last executing test programs: 28.673753425s ago: executing program 4: syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x1a3c82) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x0, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_open_dev$sg(&(0x7f0000000280), 0x0, 0x0) 27.470659148s ago: executing program 4: socket$nl_route(0x10, 0x3, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x24e080, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00'}) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)) pselect6(0x0, 0x0, 0x0, &(0x7f0000000040)={0x403, 0x6, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x4000000000000}, 0x0, 0x0) write$tun(0xffffffffffffffff, &(0x7f0000000580)=ANY=[], 0xfdef) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.idle_time\x00', 0x26e1, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x2c00) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r0 = getpid() r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), 0xffffffffffffffff) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)={0x24, r1, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_PID={0x8, 0x1c, r0}, @NL802154_ATTR_WPAN_PHY={0x8}]}, 0x24}}, 0x0) 27.142885303s ago: executing program 0: prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000100), 0x40, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) open(&(0x7f0000000040)='./bus\x00', 0x0, 0x60) syz_mount_image$hfs(&(0x7f0000002c80), &(0x7f0000000080)='./file1\x00', 0x4490, &(0x7f0000002cc0)=ANY=[], 0xfd, 0x278, &(0x7f0000000780)="$eJzs3c9qE1EUx/HfnaRttKVO/4ggrqoFV9LWjbgpSN/AjStRmwjFUEErqKvqWnwA976CD+DSlbgW3LnyAbKL3DM3ZpJmMnFoOkn6/UBC0rln5tzMnd57ppQIwLl1b+/X59u//cNJFVUk3ZUiSTWpKumyrtReHR4dHDUb9WE7qliEfzglke5Em/3DxqBQH2cRQezfVbWU/hnGo/ZTx2XngPLZ1T9AJC2Eq9O21848s/E474PetdTSay2XnQcAoFxh/o/CPL8U1u9RJG2Gab93/p/yCbRVdgJj9jVne2r+tyqr7fz5vWSbuvWelXB+e9SpEovkMq9kZPUsMF1eVWm5RBeeHjQbt/afN+uR3ms3mOs2W7fnejJ0O9LZvju5640BtekQxfu+aH2Y833YSeefarJ2ukfM57657+6hi/VJ9X/rv2rb+dNkZyruO1NJ/lvZe7RezstaZfRyxQ5yNRwhGNrLijIqEnVG1Ip6bxDEeXla1GpfVNK77ZyotYFROzlR6/1R3dGcHTlu7qN74Db0R1+0l1r/R/7T3tQoV6ZvYy3DyBjan6q1jG0+CVfd8bWBLaOiPUIBH/REd7T88s3bZ4+bzcaLmX3hr8QJSGOiXnQGwaTkM7Mv/IdcytE7807x/ZT2mwlnqHvS/zOQv83MCr/uckn9l6pXtmyx5p/i3nX6Qjq2nbfz1B63M2qDVXu+mF3B9XB262Exu4Ibtea6flO6McoRE3HIc/LsFglye/qhR9z/BwAAAAAAAAAAAAAAAAAAmDan9y8HNWVtKruPAAAAAAAAAAAAAAAAAAAAAABMu4n7/t/7St7x/b/A2P0NAAD//1Bodro=") socket$xdp(0x2c, 0x3, 0x0) r1 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={0x0}, 0x20) ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r0, 0x541b, 0x0) setsockopt$XDP_UMEM_COMPLETION_RING(r1, 0x11b, 0x6, &(0x7f0000000080), 0x4) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./bus\x00', 0x42, 0x0) write$FUSE_WRITE(r2, &(0x7f00000000c0)={0x18}, 0xfffffdef) 26.002249972s ago: executing program 4: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r0, &(0x7f0000000300)=ANY=[], 0x6) 25.874607817s ago: executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000140)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{0x5}]}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000440)={[], 0x0, 0x205}) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x10, r3, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 25.537745894s ago: executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000011c0)={'vxcan0\x00', 0x0}) ioperm(0x0, 0xfe, 0x0) r2 = gettid() vmsplice(0xffffffffffffffff, &(0x7f0000000300)=[{0x0}], 0x1, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000040)=[{&(0x7f00000000c0)='c', 0x1}], 0x1, 0x0) timer_settime(0x0, 0x1, 0x0, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) ptrace$poke(0xffffffffffffffff, r2, &(0x7f0000000000), 0x80000001) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$BATADV_CMD_GET_BLA_CLAIM(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) getsockopt$inet_mptcp_buf(0xffffffffffffffff, 0x11c, 0x2, &(0x7f00000000c0)=""/63, &(0x7f0000000100)=0x14) connect$can_j1939(0xffffffffffffffff, 0x0, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x0, 0x7, 0x0, 0x9, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000640)={0x6, 0x1a, &(0x7f0000000340)=ANY=[], &(0x7f0000000440)='GPL\x00', 0x6, 0x1000, &(0x7f0000002200)=""/4096, 0x40f00, 0x1, '\x00', r1, 0x25, 0xffffffffffffffff, 0x8, &(0x7f00000005c0)={0x6, 0x4}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, r4, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='tlb_flush\x00'}, 0x10) r5 = userfaultfd(0x80001) ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, 0x0) ioctl$UFFDIO_COPY(r5, 0xc028aa03, &(0x7f0000000000)={&(0x7f000067d000/0x2000)=nil, &(0x7f000053d000/0x1000)=nil, 0x2000}) ioctl$UFFDIO_COPY(r5, 0xc028aa05, 0x0) writev(0xffffffffffffffff, &(0x7f0000000240), 0x0) bind$can_j1939(0xffffffffffffffff, &(0x7f0000000040)={0x1d, r1, 0x3, {0x0, 0x1}, 0xfd}, 0xffffffffffffff42) r6 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r6, 0x8933, &(0x7f0000000240)={'vxcan0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=@getchain={0x24, 0x11, 0x839, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {0x0, 0x7}, {0x6}, {0x0, 0x9}}}, 0x24}}, 0x0) 24.825179426s ago: executing program 0: prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-3way\x00'}, 0x58) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f00000000c0), 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) sendmsg$nl_route_sched(r0, 0x0, 0x10) ioctl$MON_IOCG_STATS(0xffffffffffffffff, 0xc0109207, &(0x7f0000000180)) setuid(0x0) getegid() r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000020c0)={&(0x7f00000001c0)=@newqdisc={0x54, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x1}, {}, {0xe}}, [@TCA_INGRESS_BLOCK={0x8}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}}, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0xc0241, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) write$tun(0xffffffffffffffff, 0x0, 0xfdef) bind$inet(r2, &(0x7f0000000000)={0x2, 0x4e21, @local}, 0x10) connect$inet(r2, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) recvmsg(r2, 0x0, 0x120) lstat(&(0x7f0000000d40)='./file0\x00', &(0x7f0000000d80)) 22.805654345s ago: executing program 0: open(0x0, 0x0, 0x0) sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_GET(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r1, &(0x7f00000103c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r1, &(0x7f0000000040)={0x50, 0x0, r2, {0x7, 0x1f, 0x0, 0x10408}}, 0x50) syz_fuse_handle_req(r1, &(0x7f000000e3c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r3 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x80101, 0x0) write$tcp_congestion(r3, &(0x7f00000000c0)='lp\x00', 0xfffffdef) dup2(r3, 0xffffffffffffffff) ioctl$UFFDIO_CONTINUE(0xffffffffffffffff, 0x541b, 0x0) madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17) creat(&(0x7f0000000300)='./bus\x00', 0x0) 19.507699904s ago: executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000008c0)={'wlan0\x00'}) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000680), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000002100000008000300", @ANYRES32=r3], 0x30}}, 0x0) 18.309723147s ago: executing program 0: socket$inet_udp(0x2, 0x2, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) socket$inet6_udplite(0xa, 0x2, 0x88) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'wlan1\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=@newlink={0x28, 0x10, 0x401, 0x0, 0x0, {0x0, 0x48, 0x0, r3}, [@IFLA_MTU={0x8, 0x4, 0x100}]}, 0x28}}, 0x0) setsockopt$packet_drop_memb(r0, 0x107, 0x2, &(0x7f0000000180)={r3, 0x1, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x2c}}, 0x10) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001980)={0x1, 0x3, &(0x7f00000013c0)=@framed, &(0x7f0000001400)='syzkaller\x00'}, 0x80) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000040)={r5, 0x108, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffcd, 0xffffffffffffff2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x14, &(0x7f0000000340)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}}, @printk={@lli, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x71}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r6, 0x0, 0x10, 0x10, &(0x7f00000002c0)="0000ffffffffa000", &(0x7f0000000300)=""/8, 0xa00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) r7 = syz_usb_connect$hid(0x0, 0x49, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x1d34, 0xa, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r7, 0x0, 0x0) syz_usb_control_io$hid(r7, &(0x7f0000000240)={0x24, 0x0, 0x0, &(0x7f0000000000)={0x0, 0x22, 0x5, {[@main=@item_4={0x3, 0x0, 0x0, "6f7f5e18"}]}}, 0x0}, 0x0) syz_usb_control_io$hid(r7, 0x0, 0x0) 10.501524077s ago: executing program 1: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r0, 0x40086602, 0xb08e59c2790000) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) socket$alg(0x26, 0x5, 0x0) syz_open_dev$vim2m(0x0, 0x8000, 0x2) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'wp512\x00'}, 0x58) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000480)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000300)) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r3 = dup3(r2, r1, 0x0) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000000040)) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000500)={0x5c, 0x0, &(0x7f0000000980)=[@clear_death={0x400c630f, 0x1}, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000740)={0x30, 0x30, 0x30}}}], 0x0, 0x0, 0x0}) 10.006905471s ago: executing program 2: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0xfff, 0x3}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000000002000000000000000000018190000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r1}, 0x10) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) recvmsg$unix(r2, &(0x7f0000000400)={&(0x7f0000000180)=@abs, 0x6e, &(0x7f0000000300)=[{&(0x7f0000000200)=""/47, 0x2f}], 0x300, &(0x7f0000000340), 0x0, 0x8d000000}, 0x0) 9.984481835s ago: executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c012500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000800000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112}) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000200)='qdisc_reset\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000200)='qdisc_reset\x00', r2}, 0x10) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000180)={'rose0\x00', 0x112}) ioctl$TUNSETQUEUE(r3, 0x400454d9, &(0x7f0000000100)={'vlan0\x00', 0x400}) 9.025807174s ago: executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000140)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{0x5}]}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000440)={[], 0x0, 0x205}) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 8.296964802s ago: executing program 1: r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) r1 = eventfd(0x0) r2 = fcntl$dupfd(r1, 0x0, r1) write$FUSE_ATTR(r2, &(0x7f0000000240)={0x78, 0xffffffffffffffda}, 0x78) write$cgroup_devices(r2, &(0x7f0000000080)=ANY=[@ANYRESOCT], 0x8) close(r2) openat$full(0xffffffffffffff9c, &(0x7f0000000280), 0x80801, 0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) rt_sigreturn() mlockall(0x1) mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil) 7.506261297s ago: executing program 2: r0 = gettid() r1 = signalfd(0xffffffffffffffff, &(0x7f0000000140), 0x8) readv(r1, 0x0, 0x0) close(r1) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) rt_sigreturn() openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) poll(0x0, 0x0, 0x64) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) r2 = msgget$private(0x0, 0x0) msgrcv(r2, 0x0, 0x0, 0x0, 0x0) mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0) 6.378178704s ago: executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) rt_sigreturn() rt_sigreturn() mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x0, &(0x7f0000ffd000/0x1000)=nil) syz_open_pts(r0, 0x0) 6.026135574s ago: executing program 2: r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) rt_sigprocmask(0x0, &(0x7f0000000200)={[0xfffffbfd]}, 0x0, 0x8) prlimit64(0x0, 0x1, &(0x7f0000000080), 0x0) r1 = eventfd(0x0) r2 = fcntl$dupfd(r1, 0x0, r1) write$FUSE_ATTR(r2, &(0x7f00000000c0)={0x78, 0xfffffffffffffff5}, 0x78) write$cgroup_devices(r2, &(0x7f0000000240)=ANY=[@ANYBLOB="01202a3a8a"], 0x8) close(r2) creat(&(0x7f0000003d80)='./file0\x00', 0x0) rt_sigreturn() futex(&(0x7f0000000700)=0x2, 0x0, 0x2, &(0x7f0000000740)={0x0, 0x3938700}, 0x0, 0x0) rt_sigreturn() timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x77359400}, {0x0, 0x3938700}}, 0x0) mlockall(0x1) mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil) pipe(0x0) 5.260292929s ago: executing program 3: semget$private(0x0, 0x4, 0x0) r0 = shmget$private(0x0, 0x3000, 0x0, &(0x7f0000ffa000/0x3000)=nil) semctl$GETNCNT(r0, 0x0, 0xe, 0x0) 4.690377194s ago: executing program 3: r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{}, {0x0, 0x989680}}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) write$binfmt_script(r1, &(0x7f0000000340), 0xffffff46) sendmsg$unix(r1, &(0x7f0000000640)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f00000001c0)='D', 0x1}], 0x1}, 0x0) close(r1) socket$inet6_icmp(0xa, 0x2, 0x3a) rt_sigreturn() futex(&(0x7f0000000700)=0x2, 0x0, 0x2, &(0x7f0000000740)={0x0, 0x3938700}, 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{}, {0x0, 0x989680}}, 0x0) rt_sigreturn() mlockall(0x1) mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil) syz_open_pts(0xffffffffffffffff, 0x0) 3.676957541s ago: executing program 3: poll(0x0, 0x0, 0x100) write$P9_RSETATTR(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x69ff9a93bfc25838) rt_sigreturn() mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4) mknod(&(0x7f0000000000)='./file0\x00', 0x1000, 0x0) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/system', 0x0, 0x0) 3.169201492s ago: executing program 1: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r0, 0x40086602, 0xb08e59c2790000) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) socket$alg(0x26, 0x5, 0x0) syz_open_dev$vim2m(0x0, 0x8000, 0x2) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'wp512\x00'}, 0x58) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000480)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000300)) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) dup3(r2, r1, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000500)={0x5c, 0x0, &(0x7f0000000980)=[@clear_death={0x400c630f, 0x1}, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000740)={0x30, 0x30, 0x30}}}], 0x0, 0x0, 0x0}) 3.052154923s ago: executing program 3: sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) eventfd2(0x0, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, 0x0, 0x0) gettid() timer_create(0x0, 0x0, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) preadv2(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x1000, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) 2.938072923s ago: executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) poll(0x0, 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe2$9p(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RSETATTR(r1, &(0x7f0000000000)={0x7}, 0x69ff9a93bfc25838) r2 = dup(r1) write$cgroup_netprio_ifpriomap(r2, 0x0, 0x0) r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000100), 0x40001, 0x0) dup3(r3, r2, 0x0) 2.544675216s ago: executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000140)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{0x5}]}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000440)={[], 0x0, 0x205}) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r3, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 2.28186784s ago: executing program 4: syz_mount_image$bcachefs(&(0x7f0000002040), &(0x7f0000002080)='./bus\x00', 0x0, &(0x7f0000000040)=ANY=[@ANYRESOCT], 0x1, 0x5b34, &(0x7f000000ac40)="$eJzs3Q2MHNWdIPCq7hm7x2ObMQngmA8PYHyGCzDG5ACLKAOnALnEhEBikkCwHTw2Q/wBnnEMTogNUkhEOM7SnRIuUhBCicQJIXKLNpuPjUy0hGjDRrGUZU12N0sEiTbsijgikHgxilczXdUzXdOvq6a7xzHw+8me6qp5/X/v/+pNTdXrmu4IAACAt4SnPj/yhysXvffHdw29uuuK726+M+otj2+vpAX6kuVtf64WciTN7lo4vsyOiz2Ds556z70fePZrn/jG8y8sWLb86zdfdujWuavuuWfwZxcc+smf7siLm46nMyfW45fiKDr5p8u+fPcPnz5hbFscRVE57tsdRQvi0g8WxOlzu5Lla1EUra+1sz7+46+u2DC23P2l2XXbj8m0w3h/a6sk4+wL39960m/OuezZvT+/9NWBymvbdk8UiSuTxlMUzV87+fndURT1JP/HpKNtYfrkZHlVFEVzJj3vwpx2nVaw/WcH1hcly1nJsjcnTvr9UzPr3QXb0ZVZVgo+r1WlGY6fSvff3BmuPw5sT+tZkCy/lSzPnGb8cvo/jkpx1FWrblM8MUaiSfstjuLxfT+xXqobC3FmbMRRFGfWS5n1cncmr/F6k4FWjuP67Wm5zPb+ZHtXsv3UnLF2TWD7O9J8kx/Ug5n8s0F7pzyo5TUubdcvm7TlSChNOgY12p62t5LsjN5kW2987JTnHG4g/d7qF+577PmdDyzpC7Qj/macxI9biv/M5ov2L935iwMLQ/HXlpL4pZbij5zz8qMvXv2jE4Lx96Txyy3Ff+78pV/53q4dB4P987u0f7pail9eedah5XcNrA62/8E0fqWl+A9d+shX57/ryUeD7R9I+6entf4Z3v76dQ8fdyAYP0rjz2kp/iWvHH/Gyq2PbAzGfyLtn96W4j89Mrzq7psW7+gPxd+Xxp/XUvzTfnX9dXv3Dz0XbP9g2j99LcV/95JLrlp1YMu9oWNnvPtI/YYFeHN6W3KO9cVkvdXrzHZNul64vy+unvPNTf7PK3eypnpj9cyfufAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvEU91Ld+6E/fOeX1rmR9dvLglHJ1mW6fFUVxTxRFI6Prto0Ob9nYf/PW7du2rNvUv260f2jL6Lbb+89/Z/+2oVs2rbt97LsDZ6+oPu/YKK4u45On1H348OHDpb76bWl9n7rgfz/ef8r+f4yigeN+dkpXsP0fvGPRf1/Q4GtGPHh40/8644YX5/7t9uqGvqRdfYF2RYF2XfzwSyt/892e/xlFA8c3a9e/Lrv8h3UNGt8wESdRmh2Vxh/Mjuc0bEet1Ul70v7q2jC8aWggv3/LgTx+ffAvPrJj5Mbd1f6tBPMo2L89g4f/uOXbT9x48c6rqhuO1v2e199pFmn70v6rJP09P8lrfiCvrkBed59x6r/8w//d/NLuaKDr94un1p2XV3cyALrjdxSqN61hTlzfJ5WkfLrH0+edO7r5lnNHbt959vDmdRuHNg5tWbFixYXnrzjvgvP+27njqVe/diz/tP7/UjD/uvEUx1Pq7cx42nrB4HD6tdh4yhvnef0x1q78/pjcotDP39s/fPk/3fmXe66ubsgb52np2vEkWc4Z283Lo0njbWpfNcorrx+6A/2w8Zre//dK/9b/yDsOTd4zk79mxIOHfz/8d++Zu/f0G6objshxfnKDWjzO11qdtKd78nFn+dHbv7OjcpJXb8N2nX7Xyx/9++/E/bX2zZoV3bZudHTb8urXI5TX26/5bGfzunDpv9+6c+2dC6bkdV7169ykpXPjExu2K7s1zWvx+NdylHRLuogqpcb5dUfV9mV/L6TPy/Zqb/K93vjYhnllpd9b/cJ9jz2/84EloZ6Ov1mtsSeaV13GJwVKbso8sVxrcKP688ZHFEVrJ29L+/GJb/+f/r0/XrA5d3xUR8aUr9n0Bg9/7qK5vx65dt+q6oYjc1yZ1KAWjyu1Vk+0Z7y/xo8r5x09efz59nPdD1Y8eHjvSe/cuOKvR5Mf+7z+rZVu1L8roijvOLA4sz5Tx4FsPRPlG8frz6z3RuWWjhvPnb/0K9/bteNg8Ljxu6LHjc/WrZXbPG7EgfG0/3P//4+f2f/M+zp33Hjf0vLH/3nxiqRDj5aft0oyriuBcV1rddKeePK4PufGrZvWV7cfvee/yTLn+if9/T1y+85Prdu0aWjbSLG8ip6XpPVke7nV85L0p+/YnLzS/TWR18w9KNJfRX/e0vavz/ZXiz9v0EhvFLf0++yZzRftX7rzFwf6AnHjtaUkfqml+CPnvPzoi1f/6IRg/D1p/K6W4pdXnnVo+V0Dq4PxH4yT+JWW4j906SNfnf+uJx8Nxh9I29/T2vnE8PbXr3v4uHD/R2n83pbiPz0yvOrumxbvCMbfFyf1jJ3bRdHjr67YUF2Po+7kOJy2o7uuXVF2Pc6slzLr5cnrpeocfK2CcjIHVtuelku2h89cqq6Nomjf7Knb07PHysLq8mC6HmUfNN9+tClNOidotD3v/BoA3kzS1//Tc4309f/FyS/ESa//V5fxrLrnL0zOpxZObBq/zruzv/qLdLrzemk7svN6afxlp9fHaHVeL29e7rTMetquxUmvpO1pct4wNyowLze1nubzcpn08+fN+r+Y2dA1PrcX2m/dyUxFo9eZM+2dOxah3fPshY1bXTvPDo277HxH+jp9XHDcZe+LSPdv9r6INP6izARaq/dFtDvu0mmNJuNuPLP8+dSp4yJq0q8T46JxtOy4mMY46quOo5l9XeqNf70/s/Pvb5n5hGh3ff8UnE842q/30+3p8aEr2X5qzqX56sD2Ts0DpIeLtF2/bNKWI8E8AABMXP+n5xRj1/9jv6v7M+f5edct2auMNF7wPpZy4/bkXf9OvZ9tTkvnlZe8cvwZK7c+sjF4XvxE0ftSbqlbm5NzX0pePy7JrOf2Y+BWkLx5h6WZ8r3RvJb68bRfXX/d3v1DzwX7cbB6IpXfj3vq1ua12Y/LMuu5/djduFV5/ZitJ2/8nplZ703uCJpuv797ySVXrTqw5d5gv+8u2u8P1q315fT7W+Y6ParUxXed/tZ43T9vPvLPNg+QzFvP1DzANYHt050H6J3yoJbXuDfcPEDg9wIAvJGl1/+1++WT6/+/yZRr9/oweN422Jn7WYPnbbXz2vbOy4Ptr52Xt3ddFIxfuy5q7/XFYP/Urlvau+4Kxq9dd7U3TxPsnyfS/pl63r+rQPz0vD/05wLpef8b/7poZucZXBcl61H2QZXrIgAAjgbp9X96upre//9ksp49N57569yZvg6d6evomZ5nmOl5kjf6de6Rn2coEr/4PEPn5tnqrp8HzQNE5gEKMw8AAPDm8N5keUPB8l3j9xBH0SdvvOm8NeuHPr1mw7ahoZFb1t04tGZ4y/BorVz3+JXX1PukQ/Xl3SfdqPycJuXXBOPXt+eyQPmQdvMP1ZeXf6PyzfJfG4xf357LA+VD2s0/VF9e/o3KN8t/XTB+fXuuCJQPaTf/UH15+Tcq3yz/Twbj17fnfYHyIe3mH6ovL/9G5Zvlf2Mwfn17/kegfEi7+Yfqy8u/Uflm+WffLzOU//sD5UPazL+S377i+TTLfygYvz7/DwTKh7S7/0P15eXfqHyz/DcE49e3Z1WgfEi7+Yfqy8u/Uflm+W8Mxq9vz5WB8iHt5h+qLy//RuWb5X9TMH59ez4YKB/Sbv6h+vLyb1S+Wf7Dwfj17bkqUL7OpInjdvMP1ZeXf6PyzfK/ORi/vj0fCpQPaTf/UH15+Tcq3yz/TwXj17fn6kD5kHbzD9WXl3+j8s3y3xSMX9+eawLlQ9rNP1RfXv6NyjfLf3Mwfn17PhwoH9Ju/qH68vJvVL5Z/luC8evb85FA+ZB28w/Vl5d/o/LN8t8ajF/fntWB8iHt5h+qLy//RuWb5X9LMH59e64NlA9pN/9QfXn5NyrfLP9bg/Hr2/PRQPmQdvMP1ZeXf6PyzfLfFoxf356PBcqHtJt/qL68/BuVb5b/SDB+fXs+Higf0m7+ofry8m9Uvln+o8H49e25LlA+pN38Q/Xl5d+ofLP8twfj17fn+kD5kHbzD9WXl3+j8s3y/3Qwfn17PhEoH9Ju/qH68vJvVL5Z/juC8evbc0OgfEi7+Yfqy8u/Uflm+d8WjF/fnjWB8iG1/Ee3DQ2t2X7L+nWjQ2u2bF0/NLJmx7bh0dGh5ESt3fsSg/eVJfcldkddTfNflFk/Jnl/oGMC7w+ULZ+GPXH8wdT3B8pW25XzPjl5+ytbf977DDUq32i8hfZv3vGg6HjIqvv5qA6S4S0jQ9umHr97mvbH5DERjU8c91SX8fGFymffrjNQTa7i+VSa5pPdPDuZCp8dH1eofBT4PLjpKp5PHMynUTum+zl2adhpfY5d5ssUDd6jtS7fDSPjB+nhdZuGdw5Nbf+co6D9Rfpxd8fbUZrSjrz9H2f6Y0HSkgWhz3sL9N+Ob/3bQ7/97V+9P4oGjiuf1Fb/xYOH1x48/pM/vXj2uWPtLzVtf61k+rnKDT7/sNSkfJpP16atI6P/dcPW7Vsav4KW3u9cqq3P0P3OSZ7lgvcvh+73mO79y/GUB0enovcvAwAAvFWkf/+fXq8uTP4GdUFmiqD4PHB7fx8dnAfeV2weODsbkTcPnC2fpl10Hri3zXngbP2hedpSk/LNXncpOg/88UD56So+Ttp7H4DgOEl6Km+cZP8OP2+cZMtPd5z0tDlOsvXnjZNG5Zu9Pl10nFwbKB9SfDy08L4T/RPvOxEcDwPFxkP2czXzxkO2/HTHQ6XN8ZCtP288NCrf7H6douPhw4HyRRUfH+29L0xwfKwtNj6yn5eSNz6y5ac7PuI2x0e2/rzx0ah8s/sZi46PDwXKp4rv//betye4//cU2//Zz23J2//Z8tPd/6U293+2/rz936h8s/u5i+7/KwPlU/X7f2zHj+/3oTU7tm6bfA/0TH++akjx9s3s59a0qnj7Z/Z9n2a+/TP7vlIz3/72rpuC7d8Xt/VSV/H2z+znErXqiL0em/zNUN77T+W9TvuxwPbpvk47a8qDo5PXaQEAAGDmpa//px/Hn74//JeSZeBj+lt21Hy+d4vzxD5/OxC/Q5+/3WQeM6nHfN7RzHweAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAZ8zuWji+fOrzI3+4ctF7f3zX0Ku7rvju5jv3DM566j33fuDZr33iG8+/sGDZ8q/ffNmhW+euuueewZ9dcOgnf7ojN3BfdXFmslqJovilOIpO/umyL9/9w6dPGNsWR1FUjvt2R9GCuPSDOBth4LUoitbX2ln/zcdfXbFhbLn7S7Prth+TCZLNK+otp+2pa2d0W25GvAFVknH2he9vPek351z27N6fX/rqQOW1bbsnisSVSeMpiuavnfz87iiKepL/Y9LRtjB9crK8KoqiOZOed2FOu04r2P6zA+uLkuWsZNmbEyf9/qmZ9e6C7ejKLCsFn9eq0gzHT6X7b+4M1z/l6JapZ0Gy/FayPHOa8cvp/zgqxVFXrbpN8cQYiSbttziKx/f9xHqpbizEmbERR1GcWS9l1svdmbzG600GWjmO67en5TLb+5PtXcn2U3PG2jWB7e9I801+UA9m8s8G7Z3yoJbXuLRdv2zSliOhNOkY1Gh72t5KsjN6k2298bFTnnO4gfR7q1+477Hndz6wpC9QX/zNOIkftxT/mc0X7V+68xcHFgbyjNeWkvilluKPnPPyoy9e/aMTgvH3pPHLLcV/7vylX/nerh0H+0Lxf5f2T1dL8csrzzq0/K6B1cH2P5jGr7QU/6FLH/nq/Hc9+Wiw/QNp//S01j/D21+/7uHjDgTjR2n8OS3Fv+SV489YufWRjcH4T6T909tS/KdHhlfdfdPiHf2h+PvS+PNain/ar66/bu/+oef66jtl4uFg2j99LcV/95JLrlp1YMu9oWNnvPtI/YYFeHN6W3KO9cVkvdXrzHZNul64vy+u/iqZm/yf18mKMsbqmT+D8QEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeHMauvz+XZfvW3NFVxxFcaDM4QbS75VnDQ72t1BveeVZh5bfNbB68raFLcQBAAAA8qXX4aXalkq0MNoR90QnNiyfzhGcmK7F9duzcwg9EyU7EqfUoTjlDsXp6lCc7g7FmdWhOLM7FKeSE6cSFYvT0zROqXB75nQoTm+H4sztUJx5HYozv0NxjulQnL6mcYqPwwUdinNsh+K8rUNx3t6hOMd1KM7xHYpzQofiZOeUpzsO5yUlF4XijD8o58bpisu1bzSaT0/rOTnzvNI06+ktWE92zn669fQUrOf0NuupFKxnaZv1xAXrObPNeko59aTj9rZs+9J60rWC4//2DsXZ2aE4n+lQnM92KM4dHYrzuQ7F2dVmHICi0uv/ievGvmh218XRnOSIk50FSK93F1efPeV4VMleoCfSeCdlts/Ki5e9UM/EW9zh9p2W2d5dF6+rdt7UJF7f5HhLMt/MzTc7oZBp37LpxstOLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADADBq6/P5dl+9bc0UUR2P/GjrcQPq98qzBwf4W6l39wn2PPb/zgSWTt83uaiEQAAAA/8mu/cXIVdUPAD935y/bwm/6C9SBFDpSWjEiLV2UP6nhog+zxKAEMBow3S1lWDdsd5HdprAia30gPmgg0cTVJ8MThvCgBkUlWR40BiVhE8UmgvIiUTRAAiTUxGTM7tw7/zrTWUa0BT+fh3PvPed7zvee2abJ98zAQGkdnmv2FEMhuzvko3xHXDE5Bygmz5lS4xpVRtavo9GWk8Znk/jdC4fu2j1/7+KHpw8dmKpN1WbHxsauvHxs7xV7P7r7jumZ2p5GGwoD1ssl683fu3jngZmZ2t3zjefu9y4n88qtrsm15mjy3v8/IE+UxLfy/OduBv+1AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg1KpVl5eqqxPjo1EIUZ+Yeg/pWCYfx5Uh8l775tadV889OtXeV8gOsRAAAAAwUFqH55o9xVDIZkImnLv+dGErtBRCq+4HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+99Sqy0vV1YnxTVEIUZ+Yeg/pWCYfx5Uh8v5mfvr6B76w/Uh7X3mIdQAAAIDB0jp8pNlTDOWwI+Siczvi0rOB87rmd8el65y/wbjus4N+cTs2GLdrg3EfHBD3qeR6TwAAAIB3v7T+zzZ7SqGQPbNv/T+ork/jtnfFZZLrML8VAAAAAP49af2fb/aUQyFbbtbrG633L+yKS+cP+t4+nT/oe/s07uI+ebq/zwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAATl+16vJSdXViPBOFEPWJqfeQjmXycVwZIu+Ll+/69s+Xjhxv7ytkh1gIAAAAGCitw1uldzEUsqMhFzat1/1X7vr7Fxcnj27JlZLhfD7cc2Bh4e69jTaN2/HV1z/3u59GlRPiLmu0p2RzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAO6pWXV6qrk6MnxGFEPWJqfeQjmXycVwZIu+L04f/eesj57zW3lceYh0AAABgsLQOb9X+xVAO+ZAPW9ef2mv9NSNd8/udGQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADvHfP3Lt55YGamdrcbN27cNG9O9f9MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA6aJWXV6qrk6MF6MQoj4x9R7SsUw+jitD5H34449+96yP/OKx9r7yEOsAAAAAg6V1eKv2L4ZyyIVcOGf9qdeZwHr9X/ovviQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHBaqFWXl6qrE+NnRiFEfWLqPaRjmXwcV4bIe+GfP3/ryrHai+19hewQCwEAAAADpXV4vtlTDIXsZaEQtiXPM50Tokxy7X0u0Jp3V8e00Q3Pu69jXmbD877WtbNsspvGvGK6Xqlxbc6rnDivEkIoJ/PKrYHJjnnhoY5ZZ274Pb/XMa80YF4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA01CturxUXZ0Yj6IQoj4x9R7SsUw+jitD5H3u0FXHdi3+8bX2vvIQ6wAAAACDpXV4q/YvhnI4P5wVzl+v+0OpMz6N2/fIK1f/9WdnfCOEPVt/e0G27/p/ubj6y+4mhJHOoJEQ/i/JF/XJd+THf3v41Vd/8skQ9pyT2fZ283UuGdcnj2+97dl9hd0n+WAAAADgPSSt/3PNnlIoZGf71v9p5f226v+5s2+6b0vSJhV514yRUpJvpE++O6/45o8qFxz7w1r9f7J8n/7yeZ/YEuauiKfTttHTJYrrMw/u3P/y5qcPp7tu5M905U8/l5eO//AzR+YPfqWRvxiKSf952V75T2y7nBHX35p94qmD+xZv6Myf7bP/B3a+/0+//86hV9byv7F9tJn/AyfZ/8nzn31z9fmjjz90Y2f+XJ/8Uzdt+v6blbl/dO9/tGvh5JNv/MHb/gpdorj+xvQz12xe2bG/M38IYbI9MP38n3riW5WVX285lOZPfyty8Y6u/G3/1NrbrjOnKK6vbLtkauzJhU2d+aOu/On+j93/g7e+dOy567r3f3v3/vvm797/dbsyt7ywfWyYH88AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALwL1KrLS9XVifGQCSHqE1PvIR3L5OO4MkTej1107Q3Xvzb79fa+QnaIhQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIB3TK26vFRdnRgfiUKI+sTUe0jHMvk4rgyRd/7S1x97+cZfva+9rzzEOgAAAMBgaR3eqv2LoRzyIR9G1+v+yeNbb3t2X2F3KDVGo+SanZmbX/jQHXOHZ28/RW8OAAAAbFRa/2ebPaVQyF4Uckn9v7LtkqmxJxc2pfV/CGFyrSneMT1TGwvNc4LrdmVueWH7WKV5TtAed+nBuZnkmCBd9/6rNr80/9nV63uuu7cV98b0M9dsXtmxP43LJdf1uMtacTMP7tz/8uanD6dxI+k5xVrcnlbcW7NPPHVw3+IN6Ximfb22uLNvrj5/9PGHbmyuk1xHk7wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwL3bgQAAAAAAAyP+1EaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwX0chVhVxHIBn7t3Vq3fddotykyIVEw2SlYpKiFYh6aENKfDFAh+yMjKpJQwh3IQsTMKniqCIKAhECoIeirCgDJIoiNAewtAe6iE2og1xo2J3Z3bvHj3tdmoV5PvgMM6ce37zP3PGs/cCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA59fctp6x9vDTA7/fuei2z3dvGd51+/vbntrfN+fwrfvuOPbKvW+eONm9YvUbD60febSjf+/evq9vHPnizyenDX5ivFmZuo0Q4s8xhCu/XPHCnk+PLBwdiyGEeuwaDKE71j7ujoWE3tMhhPsm6px68t3h6+4fbQefmztl/KJCSPG+QrOe6xnXNbVeLiyNtM+e+XD7FT+uWn/s0Lfrhnsbpx8bnPxIbLTspxA6N7de3x5CmJeOUXm39eSLU7shhDC/5bqbpqlr6Qzrv7akvyi1c1LbnCYnn19S6LfPsI62QtuY4XVV1WY5P8vPr2OW5y++3IrzdKf2vdSu/Jf59XzEUIuhbWK6h+PkHgktzy2GOPbsJ/u1KXshFvZGDCEW+rVCv95euK+xedNGq8c4dTx/rjC+OI23pfEl0+y1u0vGL8/3m/6jnircfzG0ecY/Ju5rTK7r+3+o5VyotbyDzjae622kh9FMY8148RnX/HUW+dzGk8+/fWLnq8u6SuqI78SUHyvlf7Pt5qPLd3431FOWv7mW8muV8gdW/Xrwp7s+W1iavz/n1yvlH79++Ysf7NpxqnR9fsnr01Ypv77mmpHVu3s3ltb/Ws5vVMp/fd2Blztv+ORgaf29eX3mVVufrY//semtS4dK80POn18pf+1vl129ZvuBB0rzP8rr06yUf2Rga/+eB6/asbgs/6ucv6BS/tIf7tl06OiW46X19+X16aqUf8uytRv6hx7ZV/bujIPn6i8swIXpkvQd69nUr/o7879q+b3wUlcc/87XkY4F/+dEBaPzdM5iPgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD8zQ4ckAAAAAAI+v+6HYECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAE8FAAD//xgLVJ0=") mkdir(&(0x7f0000000300)='./bus\x00', 0x0) chdir(&(0x7f0000000380)='./bus\x00') openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0) link(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)='./file1\x00') 1.740741434s ago: executing program 3: bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0) syz_mount_image$bcachefs(&(0x7f000001f540), &(0x7f0000005dc0)='./file0\x00', 0x0, &(0x7f0000005f80)=ANY=[@ANYBLOB="646174615f636865636b73756d3f6e6f6e652c7374725f686173683d6372633332632c646174615f636865636b73756d3d7878686173682c6261636b67726f756e645f636f6d7072657373696f6e3d6e6f6e652c6d657461646174615f636865636b73756d3d63726336342c7374725f686173683d63726336342c636f6d7072657373696f6e3d677a69702c00b12ad55da9e690f3f671e2a963c6e436c7504557f0fbadaab9607da576d448dd11521821e84b69dce1a85442e5ffd2b948d59a9ab54444559714cabaaa60824f890721ff2a820fe81299e633"], 0xff, 0x5d5e, &(0x7f0000000000)="$eJzs3X2QHOWZGPDumVntSquPlSybFRJiMbIdccEWKBDLd442ztmxHdnIwgIsTicJWGEdQhL6QCBdwlcOCCYpVUEdBOKUDihylbpKcOkSwp1SJWPAV74qCpn4D458HRWcP+IjqrPEEcnlTe1u9+5Mb7/Ts9OzQuDfr0o78/Y+87zv0/NOd7+j3dkIAACAXwmv/N6ed79+/hd/dO/Qqbu+/Ce33hP1Vke396QBfcntHe/XCJlOy398puGZ7a71j95m58V5f7rw3b771nztoVVf+vHmP5s/uHTZ0JXfO3LV/fe9+PlfvPjYE2uK+knn0yUT7fiv4iha+vaRx+5/+c/PG9kWj/Qf990dzZ8fL/j+/DiTYsXpKIpuGh9n4zePnFq5deT2nu90N2yfl0livv9q60nm2cFNNzx17JbBl48M7Fr5s5NX7Lx7IiTuqZtPUTR3c/3ju6Iompn8G5HOtv70wcnt2iiKZtU97rMF47q4xfFfGmgvSW5nJLe9BXnS71+UaddaHEctc9vd4uPaVZnm/FnZ/Zc9GE2XtM65ye3zye0lU8xTTf/FUSWOauPD3x5PzJGo7nmLo3h0bveMtyuj7Wi8HWXbcaZdybSrXZm6RvtNdmw1jhu3p3GZ7enhuJZsv6j+WJ1jXWD7ouS2J3mhvpe2o+ydMb2T7kzUEdWN68TZmhgBlcBrL90+PrzkyehNtvXGCyY9ZjhH+r0TP9yy4Z03DjzfFxhH/Fyc5I/byj849OSxZ687uqg/lH9zJclfaSv/K9VXTz9zsn92MP+hNH+1rfzrf/nTB++9ev/C4P45ke6fWlv5lz08++Cp/eu6B0L5D6f5e9rKf+XGpasuOLnv9uD4V6T7Z2Zb+X/yyPIzGw+9cDSYP0rzz2or/5tPPr2kuujR48H8x9L909tW/mtWPr76q4vveyK4/19L889pK/+G4/dv3vXUS8uD83Ntun/62sp/evXrb53pW/N06NgZHz7bZ1iAD5ePJNdYDybtdteZZdWtFx4fqI1d881O/s3pZEcZcd3aBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADa9ejq/3BbffsT/+f29cf/49JttaTdXYuiOIqid6pj7XT7jCiKZ0ZRtGfvlt17t+24eeB3du7bvWPL9oEteweGduzdfefA3/nbA7uHdm3fcufId1dcunLscQtGs0XRgviCSWMZHh4ejqJooH5b2t8ffOW5/7f+ib/+VhSt+OjrS2vBej7zX9/64sKcrxnx4PDaf3XFIwdm/K95Yxv6knH1hcbV17gtHUHv4Gt/8YXn3xgZ18eajeuxV6/9vw0DGt0wkSdR6Y4qo3e641m54xgf9cR4RvdXbeu27UMrivdvHNi/n3rpj0/++zvW//Ox/dsTrKPF/TuyV2vDD/383k/d/YWhz53Dz3vR/q4rYXR86f7rSfb33KSuuYG6KoG6bh9488S/+Hf/+Zm7oxW1n184ue+iurqSCdAVL2qp37SHWfH8htieJD59xtPHfWbvrbs+s+fOA5duu3XLzUM3D+1YufKKVZetvOzyVSs/M1r62NeO1Z/2/6kW65+dZJodL87db9mtab8Xjn6tRsmw05u6O426ot6x28x+TsOzVfcm3+uNF0zKNZwj/d6JH27Z8M4bB54PvfLi58Z6nBnNGbuNlwQit2ceWB0fcF7/Z+d1ufP3e7anX1t7XRaNq2hejYyreF7Vj6jJcezVix/8+VMP/MvrWzhe1IWOji8d56yRl8tlUd3rdvK+yqurhednMG8/3Hjp7j++c9uGQ0XH8/pnpv5rRjw4/D+XxF/bt+cvdo9tOCvny/oBtXm+HB/1xHhG91dP8nycq/u3O6omdfXmjmtd/NTnP3Xr0V8bH9+MGdEdW/bu3X3Z2NcPal1/OWPewm33LL5gUl2Xj30tOu5fmGkXHvcr+fUVHfez/UzE5+cbyLR7o2pb54n1v/zpg/devX9h8DxxotXzxO82tKolzxOVwOv9ob/+7sC713/z3aL5dNWexXctzPmaLW9w+IU/+vXLPnft1V8a23BWjkP1A2rzODQ+6mQ86f4aPQ5dfu7U8f49zw0vxHhw+MLvffKaM6du+8bYhqL9Ox6dt39XFh/nq4G6ru/6+PxHfrb4452bv3s2/c3Fn541+xybvz3J/u0J7N/xUSfjqdbv30/fuHP7TWPtc/e6bUx3wfonPe/sufPALVu2bx/avae1ulo9n6b9ZPdyu+fT9OyxoKCu9PmaqGv67rSyv1p9vaXjvymTo93XG0Bq4rwwo2F79viZvu+3dG60/tMP/ODVeGDsfNmp91vTfs7PnJjbfb+1aJ308Uy7cZ1Ui+rqHjN5nTT6kKJ1UrafonXSxZl28TrmwdxKQs9fV3LmzXvfNDPe2kiG0PzoT/L3J+30enPpp6Mrqs9/4ivxYGvzo9Xr6bSfv5XZQe1eTxfNj2VR/rg6PT8+mXlQ8fN9KHdkPYHno+j5XtaQaHi47Lq8LzDqdF3eG8Vt5R8cevLYs9cdXRTMv7mS5K+0lf+V6qunnznZPzuY/1Cav9ZW/mUPzz54av+67mD+w+n+6Wkr/5Ubl6664OS+24P5V6Tjn9lW/p88svzMxkMvHA3mj9L8vW3lv2bl46u/uvi+J4L5X4uTfkZeu1F05NTKrWPtOOpK5n86jq6GcUXZdpxpVzLtan27MvZ/veMdVOO4cXsal9me1lFLtl9UN8Y86wPb01dtT/LCfi9tR9k7zbenh6d0XCcC55+zpVJ37ZG3vej9yU555+3+P6hvp///n86B7trYc3d5Zn8VnT+yR+80X/B92MBbGEXXC5P//21WW6+/N598ekl10aPHg++rHmv1fdVdDa1ZBe+rlh1v8HhxLD2eljse9Yfyv5bmL3c+COZPzgdF8+wTmXbhPOvK769onmWvU3qjOW3VveH4/Zt3PfXS8uA8Wzv2gi+eZ482tOYUzrNy/y8dnGfPxR3ZH8H8aztzXROcZ8l1TdE8uyTTLj/PGq9Hv5bc3pGJ703eIZ5q3adXv/7Wmb41Twfn2eFW59kfNrT6CudZuevb4PM0fn073dfnH+zrz/ft+jD579zpuj5cF9g+1evD3kl3JuqIPojXh4HjDAA086OH7vzf9e10/Z+eu9P1/w8yjyu7rsz+PFSqU+vKYP7DnVmvBK9Tx9cr073emu7r7Oldb7mOD+Qffx95ut8Xmt51pXVI0o6yd8ZYhwAA8H646N989zfr2+n6f/zn3pLf/38pbWceb50byH/W1rnT/T6JdXRu/g79fEXx+2DT/T6V9wG8D1DM+wAAAB8Om7buHhras2vLjUObtu3Ytnd8e9foymnyz6n+3eR2bSZP0c9P58XPahL/jWD+xvF8NhAfUhv9mdcouuHGb1++6aah26daf6i/ovrz4pvVn11fhOpfFYgPKVt/qL+i+vPim9V/dTB/43g+F4gPKVt/qL+i+vPim9X/zWD+xvH8eiA+pGz9of6K6s+Lb1Z/9vfBQvX/RiA+pGz9of6K6s+Lb1b/NcH8jeP5fCA+pGz9of6K6s+Lb1b/tcH8jeP5e4H4kLL1h/orqj8vvln91wXzN45ndSA+pGz9of6K6s+Lb1b/t4L5G8czGIgPKVt/qL+i+vPim9W/IZi/cTx/PxAfUrb+UH9F9efFN6v/+mD+xvF8IRAfUrb+UH9F9efFN6v/t4L5G8fzDwLxIWXrD/VXVH9efLP6NwbzN47nNwPxIWXrD/VXVH9efLP6fzuYv3E8XwzEh5StP9RfUf158c3q3xTM3zieLwXiQ8rWH+qvqP68+Gb1bw7mbxzPPwzEh5StP9RfUf158c3q3xLM3zieLwfiQ8rWH+qvqP68+Gb13xDM3zierwTiQ8rWH+qvqP68+Gb13xjM3zierwbiQ8rWH+qvqP68+Gb1Zz/vMFT/PwrEh5StP9RfUf158c3qHwrmbxzPmkB8SNn6Q/0V1Z8X36z+rcH8+Z8bkI0PKVt/qL+i+vPim9V/czB/43i+HogPKVt/qL+i+vPim9X/7WD+xvFcFYgPKVt/qL+i+vPim9W/LZi/cTxrA/EhZesP9VdUf158s/p/J5i/cTzfCMSHlK0/1F9R/Xnxzeq/JZi/cTzrAvEhZesP9VdUf158s/q3B/M3jufqQHxI2fpD/RXVnxffrP5bg/kbx/PNQHxI2fpD/RXVnxffrP4dwfyN41kfiA8pW3+ov6L68+Kb1b8zmL9xPNcE4kPK1h/qr6j+vPhm9e8K5m8cz7WB+JCy9Yf6K6o/L75Z/bcF8zeO57pAfEjZ+kP9FdWfF9+s/t3B/I3j+VYgPqRs/aH+iurPi29W/55g/sbxbAjEh5StP9RfUf158c3q3xvM3zie6wPxIWXrD/VXVH9efLP69wXzN47ntwLxIWXrD/VXVH9efLP6bw/mbxzPxkB8SNn6Q/0V1Z8X36z+/cH8jeP57UB8SNn6Q/0V1Z8X36z+7OdAhurfFIgPGa9/7+6hoU37dt20Ze/Qph07bxras2n/7m179w4lF2plf68s/HtB7/MvstBUw+tjbJJs27FnaPfk4/fMpvO3fk5Eo7/2NHPsNv5YS/HZj71ud9acK/O9K6o13V/nZ9rzks+jnRf4PNpsfJp28eidyZ9Hm+22VvA5rkXHp2z/oeNT3CQ+7/gaOp4Vnf+mfPwrnN89TevPbu5OfrGvO/5oS/FRk7/v1tp8Lfd7p8H5+lpr8zX7uetF8zUbP9X52ltyvmb7D82nSpP4ZtdDrc7XDYH4VOvzMw7Wmzevpvp3BtO0U/o7g5kvk7Txtwxafz2U+z3y4OshGXTR6yH7e9xFr4ds/FRfDzNLvh6y/Re9HvLim62PW309XBuID2l9PpT73ILgfFjR2nzI/h2rovmQjZ/qfOgpOR+y/RfNh7z4Zu8XtjofvhmIb1Xr86Pc54oE58fm1uZH9u9JFM2PbPxU50dccn5k+y+aH3nxzf4/pdX58Y1AfKrh/Ll1z+iiftuW7dsOZH4Aoy85f77f58Ozcl7+m9/4y/fGviTjqEwaR9H1RJwZx/xkJPNDf/cwMO4b/8u/Xf+DXzzw3Sha8dHqkvC4J4Y88SUjHhxecNeyZ6/72PEvjIy/0nT845Hp3y0u+HvH2fi0ntr2nXv2/trWnft2tPoTV82ln4dSGW9P0+ehJBurLX6+Sej3Cab6+SZdk+6cm1r+fBOAD4l5h5+bU99OP/8vPR/1J8e+mckBMN3e+nV2uc/XC15nH2rtOnt5tt6C6+xsfFpvq9fZlZLX2dn+i66z8+Kb/dxeq9fZXw/ET1XjPBmZIKPzY2jT/p27638mbrr/bm3nxzu9f8e3/Pim93Mb29X6+Kf3cyGnf/zT+3eAp3/80/t3ntt11tZLyYdFFn1+ZNE6KvR76VNdR82YdOfcZB0FAOe+f7b77X9d307X/8kqdnz9/52kXe1w/9O9jprudeV0Xyd/8D9/f3rXQdYDTTo7B1gPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOT7w//+n75f3+6u9Y/evvJ7e979+vlf/NG9Q6fu+vKf3HrPeX+68N2++9Z87aFVX/rx5j+bP7h02dCV3zty1f33vfj5X7z42BNrCjvqG7u5JGn2RFH8V3EULX37yGP3v/zn541si0f6j/vujubPjxd8f36cybDidBRFN42Ps/GbR06t3Dpye893uhu2z8skydYV9VbT8TSMM7qjsCI+gHqSeXZw0w1PHbtl8OUjA7tW/uzkFTvvngiJe+rmUxTN3Vz/+K4oimYm/0aks60/fXByuzaKoll1j/tswbgubnH8lwbaS5LbGcltb0Ge9PsXZdq1FsdRy9x2t/i4dlWmOX9Wdv9lD0bTJa1zbnL7fHJ7yRTzVNN/cVSJo9r48LfHE3Mkqnve4igends94+3KaDsab0fZdpxpVzLtalemrtF+kx1bjePG7WlcZnt6OK4l2y+qP1bnWBfYvii57UleqO+l7Sh7Z0zvpDsTdUR14zpxtiZGQCXw2ku3jw8veTJ6k2298YJJjxnOkX7vxA+3bHjnjQPP9wXGET8XJ/njtvIPDj157Nnrji7qD+XfXEnyV9rK/0r11dPPnOyfHcx/KM1fbSv/+l/+9MF7r96/MLh/TqT7p9ZW/mUPzz54av+67oFQ/sNp/p628l+5cemqC07uuz04/hXp/pnZVv6fPLL8zMZDLxwN5o/S/LPayv/mk08vqS569Hgw/7F0//S2lf+alY+v/uri+54I7v/X0vxz2sq/4fj9m3c99dLy4Pxcm+6fvrbyn179+ltn+tY8HTp2xofP9hkW4MPlI8k11oNJu911Zll164XHB2pj13yzk39zOtlRRly3dgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgJCdw9V99e23jj501bf/x6b/VoujKA48ZjhH+r3qjMHBgTbGsezh2QdP7V/XnbZH+u5vIw8AAAAw2eI3H7itvp2uwytJO456ov5ofzwzWpz7+PQ9gsVpK27cnn0PYeZEZEfyVDqUp9qhPLUO5enqUJ4ZHcrT3aE8PQV5eqLW8sxsmqfS8nhmdShPb4fyzO5QnjkdyjO3Q3nmdShPX9M8rc/D+R3Ks6BDeT7SoTwLO5Tnox3K87EO5TmvQ3my7ylPdR7OSSLPD+UZvVMtzFOLq+PfyHs/Pe3ngpL99LbYT/Y9+6n2M7PFfi4u2U9Pi/18smQ/cYv9LM88rjLFfioF/aTz9o5QPWmrxfl/Z4fyHOhQnoMdyvO7HcrzjzuU5590KM9dJfMAhPz+i5f8UX07Xf+n68846ou6a5dHs5IjTvZdgHS9e+Ho18nnu9ABKc23JLO9qyhfdoGdyXfhVMeXfQMhk+/jTfPVJq1Xc/LV6vMt61A+AAAAmIp/evpgw3/NTV7/90fdtYXj69dPZB5fuF7P/kd2Is13SYfyAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADw/9m11xi5yvIB4O/ZmZ2Z/3LpQtoypbdN2z+FEHqhqRFUmDSRBCNsEVsuDVkrLGzD0kK3BVo1RTC22QSDFi/cPliQGEIEEpIGXRMMKPGDjQ1iuLgurAS+EEF6A4qOmd1zds/OzrDLKK3V3y/knHnOeZ73ec8hIXnOAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/+f74/b89m44H+3rbuwY6+kMUKv/UVK4huZfJlUptDezjnefWXvnXl7buTuJK73y2gYUAAACAcR4/b8bp6TiZw5PROwqFkM8uDfkoN6auGH8HKMZxU+vwec6isDyz+/8vjEpNQ/HJ0Ulj6gpxXSGOM3Fdz5at16/t7u7c+An+qPSpfo7q/UQhDH2+mHNiWLVo+zN7orbh52iZ4Dma4rrFm264cXHPlq1nrbth7XWd13WuX7Zs+TlLly09+5xli69d1925ZPgY8hOsF0IojX0vE/yLBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAI2Dbb3d/Kx0P9vW2dw109LdEIUR1aso1JPcyuVKprYF9vHLfg7MyM+7em8SV3vlsAwsBAAAA4/zq8Rnnp+NkDk9G7ygUQj6bC5kwYyieN5qaDaFcTq4vqLp+JPYOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcWfsOtv85HQ/29bZ3DXT0HxeFENWpKdeQ3MvkSqW2BvaxetmPzv/CzDvuTeJK72ID6wAAAADjvXB68x3pOJnDm+I4CoVQDPNDczRjTF3ybeDUqvWq85J1Zk8yr/rbQb28+ZPMO22SeWdMkHdxfL41AAAAwLHnitbfrU7HyfzfHMdRaA35bDFk4niiOT75LjC3Ki+pn2i+T+rn1amfaO5P6qvnfgAAAPhfdtabT3yYjsfP/8WQzxZG5u+J/p5+UXz2d3IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoJ5fH7zwF+l4sK+3vWugoz8ThRDVqSnXkNzL5Eqltgb2seofb+y4/dJbpiZxpXc+28BCAAAAwDiP5j59SzpO5vBk9I5CIeSzLaE5HDc097+WmzJ13Tdnzg4hlIYScrlw69pNmzaePXxM8r4U7frcwhv6zhyXt3T4eOSfFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+Fcte2TnmnQ82Nfb3jXQ0f9/UQhRnZpyDcm9TK5UamtgHy/sPOPwVXc91ZfEld7FBtYBAAAAxpvV/fRf0nEyhyezfxQKoRhyIRemD8XpWb+iqWq9et8MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgP8ePVu2Xr+2u7tzox9++OHHyI+j/V8mAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgaPn5+u+9nY4H+3rbuwY6+gtRCFGdmnINyb1MrlRqa2Afn7pqzjmz92++OYkrvYsNrAMAAACMt+atzfvTcTKHJ7N/FAqhGJpDc5gWx+MNzf+tR2K3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA0TQ3RKH8MZ2y8mjvGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPgkHHhx1X3peLCvt71roKP/hCiEqE5NuYbkXiZXKrU1sI8r9377KzfuevaMJK70zmcbWAgAAAAYp/nNF7+ajpM5PBm9o1AI+eyskA+z4ivdYxeIMklize8Co3VfH1OWmXTdjqodD++sEH+HKIzsMwx9dhitu+sj64rx1abWyb0nAAAAOJZN23HxN9JxMv83x3EUWkM+Oy01V984pr5l0nP83WPqTph03U/H1LVOUPdveCUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQIPuXPncKel4sK+3vWugoz+KQojq1JRrSO5lcqVSWwP7KHXe9/TDl/fNSOJK72ID6wAAAADjXfpG4bvpOJnDk9k/CoVQDLPDiWH20NwfWsfWJ3nHlX7/8ordL10RwpLpz8/J1u33wz2XvR0Offa194YPQ2EITWOTmkKYEveL6vS7+g+PrHrmw+0PhLBkWmZW/X6jrUYPVaJS+eRtCx6+fPreFXWXAQAAgGNa4cEDP0nHyfyfTNRRaA357Pq683+S97Hm//aemdumxsf4C0BVRVNr3K+pTr/edx9oO7jmywcr8//zcwoj/6/A6fPH5qdbpY9V3xyiUnnuE6etPnzgpkuGLyT9M3X6r2med9LOt2bOS/oX4uvXhMn2D1X9ezoOzV/UcvwFY/uHENpq9f/xhY+/v+red68Y7l//fS/+0+Dnp4YNPyh0J8fhK+P7r7x/+c6tudenjO0f1em/8Nkn9z9266o7q5//1Gyt/uOPVSpds+XefbcvvG1F57mp/k11+t/c9so73/nZLx+q9N83t2Wk/8KPeP4J+++Zv2Pfru33rBn7/ku1+l991sYnt6y78q7q52+pWjj95tPH8e//1VnRRZt7Xt5YfQsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAODY1vHYB4fS8WBfb3vXQEd/UxRCVKemXENyL5Mrldoa2MdvMns+eGh/8fgkrvQuNrAOAAAAMN4lK169Lh0nc3gy+0ehEIohF3KhZWjuP3nbgocvn753RWiN78fnbPeGnk1nXrth8/prjvQjAAAAABPYdd77K9JxMv9n4zgKrSGfXRCa4/l/5f3Ld27NvT4lmf9DCEN/7s9eu667c0kY+U7Q03Fo/qKW4y9I8jLxuVDJW3T1hu74M0Gy7lOPfmbpuZddOpLflM4/ezRv7hOnrT584KZLauYtG817dVZ00eaelzem9lkayVs6mte77/aFt63oPDd5jig+F+LnSfL2zN+xb9f2e9YkeU3xuSVeDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAI4aT3/v61dDzY19veNdDRHzIhRHVqyjUk9zK5UqmtgX18cP7zg4dbv/hgEld657MNLAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPyTHTgQAAAAAADyf22EqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqKuzXT2gcVRwH8Pd2t2bbTeumFppoDSn20oJQCBZ7kObiHyRqqShaKEYxXlQsiFbswbbBUNRDQaGlvZRWPCs5FLWHWGwVBbGKB/GkoCeVHJIiqagkmbfZTDskjraU8vnA8Pb3Zuc7b96+nd0BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBr2uM/3ltrrztq3bPtuddfvPDgzXd/cWB46rX7Pnp+/9qP11xojgw+8MbWe74Z+rxroHfD8JYPxh4aHTlz159nDh8dXPREr8w1m7KyHkL8LYbQ+/PY4dGzX66d6Ysz54/NfaGrK67+pCvmEjZPhxCebo1z4c6xqf5nZtr9b3Ys6L8xF5K/rtCopvHMaS4cL9eXerbO9j7x1InxZwfOjvXt7v918o4X9s2/Jdbb1lMIq4baj18WQliebTPSautOB2ft9hDCirbj7lxkXLctcfy3F9TrsvaGrG0skpP2r8/VtSWOo5ZrO5Z4XFmVK5yfl5+//M3oSknXuSprT2Xtpn+ZU01bDJUYaq3hPxfn10ho+9xiiLNru96qK7N1aNUhX8dcXcnV1WW565o9bzax1RgX9qf35frT7biW9a9vv1dfxo6C/p6srWdf1D9SHfIv5jQueTF/HaFtXBNXa2EUqBR891J/a3jZh9HI+hpx9SXH/H0Zad/EZ0/u/P37V081C8YR349ZfiyVPzB8bPy9x073dBflD1Wy/Eqp/HPVr6bfnezuLMw/lPKrpfIf+euXgwce3rOmcH4m0vzUSuVveKtz79SeHR19RfnHU369VP6WXb1bb5186eXC8W9O87O8VP53b2+8uOvQh6cL80PKX1Eq/4djJ9dVe945X5g/nuanUSr/0f4j2+6/ZeRo4fx/nfJXlsrfeX50aPeJTzcWrs/taX6apfKnt33708Xm4Mmie2c8frV/YQGuLzdl/7EOZnXZ58z/qu154Uhfbe4/X2e2rfw/T5QT255dAAAAAAD+YQeOBQAAAACE+Vt3ZbEBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwAoAAP//pgBmrg==") socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000005e00)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_QOS_MAP(0xffffffffffffffff, &(0x7f0000006080)={&(0x7f0000005d80)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000005f40)={&(0x7f0000005e40)=ANY=[@ANYBLOB="e4000000", @ANYRES16=0x0, @ANYBLOB="0300", @ANYRES32=r0, @ANYBLOB="1400c7000303f90304020007b336b09bb94f85e31800c70004060906fa071f00000200005d05e6103a8e5bc83000c70008017f04b004060705040e010700080006060001830403050007000105021f0000060205b7610f6d0b1c374d2600c7000900000706070601040401040201080005030000030602061e02b134a19c8ba3676500000c00c7000e77cff5c9ae8a021600c700ff000904f8070400090669dff249340461d300002000c700ff023f0600050002800477040901b50006060800ba78"], 0xe4}, 0x1, 0x0, 0x0, 0x4814}, 0x24044040) openat(0xffffffffffffffff, &(0x7f0000000200)='./bus\x00', 0xc706f252a8b33b54, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.usage_percpu\x00', 0x275a, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000100), 0x40, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(0xffffffffffffffff, 0x0, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) socket$nl_route(0x10, 0x3, 0x0) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000180)={0x0, @in6={{0xa, 0x0, 0x0, @private0}}, 0xfffffffd, 0x0, 0x0, 0x4, 0x10}, 0x9c) r2 = open(&(0x7f0000000040)='./bus\x00', 0x1451c2, 0x0) ftruncate(r2, 0x2007ffb) syz_io_uring_setup(0xa94, &(0x7f00000005c0), &(0x7f0000000040)=0x0, &(0x7f0000000140)) syz_io_uring_submit(r3, 0x0, 0x0) io_uring_enter(0xffffffffffffffff, 0x48e9, 0x0, 0x0, 0x0, 0x0) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000003f00), 0x0, 0x0) getpid() 1.380722539s ago: executing program 1: pselect6(0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x0, 0x3938700}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r1, 0x0) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) r3 = accept(r0, 0x0, 0x0) sendmsg$TEAM_CMD_OPTIONS_SET(r3, &(0x7f0000000ac0)={0x0, 0x0, &(0x7f0000000a80)={&(0x7f0000000080)=ANY=[], 0xfffffdef}}, 0x0) syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), r3) 929.192154ms ago: executing program 2: r0 = socket$pppoe(0x18, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) connect$pppoe(r0, &(0x7f0000000080)={0x18, 0x0, {0x3, @local, 'geneve0\x00'}}, 0x1e) unshare(0x20000400) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$PPPIOCATTCHAN(r1, 0x40047438, &(0x7f0000000100)=0x1) ioctl$PPPIOCCONNECT(r1, 0x4004743a, 0x0) 0s ago: executing program 2: r0 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r0, &(0x7f00000002c0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x3a) kernel console output (not intermixed with test programs): 5654] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 333.892228][ T5654] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 334.282575][ T29] audit: type=1800 audit(1718139066.839:75): pid=5663 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="file0" dev="sda1" ino=1965 res=0 errno=0 [ 334.305458][ T29] audit: type=1326 audit(1718139066.869:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5655 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96b227cea9 code=0x7fc00000 [ 334.335231][ T5668] netlink: 104 bytes leftover after parsing attributes in process `syz-executor.0'. [ 334.460745][ T5666] syz-executor.4: attempt to access beyond end of device [ 334.460745][ T5666] loop4: rw=2049, sector=45096, nr_sectors = 128 limit=40427 [ 334.948828][ T29] audit: type=1804 audit(1718139067.379:77): pid=5666 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir891345445/syzkaller.ZlZ7Ew/14/bus/bus" dev="loop4" ino=10 res=1 errno=0 [ 335.282049][ T29] audit: type=1326 audit(1718139067.989:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5655 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f96b227cea9 code=0x7fc00000 [ 336.689158][ T5681] input: syz0 as /devices/virtual/input/input5 [ 338.488906][ T5690] loop2: detected capacity change from 0 to 4096 [ 338.830616][ T5702] loop1: detected capacity change from 0 to 128 [ 338.850826][ T5702] befs: Invalid gid -1, using default [ 338.856635][ T5702] befs: (loop1): No write support. Marking filesystem read-only [ 339.553452][ T5703] loop0: detected capacity change from 0 to 40427 [ 339.568994][ T5703] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 339.577083][ T5703] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 339.595706][ T5702] befs: (loop1): invalid magic header [ 339.685443][ T5702] tmpfs: Bad value for 'mpol' [ 339.709267][ T5703] F2FS-fs (loop0): Found nat_bits in checkpoint [ 340.060091][ T5703] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 340.067652][ T5703] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 341.134288][ T29] audit: type=1804 audit(1718139073.739:79): pid=5714 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir3079297529/syzkaller.OAatCg/20/bus/bus" dev="loop0" ino=10 res=1 errno=0 [ 341.160936][ T29] audit: type=1804 audit(1718139073.739:80): pid=5711 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir3079297529/syzkaller.OAatCg/20/bus/bus" dev="loop0" ino=10 res=1 errno=0 [ 342.152337][ T5720] loop1: detected capacity change from 0 to 40427 [ 342.194637][ T5720] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 342.207277][ T5720] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 342.336722][ T5720] F2FS-fs (loop1): Found nat_bits in checkpoint [ 342.664814][ T5720] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 342.672175][ T5720] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 343.431341][ T29] audit: type=1804 audit(1718139076.199:81): pid=5729 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir1719043618/syzkaller.6R1h9g/18/bus/bus" dev="loop1" ino=10 res=1 errno=0 [ 345.487852][ T5744] loop0: detected capacity change from 0 to 256 [ 346.055970][ T5744] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x4ec6003b, utbl_chksum : 0xe619d30d) [ 346.573201][ T5758] loop2: detected capacity change from 0 to 128 [ 346.694677][ T5758] befs: Invalid gid -1, using default [ 346.700318][ T5758] befs: (loop2): No write support. Marking filesystem read-only [ 346.836480][ T5758] befs: (loop2): invalid magic header [ 346.851864][ T5759] input: syz0 as /devices/virtual/input/input6 [ 346.967744][ T5758] tmpfs: Bad value for 'mpol' [ 347.124429][ T1222] ieee802154 phy0 wpan0: encryption failed: -22 [ 347.131368][ T1222] ieee802154 phy1 wpan1: encryption failed: -22 [ 348.572211][ T5768] loop2: detected capacity change from 0 to 40427 [ 348.608445][ T5768] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 348.616702][ T5768] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 348.728665][ T5768] F2FS-fs (loop2): Found nat_bits in checkpoint [ 349.122881][ T5768] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 349.130515][ T5768] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 349.514248][ T5779] syz-executor.2: attempt to access beyond end of device [ 349.514248][ T5779] loop2: rw=2049, sector=45096, nr_sectors = 128 limit=40427 [ 349.898883][ T29] audit: type=1804 audit(1718139082.399:82): pid=5778 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir1161595712/syzkaller.yS1kHe/26/bus/bus" dev="loop2" ino=10 res=1 errno=0 [ 351.887557][ T5783] loop0: detected capacity change from 0 to 40427 [ 351.950994][ T5783] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 351.959138][ T5783] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 352.107129][ T5783] F2FS-fs (loop0): Found nat_bits in checkpoint [ 352.428980][ T5783] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 352.441961][ T5783] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 353.468270][ T29] audit: type=1804 audit(1718139086.329:83): pid=5801 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir3079297529/syzkaller.OAatCg/22/bus/bus" dev="loop0" ino=10 res=1 errno=0 [ 353.535499][ T5800] syz-executor.0: attempt to access beyond end of device [ 353.535499][ T5800] loop0: rw=2049, sector=45096, nr_sectors = 128 limit=40427 [ 354.811143][ T5807] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 354.812569][ T5811] loop3: detected capacity change from 0 to 128 [ 354.821248][ T5807] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 354.835039][ T5811] befs: Invalid gid -1, using default [ 354.842919][ T5811] befs: (loop3): No write support. Marking filesystem read-only [ 354.866305][ T5811] befs: (loop3): invalid magic header [ 355.108141][ T5811] tmpfs: Bad value for 'mpol' [ 355.426919][ T5813] input: syz0 as /devices/virtual/input/input7 [ 355.840477][ T5817] loop2: detected capacity change from 0 to 256 [ 356.676125][ T5817] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x4ec6003b, utbl_chksum : 0xe619d30d) [ 357.478580][ T5822] loop4: detected capacity change from 0 to 40427 [ 357.563017][ T5822] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 357.571311][ T5822] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 357.751249][ T5822] F2FS-fs (loop4): Found nat_bits in checkpoint [ 358.031640][ T5822] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 358.039145][ T5822] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 358.362947][ T5831] syz-executor.4: attempt to access beyond end of device [ 358.362947][ T5831] loop4: rw=2049, sector=45096, nr_sectors = 128 limit=40427 [ 358.754150][ T29] audit: type=1804 audit(1718139091.249:84): pid=5831 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir891345445/syzkaller.ZlZ7Ew/21/bus/bus" dev="loop4" ino=10 res=1 errno=0 [ 359.354574][ T5827] loop1: detected capacity change from 0 to 4096 [ 360.858638][ T5838] loop1: detected capacity change from 0 to 1024 [ 362.242016][ T5850] loop2: detected capacity change from 0 to 256 [ 362.376213][ T5850] exfat: Deprecated parameter 'utf8' [ 362.382390][ T5850] exfat: Deprecated parameter 'utf8' [ 362.529680][ T5850] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d) [ 363.171220][ T5859] loop3: detected capacity change from 0 to 128 [ 363.221972][ T5859] befs: Invalid gid -1, using default [ 363.228229][ T5859] befs: (loop3): No write support. Marking filesystem read-only [ 363.339029][ T5862] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 363.348877][ T5862] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 363.354134][ T5859] befs: (loop3): invalid magic header [ 363.464780][ T5859] tmpfs: Bad value for 'mpol' [ 363.546746][ T5863] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 363.556683][ T5863] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 363.991804][ T5871] input: syz0 as /devices/virtual/input/input8 [ 364.744534][ T5873] loop1: detected capacity change from 0 to 40427 [ 364.769291][ T5857] Bluetooth: hci0: command 0x0406 tx timeout [ 364.769462][ T5856] Bluetooth: hci2: command 0x0406 tx timeout [ 364.776782][ T5857] Bluetooth: hci3: command 0x0406 tx timeout [ 364.782046][ T5856] Bluetooth: hci4: command 0x0406 tx timeout [ 364.793045][ T5857] Bluetooth: hci1: command 0x0406 tx timeout [ 364.868479][ T5873] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 364.876690][ T5873] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 364.999554][ T5873] F2FS-fs (loop1): Found nat_bits in checkpoint [ 365.300456][ T5873] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 365.308039][ T5873] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 365.555285][ T5884] syz-executor.1: attempt to access beyond end of device [ 365.555285][ T5884] loop1: rw=2049, sector=45096, nr_sectors = 128 limit=40427 [ 366.066959][ T29] audit: type=1804 audit(1718139098.439:85): pid=5884 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir1719043618/syzkaller.6R1h9g/26/bus/bus" dev="loop1" ino=10 res=1 errno=0 [ 366.489397][ T5892] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 366.862173][ T5898] netlink: 'syz-executor.2': attribute type 1 has an invalid length. [ 366.989737][ T5881] loop0: detected capacity change from 0 to 4096 [ 367.746394][ T5904] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. [ 368.230292][ T5911] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 368.246809][ T5912] netlink: 'syz-executor.4': attribute type 4 has an invalid length. [ 368.764008][ T5144] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 368.791504][ T5881] loop0: detected capacity change from 0 to 1024 [ 369.214320][ T5144] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 369.225925][ T5144] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 369.243078][ T5144] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 369.253799][ T5144] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 369.386525][ T5144] usb 5-1: config 0 descriptor?? [ 369.494846][ T5915] loop2: detected capacity change from 0 to 4096 [ 369.625436][ T5915] NILFS (loop2): invalid segment: Checksum error in segment payload [ 369.634195][ T5915] NILFS (loop2): trying rollback from an earlier position [ 369.758665][ T5915] NILFS (loop2): recovery complete [ 369.805802][ T5922] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 369.962582][ T5144] usbhid 5-1:0.0: can't add hid device: -71 [ 369.971050][ T5144] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 370.085111][ T5144] usb 5-1: USB disconnect, device number 2 [ 371.043688][ T10] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 371.047768][ T5936] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 371.329116][ T10] usb 1-1: Using ep0 maxpacket: 16 [ 371.403459][ T5939] input: syz0 as /devices/virtual/input/input9 [ 371.474482][ T10] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 371.493784][ T10] usb 1-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00 [ 371.503174][ T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 372.167236][ C1] vxcan0: j1939_tp_rxtimer: 0xffff888044fcaa00: rx timeout, send abort [ 372.234425][ T5941] loop2: detected capacity change from 0 to 40427 [ 372.289504][ T5941] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 372.297538][ T5941] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 372.413046][ T10] usb 1-1: config 0 descriptor?? [ 372.466190][ T5941] F2FS-fs (loop2): Found nat_bits in checkpoint [ 372.527945][ T10] input: bcm5974 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input10 [ 372.784232][ T4472] bcm5974 1-1:0.0: could not read from device [ 372.842287][ T5941] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 372.849888][ T5941] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 372.867083][ T4472] bcm5974 1-1:0.0: could not read from device [ 372.970248][ T4472] bcm5974 1-1:0.0: could not read from device [ 372.996176][ T10] usb 1-1: USB disconnect, device number 2 [ 373.688270][ T5953] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 373.866207][ T5948] syz-executor.2: attempt to access beyond end of device [ 373.866207][ T5948] loop2: rw=2049, sector=45096, nr_sectors = 128 limit=40427 [ 373.886913][ T29] audit: type=1804 audit(1718139106.749:86): pid=5952 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir1161595712/syzkaller.yS1kHe/36/bus/bus" dev="loop2" ino=10 res=1 errno=0 [ 374.647286][ T5953] netlink: 'syz-executor.4': attribute type 1 has an invalid length. [ 375.101424][ T5964] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 375.646927][ T5971] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.4'. [ 376.331291][ T5979] netlink: 'syz-executor.3': attribute type 4 has an invalid length. [ 376.648719][ T5981] loop1: detected capacity change from 0 to 4096 [ 376.723826][ T10] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 376.817842][ T5981] NILFS (loop1): invalid segment: Checksum error in segment payload [ 376.826386][ T5981] NILFS (loop1): trying rollback from an earlier position [ 376.971573][ T5981] NILFS (loop1): recovery complete [ 377.050436][ T5988] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 377.124861][ T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 377.136437][ T10] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 377.149901][ T10] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 377.159557][ T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 377.237690][ T10] usb 4-1: config 0 descriptor?? [ 377.635286][ T5994] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 377.837608][ T10] usbhid 4-1:0.0: can't add hid device: -71 [ 377.846496][ T10] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 377.920224][ T10] usb 4-1: USB disconnect, device number 2 [ 378.184031][ T5998] input: syz0 as /devices/virtual/input/input11 [ 379.293939][ T29] audit: type=1326 audit(1718139112.049:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6002 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f96b227cea9 code=0x0 [ 379.344014][ T10] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 379.962784][ T6003] loop2: detected capacity change from 0 to 40427 [ 380.057702][ T6003] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 380.066186][ T6003] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 380.170373][ T6003] F2FS-fs (loop2): Found nat_bits in checkpoint [ 380.575445][ T6003] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 380.575578][ T6015] loop4: detected capacity change from 0 to 40427 [ 380.582742][ T6003] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 380.616530][ T6015] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 380.625034][ T6015] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 380.663859][ T10] usb 2-1: Using ep0 maxpacket: 16 [ 380.746079][ T6015] F2FS-fs (loop4): Found nat_bits in checkpoint [ 381.026452][ T10] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 381.039797][ T10] usb 2-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00 [ 381.049371][ T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 381.100853][ T10] usb 2-1: config 0 descriptor?? [ 381.158240][ T10] input: bcm5974 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input12 [ 381.233106][ T6015] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 381.240736][ T6015] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 381.753103][ T4472] bcm5974 2-1:0.0: could not read from device [ 381.885451][ T6030] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 382.024824][ T6031] syz-executor.4: attempt to access beyond end of device [ 382.024824][ T6031] loop4: rw=2049, sector=45096, nr_sectors = 128 limit=40427 [ 382.464672][ T29] audit: type=1804 audit(1718139114.919:88): pid=6031 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir891345445/syzkaller.ZlZ7Ew/30/bus/bus" dev="loop4" ino=10 res=1 errno=0 [ 383.127600][ T4472] bcm5974 2-1:0.0: could not read from device [ 383.162640][ T10] usb 2-1: USB disconnect, device number 2 [ 384.912669][ T6046] loop3: detected capacity change from 0 to 4096 [ 385.094703][ T6046] NILFS (loop3): invalid segment: Checksum error in segment payload [ 385.107433][ T6046] NILFS (loop3): trying rollback from an earlier position [ 385.180256][ T6046] NILFS (loop3): recovery complete [ 385.248394][ T6048] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 385.752807][ T6055] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 385.965028][ T6056] netlink: 'syz-executor.0': attribute type 4 has an invalid length. [ 386.384925][ T4502] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 386.810883][ T4502] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 386.822988][ T4502] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 386.836604][ T4502] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 386.853572][ T4502] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 386.894435][ T6063] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.2'. [ 386.971950][ T4502] usb 1-1: config 0 descriptor?? [ 387.340125][ C1] hrtimer: interrupt took 470857 ns [ 387.379482][ T6076] input: syz0 as /devices/virtual/input/input13 [ 387.618911][ T4502] usbhid 1-1:0.0: can't add hid device: -71 [ 387.626063][ T4502] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 387.734793][ T4502] usb 1-1: USB disconnect, device number 3 [ 387.827749][ T5385] udevd[5385]: setting owner of /dev/input/js0 to uid=0, gid=104 failed: No such file or directory [ 388.355039][ T6081] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 389.561828][ T6086] loop4: detected capacity change from 0 to 40427 [ 389.573405][ T6087] loop3: detected capacity change from 0 to 40427 [ 389.685434][ T6086] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 389.693871][ T6086] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 389.749178][ T6087] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 389.757309][ T6087] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 389.837695][ T6086] F2FS-fs (loop4): Found nat_bits in checkpoint [ 389.866510][ T6087] F2FS-fs (loop3): Found nat_bits in checkpoint [ 390.188390][ T6087] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 390.190186][ T6086] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 390.195752][ T6087] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 390.211568][ T6086] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 390.825856][ T4502] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 391.151248][ T4502] usb 1-1: Using ep0 maxpacket: 16 [ 391.321429][ T4502] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 391.337679][ T4502] usb 1-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00 [ 391.348326][ T4502] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 391.404265][ T4502] usb 1-1: config 0 descriptor?? [ 391.504380][ T4502] input: bcm5974 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input14 [ 391.739709][ T29] audit: type=1804 audit(1718139124.299:89): pid=6098 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir2929536695/syzkaller.JraNTG/49/bus/bus" dev="loop3" ino=10 res=1 errno=0 [ 391.813705][ T6105] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 391.823793][ T6105] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 391.948309][ T4472] bcm5974 1-1:0.0: could not read from device [ 393.543194][ T6116] loop2: detected capacity change from 0 to 4096 [ 393.846001][ T6116] NILFS (loop2): invalid segment: Checksum error in segment payload [ 393.854754][ T6116] NILFS (loop2): trying rollback from an earlier position [ 394.091041][ T6116] NILFS (loop2): recovery complete [ 394.296241][ T6123] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 394.981980][ T6129] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.1'. [ 395.603156][ T6134] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 396.044886][ T6141] input: syz0 as /devices/virtual/input/input15 [ 396.727503][ T6147] netlink: 'syz-executor.4': attribute type 4 has an invalid length. [ 397.201402][ T780] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 397.227843][ T6154] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.2'. [ 397.241349][ T6154] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 397.254504][ T6097] bcm5974 1-1:0.0: could not read from device [ 397.284032][ T4472] bcm5974 1-1:0.0: could not read from device [ 397.364238][ T4472] bcm5974 1-1:0.0: could not read from device [ 397.439703][ T5144] usb 1-1: USB disconnect, device number 4 [ 397.448156][ T4472] bcm5974 1-1:0.0: could not read from device [ 397.488597][ T4472] bcm5974 1-1:0.0: could not read from device [ 397.644557][ T780] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 397.656183][ T780] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 397.669618][ T780] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 397.679043][ T780] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 397.765890][ T780] usb 5-1: config 0 descriptor?? [ 398.859252][ T6159] loop2: detected capacity change from 0 to 40427 [ 398.898613][ T6159] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 398.907047][ T6159] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 399.014752][ T780] usbhid 5-1:0.0: can't add hid device: -71 [ 399.021599][ T780] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 399.156207][ T6159] F2FS-fs (loop2): Found nat_bits in checkpoint [ 399.550991][ T780] usb 5-1: USB disconnect, device number 3 [ 399.575530][ T6159] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 399.582863][ T6159] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 399.661468][ T6163] loop3: detected capacity change from 0 to 40427 [ 399.690126][ T6163] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 399.698153][ T6163] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 399.918463][ T6163] F2FS-fs (loop3): Found nat_bits in checkpoint [ 400.508293][ T6163] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 400.515914][ T6163] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 400.805983][ T6169] syz-executor.2: attempt to access beyond end of device [ 400.805983][ T6169] loop2: rw=2049, sector=45096, nr_sectors = 128 limit=40427 [ 401.172639][ T29] audit: type=1804 audit(1718139133.719:90): pid=6169 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir1161595712/syzkaller.yS1kHe/44/bus/bus" dev="loop2" ino=10 res=1 errno=0 [ 401.748853][ T6182] syz-executor.3: attempt to access beyond end of device [ 401.748853][ T6182] loop3: rw=2049, sector=45096, nr_sectors = 128 limit=40427 [ 402.084572][ T6180] syz-executor.3: attempt to access beyond end of device [ 402.084572][ T6180] loop3: rw=2049, sector=45224, nr_sectors = 8 limit=40427 [ 403.604637][ T6192] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.1'. [ 403.776016][ T6189] loop0: detected capacity change from 0 to 4096 [ 403.916319][ T5087] syz-executor.3: attempt to access beyond end of device [ 403.916319][ T5087] loop3: rw=2049, sector=40960, nr_sectors = 24 limit=40427 [ 403.984138][ T6189] NILFS (loop0): invalid segment: Checksum error in segment payload [ 403.992687][ T6189] NILFS (loop0): trying rollback from an earlier position [ 404.399820][ T6189] NILFS (loop0): recovery complete [ 404.425435][ T6198] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 404.835886][ T6201] input: syz0 as /devices/virtual/input/input16 [ 405.398891][ T6204] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.1'. [ 405.454634][ T6204] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 406.131037][ T4502] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 406.409550][ T4502] usb 5-1: Using ep0 maxpacket: 16 [ 406.577429][ T4502] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 406.591951][ T4502] usb 5-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00 [ 406.601972][ T4502] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 406.690437][ T4502] usb 5-1: config 0 descriptor?? [ 406.787220][ T4502] input: bcm5974 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input17 [ 407.026466][ T4472] bcm5974 5-1:0.0: could not read from device [ 407.265165][ T6220] netlink: 'syz-executor.1': attribute type 4 has an invalid length. [ 407.704294][ T780] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 408.154066][ T780] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 408.165532][ T780] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 408.178931][ T780] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 408.188388][ T780] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 408.286119][ T780] usb 2-1: config 0 descriptor?? [ 408.549142][ T1222] ieee802154 phy0 wpan0: encryption failed: -22 [ 408.559510][ T1222] ieee802154 phy1 wpan1: encryption failed: -22 [ 409.769889][ T6237] loop0: detected capacity change from 0 to 40427 [ 409.795174][ T6237] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 409.803211][ T6237] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 409.864125][ T780] usbhid 2-1:0.0: can't add hid device: -71 [ 409.870878][ T780] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 409.912001][ T6237] F2FS-fs (loop0): Found nat_bits in checkpoint [ 410.206747][ T780] usb 2-1: USB disconnect, device number 3 [ 410.261900][ T6237] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 410.273901][ T6237] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 410.649984][ T6251] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.1'. [ 411.067751][ T6253] syz-executor.0: attempt to access beyond end of device [ 411.067751][ T6253] loop0: rw=2049, sector=45096, nr_sectors = 128 limit=40427 [ 411.569255][ T29] audit: type=1804 audit(1718139144.429:91): pid=6253 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir3079297529/syzkaller.OAatCg/37/bus/bus" dev="loop0" ino=10 res=1 errno=0 [ 412.134166][ T6207] bcm5974 5-1:0.0: could not read from device [ 412.245554][ T4472] bcm5974 5-1:0.0: could not read from device [ 412.394138][ T5239] bcm5974 5-1:0.0: could not read from device [ 412.474077][ T4472] bcm5974 5-1:0.0: could not read from device [ 412.527497][ T4472] bcm5974 5-1:0.0: could not read from device [ 412.665380][ T4472] bcm5974 5-1:0.0: could not read from device [ 412.878899][ T4472] bcm5974 5-1:0.0: could not read from device [ 413.036706][ T780] usb 5-1: USB disconnect, device number 4 [ 413.268384][ T6266] input: syz0 as /devices/virtual/input/input18 [ 413.542823][ T6268] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. [ 413.616776][ T6268] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 414.351309][ T6272] loop1: detected capacity change from 0 to 4096 [ 414.559385][ T6272] NILFS (loop1): invalid segment: Checksum error in segment payload [ 414.567996][ T6272] NILFS (loop1): trying rollback from an earlier position [ 414.694296][ T6272] NILFS (loop1): recovery complete [ 414.728694][ T6280] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 416.264273][ T6292] netlink: 'syz-executor.3': attribute type 4 has an invalid length. [ 416.703500][ T6305] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.4'. [ 416.804326][ T10] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 417.235090][ T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 417.246460][ T10] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 417.265772][ T10] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 417.276950][ T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 417.343624][ T10] usb 4-1: config 0 descriptor?? [ 418.118512][ T10] usbhid 4-1:0.0: can't add hid device: -71 [ 418.126632][ T10] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 418.245755][ T8] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 418.322563][ T10] usb 4-1: USB disconnect, device number 3 [ 418.585144][ T8] usb 5-1: Using ep0 maxpacket: 16 [ 418.800097][ T8] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 418.810676][ T6316] loop0: detected capacity change from 0 to 40427 [ 418.813426][ T8] usb 5-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00 [ 418.829136][ T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 418.845718][ T6316] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 418.853980][ T6316] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 418.937688][ T6316] F2FS-fs (loop0): Found nat_bits in checkpoint [ 418.958173][ T8] usb 5-1: config 0 descriptor?? [ 418.985068][ T6323] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.1'. [ 419.086885][ T8] input: bcm5974 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input19 [ 419.174678][ T6328] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 419.268108][ T4472] bcm5974 5-1:0.0: could not read from device [ 419.289259][ T6316] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 419.296823][ T6316] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 420.250581][ T6333] syz-executor.0: attempt to access beyond end of device [ 420.250581][ T6333] loop0: rw=2049, sector=45096, nr_sectors = 128 limit=40427 [ 420.268699][ T29] audit: type=1804 audit(1718139153.139:92): pid=6335 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir3079297529/syzkaller.OAatCg/39/bus/bus" dev="loop0" ino=10 res=1 errno=0 [ 420.861038][ T6339] input: syz0 as /devices/virtual/input/input20 [ 421.641810][ T6342] loop1: detected capacity change from 0 to 4096 [ 421.737207][ T6342] NILFS (loop1): invalid segment: Checksum error in segment payload [ 421.745641][ T6342] NILFS (loop1): trying rollback from an earlier position [ 421.822890][ T6342] NILFS (loop1): recovery complete [ 421.857181][ T6350] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 423.676719][ T6365] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.1'. [ 424.439160][ T8] bcm5974 5-1:0.0: could not read from device [ 424.461328][ T6369] loop2: detected capacity change from 0 to 256 [ 424.522794][ T8] input: failed to attach handler mousedev to device input19, error: -5 [ 424.606605][ T4472] bcm5974 5-1:0.0: could not read from device [ 424.655484][ T8] usb 5-1: USB disconnect, device number 5 [ 424.669582][ T4472] bcm5974 5-1:0.0: could not read from device [ 424.892275][ T6369] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x4ec6003b, utbl_chksum : 0xe619d30d) [ 425.328058][ T6383] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.4'. [ 425.455285][ T6383] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 426.534420][ T6392] loop0: detected capacity change from 0 to 40427 [ 427.743106][ T29] audit: type=1804 audit(1718139159.939:93): pid=6393 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir3079297529/syzkaller.OAatCg/41/bus" dev="sda1" ino=1941 res=1 errno=0 [ 428.634250][ T3756] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 428.894584][ T3756] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 429.148332][ T3756] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 429.310029][ T3756] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 429.393069][ T6400] loop1: detected capacity change from 0 to 4096 [ 429.660797][ T3756] bridge_slave_1: left allmulticast mode [ 429.667132][ T3756] bridge_slave_1: left promiscuous mode [ 429.673884][ T3756] bridge0: port 2(bridge_slave_1) entered disabled state [ 429.732584][ T6400] NILFS (loop1): invalid segment: Checksum error in segment payload [ 429.741478][ T6400] NILFS (loop1): trying rollback from an earlier position [ 429.837815][ T3756] bridge_slave_0: left allmulticast mode [ 429.843928][ T3756] bridge_slave_0: left promiscuous mode [ 429.858743][ T3756] bridge0: port 1(bridge_slave_0) entered disabled state [ 429.912805][ T6400] NILFS (loop1): recovery complete [ 429.970771][ T6411] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 430.855946][ T3756] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 430.940433][ T3756] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 431.097787][ T3756] bond0 (unregistering): Released all slaves [ 431.234786][ T6419] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. [ 432.285068][ T4502] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 432.664401][ T4502] usb 1-1: Using ep0 maxpacket: 16 [ 432.755602][ T3756] hsr_slave_0: left promiscuous mode [ 432.772796][ T3756] hsr_slave_1: left promiscuous mode [ 432.854311][ T4502] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 432.867791][ T4502] usb 1-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00 [ 432.877353][ T4502] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 432.996279][ T4502] usb 1-1: config 0 descriptor?? [ 433.049002][ T3756] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 433.058478][ T3756] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 433.075966][ T4502] input: bcm5974 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input21 [ 433.126277][ T3756] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 433.141002][ T3756] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 433.221283][ T3756] veth1_macvtap: left promiscuous mode [ 433.227751][ T3756] veth0_macvtap: left promiscuous mode [ 433.238334][ T3756] veth1_vlan: left promiscuous mode [ 433.244164][ T3756] veth0_vlan: left promiscuous mode [ 433.514388][ T4472] bcm5974 1-1:0.0: could not read from device [ 434.114856][ T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 434.182470][ T5074] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 434.199464][ T5074] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 434.242267][ T5074] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 434.271764][ T5074] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 434.298978][ T5074] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 434.455210][ T29] audit: type=1326 audit(1718139167.249:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6446 comm="syz-executor.1" exe="/root/syz-executor.1" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f261d67cea9 code=0x0 [ 434.557676][ T6454] loop3: detected capacity change from 0 to 256 [ 434.752382][ T3756] team0 (unregistering): Port device team_slave_1 removed [ 434.856991][ T3756] team0 (unregistering): Port device team_slave_0 removed [ 435.163731][ T6454] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x4ec6003b, utbl_chksum : 0xe619d30d) [ 435.208176][ T6433] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.2'. [ 435.225265][ T6439] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 436.643354][ T6463] loop2: detected capacity change from 0 to 40427 [ 436.658629][ T5080] Bluetooth: hci0: command tx timeout [ 436.752953][ T6463] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 436.761200][ T6463] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 436.969642][ T6463] F2FS-fs (loop2): Found nat_bits in checkpoint [ 437.299503][ T6463] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 437.307808][ T6463] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 437.536729][ T6477] syz-executor.2: attempt to access beyond end of device [ 437.536729][ T6477] loop2: rw=2049, sector=45096, nr_sectors = 128 limit=40427 [ 437.662471][ T29] audit: type=1804 audit(1718139170.419:95): pid=6477 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir1161595712/syzkaller.yS1kHe/59/bus/bus" dev="loop2" ino=10 res=1 errno=0 [ 438.489830][ T6448] chnl_net:caif_netlink_parms(): no params data found [ 438.706631][ T5080] Bluetooth: hci0: command tx timeout [ 438.923744][ T6427] bcm5974 1-1:0.0: could not read from device [ 438.983869][ T4472] bcm5974 1-1:0.0: could not read from device [ 439.054214][ T5887] bcm5974 1-1:0.0: could not read from device [ 439.125330][ T4472] bcm5974 1-1:0.0: could not read from device [ 439.194644][ T25] usb 1-1: USB disconnect, device number 5 [ 439.215571][ T4472] bcm5974 1-1:0.0: could not read from device [ 440.311972][ T6490] loop0: detected capacity change from 0 to 4096 [ 440.469537][ T6490] NILFS (loop0): invalid segment: Checksum error in segment payload [ 440.478238][ T6490] NILFS (loop0): trying rollback from an earlier position [ 440.763537][ T5080] Bluetooth: hci0: command tx timeout [ 440.769945][ T6490] NILFS (loop0): recovery complete [ 440.828695][ T6500] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 440.948733][ T6499] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.1'. [ 441.138712][ T6448] bridge0: port 1(bridge_slave_0) entered blocking state [ 441.147433][ T6448] bridge0: port 1(bridge_slave_0) entered disabled state [ 441.155588][ T6448] bridge_slave_0: entered allmulticast mode [ 441.165232][ T6448] bridge_slave_0: entered promiscuous mode [ 441.300644][ T29] audit: type=1804 audit(1718139174.059:96): pid=6490 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir3079297529/syzkaller.OAatCg/44/file1/bus" dev="loop0" ino=12 res=1 errno=0 [ 441.354951][ T6448] bridge0: port 2(bridge_slave_1) entered blocking state [ 441.362865][ T6448] bridge0: port 2(bridge_slave_1) entered disabled state [ 441.372648][ T6448] bridge_slave_1: entered allmulticast mode [ 441.383118][ T6448] bridge_slave_1: entered promiscuous mode [ 441.889313][ T6448] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 442.051320][ T6448] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 442.437921][ T6448] team0: Port device team_slave_0 added [ 442.525225][ T6448] team0: Port device team_slave_1 added [ 442.821297][ T6448] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 442.830251][ T6448] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 442.862636][ T6448] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 442.895091][ T5080] Bluetooth: hci0: command tx timeout [ 443.034351][ T6448] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 443.041893][ T6448] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 443.074703][ T6448] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 443.583823][ T6525] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.1'. [ 443.639372][ T6448] hsr_slave_0: entered promiscuous mode [ 443.715554][ T6448] hsr_slave_1: entered promiscuous mode [ 443.775589][ T6448] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 443.789069][ T6448] Cannot create hsr debugfs directory [ 443.800320][ T6528] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 443.955572][ T29] audit: type=1326 audit(1718139176.719:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6526 comm="syz-executor.3" exe="/root/syz-executor.3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6167e7cea9 code=0x0 [ 445.572664][ T6539] loop1: detected capacity change from 0 to 40427 [ 445.587331][ T6539] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 445.595440][ T6539] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 445.705759][ T6539] F2FS-fs (loop1): Found nat_bits in checkpoint [ 446.082572][ T6539] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 446.093617][ T6539] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 446.263896][ T25] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 446.640581][ T25] usb 3-1: Using ep0 maxpacket: 16 [ 446.857705][ T25] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 446.871191][ T25] usb 3-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00 [ 446.881792][ T25] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 447.049794][ T25] usb 3-1: config 0 descriptor?? [ 447.233943][ T29] audit: type=1804 audit(1718139179.949:98): pid=6559 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir1719043618/syzkaller.6R1h9g/61/bus/bus" dev="loop1" ino=10 res=1 errno=0 [ 447.419240][ T25] input: bcm5974 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input22 [ 447.606253][ T6556] syz-executor.1: attempt to access beyond end of device [ 447.606253][ T6556] loop1: rw=2049, sector=45096, nr_sectors = 128 limit=40427 [ 447.820788][ T6448] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 447.826016][ T4472] bcm5974 3-1:0.0: could not read from device [ 448.129584][ T4472] bcm5974 3-1:0.0: could not read from device [ 448.147207][ T6448] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 448.236173][ T25] usb 3-1: USB disconnect, device number 2 [ 448.264240][ T6448] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 448.372763][ T6556] syz-executor.1: attempt to access beyond end of device [ 448.372763][ T6556] loop1: rw=2049, sector=45224, nr_sectors = 8 limit=40427 [ 448.472324][ T6448] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 450.202000][ T6568] loop0: detected capacity change from 0 to 40427 [ 450.260539][ T6568] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 450.268743][ T6568] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 450.378508][ T6568] F2FS-fs (loop0): Found nat_bits in checkpoint [ 450.697807][ T6568] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 450.705308][ T6568] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 450.903543][ T6575] loop2: detected capacity change from 0 to 256 [ 451.094310][ T5075] syz-executor.1: attempt to access beyond end of device [ 451.094310][ T5075] loop1: rw=2049, sector=40960, nr_sectors = 24 limit=40427 [ 451.597797][ T29] audit: type=1804 audit(1718139184.439:99): pid=6582 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir3079297529/syzkaller.OAatCg/48/bus/bus" dev="loop0" ino=10 res=1 errno=0 [ 451.954337][ T6575] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x4ec6003b, utbl_chksum : 0xe619d30d) [ 453.361126][ T6448] 8021q: adding VLAN 0 to HW filter on device bond0 [ 453.807681][ T6448] 8021q: adding VLAN 0 to HW filter on device team0 [ 454.056201][ T779] bridge0: port 1(bridge_slave_0) entered blocking state [ 454.064147][ T779] bridge0: port 1(bridge_slave_0) entered forwarding state [ 454.081630][ T779] bridge0: port 2(bridge_slave_1) entered blocking state [ 454.089499][ T779] bridge0: port 2(bridge_slave_1) entered forwarding state [ 454.379527][ T6448] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 454.390515][ T6448] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 454.425499][ T6590] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.2'. [ 454.495263][ T6591] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 456.471115][ T6598] loop3: detected capacity change from 0 to 40427 [ 456.490803][ T6598] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 456.499333][ T6598] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 456.719673][ T6598] F2FS-fs (loop3): Found nat_bits in checkpoint [ 457.053408][ T6598] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 457.060854][ T6598] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 457.696594][ T6448] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 458.126328][ T29] audit: type=1804 audit(1718139190.989:100): pid=6620 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir2929536695/syzkaller.JraNTG/72/bus/bus" dev="loop3" ino=10 res=1 errno=0 [ 459.441955][ T6618] syz-executor.3: attempt to access beyond end of device [ 459.441955][ T6618] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 460.950776][ T5087] syz-executor.3: attempt to access beyond end of device [ 460.950776][ T5087] loop3: rw=2049, sector=40960, nr_sectors = 24 limit=40427 [ 461.434288][ T25] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 461.928532][ T25] usb 1-1: Using ep0 maxpacket: 16 [ 462.124159][ T25] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 462.137774][ T25] usb 1-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00 [ 462.147364][ T25] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 462.306417][ T25] usb 1-1: config 0 descriptor?? [ 462.458954][ T25] input: bcm5974 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input23 [ 462.460091][ T6646] loop1: detected capacity change from 0 to 40427 [ 462.487551][ T6646] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 462.495724][ T6646] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 462.585739][ T4472] bcm5974 1-1:0.0: could not read from device [ 462.674328][ T4472] bcm5974 1-1:0.0: could not read from device [ 462.776717][ T6646] F2FS-fs (loop1): Found nat_bits in checkpoint [ 463.103621][ T4472] bcm5974 1-1:0.0: could not read from device [ 463.197188][ T25] usb 1-1: USB disconnect, device number 6 [ 463.206787][ T6646] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 463.214362][ T6646] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 463.242683][ T4472] bcm5974 1-1:0.0: could not read from device [ 463.492405][ T6653] loop2: detected capacity change from 0 to 40427 [ 463.523713][ T6653] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 463.531916][ T6653] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 463.706474][ T6653] F2FS-fs (loop2): Found nat_bits in checkpoint [ 464.122416][ T6653] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 464.130260][ T6653] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 464.659756][ T29] audit: type=1804 audit(1718139197.049:101): pid=6657 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir1719043618/syzkaller.6R1h9g/64/bus/bus" dev="loop1" ino=10 res=1 errno=0 [ 465.837134][ T29] audit: type=1804 audit(1718139198.329:102): pid=6666 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir1161595712/syzkaller.yS1kHe/67/bus/bus" dev="loop2" ino=10 res=1 errno=0 [ 466.458849][ T6670] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.0'. [ 466.472115][ T6670] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 467.515409][ T6448] veth0_vlan: entered promiscuous mode [ 467.784551][ T6448] veth1_vlan: entered promiscuous mode [ 468.583733][ T6448] veth0_macvtap: entered promiscuous mode [ 468.696044][ T6448] veth1_macvtap: entered promiscuous mode [ 468.917601][ T6448] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 468.929107][ T6448] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 468.939992][ T6448] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 468.950764][ T6448] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 468.960884][ T6448] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 468.976333][ T6448] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 468.987749][ T6448] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 468.998539][ T6448] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 469.017356][ T6448] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 469.797396][ T6685] loop3: detected capacity change from 0 to 40427 [ 469.840732][ T6685] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 469.850884][ T6685] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 469.921700][ T6685] F2FS-fs (loop3): invalid crc value [ 469.985264][ T6448] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 470.002513][ T6448] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 470.014278][ T6448] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 470.018349][ T1222] ieee802154 phy0 wpan0: encryption failed: -22 [ 470.026089][ T6448] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 470.031662][ T1222] ieee802154 phy1 wpan1: encryption failed: -22 [ 470.041291][ T6448] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 470.058766][ T6448] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 470.068822][ T6448] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 470.079507][ T6448] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 470.098219][ T6448] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 470.108882][ T6685] F2FS-fs (loop3): Mismatch valid blocks 0 vs. 2 [ 470.182298][ T6685] F2FS-fs (loop3): Failed to initialize F2FS segment manager (-117) [ 470.227175][ T6448] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 470.236900][ T6448] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 470.246222][ T6448] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 470.255370][ T6448] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 473.903181][ T6705] loop1: detected capacity change from 0 to 256 [ 474.424833][ T6705] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x4ec6003b, utbl_chksum : 0xe619d30d) [ 474.437202][ T6703] loop0: detected capacity change from 0 to 4096 [ 474.596535][ T6703] NILFS (loop0): invalid segment: Checksum error in segment payload [ 474.609235][ T6703] NILFS (loop0): trying rollback from an earlier position [ 474.857743][ T6703] NILFS (loop0): recovery complete [ 474.943514][ T6717] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 475.550209][ T29] audit: type=1804 audit(1718139208.319:103): pid=6730 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir3079297529/syzkaller.OAatCg/53/file1/bus" dev="loop0" ino=12 res=1 errno=0 [ 477.144979][ T6739] loop2: detected capacity change from 0 to 40427 [ 477.191343][ T6739] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 477.199635][ T6739] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 477.369780][ T6739] F2FS-fs (loop2): Found nat_bits in checkpoint [ 477.784616][ T6739] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 477.792049][ T6739] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 479.262820][ T6750] syz-executor.2: attempt to access beyond end of device [ 479.262820][ T6750] loop2: rw=2049, sector=45096, nr_sectors = 128 limit=40427 [ 479.894110][ T29] audit: type=1804 audit(1718139212.529:104): pid=6750 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir1161595712/syzkaller.yS1kHe/69/bus/bus" dev="loop2" ino=10 res=1 errno=0 [ 481.660297][ T6764] loop3: detected capacity change from 0 to 40427 [ 481.850891][ T6764] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 481.859195][ T6764] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 482.167884][ T6764] F2FS-fs (loop3): Found nat_bits in checkpoint [ 482.362515][ T6750] syz-executor.2: attempt to access beyond end of device [ 482.362515][ T6750] loop2: rw=2049, sector=45224, nr_sectors = 8 limit=40427 [ 482.438922][ T6765] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.0'. [ 482.525157][ T6764] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 482.532510][ T6764] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 482.544454][ T6766] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 482.779517][ T6773] syz-executor.3: attempt to access beyond end of device [ 482.779517][ T6773] loop3: rw=2049, sector=45096, nr_sectors = 128 limit=40427 [ 482.824398][ T29] audit: type=1804 audit(1718139215.679:105): pid=6773 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir2929536695/syzkaller.JraNTG/77/bus/bus" dev="loop3" ino=10 res=1 errno=0 [ 483.109068][ T6773] syz-executor.3: attempt to access beyond end of device [ 483.109068][ T6773] loop3: rw=2049, sector=45224, nr_sectors = 8 limit=40427 [ 483.625951][ T5083] syz-executor.2: attempt to access beyond end of device [ 483.625951][ T5083] loop2: rw=2049, sector=40960, nr_sectors = 8 limit=40427 [ 483.694512][ T29] audit: type=1800 audit(1718139216.459:106): pid=6778 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=1946 res=0 errno=0 [ 484.199641][ T5087] syz-executor.3: attempt to access beyond end of device [ 484.199641][ T5087] loop3: rw=2049, sector=40960, nr_sectors = 24 limit=40427 [ 488.328343][ T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 488.336563][ T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 488.708665][ T779] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 488.716998][ T779] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 488.742452][ T6814] loop1: detected capacity change from 0 to 256 [ 488.849639][ T6811] loop0: detected capacity change from 0 to 4096 [ 488.970747][ T6811] NILFS (loop0): invalid segment: Checksum error in segment payload [ 488.979332][ T6811] NILFS (loop0): trying rollback from an earlier position [ 489.101544][ T6814] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x4ec6003b, utbl_chksum : 0xe619d30d) [ 489.189639][ T6811] NILFS (loop0): recovery complete [ 489.221714][ T6821] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 493.220829][ T29] audit: type=1804 audit(1718139225.929:107): pid=6828 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir3079297529/syzkaller.OAatCg/57/file1/bus" dev="loop0" ino=12 res=1 errno=0 [ 494.396308][ T6842] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.1'. [ 494.506242][ T6842] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 495.409208][ T6844] loop2: detected capacity change from 0 to 40427 [ 495.517362][ T6844] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 495.525524][ T6844] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 495.657498][ T6844] F2FS-fs (loop2): Found nat_bits in checkpoint [ 495.990706][ T6844] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 495.998959][ T6844] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 496.275323][ T6846] loop1: detected capacity change from 0 to 40427 [ 496.290580][ T6846] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 496.298649][ T6846] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 496.638825][ T6862] syz-executor.2: attempt to access beyond end of device [ 496.638825][ T6862] loop2: rw=2049, sector=45096, nr_sectors = 128 limit=40427 [ 497.747183][ T29] audit: type=1804 audit(1718139229.529:108): pid=6862 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir1161595712/syzkaller.yS1kHe/71/bus/bus" dev="loop2" ino=10 res=1 errno=0 [ 497.759526][ T6846] F2FS-fs (loop1): Found nat_bits in checkpoint [ 498.118636][ T6846] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 498.131088][ T6846] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 498.147050][ T29] audit: type=1800 audit(1718139230.899:109): pid=6853 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="sda1" ino=1968 res=0 errno=0 [ 498.943892][ T29] audit: type=1804 audit(1718139231.449:110): pid=6873 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir1719043618/syzkaller.6R1h9g/72/bus/bus" dev="loop1" ino=10 res=1 errno=0 [ 498.970933][ T29] audit: type=1804 audit(1718139231.459:111): pid=6870 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir1719043618/syzkaller.6R1h9g/72/bus/bus" dev="loop1" ino=10 res=1 errno=0 [ 499.002038][ T29] audit: type=1804 audit(1718139231.459:112): pid=6872 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir1719043618/syzkaller.6R1h9g/72/bus/bus" dev="loop1" ino=10 res=1 errno=0 [ 503.387005][ T6888] loop2: detected capacity change from 0 to 256 [ 503.526620][ T6891] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.4'. [ 503.597836][ T6891] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 503.854293][ T6888] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x4ec6003b, utbl_chksum : 0xe619d30d) [ 505.681062][ T6899] loop1: detected capacity change from 0 to 4096 [ 505.909586][ T6899] NILFS (loop1): invalid segment: Checksum error in segment payload [ 505.918321][ T6899] NILFS (loop1): trying rollback from an earlier position [ 506.096436][ T6899] NILFS (loop1): recovery complete [ 506.122392][ T6903] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 506.200708][ T6901] kvm: vcpu 0: requested 128 ns lapic timer period limited to 200000 ns [ 506.209655][ T6901] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 506.702122][ T29] audit: type=1804 audit(1718139239.499:113): pid=6909 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir1719043618/syzkaller.6R1h9g/73/file1/bus" dev="loop1" ino=12 res=1 errno=0 [ 507.813190][ T29] audit: type=1800 audit(1718139240.609:114): pid=6916 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=1963 res=0 errno=0 [ 508.538701][ T6918] loop0: detected capacity change from 0 to 40427 [ 508.643497][ T6918] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 508.651543][ T6918] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 508.731855][ T6918] F2FS-fs (loop0): Found nat_bits in checkpoint [ 509.058337][ T6918] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 509.065892][ T6918] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 509.614362][ T6924] loop1: detected capacity change from 0 to 512 [ 509.831062][ T6924] EXT4-fs: Ignoring removed mblk_io_submit option [ 510.154390][ T29] audit: type=1804 audit(1718139242.579:115): pid=6926 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir3079297529/syzkaller.OAatCg/61/bus/bus" dev="loop0" ino=10 res=1 errno=0 [ 511.236792][ T6939] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 511.300209][ T6939] bond_slave_0: entered promiscuous mode [ 511.306261][ T6939] bond_slave_1: entered promiscuous mode [ 511.312383][ T6939] macvtap1: entered promiscuous mode [ 511.317980][ T6939] bond0: entered promiscuous mode [ 511.325451][ T6939] macvtap1: entered allmulticast mode [ 511.330975][ T6939] bond0: entered allmulticast mode [ 511.336472][ T6939] bond_slave_0: entered allmulticast mode [ 511.342361][ T6939] bond_slave_1: entered allmulticast mode [ 511.352133][ T6939] 8021q: adding VLAN 0 to HW filter on device macvtap1 [ 511.483556][ T6924] EXT4-fs (loop1): Test dummy encryption mode enabled [ 511.507965][ T6924] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a064e01c, mo2=0102] [ 511.534268][ T6924] System zones: 1-12 [ 511.653177][ T6924] EXT4-fs error (device loop1): ext4_orphan_get:1394: inode #15: comm syz-executor.1: casefold flag without casefold feature [ 511.682615][ T6924] EXT4-fs error (device loop1): ext4_orphan_get:1399: comm syz-executor.1: couldn't read orphan inode 15 (err -117) [ 511.856846][ T6924] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 512.158080][ T6924] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 513.330051][ T6948] loop2: detected capacity change from 0 to 40427 [ 513.351464][ T6948] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 513.359714][ T6948] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 513.407820][ T6948] F2FS-fs (loop2): invalid crc value [ 513.460680][ T6948] F2FS-fs (loop2): Mismatch valid blocks 0 vs. 2 [ 513.470482][ T6948] F2FS-fs (loop2): Failed to initialize F2FS segment manager (-117) [ 513.565517][ T6954] loop1: detected capacity change from 0 to 4096 [ 513.831421][ T6954] NILFS (loop1): invalid segment: Checksum error in segment payload [ 513.840254][ T6954] NILFS (loop1): trying rollback from an earlier position [ 514.152864][ T6954] NILFS (loop1): recovery complete [ 514.174711][ T6958] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 515.041185][ T29] audit: type=1804 audit(1718139247.769:116): pid=6964 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir1719043618/syzkaller.6R1h9g/75/file1/bus" dev="loop1" ino=12 res=1 errno=0 [ 515.499159][ T6965] kvm: vcpu 0: requested 128 ns lapic timer period limited to 200000 ns [ 515.507913][ T6965] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 515.898055][ T6969] Zero length message leads to an empty skb [ 516.594954][ T6975] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 516.604726][ T6975] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 516.612486][ T6975] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 516.627908][ T6975] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 516.635902][ T6975] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 518.145600][ T6985] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 518.647697][ T6983] loop0: detected capacity change from 0 to 40427 [ 518.681249][ T6985] bond_slave_0: entered promiscuous mode [ 518.682417][ T6983] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 518.687430][ T6985] bond_slave_1: entered promiscuous mode [ 518.695254][ T6983] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 518.710211][ T6985] macvtap1: entered promiscuous mode [ 518.716020][ T6985] bond0: entered promiscuous mode [ 518.724526][ T6985] macvtap1: entered allmulticast mode [ 518.730161][ T6985] bond0: entered allmulticast mode [ 518.741556][ T6985] bond_slave_0: entered allmulticast mode [ 518.749582][ T6985] bond_slave_1: entered allmulticast mode [ 518.761113][ T6985] 8021q: adding VLAN 0 to HW filter on device macvtap1 [ 518.820621][ T6983] F2FS-fs (loop0): Found nat_bits in checkpoint [ 519.204172][ T6983] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 519.211487][ T6983] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 520.551187][ T29] audit: type=1804 audit(1718139253.019:117): pid=7002 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir3079297529/syzkaller.OAatCg/64/bus/bus" dev="loop0" ino=10 res=1 errno=0 [ 520.581458][ T29] audit: type=1804 audit(1718139253.039:118): pid=6999 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir3079297529/syzkaller.OAatCg/64/bus/bus" dev="loop0" ino=10 res=1 errno=0 [ 520.607717][ T29] audit: type=1804 audit(1718139253.039:119): pid=7000 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir3079297529/syzkaller.OAatCg/64/bus/bus" dev="loop0" ino=10 res=1 errno=0 [ 521.442839][ T7006] loop4: detected capacity change from 0 to 512 [ 521.565640][ T7006] EXT4-fs: Ignoring removed mblk_io_submit option [ 521.653854][ T7006] EXT4-fs (loop4): Test dummy encryption mode enabled [ 521.729224][ T7006] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a064e01c, mo2=0102] [ 521.927559][ T7006] System zones: 1-12 [ 521.965309][ T7010] loop3: detected capacity change from 0 to 4096 [ 522.058765][ T7006] EXT4-fs error (device loop4): ext4_orphan_get:1394: inode #15: comm syz-executor.4: casefold flag without casefold feature [ 522.080364][ T7010] NILFS (loop3): invalid segment: Checksum error in segment payload [ 522.088891][ T7010] NILFS (loop3): trying rollback from an earlier position [ 522.125061][ T7006] EXT4-fs error (device loop4): ext4_orphan_get:1399: comm syz-executor.4: couldn't read orphan inode 15 (err -117) [ 522.180192][ T7006] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 522.198229][ T7010] NILFS (loop3): recovery complete [ 522.251606][ T7020] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 522.310088][ T7006] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 522.815019][ T29] audit: type=1804 audit(1718139255.619:120): pid=7025 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir2929536695/syzkaller.JraNTG/83/file1/bus" dev="loop3" ino=12 res=1 errno=0 [ 522.946881][ T7024] kvm: vcpu 0: requested 128 ns lapic timer period limited to 200000 ns [ 522.955639][ T7024] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 523.501841][ T7033] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 523.512852][ T7033] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 523.521263][ T7033] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 523.535406][ T7033] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 523.544619][ T7033] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 524.556574][ T7036] 9pnet_fd: Insufficient options for proto=fd [ 524.787533][ T7043] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 524.861586][ T7043] macvtap2: entered promiscuous mode [ 524.868101][ T7043] macvtap2: entered allmulticast mode [ 524.885177][ T7043] 8021q: adding VLAN 0 to HW filter on device macvtap2 [ 525.837395][ T7046] loop0: detected capacity change from 0 to 40427 [ 525.957060][ T7046] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 525.965574][ T7046] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 525.980933][ T7046] F2FS-fs (loop0): invalid crc value [ 526.671296][ T7051] loop4: detected capacity change from 0 to 40427 [ 526.707387][ T7051] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 526.715484][ T7051] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 526.804032][ T7046] F2FS-fs (loop0): Mismatch valid blocks 0 vs. 2 [ 526.814857][ T7051] F2FS-fs (loop4): Found nat_bits in checkpoint [ 527.100740][ T7046] F2FS-fs (loop0): Failed to initialize F2FS segment manager (-117) [ 527.130146][ T7051] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 527.142535][ T7051] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 528.521408][ T29] audit: type=1804 audit(1718139261.339:121): pid=7063 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir3053022532/syzkaller.Ys4Ymj/16/bus/bus" dev="loop4" ino=10 res=1 errno=0 [ 528.547741][ T29] audit: type=1804 audit(1718139261.339:122): pid=7060 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.4" name="/root/syzkaller-testdir3053022532/syzkaller.Ys4Ymj/16/bus/bus" dev="loop4" ino=10 res=1 errno=0 [ 529.410834][ T7075] loop0: detected capacity change from 0 to 512 [ 529.509626][ T7075] EXT4-fs: Ignoring removed mblk_io_submit option [ 529.604848][ T7075] EXT4-fs (loop0): Test dummy encryption mode enabled [ 529.711847][ T7075] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a064e01c, mo2=0102] [ 529.768923][ T7075] System zones: 1-12 [ 529.785478][ T7075] EXT4-fs error (device loop0): ext4_orphan_get:1394: inode #15: comm syz-executor.0: casefold flag without casefold feature [ 529.856487][ T7075] EXT4-fs error (device loop0): ext4_orphan_get:1399: comm syz-executor.0: couldn't read orphan inode 15 (err -117) [ 529.956115][ T7075] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 530.198253][ T7075] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 530.671655][ T7089] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 530.681566][ T7089] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 530.689567][ T7089] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 530.701476][ T7089] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 530.709529][ T7089] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 531.464896][ T1222] ieee802154 phy0 wpan0: encryption failed: -22 [ 531.471631][ T1222] ieee802154 phy1 wpan1: encryption failed: -22 [ 531.847043][ T7100] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 532.061926][ T7100] macvtap2: entered promiscuous mode [ 532.068769][ T7100] macvtap2: entered allmulticast mode [ 532.081827][ T7100] 8021q: adding VLAN 0 to HW filter on device macvtap2 [ 533.400801][ T7112] loop2: detected capacity change from 0 to 40427 [ 533.474337][ T7112] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 533.487200][ T7112] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 533.621411][ T29] audit: type=1800 audit(1718139266.409:123): pid=7111 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=1962 res=0 errno=0 [ 533.659338][ T7112] F2FS-fs (loop2): Found nat_bits in checkpoint [ 533.943491][ T7112] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 533.950897][ T7112] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 535.191967][ T29] audit: type=1804 audit(1718139267.539:124): pid=7123 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir1161595712/syzkaller.yS1kHe/86/bus/bus" dev="loop2" ino=10 res=1 errno=0 [ 535.218263][ T29] audit: type=1804 audit(1718139267.549:125): pid=7120 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir1161595712/syzkaller.yS1kHe/86/bus/bus" dev="loop2" ino=10 res=1 errno=0 [ 535.248693][ T29] audit: type=1804 audit(1718139267.549:126): pid=7122 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir1161595712/syzkaller.yS1kHe/86/bus/bus" dev="loop2" ino=10 res=1 errno=0 [ 536.310812][ T7130] loop4: detected capacity change from 0 to 4096 [ 536.837853][ T7130] NILFS (loop4): invalid segment: Checksum error in segment payload [ 536.846737][ T7130] NILFS (loop4): trying rollback from an earlier position [ 537.093362][ T7130] NILFS (loop4): recovery complete [ 537.140972][ T7139] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 537.363356][ T7134] loop3: detected capacity change from 0 to 40427 [ 537.397888][ T7134] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 537.406112][ T7134] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 537.425271][ T7134] F2FS-fs (loop3): invalid crc value [ 537.519222][ T7134] F2FS-fs (loop3): Mismatch valid blocks 0 vs. 2 [ 537.553531][ T7134] F2FS-fs (loop3): Failed to initialize F2FS segment manager (-117) [ 537.622143][ T29] audit: type=1804 audit(1718139270.409:127): pid=7144 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir3053022532/syzkaller.Ys4Ymj/17/file1/bus" dev="loop4" ino=12 res=1 errno=0 [ 540.759690][ T7156] loop4: detected capacity change from 0 to 512 [ 540.868704][ T7156] EXT4-fs: Ignoring removed mblk_io_submit option [ 541.003690][ T7156] EXT4-fs (loop4): Test dummy encryption mode enabled [ 541.125466][ T7156] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a064e01c, mo2=0102] [ 541.192437][ T7156] System zones: 1-12 [ 541.249932][ T7156] EXT4-fs error (device loop4): ext4_orphan_get:1394: inode #15: comm syz-executor.4: casefold flag without casefold feature [ 541.339480][ T7156] EXT4-fs error (device loop4): ext4_orphan_get:1399: comm syz-executor.4: couldn't read orphan inode 15 (err -117) [ 541.463884][ T7156] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 541.641241][ T7169] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 541.711412][ T7169] bond_slave_0: entered promiscuous mode [ 541.717643][ T7169] bond_slave_1: entered promiscuous mode [ 541.724834][ T7169] macvtap1: entered promiscuous mode [ 541.730422][ T7169] bond0: entered promiscuous mode [ 541.738988][ T7169] macvtap1: entered allmulticast mode [ 541.744905][ T7169] bond0: entered allmulticast mode [ 541.750268][ T7169] bond_slave_0: entered allmulticast mode [ 541.756534][ T7169] bond_slave_1: entered allmulticast mode [ 541.768163][ T7169] 8021q: adding VLAN 0 to HW filter on device macvtap1 [ 542.263865][ T779] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 543.090805][ T7180] loop1: detected capacity change from 0 to 40427 [ 543.117270][ T7156] fscrypt (loop4): Missing crypto API support for AES-256-CBC-CTS (API name: "cts(cbc(aes))") [ 543.135975][ T779] usb 1-1: device descriptor read/64, error -71 [ 543.201322][ T7180] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 543.214206][ T7180] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 543.323027][ T7180] F2FS-fs (loop1): Found nat_bits in checkpoint [ 544.238020][ T7189] loop2: detected capacity change from 0 to 40427 [ 544.261575][ T7156] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 544.274411][ T779] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 544.357589][ T7189] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 544.365654][ T7189] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 544.403928][ T7192] fuse: Bad value for 'fd' [ 544.425708][ T7180] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 544.432939][ T7180] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 544.615362][ T7189] F2FS-fs (loop2): Found nat_bits in checkpoint [ 544.703845][ T779] usb 1-1: device descriptor read/64, error -71 [ 545.255533][ T779] usb usb1-port1: attempt power cycle [ 545.371930][ T7189] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 545.379665][ T7189] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 545.843634][ T779] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 546.028129][ T779] usb 1-1: device descriptor read/8, error -71 [ 546.347180][ T779] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 546.707732][ T29] audit: type=1804 audit(1718139278.959:128): pid=7200 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir1719043618/syzkaller.6R1h9g/88/bus/bus" dev="loop1" ino=10 res=1 errno=0 [ 546.734648][ T29] audit: type=1804 audit(1718139279.509:129): pid=7206 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir1161595712/syzkaller.yS1kHe/88/bus/bus" dev="loop2" ino=10 res=1 errno=0 [ 546.760501][ T29] audit: type=1804 audit(1718139279.519:130): pid=7203 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir1161595712/syzkaller.yS1kHe/88/bus/bus" dev="loop2" ino=10 res=1 errno=0 [ 546.787153][ T29] audit: type=1804 audit(1718139279.519:131): pid=7205 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir1161595712/syzkaller.yS1kHe/88/bus/bus" dev="loop2" ino=10 res=1 errno=0 [ 547.057343][ T779] usb 1-1: device descriptor read/8, error -71 [ 547.238604][ T779] usb usb1-port1: unable to enumerate USB device [ 548.865480][ T7218] loop0: detected capacity change from 0 to 512 [ 548.988312][ T7218] ======================================================= [ 548.988312][ T7218] WARNING: The mand mount option has been deprecated and [ 548.988312][ T7218] and is ignored by this kernel. Remove the mand [ 548.988312][ T7218] option from the mount to silence this warning. [ 548.988312][ T7218] ======================================================= [ 549.225056][ T7218] EXT4-fs error (device loop0): ext4_orphan_get:1420: comm syz-executor.0: bad orphan inode 15 [ 549.288710][ T7218] ext4_test_bit(bit=14, block=5) = 0 [ 549.294410][ T7218] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 550.286946][ T7225] loop4: detected capacity change from 0 to 40427 [ 550.320340][ T7225] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 550.328664][ T7225] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 550.349037][ T7225] F2FS-fs (loop4): invalid crc value [ 550.576909][ T7225] F2FS-fs (loop4): Mismatch valid blocks 0 vs. 2 [ 550.609055][ T7225] F2FS-fs (loop4): Failed to initialize F2FS segment manager (-117) [ 552.209940][ T7232] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 552.304098][ T7232] macvtap2: entered promiscuous mode [ 552.310586][ T7232] macvtap2: entered allmulticast mode [ 552.328599][ T7232] 8021q: adding VLAN 0 to HW filter on device macvtap2 [ 553.163907][ T7223] EXT4-fs error (device loop0): ext4_validate_block_bitmap:432: comm ext4lazyinit: bg 0: block 13: invalid block bitmap [ 554.215654][ T7252] loop4: detected capacity change from 0 to 512 [ 554.236067][ T7252] EXT4-fs: Ignoring removed mblk_io_submit option [ 554.299168][ T7252] EXT4-fs (loop4): Test dummy encryption mode enabled [ 554.356483][ T7252] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a064e01c, mo2=0102] [ 554.410837][ T7252] System zones: 1-12 [ 554.511418][ T7252] EXT4-fs error (device loop4): ext4_orphan_get:1394: inode #15: comm syz-executor.4: casefold flag without casefold feature [ 554.591480][ T7252] EXT4-fs error (device loop4): ext4_orphan_get:1399: comm syz-executor.4: couldn't read orphan inode 15 (err -117) [ 554.695823][ T7252] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 555.094174][ T10] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 555.297307][ T10] usb 4-1: device descriptor read/64, error -71 [ 555.348681][ T7252] fscrypt: AES-256-CBC-CTS using implementation "cts(cbc(ecb(aes-fixed-time)))" [ 555.604874][ T10] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 555.633428][ T7252] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 555.853564][ T10] usb 4-1: device descriptor read/64, error -71 [ 556.029126][ T10] usb usb4-port1: attempt power cycle [ 556.766348][ T7264] loop4: detected capacity change from 0 to 40427 [ 556.853434][ T7264] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 556.861724][ T7264] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 556.978328][ T7264] F2FS-fs (loop4): Found nat_bits in checkpoint [ 557.243467][ T10] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 557.309734][ T7264] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 557.317520][ T7264] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 557.333754][ T10] usb 4-1: device descriptor read/8, error -71 [ 557.716813][ T10] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 559.601993][ T5074] Bluetooth: hci0: command 0x0406 tx timeout [ 559.664738][ T29] audit: type=1804 audit(1718139292.529:132): pid=7272 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir3053022532/syzkaller.Ys4Ymj/23/bus/bus" dev="loop4" ino=10 res=1 errno=0 [ 559.782158][ T29] audit: type=1804 audit(1718139292.559:133): pid=7271 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.4" name="/root/syzkaller-testdir3053022532/syzkaller.Ys4Ymj/23/bus/bus" dev="loop4" ino=10 res=1 errno=0 [ 559.890936][ T10] usb 4-1: device descriptor read/8, error -71 [ 560.061411][ T10] usb usb4-port1: unable to enumerate USB device [ 561.796382][ T7289] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 561.935981][ T7289] macvtap3: entered promiscuous mode [ 561.942510][ T7289] macvtap3: entered allmulticast mode [ 561.960581][ T7289] 8021q: adding VLAN 0 to HW filter on device macvtap3 [ 562.744980][ T7288] loop2: detected capacity change from 0 to 40427 [ 562.764842][ T7288] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 562.778120][ T7288] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 562.815022][ T7288] F2FS-fs (loop2): invalid crc value [ 562.872671][ T7288] F2FS-fs (loop2): Mismatch valid blocks 0 vs. 2 [ 562.901253][ T7288] F2FS-fs (loop2): Failed to initialize F2FS segment manager (-117) [ 564.576913][ C0] vxcan0: j1939_tp_rxtimer: 0xffff8880441f4400: rx timeout, send abort [ 565.085567][ C0] vxcan0: j1939_tp_rxtimer: 0xffff8880441f4400: abort rx timeout. Force session deactivation [ 565.153554][ T7305] loop1: detected capacity change from 0 to 512 [ 565.235346][ T7305] EXT4-fs: Ignoring removed mblk_io_submit option [ 565.279839][ T7305] EXT4-fs (loop1): Test dummy encryption mode enabled [ 565.363706][ T7305] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a064e01c, mo2=0102] [ 565.455697][ T7305] System zones: 1-12 [ 565.546412][ T7305] EXT4-fs error (device loop1): ext4_orphan_get:1394: inode #15: comm syz-executor.1: casefold flag without casefold feature [ 565.581728][ T7305] EXT4-fs error (device loop1): ext4_orphan_get:1399: comm syz-executor.1: couldn't read orphan inode 15 (err -117) [ 565.646827][ T7305] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 566.103718][ T7305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 567.574816][ T7322] loop1: detected capacity change from 0 to 40427 [ 567.634113][ T7322] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 567.642145][ T7322] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 567.757803][ T7322] F2FS-fs (loop1): Found nat_bits in checkpoint [ 567.954046][ T25] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 568.050122][ T7322] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 568.057531][ T7322] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 569.567938][ T25] usb 5-1: device descriptor read/64, error -71 [ 569.593785][ T29] audit: type=1804 audit(1718139302.339:134): pid=7330 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir1719043618/syzkaller.6R1h9g/93/bus/bus" dev="loop1" ino=10 res=1 errno=0 [ 571.867651][ T7343] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 571.978023][ T7343] macvtap4: entered promiscuous mode [ 571.992786][ T7343] macvtap4: entered allmulticast mode [ 572.004386][ T7343] 8021q: adding VLAN 0 to HW filter on device macvtap4 [ 572.136216][ T5074] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 572.157217][ T5074] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 572.178892][ T5074] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 572.211914][ T5074] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 572.222999][ T5074] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 572.233852][ T5074] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 573.911191][ T7345] chnl_net:caif_netlink_parms(): no params data found [ 574.363683][ T5080] Bluetooth: hci5: command tx timeout [ 575.334814][ T4029] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 575.515277][ T4029] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 575.667549][ T4029] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 575.898476][ T4029] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 576.452926][ T5080] Bluetooth: hci5: command tx timeout [ 576.539808][ T4029] bridge_slave_1: left allmulticast mode [ 576.547272][ T4029] bridge_slave_1: left promiscuous mode [ 576.556498][ T4029] bridge0: port 2(bridge_slave_1) entered disabled state [ 576.655587][ T4029] bridge_slave_0: left allmulticast mode [ 576.661524][ T4029] bridge_slave_0: left promiscuous mode [ 576.668563][ T4029] bridge0: port 1(bridge_slave_0) entered disabled state [ 576.738213][ T29] audit: type=1326 audit(1718139309.569:135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7372 comm="syz-executor.1" exe="/root/syz-executor.1" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f261d67cea9 code=0x0 [ 577.751182][ T4029] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 577.902978][ T4029] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 578.087896][ T4029] bond0 (unregistering): Released all slaves [ 578.527380][ T5080] Bluetooth: hci5: command tx timeout [ 579.027684][ T7345] bridge0: port 1(bridge_slave_0) entered blocking state [ 579.035573][ T7345] bridge0: port 1(bridge_slave_0) entered disabled state [ 579.043433][ T7345] bridge_slave_0: entered allmulticast mode [ 579.058060][ T7345] bridge_slave_0: entered promiscuous mode [ 579.276391][ T7345] bridge0: port 2(bridge_slave_1) entered blocking state [ 579.284858][ T7345] bridge0: port 2(bridge_slave_1) entered disabled state [ 579.292489][ T7345] bridge_slave_1: entered allmulticast mode [ 579.301082][ T7345] bridge_slave_1: entered promiscuous mode [ 579.530152][ T7392] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 579.639199][ T7392] macvtap5: entered promiscuous mode [ 579.646194][ T7392] macvtap5: entered allmulticast mode [ 579.657541][ T7392] 8021q: adding VLAN 0 to HW filter on device macvtap5 [ 580.018709][ T7345] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 580.117548][ T5074] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 580.127487][ T5074] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 580.138151][ T5074] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 580.208411][ T5074] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 580.231566][ T5074] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 580.247830][ T7345] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 580.270176][ T5074] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 580.604160][ T4029] hsr_slave_0: left promiscuous mode [ 580.608440][ T5074] Bluetooth: hci5: command tx timeout [ 580.664713][ T4029] hsr_slave_1: left promiscuous mode [ 580.796666][ T7217] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 580.843814][ T4029] veth1_macvtap: left promiscuous mode [ 580.849740][ T4029] veth0_macvtap: left promiscuous mode [ 580.862228][ T4029] veth1_vlan: left promiscuous mode [ 580.872636][ T4029] veth0_vlan: left promiscuous mode [ 582.370482][ T5074] Bluetooth: hci0: command tx timeout [ 582.527022][ T4029] team0 (unregistering): Port device team_slave_1 removed [ 582.642573][ T4029] team0 (unregistering): Port device team_slave_0 removed [ 583.671846][ T7345] team0: Port device team_slave_0 added [ 584.158297][ T7345] team0: Port device team_slave_1 added [ 584.456824][ T5074] Bluetooth: hci0: command tx timeout [ 584.502728][ T7345] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 584.510276][ T7345] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 584.538335][ T7345] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 584.665224][ T7345] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 584.672438][ T7345] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 584.704324][ T7345] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 585.333070][ T7345] hsr_slave_0: entered promiscuous mode [ 585.344943][ T7345] hsr_slave_1: entered promiscuous mode [ 585.362081][ T7345] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 585.371853][ T7345] Cannot create hsr debugfs directory [ 586.528345][ T5074] Bluetooth: hci0: command tx timeout [ 586.924936][ T29] audit: type=1804 audit(1718139318.999:136): pid=7438 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir2929536695/syzkaller.JraNTG/110/bus" dev="sda1" ino=1954 res=1 errno=0 [ 586.985254][ T7395] chnl_net:caif_netlink_parms(): no params data found [ 587.049138][ T43] usb 2-1: new low-speed USB device number 4 using dummy_hcd [ 587.533786][ T43] usb 2-1: config index 0 descriptor too short (expected 1307, got 27) [ 587.542387][ T43] usb 2-1: config 0 has an invalid interface number: 0 but max is -1 [ 587.554714][ T43] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 0 [ 587.566944][ T43] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 is Bulk; changing to Interrupt [ 587.577740][ T43] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 587.873926][ T43] usb 2-1: string descriptor 0 read error: -22 [ 587.880923][ T43] usb 2-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=c3.de [ 587.890647][ T43] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 587.935329][ T7449] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 588.039859][ T43] usb 2-1: config 0 descriptor?? [ 588.102894][ T7449] macvtap3: entered promiscuous mode [ 588.109773][ T7449] macvtap3: entered allmulticast mode [ 588.120883][ T7449] 8021q: adding VLAN 0 to HW filter on device macvtap3 [ 588.122534][ T43] hub 2-1:0.0: bad descriptor, ignoring hub [ 588.134436][ T43] hub 2-1:0.0: probe with driver hub failed with error -5 [ 588.151686][ T43] input: USB Acecad 302 Tablet 0460:0008 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input24 [ 588.584821][ T43] usb 2-1: USB disconnect, device number 4 [ 588.605738][ T5074] Bluetooth: hci0: command tx timeout [ 589.109545][ T7345] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 589.220288][ T7345] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 589.355116][ T7345] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 589.485142][ T7345] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 589.875420][ T7395] bridge0: port 1(bridge_slave_0) entered blocking state [ 589.883517][ T7395] bridge0: port 1(bridge_slave_0) entered disabled state [ 589.891493][ T7395] bridge_slave_0: entered allmulticast mode [ 589.996262][ T7395] bridge_slave_0: entered promiscuous mode [ 590.126898][ T7395] bridge0: port 2(bridge_slave_1) entered blocking state [ 590.134945][ T7395] bridge0: port 2(bridge_slave_1) entered disabled state [ 590.142927][ T7395] bridge_slave_1: entered allmulticast mode [ 590.152938][ T7395] bridge_slave_1: entered promiscuous mode [ 590.599375][ T7395] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 590.764951][ T7395] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 591.084860][ T7395] team0: Port device team_slave_0 added [ 591.165714][ T7395] team0: Port device team_slave_1 added [ 591.602633][ T7395] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 591.609968][ T7395] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 591.636355][ T7395] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 591.852061][ T4412] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 592.010096][ T7395] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 592.017619][ T7395] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 592.044337][ T7395] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 592.139348][ T4412] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 592.278247][ T4412] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 592.573669][ T4412] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 592.836459][ T7395] hsr_slave_0: entered promiscuous mode [ 592.862939][ T1222] ieee802154 phy0 wpan0: encryption failed: -22 [ 592.869775][ T1222] ieee802154 phy1 wpan1: encryption failed: -22 [ 592.949775][ T7395] hsr_slave_1: entered promiscuous mode [ 593.011596][ T7395] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 593.019543][ T7395] Cannot create hsr debugfs directory [ 593.265897][ T7345] 8021q: adding VLAN 0 to HW filter on device bond0 [ 593.716452][ T4412] bridge_slave_1: left allmulticast mode [ 593.722512][ T4412] bridge_slave_1: left promiscuous mode [ 593.729449][ T4412] bridge0: port 2(bridge_slave_1) entered disabled state [ 593.984146][ T4412] bridge_slave_0: left allmulticast mode [ 593.990087][ T4412] bridge_slave_0: left promiscuous mode [ 593.997041][ T4412] bridge0: port 1(bridge_slave_0) entered disabled state [ 594.595341][ T4412] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 594.702531][ T4412] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 594.807499][ T4412] bond0 (unregistering): Released all slaves [ 595.098548][ T7499] loop3: detected capacity change from 0 to 256 [ 595.122881][ T7345] 8021q: adding VLAN 0 to HW filter on device team0 [ 595.241164][ T25] bridge0: port 1(bridge_slave_0) entered blocking state [ 595.249059][ T25] bridge0: port 1(bridge_slave_0) entered forwarding state [ 595.580536][ T7499] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x4ec6003b, utbl_chksum : 0xe619d30d) [ 595.762514][ T25] bridge0: port 2(bridge_slave_1) entered blocking state [ 595.770410][ T25] bridge0: port 2(bridge_slave_1) entered forwarding state [ 596.423322][ T4412] hsr_slave_0: left promiscuous mode [ 596.439879][ T4412] hsr_slave_1: left promiscuous mode [ 596.481407][ T4412] veth1_macvtap: left promiscuous mode [ 596.487873][ T4412] veth0_macvtap: left promiscuous mode [ 596.494057][ T4412] veth1_vlan: left promiscuous mode [ 596.499549][ T4412] veth0_vlan: left promiscuous mode [ 597.527342][ T4412] team0 (unregistering): Port device team_slave_1 removed [ 597.630961][ T4412] team0 (unregistering): Port device team_slave_0 removed [ 598.009238][ T7510] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 598.064496][ T7510] macvtap3: entered promiscuous mode [ 598.070989][ T7510] macvtap3: entered allmulticast mode [ 598.082153][ T7510] 8021q: adding VLAN 0 to HW filter on device macvtap3 [ 599.287417][ T7395] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 599.434721][ T7395] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 599.574965][ T7395] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 599.742489][ T7395] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 601.253567][ T7345] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 601.452271][ T7395] 8021q: adding VLAN 0 to HW filter on device bond0 [ 601.704491][ T7395] 8021q: adding VLAN 0 to HW filter on device team0 [ 601.786866][ T5144] bridge0: port 1(bridge_slave_0) entered blocking state [ 601.794523][ T5144] bridge0: port 1(bridge_slave_0) entered forwarding state [ 601.867132][ T5144] bridge0: port 2(bridge_slave_1) entered blocking state [ 601.874960][ T5144] bridge0: port 2(bridge_slave_1) entered forwarding state [ 602.173916][ T7395] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 605.916915][ T7565] warning: `syz-executor.2' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 606.323384][ T7571] loop3: detected capacity change from 0 to 256 [ 606.437236][ T7569] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 606.500477][ T7571] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x933440df, utbl_chksum : 0xe619d30d) [ 606.549270][ T7569] macvtap4: entered promiscuous mode [ 606.555837][ T7569] macvtap4: entered allmulticast mode [ 606.566585][ T7569] 8021q: adding VLAN 0 to HW filter on device macvtap4 [ 607.351388][ T7578] netlink: 6 bytes leftover after parsing attributes in process `syz-executor.3'. [ 612.474863][ T8] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 612.540050][ T7395] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 613.567360][ T7345] veth0_vlan: entered promiscuous mode [ 613.857697][ T7584] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 613.941497][ T7395] veth0_vlan: entered promiscuous mode [ 614.047538][ T7345] veth1_vlan: entered promiscuous mode [ 614.193280][ T7395] veth1_vlan: entered promiscuous mode [ 614.748122][ T7345] veth0_macvtap: entered promiscuous mode [ 614.853805][ T7580] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 614.879956][ T7395] veth0_macvtap: entered promiscuous mode [ 614.956238][ T7345] veth1_macvtap: entered promiscuous mode [ 615.039500][ T7395] veth1_macvtap: entered promiscuous mode [ 615.344640][ T7345] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 615.355635][ T7345] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 615.366590][ T7345] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 615.377273][ T7345] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 615.391095][ T7345] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 615.403587][ T7580] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 615.415109][ T7580] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 615.425601][ T7580] usb 3-1: New USB device found, idVendor=1d34, idProduct=000a, bcdDevice= 0.00 [ 615.435198][ T7580] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 615.538459][ T7395] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 615.549573][ T7395] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 615.559673][ T7395] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 615.570494][ T7395] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 615.580628][ T7395] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 615.591290][ T7395] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 615.611562][ T7395] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 615.624571][ T7580] usb 3-1: config 0 descriptor?? [ 615.876531][ T7345] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 615.898617][ T7345] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 615.910463][ T7345] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 615.923720][ T7345] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 615.940006][ T7345] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 616.008280][ T7395] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 616.022073][ T7395] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 616.033311][ T7395] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 616.044433][ T7395] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 616.054597][ T7395] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 616.065318][ T7395] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 616.079197][ T7395] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 616.296978][ T7395] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 616.306216][ T7395] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 616.315320][ T7395] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 616.327044][ T7395] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 616.406337][ T7345] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 616.415854][ T7345] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 616.427386][ T7345] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 616.437012][ T7345] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 617.395182][ T7580] usbhid 3-1:0.0: can't add hid device: -71 [ 617.401923][ T7580] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 617.554738][ T7580] usb 3-1: USB disconnect, device number 4 [ 619.862875][ T7631] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 619.952454][ T7631] macvtap5: entered promiscuous mode [ 619.959251][ T7631] macvtap5: entered allmulticast mode [ 619.970492][ T7631] 8021q: adding VLAN 0 to HW filter on device macvtap5 [ 623.555355][ T779] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 623.870446][ T7682] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 623.920971][ T7682] macvtap6: entered promiscuous mode [ 623.928059][ T7682] macvtap6: entered allmulticast mode [ 623.939357][ T7682] 8021q: adding VLAN 0 to HW filter on device macvtap6 [ 623.950726][ T4029] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 623.959248][ T4029] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 624.106127][ T3961] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 624.114581][ T3961] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 624.182022][ T4029] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 624.187805][ T779] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 624.191693][ T4029] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 624.201713][ T779] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 624.201945][ T779] usb 3-1: New USB device found, idVendor=1d34, idProduct=000a, bcdDevice= 0.00 [ 624.202113][ T779] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 624.332969][ T779] usb 3-1: config 0 descriptor?? [ 624.406416][ T4029] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 624.418880][ T4029] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 625.394925][ T7685] loop0: detected capacity change from 0 to 40427 [ 625.459133][ T7685] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 625.467880][ T7685] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 625.563019][ T7685] F2FS-fs (loop0): Found nat_bits in checkpoint [ 625.830539][ T7685] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 625.838209][ T7685] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 628.477415][ T29] audit: type=1804 audit(1718139359.619:137): pid=7698 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir2321746050/syzkaller.gKGoXe/0/bus/bus" dev="loop0" ino=10 res=1 errno=0 [ 628.503415][ T29] audit: type=1804 audit(1718139359.629:138): pid=7695 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir2321746050/syzkaller.gKGoXe/0/bus/bus" dev="loop0" ino=10 res=1 errno=0 [ 628.685786][ T779] usbhid 3-1:0.0: can't add hid device: -71 [ 628.692583][ T779] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 628.790382][ T779] usb 3-1: USB disconnect, device number 5 [ 629.500105][ T7707] loop4: detected capacity change from 0 to 512 [ 629.804157][ T7707] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 629.817690][ T7707] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 629.956257][ T7707] EXT4-fs (loop4): 1 orphan inode deleted [ 629.962461][ T7707] EXT4-fs (loop4): 1 truncate cleaned up [ 629.968517][ T7707] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 630.104475][ T7707] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1216: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 630.155537][ T7707] EXT4-fs (loop4): Remounting filesystem read-only [ 630.209495][ T7714] loop3: detected capacity change from 0 to 1024 [ 630.343440][ T7714] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 630.494924][ T7345] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 631.551301][ T7727] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 631.561554][ T7727] ip6gre0: entered promiscuous mode [ 631.567653][ T7727] ip6gre0: entered allmulticast mode [ 632.250573][ T29] audit: type=1326 audit(1718139365.069:139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7733 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc0ee67cea9 code=0x7ffc0000 [ 632.274350][ T29] audit: type=1326 audit(1718139365.069:140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7733 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc0ee67cea9 code=0x7ffc0000 [ 632.381649][ T29] audit: type=1326 audit(1718139365.179:141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7733 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc0ee67cea9 code=0x7ffc0000 [ 632.411415][ T29] audit: type=1326 audit(1718139365.199:142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7733 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc0ee67cea9 code=0x7ffc0000 [ 632.436864][ T29] audit: type=1326 audit(1718139365.199:143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7733 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc0ee67cea9 code=0x7ffc0000 [ 632.460287][ T29] audit: type=1326 audit(1718139365.199:144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7733 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc0ee67cea9 code=0x7ffc0000 [ 632.483702][ T29] audit: type=1326 audit(1718139365.209:145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7733 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fc0ee67baa0 code=0x7ffc0000 [ 633.065777][ T7740] binder: BINDER_SET_CONTEXT_MGR already set [ 633.071968][ T7740] binder: 7738:7740 ioctl 4018620d 20000040 returned -16 [ 633.793693][ T7580] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 633.959793][ T7750] loop0: detected capacity change from 0 to 64 [ 634.015732][ T25] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 634.234101][ T7580] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 634.248242][ T7580] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 634.259325][ T7580] usb 2-1: New USB device found, idVendor=1d34, idProduct=000a, bcdDevice= 0.00 [ 634.268832][ T7580] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 634.293466][ T25] usb 3-1: Using ep0 maxpacket: 32 [ 634.324355][ T7580] usb 2-1: config 0 descriptor?? [ 634.434469][ T25] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 634.455666][ T25] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 634.468853][ T25] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 634.478773][ T25] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 634.511658][ T25] usb 3-1: config 0 descriptor?? [ 634.567880][ T25] hub 3-1:0.0: USB hub found [ 634.853994][ T25] hub 3-1:0.0: 1 port detected [ 635.037090][ T25] hub 3-1:0.0: hub_hub_status failed (err = -71) [ 635.043860][ T25] hub 3-1:0.0: config failed, can't get hub status (err -71) [ 635.194220][ T25] usbhid 3-1:0.0: can't add hid device: -71 [ 635.200804][ T25] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 635.293496][ T25] usb 3-1: USB disconnect, device number 6 [ 635.378105][ T5087] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 635.543378][ T7759] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 636.684169][ T7766] net_ratelimit: 2 callbacks suppressed [ 636.684231][ T7766] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 636.893937][ T7580] usbhid 2-1:0.0: can't add hid device: -71 [ 636.900478][ T7580] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 636.967038][ T7580] usb 2-1: USB disconnect, device number 5 [ 640.403710][ T7784] binder: BINDER_SET_CONTEXT_MGR already set [ 640.410069][ T7784] binder: 7782:7784 ioctl 4018620d 20000040 returned -16 [ 641.197694][ T7792] loop2: detected capacity change from 0 to 64 [ 642.006508][ T7797] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 643.371936][ T5144] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 643.917596][ T5144] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 643.928938][ T5144] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 643.939032][ T5144] usb 1-1: New USB device found, idVendor=1d34, idProduct=000a, bcdDevice= 0.00 [ 643.948618][ T5144] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 644.023852][ T5144] usb 1-1: config 0 descriptor?? [ 644.370035][ T7824] binder: BINDER_SET_CONTEXT_MGR already set [ 644.376591][ T7824] binder: 7822:7824 ioctl 4018620d 20000040 returned -16 [ 645.194093][ T29] audit: type=1326 audit(1718139377.969:146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7827 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f261d67cea9 code=0x7ffc0000 [ 645.219928][ T29] audit: type=1326 audit(1718139377.989:147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7827 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f261d67cea9 code=0x7ffc0000 [ 645.244056][ T29] audit: type=1326 audit(1718139378.029:148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7827 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f261d67cea9 code=0x7ffc0000 [ 645.267591][ T29] audit: type=1326 audit(1718139378.029:149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7827 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f261d67cea9 code=0x7ffc0000 [ 646.156058][ T5144] usbhid 1-1:0.0: can't add hid device: -71 [ 646.162869][ T5144] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 646.264084][ T5144] usb 1-1: USB disconnect, device number 11 [ 647.864887][ T5080] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 647.904879][ T5080] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 647.930564][ T5080] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 647.985344][ T5080] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 648.001256][ T5080] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 648.017486][ T5080] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 649.554757][ T3756] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 649.677279][ T7852] syz-executor.1[7852] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 649.677807][ T7852] syz-executor.1[7852] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 649.769610][ T3756] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 649.820660][ T7854] syz-executor.3[7854] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 649.822247][ T7854] syz-executor.3[7854] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 649.860569][ T7841] chnl_net:caif_netlink_parms(): no params data found [ 650.002619][ T3756] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 650.135184][ T5074] Bluetooth: hci2: command tx timeout [ 650.293089][ T3756] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 650.393049][ T7858] binder: BINDER_SET_CONTEXT_MGR already set [ 650.399681][ T7858] binder: 7857:7858 ioctl 4018620d 20000040 returned -16 [ 650.840167][ T3756] bridge_slave_1: left allmulticast mode [ 650.847058][ T3756] bridge_slave_1: left promiscuous mode [ 650.854286][ T3756] bridge0: port 2(bridge_slave_1) entered disabled state [ 650.885493][ T3756] bridge_slave_0: left allmulticast mode [ 650.891322][ T3756] bridge_slave_0: left promiscuous mode [ 650.898878][ T3756] bridge0: port 1(bridge_slave_0) entered disabled state [ 651.307136][ T7865] syz-executor.2[7865] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 651.307774][ T7865] syz-executor.2[7865] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 651.531432][ T3756] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 651.630016][ T3756] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 651.707410][ T3756] bond0 (unregistering): Released all slaves [ 652.207025][ T5074] Bluetooth: hci2: command tx timeout [ 652.691383][ T3756] hsr_slave_0: left promiscuous mode [ 652.751910][ T3756] hsr_slave_1: left promiscuous mode [ 652.785426][ T3756] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 652.793757][ T3756] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 652.825549][ T3756] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 652.833543][ T3756] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 652.903277][ T3756] veth1_macvtap: left promiscuous mode [ 652.909163][ T3756] veth0_macvtap: left promiscuous mode [ 652.915163][ T3756] veth1_vlan: left promiscuous mode [ 652.920628][ T3756] veth0_vlan: left promiscuous mode [ 653.895106][ T3756] team0 (unregistering): Port device team_slave_1 removed [ 653.930375][ T3756] team0 (unregistering): Port device team_slave_0 removed [ 654.384985][ T5074] Bluetooth: hci2: command tx timeout [ 654.393114][ T1222] ieee802154 phy1 wpan1: encryption failed: -22 [ 655.114404][ T7841] bridge0: port 1(bridge_slave_0) entered blocking state [ 655.122236][ T7841] bridge0: port 1(bridge_slave_0) entered disabled state [ 655.138287][ T7841] bridge_slave_0: entered allmulticast mode [ 655.147806][ T7841] bridge_slave_0: entered promiscuous mode [ 655.242326][ T7841] bridge0: port 2(bridge_slave_1) entered blocking state [ 655.250360][ T7841] bridge0: port 2(bridge_slave_1) entered disabled state [ 655.258719][ T7841] bridge_slave_1: entered allmulticast mode [ 655.268405][ T7841] bridge_slave_1: entered promiscuous mode [ 655.509808][ T7841] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 655.612236][ T7841] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 655.927325][ T7841] team0: Port device team_slave_0 added [ 656.009099][ T7841] team0: Port device team_slave_1 added [ 656.378739][ T7841] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 656.387392][ T7841] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 656.413735][ T7841] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 656.444299][ T5074] Bluetooth: hci2: command tx timeout [ 656.597441][ T7841] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 656.604861][ T7841] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 656.631363][ T7841] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 657.208761][ T7841] hsr_slave_0: entered promiscuous mode [ 657.256819][ T7841] hsr_slave_1: entered promiscuous mode [ 657.293818][ T7841] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 657.302220][ T7841] Cannot create hsr debugfs directory [ 657.891112][ T7898] binder: BINDER_SET_CONTEXT_MGR already set [ 657.900521][ T7898] binder: 7897:7898 ioctl 4018620d 20000040 returned -16 [ 659.140620][ T7841] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 659.385023][ T7841] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 659.571832][ T7841] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 659.715846][ T7841] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 659.829252][ C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 659.974008][ T7911] loop3: detected capacity change from 0 to 32768 [ 660.143890][ T7911] bcachefs (loop3): mounting version 1.7: mi_btree_bitmap opts=metadata_checksum=crc64,data_checksum=xxhash,compression=gzip,str_hash=crc64,nojournal_transaction_names [ 660.164816][ T7911] bcachefs (loop3): recovering from clean shutdown, journal seq 7 [ 660.445780][ T7911] bcachefs (loop3): alloc_read... done [ 660.452039][ T7911] bcachefs (loop3): stripes_read... done [ 660.462159][ T7911] bcachefs (loop3): snapshots_read... done [ 660.491957][ T7911] bcachefs (loop3): journal_replay... done [ 660.498447][ T7911] bcachefs (loop3): resume_logged_ops... done [ 660.512314][ T7911] bcachefs (loop3): going read-write [ 660.586064][ T7911] bcachefs (loop3): done starting filesystem [ 660.665269][ T7923] ===================================================== [ 660.672609][ T7923] BUG: KMSAN: uninit-value in crc64_be+0x202/0x310 [ 660.679790][ T7923] crc64_be+0x202/0x310 [ 660.684469][ T7923] bch2_checksum_update+0x15e/0x1d0 [ 660.689913][ T7923] bch2_checksum+0x3c5/0x7c0 [ 660.694874][ T7923] __bch2_btree_node_write+0x528c/0x67c0 [ 660.700778][ T7923] bch2_btree_node_write+0xa5/0x2e0 [ 660.706362][ T7923] __btree_node_flush+0x4d0/0x640 [ 660.711605][ T7923] bch2_btree_node_flush0+0x35/0x60 [ 660.717627][ T7923] journal_flush_pins+0xce6/0x1780 [ 660.722969][ T7923] __bch2_journal_reclaim+0xd88/0x1610 [ 660.729310][ T7923] bch2_journal_reclaim_thread+0x18e/0x760 [ 660.735446][ T7923] kthread+0x3e2/0x540 [ 660.739766][ T7923] ret_from_fork+0x6d/0x90 [ 660.744581][ T7923] ret_from_fork_asm+0x1a/0x30 [ 660.749573][ T7923] [ 660.751976][ T7923] Uninit was stored to memory at: [ 660.757476][ T7923] bch2_sort_keys+0x1b4d/0x2cb0 [ 660.765545][ T7923] __bch2_btree_node_write+0x3acd/0x67c0 [ 660.771570][ T7923] bch2_btree_node_write+0xa5/0x2e0 [ 660.779717][ T7923] __btree_node_flush+0x4d0/0x640 [ 660.785217][ T7923] bch2_btree_node_flush0+0x35/0x60 [ 660.790589][ T7923] journal_flush_pins+0xce6/0x1780 [ 660.796085][ T7923] __bch2_journal_reclaim+0xd88/0x1610 [ 660.801728][ T7923] bch2_journal_reclaim_thread+0x18e/0x760 [ 660.808227][ T7923] kthread+0x3e2/0x540 [ 660.812484][ T7923] ret_from_fork+0x6d/0x90 [ 660.817192][ T7923] ret_from_fork_asm+0x1a/0x30 [ 660.822191][ T7923] [ 660.824686][ T7923] Uninit was created at: [ 660.829184][ T7923] __kmalloc_large_node+0x231/0x370 [ 660.834800][ T7923] __kmalloc_node+0xb10/0x10c0 [ 660.839809][ T7923] kvmalloc_node+0xc0/0x2d0 [ 660.844604][ T7923] bch2_btree_node_read_done+0x4e68/0x75e0 [ 660.850646][ T7923] btree_node_read_work+0x8a5/0x1eb0 [ 660.856317][ T7923] bch2_btree_node_read+0x3d42/0x4b50 2024/06/11 20:56:33 SYZFATAL: failed to recv *flatrpc.HostMessageRaw: EOF [ 660.861960][ T7923] bch2_btree_root_read+0xa6c/0x13d0 [ 660.870752][ T7923] read_btree_roots+0x454/0xee0 [ 660.876788][ T7923] bch2_fs_recovery+0x7b6a/0x93e0 [ 660.882050][ T7923] bch2_fs_start+0x7b2/0xbd0 [ 660.887036][ T7923] bch2_fs_open+0x152a/0x15f0 [ 660.891989][ T7923] bch2_mount+0x90d/0x1d90 [ 660.897210][ T7923] legacy_get_tree+0x114/0x290 [ 660.902313][ T7923] vfs_get_tree+0xa7/0x570 [ 660.907106][ T7923] do_new_mount+0x71f/0x15e0 [ 660.911921][ T7923] path_mount+0x742/0x1f20 [ 660.916670][ T7923] __se_sys_mount+0x725/0x810 [ 660.921541][ T7923] __x64_sys_mount+0xe4/0x150 [ 660.928647][ T7923] x64_sys_call+0x2bf4/0x3b50 [ 660.934163][ T7923] do_syscall_64+0xcf/0x1e0 [ 660.939100][ T7923] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 660.945410][ T7923] [ 660.947846][ T7923] CPU: 0 PID: 7923 Comm: bch-reclaim/loo Not tainted 6.9.0-syzkaller-02707-g614da38e2f7a #0 [ 660.958306][ T7923] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 660.971326][ T7923] ===================================================== [ 660.979344][ T7923] Disabling lock debugging due to kernel taint [ 660.986331][ T7923] Kernel panic - not syncing: kmsan.panic set ... [ 660.992888][ T7923] CPU: 0 PID: 7923 Comm: bch-reclaim/loo Tainted: G B 6.9.0-syzkaller-02707-g614da38e2f7a #0 [ 661.004663][ T7923] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 661.014874][ T7923] Call Trace: [ 661.018268][ T7923] [ 661.021311][ T7923] dump_stack_lvl+0x216/0x2d0 [ 661.026195][ T7923] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 661.032188][ T7923] dump_stack+0x1e/0x30 [ 661.036556][ T7923] panic+0x4e2/0xcd0 [ 661.040694][ T7923] ? kmsan_get_metadata+0xf1/0x1d0 [ 661.046004][ T7923] kmsan_report+0x2d5/0x2e0 [ 661.050683][ T7923] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 661.056662][ T7923] ? __msan_warning+0x95/0x120 [ 661.061586][ T7923] ? crc64_be+0x202/0x310 [ 661.066080][ T7923] ? bch2_checksum_update+0x15e/0x1d0 [ 661.071646][ T7923] ? bch2_checksum+0x3c5/0x7c0 [ 661.076589][ T7923] ? __bch2_btree_node_write+0x528c/0x67c0 [ 661.082647][ T7923] ? bch2_btree_node_write+0xa5/0x2e0 [ 661.088347][ T7923] ? __btree_node_flush+0x4d0/0x640 [ 661.093729][ T7923] ? bch2_btree_node_flush0+0x35/0x60 [ 661.099317][ T7923] ? journal_flush_pins+0xce6/0x1780 [ 661.104791][ T7923] ? __bch2_journal_reclaim+0xd88/0x1610 [ 661.110698][ T7923] ? bch2_journal_reclaim_thread+0x18e/0x760 [ 661.116873][ T7923] ? kthread+0x3e2/0x540 [ 661.121312][ T7923] ? ret_from_fork+0x6d/0x90 [ 661.126074][ T7923] ? ret_from_fork_asm+0x1a/0x30 [ 661.131220][ T7923] ? filter_irq_stacks+0x60/0x1a0 [ 661.136507][ T7923] ? stack_depot_save_flags+0x2c/0x6e0 [ 661.142194][ T7923] ? kmsan_get_metadata+0x146/0x1d0 [ 661.147582][ T7923] ? kmsan_get_metadata+0x146/0x1d0 [ 661.152981][ T7923] ? kmsan_internal_set_shadow_origin+0x66/0xe0 [ 661.159478][ T7923] ? kmsan_get_metadata+0x146/0x1d0 [ 661.164860][ T7923] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 661.170868][ T7923] ? kmsan_get_metadata+0x146/0x1d0 [ 661.176254][ T7923] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 661.182280][ T7923] __msan_warning+0x95/0x120 [ 661.187040][ T7923] crc64_be+0x202/0x310 [ 661.191448][ T7923] bch2_checksum_update+0x15e/0x1d0 [ 661.196876][ T7923] bch2_checksum+0x3c5/0x7c0 [ 661.201729][ T7923] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 661.207746][ T7923] ? kmsan_get_metadata+0x146/0x1d0 [ 661.213138][ T7923] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 661.219163][ T7923] ? bch2_sort_keys+0x2bf8/0x2cb0 [ 661.224428][ T7923] ? kvmalloc_node+0xc0/0x2d0 [ 661.229298][ T7923] ? kmsan_get_metadata+0x146/0x1d0 [ 661.234680][ T7923] ? kmsan_get_metadata+0x146/0x1d0 [ 661.240066][ T7923] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 661.246067][ T7923] __bch2_btree_node_write+0x528c/0x67c0 [ 661.251924][ T7923] ? kmsan_get_metadata+0x146/0x1d0 [ 661.257389][ T7923] bch2_btree_node_write+0xa5/0x2e0 [ 661.262813][ T7923] __btree_node_flush+0x4d0/0x640 [ 661.268028][ T7923] ? __btree_node_flush+0xd1/0x640 [ 661.273358][ T7923] ? __pfx_bch2_btree_node_flush0+0x10/0x10 [ 661.279449][ T7923] bch2_btree_node_flush0+0x35/0x60 [ 661.284842][ T7923] journal_flush_pins+0xce6/0x1780 [ 661.290202][ T7923] __bch2_journal_reclaim+0xd88/0x1610 [ 661.295864][ T7923] ? kmsan_get_metadata+0x146/0x1d0 [ 661.301286][ T7923] bch2_journal_reclaim_thread+0x18e/0x760 [ 661.307321][ T7923] kthread+0x3e2/0x540 [ 661.311587][ T7923] ? __pfx_bch2_journal_reclaim_thread+0x10/0x10 [ 661.318146][ T7923] ? __pfx_kthread+0x10/0x10 [ 661.322948][ T7923] ret_from_fork+0x6d/0x90 [ 661.327546][ T7923] ? __pfx_kthread+0x10/0x10 [ 661.332336][ T7923] ret_from_fork_asm+0x1a/0x30 [ 661.337323][ T7923] [ 661.340762][ T7923] Kernel Offset: disabled [ 661.345159][ T7923] Rebooting in 86400 seconds..