucZXBcl61H2QZXrIgAAjgbp9X96upre//9ksp49N57569yZvg6d6evomZ5nmOl5kjf6de6Rn2coEr/4PEPn5tnqrp8HzQNE5gEKMw8AAPDm8N5keUPB8l3j9xBH0SdvvOm8NeuHPr1mw7ahoZFb1t04tGZ4y/BorVz3+JXX1PukQ/Xl3SfdqPycJuXXBOPXt+eyQPmQdvMP1ZeXf6PyzfJfG4xf357LA+VD2s0/VF9e/o3KN8t/XTB+fXuuCJQPaTf/UH15+Tcq3yz/Twbj17fnfYHyIe3mH6ovL/9G5Zvlf2Mwfn17/kegfEi7+Yfqy8u/Uflm+WffLzOU//sD5UPazL+S377i+TTLfygYvz7/DwTKh7S7/0P15eXfqHyz/DcE49e3Z1WgfEi7+Yfqy8u/Uflm+W8Mxq9vz5WB8iHt5h+qLy//RuWb5X9TMH59ez4YKB/Sbv6h+vLyb1S+Wf7Dwfj17bkqUL7OpInjdvMP1ZeXf6PyzfK/ORi/vj0fCpQPaTf/UH15+Tcq3yz/TwXj17fn6kD5kHbzD9WXl3+j8s3y3xSMX9+eawLlQ9rNP1RfXv6NyjfLf3Mwfn17PhwoH9Ju/qH68vJvVL5Z/luC8evb85FA+ZB28w/Vl5d/o/LN8t8ajF/fntWB8iHt5h+qLy//RuWb5X9LMH59e64NlA9pN/9QfXn5NyrfLP9bg/Hr2/PRQPmQdvMP1ZeXf6PyzfLfFoxf356PBcqHtJt/qL68/BuVb5b/SDB+fXs+Higf0m7+ofry8m9Uvln+o8H49e25LlA+pN38Q/Xl5d+ofLP8twfj17fn+kD5kHbzD9WXl3+j8s3y/3Qwfn17PhEoH9Ju/qH68vJvVL5Z/juC8evbc0OgfEi7+Yfqy8u/Uflm+d8WjF/fnjWB8iG1/Ee3DQ2t2X7L+nWjQ2u2bF0/NLJmx7bh0dGh5ESt3fsSg/eVJfcldkddTfNflFk/Jnl/oGMC7w+ULZ+GPXH8wdT3B8pW25XzPjl5+ytbf977DDUq32i8hfZv3vGg6HjIqvv5qA6S4S0jQ9umHr97mvbH5DERjU8c91SX8fGFymffrjNQTa7i+VSa5pPdPDuZCp8dH1eofBT4PLjpKp5PHMynUTum+zl2adhpfY5d5ssUDd6jtS7fDSPjB+nhdZuGdw5Nbf+co6D9Rfpxd8fbUZrSjrz9H2f6Y0HSkgWhz3sL9N+Ob/3bQ7/97V+9P4oGjiuf1Fb/xYOH1x48/pM/vXj2uWPtLzVtf61k+rnKDT7/sNSkfJpP16atI6P/dcPW7Vsav4KW3u9cqq3P0P3OSZ7lgvcvh+73mO79y/GUB0enovcvAwAAvFWkf/+fXq8uTP4GdUFmiqD4PHB7fx8dnAfeV2weODsbkTcPnC2fpl10Hri3zXngbP2hedpSk/LNXncpOg/88UD56So+Ttp7H4DgOEl6Km+cZP8OP2+cZMtPd5z0tDlOsvXnjZNG5Zu9Pl10nFwbKB9SfDy08L4T/RPvOxEcDwPFxkP2czXzxkO2/HTHQ6XN8ZCtP288NCrf7H6douPhw4HyRRUfH+29L0xwfKwtNj6yn5eSNz6y5ac7PuI2x0e2/rzx0ah8s/sZi46PDwXKp4rv//betye4//cU2//Zz23J2//Z8tPd/6U293+2/rz936h8s/u5i+7/KwPlU/X7f2zHj+/3oTU7tm6bfA/0TH++akjx9s3s59a0qnj7Z/Z9n2a+/TP7vlIz3/72rpuC7d8Xt/VSV/H2z+znErXqiL0em/zNUN77T+W9TvuxwPbpvk47a8qDo5PXaQEAAGDmpa//px/Hn74//JeSZeBj+lt21Hy+d4vzxD5/OxC/Q5+/3WQeM6nHfN7RzHweAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAZ8zuWji+fOrzI3+4ctF7f3zX0Ku7rvju5jv3DM566j33fuDZr33iG8+/sGDZ8q/ffNmhW+euuueewZ9dcOgnf7ojN3BfdXFmslqJovilOIpO/umyL9/9w6dPGNsWR1FUjvt2R9GCuPSDOBth4LUoitbX2ln/zcdfXbFhbLn7S7Prth+TCZLNK+otp+2pa2d0W25GvAFVknH2he9vPek351z27N6fX/rqQOW1bbsnisSVSeMpiuavnfz87iiKepL/Y9LRtjB9crK8KoqiOZOed2FOu04r2P6zA+uLkuWsZNmbEyf9/qmZ9e6C7ejKLCsFn9eq0gzHT6X7b+4M1z/l6JapZ0Gy/FayPHOa8cvp/zgqxVFXrbpN8cQYiSbttziKx/f9xHqpbizEmbERR1GcWS9l1svdmbzG600GWjmO67en5TLb+5PtXcn2U3PG2jWB7e9I801+UA9m8s8G7Z3yoJbXuLRdv2zSliOhNOkY1Gh72t5KsjN6k2298bFTnnO4gfR7q1+477Hndz6wpC9QX/zNOIkftxT/mc0X7V+68xcHFgbyjNeWkvilluKPnPPyoy9e/aMTgvH3pPHLLcV/7vylX/nerh0H+0Lxf5f2T1dL8csrzzq0/K6B1cH2P5jGr7QU/6FLH/nq/Hc9+Wiw/QNp//S01j/D21+/7uHjDgTjR2n8OS3Fv+SV489YufWRjcH4T6T909tS/KdHhlfdfdPiHf2h+PvS+PNain/ar66/bu/+oef66jtl4uFg2j99LcV/95JLrlp1YMu9oWNnvPtI/YYFeHN6W3KO9cVkvdXrzHZNul64vy+u/iqZm/yf18mKMsbqmT+D8QEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeHMauvz+XZfvW3NFVxxFcaDM4QbS75VnDQ72t1BveeVZh5bfNbB68raFLcQBAAAA8qXX4aXalkq0MNoR90QnNiyfzhGcmK7F9duzcwg9EyU7EqfUoTjlDsXp6lCc7g7FmdWhOLM7FKeSE6cSFYvT0zROqXB75nQoTm+H4sztUJx5HYozv0NxjulQnL6mcYqPwwUdinNsh+K8rUNx3t6hOMd1KM7xHYpzQofiZOeUpzsO5yUlF4XijD8o58bpisu1bzSaT0/rOTnzvNI06+ktWE92zn669fQUrOf0NuupFKxnaZv1xAXrObPNeko59aTj9rZs+9J60rWC4//2DsXZ2aE4n+lQnM92KM4dHYrzuQ7F2dVmHICi0uv/ievGvmh218XRnOSIk50FSK93F1efPeV4VMleoCfSeCdlts/Ki5e9UM/EW9zh9p2W2d5dF6+rdt7UJF7f5HhLMt/MzTc7oZBp37LpxstOLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADADBq6/P5dl+9bc0UUR2P/GjrcQPq98qzBwf4W6l39wn2PPb/zgSWTt83uaiEQAAAA/8mu/cXIVdUPAD935y/bwm/6C9SBFDpSWjEiLV2UP6nhog+zxKAEMBow3S1lWDdsd5HdprAia30gPmgg0cTVJ8MThvCgBkUlWR40BiVhE8UmgvIiUTRAAiTUxGTM7tw7/zrTWUa0BT+fh3PvPed7zvee2abJ98zAQGkdnmv2FEMhuzvko3xHXDE5Bygmz5lS4xpVRtavo9GWk8Znk/jdC4fu2j1/7+KHpw8dmKpN1WbHxsauvHxs7xV7P7r7jumZ2p5GGwoD1ssl683fu3jngZmZ2t3zjefu9y4n88qtrsm15mjy3v8/IE+UxLfy/OduBv+1AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg1KpVl5eqqxPjo1EIUZ+Yeg/pWCYfx5Uh8l775tadV889OtXeV8gOsRAAAAAwUFqH55o9xVDIZkImnLv+dGErtBRCq+4HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+99Sqy0vV1YnxTVEIUZ+Yeg/pWCYfx5Uh8v5mfvr6B76w/Uh7X3mIdQAAAIDB0jp8pNlTDOWwI+Siczvi0rOB87rmd8el65y/wbjus4N+cTs2GLdrg3EfHBD3qeR6TwAAAIB3v7T+zzZ7SqGQPbNv/T+ork/jtnfFZZLrML8VAAAAAP49af2fb/aUQyFbbtbrG633L+yKS+cP+t4+nT/oe/s07uI+ebq/zwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAATl+16vJSdXViPBOFEPWJqfeQjmXycVwZIu+Ll+/69s+Xjhxv7ytkh1gIAAAAGCitw1uldzEUsqMhFzat1/1X7vr7Fxcnj27JlZLhfD7cc2Bh4e69jTaN2/HV1z/3u59GlRPiLmu0p2RzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAO6pWXV6qrk6MnxGFEPWJqfeQjmXycVwZIu+L04f/eesj57zW3lceYh0AAABgsLQOb9X+xVAO+ZAPW9ef2mv9NSNd8/udGQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADvHfP3Lt55YGamdrcbN27cNG9O9f9MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA6aJWXV6qrk6MF6MQoj4x9R7SsUw+jitD5H34449+96yP/OKx9r7yEOsAAAAAg6V1eKv2L4ZyyIVcOGf9qdeZwHr9X/ovviQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHBaqFWXl6qrE+NnRiFEfWLqPaRjmXwcV4bIe+GfP3/ryrHai+19hewQCwEAAAADpXV4vtlTDIXsZaEQtiXPM50Tokxy7X0u0Jp3V8e00Q3Pu69jXmbD877WtbNsspvGvGK6Xqlxbc6rnDivEkIoJ/PKrYHJjnnhoY5ZZ274Pb/XMa80YF4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA01CturxUXZ0Yj6IQoj4x9R7SsUw+jitD5H3u0FXHdi3+8bX2vvIQ6wAAAACDpXV4q/YvhnI4P5wVzl+v+0OpMz6N2/fIK1f/9WdnfCOEPVt/e0G27/p/ubj6y+4mhJHOoJEQ/i/JF/XJd+THf3v41Vd/8skQ9pyT2fZ283UuGdcnj2+97dl9hd0n+WAAAADgPSSt/3PNnlIoZGf71v9p5f226v+5s2+6b0vSJhV514yRUpJvpE++O6/45o8qFxz7w1r9f7J8n/7yeZ/YEuauiKfTttHTJYrrMw/u3P/y5qcPp7tu5M905U8/l5eO//AzR+YPfqWRvxiKSf952V75T2y7nBHX35p94qmD+xZv6Myf7bP/B3a+/0+//86hV9byv7F9tJn/AyfZ/8nzn31z9fmjjz90Y2f+XJ/8Uzdt+v6blbl/dO9/tGvh5JNv/MHb/gpdorj+xvQz12xe2bG/M38IYbI9MP38n3riW5WVX285lOZPfyty8Y6u/G3/1NrbrjOnKK6vbLtkauzJhU2d+aOu/On+j93/g7e+dOy567r3f3v3/vvm797/dbsyt7ywfWyYH88AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALwL1KrLS9XVifGQCSHqE1PvIR3L5OO4MkTej1107Q3Xvzb79fa+QnaIhQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIB3TK26vFRdnRgfiUKI+sTUe0jHMvk4rgyRd/7S1x97+cZfva+9rzzEOgAAAMBgaR3eqv2LoRzyIR9G1+v+yeNbb3t2X2F3KDVGo+SanZmbX/jQHXOHZ28/RW8OAAAAbFRa/2ebPaVQyF4Uckn9v7LtkqmxJxc2pfV/CGFyrSneMT1TGwvNc4LrdmVueWH7WKV5TtAed+nBuZnkmCBd9/6rNr80/9nV63uuu7cV98b0M9dsXtmxP43LJdf1uMtacTMP7tz/8uanD6dxI+k5xVrcnlbcW7NPPHVw3+IN6Ximfb22uLNvrj5/9PGHbmyuk1xHk7wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwL3bgQAAAAAAAyP+1EaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwX0chVhVxHIBn7t3Vq3fddotykyIVEw2SlYpKiFYh6aENKfDFAh+yMjKpJQwh3IQsTMKniqCIKAhECoIeirCgDJIoiNAewtAe6iE2og1xo2J3Z3bvHj3tdmoV5PvgMM6ce37zP3PGs/cCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA59fctp6x9vDTA7/fuei2z3dvGd51+/vbntrfN+fwrfvuOPbKvW+eONm9YvUbD60febSjf+/evq9vHPnizyenDX5ivFmZuo0Q4s8xhCu/XPHCnk+PLBwdiyGEeuwaDKE71j7ujoWE3tMhhPsm6px68t3h6+4fbQefmztl/KJCSPG+QrOe6xnXNbVeLiyNtM+e+XD7FT+uWn/s0Lfrhnsbpx8bnPxIbLTspxA6N7de3x5CmJeOUXm39eSLU7shhDC/5bqbpqlr6Qzrv7akvyi1c1LbnCYnn19S6LfPsI62QtuY4XVV1WY5P8vPr2OW5y++3IrzdKf2vdSu/Jf59XzEUIuhbWK6h+PkHgktzy2GOPbsJ/u1KXshFvZGDCEW+rVCv95euK+xedNGq8c4dTx/rjC+OI23pfEl0+y1u0vGL8/3m/6jnircfzG0ecY/Ju5rTK7r+3+o5VyotbyDzjae622kh9FMY8148RnX/HUW+dzGk8+/fWLnq8u6SuqI78SUHyvlf7Pt5qPLd3431FOWv7mW8muV8gdW/Xrwp7s+W1iavz/n1yvlH79++Ysf7NpxqnR9fsnr01Ypv77mmpHVu3s3ltb/Ws5vVMp/fd2Blztv+ORgaf29eX3mVVufrY//semtS4dK80POn18pf+1vl129ZvuBB0rzP8rr06yUf2Rga/+eB6/asbgs/6ucv6BS/tIf7tl06OiW46X19+X16aqUf8uytRv6hx7ZV/bujIPn6i8swIXpkvQd69nUr/o7879q+b3wUlcc/87XkY4F/+dEBaPzdM5iPgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD8zQ4ckAAAAAAI+v+6HYECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAE8FAAD//xgLVJ0=") 4.157922722s ago: executing program 0 (id=2679): syz_mount_image$erofs(&(0x7f0000000040), &(0x7f00000001c0)='./file0\x00', 0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x17d, &(0x7f0000001ac0)="$eJzsmLFP+kAUx7/vyg/yMy6uLg4SxcHSFjUuxLA5mogaNwlUghYx0EGYdPH/cHZwdvOPMM7qYFwY3Uxqej3oQQR10MT4PsPj+7h313evyXcoGIb5szw+vNyvFe+EAWASaaTU/89GXCO0+tfb83Jraj1/OfeUv041robPIwBB8PnnJwDcFAz4Kg+Cwd1p9VuE6OstCCwovQOCqfQeBLaVdkHYVfpA042w3jT3a55rlhteJRRWGOwwOGHIDffXPSNUtP5IW2+1O4clz3Ob3yg+ml+3IJDX+tPfV282ljY/GwK20jkQNpVeRao3m2gk2v2nE/H5xg/fnwULFr9NxP4UXBDmNX9KaP6R9evH2Va7s1irl6pu1T1ynNyKtWRZy05WGlEUx/jff+lPE9r5/0bUJimJk5LvN+0o9nMniu85rpD+J5CZjfLQ+5Mju4nWSe0jqTLGmHKGYRiGYRiGYRiGYRiGYZgvMAOSX0EldIo4GcDZkNVvAQAA///an3MA") mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f0000000140)='./bus\x00') mkdirat(0xffffffffffffffff, 0x0, 0x0) r0 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) lseek(r0, 0x5490, 0x0) getdents(r0, 0x0, 0x0) 4.097666218s ago: executing program 2 (id=2680): openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r0 = syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_SETCRTC(r0, 0xc06864a2, &(0x7f00000008c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "d20bddda7d1db9342de76eec7967fe97751f13a23aeaacb0565c1c2251560ed1"}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$TIPC_CMD_SET_NODE_ADDR(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x1c, r2, 0x201, 0x0, 0x0, {{}, {}, {0x8}}}, 0x24}}, 0x0) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) shmctl$SHM_STAT(0x0, 0xd, &(0x7f0000000000)=""/252) r6 = syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0) r7 = syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r7, 0xc04064a0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000940)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r7, 0xc05064a7, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000008c0)=[0x0, 0x0], &(0x7f0000000900), 0x0, 0x2, 0x0, 0x0, r8}) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r6, 0xc04064a0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) bind$netlink(0xffffffffffffffff, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(0xffffffffffffffff, 0x10e, 0x2, 0x0, 0x0) ioctl$DRM_IOCTL_MODE_SETPROPERTY(r0, 0xc01064ab, &(0x7f0000000240)={0x0, r9, r10}) 3.833757368s ago: executing program 0 (id=2682): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x2, 0x4, 0x10008, 0x1, 0x1000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000001000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008180000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f00000002c0)='ext4_remove_blocks\x00', r1}, 0x10) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.stat\x00', 0x275a, 0x0) write$cgroup_int(r2, &(0x7f0000000100), 0x1001) ioctl$SIOCSIFHWADDR(r2, 0x4030582b, &(0x7f0000000280)={'lo\x00', @link_local={0x1, 0x80, 0xc2, 0xc}}) 2.617177401s ago: executing program 2 (id=2684): r0 = gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) r1 = eventfd(0x0) r2 = fcntl$dupfd(r1, 0x0, r1) write$FUSE_ATTR(r2, &(0x7f0000000240)={0x78, 0xfffffffffffffffe}, 0x78) write$cgroup_devices(r2, &(0x7f0000000380)=ANY=[@ANYBLOB='b *:\n'], 0x8) close(r2) openat$full(0xffffffffffffff9c, &(0x7f00000000c0), 0x100582, 0x0) rt_sigreturn() timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x77359400}, {0x0, 0x3938700}}, 0x0) openat$incfs(0xffffffffffffffff, &(0x7f0000000080)='.pending_reads\x00', 0x0, 0x0) syz_mount_image$fuse(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) recvmsg(r3, &(0x7f0000000000)={&(0x7f0000000080)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x80, 0x0}, 0x0) close(r4) 2.298172947s ago: executing program 0 (id=2685): socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) syz_usb_connect$uac1(0x0, 0xa4, &(0x7f0000000140)=ANY=[@ANYBLOB="2a01000020000040b708000000000000030109029200030172e5000904000000010100000a24010000000201020c0d24070000030769dc000049c40c240000e9fffff5ffffffff092403130001000502", @ANYRES8=r0, @ANYBLOB="05"], 0x0) 2.114823843s ago: executing program 3 (id=2687): r0 = socket(0x10, 0x3, 0x0) bind$netlink(r0, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc) write(r0, &(0x7f0000000140)="2600000022004701050000070000000000000020002b1f000a4a51f1ee839cd53400b017ca5b", 0x26) connect$netlink(r0, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000b4bffc), 0x4) sendmsg$nl_route_sched(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000300)={0x0}}, 0x54) 2.040399557s ago: executing program 3 (id=2688): syz_mount_image$erofs(&(0x7f0000000100), &(0x7f0000000080)='./bus\x00', 0xe, &(0x7f0000000580)=ANY=[@ANYBLOB="757365725f78617474722c6e6f61636c2c6e6f757365725f78617474722c6e6f61636c2c009e77125edfdd8b7f26f978fb221ef77be26bfe7022a7adc6b044441a4cb7a2c08a31ec648f8bb4f6a28ba4c6182c40b98ddeb41d32ffefb91485c8874febb6ea850e3057bfb577c1258ed47e19e64d990d29c98d45a75b3cf3e006023b17c74abfb986ab4a9aaa22b51e70a3b67e0c82bd72dfffca0ae9c6466810c6afd6bd6641a24c2aca8168333b78c85b02aa200b50a5edf96845eb3e435d31bc7e8853bdbd2303e828dded9f5d74634889d7dafd6c85bd0dad3b11632caf06fd7af00366d890f3fa3f01d96dea001c0f6cee6526494c4ee99c5c"], 0x3, 0x1bf, &(0x7f0000000680)="$eJzslb+LE0EUx78zu9kYsdBWBAUDxsLN7kZFEMEUksJG8Bc2YjBriG6MJCuYgBhLK/8G/wSxt7K1E2xVEGwsr55jZt/dziWXX3C5O7j3KV6+M/My82Z29ztgGObI8uf3xq+3H/6eksC4hDKK1P/PyXOkld//fLty5nsj/Pr42/WfXxo/Juc7B0Cp5deXgHpXd5BSW6md/y7T7z1IlFEy+j4kLlL/Qwj4pJ9A4gHpGAKPSD+3dE/n+/6zThL7T3tJS4tAh1CHSIeavb4L4P97gZZVn7DGB8PRi2aSxP1p4c0eWk3MOz9TX13iBqDokSn7eW2dTWDOLyOEREi6BoG7pK+hSGdjZnh9gvr1/k+7+f6d5fa/l6KgX715OR/Xt7qLfdggiwUC40wUkQ/J6dfvGICDLnVZob+fQ1DGmkTuT+qTwAXLP13LP6pp99XNwXB0qdNttuN2/DKKaleDy0FwJaoab87iHP8rGX86bs1fmJHrCQ9vmmnaD7O43Y6yuJvjesb/JCrns7agPhtzH5wU+upDxaE2cUtlTNaywhXJMAzDMAzDMAzDMAzDMAxDnIWAWkx0x2RvBgAA//8ZNXTH") ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.current\x00', 0x275a, 0x0) ioctl$SIOCSIFHWADDR(r0, 0x40305839, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0x1, 0x5, 0x2, 0x4}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = socket$netlink(0x10, 0x3, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='sched_kthread_stop\x00', r2}, 0x10) sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) 1.797446147s ago: executing program 3 (id=2689): openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/address_bits', 0x0, 0x0) 1.722057651s ago: executing program 3 (id=2690): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0xfffc, @dev}], 0x10) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000040), 0x0) sendmmsg$inet6(r0, &(0x7f000000cf00)=[{{&(0x7f00000084c0)={0xa, 0xfffc, 0x0, @loopback}, 0x1c, &(0x7f0000008900)=[{0x0}], 0x1}}], 0x1, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r2, 0x7a7, &(0x7f0000000040)=0x90000) socket(0x10, 0x3, 0x0) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r3, 0xc0502100, &(0x7f0000000380)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_SEND(r3, 0xc0182101, &(0x7f0000000180)={r4}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r3, 0xc0502100, &(0x7f00000004c0)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r3, 0x40182103, &(0x7f0000000080)={r5, 0x3, r3, 0x5}) ioperm(0xfffffffffffffffd, 0xfffc, 0x0) futex(0x0, 0x6, 0x0, &(0x7f00000000c0), 0x0, 0x0) socket(0x18, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x7) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r6, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c0000001000010700000000000000000a00000006e54adcd00c6429"], 0x1c}}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) 1.540056917s ago: executing program 2 (id=2691): syz_emit_ethernet(0xc2, &(0x7f0000000000)=ANY=[@ANYBLOB="195df410d42477b6d4f11b3286dd60aac4e0004c3c00fe80000000000000cd178aff000000bbfe8000000000000000000000000000aa73"], 0x0) 1.498892849s ago: executing program 4 (id=2692): gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21}, &(0x7f0000bbdffc)) r0 = signalfd(0xffffffffffffffff, &(0x7f0000000000), 0x8) readv(r0, 0x0, 0x0) close(r0) openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) rt_sigreturn() poll(0x0, 0x0, 0x64) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) write$binfmt_script(r2, &(0x7f0000000340), 0xffffff46) dup3(r2, r1, 0x0) sendmsg$netlink(r1, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000ec0)=[{&(0x7f0000001340)={0x10}, 0x10}], 0x1}, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x8}, {0x0, 0x989680}}, 0x0) 1.322179618s ago: executing program 2 (id=2693): setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000000080)=@broute={'broute\x00', 0x20, 0x2, 0x230, [], 0x0, 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000050000000000000000000000000000feffffff0100000003"]}, 0xa9) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000400)=ANY=[], 0x8) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000240)='bridge0\x00', 0x10) write(r0, &(0x7f00000000c0)="8f2a0a65bd8c002b0304000e0580a7b6070d63e286a5cefe", 0x5ac) 1.241091573s ago: executing program 2 (id=2694): openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r0 = syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_SETCRTC(r0, 0xc06864a2, &(0x7f00000008c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "d20bddda7d1db9342de76eec7967fe97751f13a23aeaacb0565c1c2251560ed1"}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$TIPC_CMD_SET_NODE_ADDR(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x1c, r2, 0x201, 0x0, 0x0, {{}, {}, {0x8}}}, 0x24}}, 0x0) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) shmctl$SHM_STAT(0x0, 0xd, &(0x7f0000000000)=""/252) r6 = syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0) r7 = syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r7, 0xc04064a0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000940)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r7, 0xc05064a7, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000008c0)=[0x0, 0x0], &(0x7f0000000900), 0x0, 0x2, 0x0, 0x0, r8}) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r6, 0xc04064a0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) bind$netlink(0xffffffffffffffff, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(0xffffffffffffffff, 0x10e, 0x2, 0x0, 0x0) ioctl$DRM_IOCTL_MODE_SETPROPERTY(r0, 0xc01064ab, &(0x7f0000000240)={0x0, r9, r10}) 507.937211ms ago: executing program 3 (id=2695): ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) ioctl$TUNSETLINK(0xffffffffffffffff, 0x400454cd, 0x306) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x13, &(0x7f0000000380)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c1300000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000048aa5e6c85000000040000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000000)={r0}, 0xc) 78.100137ms ago: executing program 2 (id=2696): r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ip_tables_matches\x00') ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r0, 0x404c534a, &(0x7f0000000440)={0xc0, 0x0, 0x8}) syz_io_uring_setup(0xd79, &(0x7f00000035c0), 0x0, 0x0) socket$inet_sctp(0x2, 0x5, 0x84) socket(0x18, 0x0, 0x0) socket$packet(0x11, 0x3, 0x300) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_route(0x10, 0x3, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) socket(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8}, 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) signalfd4(0xffffffffffffffff, &(0x7f00000000c0), 0x8, 0x0) socket$inet6(0x10, 0x3, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r4}, &(0x7f0000000240), &(0x7f00000003c0)=r6}, 0x20) pipe(&(0x7f00000004c0)) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r5, r2, 0x25, 0x2, @val=@tcx}, 0x40) syz_emit_ethernet(0x2a, &(0x7f0000000300)={@dev, @local, @val, {@ipv4={0x800, @generic={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @remote}}}}}, 0x0) 50.679507ms ago: executing program 3 (id=2697): r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000240)) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x1, 0x1, 0x0, &(0x7f0000000700)=""/4096, &(0x7f0000000480)=""/255}) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x1, r2}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) syz_emit_vhci(&(0x7f0000000340)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x4b}, @l2cap_cid_signaling={{0x47}, [@l2cap_info_rsp={{0xb, 0x3, 0x8}, {0x0, 0x400, "aef7d7a4"}}, @l2cap_move_chan_cfm={{0x10, 0x2, 0x4}, {0xfffa, 0x800}}, @l2cap_disconn_rsp={{0x7, 0x8, 0x4}, {0x1, 0xfbff}}, @l2cap_move_chan_req={{0xe, 0xe1, 0x3}, {0x3f, 0x3}}, @l2cap_disconn_rsp={{0x7, 0x0, 0x4}, {0xad, 0x401}}, @l2cap_conf_rsp={{0x5, 0x6, 0xa}, {0xfff8, 0x9f51, 0x8, [@l2cap_conf_flushto={0x2, 0x2, 0x3ff}]}}, @l2cap_info_req={{0xa, 0x1, 0x2}, {0x2}}, @l2cap_move_chan_cfm={{0x10, 0xf9, 0x4}, {0x6, 0x1}}]}}, 0x50) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_PIT2(r4, 0x4040ae77, &(0x7f0000000040)) add_key$fscrypt_v1(&(0x7f0000000040), 0x0, 0x0, 0x0, 0xfffffffffffffffd) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_PIT(r4, 0x8048ae66, &(0x7f0000000080)={[{0x5, 0x0, 0xd2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x10, 0x40, 0x0, 0x0, 0x7, 0xfffffffffffffffd}]}) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc(&(0x7f0000000800), 0xffffffffffffffff) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000003c0)={[0x0, 0x0, 0x0, 0xbc7, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0xb1b2350], 0x0, 0x202}) ioctl$KVM_SET_PIT2(r4, 0x4070aea0, &(0x7f0000000240)={[{0x0, 0x0, 0x0, 0x40, 0x1, 0x0, 0x0, 0x0, 0x3, 0x5}, {0x0, 0x0, 0x0, 0x0, 0xfe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc1}, {0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}], 0xfffffffc}) ioctl$KVM_RUN(r5, 0xae80, 0x0) r6 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TUNSETLINK(0xffffffffffffffff, 0x400454cd, 0x301) close(r6) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) ppoll(&(0x7f0000000280)=[{}, {}], 0x53, &(0x7f00000002c0), 0x0, 0x0) 0s ago: executing program 0 (id=2698): r0 = socket(0x10, 0x3, 0x0) bind$netlink(r0, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc) write(r0, &(0x7f0000000140)="2600000022004701050000070000000000000020002b1f000a4a51f1ee839cd53400b017ca5b", 0x26) connect$netlink(r0, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000b4bffc), 0x4) sendmsg$nl_route_sched(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000300)={0x0}}, 0x54) kernel console output (not intermixed with test programs): e newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 362.121163][ T9494] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 362.139976][ T9494] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 362.151736][ T9494] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 362.176104][ T9494] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 362.196255][ T9494] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 362.224480][ T5149] usb 2-1: Using ep0 maxpacket: 16 [ 362.257119][ T5149] usb 2-1: config 0 has an invalid descriptor of length 28, skipping remainder of the config [ 362.279617][ T5149] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 362.296256][ T9494] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 362.338009][ T5149] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 191 [ 362.356138][ T9494] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 362.396200][ T9494] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 362.407630][ T5149] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 362.441064][ T9494] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 362.457444][ T5149] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 362.476107][ T5149] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 362.484518][ T9494] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 362.507474][ T5149] usb 2-1: Manufacturer: syz [ 362.513463][ T9494] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 362.525830][ T5149] usb 2-1: config 0 descriptor?? [ 362.539362][ T9494] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 362.556445][ T9494] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 362.577686][ T9494] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 362.596134][ T9494] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 362.657138][ T9494] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 362.684755][ T9494] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 362.750726][ T9494] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 362.778347][ T9494] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 362.796167][ T9494] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 362.806536][ T9494] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 362.934934][ T5149] rc_core: IR keymap rc-hauppauge not found [ 362.956397][ T5149] Registered IR keymap rc-empty [ 362.985644][ T5149] mceusb 2-1:0.0: Error: mce write urb status = -71 [ 363.016734][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 363.028208][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 363.039702][ T5149] mceusb 2-1:0.0: Error: mce write urb status = -71 [ 363.097072][ T5149] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0 [ 363.124894][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 363.136354][ T5149] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input17 [ 363.153563][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 363.184821][ T5149] mceusb 2-1:0.0: Error: mce write urb status = -71 [ 363.254638][ T5149] mceusb 2-1:0.0: Error: mce write urb status = -71 [ 363.296399][ T5149] mceusb 2-1:0.0: Error: mce write urb status = -71 [ 363.346971][ T5149] mceusb 2-1:0.0: Error: mce write urb status = -71 [ 363.382218][ T9642] loop0: detected capacity change from 0 to 32768 [ 363.413658][ T9642] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.1252 (9642) [ 363.658923][ T5149] mceusb 2-1:0.0: Error: mce write urb status = -71 [ 363.678362][ T9642] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 363.706172][ T5149] mceusb 2-1:0.0: Error: mce write urb status = -71 [ 363.710894][ T9642] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 363.780533][ T9642] BTRFS info (device loop0): using free-space-tree [ 364.394944][ T9674] loop3: detected capacity change from 0 to 512 [ 364.456280][ T9674] EXT4-fs: Ignoring removed mblk_io_submit option [ 364.466977][ T5149] mceusb 2-1:0.0: Error: mce write urb status = -71 [ 364.498922][ T5149] mceusb 2-1:0.0: Error: mce write urb status = -71 [ 364.506163][ T9674] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 364.548297][ T5149] mceusb 2-1:0.0: Error: mce write urb status = -71 [ 364.577139][ T5149] mceusb 2-1:0.0: Error: mce write urb status = -71 [ 364.622848][ T9674] EXT4-fs (loop3): 1 truncate cleaned up [ 364.642926][ T5149] mceusb 2-1:0.0: Registered Ø‹ with mce emulator interface version 1 [ 364.677869][ T9674] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 364.697028][ T8874] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 364.716944][ T5149] mceusb 2-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 364.753574][ T5149] usb 2-1: USB disconnect, device number 10 [ 364.770882][ T9680] overlayfs: failed to get inode (-116) [ 365.014627][ T7996] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 365.346929][ T5107] Bluetooth: hci0: command 0x2016 tx timeout [ 365.568542][ C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 365.993297][ T5108] Bluetooth: hci1: command 0x0406 tx timeout [ 366.678127][ T5147] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 367.107384][ T5147] usb 1-1: Using ep0 maxpacket: 16 [ 367.476690][ T5108] Bluetooth: hci0: command 0x2016 tx timeout [ 367.891163][ T5147] usb 1-1: config 0 has an invalid descriptor of length 28, skipping remainder of the config [ 367.906513][ T5147] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 367.918973][ T5147] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 191 [ 367.928994][ T5147] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 367.943709][ T5147] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 367.975154][ T5147] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 367.985925][ T5147] usb 1-1: Manufacturer: syz [ 367.995232][ T5147] usb 1-1: config 0 descriptor?? [ 368.426205][ T5147] rc_core: IR keymap rc-hauppauge not found [ 368.448821][ T5147] Registered IR keymap rc-empty [ 368.479534][ T5147] mceusb 1-1:0.0: Error: mce write urb status = -71 [ 368.536642][ T5147] mceusb 1-1:0.0: Error: mce write urb status = -71 [ 368.597190][ T5147] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0 [ 368.638009][ T5147] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input18 [ 368.690755][ T5147] mceusb 1-1:0.0: Error: mce write urb status = -71 [ 368.770065][ T5147] mceusb 1-1:0.0: Error: mce write urb status = -71 [ 368.831781][ T5147] mceusb 1-1:0.0: Error: mce write urb status = -71 [ 368.887126][ T5147] mceusb 1-1:0.0: Error: mce write urb status = -71 [ 368.957262][ T5147] mceusb 1-1:0.0: Error: mce write urb status = -71 [ 369.006538][ T5147] mceusb 1-1:0.0: Error: mce write urb status = -71 [ 369.077944][ T5147] mceusb 1-1:0.0: Error: mce write urb status = -71 [ 369.136563][ T5147] mceusb 1-1:0.0: Error: mce write urb status = -71 [ 369.174334][ T5147] mceusb 1-1:0.0: Error: mce write urb status = -71 [ 369.234421][ T5147] mceusb 1-1:0.0: Error: mce write urb status = -71 [ 369.298357][ T5147] mceusb 1-1:0.0: Registered Ø‹ with mce emulator interface version 1 [ 369.336310][ T5147] mceusb 1-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 369.370018][ T5147] usb 1-1: USB disconnect, device number 11 [ 370.148598][ T5108] Bluetooth: hci3: command 0x0406 tx timeout [ 370.344299][ T29] audit: type=1804 audit(1719857805.741:166): pid=9776 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.1286" name="/root/syzkaller.DpKYbq/7/bus" dev="sda1" ino=2001 res=1 errno=0 [ 370.721846][ T9786] misc userio: No port type given on /dev/userio [ 370.849382][ T5098] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 372.230117][ T5108] Bluetooth: hci3: command 0x0406 tx timeout [ 373.666912][ T5154] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 373.890909][ T5154] usb 4-1: Using ep0 maxpacket: 32 [ 373.922141][ T5154] usb 4-1: New USB device found, idVendor=0545, idProduct=8080, bcdDevice= 3.01 [ 373.946128][ T5154] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 373.981717][ T5154] usb 4-1: config 0 descriptor?? [ 374.017216][ T5154] gspca_main: xirlink-cit-2.14.0 probing 0545:8080 [ 374.048601][ T5154] input: xirlink-cit as /devices/platform/dummy_hcd.3/usb4/4-1/input/input19 [ 374.269223][ T9852] vlan2: entered promiscuous mode [ 374.439960][ T5154] usb 4-1: USB disconnect, device number 9 [ 374.984157][ T9872] loop4: detected capacity change from 0 to 4096 [ 375.031097][ T5108] Bluetooth: hci6: command tx timeout [ 375.031304][ T9872] ntfs3: loop4: Different NTFS sector size (4096) and media sector size (512). [ 375.198180][ T9872] ntfs3: loop4: Mark volume as dirty due to NTFS errors [ 376.970260][ T9873] loop1: detected capacity change from 0 to 32768 [ 377.106664][ T5098] Bluetooth: hci6: command 0x0406 tx timeout [ 377.136597][ T9873] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 377.271568][ T9873] XFS (loop1): Ending clean mount [ 377.368593][ T9873] XFS (loop1): Quotacheck needed: Please wait. [ 378.136225][ T5098] Bluetooth: hci5: command 0x2016 tx timeout [ 378.882435][ T9873] XFS (loop1): Quotacheck: Done. [ 378.957674][ T9080] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 379.290815][ T1251] ieee802154 phy1 wpan1: encryption failed: -22 [ 380.226300][ T5098] Bluetooth: hci5: command 0x2016 tx timeout [ 380.765203][ T9940] loop1: detected capacity change from 0 to 4096 [ 380.795574][ T9940] ntfs3: loop1: Different NTFS sector size (4096) and media sector size (512). [ 380.908328][ T9940] ntfs3: loop1: Mark volume as dirty due to NTFS errors [ 381.296143][ T5145] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 381.505375][ T5145] usb 4-1: New USB device found, idVendor=0c45, idProduct=62b0, bcdDevice=46.75 [ 381.537241][ T5145] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 381.551588][ T5145] usb 4-1: config 0 descriptor?? [ 381.574561][ T5145] gspca_main: gspca_sn9c20x-2.14.0 probing 0c45:62b0 [ 381.696751][ T9968] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1354'. [ 381.987375][ T5145] gspca_sn9c20x: Write register 1001 failed -71 [ 382.022543][ T5145] gspca_sn9c20x: Device initialization failed [ 382.041882][ T5145] gspca_sn9c20x 4-1:0.0: probe with driver gspca_sn9c20x failed with error -71 [ 382.064763][ T5145] usb 4-1: USB disconnect, device number 10 [ 382.285141][ T9954] loop4: detected capacity change from 0 to 32768 [ 382.350878][ T9954] XFS (loop4): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 382.428482][ T9954] XFS (loop4): Ending clean mount [ 382.458736][ T9954] XFS (loop4): Quotacheck needed: Please wait. [ 382.561293][ T9954] XFS (loop4): Quotacheck: Done. [ 382.721041][ T9494] XFS (loop4): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 382.730683][ T5147] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 382.956082][ T5147] usb 3-1: Using ep0 maxpacket: 16 [ 383.021494][ T5147] usb 3-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=9c.15 [ 383.046077][ T5147] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 383.083841][ T5147] usb 3-1: Product: syz [ 383.117409][ T5147] usb 3-1: Manufacturer: syz [ 383.137035][ T5147] usb 3-1: SerialNumber: syz [ 383.192065][ T5147] usb 3-1: config 0 descriptor?? [ 383.233990][ T5147] ssu100 3-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected [ 383.926068][ T5177] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 384.043142][ T5147] ssu100 3-1:0.0: probe with driver ssu100 failed with error -71 [ 384.058781][ T5147] usb 3-1: USB disconnect, device number 10 [ 384.134535][ T5177] usb 1-1: New USB device found, idVendor=0c45, idProduct=62b0, bcdDevice=46.75 [ 384.156467][ T5177] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 384.182496][ T5177] usb 1-1: config 0 descriptor?? [ 384.191546][ T5177] gspca_main: gspca_sn9c20x-2.14.0 probing 0c45:62b0 [ 384.621618][ T5177] gspca_sn9c20x: Write register 1001 failed -71 [ 384.635993][ T5177] gspca_sn9c20x: Device initialization failed [ 384.646003][ T5177] gspca_sn9c20x 1-1:0.0: probe with driver gspca_sn9c20x failed with error -71 [ 384.671494][ T5177] usb 1-1: USB disconnect, device number 12 [ 385.916148][ T5146] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 386.134301][ T5146] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 0, changing to 7 [ 386.156290][ T5146] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xFF has invalid wMaxPacketSize 0 [ 386.166739][ T5146] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 386.194132][ T5146] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 386.228076][ T5146] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 386.248551][ T5146] usb 1-1: config 0 descriptor?? [ 386.690244][ T5146] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0 [ 386.738770][ T5146] plantronics 0003:047F:FFFF.0007: No inputs registered, leaving [ 386.780439][ T5146] plantronics 0003:047F:FFFF.0007: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 387.106219][ T5177] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 387.338327][ T5177] usb 2-1: New USB device found, idVendor=0c45, idProduct=62b0, bcdDevice=46.75 [ 387.349237][ T5177] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 387.378771][ T5177] usb 2-1: config 0 descriptor?? [ 387.388033][ T5177] gspca_main: gspca_sn9c20x-2.14.0 probing 0c45:62b0 [ 387.596325][ T5177] gspca_sn9c20x: Write register 1000 failed -71 [ 387.625239][ T5177] gspca_sn9c20x: Device initialization failed [ 387.642101][ T5177] gspca_sn9c20x 2-1:0.0: probe with driver gspca_sn9c20x failed with error -71 [ 387.666774][ T5177] usb 2-1: USB disconnect, device number 11 [ 388.228710][ T5146] usb 1-1: reset high-speed USB device number 13 using dummy_hcd [ 389.115298][ T5147] usb 1-1: USB disconnect, device number 13 [ 389.983044][T10173] binder: 10172:10173 ioctl c0306201 20000380 returned -14 [ 390.406201][ T5149] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 390.626613][ T5149] usb 2-1: Using ep0 maxpacket: 8 [ 390.639739][ T5149] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 390.676038][ T5149] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 390.685453][ T5149] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 390.714391][ T5149] usb 2-1: Product: syz [ 390.735581][ T5149] usb 2-1: Manufacturer: syz [ 390.756144][ T5149] usb 2-1: SerialNumber: syz [ 391.008575][ T5146] usb 2-1: USB disconnect, device number 12 [ 391.896152][T10257] raw_sendmsg: syz.2.1468 forgot to set AF_INET. Fix it! [ 401.394279][ T5098] Bluetooth: hci6: Ignoring HCI_Connection_Complete for existing connection [ 404.460884][T10578] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1603'. [ 404.703757][ T5108] Bluetooth: hci5: Ignoring HCI_Connection_Complete for existing connection [ 407.329146][T10670] binder: 10669:10670 ioctl 400c620e 200000c0 returned -22 [ 409.776269][ T5149] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 409.896400][ T5177] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 409.982128][ T5149] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 410.021434][ T5149] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 410.058367][ T5149] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 410.077958][ T5149] usb 5-1: New USB device found, idVendor=056a, idProduct=0043, bcdDevice= 0.00 [ 410.096416][ T5149] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 410.110116][ T5177] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 0, changing to 7 [ 410.122711][ T5177] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xFF has invalid wMaxPacketSize 0 [ 410.137618][ T5149] usb 5-1: config 0 descriptor?? [ 410.169184][ T5177] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 410.201514][T10783] netlink: 'syz.3.1688': attribute type 12 has an invalid length. [ 410.210431][T10783] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.1688'. [ 410.221230][ T5177] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 410.247332][ T5177] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 410.271075][ T5177] usb 2-1: config 0 descriptor?? [ 410.582605][ T5149] wacom 0003:056A:0043.0008: Unknown device_type for 'HID 056a:0043'. Assuming pen. [ 410.640165][ T5149] wacom 0003:056A:0043.0008: hidraw0: USB HID v0.00 Device [HID 056a:0043] on usb-dummy_hcd.4-1/input0 [ 410.659298][ T5149] input: Wacom Intuos2 9x12 Pen as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:056A:0043.0008/input/input20 [ 410.701131][ T5177] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0 [ 410.724720][ T5177] plantronics 0003:047F:FFFF.0009: No inputs registered, leaving [ 410.746303][ T5177] plantronics 0003:047F:FFFF.0009: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 410.889824][T10756] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 410.927550][T10756] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 411.027757][ T5177] usb 2-1: USB disconnect, device number 13 [ 411.045670][ T5149] usb 5-1: USB disconnect, device number 13 [ 412.502091][ T6802] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 412.740671][ T6802] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 412.884082][ T6802] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 413.097932][ T6802] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 413.296643][ T5146] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 413.355737][ T5098] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 413.387010][ T5098] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 413.396680][ T5098] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 413.410771][ T5098] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 413.419444][ T5098] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 413.440135][ T5098] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 413.474908][ T6802] bridge_slave_1: left allmulticast mode [ 413.486695][ T6802] bridge_slave_1: left promiscuous mode [ 413.492562][ T6802] bridge0: port 2(bridge_slave_1) entered disabled state [ 413.503526][ T6802] bridge_slave_0: left allmulticast mode [ 413.512598][ T6802] bridge_slave_0: left promiscuous mode [ 413.519165][ T6802] bridge0: port 1(bridge_slave_0) entered disabled state [ 413.534077][ T5146] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 0, changing to 7 [ 413.550897][ T5146] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xFF has invalid wMaxPacketSize 0 [ 413.561372][ T5146] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 413.580408][ T5146] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 413.603248][ T5146] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 413.649684][ T5146] usb 1-1: config 0 descriptor?? [ 414.289084][ T5146] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0 [ 414.307362][ T5146] plantronics 0003:047F:FFFF.000A: No inputs registered, leaving [ 414.318809][ T5146] plantronics 0003:047F:FFFF.000A: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 414.335040][ T5146] usb 1-1: USB disconnect, device number 14 [ 414.439217][T10851] netlink: 'syz.2.1718': attribute type 12 has an invalid length. [ 414.448942][T10851] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.1718'. [ 415.278993][ T6802] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 415.301512][ T6802] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 415.322802][ T6802] bond0 (unregistering): Released all slaves [ 415.499361][T10869] capability: warning: `syz.1.1726' uses 32-bit capabilities (legacy support in use) [ 415.523537][ T5108] Bluetooth: hci0: command tx timeout [ 416.046695][ T6802] hsr_slave_0: left promiscuous mode [ 416.093451][ T6802] hsr_slave_1: left promiscuous mode [ 416.104044][ T6802] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 416.136576][ T6802] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 416.163396][ T6802] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 416.182870][ T6802] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 416.296600][ T6802] veth1_macvtap: left promiscuous mode [ 416.306429][ T6802] veth0_macvtap: left promiscuous mode [ 416.323259][ T6802] veth1_vlan: left promiscuous mode [ 416.333654][ T6802] veth0_vlan: left promiscuous mode [ 417.598481][ T5108] Bluetooth: hci0: command tx timeout [ 417.767448][ T5177] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 418.015307][ T5177] usb 4-1: New USB device found, idVendor=0c45, idProduct=62b0, bcdDevice=46.75 [ 418.029042][ T5177] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 418.043679][ T5177] usb 4-1: config 0 descriptor?? [ 418.075317][ T5177] gspca_main: gspca_sn9c20x-2.14.0 probing 0c45:62b0 [ 418.105218][T10928] netlink: 'syz.1.1743': attribute type 12 has an invalid length. [ 418.113696][T10928] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.1743'. [ 418.311403][ T5177] gspca_sn9c20x: Write register 1000 failed -71 [ 418.325983][ T5177] gspca_sn9c20x: Device initialization failed [ 418.343348][ T5177] gspca_sn9c20x 4-1:0.0: probe with driver gspca_sn9c20x failed with error -71 [ 418.377475][ T5177] usb 4-1: USB disconnect, device number 11 [ 419.003929][ T6802] team0 (unregistering): Port device team_slave_1 removed [ 419.786346][ T5108] Bluetooth: hci0: command tx timeout [ 420.092581][ T6802] team0 (unregistering): Port device team_slave_0 removed [ 421.826101][ T5108] Bluetooth: hci0: command tx timeout [ 423.350302][T10831] chnl_net:caif_netlink_parms(): no params data found [ 423.616475][T11002] netlink: 'syz.2.1771': attribute type 12 has an invalid length. [ 423.624756][T11002] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.1771'. [ 424.160994][T10831] bridge0: port 1(bridge_slave_0) entered blocking state [ 424.185873][T10831] bridge0: port 1(bridge_slave_0) entered disabled state [ 424.194825][T10831] bridge_slave_0: entered allmulticast mode [ 424.224847][T10831] bridge_slave_0: entered promiscuous mode [ 424.293931][T10831] bridge0: port 2(bridge_slave_1) entered blocking state [ 424.306164][T10831] bridge0: port 2(bridge_slave_1) entered disabled state [ 424.314551][T10831] bridge_slave_1: entered allmulticast mode [ 424.355732][T10831] bridge_slave_1: entered promiscuous mode [ 425.338550][T10831] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 425.418828][T10831] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 425.656157][ T6802] team0: left allmulticast mode [ 425.661191][ T6802] team_slave_0: left allmulticast mode [ 425.676109][ T6802] team_slave_1: left allmulticast mode [ 425.683874][ T6802] team0: left promiscuous mode [ 425.704558][ T6802] team_slave_0: left promiscuous mode [ 425.724206][ T6802] team_slave_1: left promiscuous mode [ 425.731510][ T6802] bridge0: port 4(team0) entered disabled state [ 425.752546][ T6802] bridge_slave_1: left allmulticast mode [ 425.764383][ T6802] bridge_slave_1: left promiscuous mode [ 425.774131][ T6802] bridge0: port 2(bridge_slave_1) entered disabled state [ 425.794340][ T6802] bridge_slave_0: left allmulticast mode [ 425.811322][ T6802] bridge_slave_0: left promiscuous mode [ 425.821567][ T6802] bridge0: port 1(bridge_slave_0) entered disabled state [ 425.910157][ T6802] bridge0: left allmulticast mode [ 425.915729][ T6802] bridge0: left promiscuous mode [ 426.928987][ T6802] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 426.947197][ T6802] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 426.960450][ T6802] bond0 (unregistering): Released all slaves [ 427.091892][T10831] team0: Port device team_slave_0 added [ 427.130601][T10831] team0: Port device team_slave_1 added [ 427.416984][T10831] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 427.427167][ T5108] Bluetooth: hci5: command 0x2016 tx timeout [ 427.442738][T10831] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 427.486085][T10831] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 427.607276][T10831] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 427.626424][T10831] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 427.694752][T10831] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 428.023735][T10831] hsr_slave_0: entered promiscuous mode [ 428.128596][T10831] hsr_slave_1: entered promiscuous mode [ 428.140818][T10831] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 428.160379][T10831] Cannot create hsr debugfs directory [ 428.228189][ T6802] hsr_slave_0: left promiscuous mode [ 428.248848][ T6802] hsr_slave_1: left promiscuous mode [ 428.256498][ T6802] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 428.277209][ T6802] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 428.299665][ T6802] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 428.317412][ T6802] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 428.324762][T11118] serio: Serial port pts0 [ 428.383652][ T6802] veth1_macvtap: left promiscuous mode [ 428.391163][ T6802] veth0_macvtap: left promiscuous mode [ 428.397389][ T6802] veth1_vlan: left promiscuous mode [ 428.403220][ T6802] veth0_vlan: left promiscuous mode [ 429.551789][T11138] loop3: detected capacity change from 0 to 32768 [ 429.705710][T11138] bcachefs (loop3): mounting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,noshard_inode_numbers,noinodes_use_key_cache,gc_reserve_bytes=512 GiB,nojournal_transaction_names [ 429.746503][T11138] bcachefs (loop3): recovering from clean shutdown, journal seq 8 [ 429.755494][T11138] bcachefs (loop3): Doing compatible version upgrade from 1.7: mi_btree_bitmap to 1.9: disk_accounting_v2 [ 429.755494][T11138] running recovery passes: check_allocations [ 429.847588][T11138] bcachefs (loop3): accounting_read... done [ 429.853682][T11138] bcachefs (loop3): alloc_read... done [ 429.867726][T11138] bcachefs (loop3): stripes_read... done [ 429.873964][T11138] bcachefs (loop3): snapshots_read... done [ 429.882887][T11138] bcachefs (loop3): check_allocations... [ 429.885012][T11138] btree ptr not marked in member info btree allocated bitmap [ 429.885038][T11138] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 56308231fb2a3a03 written 24 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0, shutting down [ 429.899003][ T6802] team0 (unregistering): Port device team_slave_1 removed [ 429.926271][T11138] bcachefs (loop3): inconsistency detected - emergency read only at journal seq 8 [ 429.935681][T11138] bcachefs (loop3): bch2_gc_mark_key(): error fsck_errors_not_fixed [ 429.944312][T11138] bcachefs (loop3): bch2_gc_btree(): error fsck_errors_not_fixed [ 429.955355][T11138] bcachefs (loop3): bch2_gc_btrees(): error fsck_errors_not_fixed [ 429.963423][T11138] bcachefs (loop3): bch2_check_allocations(): error fsck_errors_not_fixed [ 429.972604][T11138] bcachefs (loop3): bch2_fs_recovery(): error fsck_errors_not_fixed [ 429.980919][T11138] bcachefs (loop3): bch2_fs_start(): error starting filesystem fsck_errors_not_fixed [ 429.991018][T11138] bcachefs (loop3): shutting down [ 430.021784][T11138] bcachefs (loop3): shutdown complete [ 430.060730][ T6802] team0 (unregistering): Port device team_slave_0 removed [ 431.748923][T11173] serio: Serial port pts0 [ 432.190334][T11189] serio: Serial port pts1 [ 432.206200][ T59] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 432.397391][ T59] usb 1-1: Using ep0 maxpacket: 16 [ 432.416223][ T59] usb 1-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0 [ 432.451402][ T59] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 432.506252][ T59] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 432.544973][ T59] usb 1-1: SerialNumber: syz [ 432.586551][T11180] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 432.712807][T10831] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 432.754300][T10831] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 432.787477][T10831] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 432.823604][T10831] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 433.148979][T10831] 8021q: adding VLAN 0 to HW filter on device bond0 [ 433.199629][T10831] 8021q: adding VLAN 0 to HW filter on device team0 [ 433.234392][ T5149] bridge0: port 1(bridge_slave_0) entered blocking state [ 433.241782][ T5149] bridge0: port 1(bridge_slave_0) entered forwarding state [ 433.314824][ T5145] bridge0: port 2(bridge_slave_1) entered blocking state [ 433.322177][ T5145] bridge0: port 2(bridge_slave_1) entered forwarding state [ 434.477705][ T5147] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 434.534206][T10831] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 434.659936][ T59] cdc_ether 1-1:1.0: probe with driver cdc_ether failed with error -22 [ 434.676508][ T5147] usb 3-1: Using ep0 maxpacket: 16 [ 434.693074][ T5147] usb 3-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=9c.15 [ 434.728072][ T59] usb 1-1: USB disconnect, device number 15 [ 434.742812][ T5147] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 434.765700][ T5147] usb 3-1: Product: syz [ 434.770306][ T5147] usb 3-1: Manufacturer: syz [ 434.775093][ T5147] usb 3-1: SerialNumber: syz [ 434.794840][ T5147] usb 3-1: config 0 descriptor?? [ 434.814195][ T5147] ssu100 3-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected [ 435.201647][T10831] veth0_vlan: entered promiscuous mode [ 435.253272][T10831] veth1_vlan: entered promiscuous mode [ 435.329504][T10831] veth0_macvtap: entered promiscuous mode [ 435.377051][T10831] veth1_macvtap: entered promiscuous mode [ 435.418369][T10831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 435.666920][ T5147] ssu100 3-1:0.0: probe with driver ssu100 failed with error -71 [ 435.727264][T10831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 435.866165][ T5147] usb 3-1: USB disconnect, device number 11 [ 435.922079][T10831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 436.126016][T10831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 436.167030][T10831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 436.220220][T10831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 436.245681][T10831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 436.275029][T10831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 436.314837][T10831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 436.345817][T10831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 436.384000][T10831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 436.435503][T10831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 436.491382][T10831] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 436.637915][T10831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 436.678445][T10831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 436.716463][T10831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 436.730073][T11274] serio: Serial port pts0 [ 436.742490][T10831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 436.774893][T10831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 436.819468][T10831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 436.852940][T10831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 436.890803][T10831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 436.956557][T10831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 436.991786][T10831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 437.042105][T10831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 437.077539][T10831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 437.121533][T10831] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 437.158900][ T6939] bridge_slave_1: left allmulticast mode [ 437.170652][ T6939] bridge_slave_1: left promiscuous mode [ 437.192999][ T6939] bridge0: port 2(bridge_slave_1) entered disabled state [ 437.247936][ T6939] bridge_slave_0: left allmulticast mode [ 437.261444][ T6939] bridge_slave_0: left promiscuous mode [ 437.287245][ T6939] bridge0: port 1(bridge_slave_0) entered disabled state [ 439.077940][ T29] audit: type=1800 audit(1719857874.471:167): pid=11296 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=set_data cause=unavailable-hash-algorithm comm="syz.1.1885" name="/root/syzkaller.vDNFWR/145/bus" dev="sda1" ino=2003 res=0 errno=0 [ 440.233267][ T6939] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 440.269589][ T6939] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 440.307677][ T6939] bond0 (unregistering): Released all slaves [ 440.369746][T10831] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 440.390931][T10831] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 440.410571][T10831] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 440.453366][T10831] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 440.711376][ T1251] ieee802154 phy1 wpan1: encryption failed: -22 [ 441.032936][T11314] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 441.196138][T11314] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 441.236100][T11314] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 441.275588][T11314] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 441.287475][T11314] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 441.299698][T11314] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 441.310299][T11314] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 441.321026][T11314] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 441.330938][T11314] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 441.345924][T11314] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 441.358081][T11314] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 441.370952][T11314] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 441.382895][T11314] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 441.394037][T11314] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 441.885667][ T6802] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 441.974941][ T6802] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 442.914353][T11355] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 442.955954][T11355] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 442.976973][T11355] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 442.996212][T11355] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 443.012303][T11355] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 443.024832][T11355] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 443.035249][T11355] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 443.047291][T11355] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 443.057580][T11355] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 443.068248][T11355] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 443.078573][T11355] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 443.091269][T11355] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 443.101953][T11355] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 443.113978][T11355] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 443.205588][ T6847] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 443.218884][ T6847] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 443.247853][ T6939] hsr_slave_0: left promiscuous mode [ 443.255657][ T6939] hsr_slave_1: left promiscuous mode [ 443.262683][ T6939] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 443.270950][ T6939] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 443.281816][ T6939] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 443.290499][ T6939] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 443.377441][ T6939] veth1_macvtap: left promiscuous mode [ 443.390391][ T6939] veth0_macvtap: left promiscuous mode [ 443.417587][ T6939] veth1_vlan: left promiscuous mode [ 443.423056][ T6939] veth0_vlan: left promiscuous mode [ 443.682932][T11373] loop1: detected capacity change from 0 to 4096 [ 443.700043][T11373] ntfs3: loop1: Different NTFS sector size (4096) and media sector size (512). [ 443.768521][T11373] ntfs3: loop1: Mark volume as dirty due to NTFS errors [ 445.504677][T11417] loop0: detected capacity change from 0 to 4096 [ 445.545755][T11417] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 445.653857][T11417] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 446.298858][ T6939] team0 (unregistering): Port device team_slave_1 removed [ 446.368458][T11453] netlink: 'syz.0.1941': attribute type 12 has an invalid length. [ 446.376833][T11453] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.1941'. [ 446.584985][ T6939] team0 (unregistering): Port device team_slave_0 removed [ 447.918238][ T5098] Bluetooth: hci6: command 0x0406 tx timeout [ 448.785375][T11506] serio: Serial port pts0 [ 448.907606][T11512] netlink: 'syz.3.1973': attribute type 12 has an invalid length. [ 448.915819][T11512] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.1973'. [ 449.626143][ T5149] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 449.813946][T11529] serio: Serial port pts1 [ 449.840416][ T5149] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 0, changing to 7 [ 449.851965][ T5149] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xFF has invalid wMaxPacketSize 0 [ 449.872548][ T5149] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 449.896472][ T5149] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 449.925984][ T5149] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 449.952341][ T5149] usb 3-1: config 0 descriptor?? [ 450.368642][ T5149] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 450.388032][ T5149] plantronics 0003:047F:FFFF.000B: No inputs registered, leaving [ 450.418852][ T5149] plantronics 0003:047F:FFFF.000B: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 452.518904][ T5148] usb 3-1: USB disconnect, device number 12 [ 454.110243][ C1] TCP: request_sock_TCP: Possible SYN flooding on port [::]:2. Sending cookies. [ 454.172758][T11665] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 454.215190][T11665] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 455.334005][T11692] fuse: Bad value for 'fd' [ 456.444047][T11727] loop4: detected capacity change from 0 to 4096 [ 456.501892][T11727] ntfs3: loop4: Different NTFS sector size (4096) and media sector size (512). [ 456.628253][T11727] ntfs3: loop4: Mark volume as dirty due to NTFS errors [ 457.556277][ T25] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 457.949481][T11765] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2083'. [ 458.146289][ T25] usb 3-1: Using ep0 maxpacket: 32 [ 458.157591][ T25] usb 3-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0 [ 458.219300][ T25] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 458.245985][ T25] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 458.284829][ T25] usb 3-1: Product: syz [ 458.296221][ T25] usb 3-1: Manufacturer: syz [ 458.322241][ T25] usb 3-1: SerialNumber: syz [ 458.377452][ T25] cdc_ether 3-1:1.0: probe with driver cdc_ether failed with error -22 [ 458.589711][ T59] usb 3-1: USB disconnect, device number 13 [ 460.708808][T11804] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2101'. [ 461.501923][ C0] TCP: request_sock_TCP: Possible SYN flooding on port [::]:2. Sending cookies. [ 461.696205][ T59] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 461.910505][ T59] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 0, changing to 7 [ 461.946040][ T59] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xFF has invalid wMaxPacketSize 0 [ 461.989152][ T59] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 462.026076][ T59] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 462.035323][ T59] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 462.092677][ T59] usb 4-1: config 0 descriptor?? [ 462.338847][ T59] usbhid 4-1:0.0: can't add hid device: -71 [ 462.368790][ T59] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 462.433550][ T59] usb 4-1: USB disconnect, device number 12 [ 462.489730][T11810] loop4: detected capacity change from 0 to 32768 [ 462.694816][T11810] bcachefs (loop4): mounting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,noshard_inode_numbers,noinodes_use_key_cache,gc_reserve_bytes=512 GiB,nojournal_transaction_names [ 462.715585][T11810] bcachefs (loop4): recovering from clean shutdown, journal seq 8 [ 462.723854][T11810] bcachefs (loop4): Doing compatible version upgrade from 1.7: mi_btree_bitmap to 1.9: disk_accounting_v2 [ 462.723854][T11810] running recovery passes: check_allocations [ 462.810124][T11810] bcachefs (loop4): accounting_read... done [ 462.836102][T11810] bcachefs (loop4): alloc_read... done [ 462.842088][T11810] bcachefs (loop4): stripes_read... done [ 462.868350][T11810] bcachefs (loop4): snapshots_read... done [ 462.896116][T11810] bcachefs (loop4): check_allocations... [ 462.920513][T11810] btree ptr not marked in member info btree allocated bitmap [ 462.920542][T11810] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 56308231fb2a3a03 written 24 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0, shutting down [ 463.066108][T11810] bcachefs (loop4): inconsistency detected - emergency read only at journal seq 8 [ 463.091354][T11810] bcachefs (loop4): bch2_gc_mark_key(): error fsck_errors_not_fixed [ 463.134074][T11810] bcachefs (loop4): bch2_gc_btree(): error fsck_errors_not_fixed [ 463.166089][T11810] bcachefs (loop4): bch2_gc_btrees(): error fsck_errors_not_fixed [ 463.191105][T11810] bcachefs (loop4): bch2_check_allocations(): error fsck_errors_not_fixed [ 463.250757][T11810] bcachefs (loop4): bch2_fs_recovery(): error fsck_errors_not_fixed [ 463.276104][T11810] bcachefs (loop4): bch2_fs_start(): error starting filesystem fsck_errors_not_fixed [ 463.311328][T11810] bcachefs (loop4): shutting down [ 463.387667][T11810] bcachefs (loop4): shutdown complete [ 467.080303][T11902] loop4: detected capacity change from 0 to 32768 [ 467.426523][T11902] bcachefs (loop4): mounting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,noshard_inode_numbers,noinodes_use_key_cache,gc_reserve_bytes=512 GiB,nojournal_transaction_names [ 467.503632][T11902] bcachefs (loop4): recovering from clean shutdown, journal seq 8 [ 467.527813][T11902] bcachefs (loop4): Doing compatible version upgrade from 1.7: mi_btree_bitmap to 1.9: disk_accounting_v2 [ 467.527813][T11902] running recovery passes: check_allocations [ 467.563020][T11902] bcachefs (loop4): accounting_read... done [ 467.569726][T11902] bcachefs (loop4): alloc_read... done [ 467.577924][T11902] bcachefs (loop4): stripes_read... done [ 467.589401][T11902] bcachefs (loop4): snapshots_read... done [ 467.605346][T11902] bcachefs (loop4): check_allocations... [ 467.638190][T11902] btree ptr not marked in member info btree allocated bitmap [ 467.638217][T11902] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 56308231fb2a3a03 written 24 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0, shutting down [ 467.684263][T11902] bcachefs (loop4): inconsistency detected - emergency read only at journal seq 8 [ 467.714978][T11902] bcachefs (loop4): bch2_gc_mark_key(): error fsck_errors_not_fixed [ 467.742926][T11902] bcachefs (loop4): bch2_gc_btree(): error fsck_errors_not_fixed [ 467.759813][T11902] bcachefs (loop4): bch2_gc_btrees(): error fsck_errors_not_fixed [ 467.778306][T11902] bcachefs (loop4): bch2_check_allocations(): error fsck_errors_not_fixed [ 467.791007][T11902] bcachefs (loop4): bch2_fs_recovery(): error fsck_errors_not_fixed [ 467.812918][T11902] bcachefs (loop4): bch2_fs_start(): error starting filesystem fsck_errors_not_fixed [ 467.835744][T11902] bcachefs (loop4): shutting down [ 467.932435][T11902] bcachefs (loop4): shutdown complete [ 468.530893][T11971] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2162'. [ 469.709939][T11989] sctp: [Deprecated]: syz.3.2179 (pid 11989) Use of struct sctp_assoc_value in delayed_ack socket option. [ 469.709939][T11989] Use struct sctp_sack_info instead [ 470.439595][ T5098] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 470.457717][ T5098] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 470.469986][ T5098] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 470.483689][ T5098] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 470.498194][ T5098] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 470.505740][ T5098] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 470.812318][T12011] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2181'. [ 470.898574][ T6934] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 471.089028][ T6934] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 471.315665][ T6934] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 471.570740][ T6934] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 472.258871][ T6934] bridge_slave_1: left allmulticast mode [ 472.276661][ T6934] bridge_slave_1: left promiscuous mode [ 472.282963][ T6934] bridge0: port 2(bridge_slave_1) entered disabled state [ 472.303723][ T6934] bridge_slave_0: left allmulticast mode [ 472.323041][ T6934] bridge_slave_0: left promiscuous mode [ 472.333516][ T6934] bridge0: port 1(bridge_slave_0) entered disabled state [ 472.456062][ T5148] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 472.546244][ T5098] Bluetooth: hci2: command tx timeout [ 472.666467][ T5148] usb 4-1: Using ep0 maxpacket: 16 [ 472.698740][ T5148] usb 4-1: config 0 has no interfaces? [ 472.706761][ T5148] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 472.746170][ T5148] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 472.790807][ T5148] usb 4-1: config 0 descriptor?? [ 474.007543][ T6934] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 474.064034][ T6934] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 474.121230][ T6934] bond0 (unregistering): Released all slaves [ 474.235498][T12003] chnl_net:caif_netlink_parms(): no params data found [ 474.626649][ T5098] Bluetooth: hci2: command tx timeout [ 474.812667][T12003] bridge0: port 1(bridge_slave_0) entered blocking state [ 474.828467][T12003] bridge0: port 1(bridge_slave_0) entered disabled state [ 474.845338][T12003] bridge_slave_0: entered allmulticast mode [ 474.880662][T12003] bridge_slave_0: entered promiscuous mode [ 475.008649][T12003] bridge0: port 2(bridge_slave_1) entered blocking state [ 475.016417][T12003] bridge0: port 2(bridge_slave_1) entered disabled state [ 475.023763][T12003] bridge_slave_1: entered allmulticast mode [ 475.060413][T12003] bridge_slave_1: entered promiscuous mode [ 475.105499][ T6934] hsr_slave_0: left promiscuous mode [ 475.145551][ T6934] hsr_slave_1: left promiscuous mode [ 475.166259][ T6934] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 475.175632][ T6934] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 475.202756][ T6934] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 475.226059][ T6934] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 475.250594][ T5147] usb 4-1: USB disconnect, device number 13 [ 475.264754][ T6934] veth1_macvtap: left promiscuous mode [ 475.271162][ T6934] veth0_macvtap: left promiscuous mode [ 475.282118][ T6934] veth1_vlan: left promiscuous mode [ 475.288123][ T6934] veth0_vlan: left promiscuous mode [ 476.043106][T12084] loop4: detected capacity change from 0 to 4096 [ 476.052449][T12084] ntfs3: loop4: Different NTFS sector size (4096) and media sector size (512). [ 476.114665][T12084] ntfs3: loop4: Mark volume as dirty due to NTFS errors [ 476.238645][ T25] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 476.456027][ T25] usb 4-1: Using ep0 maxpacket: 16 [ 476.467306][ T25] usb 4-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=9c.15 [ 476.480319][ T25] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 476.495992][ T25] usb 4-1: Product: syz [ 476.500263][ T25] usb 4-1: Manufacturer: syz [ 476.525967][ T25] usb 4-1: SerialNumber: syz [ 476.559851][ T25] usb 4-1: config 0 descriptor?? [ 476.582440][ T25] ssu100 4-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected [ 476.706339][ T5098] Bluetooth: hci2: command tx timeout [ 476.800534][ T6934] team0 (unregistering): Port device team_slave_1 removed [ 476.883939][ T6934] team0 (unregistering): Port device team_slave_0 removed [ 477.390746][ T25] ssu100 4-1:0.0: probe with driver ssu100 failed with error -71 [ 477.419007][ T25] usb 4-1: USB disconnect, device number 14 [ 477.881224][T12079] netlink: 100 bytes leftover after parsing attributes in process `syz.1.2211'. [ 478.060385][T12003] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 478.146542][T12003] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 478.203798][T12106] loop3: detected capacity change from 0 to 4096 [ 478.222469][T12106] ntfs3: loop3: Different NTFS sector size (4096) and media sector size (512). [ 478.344641][T12106] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 478.462358][T12003] team0: Port device team_slave_0 added [ 478.507991][T12003] team0: Port device team_slave_1 added [ 478.668512][T12003] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 478.704129][T12003] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 478.756123][T12003] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 478.786917][ T5098] Bluetooth: hci2: command tx timeout [ 478.798244][T12003] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 478.817545][T12003] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 478.855491][T12003] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 478.985395][T12003] hsr_slave_0: entered promiscuous mode [ 479.000331][T12003] hsr_slave_1: entered promiscuous mode [ 479.095988][ T5177] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 479.306155][ T5177] usb 5-1: Using ep0 maxpacket: 16 [ 479.323948][ T5177] usb 5-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=9c.15 [ 479.344320][ T5177] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 479.368162][ T5177] usb 5-1: Product: syz [ 479.375713][ T5177] usb 5-1: Manufacturer: syz [ 479.380727][ T5177] usb 5-1: SerialNumber: syz [ 479.413096][ T5177] usb 5-1: config 0 descriptor?? [ 479.426939][ T5177] ssu100 5-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected [ 479.641267][T12003] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 479.660261][T12003] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 479.683199][T12003] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 479.711528][T12003] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 479.757196][T12143] loop1: detected capacity change from 0 to 4096 [ 479.773763][T12143] ntfs3: loop1: Different NTFS sector size (4096) and media sector size (512). [ 479.820467][T12143] ntfs3: loop1: Mark volume as dirty due to NTFS errors [ 480.034238][T12003] 8021q: adding VLAN 0 to HW filter on device bond0 [ 480.108767][T12003] 8021q: adding VLAN 0 to HW filter on device team0 [ 480.162212][ T5149] bridge0: port 1(bridge_slave_0) entered blocking state [ 480.169630][ T5149] bridge0: port 1(bridge_slave_0) entered forwarding state [ 480.218975][ T25] bridge0: port 2(bridge_slave_1) entered blocking state [ 480.226317][ T25] bridge0: port 2(bridge_slave_1) entered forwarding state [ 480.269107][ T5177] ssu100 5-1:0.0: probe with driver ssu100 failed with error -71 [ 480.297323][ T5177] usb 5-1: USB disconnect, device number 14 [ 480.371306][T12003] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 480.678556][T12003] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 480.771583][T12003] veth0_vlan: entered promiscuous mode [ 480.791262][T12003] veth1_vlan: entered promiscuous mode [ 480.874516][T12003] veth0_macvtap: entered promiscuous mode [ 480.927652][T12003] veth1_macvtap: entered promiscuous mode [ 480.994367][T12003] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 481.036270][T12003] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 481.056088][T12003] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 481.076619][T12003] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 481.097238][T12003] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 481.118032][T12177] loop4: detected capacity change from 0 to 4096 [ 481.132875][T12003] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 481.166047][T12003] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 481.177214][T12177] ntfs3: loop4: Different NTFS sector size (4096) and media sector size (512). [ 481.204103][T12003] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 481.218857][T12003] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 481.245817][T12003] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 481.288512][T12003] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 481.350176][T12003] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 481.373524][T12177] ntfs3: loop4: Mark volume as dirty due to NTFS errors [ 481.383952][T12003] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 481.407064][T12003] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 481.444558][T12193] serio: Serial port pts0 [ 481.453319][T12003] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 481.470959][T12003] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 481.484590][T12003] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 481.497590][T12003] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 481.508543][T12003] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 481.518798][T12003] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 481.532244][T12003] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 481.544665][T12003] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 481.591494][T12003] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 481.601339][T12003] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 481.612062][T12003] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 481.621596][T12003] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 481.797063][ T5149] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 481.862818][ T6086] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 481.879272][ T6086] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 481.929037][ T6086] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 481.941856][ T6086] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 482.017037][ T5149] usb 4-1: Using ep0 maxpacket: 16 [ 482.044302][ T5149] usb 4-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=9c.15 [ 482.066375][ T5149] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 482.074498][ T5149] usb 4-1: Product: syz [ 482.097932][ T5149] usb 4-1: Manufacturer: syz [ 482.121033][ T5149] usb 4-1: SerialNumber: syz [ 482.151272][ T5149] usb 4-1: config 0 descriptor?? [ 482.180404][ T5149] ssu100 4-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected [ 482.605564][T12224] loop0: detected capacity change from 0 to 4096 [ 482.617027][T12224] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 482.689833][T12224] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 482.914110][T12215] loop1: detected capacity change from 0 to 32768 [ 482.987145][ T5149] ssu100 4-1:0.0: probe with driver ssu100 failed with error -71 [ 482.999650][ T5149] usb 4-1: USB disconnect, device number 15 [ 483.073448][T12215] bcachefs (loop1): mounting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,noshard_inode_numbers,noinodes_use_key_cache,gc_reserve_bytes=512 GiB,nojournal_transaction_names [ 483.095226][T12215] bcachefs (loop1): recovering from clean shutdown, journal seq 8 [ 483.112230][T12215] bcachefs (loop1): Doing compatible version upgrade from 1.7: mi_btree_bitmap to 1.9: disk_accounting_v2 [ 483.112230][T12215] running recovery passes: check_allocations [ 483.196595][T12215] bcachefs (loop1): accounting_read... done [ 483.202666][T12215] bcachefs (loop1): alloc_read... done [ 483.217508][T12215] bcachefs (loop1): stripes_read... done [ 483.223655][T12215] bcachefs (loop1): snapshots_read... done [ 483.235463][T12215] bcachefs (loop1): check_allocations... [ 483.240759][T12215] btree ptr not marked in member info btree allocated bitmap [ 483.240786][T12215] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 56308231fb2a3a03 written 24 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0, shutting down [ 483.301316][T12215] bcachefs (loop1): inconsistency detected - emergency read only at journal seq 8 [ 483.312437][T12215] bcachefs (loop1): bch2_gc_mark_key(): error fsck_errors_not_fixed [ 483.326384][T12215] bcachefs (loop1): bch2_gc_btree(): error fsck_errors_not_fixed [ 483.336734][T12215] bcachefs (loop1): bch2_gc_btrees(): error fsck_errors_not_fixed [ 483.354556][T12215] bcachefs (loop1): bch2_check_allocations(): error fsck_errors_not_fixed [ 483.378845][T12215] bcachefs (loop1): bch2_fs_recovery(): error fsck_errors_not_fixed [ 483.393445][T12215] bcachefs (loop1): bch2_fs_start(): error starting filesystem fsck_errors_not_fixed [ 483.408723][T12215] bcachefs (loop1): shutting down [ 483.446045][T12215] bcachefs (loop1): shutdown complete [ 484.172725][T12258] loop0: detected capacity change from 0 to 4096 [ 484.205042][T12258] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 484.386773][T12258] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 485.200061][ T5145] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 485.353302][T12296] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 485.416212][ T5145] usb 5-1: Using ep0 maxpacket: 16 [ 485.465691][ T5145] usb 5-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=9c.15 [ 485.477157][ T5145] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 485.485644][ T5145] usb 5-1: Product: syz [ 485.501769][ T5145] usb 5-1: Manufacturer: syz [ 485.513559][ T5145] usb 5-1: SerialNumber: syz [ 485.528916][ T5145] usb 5-1: config 0 descriptor?? [ 485.541035][ T5145] ssu100 5-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected [ 486.347709][ T5145] ssu100 5-1:0.0: probe with driver ssu100 failed with error -71 [ 486.411611][ T5145] usb 5-1: USB disconnect, device number 15 [ 486.445596][T12302] loop3: detected capacity change from 0 to 32768 [ 486.806557][ T6824] kworker/u8:22 (6824) used greatest stack depth: 15568 bytes left [ 487.177976][T12302] bcachefs (loop3): mounting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,noshard_inode_numbers,noinodes_use_key_cache,gc_reserve_bytes=512 GiB,nojournal_transaction_names [ 487.218401][T12302] bcachefs (loop3): recovering from clean shutdown, journal seq 8 [ 487.226529][T12302] bcachefs (loop3): Doing compatible version upgrade from 1.7: mi_btree_bitmap to 1.9: disk_accounting_v2 [ 487.226529][T12302] running recovery passes: check_allocations [ 487.325371][T12302] bcachefs (loop3): accounting_read... done [ 487.344464][T12302] bcachefs (loop3): alloc_read... done [ 487.370795][T12302] bcachefs (loop3): stripes_read... done [ 487.386774][T12302] bcachefs (loop3): snapshots_read... done [ 487.393708][T12302] bcachefs (loop3): check_allocations... [ 487.419022][T12302] btree ptr not marked in member info btree allocated bitmap [ 487.419051][T12302] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 56308231fb2a3a03 written 24 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0, shutting down [ 487.507844][T12302] bcachefs (loop3): inconsistency detected - emergency read only at journal seq 8 [ 487.540528][T12302] bcachefs (loop3): bch2_gc_mark_key(): error fsck_errors_not_fixed [ 487.565992][T12302] bcachefs (loop3): bch2_gc_btree(): error fsck_errors_not_fixed [ 487.587221][T12302] bcachefs (loop3): bch2_gc_btrees(): error fsck_errors_not_fixed [ 487.611048][T12302] bcachefs (loop3): bch2_check_allocations(): error fsck_errors_not_fixed [ 487.624214][T12302] bcachefs (loop3): bch2_fs_recovery(): error fsck_errors_not_fixed [ 487.642842][T12302] bcachefs (loop3): bch2_fs_start(): error starting filesystem fsck_errors_not_fixed [ 487.663302][T12302] bcachefs (loop3): shutting down [ 487.717078][T12302] bcachefs (loop3): shutdown complete [ 487.976651][ T59] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 488.152780][ T59] usb 2-1: device descriptor read/64, error -71 [ 488.327656][T12370] netlink: 'syz.0.2333': attribute type 12 has an invalid length. [ 488.335641][T12370] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.2333'. [ 488.504798][ T59] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 488.681807][ T59] usb 2-1: device descriptor read/64, error -71 [ 488.822856][ T59] usb usb2-port1: attempt power cycle [ 489.286007][ T59] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 489.356812][ T59] usb 2-1: device descriptor read/8, error -71 [ 489.646293][ T59] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 489.706773][ T59] usb 2-1: device descriptor read/8, error -71 [ 489.832054][ T59] usb usb2-port1: unable to enumerate USB device [ 490.621326][T12419] loop4: detected capacity change from 0 to 32768 [ 490.941633][T12419] bcachefs (loop4): mounting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,noshard_inode_numbers,noinodes_use_key_cache,gc_reserve_bytes=512 GiB,nojournal_transaction_names [ 490.992062][T12419] bcachefs (loop4): recovering from clean shutdown, journal seq 8 [ 491.000501][T12419] bcachefs (loop4): Doing compatible version upgrade from 1.7: mi_btree_bitmap to 1.9: disk_accounting_v2 [ 491.000501][T12419] running recovery passes: check_allocations [ 491.350328][T12419] bcachefs (loop4): accounting_read... done [ 491.453832][T12419] bcachefs (loop4): alloc_read... done [ 491.634911][T12419] bcachefs (loop4): stripes_read... done [ 491.660891][T12419] bcachefs (loop4): snapshots_read... done [ 491.688718][T12419] bcachefs (loop4): check_allocations... [ 491.690849][T12419] btree ptr not marked in member info btree allocated bitmap [ 491.690873][T12419] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 56308231fb2a3a03 written 24 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0, shutting down [ 491.846202][T12419] bcachefs (loop4): inconsistency detected - emergency read only at journal seq 8 [ 491.855532][T12419] bcachefs (loop4): bch2_gc_mark_key(): error fsck_errors_not_fixed [ 491.866570][T12419] bcachefs (loop4): bch2_gc_btree(): error fsck_errors_not_fixed [ 491.877409][T12419] bcachefs (loop4): bch2_gc_btrees(): error fsck_errors_not_fixed [ 491.887409][T12419] bcachefs (loop4): bch2_check_allocations(): error fsck_errors_not_fixed [ 491.898995][T12419] bcachefs (loop4): bch2_fs_recovery(): error fsck_errors_not_fixed [ 491.910351][T12419] bcachefs (loop4): bch2_fs_start(): error starting filesystem fsck_errors_not_fixed [ 491.921409][T12419] bcachefs (loop4): shutting down [ 491.963980][T12419] bcachefs (loop4): shutdown complete [ 492.306219][ T5146] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 492.524882][ T5146] usb 3-1: Using ep0 maxpacket: 32 [ 492.538114][ T5146] usb 3-1: New USB device found, idVendor=0545, idProduct=8080, bcdDevice= 3.01 [ 492.569661][ T5146] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 492.608736][ T5146] usb 3-1: config 0 descriptor?? [ 492.628686][ T5146] gspca_main: xirlink-cit-2.14.0 probing 0545:8080 [ 492.657638][ T5146] input: xirlink-cit as /devices/platform/dummy_hcd.2/usb3/3-1/input/input24 [ 492.861524][T12476] vlan3: entered promiscuous mode [ 492.952394][ T5146] usb 3-1: USB disconnect, device number 14 [ 493.622950][T12530] loop3: detected capacity change from 0 to 512 [ 493.643683][T12530] EXT4-fs: Ignoring removed nomblk_io_submit option [ 493.697588][T12530] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 493.729332][T12530] ext4 filesystem being mounted at /root/syzkaller.bH0CH4/349/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 493.860109][T12537] trusted_key: encrypted_key: insufficient parameters specified [ 493.922215][ T29] audit: type=1804 audit(1719857929.321:168): pid=12530 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.2398" name="/root/syzkaller.bH0CH4/349/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bus" dev="loop3" ino=18 res=1 errno=0 [ 494.169137][ T7996] EXT4-fs error (device loop3): ext4_readdir:260: inode #12: block 32: comm syz-executor: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 494.456858][T12541] netlink: 'syz.0.2401': attribute type 6 has an invalid length. [ 494.483170][T12541] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.2401'. [ 494.507612][ T5108] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 494.534107][ T5108] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 494.546395][ T5108] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 494.551201][ T6086] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 494.616451][ T5108] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 494.636064][ T5108] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 494.643676][ T5108] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 494.734761][T12541] netlink: 64 bytes leftover after parsing attributes in process `syz.0.2401'. [ 495.177804][ T6086] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 495.465342][ T6086] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 495.831169][ T6086] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 496.009524][T12542] chnl_net:caif_netlink_parms(): no params data found [ 496.309534][T12542] bridge0: port 1(bridge_slave_0) entered blocking state [ 496.326356][T12542] bridge0: port 1(bridge_slave_0) entered disabled state [ 496.343987][T12542] bridge_slave_0: entered allmulticast mode [ 496.355617][T12542] bridge_slave_0: entered promiscuous mode [ 496.393959][T12542] bridge0: port 2(bridge_slave_1) entered blocking state [ 496.418094][T12542] bridge0: port 2(bridge_slave_1) entered disabled state [ 496.435422][T12542] bridge_slave_1: entered allmulticast mode [ 496.453031][T12542] bridge_slave_1: entered promiscuous mode [ 496.476585][ T6086] bridge_slave_1: left allmulticast mode [ 496.483557][ T6086] bridge_slave_1: left promiscuous mode [ 496.504289][ T6086] bridge0: port 2(bridge_slave_1) entered disabled state [ 496.539201][ T6086] bridge_slave_0: left allmulticast mode [ 496.546327][ T6086] bridge_slave_0: left promiscuous mode [ 496.552197][ T6086] bridge0: port 1(bridge_slave_0) entered disabled state [ 496.710142][ T5098] Bluetooth: hci0: command tx timeout [ 496.958572][ T5098] Bluetooth: hci2: command 0x0406 tx timeout [ 498.109538][ T6086] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 498.126912][ T6086] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 498.154329][ T6086] bond0 (unregistering): Released all slaves [ 498.322334][T12542] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 498.362986][T12542] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 498.522019][ T5108] Bluetooth: hci6: Ignoring HCI_Connection_Complete for existing connection [ 498.769035][T12542] team0: Port device team_slave_0 added [ 498.808144][ T5108] Bluetooth: hci0: command tx timeout [ 499.079431][T12542] team0: Port device team_slave_1 added [ 499.308922][T12542] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 499.341055][T12542] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 499.436071][T12542] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 499.489624][ T6086] hsr_slave_0: left promiscuous mode [ 499.546523][ T6086] hsr_slave_1: left promiscuous mode [ 499.630675][ T6086] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 499.655108][ T6086] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 499.687217][ T6086] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 499.712130][T12627] loop2: detected capacity change from 0 to 1024 [ 499.718795][ T6086] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 499.796371][T12631] syz.1.2429[12631] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 499.796553][T12631] syz.1.2429[12631] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 499.807688][ T6086] veth1_macvtap: left promiscuous mode [ 499.842897][ T6086] veth0_macvtap: left promiscuous mode [ 499.856392][ T6086] veth1_vlan: left promiscuous mode [ 499.869718][ T6086] veth0_vlan: left promiscuous mode [ 500.546158][ T5108] Bluetooth: hci6: command 0x0406 tx timeout [ 500.866155][ T5098] Bluetooth: hci0: command tx timeout [ 502.267214][ T1251] ieee802154 phy1 wpan1: encryption failed: -22 [ 502.698413][ T6086] team0 (unregistering): Port device team_slave_1 removed [ 502.752150][ T5098] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 502.946057][ T5108] Bluetooth: hci0: command tx timeout [ 502.957125][ T6086] team0 (unregistering): Port device team_slave_0 removed [ 504.786000][ C0] DEBUG: waiting rtnl_mutex for 501 jiffies. [ 504.786144][ T5108] Bluetooth: hci3: command 0x0406 tx timeout [ 504.792063][ C0] task:syz.0.2428 state:D stack:23800 pid:12629 tgid:12628 ppid:12003 flags:0x00004004 [ 504.808402][ C0] Call Trace: [ 504.811728][ C0] [ 504.814710][ C0] __schedule+0x17e8/0x4a20 [ 504.819449][ C0] ? __pfx___schedule+0x10/0x10 [ 504.824363][ C0] ? __pfx_lock_release+0x10/0x10 [ 504.829482][ C0] ? __mutex_trylock_common+0x92/0x2e0 [ 504.835040][ C0] ? schedule+0x90/0x320 [ 504.839492][ C0] schedule+0x14b/0x320 [ 504.843716][ C0] schedule_preempt_disabled+0x13/0x30 [ 504.849280][ C0] __mutex_lock+0x6a4/0xd70 [ 504.853845][ C0] ? __mutex_lock+0x527/0xd70 [ 504.858683][ C0] ? __tun_chr_ioctl+0x48f/0x2400 [ 504.863960][ C0] ? __pfx___mutex_lock+0x10/0x10 [ 504.869228][ C0] ? get_rtnl_holder+0x144/0x190 [ 504.874259][ C0] __tun_chr_ioctl+0x48f/0x2400 [ 504.879229][ C0] ? __pfx___tun_chr_ioctl+0x10/0x10 [ 504.884640][ C0] ? __fget_files+0x3f6/0x470 [ 504.890476][ C0] ? __fget_files+0x29/0x470 [ 504.895416][ C0] ? bpf_lsm_file_ioctl+0x9/0x10 [ 504.900600][ C0] ? security_file_ioctl+0x87/0xb0 [ 504.905927][ C0] ? __pfx_tun_chr_ioctl+0x10/0x10 [ 504.911210][ C0] __se_sys_ioctl+0xfc/0x170 [ 504.916018][ C0] do_syscall_64+0xf3/0x230 [ 504.920708][ C0] ? clear_bhb_loop+0x35/0x90 [ 504.925772][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 504.931933][ C0] RIP: 0033:0x7fe201d75b99 [ 504.936620][ C0] RSP: 002b:00007fe202a8c048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 504.945145][ C0] RAX: ffffffffffffffda RBX: 00007fe201f03fa0 RCX: 00007fe201d75b99 [ 504.953235][ C0] RDX: 0000000020000040 RSI: 00000000400454ca RDI: 0000000000000006 [ 504.961321][ C0] RBP: 00007fe201df677e R08: 0000000000000000 R09: 0000000000000000 [ 504.969401][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 504.977580][ C0] R13: 000000000000000b R14: 00007fe201f03fa0 R15: 00007fff3b6766b8 [ 504.985645][ C0] [ 504.989766][ C0] DEBUG: holding rtnl_mutex for 552 jiffies. [ 504.996357][ C0] task:kworker/u8:10 state:R running task stack:18296 pid:6086 tgid:6086 ppid:2 flags:0x00004000 [ 505.008929][ C0] Workqueue: netns cleanup_net [ 505.013757][ C0] Call Trace: [ 505.017102][ C0] [ 505.020070][ C0] __schedule+0x17e8/0x4a20 [ 505.024630][ C0] ? __pfx___schedule+0x10/0x10 [ 505.029642][ C0] ? __pfx_lock_release+0x10/0x10 [ 505.034765][ C0] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 505.040737][ C0] ? kthread_data+0x52/0xd0 [ 505.045269][ C0] ? wq_worker_sleeping+0x66/0x240 [ 505.050499][ C0] ? schedule+0x90/0x320 [ 505.054812][ C0] schedule+0x14b/0x320 [ 505.059049][ C0] synchronize_rcu_expedited+0x684/0x830 [ 505.064825][ C0] ? __pfx_synchronize_rcu_expedited+0x10/0x10 [ 505.071211][ C0] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 505.076641][ C0] ? __pfx___might_resched+0x10/0x10 [ 505.082099][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 505.088248][ C0] ? __pfx_autoremove_wake_function+0x10/0x10 [ 505.094625][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 505.101256][ C0] synchronize_rcu+0x11b/0x360 [ 505.106127][ C0] ? __pfx_synchronize_rcu+0x10/0x10 [ 505.111550][ C0] lockdep_unregister_key+0x556/0x610 [ 505.117131][ C0] ? __pfx_lockdep_unregister_key+0x10/0x10 [ 505.123175][ C0] ? rcu_is_watching+0x15/0xb0 [ 505.128036][ C0] ? qdisc_reset+0x3bf/0x5b0 [ 505.132692][ C0] __qdisc_destroy+0x165/0x410 [ 505.137585][ C0] dev_shutdown+0x9b/0x440 [ 505.142050][ C0] unregister_netdevice_many_notify+0x9c7/0x1d20 [ 505.148491][ C0] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 505.155318][ C0] ? unregister_netdevice_queue+0x26b/0x370 [ 505.161300][ C0] ? batadv_softif_destroy_netlink+0x1e0/0x270 [ 505.167699][ C0] default_device_exit_batch+0xa0f/0xa90 [ 505.173430][ C0] ? __pfx___might_resched+0x10/0x10 [ 505.178983][ C0] ? __pfx_default_device_exit_batch+0x10/0x10 [ 505.186747][ C0] ? cfg802154_pernet_exit+0xc3/0xe0 [ 505.192224][ C0] ? __pfx_default_device_exit_batch+0x10/0x10 [ 505.198778][ C0] cleanup_net+0x89d/0xcc0 [ 505.204254][ C0] ? __pfx_cleanup_net+0x10/0x10 [ 505.209960][ C0] ? process_scheduled_works+0x945/0x1830 [ 505.215759][ C0] process_scheduled_works+0xa2c/0x1830 [ 505.221581][ C0] ? __pfx_process_scheduled_works+0x10/0x10 [ 505.227778][ C0] ? assign_work+0x364/0x3d0 [ 505.232491][ C0] worker_thread+0x86d/0xd40 [ 505.237228][ C0] ? __kthread_parkme+0x169/0x1d0 [ 505.242322][ C0] ? __pfx_worker_thread+0x10/0x10 [ 505.247534][ C0] kthread+0x2f0/0x390 [ 505.251770][ C0] ? __pfx_worker_thread+0x10/0x10 [ 505.256990][ C0] ? __pfx_kthread+0x10/0x10 [ 505.261847][ C0] ret_from_fork+0x4b/0x80 [ 505.263896][T12681] Falling back ldisc for ttynull. [ 505.266360][ C0] ? __pfx_kthread+0x10/0x10 [ 505.266408][ C0] ret_from_fork_asm+0x1a/0x30 [ 505.266461][ C0] [ 505.266474][ C0] DEBUG: waiting rtnl_mutex for 580 jiffies. [ 505.266489][ C0] task:syz-executor state:D stack:21024 pid:12542 tgid:12542 ppid:12528 flags:0x00000000 [ 505.266539][ C0] Call Trace: [ 505.266550][ C0] [ 505.266563][ C0] __schedule+0x17e8/0x4a20 [ 505.266614][ C0] ? __pfx___schedule+0x10/0x10 [ 505.320314][ C0] ? __pfx_lock_release+0x10/0x10 [ 505.325409][ C0] ? __mutex_trylock_common+0x92/0x2e0 [ 505.331010][ C0] ? schedule+0x90/0x320 [ 505.335325][ C0] schedule+0x14b/0x320 [ 505.339607][ C0] schedule_preempt_disabled+0x13/0x30 [ 505.345109][ C0] __mutex_lock+0x6a4/0xd70 [ 505.349737][ C0] ? __mutex_lock+0x527/0xd70 [ 505.354476][ C0] ? rtnetlink_rcv_msg+0x847/0x1180 [ 505.359789][ C0] ? __pfx___mutex_lock+0x10/0x10 [ 505.364900][ C0] ? get_rtnl_holder+0x144/0x190 [ 505.370051][ C0] rtnetlink_rcv_msg+0x847/0x1180 [ 505.375242][ C0] ? rtnetlink_rcv_msg+0x208/0x1180 [ 505.380554][ C0] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 505.386211][ C0] ? is_bpf_text_address+0x285/0x2a0 [ 505.391581][ C0] ? __pfx_validate_chain+0x10/0x10 [ 505.397092][ C0] ? __pfx_validate_chain+0x10/0x10 [ 505.405134][ C0] ? arch_stack_walk+0x16d/0x1b0 [ 505.410798][ C0] ? mark_lock+0x9a/0x360 [ 505.415303][ C0] ? __pfx_validate_chain+0x10/0x10 [ 505.420565][ C0] ? __lock_acquire+0x1359/0x2000 [ 505.425661][ C0] ? mark_lock+0x9a/0x360 [ 505.430073][ C0] ? __lock_acquire+0x1359/0x2000 [ 505.435182][ C0] netlink_rcv_skb+0x1e3/0x430 [ 505.440071][ C0] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 505.443249][ T5107] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 505.445662][ C0] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 505.458616][ C0] ? netlink_deliver_tap+0x2e/0x1b0 [ 505.459872][ T5107] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 505.463868][ C0] netlink_unicast+0x7f0/0x990 [ 505.474594][ T5107] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 505.476281][ C0] ? __pfx_netlink_unicast+0x10/0x10 [ 505.476334][ C0] ? __virt_addr_valid+0x183/0x530 [ 505.486758][ T5107] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 505.488695][ C0] ? __check_object_size+0x49c/0x900 [ 505.495002][ T5107] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 505.500821][ C0] ? bpf_lsm_netlink_send+0x9/0x10 [ 505.500868][ C0] netlink_sendmsg+0x8e4/0xcb0 [ 505.500918][ C0] ? __pfx_netlink_sendmsg+0x10/0x10 [ 505.500952][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 505.500989][ C0] ? aa_sock_msg_perm+0x91/0x160 [ 505.501020][ C0] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 505.501053][ C0] ? security_socket_sendmsg+0x87/0xb0 [ 505.511249][ T5107] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 505.513316][ C0] ? __pfx_netlink_sendmsg+0x10/0x10 [ 505.563079][ C0] __sock_sendmsg+0x221/0x270 [ 505.567867][ C0] __sys_sendto+0x3a4/0x4f0 [ 505.572430][ C0] ? __pfx___sys_sendto+0x10/0x10 [ 505.577634][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 505.584341][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 505.592833][ C0] __x64_sys_sendto+0xde/0x100 [ 505.597876][ C0] do_syscall_64+0xf3/0x230 [ 505.602855][ C0] ? clear_bhb_loop+0x35/0x90 [ 505.607827][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 505.613822][ C0] RIP: 0033:0x7f79ec37792c [ 505.618345][ C0] RSP: 002b:00007ffcf5a4a7d0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 505.627143][ C0] RAX: ffffffffffffffda RBX: 00007f79ed034620 RCX: 00007f79ec37792c [ 505.635174][ C0] RDX: 0000000000000028 RSI: 00007f79ed034670 RDI: 0000000000000003 [ 505.643252][ C0] RBP: 0000000000000000 R08: 00007ffcf5a4a824 R09: 000000000000000c [ 505.651532][ C0] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 505.660935][ C0] R13: 0000000000000000 R14: 00007f79ed034670 R15: 0000000000000000 [ 505.669027][ C0] [ 505.672096][ C0] [ 505.672096][ C0] Showing all locks held in the system: [ 505.679941][ C0] 2 locks held by getty/4855: [ 505.684664][ C0] #0: ffff88802ad060a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 505.699036][ C0] #1: ffffc900031332f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6b5/0x1e10 [ 505.709296][ C0] 5 locks held by kworker/u9:3/5098: [ 505.714660][ C0] #0: ffff888021953148 ((wq_completion)hci3){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 505.726730][ C0] #1: ffffc9000381fd00 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 505.739395][ C0] #2: ffff8880222a0d80 (&hdev->req_lock){+.+.}-{3:3}, at: hci_cmd_sync_work+0x1ec/0x400 [ 505.749390][ C0] #3: ffff8880222a0078 (&hdev->lock){+.+.}-{3:3}, at: hci_abort_conn_sync+0x1ea/0xde0 [ 505.759166][ C0] #4: ffffffff8e33abf8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x451/0x830 [ 505.770186][ C0] 3 locks held by kworker/1:7/5149: [ 505.775420][ C0] #0: ffff888015080948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 505.786577][ C0] #1: ffffc900040a7d00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 505.797749][ C0] #2: ffffffff8f5feac8 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xe/0x60 [ 505.806899][ C0] 5 locks held by kworker/u8:10/6086: [ 505.812384][ C0] #0: ffff888015edd948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 505.823450][ C0] #1: ffffc90004227d00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 505.834147][ C0] #2: ffffffff8f5f1f50 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x16a/0xcc0 [ 505.843737][ C0] #3: ffffffff8f5feac8 (rtnl_mutex){+.+.}-{3:3}, at: default_device_exit_batch+0xe9/0xa90 [ 505.854116][ C0] #4: ffffffff8e33abf8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x381/0x830 [ 505.865285][ C0] 3 locks held by kworker/u8:30/6936: [ 505.870779][ C0] 5 locks held by kworker/u8:34/6946: [ 505.876217][ C0] #0: ffff8880b953ea18 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140 [ 505.887111][ C0] #1: ffffc90009de7d00 ((work_completion)(&(&bat_priv->nc.work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 505.902143][ C0] #2: ffff8880b952a718 (&base->lock){-.-.}-{2:2}, at: lock_timer_base+0x112/0x240 [ 505.912376][ C0] #3: ffffffff94a18660 (&obj_hash[i].lock){-.-.}-{2:2}, at: debug_object_activate+0x16d/0x510 [ 505.922914][ C0] #4: ffffe8ffffd72d88 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: psi_task_switch+0x199/0x770 [ 505.934638][ C0] 1 lock held by syz-executor/7996: [ 505.939946][ C0] #0: ffffffff8f5feac8 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3e/0x1b0 [ 505.949061][ C0] 1 lock held by syz-executor/12542: [ 505.954362][ C0] #0: ffffffff8f5feac8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x847/0x1180 [ 505.963967][ C0] 1 lock held by syz.0.2428/12629: [ 505.969159][ C0] #0: ffffffff8f5feac8 (rtnl_mutex){+.+.}-{3:3}, at: __tun_chr_ioctl+0x48f/0x2400 [ 505.978621][ C0] 4 locks held by syz.1.2447/12679: [ 505.984497][ C0] #0: ffff88802f340420 (sb_writers#4){.+.+}-{0:0}, at: do_coredump+0x1adc/0x2a30 [ 505.997553][ C0] #1: ffff88804f3549c0 (&sb->s_type->i_mutex_key#8){++++}-{3:3}, at: ext4_buffered_write_iter+0x97/0x350 [ 506.009518][ C0] #2: ffffc90000007c00 (net/core/rtnetlink.c:83){+.-.}-{0:0}, at: call_timer_fn+0xc0/0x650 [ 506.019789][ C0] #3: ffffffff8e335820 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0 [ 506.029850][ C0] 1 lock held by syz-executor/12683: [ 506.035196][ C0] #0: ffffffff8f5feac8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x847/0x1180 [ 506.045133][ C0] 1 lock held by syz.2.2449/12687: [ 506.050368][ C0] #0: ffffffff8f5feac8 (rtnl_mutex){+.+.}-{3:3}, at: ip_rt_ioctl+0xea/0x1750 [ 506.059517][ C0] 2 locks held by syz.2.2449/12688: [ 506.064811][ C0] #0: ffff8880602889e0 (&p->lock){+.+.}-{3:3}, at: seq_read_iter+0xb7/0xd60 [ 506.073866][ C0] #1: ffffffff8e4950f0 (file_rwsem){++++}-{0:0}, at: locks_start+0x89/0xd0 [ 506.082863][ C0] [ 506.085317][ C0] ============================================= [ 506.085317][ C0] [ 506.291370][T12542] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 506.299351][T12542] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 506.329845][T12542] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 506.651939][ T7996] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 506.750411][T12542] hsr_slave_0: entered promiscuous mode [ 506.789529][T12542] hsr_slave_1: entered promiscuous mode [ 506.826076][T12542] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 506.834027][T12542] Cannot create hsr debugfs directory [ 507.586305][ T5098] Bluetooth: hci1: command tx timeout [ 508.706453][ T5098] Bluetooth: hci2: command 0x0406 tx timeout [ 508.954381][ T6086] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 509.020697][T12683] chnl_net:caif_netlink_parms(): no params data found [ 509.119748][ T6086] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 509.223609][T12717] loop1: detected capacity change from 0 to 16 [ 509.258174][ T5147] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 509.286574][T12717] erofs: (device loop1): mounted with root inode @ nid 36. [ 509.379581][ T6086] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 509.468666][ T5147] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 509.500396][ T5147] usb 3-1: New USB device found, idVendor=056a, idProduct=00de, bcdDevice= 0.00 [ 509.510070][ T5147] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 509.521220][ T5147] usb 3-1: config 0 descriptor?? [ 509.608262][ T6086] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 509.660633][T12723] loop1: detected capacity change from 0 to 512 [ 509.667427][ T5098] Bluetooth: hci1: command tx timeout [ 509.680882][T12723] EXT4-fs: Ignoring removed mblk_io_submit option [ 509.741500][T12683] bridge0: port 1(bridge_slave_0) entered blocking state [ 509.755425][T12723] EXT4-fs error (device loop1): __ext4_iget:4980: inode #11: block 1: comm syz.1.2460: invalid block [ 509.758136][T12683] bridge0: port 1(bridge_slave_0) entered disabled state [ 509.809886][T12723] EXT4-fs error (device loop1): ext4_orphan_get:1399: comm syz.1.2460: couldn't read orphan inode 11 (err -117) [ 509.823678][T12683] bridge_slave_0: entered allmulticast mode [ 509.834203][T12683] bridge_slave_0: entered promiscuous mode [ 509.848539][T12723] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 509.864290][T12683] bridge0: port 2(bridge_slave_1) entered blocking state [ 509.877543][T12683] bridge0: port 2(bridge_slave_1) entered disabled state [ 509.898407][T12683] bridge_slave_1: entered allmulticast mode [ 509.932359][T12683] bridge_slave_1: entered promiscuous mode [ 510.110014][ T9080] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 510.274294][T12683] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 510.303908][T12683] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 510.323940][ T5147] usb 3-1: string descriptor 0 read error: -71 [ 510.355119][ T5147] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 510.380297][ T5147] usb 3-1: USB disconnect, device number 15 [ 510.482843][T12739] syz.0.2465[12739] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 510.483040][T12739] syz.0.2465[12739] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 510.507715][T12683] team0: Port device team_slave_0 added [ 510.581089][T12683] team0: Port device team_slave_1 added [ 510.601923][T12542] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 510.640244][T12542] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 510.920017][T12542] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 510.936932][T12542] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 511.837648][ T5098] Bluetooth: hci1: command tx timeout [ 512.239649][T12683] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 512.270030][T12683] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 512.301079][T12683] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 512.358655][T12750] netlink: 'syz.0.2467': attribute type 12 has an invalid length. [ 512.366760][T12750] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.2467'. [ 512.455363][ T6086] bridge_slave_1: left allmulticast mode [ 512.466204][ T5098] Bluetooth: hci6: command 0x0406 tx timeout [ 512.483938][ T6086] bridge_slave_1: left promiscuous mode [ 512.511819][ T6086] bridge0: port 2(bridge_slave_1) entered disabled state [ 512.560386][ T6086] bridge_slave_0: left allmulticast mode [ 512.579747][ T6086] bridge_slave_0: left promiscuous mode [ 512.606983][ T6086] bridge0: port 1(bridge_slave_0) entered disabled state [ 513.528942][ T6086] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 513.544754][ T6086] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 513.564338][ T6086] bond0 (unregistering): Released all slaves [ 513.793745][T12683] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 513.825736][T12683] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 513.892248][T12683] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 513.906120][ T5098] Bluetooth: hci1: command tx timeout [ 514.214027][T12683] hsr_slave_0: entered promiscuous mode [ 514.223273][T12683] hsr_slave_1: entered promiscuous mode [ 514.274367][T12683] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 514.293646][T12683] Cannot create hsr debugfs directory [ 515.538785][T12542] 8021q: adding VLAN 0 to HW filter on device bond0 [ 515.659587][ T5098] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection [ 515.854612][ T6086] hsr_slave_0: left promiscuous mode [ 515.905356][ T6086] hsr_slave_1: left promiscuous mode [ 515.968589][ T6086] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 515.997806][ T6086] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 516.047301][ T6086] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 516.055179][ T6086] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 516.080603][T12782] netlink: 'syz.2.2478': attribute type 12 has an invalid length. [ 516.088607][T12782] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.2478'. [ 516.144200][ T6086] veth1_macvtap: left promiscuous mode [ 516.156255][ T6086] veth0_macvtap: left promiscuous mode [ 516.162024][ T6086] veth1_vlan: left promiscuous mode [ 516.167631][ T6086] veth0_vlan: left promiscuous mode [ 517.736687][ T6086] team0 (unregistering): Port device team_slave_1 removed [ 518.107119][ T6086] team0 (unregistering): Port device team_slave_0 removed [ 518.847602][T12795] loop0: detected capacity change from 0 to 128 [ 519.965583][ T6847] kworker/u8:28: attempt to access beyond end of device [ 519.965583][ T6847] loop0: rw=1, sector=153, nr_sectors = 888 limit=128 [ 520.283666][T12542] 8021q: adding VLAN 0 to HW filter on device team0 [ 520.327435][T12792] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2481'. [ 520.612915][ T5147] bridge0: port 1(bridge_slave_0) entered blocking state [ 520.620517][ T5147] bridge0: port 1(bridge_slave_0) entered forwarding state [ 520.769131][ T5145] bridge0: port 2(bridge_slave_1) entered blocking state [ 520.776506][ T5145] bridge0: port 2(bridge_slave_1) entered forwarding state [ 521.473482][T12683] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 521.531922][T12683] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 521.565167][T12683] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 521.624056][T12683] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 521.754323][T12542] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 521.938072][ T5098] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection [ 522.089269][T12683] 8021q: adding VLAN 0 to HW filter on device bond0 [ 522.170144][T12683] 8021q: adding VLAN 0 to HW filter on device team0 [ 522.219137][ T5148] bridge0: port 1(bridge_slave_0) entered blocking state [ 522.226444][ T5148] bridge0: port 1(bridge_slave_0) entered forwarding state [ 522.282800][ T5148] bridge0: port 2(bridge_slave_1) entered blocking state [ 522.293690][ T5148] bridge0: port 2(bridge_slave_1) entered forwarding state [ 522.368611][T12829] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2490'. [ 522.654619][T12542] veth0_vlan: entered promiscuous mode [ 522.721445][T12542] veth1_vlan: entered promiscuous mode [ 523.549556][T12542] veth0_macvtap: entered promiscuous mode [ 523.588164][T12542] veth1_macvtap: entered promiscuous mode [ 523.716088][T12542] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 523.747075][T12542] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 523.764205][T12542] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 523.774913][T12542] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 523.796538][T12542] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 523.815393][T12542] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 523.833052][T12542] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 523.856269][T12542] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 523.878797][T12542] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 523.925046][T12542] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 523.945430][T12542] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 523.986236][T12542] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 524.004965][T12542] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 524.315493][T12542] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 524.327861][T12542] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 524.338099][T12542] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 524.348833][T12542] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 524.363427][T12542] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 524.373662][T12846] netlink: 'syz.1.2493': attribute type 12 has an invalid length. [ 524.377244][T12848] loop0: detected capacity change from 0 to 256 [ 524.381813][T12846] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.2493'. [ 524.426109][ T29] audit: type=1800 audit(1719857959.821:169): pid=12848 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2494" name="bus" dev="loop0" ino=1048657 res=0 errno=0 [ 524.500955][T12542] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 524.510691][T12542] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 524.519758][T12542] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 524.540297][T12542] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 524.602213][T12683] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 525.049448][ T6946] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 525.081982][ T6946] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 525.149582][T12683] veth0_vlan: entered promiscuous mode [ 525.208884][ T6802] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 525.224553][T12683] veth1_vlan: entered promiscuous mode [ 525.231089][ T6802] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 525.350458][T12683] veth0_macvtap: entered promiscuous mode [ 525.389479][T12683] veth1_macvtap: entered promiscuous mode [ 525.469345][T12683] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 525.505845][T12683] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 525.515740][T12683] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 525.565830][T12683] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 525.575748][T12683] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 525.615870][T12683] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 525.625815][T12683] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 525.664008][T12683] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 525.689156][T12683] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 525.709343][T12683] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 525.732870][T12683] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 525.767394][T12683] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 525.781000][T12683] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 525.806328][T12683] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 525.829100][T12683] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 525.850136][T12683] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 525.874919][T12683] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 525.901356][T12683] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 525.918009][T12683] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 525.957769][T12683] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 525.990917][T12683] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 526.024357][T12683] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 526.099537][T12683] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 526.126150][T12683] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 526.145354][T12683] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 526.157867][T12683] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 526.265019][T12867] loop1: detected capacity change from 0 to 2048 [ 526.407163][ T6804] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 526.415151][ T6804] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 526.431248][T12867] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 526.473652][T12861] loop0: detected capacity change from 0 to 32768 [ 526.503575][T12867] ext4 filesystem being mounted at /root/syzkaller.vDNFWR/320/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 526.505026][ T6802] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 526.545555][ T6802] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 526.608513][T12863] loop4: detected capacity change from 0 to 32768 [ 526.639638][T12861] XFS (loop0): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 526.744168][T12861] XFS (loop0): Ending clean mount [ 526.772099][T12861] XFS (loop0): Quotacheck needed: Please wait. [ 526.908788][T12861] XFS (loop0): Quotacheck: Done. [ 527.014736][ T9080] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 527.058990][T12863] bcachefs (loop4): mounting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,noshard_inode_numbers,noinodes_use_key_cache,gc_reserve_bytes=512 GiB,nojournal_transaction_names [ 527.109201][T12863] bcachefs (loop4): recovering from clean shutdown, journal seq 8 [ 527.139438][T12863] bcachefs (loop4): Doing compatible version upgrade from 1.7: mi_btree_bitmap to 1.9: disk_accounting_v2 [ 527.139438][T12863] running recovery passes: check_allocations [ 527.715136][T12863] bcachefs (loop4): accounting_read... done [ 527.745876][T12863] bcachefs (loop4): alloc_read... done [ 527.778725][T12863] bcachefs (loop4): stripes_read... done [ 527.805286][T12863] bcachefs (loop4): snapshots_read... done [ 527.838456][T12863] bcachefs (loop4): check_allocations... [ 527.856604][T12863] btree ptr not marked in member info btree allocated bitmap [ 527.856631][T12863] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 56308231fb2a3a03 written 24 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0, shutting down [ 527.922372][T12863] bcachefs (loop4): inconsistency detected - emergency read only at journal seq 8 [ 527.931941][T12863] bcachefs (loop4): bch2_gc_mark_key(): error fsck_errors_not_fixed [ 527.940260][T12863] bcachefs (loop4): bch2_gc_btree(): error fsck_errors_not_fixed [ 527.948338][T12863] bcachefs (loop4): bch2_gc_btrees(): error fsck_errors_not_fixed [ 527.959904][T12003] XFS (loop0): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 527.968896][T12863] bcachefs (loop4): bch2_check_allocations(): error fsck_errors_not_fixed [ 527.979918][T12863] bcachefs (loop4): bch2_fs_recovery(): error fsck_errors_not_fixed [ 527.994672][T12863] bcachefs (loop4): bch2_fs_start(): error starting filesystem fsck_errors_not_fixed [ 528.008403][T12863] bcachefs (loop4): shutting down [ 528.068013][T12863] bcachefs (loop4): shutdown complete [ 528.338740][T12911] netlink: 'syz.3.2505': attribute type 12 has an invalid length. [ 528.346845][T12911] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.2505'. [ 528.563404][T12921] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2511'. [ 528.613272][T12921] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2511'. [ 529.478973][T12937] program syz.4.2517 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 529.504485][T12937] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 529.569037][T12939] loop0: detected capacity change from 0 to 128 [ 530.088869][ T5149] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 530.335160][ T5149] usb 1-1: Using ep0 maxpacket: 32 [ 530.347951][ T5149] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 530.384144][ T5149] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 530.798032][ T5149] usb 1-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 530.812647][ T5149] usb 1-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 531.786188][ T5098] Bluetooth: hci1: command tx timeout [ 532.897648][ T5149] usb 1-1: Product: syz [ 533.196425][ T5149] usb 1-1: Manufacturer: syz [ 533.465586][ T5149] usb 1-1: can't set config #4, error -71 [ 533.476576][ T5149] usb 1-1: USB disconnect, device number 16 [ 533.876018][ T5107] Bluetooth: hci1: command 0x0406 tx timeout [ 535.010398][T13003] loop2: detected capacity change from 0 to 256 [ 536.585458][T13009] loop3: detected capacity change from 0 to 32768 [ 536.628077][T13009] XFS (loop3): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 536.791751][T13009] XFS (loop3): Ending clean mount [ 536.827542][T13009] XFS (loop3): Quotacheck needed: Please wait. [ 536.927290][T13009] XFS (loop3): Quotacheck: Done. [ 537.000824][T13017] loop2: detected capacity change from 0 to 32768 [ 537.167220][T12683] XFS (loop3): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 537.289122][T13017] bcachefs (loop2): mounting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,noshard_inode_numbers,noinodes_use_key_cache,gc_reserve_bytes=512 GiB,nojournal_transaction_names [ 537.316470][T13017] bcachefs (loop2): recovering from clean shutdown, journal seq 8 [ 537.332067][T13017] bcachefs (loop2): Doing compatible version upgrade from 1.7: mi_btree_bitmap to 1.9: disk_accounting_v2 [ 537.332067][T13017] running recovery passes: check_allocations [ 537.436993][T13017] bcachefs (loop2): accounting_read... done [ 537.443182][T13017] bcachefs (loop2): alloc_read... done [ 537.453357][T13017] bcachefs (loop2): stripes_read... done [ 537.475945][T13017] bcachefs (loop2): snapshots_read... done [ 537.483258][T13017] bcachefs (loop2): check_allocations... [ 537.508061][T13017] btree ptr not marked in member info btree allocated bitmap [ 537.508088][T13017] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 56308231fb2a3a03 written 24 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0, shutting down [ 537.586970][T13017] bcachefs (loop2): inconsistency detected - emergency read only at journal seq 8 [ 537.599514][T13017] bcachefs (loop2): bch2_gc_mark_key(): error fsck_errors_not_fixed [ 537.608446][T13017] bcachefs (loop2): bch2_gc_btree(): error fsck_errors_not_fixed [ 537.617948][T13017] bcachefs (loop2): bch2_gc_btrees(): error fsck_errors_not_fixed [ 537.646149][T13017] bcachefs (loop2): bch2_check_allocations(): error fsck_errors_not_fixed [ 537.670393][T13017] bcachefs (loop2): bch2_fs_recovery(): error fsck_errors_not_fixed [ 537.699247][T13017] bcachefs (loop2): bch2_fs_start(): error starting filesystem fsck_errors_not_fixed [ 537.763960][T13017] bcachefs (loop2): shutting down [ 537.859820][T13017] bcachefs (loop2): shutdown complete [ 539.212361][T13074] 9pnet_fd: p9_fd_create_unix (13074): address too long: ./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 540.557536][T13084] loop1: detected capacity change from 0 to 256 [ 541.530160][T13084] FAT-fs (loop1): Directory bread(block 64) failed [ 541.574484][T13084] FAT-fs (loop1): Directory bread(block 65) failed [ 541.606296][T13084] FAT-fs (loop1): Directory bread(block 66) failed [ 541.657013][T13084] FAT-fs (loop1): Directory bread(block 67) failed [ 541.663779][T13084] FAT-fs (loop1): Directory bread(block 68) failed [ 541.722626][T13084] FAT-fs (loop1): Directory bread(block 69) failed [ 541.756094][T13084] FAT-fs (loop1): Directory bread(block 70) failed [ 541.765336][T13084] FAT-fs (loop1): Directory bread(block 71) failed [ 541.792587][T13084] FAT-fs (loop1): Directory bread(block 72) failed [ 541.812602][T13084] FAT-fs (loop1): Directory bread(block 73) failed [ 543.175711][T13103] loop4: detected capacity change from 0 to 32768 [ 543.413515][T13103] bcachefs (loop4): mounting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,noshard_inode_numbers,noinodes_use_key_cache,gc_reserve_bytes=512 GiB,nojournal_transaction_names [ 543.454534][T13103] bcachefs (loop4): recovering from clean shutdown, journal seq 8 [ 543.464324][T13103] bcachefs (loop4): Doing compatible version upgrade from 1.7: mi_btree_bitmap to 1.9: disk_accounting_v2 [ 543.464324][T13103] running recovery passes: check_allocations [ 543.524502][T13103] bcachefs (loop4): accounting_read... done [ 543.531718][T13103] bcachefs (loop4): alloc_read... done [ 543.537535][T13103] bcachefs (loop4): stripes_read... done [ 543.543386][T13103] bcachefs (loop4): snapshots_read... done [ 543.552306][T13103] bcachefs (loop4): check_allocations... [ 543.559930][T13103] btree ptr not marked in member info btree allocated bitmap [ 543.559959][T13103] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 56308231fb2a3a03 written 24 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0, shutting down [ 543.627364][T13103] bcachefs (loop4): inconsistency detected - emergency read only at journal seq 8 [ 543.647879][T13103] bcachefs (loop4): bch2_gc_mark_key(): error fsck_errors_not_fixed [ 543.665181][T13103] bcachefs (loop4): bch2_gc_btree(): error fsck_errors_not_fixed [ 543.689565][T13103] bcachefs (loop4): bch2_gc_btrees(): error fsck_errors_not_fixed [ 543.714690][T13103] bcachefs (loop4): bch2_check_allocations(): error fsck_errors_not_fixed [ 543.729091][T13103] bcachefs (loop4): bch2_fs_recovery(): error fsck_errors_not_fixed [ 543.747038][T13103] bcachefs (loop4): bch2_fs_start(): error starting filesystem fsck_errors_not_fixed [ 543.759155][T13103] bcachefs (loop4): shutting down [ 543.797152][T13103] bcachefs (loop4): shutdown complete [ 546.468061][T13231] loop3: detected capacity change from 0 to 164 [ 546.522241][T13231] Unable to read rock-ridge attributes [ 546.680111][T13236] syz.3.2610[13236] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 546.682620][T13236] syz.3.2610[13236] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 547.494193][T13238] input: syz0 as /devices/virtual/input/input25 [ 548.319653][T13250] Bluetooth: MGMT ver 1.23 [ 548.446299][ T5149] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 548.716069][ T5149] usb 3-1: Using ep0 maxpacket: 16 [ 548.778143][ T5149] usb 3-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=9c.15 [ 548.790443][ T5149] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 548.807669][ T5149] usb 3-1: Product: syz [ 548.813224][ T5149] usb 3-1: Manufacturer: syz [ 548.824135][ T5149] usb 3-1: SerialNumber: syz [ 548.979343][ T5149] usb 3-1: config 0 descriptor?? [ 549.036700][ T5149] ssu100 3-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected [ 549.039595][ T29] audit: type=1326 audit(1719857984.371:170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13254 comm="syz.4.2619" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f79ec375b99 code=0x0 [ 550.094686][T13262] loop3: detected capacity change from 0 to 1024 [ 550.149727][T13262] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (62631!=20869) [ 550.190118][T13262] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 550.261428][T13262] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 550.396608][ T5149] ssu100 3-1:0.0: probe with driver ssu100 failed with error -71 [ 550.417544][ T5149] usb 3-1: USB disconnect, device number 16 [ 550.442080][T12683] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 550.537511][T13274] loop4: detected capacity change from 0 to 164 [ 550.588404][T13274] Unable to read rock-ridge attributes [ 550.755344][T13281] syz.4.2624[13281] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 550.755541][T13281] syz.4.2624[13281] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 552.263955][T13291] loop1: detected capacity change from 0 to 32768 [ 552.290316][T13310] netlink: 'syz.3.2640': attribute type 12 has an invalid length. [ 552.298580][T13310] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.2640'. [ 552.375980][ T5149] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 552.509663][T13291] bcachefs (loop1): mounting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,noshard_inode_numbers,noinodes_use_key_cache,gc_reserve_bytes=512 GiB,nojournal_transaction_names [ 552.530500][T13291] bcachefs (loop1): recovering from clean shutdown, journal seq 8 [ 552.538657][T13291] bcachefs (loop1): Doing compatible version upgrade from 1.7: mi_btree_bitmap to 1.9: disk_accounting_v2 [ 552.538657][T13291] running recovery passes: check_allocations [ 552.578886][T13291] bcachefs (loop1): accounting_read... done [ 552.586245][T13291] bcachefs (loop1): alloc_read... done [ 552.603432][ T5149] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 552.622463][ T5149] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21 [ 552.646057][ T5149] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 552.646407][T13291] bcachefs (loop1): stripes_read... [ 552.655336][ T5149] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 552.687792][T13291] done [ 552.696774][T13291] bcachefs (loop1): snapshots_read... done [ 552.704199][ T5149] usb 5-1: config 0 descriptor?? [ 552.728048][T13291] bcachefs (loop1): check_allocations... [ 552.739977][T13291] btree ptr not marked in member info btree allocated bitmap [ 552.740005][T13291] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 56308231fb2a3a03 written 24 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0, shutting down [ 552.757634][ T5149] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 552.783930][T13291] bcachefs (loop1): inconsistency detected - emergency read only at journal seq 8 [ 552.833473][T13291] bcachefs (loop1): bch2_gc_mark_key(): error fsck_errors_not_fixed [ 552.844266][T13291] bcachefs (loop1): bch2_gc_btree(): error fsck_errors_not_fixed [ 552.864353][T13291] bcachefs (loop1): bch2_gc_btrees(): error fsck_errors_not_fixed [ 552.905975][T13291] bcachefs (loop1): bch2_check_allocations(): error fsck_errors_not_fixed [ 552.950130][T13291] bcachefs (loop1): bch2_fs_recovery(): error fsck_errors_not_fixed [ 552.979122][T13291] bcachefs (loop1): bch2_fs_start(): error starting filesystem fsck_errors_not_fixed [ 553.020483][T13291] bcachefs (loop1): shutting down [ 553.067383][T13291] bcachefs (loop1): shutdown complete [ 553.980854][ C1] TCP: request_sock_TCP: Possible SYN flooding on port [::]:2. Sending cookies. [ 555.072585][T13377] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2658'. [ 555.102204][ T5149] usb 5-1: USB disconnect, device number 16 [ 555.436990][T13382] ptrace attach of "./syz-executor exec"[12542] was attempted by "./syz-executor exec"[13382] [ 556.255478][T13390] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2667'. [ 557.336234][ T5228] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 557.384614][T13413] netlink: 'syz.3.2677': attribute type 12 has an invalid length. [ 557.395247][T13413] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.2677'. [ 557.538459][ T5228] usb 5-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config [ 557.554256][T13415] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2675'. [ 557.589719][ T5228] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21 [ 557.655213][ T5228] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 557.768653][T13418] loop0: detected capacity change from 0 to 16 [ 557.798424][ T5228] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 557.812941][T13418] erofs: (device loop0): mounted with root inode @ nid 36. [ 557.822015][ T5228] usb 5-1: config 0 descriptor?? [ 557.832629][ T5228] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 559.445540][T13416] loop1: detected capacity change from 0 to 32768 [ 559.739334][T13416] bcachefs (loop1): mounting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,noshard_inode_numbers,noinodes_use_key_cache,gc_reserve_bytes=512 GiB,nojournal_transaction_names [ 559.761332][T13416] bcachefs (loop1): recovering from clean shutdown, journal seq 8 [ 559.774078][T13416] bcachefs (loop1): Doing compatible version upgrade from 1.7: mi_btree_bitmap to 1.9: disk_accounting_v2 [ 559.774078][T13416] running recovery passes: check_allocations [ 559.820024][T13416] bcachefs (loop1): accounting_read... done [ 559.827485][T13416] bcachefs (loop1): alloc_read... done [ 559.833290][T13416] bcachefs (loop1): stripes_read... done [ 559.839614][T13416] bcachefs (loop1): snapshots_read... done [ 559.846606][T13416] bcachefs (loop1): check_allocations... [ 559.849139][T13416] btree ptr not marked in member info btree allocated bitmap [ 559.849165][T13416] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 56308231fb2a3a03 written 24 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0, shutting down [ 559.894244][T13452] loop3: detected capacity change from 0 to 16 [ 559.899423][T13416] bcachefs (loop1): inconsistency detected - emergency read only at journal seq 8 [ 559.914880][T13416] bcachefs (loop1): bch2_gc_mark_key(): error fsck_errors_not_fixed [ 559.923081][T13416] bcachefs (loop1): bch2_gc_btree(): error fsck_errors_not_fixed [ 559.931150][T13416] bcachefs (loop1): bch2_gc_btrees(): error fsck_errors_not_fixed [ 559.943936][T13416] bcachefs (loop1): bch2_check_allocations(): error fsck_errors_not_fixed [ 559.953008][T13416] bcachefs (loop1): bch2_fs_recovery(): error fsck_errors_not_fixed [ 559.962781][T13416] bcachefs (loop1): bch2_fs_start(): error starting filesystem fsck_errors_not_fixed [ 559.963646][T13452] erofs: (device loop3): EXPERIMENTAL EROFS subpage compressed block support in use. Use at your own risk! [ 559.983084][T13416] bcachefs (loop1): shutting down [ 559.988289][T13452] erofs: (device loop3): mounted with root inode @ nid 36. [ 559.990762][ T5228] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 560.013954][T13452] erofs: (device loop3): z_erofs_read_folio: read error -117 @ 0 of nid 36 [ 560.043933][T13416] bcachefs (loop1): shutdown complete [ 560.204316][ T5228] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 560.224559][ T5228] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 560.237421][ T5228] usb 1-1: config 1 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 560.280868][ T5228] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 560.369195][ T59] usb 5-1: USB disconnect, device number 17 [ 560.396700][ T5228] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 560.438712][ T5228] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 560.459005][ T5228] usb 1-1: SerialNumber: syz [ 560.995007][T13468] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2690'. [ 561.056265][ T5228] usb 1-1: 0:2 : does not exist [ 561.282842][ T5228] usb 1-1: unit 5 not found! [ 561.556390][ T5228] usb 1-1: USB disconnect, device number 17 [ 562.042363][ T5107] Bluetooth: hci1: ACL packet for unknown connection handle 201 [ 562.042608][T13476] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000007: 0000 [#1] PREEMPT SMP KASAN PTI [ 562.042634][T13476] KASAN: null-ptr-deref in range [0x0000000000000038-0x000000000000003f] [ 562.042654][T13476] CPU: 0 UID: 0 PID: 13476 Comm: syz.2.2696 Not tainted 6.10.0-rc6-next-20240701-syzkaller #0 [ 562.042679][T13476] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 562.042693][T13476] RIP: 0010:dev_map_redirect+0x65/0x6a0 [ 562.042740][T13476] Code: 48 c1 e8 03 80 3c 28 00 74 08 48 89 df e8 f3 b2 3d 00 4c 8b 2b 4d 8d 7d 38 4c 89 fb 48 c1 eb 03 48 b8 00 00 00 00 00 fc ff df <0f> b6 04 03 84 c0 0f 85 6e 04 00 00 41 8b 2f 89 ee 83 e6 02 31 ff [ 562.042760][T13476] RSP: 0018:ffffc9000483f088 EFLAGS: 00010202 [ 562.042781][T13476] RAX: dffffc0000000000 RBX: 0000000000000007 RCX: 0000000000040000 [ 562.042798][T13476] RDX: ffffc90009a9a000 RSI: 00000000000004bc RDI: 00000000000004bd [ 562.042814][T13476] RBP: dffffc0000000000 R08: 0000000000000007 R09: ffffffff81b5e80f [ 562.042832][T13476] R10: 0000000000000004 R11: ffff888022d49e00 R12: 000000000483f0d8 [ 562.042848][T13476] R13: 0000000000000000 R14: 0000000000000008 R15: 0000000000000038 [ 562.042862][T13476] FS: 00007f91a35f06c0(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000 [ 562.042883][T13476] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 562.042899][T13476] CR2: 000000110c2a246b CR3: 0000000023d08000 CR4: 00000000003506f0 [ 562.042921][T13476] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 562.042936][T13476] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 562.042952][T13476] Call Trace: [ 562.042961][T13476] [ 562.042970][T13476] ? __die_body+0x88/0xe0 [ 562.043006][T13476] ? die_addr+0x108/0x140 [ 562.043042][T13476] ? exc_general_protection+0x3dd/0x5d0 [ 562.043084][T13476] ? asm_exc_general_protection+0x26/0x30 [ 562.043112][T13476] ? bpf_ringbuf_query+0x4f/0x150 [ 562.043143][T13476] ? dev_map_redirect+0x65/0x6a0 [ 562.043169][T13476] ? dev_map_redirect+0x28/0x6a0 [ 562.043197][T13476] bpf_prog_ec9efaa32d58ce69+0x56/0x5a [ 562.043219][T13476] bpf_prog_run_generic_xdp+0x679/0x14c0 [ 562.043268][T13476] do_xdp_generic+0x673/0xb90 [ 562.043295][T13476] ? __pfx_validate_chain+0x10/0x10 [ 562.043337][T13476] ? __pfx_do_xdp_generic+0x10/0x10 [ 562.043376][T13476] __netif_receive_skb_core+0x1be6/0x4570 [ 562.043409][T13476] ? mark_lock+0x9a/0x360 [ 562.043455][T13476] ? __pfx___netif_receive_skb_core+0x10/0x10 [ 562.043550][T13476] ? mark_lock+0x9a/0x360 [ 562.043602][T13476] ? __lock_acquire+0x1359/0x2000 [ 562.043652][T13476] __netif_receive_skb+0x12f/0x650 [ 562.043687][T13476] ? __pfx_lock_acquire+0x10/0x10 [ 562.043716][T13476] ? seqcount_lockdep_reader_access+0x1d7/0x220 [ 562.043747][T13476] ? __pfx___netif_receive_skb+0x10/0x10 [ 562.043777][T13476] ? __kasan_slab_alloc+0x66/0x80 [ 562.043814][T13476] ? read_tsc+0x9/0x20 [ 562.043847][T13476] ? timekeeping_get_ns+0x2c0/0x420 [ 562.043882][T13476] ? netif_receive_skb+0x131/0x890 [ 562.043913][T13476] ? netif_receive_skb+0x131/0x890 [ 562.043943][T13476] netif_receive_skb+0x1e8/0x890 [ 562.043976][T13476] ? tun_rx_batched+0x160/0x8f0 [ 562.044013][T13476] ? __pfx_netif_receive_skb+0x10/0x10 [ 562.044050][T13476] ? tun_rx_batched+0x160/0x8f0 [ 562.044087][T13476] tun_rx_batched+0x1b7/0x8f0 [ 562.044124][T13476] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 562.044159][T13476] ? __pfx_lock_acquire+0x10/0x10 [ 562.044189][T13476] ? __pfx_tun_rx_batched+0x10/0x10 [ 562.044239][T13476] tun_get_user+0x2f3b/0x4560 [ 562.044280][T13476] ? tun_get_user+0x2a35/0x4560 [ 562.044327][T13476] ? __pfx_tun_get_user+0x10/0x10 [ 562.044369][T13476] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 562.044408][T13476] ? tun_get+0x1e/0x2f0 [ 562.044455][T13476] ? tun_get+0x1e/0x2f0 [ 562.044510][T13476] ? tun_get+0x27d/0x2f0 [ 562.044551][T13476] tun_chr_write_iter+0x113/0x1f0 [ 562.044591][T13476] vfs_write+0xa72/0xc90 [ 562.044617][T13476] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 562.044654][T13476] ? __pfx_vfs_write+0x10/0x10 [ 562.044675][T13476] ? do_futex+0x392/0x560 [ 562.044720][T13476] ksys_write+0x1a0/0x2c0 [ 562.044745][T13476] ? __pfx_ksys_write+0x10/0x10 [ 562.044769][T13476] ? do_syscall_64+0x100/0x230 [ 562.044805][T13476] ? do_syscall_64+0xb6/0x230 [ 562.044840][T13476] do_syscall_64+0xf3/0x230 [ 562.044874][T13476] ? clear_bhb_loop+0x35/0x90 [ 562.044900][T13476] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 562.044927][T13476] RIP: 0033:0x7f91a277471f [ 562.044950][T13476] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 29 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 7c 8c 02 00 48 [ 562.044970][T13476] RSP: 002b:00007f91a35f0010 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 562.044997][T13476] RAX: ffffffffffffffda RBX: 00007f91a2903fa0 RCX: 00007f91a277471f [ 562.045016][T13476] RDX: 000000000000002a RSI: 0000000020000300 RDI: 00000000000000c8 [ 562.045031][T13476] RBP: 00007f91a27f677e R08: 0000000000000000 R09: 0000000000000000 [ 562.045048][T13476] R10: 000000000000002a R11: 0000000000000293 R12: 0000000000000000 [ 562.045062][T13476] R13: 000000000000000b R14: 00007f91a2903fa0 R15: 00007ffef99a1428 [ 562.045089][T13476] [ 562.045112][T13476] Modules linked in: [ 562.045221][T13476] ---[ end trace 0000000000000000 ]--- [ 562.045245][T13476] RIP: 0010:dev_map_redirect+0x65/0x6a0 [ 562.597212][T13476] Code: 48 c1 e8 03 80 3c 28 00 74 08 48 89 df e8 f3 b2 3d 00 4c 8b 2b 4d 8d 7d 38 4c 89 fb 48 c1 eb 03 48 b8 00 00 00 00 00 fc ff df <0f> b6 04 03 84 c0 0f 85 6e 04 00 00 41 8b 2f 89 ee 83 e6 02 31 ff [ 562.620652][T13476] RSP: 0018:ffffc9000483f088 EFLAGS: 00010202 [ 562.626962][T13476] RAX: dffffc0000000000 RBX: 0000000000000007 RCX: 0000000000040000 [ 562.635073][T13476] RDX: ffffc90009a9a000 RSI: 00000000000004bc RDI: 00000000000004bd [ 562.643136][T13476] RBP: dffffc0000000000 R08: 0000000000000007 R09: ffffffff81b5e80f [ 562.651214][T13476] R10: 0000000000000004 R11: ffff888022d49e00 R12: 000000000483f0d8 [ 562.659371][T13476] R13: 0000000000000000 R14: 0000000000000008 R15: 0000000000000038 [ 562.668219][T13476] FS: 00007f91a35f06c0(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000 [ 562.677538][T13476] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 562.684798][T13476] CR2: 000000110c2a246b CR3: 0000000023d08000 CR4: 00000000003526f0 [ 562.693465][T13476] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 562.702037][T13476] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 562.710109][T13476] Kernel panic - not syncing: Fatal exception in interrupt [ 562.717740][T13476] Kernel Offset: disabled [ 562.722078][T13476] Rebooting in 86400 seconds..