last executing test programs: 4.759015709s ago: executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0x12, 0x6, 0x8, 0x2}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000000000000000000000b0770018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='mm_page_alloc\x00', r1}, 0x10) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='pids.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x12, r2, 0x0) ftruncate(r2, 0xc17a) mount$overlay(0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f00000009c0)=ANY=[@ANYBLOB="850000002e000000260000000000048695000000000000006884d1d9fe4c9ce4c8b7a8e93bb97683352dbbdb85d8965f40a937d185319dc353a5b7b7bf0365836f54ae60375c46827cb4d9f8a15bddba79096be7d495c19b3afaa67d2aea409ea69c67cc026d1f0d509b0055e7a371960c7eef346408ecc4881bcad031b1249592ccc129485120730762afd7006f54bd541f8be0902162f15e7539ad6623a985526464b4539a3c1d1514fe832e9c47f1c53ca2614ff008000000000000009a86746c75adf63fe215c2b2ca38e4f62f682ef561ee6352c07f000000000000008f31663bd222d47fd495ad27124c6b0ccd413b1435b2dbbe4674eb2b31bb3d0bb8aebfc7ee253e10d04a9e555df0c100e80c53d628404a"], &(0x7f0000000000)='GPL\x00', 0x5, 0x487, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffffffffffdfd}, 0x48) 4.736352132s ago: executing program 3: bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x0, 0x4, 0x0, 0x5}, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) mkdir(&(0x7f0000000400)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f00000001c0)=0x7) r0 = getpid() sched_setaffinity(0x0, 0xfffffe8a, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x7}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000300)='sched_switch\x00', r4}, 0x10) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) 3.999822987s ago: executing program 2: mkdir(&(0x7f0000000340)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r2, &(0x7f00000012c0)=ANY=[@ANYBLOB="b0"], 0xb0) getresuid(&(0x7f0000000440), &(0x7f0000000480), &(0x7f00000004c0)=0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',privport,access=', @ANYRESDEC=r3]) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x6}, 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r5}, 0x10) lgetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f00000003c0)=@known='trusted.overlay.redirect\x00', 0x0, 0x0) 3.98047464s ago: executing program 2: r0 = fsopen(&(0x7f0000000000)='debugfs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000080)='\x00', &(0x7f0000000100)=',(#}%~\xea/\x19\x9ev\xc55\x8d\f$X\xa3\x9e\x15bj\x1fU\xb2xiBXc\xa8\xa2\xd1\r\xf0\x9a\x15v\b\xd5\xfec\xd8|,@\xaa\v\nS\x1d\x89\x94U\xc5\xff\xdb\xa1\xb6\xa6Pu~V\x88\x80\f\x93\x90e\xfb\xcdV\x9f\x88\xe3G\x19\x17\xb2\xe1y\x94:x\x1d\xa2s\xc8\x11\x92}\xde\xbb\x01\xf8\x9bn9\x10\xd4\xbe\x05\x12\xc4+\n\x1c(\x17\"p\xfc\xd6\x8c\x05\xd56\xc9\xb6\xd2\x97\xac\x80\xd7\xa3\xf1\x11\x01u\x16g\xe4\x1b\x11^\xff\xd7\x1a\x12\xf2%\xe6\x80\x0e\x86\xb0\xc3\x10\xbe\x0f3X\x92\xeb \x87(9]\x06\x8d\xb1p\"&hQ\xc5IB-\x9a\xeaw;\x1d\xbbq1]6\r@\xde*\x13\x11@A\rC\xce\b\x89v\xf3\x94\x05\xc6\x01\xe13\a\xd4\x94\x81\x1d\a\xfc\x12\xce/\xd4\x13\xe6\x1ff\xb2\x99\x96w\x86\xfd\xe8\xe2\xd1\x9c\t\x88\x8f^\xa0\'\xd7\xea\x05\x91\xc7K\xacea\x90G\xc9\x8e\xd8\x8a\xb6\x94\xda-\x1c;\x01\xbf\xe6ST\xbcc\x8e~\xda\xfb\x99\xd4\x18*\x12\xae\xef\xed\x98\xba\x8adr\xfd\xdcqv`\xc9SOB\xab+\xe4\x99\x1b\xe8\xcf\xa3nyb\x86\x99&\xe5\xe7gb\xee\x85\xc8\x97\x85\x1e\x97\xc7\a\xdf5\x18\x8c7.\xa3\x13\xf7\xf8i', 0x0) 3.973609221s ago: executing program 2: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000340)=ANY=[@ANYBLOB="12010000000000406c256d0000000000000109022400010000000009040000010300000009210000000122050009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000540)={0x2c, &(0x7f0000000200)={0x0, 0x0, 0x5, {0x5, 0x0, "a8c6df"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000002c0)={0x24, 0x0, &(0x7f0000000380)={0x0, 0x3, 0x2, @string={0x2}}, 0x0, 0x0}, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000400)={0x24, 0x0, &(0x7f00000000c0)={0x0, 0x3, 0x2, @string={0x2}}, 0x0, 0x0}, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r1, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r1, 0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) syz_usb_control_io$hid(r0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r3}, 0x10) syz_usb_control_io$hid(r0, &(0x7f0000000280)={0x24, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0003"], 0x0, 0x0}, 0x0) 3.85236116s ago: executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, "7e12ddc5a89047bf00"}) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000200)=0x2) read(r1, 0x0, 0x2006) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)) r2 = fcntl$dupfd(r1, 0x0, r0) timer_create(0x0, &(0x7f00000012c0)={0x0, 0x12}, &(0x7f0000000080)) ioctl$TIOCSSOFTCAR(r2, 0x541a, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r3 = gettid() tkill(r3, 0x14) 3.680398457s ago: executing program 3: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000090024206d041cc340000000000109022400010000a00009040000010301010009210008000122010009058103"], 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000240)={0x24, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000c000000070001", @ANYRES64=r0], 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000180)={0x84, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB=' '], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000001200)={0x84, 0x0, 0x0, 0x0, &(0x7f0000000040)={0x20, 0x0, 0x4, {0x1}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000001700)={0x2c, &(0x7f00000011c0)={0x0, 0x0, 0x4, "ba76598c"}, 0x0, 0x0, 0x0, 0x0}) 3.33818666s ago: executing program 0: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000000)='ext4_es_remove_extent\x00', r0}, 0x10) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000004000850000000f000000a50000000e00000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='ext4_es_remove_extent\x00', r1}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) 3.296264967s ago: executing program 0: syz_mount_image$f2fs(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='nobarrier,mode=lfs,fsync_mode=strict\x00acl,\x00'], 0x1, 0x552d, &(0x7f000000d000)="$eJzs3M1rI2UYAPAn7Xa7X65FPHjbgUVoYRM23Q/0VnUXP7BLWfXgSdMkDdlNMqVJ09qTB4/iwf9EFDx59G/w4NmbeFC8CUpmJrpdFVybtN3294PJM/PmnWeeN5TCMxMSwKm1kPz6cykux/mImI2ISxHZfqnYMit5eCEirkTEzCNbqRj/c+BsRFyIiMtxbnx6qXjr82vDq7d+euuXb76bP3Pxi6+/P5IFA8fCixHR3cz3d7p5TFt5fFCM14btLHZvDouYv9F9WBynedxprmcZdmrjebUs3mjl89PN7f4obnRq9VFstTey8c1efsH+sDXOk53woLaVHTea61ls99Mstvbyunb38v+Xe/1BnqdR5PsoSx+DwTjm483dZr6ezYdZrPcGxXieN200d0dxWMTiclFPO42sjvWDfNLH29vt3vZuMmxu9dtpL7lVqb5Uqd4uV7fSRnPQvFmudRu3byaLrc5oWnnQrHVXWmna6jQr9bS7lCy26vVytZos3mmut2u9pFqt3KhcL99aKvauJa/fey/pNJLFUXy13dsetDv9ZCPdSvIzlpLlyo2Xl5Kr1eSd1bVk7f7du6tr735w5/17r6y++Vox6W9lJYvL15eXy9Xr5eXq0ila/ydF0RNcPxxI6cmmz0+rDoCnyBT7/4iFPKf+H3jc9Pr/rfsR0+//Q/8/EU9V/3va+/8prB8O5An7fwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAATo4f5r58I9tZyI8vFuPPFEPPFceliJiJiN//wWyc3Zdztsgz9y/z5x6r4dtSZBlG15gvtgsRsVJsvz077U8BAAAATq6vPr7yWd6t5y8LR10Qhym/aTNz6cMJ5StFxNzCjxPKNjN6eX5CybK/7zOxO6Fs2Q2scxNKlt9yOzOpbP/J7L5w7pFQysPMoZYDAAAciv2dwOF2IQAAABymT4+6AI5GKcaPMsfPgrNv3v/1QPD8viMAAADgKM3/v9NKk64DAAAAOHay/t/v/wEAAMDJlv/+HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPAHO3eUozQQxwH435YKikZifDTxKPoGx/AIPvpoOICX4Ah4BS/AGfDNIxjY0OmSZcNudtNp2d18X9IO0ww/Zgg8zEwyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQp7/1evH75+dfXXN2+27yjAYAAAA4Z1uvF82LWapP2+fv2kcf2noREWVEnJu7V/HqJLOKiE8RUd/Rvr7Vhz8RTcLhM8bt9SYivrbX//d9fwsAAADwcm2Wq3marafb7NIdYkhp0aZ8+y1TXhER9exfprTykPcxU1jz+x7Fj0xpzQLWJFNYWnIb5Up7kObvfly1m9woilSU978/29gBAIABVSfFsLMQAAAAhvT9cPty6V7QXfW45kVcb2UetwLHqWi3916f1AAAAIBnqLh0BwAAAIDeNfP/vs7/mzr/DwAAAJ6EdP4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfdrW68VmuZp3zdntu8kzGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAK/bnHQVCIAzCYO/6zmTuf1hp0NTUpAqEj78xGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA3v/vL/4mpcSaZe20sPY8ka6fG1qmxd24c/WF8/RoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC42J/fDIhhKIqjd2Yy/75V9r/YuqS6hCrnEH7yJDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABu5H/EY50zXo0tyUjybLx7PZN8Omp8O2r8+mCuD8e8cCMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADY2bmf1ziqOADgb2Z2tmlVXKPkEBELHvRi021t7U08KMGDf4IQ0m2N3fqjzcGWIuTiTXLuRfQoIijx1v+h5xZ6qbcecqjguTK/kpc04KpkZtP9fODN+84wmfd9sxDynTdZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADYY/v93TgrNoMqTutj9x7fWi36+/v6wp3NB4tFK+KkzaSPhtfinWQh2plrPxkAAABmQ9bU9yGEh/nWctGng7L+z5tzipr/hxequKnn99f9Td/U/kX7/bdHr+wMNKjGKS56aW08Ov10Kr3Dm+V0e/Efz+iVd7589pKVH0j60cbL23l5P5Pv7t79oF+Gx9rIFgD4L041fR00fw8V/bDLxACYGb2o8G7q/2zQbU4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAbdjeCM81cRJCWOztxoX7j2+tHtTf2Xyw2LTzt29vxtcsLpGHEC6tjUenw1yLs5lu12/cvLIyHo+utR+8HkLoavT36ulf+WSCk0M4pDROdnTnZyxI6w97WvI5GkGHv5QAAHgm5XUr6vqH+dZycSyZD+HJj3vr/zejOExY/z/69Py9eKy4/h+2NsPpt7R+9cul6zduvr12deXy6PLo83fODN8dnr1w7tyFpfJZSbXtOk0AAACOsH7d4vo/nX96/f9EFIcJ6/+vvh9+E4+Vqf8PtLvo13UmAAAAs+2lk3/9mRxwPOn3w9cr6+vXhtV2Z/9Mte0g1X/tWN3i+j+b7zorAAAAoA3bG8me9f+LURwmXP9//qdXf4mvmYUQjtfr/6dWvxhfbG86U+1//Idw6E34413PEQAAgHY92fciw/G6xev/efn+f7pzZhpCeOuNKq6/BnCi+j/78Nuf47Hi9//PHvI8p126UN2Psl8IobfQdUYAAAA8y+bKNijr/z/yreXPfj3xcd/7/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABt+zsAAP//RP895g==") r0 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x6b142, 0x0) pwritev2(r0, &(0x7f0000000100)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x8000000, 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x0, 0x0) ioctl$F2FS_IOC_PRECACHE_EXTENTS(r1, 0xf50f, 0x0) 3.07959089s ago: executing program 0: syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000240)=ANY=[@ANYBLOB="1201000000000020d80402f00000000000010902"], 0x0) r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0) syz_usb_disconnect(r0) syz_usb_connect(0x0, 0x24, &(0x7f0000000200)=ANY=[], 0x0) syz_open_dev$usbfs(&(0x7f00000000c0), 0x0, 0x0) ioctl$EVIOCRMFF(r0, 0xc0085508, &(0x7f00000000c0)) 2.574314409s ago: executing program 4: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=@framed={{}, [@map_idx_val, @tail_call, @printk={@ld}, @initr0]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r0}, 0x10) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r3 = openat$cgroup_subtree(r2, &(0x7f0000000200), 0x2, 0x0) write$cgroup_subtree(r3, &(0x7f0000000080)={[{0x2b, 'cpu'}]}, 0x5) write$cgroup_subtree(r3, &(0x7f00000001c0)={[{0x2d, 'cpu'}]}, 0x5) r4 = openat$cgroup_type(r1, &(0x7f0000000040), 0x2, 0x0) write$cgroup_type(r4, &(0x7f0000000080), 0x9) 2.530165576s ago: executing program 4: ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0) syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000040)='./bus\x00', 0x1a0cc10, &(0x7f00000059c0)=ANY=[@ANYBLOB="66617374626f6f742c71756f7461002018bbdecde39739fcd1df176dde746ec834120600000000003b043ebd000000000072462abc30ef5b65c70f73ecea54b5e5bec5aca9836c319f653557e79a002208ceae6dda659bd5ba0f4ce5c2080002223dc60000000000000044cd0a1e36868736000000f6a55493b4b81d5b9fa9b40fe4d76afc3a989c6d60044e89eb96e44d01a1174e3797ffa86870b82939f41ffa0f3d726f085663c29cbdc4c766a73c3ffde033b57941ba92cbeb77cc369c71e57fafab52f325ca91e684160191acf5ae7469c82ab4145b595b987d75912afdcc1c061835294cc0c618aba204f8adaa20c80108d356cd887ba217c8f569e6d0caf75052a77056b06e7068c40f807d9e539f8f5b64a8ee0725aa8d00000000007cb6ac0d90ea79b8027cf75964dd86c2ed2b5e75779677a28c76b848dd03dab190b5f02ec52830f3ff01eaae1c3df076000000000000000000000000000083a48a6b926c668b9ba42490175018ea3619f9d80a0b894e212178e1a19909d764666264fa29e2c055fd7f8e67c2acfb75f0a8d41692f4542a575ee42ed94a0014fba44985cca9df12fe93bfaccf0122a6e7e593613ac011170182f99766e86fb125cc6799c43aa4dc708dc4a00a6decad26f037f0b3c3b61f1f6d388072a571da000000aec3dfbae348b5b494f6fddb9f56142a47a4995a430ca7eca421bd0ad198afa58ce69d61c29deaa93c0efea0f1415e90fd0400bad5f796374bb196e60e537b8ffca80a5ec3c5c063aab2c87a7824c4fbfab7264185e1b2e59012acbf3732abe75b848de8ec4aaba2e3c8cd14dd9bf9499952815b9fb34057a585a9c18a11f3d496825b3fcb0c8aa89e079fd7898eda864b302139b2b10597100846b55f7d0b050b7b0ef7e9c897c50b53404acdd701425323201b33465fddec69c37cb13fd441a830af5ea73f4ac82d7926eb0db1141003d148473077a76c3bee7e37dc799abb47bd67cde7958c50fb2d15c9cc196e4c191d0000000000140000000000c816bbeaa7c8efa7a7e5ee519013434e208fff9bac45b8fc653f68de8e581952e9f6f7284cd39925a9e2515c162d77f2ce25168bbad79ed034bba9226aeb33de4aa528e8f0f53bb9621147355a8ec1f0d67392f340f9f00364defbe60165252a82d1e94719a80a82306b3539a3a936463bac5ab9fdb75ef8b2747dd923fb9d703b02a9aa90490aab821449db6db447af297718481aae1e5a81a4ce5fe116dee0ee21fb6e21460dd11a351e50ae1dfe8190d221d94aa5dc7e9873863c57bc4aa81b993066770f4fd01fba00fd02dd28f9ea0d5857b29bc385700638f2722c0835945a49c2a1c696e0da61b2ecccd16011b842b0fbc49672dbfb53464fe22e78aa3ffad220909db66e951a7bbee66fc605dc5c7ff3481b870e61d88a3b6880e6cee7fbfe9fcd72f2e64d64060152460cea09e5c9b7b55fb87e397a1ea49be53bb1c8ac70192d311d2c08a09b8c9916eec7454f0948ff5dd11ad0c46ca603fd3e4aaf7eb636361ee32bd3058f6fdd5f735c743a0f21d770cbd0dd9f4ece37f78611d3fae73136d6f3555533d50b53e04d880c4f2a11b4406cf344e4c9c326288279584a7dcc3f560bfb3b07e5fd7ca24e8f9c4234a3d361165b746475990189e34415bde43d1f31c1552cd554d20a1d7ed4f5a14b81b427bb39aca2c2cee5b48daaddbdb49e7b26ff773335b8f88e88b919c6d445f5f3ef2926ab35bc9dfba18a51c36685d47066e8b454ae009562f1b4118ffcd517a2ff4e78e22224aff677dcf723ff8f3d92129209205a9e89ad6fc5933ed3384889847932cb29c85c761137ad16bca2743c09dfbc7983ea", @ANYBLOB="a93e1cbfeea088b9cb059ce91c144fd901b2d208e6ec16e9c0bdf78cda5604babe81021bae593d8bf404d46fe9ae1e8a141739e9717566c21648e8f46b4fc9d9eb0a646a28283f6f61bd31a6a5c909f53dcaf2e8a1914f6cbd8d230587ca11862216e1a7ea1aaca778c2b5eea4e08eeb7bbbfd55e1ba9fbcb378636cca2dcb46a029961a41e272c878b929b276ac2741c8f3b77e7850100e289c3b6edbf5d0377206c0bc212cf6a42ececcd4e98747c0423cc4b304569431e8b347fe68e9083d419f13de6e27d28126d9a4988919"], 0x1, 0x559f, &(0x7f0000000400)="$eJzs3M2LG2UYAPBnkm6/rYt48NaBIuxCE5rtB3qyaosf2FL8OHjSbJKGtElm2aTp2lMPHsWD/4koePLo3+BBj3oTD4o3oZKZWWn6/ZFmtf39YPLMPHnzzPsOYeGZWRLAM2s5/euPJA7FvoioRsTBJPL9pNwirkecLsa+FBGHI6Jy05aU+X8TuyNif0QcmhYvaiblW18dnRw5+fu7f37/455dB77+7qcdXTiwo16OiMFGsX91UMSsm4cb1TLfnPTyODgxKePGTI1BVuSvdtbzCleb2+OaeTzeLcZnG1dG03ix32xNY7d3Mc9vDIsTjibd7TrTD6SXmpv5cbuznsfeKMtj91px3q1rxd+2a6NxUadd1vssLx/j8XYs8p2tTrGejct5bA3HZb6om7U7W9M4KWN5umhl/XY+j/VHvcr/fe/1hle20klnc9TLhunJeuOVeuNUrbGZtTvjzolac9A+dSJd6fanw2rjTnNwuptl3X6n3soGq+lKt9WqNRrpypnOeq85TBuN+vH6sdrJ1XLvaPrW+Y/SfjtdmcY3esMr415/lF7MNtPiE6vpWv34q6vpkUb6wbkL6YX3z549d+HDT858fP71c++8WQ66bVrpytqxtbVa41htrbH6DK3/83LSD7H+5M7pX35+vMsGADyi2/r/uLX/D/0/MHf36P/j0n36/8Hl8vjJ9P9xx/6/Mtv/xzz7/2lLpf+/f/9b2YH+dyn0/w+8/upjfhvgId3lBtN97J77PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAWLhfl755O99ZLo4PlPnnytQL5XESEZWIuHEH1dg9U7Na1lm6y/ilW+bwQxJ5hek59pTb/og4XW5/P/+krwIAAAA8vb69fvjLolsvXpZ3ekIsUnHTpnLw0znVSyJiafm3OVWrTF9enFOx/Pu9K7bmVC2/gbV3TsWKW2675lXtgVRnwt6bQlKEykKnAwAALMRsJ7DYLgQAAIBF+uKe7762sHmwYElsP8rcfhac/+d9xL7ygeC+mfcAAACA/6FkpycAAAAAPHF5/+/3/wAAAODpVvz+HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMA/7NxdrtJAFADg0/YW/I3E+O5WfINluAQffRQW4CZYAq7AxA2wBkx8cAcqGDojSRUSYltQ7vclnd6ZC2dOgZczbQYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgCF9rlezD+9evu8Y5uOPXTd/N+32rmPeAAAAcC9s6tWs+WOS+o/z+NM89Dz3i4goI+JY7V7FqBWzynHqE6+vf8vhU0QTYT8+zsejiHiVj+/Phv4UAAAA4HatF8tpqtZTk5cAvpz37m8DZsYFpEWb8snrnuIVEVFPvvYUrdw3Lw7debdo+9/3XbztnFXSLGA96ClYWnI78SDLqK9J2qrW6deVzJsvsemVw8wLAABcU7sS8Dg9AADA7Xpz7QS4hD9L++LQHO4zjtMp3xB82OoBAAAA/6Hi2gkAAAAAfaqODTb1/7+0/19h/z8AAADoXdr/DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgCFt6tVsvVhOT/1/fmac7a6b/q4IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOAn+/OOAiEQBmGwd31nMvc/rDRoaGxSBcLH3xgMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJvf/eX/xNQ4k8y9NpaeR5K1U2Pr1Ng7N47+ML5+DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFzsz0sKhEAQRMGc8b+Tvv9hJUHPIEIENDyqqEUDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwRb/75f/E1DiTzJ02lo5HkrWrxtZVY+9B4+jBePs3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFzs27FvG1UYAPDPvthtCogQUCQCKEgdYKGpW1o6ghAoYuBPQIpSpwRSCm0GWkWULGwocxcEI0JIoLDlf+jcSF3K1iFDkJgYgu5855xjQ6MSnU39+0nP77vn67vvzlaV794ZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACjsvhMv1/M4SV+mOnExdm9vfSntdw71qe3N+7NpS+NaxXmPnonDA6+UN+ZmKk0GAACAMZUU9f3bB2P1qaz+b3S3I+L7ZzpxUc8frvt39tZP5m/NFvX/b78+fKE76VSSHSeddHlltX22P5W+QnlcPPvIPSayK5/de0myD6T+wcbzu43seta+vXv3vWYWnqgiWwDgcZwp+jwo/h5K+9YwEwNgbEyUCu8Hja2FtE+mhpsTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQBV2N+KpIq5FxOzEQZza2VtfGtR/vXl/djtvF+/c2SzPmU7RiIjlldX22QrPZXQVV/PWp4urq+3rN25WHcxFxIC3bh/tnyd5+v+4TzMiekZOvzhgno+OcKxD8/QF+dczqr2Gk+n5PXLnWs9Ire+Cv7vfMYwvwPEFc/knMHifev7uSKR6zEHx3Tv+mSv8rwgAgLHQyFtaiT5obC2kY7XpiP0feuv/10px9NT9+7c7I53t7VL9//Dji/fKxyrX/62Kzu//YH7t6ufzN27eemPl6uKV9pX2Z2+ea73VOn/pwoVL89m9kvnlqLtjAgAAwH/QzFu5/q9P96//nyrF8S/r/+X6/4vvWl+Vj5Wo/wc6WPQbdiYAAADjqNmNnnv1zz9qA/aoNZvx5eLa2vVW57W7fa7zWmm6j+lE3sr1fzI97KwAAACAKuxu1HrW/y+X4jji+v/TP770c3nOJCImI65FRPvM0rXVy9Wdzkir4ofK2YGawz5TAAAAhmUyb+X1/0b2/H+9+8hDPSJePx3xV/4b/jhi/Z+8/81P5WOVn/8/X+lZjp76TOd6ZP1MxMTMsDMCAADgSXYyb2mx/3tja+GTX0592PT8PwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDV/g4AAP//kF4wGA==") r0 = open(&(0x7f0000000100)='./file0\x00', 0x60c2, 0x0) r1 = open$dir(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) r2 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) write$P9_RREADLINK(r2, &(0x7f0000000300), 0x16) dup3(r2, r0, 0x0) sendfile(r0, r1, 0x0, 0xef84) mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x1) 2.11694625s ago: executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x2d) mkdir(&(0x7f0000000400)='./file1\x00', 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) bpf$MAP_CREATE(0x1c, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0x0, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x3}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x3, 0xc, 0x0, 0x0}, 0x90) pipe2$9p(0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) dup(0xffffffffffffffff) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200), 0x0, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@ipv4_newrule={0x30, 0x20, 0x1, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, [@FRA_GENERIC_POLICY=@FRA_GOTO={0x8, 0x4, 0xfffffffb}, @FRA_TUN_ID={0xc, 0xc, 0x1, 0x0, 0x101}]}, 0x30}}, 0x0) r6 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000380), 0x2, 0x0) ioctl$VHOST_VDPA_SET_CONFIG(r6, 0x4008af74, &(0x7f00000003c0)={0xffffffff, 0xe3, "6c0ffe1877537d358768fed26d54126f573ce4a54b8f183b5c85094d566b95dd86dbb3d617d5072aecab885691720d4ee751caa18f49765495b8af132e53c1cc2d9890e2cf4f03ab19ffed0cd14a50b9889f7e8eaf84ccd031bc085fd6c1f33340d462ae9063516a2ff9d27d1c847d937b13a887336b9bebd49617f39932db9b95d4c79757ba6b4eaebd769b35452ef0933b6209f863dfe727b18bbdfc36d78ddd82990cda486235967f32d396f91c98252edc089ee3082957a3efa1e98fc0013d77769ae48dfda3504642aa4ee58f68657e55d119ff23ff9da365c07f010fa1a1e33e"}) socket$nl_generic(0x10, 0x3, 0x10) syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./file2\x00', 0x1e, &(0x7f0000000200), 0x2, 0x456, &(0x7f0000000600)="$eJzs3M1vVFUbAPDnzkzLy9fbivjBh1JFI9HY0oLKwgUYTVxoYqILXNa2EGSghtZECNHqApeGxL1xaeJf4Eo3Rl2ZuNW9ISGGDejqmjtzb5kOM3WYTpmW+f2SS8+590zOeXrumTnnHqYBDKyx7J8kYkdE/B4RI/XsygJj9R+3blye+fvG5Zkk0vTtv5JauZs3Ls8URYvXbS8yS/X8vhb1Lly8dHa6Wp27kOcnFs99MLFw8dLzZ85Nn547PXd+6tixo0cmX3px6oX2jU86jzNr0829H8/v3/P6u1ffnDl59b2fv02K+Jvi6JGxFufKReLpHlfWbzsb0kklT5T71Bg6lnVR1l1DtfE/EuWoLF8bidc+62vjgHWVpmm6pd3FJJZS4D6WRL9bAPRH8VGfrX+L455NPjaA6yfqC6As7lv5Ub9SiVJeZqhpfdtL2Wrr5NI/X2VHrM9zCACAFb4/Uf955/yvFA83lDue7w2NRsQDEbErIh6MiN0R8VBErewjEfFow2s62Z5p3iS5c/5TutZdZJ3J5n8v53tbK+d/xewvRst5bmct/qHk1Jnq3OGI+H9EHIqhLVl+cpU6fnj1ty/aXRtrmP9lR1Z/MRfM23Gt0vSAbnZ6cXotMTe6/mnE3kqr+JPlnYCsH/dExN4D3dVx5tlv9re79t/xr6LSXXsapV9HPFPv/6Voir+QrL4/OfG/qM4dnijuijv98uuVt9rVv6b4eyDr/20t7//l+EeTxv3ahbuv48ofn7dd03R7/w8n79TSw/m5j6YXFy9MRgwnb+Tnj98+P3X7tUW+KJ/Ff+hg6/G/K27/JvZFRHYTPxYRj0fEgbztT0TEkxFxcJX4f3rlqfe7j399ZfHP3lX/332ifPbH71ZUOrpK/Em06P+jtdSh/Ewn73+dNnCtvz8AAADYDEoRsSOS0vhyulQaH6//f/ndsa1UnV9YfO7U/IfnZ+vfERiNoVLxpGuk4XnoZP7EoMhP5cv8In8kf278ZXlrLT8+M1+d7XfwMOC2txn/mT99fwPufz3YRwM2qW7Hf5qmn/S4KcA95vMfBpfxD4Orxfjf2pRv+zcCgM2t1ee/hT0MBvN/GFzGPwwu4x8Gl/EPA2kt3+vvWSJ7/9kAzeg4kaZ9qn24/7EvJ6K0IZohsU6Jfr8zAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9Ma/AQAA//8prOfG") openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0) 1.302558907s ago: executing program 1: syz_mount_image$ext4(0x0, &(0x7f0000000140)='./file0\x00', 0x2000000, 0x0, 0x0, 0x0, &(0x7f0000000000)) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff, 0x7}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000002200b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) dup2(r3, r0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kmem_cache_free\x00', r3}, 0x10) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) 1.293280909s ago: executing program 1: bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x4, [@enum={0x2, 0x0, 0x0, 0xf}]}, {0x0, [0x0, 0x5f]}}, 0x0, 0x28}, 0x20) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000040)={0x2, 0x4, 0x4, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, r0, 0x0, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x0, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x11, 0x12}, [], {0x95, 0x0, 0x5a5}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x6}, 0x90) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x8}, 0x48) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xd, 0x4, 0x4, 0x9, 0x0, r1}, 0x48) bpf$MAP_DELETE_ELEM(0x2, &(0x7f00000003c0)={r2, &(0x7f0000000300), 0x20000000}, 0x20) 1.285552019s ago: executing program 1: r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/asix', 0x0, 0x0) fchdir(r0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) getdents(r1, 0xfffffffffffffffd, 0x58) 1.277924191s ago: executing program 1: syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file0\x00', 0x2000480, &(0x7f0000000000)={[{@jqfmt_vfsv0}, {@errors_remount}]}, 0x1, 0x784, &(0x7f00000007c0)="$eJzs3c1rHOUfAPDvbJKmSfv7JYKg9RQQNFC6MTW2Ch4qHkSwUNCz7bLZhppNtmQ3pQkBW0TwIqh4EPTSsy/15tWXq/4XHqSlalqseJDI7Eu7bXbTTZvdDeTzgck+z8xsnue7z8wzz+wMOwHsWRPpn0zEoYj4KIkYq89PImKomhqMOFFb7/b6Wj6dktjYePOPpLrOrfW1fDS9J3WgnnkyIn58P+JwZnO55ZXV+VyxWFiq56cqC+enyiurR84t5OYKc4XFY9MzM0ePv3D82M7F+tcvqwevf/zas9+c+Oe9J65++FMSJ+JgfVlzHDtlIibqn8lQ+hHe49WdLqzPkn5XgIeS7poDtb08DsVYDFRTbYz0smYAQLe8GxEbAMAekzj+A8Ae0/ge4Nb6Wr4x9fcbid668UpE7K/F37i+WVsyWL9mt796HXT0VnLPlZEkIsZ3oPyJiPjiu7e/Sqfo0nVIgFYuXY6IM+MTm/v/ZNM9C9v13FYLN4arLxP3zdb/Qe98n45/Xmw1/svcGf9Ei/HPcIt992E8eP/PXNuBYtpKx38vN93bdrsp/rrxgXruf9Ux31By9lyxkPZt/4+IyRgaTvPT1VVb3wU1efPfm+3Kbx7//fnJO1+m5aevd9fIXBscvvc9s7lK7lHjbrhxOeKpwVbxJ3faP2kz/j3VYRmvv/TB5+2WpfGn8TamzfF318aViGdatv/dtky2vD9xqro5TDU2iha+/fWz0XblN7d/OqXlN84FeiFt/9Gt4x9Pmu/XLG+/jJ+vjP3QbtmD42+9/e9L3qqm99XnXcxVKkvTEfuSNzbPP3r3vY18Y/00/smnW+//W23/6TnhmQ7jH7z++9cPH393pfHPbqv9t5+4ent+oF35nbX/TDU1WZ/TSf/XaQUf5bMDAAAAAAAAAAAAAAAAAAAAAAAAgE5lIuJgJJnsnXQmk83WnuH9eIxmiqVy5fDZ0vLibFSflT0eQ5nGT12ONf0e6nT99/Ab+aP35Z+PiMci4tPhkWo+my8VZ/sdPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADUHWjz/P/Ub8P9rh0A0DX7+10BAKDnHP8BYO/Z3vF/pGv1AAB6x/k/AOw9HR//z3S3HgBA7zj/BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoMtOnTyZTht/r6/l0/zshZXl+dKFI7OF8nx2YTmfzZeWzmfnSqW5YiGbLy20/UeXai/FUun8TCwuX5yqFMqVqfLK6umF0vJi5fS5hdxc4XRhqGeRAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDnyiur87lisbAksWViZHdUY9ckBmNXVEOia4nmXmKkfx0UAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwC73XwAAAP//+Lkq2Q==") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_sys\x00', 0x275a, 0x0) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000600), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0) r2 = eventfd(0x0) ioctl$VHOST_SET_LOG_FD(r1, 0x4004af07, &(0x7f0000000240)=r2) ioctl$VHOST_SET_VRING_KICK(r1, 0x4008af20, &(0x7f0000000040)={0x1, r2}) ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0}) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000980)) ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74}) ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000000)=0x1) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) write$binfmt_script(r0, &(0x7f0000000040)={'#! ', './file0'}, 0xb) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) clock_gettime(0x0, &(0x7f0000000340)) 1.211563861s ago: executing program 1: r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = eventfd(0x0) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000c00)={0x1, 0x0, [{0x0, 0xaf, &(0x7f00000007c0)=""/175}]}) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f00000005c0)={0x1, r1}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0}) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]}) openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r2, 0xc0502100, &(0x7f0000000680)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_SEND(r2, 0xc0182101, &(0x7f0000000200)={r3}) r4 = open$dir(&(0x7f00000000c0)='./file0\x00', 0x4040, 0x40) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r4, 0x800c6613, &(0x7f0000000300)=@v1={0x0, @aes128, 0x2, @desc4}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r2, 0xc0502100, &(0x7f0000000180)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r2, 0x40182103, &(0x7f0000000240)={r5, 0x1, r2, 0x3, 0x80000}) r6 = accept4$inet6(0xffffffffffffffff, &(0x7f00000002c0), &(0x7f0000000580)=0xfffffffffffffc5a, 0x80800) openat$full(0xffffffffffffff9c, &(0x7f0000000480), 0x20000, 0x0) r7 = accept4$inet6(r6, &(0x7f0000000500)={0xa, 0x0, 0x0, @empty}, &(0x7f0000000540)=0x1c, 0x800) getsockopt$inet6_IPV6_XFRM_POLICY(r7, 0x29, 0x23, &(0x7f0000000380)={{{@in6=@private2, @in6=@mcast1}}, {{@in=@broadcast}, 0x0, @in6=@local}}, &(0x7f00000004c0)=0xe8) ioctl$SECCOMP_IOCTL_NOTIF_ID_VALID(r2, 0x40082102, &(0x7f0000000080)=r5) ioctl$SECCOMP_IOCTL_NOTIF_SEND(r2, 0xc0182101, &(0x7f0000000280)={r5}) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="b40000004900d96d28bd7000fedbdf250a003800", @ANYRES32, @ANYBLOB="0100000014000100fcf8000000000000000000000000000014000100fe8000000000000000000000000000aa080002"], 0xb4}}, 0x0) r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) r11 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f0000000600)=ANY=[@ANYBLOB="1809000000000000000000000000000018120000", @ANYRES32=r11, @ANYBLOB="0010000000000000b7030000000000ba4901850000007c000000b7000000000000009500000000000000"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xa0) ioctl$KVM_SET_USER_MEMORY_REGION(r10, 0x4020ae46, &(0x7f0000000040)={0x4, 0x3, 0x7ffffffff000, 0x2000, &(0x7f0000ffb000/0x2000)=nil}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000ecb2850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 1.139228223s ago: executing program 2: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000080b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0x3, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b7040000000000008500000057"], 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x10) write$cgroup_type(r0, &(0x7f0000000000), 0x9) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{}, 0x0, 0x0}, 0x20) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='ext4_begin_ordered_truncate\x00', r3}, 0x10) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='ext4_begin_ordered_truncate\x00', r4}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x7a05, 0x1700) 1.137522223s ago: executing program 0: bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x0, 0x4, 0x0, 0x5}, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) mkdir(&(0x7f0000000400)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f00000001c0)=0x7) r0 = getpid() sched_setaffinity(0x0, 0xfffffe8a, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x7}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000300)='sched_switch\x00', r4}, 0x10) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) 1.040852848s ago: executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2) sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) r4 = inotify_init() inotify_add_watch(r4, &(0x7f00000001c0)='./file0\x00', 0x6000400) r5 = open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) write$9p(r3, &(0x7f0000001400)="3b27a4b46ee92b4a59073c369a5e19f9db153c4fdbc76aa2a4bb9f3e5e1aa197a9e97d1016c01813792e50c2692c175aad715d110a892949ccc6e2e54c2d5c8f0b7932b69797f217168b0c1feb128ae34f0daf487a70b5c117acd43725fe17993634f1695dabd7f998cd55e9d5bd911e86aa7a4ad75a574bb96951d6018b25d942a9544bca1ebb0e8d10c092cdcb85797673972099e4041aaf8d636f66cb1103ef2050ad28fabaed33d6927889d97f4b5ce0de71d3fd832980f4f088d0d824e20549b4bbd906ffa51ce9de54d779eb4de462faac20a3ab0ed9934373ca22cea5454f4c2a740cd461e39956bb5f98df2aebc60cf32623adbffbcc378fa7250b6a3fc863dadcf6d4f8b855c4e70f0796eee6218445dad2811dd6b540ff52efa2f167dd9c1b8b016268d37db430983fefc0645d20614c8df2eb0872c58e09664e672b0b6a9970fec199257e1c606ec3e364c66a0f4d258c74accd43b987c756d602fd8787fed3aa43fd8d84e9656d4a413fa9a423bc54b873583d6d497005e54712fafc71384988d80134fbf84f53fdd74b354848006b8b5b67e7cc5a472475d3ae545ca1fcf7628b873e31ba83a98a7ad5b0cfbe9711b517a9a1388ad0efa2a3b4e22152021d631b731e2e100a9831111db7acce948bb5deeea260463c140ac929e77c58402776caf85d4569a75dde2f64c4491508afb541ed9b2c81fc95c06706235f383e31cf662c95b1e49cfd94871e22720a41535756e419b271276941692bd023dd9c9dbec4f7db1e5c00d8b3be7b8e826a6aadd001edd0dfeb00f8048442b5c48456fd642e629dcb2ff55592665ff491cd832672ce4d999da186db2c3a1f8b6b1f7d3750d7cdb3097954e6e14fb2183ad662c63d4ce8b82dc2487f0fe2ea2827b53a7c6dcced878d2fb29c1d3ff583570e7bc172d1a5c716e0447cb08ce3c468ffdf975da372f3f3eb455aaf5822bc04a51b6cad24a2331369df81c123b009a2381b42e9aeb077f621608d81c12a5f5c6c295d74afd4dd5c051296be0b54c70bf899b347c36bff62f313079983409d7f9cf1242c917985c1b5d0736fe21f8514f63d0369a374c42da40bd5140bc3e602d00c3cb4f8e621863ab47422778d67d72de34753fd72cef80649a1548e4e8dcbcffe4054cc9d8a1f922623a75904cbdaacde768131e587269a4a99d82f7009c1b8ab79aa232a2fd45ad71b603803123f6ba979fa6a87525884b08d721a21400fb1f950b96ead82f408cc4388d3b78fb456616429a520656d5e5a876fd04748498902c86f58d45f4c1b3919eb846a00edf07e7a830bf723e4774f085f15534dd3b5246c0c0970b5ad7bb39b30b156a9430378c5b0aab1261c78d72ac301cd552d5e8dd4b642ec1dc0672745d593bb26d095b5b23576e3cfd6ab580f6e09419d0f0c64250fafaa3759aa1888da48d89c3f7c9454b0b3d0ab40445f5bed4493ef43ab08f31b1345ac4ffd94ad79c9eee53904ed6f572817153190d2e6863f2e39356bb99926419fd314341a536b7e76cae60bf7750a4c29e3f4c7f005530b1d4ee0e25b93b76fcc1108222f0b00de52cf4100e97adfd7b9db1370586ba27e1e183299be00d0df8439c380edf2f79deb441eac59b814b04accdff5e17f02046139f91f0332661676ff506e575f0cb2850bcc9f8666f6d1f69f8f4271cb804a79fccd7016f049d1a494c26a527c437fa0be6d51ec7543d9bd7a2f016194ebe3c99080a6c9b5119863dfe865f8e60cae29f50b67dbfaa0a3c9794d73034485ca1613344c572783db3dfab01b28089c51cda99cefa4c1c881a29e229f04c7e0fd04dc425ae8417852e6e31520c6207e9d4e35285feef2a2cb8a3bceb08a166fa4284a516362621e2c06731a442791f1db063a32cf1f005c914102c7273cb4d7ab1bf567d72f230783d2ea99c43a60e8729132441ee6c5362c33f9b613f84417c3c5549f4e3d9e73c6f83f16c8e57ae22fe5f54515e111fe43ad7c400d214281452bb6141cecad84b23a695f061988d906d03be5d89584634b9e9d9a9b072f8e7cbb47c47719318a2001cafa665dd2c82672d16877ea115bd023fc1975f7c59664bfb06f66a1a5e3f05cb283fb45ea67a2727ee6e10bf35b31fdd03d43ec67b753f6737e0d2f4a5275031595878cefc8f0ca", 0x600) chown(&(0x7f0000000000)='./file0\x00', 0x0, 0xee01) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r6) r7 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r8}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) write$cgroup_int(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffdef) sendfile(r3, r5, 0x0, 0xe065) 1.016266491s ago: executing program 2: mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mkdir(&(0x7f0000000100)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000180)={[{@workdir={'workdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@xino_auto}, {@metacopy_on}, {@upperdir={'upperdir', 0x3d, './bus'}}]}) r0 = syz_open_procfs(0x0, &(0x7f0000000300)='mounts\x00') preadv(r0, &(0x7f0000000080)=[{&(0x7f0000000280)=""/76, 0xff0d}], 0x1, 0x0, 0x0) 1.011542212s ago: executing program 3: socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff}) close(r0) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x20001400) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x200002, 0x0) ioctl$TUNSETOFFLOAD(r1, 0x40047451, 0x2000000c) close(r0) 995.134105ms ago: executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, &(0x7f0000000040)="660fc7b1ff04000066b818018ee8660fe96e00eac30000008600b87d0000000f23c80f21f8350400c0000f23f80f984b63260f01c1b800000000ba000000000f308fc818efe72466baa10066b8000066ef660f38229f00000000", 0x5a}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fd7000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0xa, 0x0, 0x0) ioctl$KVM_SET_NESTED_STATE(r2, 0x4080aebf, &(0x7f0000003680)={{0x0, 0x0, 0x80}, "cb31455c9ea4288a70a2a6bb8068fd95dd041cf5b177a3bffe992dfbbdf959487337b92336ce1de32e7695c411c0bf9f852d2d71192f33001fd51f5b396a55cb98699a09d21648c4cb30d9d7e3e397c7a3c041c76c72385a46c48c5302848c3696facce956952c2a85822ddf20434ccee5806294ed563ff3a972cddf6ef16ddace933d8a5adea40cd3ad40c9873c29368838e815ff59723519154856b2d5cd9cd79a97dc2fa08dada1175817886e5f9e7aa3dca783a44c667a4806826570ec6acb57d65efc313a384e11fb633dee17ee600145f2cb3103384606140021be766fcb7fa029f0513bbb466177ca1068192550bbf4e6f5694aec747a16e27688a988fa595bca1761b8e88a7dbcaeaf97a8b7b53058b1faf880dd6f1b6eb4c7beb0582b4007f1a67db1352407adbe1456bf762c94fd825b9419d74f63cdeb6c6976de1890d773f0c8088d2bd48a838cf5b87f5ddf926352960fb978874b0f175acfa55ddfe84de3fc9f75b58bf7a35f33d3c43ed5e3224e92751fa1b43f94f64b681163ef1360a3f3bb7403afc67a188b2104b45c5814aaa9e218552498bf85f4b221d9acc32a331f5f8c109cc9f335ff4e418ab30b54b99d5376cd928c431fc8211fcbaf64716afdc4b6d0417e04d5723e4675d282b36bef3a3a19e855029ec7c33830a6df19332b63e9d8a0f22d96ac230c67657a4e7f7afab91dc0ce751b68980e5a4f6d9d6d9b98802ba9d8576640eea61b8c308a1745df61560e56108bececa3016d93246fdc8b768634e8319b1ffde103c07378f8f4927baba05e992a4b5af0958a7e495e7ce53f7917451d15a963ca14f5cdc4563775688b6533a4b97e0f84b0a33c30077b20805c1f42cc7815efada97ad59ac486bc9e0ee386b49cb97b47fbf8f919f06c75a49636795054b5ebee3e91602c90d7f4db49220affe56d56b96e4f662b2bf36dae482ffc7ba21cbc55e21b73309d6b7aa5509defcb77c236e43b579c61eae5c8d8f8fa71ad876b96069f2e4352c8aaf16e299d21edf5434c0cd9b25cdc9210fb0de759b1dd3fc7fe4c7118bbde72a5617dff21f7a5036448fba7fe41aaee0c289cd076d757e47b0713b236f6f141ba0112c9312b3ec853aabafdf1eb2cbb517d2d7352725f557214d27d9a340af0128fc960a4ea64c933b0d8dd226b6e024471aaac8a7074b2a8695ab990fabba5bf315d246fbfe4260f1fffe54814e33b6235c5b4095437298858909bcbd40a8a286d1bedb06b7b1775bce0a5bca19b0a5c2fa8dbf87b55ae0a43c5086422e5bacb94047e150451f5996420b0d4a697f59decb49900b2b9c13aade536933e14d672c21a35cb68572c3de02f3147414eff4b8674b91f7aebf35f056a8d388f67f8ef7cfaf6b28fe745831ef41def1839791647016932c70685752851327f1837d2f1e9d8f93443eefed2317119c8152ca451a5d3aeb253fb484283f52e5db9f61f059ad3c217a860ee0571d254483501b00699208c7fa5571cf58b9715c954115bc2db0af28361938bb95ced7370c8cbb6141ef62fdbf369dfc4eccd98ab9886d79a52cbf91a27dd0f4b29940492e860fb94654dea54fad6290570760e3b59a0cf28053732472dc313b5fedfc583fc702a880971dc61286370aaf167810455cce7654dc4325a41d9d1944abcdc4d81378f1e96a8f94cd95b886a01f086e379601504219d57d531ba34e1ba0905785fb629c61f6b940a652cdee9dbef12b7fcde087b92816db3386a5769049ba00788e31de4ddbb8b56de1fbe3a5e671728effda7cfd0b650cf5df2faf22470812efbbb548e47cbf36c64e05a7877820f08948ceedb35e12a4a143ee0101a7bf0a00a4062b50c39020669700adf739a6f75352a45fd1373d3e85c3867170373f0c7a794d8590f4c22ae62d438ec365b0f6a15cb2ffe0fc6f57185e1760761bd4370027c01dfad0502f00b6898115df3c530d0b0b4a64e623fd580b528a733e4c881cf5843a975a97f92a7833527887c79fa8eec82b9526a15c6c5f2972083ce8aec735810580ffa4ea2cef4823aee044dd70927f7c07bba18b930006aa86ae7399ac6b4c24bc9d6a6ab0c5b428d7255d4d983eadf97e10c1b00867da29ac981acb453073a37236e7ae808e7759b2e0cffc3ec43afb1e95cd090a7d4b9225a0e3cbebfe49b93846ab603891e2da7d85a04bf42d12d16a97c965bc4911d3ba7a9ca505794d8744fef00a436089de67aa8b480070230dfb002eb91edaff428d4908a87afae418dff7ca59aefe1ad8f6935f309fe7985c2310881659c60a66a5e50242497ba1cd5d2bd79496ccd23f9fd901afc6622829cb3701caa50f96e09e3b23bfa3181b74ec7dae2e42c9caab43e49ae1d922a1a1eb3682de026323d9215fcec42c54401a1af81450830a4b784ed1c7922734bf3632409147680dd3fabcef296353705bb5c0e650e12905a05db1e7923923a96ddc783fc1ed46e2010416c37d9d149ad73e808bd6e4464f62893024a8501803b6c88fc55c8bbc1da7cbf580b5a81fb7c61455ae3a8aaec303fba12e0f2b51ed5e8bd31db40e8bdbd00e7b1ddd364766c974d813d86fc88a27bf82bba60c62e5f0f6af6bda3390f8e72a2811baf3d6325e70d9a3b59cab1abe95290ecb87985567e1243504c038de9d4d100ea64eec45208cd8d2474e646f7d81eed6d59b8b0859552b6fc088d874cde3e75ee30243dc9d88ed5b577851a5bd9e2a453287025777fcac19ac33e1c94b4ad272f1055b16b842a6bd6168fb45f1f74ed2467020df5431068a5f2cbeaa6ac1841308c7c9f752aa06927f91fdf18ef9d9e942367e5ecac0abf4d3b8fc7b80238c0e7faf2ea7d3f5271028fc558a44799bde63168becc67c5531e843336fb16ab618d37f95a91937b824bf896b044146bc3a5e264a8f23ddd00729cd9aa56d9a9a24b7ab96ae021b193d8874d43ff4b723d86b7564e550378599c3e0c7a2b3d447ad76eb4cd699733d970a5ab218429a1af81df9c8013d6d16a6bcb019f6ace4461cdaa785d20ea027cfa53d521bb91ad2c04aaa6c0f268b14924803977633280c7b7beb14c88fae542b7a13e96253259e7296e37276da88891c14664340e84ae732edbd71e67047e476735b220ca231de31a380ece372db632ec3cb3ef5ac97ec41148febd2acb15cde1ee5e990ea0aaa95c2df39e2111dd1185d14a194e22d34fda8f54e99d3a73e5a231682c726d40816e048c1d059bf3bb9ee2b5f895365d95aa28f6adbf6e16469926b4d8ee7f04c7dbafaa444df5b88596c17874f0efe35e5ada1a69634f4b430f852d33b032f823c5deb54f47a7a4adb1adf56d5440b7a917580004c13e0b36c8e0a203a2be3f8fffd9efef3af19389a12c67859d4381ac0a02da18e25931b41216b731de25e1245482c84d45de1cddbce2109322a3428bff692012573fe9efd02109dbf35c5d3a287dec105cf3f1a2e5f0b1cc08c7b4759766d25d0f7b42c3ea8bf8101e61159a2ba7602e9c7947cf936ac39bf59b24084709fd61d704bbdba7d282aac778b7ec1dcaf984527c8112d56e75ab774d1598d9816abc77b0e693880beca5f330c626774ab5cb6967fb0ea8e14efce120947092c3b6f8a22f07cad22e971418092481fcad36ecf0cfd6bc3864115b8507c13554584f1f6fee5ee07eb6a091638d8e7781c1c006166e0f987f9f4de535e9f3df1db8c9328e9a19a73c76059ab4edfe9eda7f16cc6b869229bafb179d194e20ccc6f9338183b673de8138ddab9a0907278f6eaacc55bf59a450ebc10e0b88c82d9f0deca86ff771f46509250fde94e0c94256b77616d099862ddc9b341838d634a9dc4b55a88fcc6248901135f6aa76365433e7e534e0e5ae8eec2a63df62c3e244a40481189ff54122698c7e2da2c829b2eec9efc9894ee05be04ae6dd48406eaace17827e38bf38b414059aded0343e0711a8d864ff41a8d9ed40fb2aa1a3f4014f691cd0e8af62445a021820ff03afa8a192ee255862f306851df1de96ce36cafb6a60b7069db7aa96fd1ffb2fb01e6247f770304dffe4b1c8d0eeb336dd6806d6ab5d418953b1cae7cbbf53766b61e4aad5cfce8255b78af26f9bd11283a9c7d12cd63b82cd2b506fd4061d1e16fc7c713d80763c3b0aa0faadcd9b7d676101aad80e1ca00369297e1f714003ab8d0b545c335014a522a25a767950963ef821425b79b521076166d0df3ef358c7d60d99cc85463c186e8faf16af79785680382e4cc93f6594f8c4461e0988c08717640df24a5f357db22432fcae21702dc792d201212fb3791e0164bb3d433a8268ec96df73766fdba42965e00e619246cba5d96eb853a7c22c34d2fe5e5d3f3ccf9c627d069517b743cd07f6f7b444074bb9a50269f2e03309c58930e56a9583eb00c37fbcdd391972261f41756c10c8899fcd036e2017e088ef9e6ec31f795d55b3bba214c53c98fc9318e4ade0e7e6fd259aa277fed54c27e5210787a5f6937f56fdbe1da5113f059061ca590ddf536a55cb91ac6ed41cb9c0418b115b29f5e823c1b0ee7c2b3982087763545b34e2c945d587ebce69bbe299a7f52b674f351977370fc700474bc15d7e6ef98c14258ecf401a4f3bba1a9aa76c5ab0b8819fe6efe3fba1899909e5e48554299150ee272451b56142d12ae2bb4942db430239701d494917f2c939a6fb9d98d4751a6f2c4537ec870342d223343a9bd7b8d8c99aff8cbfa298395551185f35dec120228073a1e496a58b59d9ac5986249a7c6db9398395cbf341c08ee910700e2daa042dba1846fef59c72ce872bba2046a14fcf9a47a5686d62bfba76309a9865c26e5fa41dd872fc749fdc57953105ace4978f9eb788c8d061c853ad0313e51e732c5d7bc05e752443c8e99b8e81c688befdb5b14c3cc2f96eb8ce8290303e483992fcbece1ff278d0dc036ad437b6cbc695c7741ba4556e242146d40843c73deaf8fceba40e4a4acd739b3031848b17a210a1ff0dc1908b77c4bb94543af52e1fe2a090c8f217428d02336303f7952c3ddefa7c81850676e7f4cc3d32c3937281fa5ab279c3fe39f92ba077dadb8c2c3df17cc511bd33c41cb161d24aea154f0f5902c94b56fe072d321a983668bd9f4838878e66ec44cb233d7d0ca908a794c844ff8b3ba4c57f6c5fc2f3a54db448b013f0c4998bbc6ed0409b3368391cb28c6df4a909fff90f308ff38c758ff7d8a2920bc221236d89b3b76de44e8ce649b32f5135a0217ba9036a8edddee97d7ba15f2c21fb7d3cae3eb6ef09dd03eed650489c83b5ba5dd9daf7a86cf0544fb8a58e46b860e3e42e10cd6f1c4f81179eb2c3ba611793a32abb4c0768db90e8bdd1694efaa9c2b45c89d203fdfb8b926b6a0d666d91b93065a83184fc2065961f2308056241b66f427c0f0aabc75852c90f0624cf036d537032ca8d73325d2ae2a79a7292c240c34584bb881fe5d468a051cbc0bde061f9eddfb758cd2dfba296eef549e5c4ede097111216a0ec60f90e8d6f5dd843c82e15f505f8c74e854ba9cd386249d552978eb8135a5f8c79c3ceb8dd5828b0218ffe40f375d6cf3ff2f47c276c8169ab98336582a852c1535018fb2306aca6b8c9f9e38d64c66a722762b76c69d4ca6c14bd6992549e4eec17287fce194467f972d9200c3d1ac4fd4a8f2620e2e4281d28c099946ed90789ba122705326390d3e058ceed24044e542efb36416272eadf6304f30efa0b7bc1ae5be92fe50e591ee6f725726e917ec113506920beb2aa53b39f1d76b31500", "cfb220c7d481332f3f1f8079dfe27e23185fd67a407358db7892789f96b7fa9b14daa48617a10d8a91b820ecbaa470ec0bb1f3cbce7f70ec70b19a4cad082229c2788f8611d7dc306d9a45761a97828c36ed87ebde5d4a3e1609c1422a8ae2f7cca428ebdb0dd38b90b9598a353b18a600bf35a369e6e3e5abb0a1c5c0c0e48e014e7ef1b7d768b3c5657f1adfbb7ff2985082b16c99eb83ec3660990dcf1106efa6b7f8a4798fec811c2c85faec0235c83b7093b3d02367421abc40a554e0b0d7fc1bcaece4222c594f8d20e368fe625ca433c75486fe5c94103cd17291349ee12b877602936688666f82ecd8f4f83d50bb1650e08b96cd25ad147c4c956c98649806a3736d072c8d97c6e3a46a7c18535df8d828b86662400d8e9cc861fa1dd5dc193892d3168396c499e07b279fb76c7e289f2fd955691363bc1de74536dc571817615c88b0d594a136966c129e424ccb7ef1c7c7461eac7ca5f03d72ea4c9c3d1156ee4cb1bb70e097357588b5c49f6716bbae1bd118104b42786f09a3b9f7cb80f383cadfd0c462096ff2bb637b7cf79764b6a4b7ffc5d87c1f063fb48e7f08ad5af534c70079f12f28e8921abbd4280801cdf6101ea494768b1274afd0eea5939843d56022a83590920fe446d56412c02fd70d085f92dbf7e0e236b8175d7faae06e0c50f7402174023ce4b996564e945c416fa823f2f9c3213ac50b20bd1fd55bb8d9fe70ee31ea2f404ae0fcbf857bebcc9196c8c622059fea2e248e4058905b69fb98be312d3193ea1d8ff653173e8c2371371b77a5bea45b3cd6fba19b6336f94ec04c8f86d24e9ca959874577d7ca0baf3c4ff30b554bc3ccc06df46d925373fbf7863e2cf684d3bc9603ab72b851ca4728294de87f2dec6f23ca9e43ed2e5cbba662d13137fc1ce0f6ae6aeb974f72f4b750825fafb67715e425f40c7da83b92d4249a0a4e96b789cceb7b07f38cb83f72dd093a345ab3cb8ae760fc14e40ea182a0d7fe1facc62a1ab0902349fd7e27bb0cd349fb5053f4734823abf020739b4b43bb11f5d69b61295068df31177959903c2ea1bb82d24eeaa93d0d4738d5d15b2a401e7ebe0d3cfbd45b2db2882cdb41408aaa718f8320fbb7f9da4f68d0eebeef175442e807e9908132731fe5e268582dcc6dffa4251ebb7121db8e412089fa9d8af9919799547a26b6b8eb44c28f1ce5f9a3021fe30841be204c1b4b3813dccae6baeef9b51de413cbec46bb0cd95d3793cdc9bfe6cdd96ce0c4aa4a25e1cbbeeee6c9fa558b279048c7e31d07b125bac68d4e1f4253bd4dc7824cf3d722c94cf2b8f61bc8155731f072fd447082b181a13ffb8c08a1d568298c5de2d969fae2bea070a9e2688f294e76b8c200dfb993ec19778eb56ae3127c1116ccc85ef8806fdcb9ee0cb66ff03fbb0fa6c52b9b101b3830fc1650efa859163a264b4059092e5dc9a415ec09bfd1460f142fe5ef00beb6aa9032bd0de97aefc6f65e8cfeea761b3d8174caf528b6627682ff4d4450cb0f34251fc000ed01dd538ef13260984f44703b89dfb511bfb538d0b1c8aded964e1bcc5ca57437468b14a31ec0000a17e4d24369c40500449c37e7dccedba3eceb59d827dace246b5c48afb6a5988e64c560b3dc76c32d831f51cdbc5cfc4364ac8b25372b87c92bacfedc6bc8feb44098dbebc89cda03c59e4c58a31372bd574704b9e788834b9f83c6703f6709efad97c4ce499ea580dae1de282a019247cb3dce5c1906322e6d3ca5157ea6428bc42416936fac194efe136089c07faf7adf1e923003f1dc63fcbc634b389a4f351a6acee785e23c6bb04ca2f265be1e634362b87c6f9fd369bbe62a1db6b286c7ffde6370bb4d6e9e0cc3ec451e1a99d134726c9075e71319d3a683e91e4b900061c0e6d086481069cd32f4cde7816f8e3a0ac6428a7488f31f06ee0da10df3ed0c150d29085879d064f914407f60018bb588735663647bfeda930407d69abef3f72fd461c2b85b00988b412a180fd267fc646a86d297e7e40912607157b6fa873df6442579b1523d8117f0c06c87adf75843b8bff30a5bfb4fe1e9846b7fdd58774641baf9cc9c4e38e53ed24a9d9e9dbc7657aa9b220a8545852b0409f5c0812e953823e841967bf55059acc7a4600818134359e72cfae0d04a0738ac8acca133d6395a455b22cdd6f901d4cdea1cf17415f7d7895a4b65f80d2f7c5c60a0dc04b40c9ae5ffc922e074a82afd704673e1766d19db9f60eab0238fb4a3169a08aded607847e5d752d4e24c4914b95bac3892bcfc2076f16a7f07583f0d418b9dec03afdb2e93335a392e1b1ef2910eb2a4b6a63fe61641f3c02bef73cd7e4a77a6f30ae821598c3160511603541bea89022b54f321c2a55cdeeb19335d78a821ab6ca0f36588a9a79a41e2123905a491d658c2a1caeee998c995bb0f816c92c5dc2b862183f80b9f9786c9c5524723c944d11f6894c7f008ab8194f577e22c03631d2a33205f508ea49653e7600639242dbaba704f700ac227f32dc575c559a0a1f4fe0cf6c22fbf7e1ca2ab4b1e4724e8379021e3c9a7c1509c6a413bd7d9c98938e440762eda2546d636597defa86c1ad31126a1182d365f858927d140fb0a97f80adcc5f4ed5efe11ac503453917a263f1d64692348d30f382e85e464ef7616067a42df5de1a1b622fabefe2ca4ceffa4801f7a02fdef40644cd1d079590d900727628d54b44db7ac700d8d664f7eea12837fcf347360d8e43a354fe51b4c49e8fcda3c322b738ed2b800b5cc06e22c72af2a67ee7bc8ae894e841f2cf2b0a7e381caf944bf4e91ded63b6f82f7474e4f81e986fff7e5339b8e9f60103a1af81833e120f0c88893ecabac044a4a2867cda4fdcb084459a00507aa9e5a8e761a72df3322a1ae8cd918b4994c23bdb1e459b4f21651bd7fa067a00e2a2877bf6b29f289ed8018e0a78f6fb4ded9749640e0e37f6381b320ab72da404f3d70d60152f6fa6738932387b83250cb3148141edb52f109bfd4bda8054959db01f4c550609a63c08cf01ecd110cfc6f0055638c0dde039d2ac2daafe59e561f9f08a8830c3f661e4325de63e98f4a4216ec3b83fd200201ed3f647147611424286ffc6c4a8aca64a6874743242d4feeaa9153de06e51c512d9cab7ae712c6424069f3e5db4ddebe9b48b5f6caa741162edf97674d2368e03a387f798151a4b9b9fa9e3a5838a343133158364a9fe3bb4b9a3c464c0c54a4c64ca774ad200925ac6bf59508c10a8574afde9b821741af43ec64cedc13aa220b39772195283506dfe899dd6a7b37eb21f154056a2df3564ef2bb918a928651de88c3613b84e7960bddd7b46b1304deb30f57b6fe5a3b4788629e91bcc2456a72fabb16b47da71624d2e9081de748b3387f52da4bb094782326dcfde0827e2d674e41bb375247d349cade9c704e5431785009b0e53f1b45c70b237c9432e07e4c7a8464ed11608a3d2184338dd9e6f6ef4b3d751e979667b6a3953c89aff4eead7a978071a912b3de21a85a5849c57933cf53cd74a610f3e60f699766fbc7e0bb8a891a429c77bb6f3b6f9f8eb0b1bd9588ef2ce98fdf0a0838e4b0bed807d8b673093c717feec8d697e32542274887d039db7a2daed5d52c8e9767443229f8003c5d67e907376ea2f393484fa70deee159cb56f8d097b8fe2736e95f540137e20725f0940a8d049068ead4c46bb3771a671bb00de88931e03445a55868de0c220db05cbda9f996d5fe7c1070efe5e718fed4d4cb4ecacad3d6b643bc0ffe9a71b720ba7b5adbbdefe29106ef6a6ffe4547f5d02bec312147df0abe80efb2d5e598fc7c8b268e58b59e0d75728e9a18126f013c963ddc92d251405f857fe3a5cbacf443be7772975b7bf4f6d7ed6f80dfcc47a88c6d19120942adb5385be6ef3c0d7e396bcac5affc8f9276d6cd1a0b069aed72a98cde8ea7aabe6cc091b19efcfaf9368dfeb3087a05a42e3b893dae5ffeb72e6ac06e995a2a75ea0b5f7876247bb4c38cf3f0153f1f7473b522f1c440b632270e2b1d654d3a5ae16cb788482760d34ca79c8951b29c628e21029715683a3e6f8f77c5d89ecdae37e0190f79c4c1dbc9d0160e359cd6c94d6662ed53bb01a83374ff593c823acc59241b11f020902069fc0054a9b26cb320bef4fb1f8cc5bd8ae76eb029afab731b9876bc4e8708a8315512823cff1f9375d284ce66e53d4efad6c76d17bb532fc938b8f80c13ce86b5ba3e540164bc5a5d47cd321c241d8740f453ef95bd3878d578561ad6ce20877ffbd44062dce8df1d048d8d5e4045be647886108cbb1f0b26a8b74b66858afedb830a161bb02bde4c46a688a0ea3a7018ce24666aab0f422ede2f78ea29f77e28d87c744cba0285ce33d0d9ac45774829699de6d725a9b6db6e7d03ad4ec9d075c386e68ca0bcd9e9911d741ed0168cbddb87a7918a964d206629da4e887277b0ef7d3f9c7082f3f15f29a0dfb39f3b0877a5ec3ac4343e0d808f5aee8f1869923aab6dfc3016821c013109f34aece6183994b853d0e9561375c02cdd26b1b55194757341929a8038864cedd6b5a3b8b51ade44637044c4ebddb190f173969a0ca4cf5d42153763a0b91da0110ae7a25204850927d81b00176d4568a3d444d8029bd010df784e3f673fe855601ec4f1b26b2df58841e6a65f0db66373f63cc14a8b07dfc52ac9957eb542d05ed687c79519609de96df18b63cb294b534ddf7d2e8f41bcc1e5a006191c4db057b6709f0a96f18e7e8f67b8be2a19c015b9c4b0b3f42e4de366b71f8da8888809473c3c7a02a1158e375f29997a43bc7118ca4d1abb8f8f21972fc589aaa3d73a4d40a1e1705e169ac6e56cff50d89fc45b6863c8fc67bb2b5939a7f33072539ba4c24077be5711ba368bf7efd4897931531d388eb5c2e56bef337777150dd59518652145c9594e110e41d2615196c6b197916c88cc2814e13a3a922b4ecb044bf31cc90e0bfe0ce07de29188bbcb0ec1a12b509f52582fbb948c3cbe0c6964f46991cec0704bfac08aec6ad8ddfc36dc68c7f547c5ee6af4a8d55c79e3dc1c49b045379811f81e9a185a92cd37ae4ee32c5d3c82d36d6202a6c84fd231fe467071d42072827fd77afa5d757e6f37247f783ef09bdfd7536b666e84bc4bb878005b7829293a04ba090272dec844f4ef0e934617c08518bdc6b915ac6f3f03e4a6ab88e21c3f21f93b31d95ea3b9228e0031cb69795de5abd19c4cb4a0cf2984e53ca391cc66e33ee0d510151670331fa264753704fea5e4b1760f74890c49a74a47e0da13155c5470013d53dea0f05b5e088f1511c209f5be940232318af2757951d399e32eb862d915784713baa8ba93645caf04ba78fa3cf600ff92b9c5be58ad87438a340bac00a5ea9fb17e39478ba61fe36335e48d8c5a0b25f024cbd2ec7f217d0f260951da396dc13a2a74cd90df4b52db686e3b34d27cfa4cebd7bf59cbcfaf4007dc943a1da6e0bd1799a21ab449d7bb42935e50c839c5b567c59742436af15bc8d46095520dcd9273ae2b6f3c1cc2b4311ac9e5d297f0940b1552c5955adb302022022bb7457978998b56328629b7725dfbe3dedb37f37af0697a4471d1d6ff6bec633a38540adeba903f3eaaec5785fbb3c6a598f49dbd9ff93c67dea1ef39a614331b119fa8efccc8bac01595fb95a2a57eec9fc6c6fe82782aa89ea971866fd9a3bca4010182092ab6d1e2b49b964be9e3bb13bd6b77850e435f55a5d46e5bcb3330c7edefd31c33f61275e516"}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 111.670962ms ago: executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000880)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000340)='kmem_cache_free\x00', r0}, 0x10) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r2, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15) r3 = dup(r2) write$FUSE_BMAP(r3, &(0x7f0000000000)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r3, &(0x7f00000003c0)=ANY=[@ANYBLOB="b0"], 0xb0) write$FUSE_GETXATTR(r3, &(0x7f00000000c0)={0x18}, 0x18) write$FUSE_INIT(r3, &(0x7f0000000200)={0x50}, 0x50) mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000400)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@cache_fscache}]}}) chown(&(0x7f0000000040)='./file0\x00', 0x0, 0xffffffffffffffff) mount$fuseblk(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x6b, 0x0) 110.792043ms ago: executing program 0: syz_mount_image$ext4(0x0, &(0x7f0000000140)='./file0\x00', 0x2000000, 0x0, 0x0, 0x0, &(0x7f0000000000)) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff, 0x7}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000002200b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) dup2(r3, r0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kmem_cache_free\x00', r3}, 0x10) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) 107.292713ms ago: executing program 3: r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000400)=@bpf_lsm={0x18, 0x5, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x3, 0x3}, @ldst={0x3, 0x0, 0x3, 0xa, 0x0, 0xffffffffffffffe0}]}, &(0x7f0000000100)='GPL\x00', 0x4, 0xc4, &(0x7f00000002c0)=""/196}, 0x80) r1 = bpf$ITER_CREATE(0x21, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0xd, &(0x7f00000003c0)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x23}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}}]}, &(0x7f0000000080)='GPL\x00'}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r3, 0x0, 0xe, 0x0, &(0x7f0000000a00)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000180)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x28d, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x3, 0x3}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{}, &(0x7f0000000200), &(0x7f0000000240)=r0}, 0x20) bpf$OBJ_GET_MAP(0x7, &(0x7f00000004c0)=@o_path={&(0x7f00000003c0)='./file0\x00', 0x0, 0x10, r0}, 0x18) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r4 = socket$nl_generic(0x10, 0x3, 0x10) bpf$PROG_LOAD(0x5, 0x0, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x1c1842, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x4801}) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) close(r6) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f00000002c0)) ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f00000000c0)={'syzkaller0\x00', @broadcast}) write$cgroup_devices(r5, &(0x7f0000000200)=ANY=[@ANYBLOB="1b23000d"], 0xffdd) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000007c0)={r1, 0x0, 0x84, 0x90, &(0x7f0000000500)="0457bc1071543b635c886d126ac75f4b5fff93bc7fa79fc70b675fc51bcfd1c61726d61f89dbecbfc5b332bd68793032b6447d79b49c4734cab587dda361a334c0d9edd6e83640387f0191f4ed780e8db760cf85de022e4c1a827c175ec98a00a11958087da6dc22adfe48206d7cd6f962314ca40241338b43f05ed773d5e7d73d05a124", &(0x7f00000005c0)=""/144, 0x5, 0x0, 0x46, 0x23, &(0x7f0000000680)="2b96a5a8dbce67377176d4476dbf1d93ca2efe4c34ad651acd9c6ae0bb1a29aa5a0e2f602a9ae77631e8b8905b3fa5cf52432319a4ba196fe150a6f5e62a9024bad7aa745b59", &(0x7f0000000700)="74f5fbe4d48d2ed593db4f061429eb4d13bdf86e80a6457d9eabb18c4d8172d215cf04", 0x2, 0x0, 0x586c}, 0x50) socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x2c, r7, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_DISABLE_HT={0x4}]}, 0x2c}}, 0x0) 93.539825ms ago: executing program 0: socket$nl_route(0x10, 0x3, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x14) syz_open_dev$hiddev(0x0, 0x0, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={0x0, r3}, 0x10) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000400000000000000000000850000005000000085000000d000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r4}, 0xe) r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TCSETS(r5, 0x40045431, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, "7e12ddc5a89047bf00"}) r6 = syz_open_pts(r5, 0x0) ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000200)=0x2) read(r6, 0x0, 0x2006) dup2(r6, r5) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)={0x80, 0x0, 0x1, 0x401, 0x9000000, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @empty}, {0x8, 0x2, @loopback}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_STATUS={0x8, 0x3, 0x1, 0x0, 0x100e}, @CTA_SEQ_ADJ_REPLY={0x14, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0xe6ba7615268e7f7}]}]}, 0x80}}, 0x0) 93.090345ms ago: executing program 4: r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x3, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000004000000000000000000190095"], &(0x7f00000001c0)='syzkaller\x00'}, 0x90) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r0, r2}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x0, 0x0) syz_emit_ethernet(0xfdef, &(0x7f0000000780)=ANY=[@ANYBLOB], 0x0) 0s ago: executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000040)=@ipv4_newroute={0x28, 0x18, 0x0, 0x0, 0x0, {}, [@RTA_MULTIPATH={0xc}]}, 0x28}}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_GUEST_DEBUG(r2, 0x4048ae9b, &(0x7f0000000300)={0xe0001}) bpf$BPF_PROG_WITH_BTFID_LOAD(0x13, &(0x7f0000000300)=@bpf_lsm={0x3, 0x3, &(0x7f0000000040)=@framed={{0x66, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0x85}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x90) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f0000000080)=[@textreal={0x8, &(0x7f0000000140)="f20f1c0166b864912c870f23c80f21f866350c0080000f23f80f01fc0f20e06635000010000f22e066f30fa7c00f1c9700000f01c566b9a001000066b80400000066ba000000000f30c0dbb6660f3adf932700de", 0x54}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) kernel console output (not intermixed with test programs): t: type=1400 audit(2000000013.760:6200): avc: denied { bind } for pid=2254 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 85.165861][ T28] audit: type=1400 audit(2000000013.760:6201): avc: denied { name_bind } for pid=2254 comm="syz-executor.2" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=rawip_socket permissive=1 [ 85.198045][ T24] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 85.209949][ T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 85.218133][ T24] usb 5-1: SerialNumber: syz [ 85.228673][ T6] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 85.258137][ T315] hub 1-1:0.0: 2 ports detected [ 85.498747][ T24] usb 5-1: 0:2 : does not exist [ 85.504983][ T24] usb 5-1: USB disconnect, device number 9 [ 85.568080][ T337] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 85.608057][ T6] usb 4-1: config 0 has no interfaces? [ 85.613350][ T6] usb 4-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 85.622382][ T6] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 85.630746][ T6] usb 4-1: config 0 descriptor?? [ 85.817985][ T337] usb 2-1: Using ep0 maxpacket: 8 [ 85.847979][ T529] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 85.869993][ T6] usb 4-1: USB disconnect, device number 6 [ 85.938012][ T337] usb 2-1: config 135 has an invalid interface number: 230 but max is 0 [ 85.946194][ T337] usb 2-1: config 135 has an invalid descriptor of length 0, skipping remainder of the config [ 86.059196][ T337] usb 2-1: config 135 has no interface number 0 [ 86.065532][ T337] usb 2-1: config 135 interface 230 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 86.207996][ T529] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 86.253664][ T529] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 86.341730][ T529] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 86.358026][ T337] usb 2-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=3f.3a [ 86.417401][ T337] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 86.418001][ T529] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 86.457788][ T337] usb 2-1: Product: syz [ 86.508160][ T337] usb 2-1: Manufacturer: syz [ 86.514822][ T529] usb 3-1: config 0 descriptor?? [ 86.532865][ T337] usb 2-1: SerialNumber: syz [ 86.608528][ T337] usb 2-1: Found UVC 0.00 device syz (18ec:3288) [ 86.614782][ T337] usb 2-1: No valid video chain found. [ 86.811279][ T337] usb 2-1: USB disconnect, device number 9 [ 87.039301][ T529] plantronics 0003:047F:FFFF.0011: No inputs registered, leaving [ 87.056665][ T529] plantronics 0003:047F:FFFF.0011: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 87.608616][ T331] usb 1-1: USB disconnect, device number 8 [ 87.979533][ T40] usb 3-1: USB disconnect, device number 8 [ 88.000337][ T28] kauditd_printk_skb: 170 callbacks suppressed [ 88.000353][ T28] audit: type=1400 audit(2000000016.620:6372): avc: denied { read write } for pid=2362 comm="syz-executor.1" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 88.033969][ T2363] fuse: Bad value for 'fd' [ 88.079569][ T28] audit: type=1400 audit(2000000016.660:6373): avc: denied { open } for pid=2362 comm="syz-executor.1" path="/dev/vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 88.239967][ T28] audit: type=1400 audit(2000000016.860:6374): avc: denied { rename } for pid=2368 comm="syz-executor.4" name="file0" dev="fuse" ino=0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1 [ 88.320435][ T2393] loop1: detected capacity change from 0 to 256 [ 88.335764][ T2393] FAT-fs (loop1): Directory bread(block 64) failed [ 88.342834][ T2393] FAT-fs (loop1): Directory bread(block 65) failed [ 88.351148][ T2393] FAT-fs (loop1): Directory bread(block 66) failed [ 88.358199][ T2393] FAT-fs (loop1): Directory bread(block 67) failed [ 88.364695][ T2393] FAT-fs (loop1): Directory bread(block 68) failed [ 88.371867][ T2393] FAT-fs (loop1): Directory bread(block 69) failed [ 88.378410][ T2393] FAT-fs (loop1): Directory bread(block 70) failed [ 88.384770][ T2393] FAT-fs (loop1): Directory bread(block 71) failed [ 88.391237][ T2393] FAT-fs (loop1): Directory bread(block 72) failed [ 88.398479][ T2393] FAT-fs (loop1): Directory bread(block 73) failed [ 88.402702][ T2387] loop3: detected capacity change from 0 to 40427 [ 88.411766][ T2387] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 88.419381][ T2387] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 88.427963][ T331] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 88.428174][ T2387] F2FS-fs (loop3): invalid crc value [ 88.442410][ T2387] F2FS-fs (loop3): Found nat_bits in checkpoint [ 88.487634][ T2387] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 88.494679][ T2387] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 88.512688][ T28] audit: type=1400 audit(2000000017.120:6375): avc: denied { mount } for pid=2386 comm="syz-executor.3" name="/" dev="loop3" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 88.547012][ T28] audit: type=1400 audit(2000000017.160:6376): avc: denied { create } for pid=2404 comm="syz-executor.2" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=lnk_file permissive=1 [ 89.731984][ T336] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 89.740349][ T28] audit: type=1400 audit(2000000018.340:6377): avc: denied { unmount } for pid=2059 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 89.748680][ T336] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 89.786114][ T28] audit: type=1400 audit(2000000018.370:6378): avc: denied { name_bind } for pid=2414 comm="syz-executor.4" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=udp_socket permissive=1 [ 89.938057][ T331] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 89.955833][ T331] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 90.056066][ T2428] loop2: detected capacity change from 0 to 512 [ 90.063762][ T28] audit: type=1400 audit(2000000018.670:6379): avc: denied { remount } for pid=2419 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 90.083874][ T2428] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 90.165444][ T2429] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 90.418059][ T2428] EXT4-fs (loop2): 1 orphan inode deleted [ 90.423796][ T2428] EXT4-fs (loop2): 1 truncate cleaned up [ 90.429386][ T2428] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 90.518012][ T331] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 90.526922][ T331] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 90.534745][ T331] usb 1-1: SerialNumber: syz [ 90.595805][ T2433] loop1: detected capacity change from 0 to 2048 [ 90.609681][ T2433] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 90.677188][ T309] EXT4-fs (loop1): unmounting filesystem. [ 90.693759][ T2441] syz-executor.4[2441] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 90.693839][ T2441] syz-executor.4[2441] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 90.709266][ T659] EXT4-fs (loop2): unmounting filesystem. [ 90.752194][ T2445] fuse: Bad value for 'fd' [ 90.828684][ T331] usb 1-1: 0:2 : does not exist [ 90.830131][ T2449] loop2: detected capacity change from 0 to 256 [ 90.839436][ T2450] Â: renamed from pim6reg1 [ 91.126917][ T331] usb 1-1: USB disconnect, device number 9 [ 91.246751][ T2456] TCP: TCP_TX_DELAY enabled [ 91.324786][ T2453] loop2: detected capacity change from 0 to 40427 [ 91.335840][ T2453] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 91.345429][ T2453] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 91.354414][ T2453] F2FS-fs (loop2): invalid crc value [ 91.361135][ T2453] F2FS-fs (loop2): Found nat_bits in checkpoint [ 91.400419][ T2453] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 91.407305][ T2453] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 91.520862][ T2480] netlink: 264 bytes leftover after parsing attributes in process `syz-executor.0'. [ 91.756673][ T2484] loop0: detected capacity change from 0 to 512 [ 91.778168][ T2487] loop4: detected capacity change from 0 to 256 [ 91.913868][ T2484] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 91.922835][ T2484] ext4 filesystem being mounted at /root/syzkaller-testdir2437024948/syzkaller.5tnkZr/181/file0 supports timestamps until 2038 (0x7fffffff) [ 92.037343][ T613] EXT4-fs (loop0): unmounting filesystem. [ 92.045887][ T43] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 92.065487][ T2506] futex_wake_op: syz-executor.0 tries to shift op by 32; fix this program [ 92.070567][ T43] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 92.121659][ T28] audit: type=1400 audit(2000000020.740:6380): avc: denied { nlmsg_write } for pid=2511 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_audit_socket permissive=1 [ 92.207051][ T2516] loop2: detected capacity change from 0 to 2048 [ 92.245681][ T2521] loop3: detected capacity change from 0 to 256 [ 92.258844][ T2516] Alternate GPT is invalid, using primary GPT. [ 92.264877][ T2516] loop2: p1 p2 p3 [ 92.327957][ T6] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 92.392993][ T2532] netlink: 'syz-executor.3': attribute type 4 has an invalid length. [ 92.444568][ T2534] loop3: detected capacity change from 0 to 512 [ 92.492442][ T2534] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 92.515674][ T2534] ext4 filesystem being mounted at /root/syzkaller-testdir3787628894/syzkaller.mSQU8L/25/file0 supports timestamps until 2038 (0x7fffffff) [ 92.653262][ T2547] x_tables: duplicate entry at hook 1 [ 92.661335][ T2536] loop2: detected capacity change from 0 to 40427 [ 92.661821][ T2059] EXT4-fs (loop3): unmounting filesystem. [ 92.673566][ T2536] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 92.681304][ T2536] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 92.700131][ T2536] F2FS-fs (loop2): invalid crc value [ 92.718025][ T6] usb 5-1: config 0 has no interfaces? [ 92.723347][ T6] usb 5-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 92.742345][ T6] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 92.792311][ T6] usb 5-1: config 0 descriptor?? [ 92.801963][ T2536] F2FS-fs (loop2): Found nat_bits in checkpoint [ 93.082287][ T24] usb 5-1: USB disconnect, device number 10 [ 93.104876][ T2536] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 93.111961][ T2536] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 93.257987][ T331] usb 2-1: new full-speed USB device number 10 using dummy_hcd [ 93.603438][ T336] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 93.624385][ T336] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 93.768398][ T28] audit: type=1400 audit(2000000022.390:6381): avc: denied { mount } for pid=2586 comm="syz-executor.3" name="/" dev="securityfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=filesystem permissive=1 [ 93.782025][ T2590] Â: renamed from pim6reg1 [ 93.798143][ T331] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 93.810241][ T331] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 93.819231][ T331] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 93.833640][ T331] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 93.851840][ T331] usb 2-1: config 0 descriptor?? [ 94.248008][ T28] audit: type=1400 audit(2000000022.850:6382): avc: denied { wake_alarm } for pid=2605 comm="syz-executor.0" capability=35 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 94.426409][ T2613] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.433317][ T2613] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.440501][ T2613] device bridge_slave_0 entered promiscuous mode [ 94.447210][ T2613] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.454173][ T2613] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.461774][ T2613] device bridge_slave_1 entered promiscuous mode [ 94.499601][ T2621] loop1: detected capacity change from 0 to 512 [ 94.506354][ T2621] ext4: Unknown parameter 'noacl' [ 94.553648][ T2613] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.560713][ T2613] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.567786][ T2613] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.574593][ T2613] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.605941][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 94.614538][ T315] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.621764][ T315] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.659070][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 94.677312][ T24] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.684566][ T24] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.698164][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 94.716341][ T24] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.723214][ T24] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.778625][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 94.807354][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 94.835805][ T2613] device veth0_vlan entered promiscuous mode [ 94.849086][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 94.857551][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 94.876016][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 94.893685][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 94.914211][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 94.924319][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 94.942026][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 94.958248][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 94.975584][ T336] device bridge_slave_1 left promiscuous mode [ 94.982175][ T336] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.998613][ T336] device bridge_slave_0 left promiscuous mode [ 95.016866][ T336] bridge0: port 1(bridge_slave_0) entered disabled state [ 95.020352][ T2637] loop4: detected capacity change from 0 to 2048 [ 95.035662][ T336] device veth1_macvtap left promiscuous mode [ 95.047189][ T336] device veth0_vlan left promiscuous mode [ 95.061646][ T2637] Alternate GPT is invalid, using primary GPT. [ 95.068090][ T2637] loop4: p1 p2 p3 [ 95.324713][ T2659] xt_NFQUEUE: number of total queues is 0 [ 95.412937][ T2613] device veth1_macvtap entered promiscuous mode [ 95.525534][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 95.577634][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 95.601260][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 95.629207][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 95.713144][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 95.754655][ T2658] loop0: detected capacity change from 0 to 40427 [ 95.768683][ T2658] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 95.776253][ T2658] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 95.853566][ T2668] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 95.908856][ T2658] F2FS-fs (loop0): invalid crc value [ 96.164954][ T331] usb 2-1: USB disconnect, device number 10 [ 96.180723][ T2658] F2FS-fs (loop0): Found nat_bits in checkpoint [ 96.284448][ T2658] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 96.301004][ T2658] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 96.860974][ T43] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 96.881493][ T2688] netlink: 'syz-executor.3': attribute type 4 has an invalid length. [ 96.886144][ T43] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 97.014124][ T2693] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.021343][ T2693] bridge0: port 1(bridge_slave_0) entered disabled state [ 97.028774][ T2693] device bridge_slave_0 entered promiscuous mode [ 97.127377][ T2701] loop3: detected capacity change from 0 to 512 [ 97.138341][ T2701] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 97.159519][ T2693] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.224134][ T2693] bridge0: port 2(bridge_slave_1) entered disabled state [ 97.267109][ T2701] EXT4-fs (loop3): 1 orphan inode deleted [ 97.272905][ T2701] EXT4-fs (loop3): 1 truncate cleaned up [ 97.278366][ T2701] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 97.288024][ T2693] device bridge_slave_1 entered promiscuous mode [ 97.311638][ T28] audit: type=1400 audit(2000000025.930:6383): avc: denied { write } for pid=2702 comm="syz-executor.0" path="socket:[23541]" dev="sockfs" ino=23541 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 97.344840][ T28] audit: type=1400 audit(2000000025.930:6384): avc: denied { nlmsg_read } for pid=2702 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 97.436775][ T2717] loop0: detected capacity change from 0 to 1024 [ 97.444168][ T2717] EXT4-fs: Ignoring removed orlov option [ 97.450042][ T2717] EXT4-fs (loop0): Test dummy encryption mode enabled [ 97.453930][ T2693] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.458973][ T2717] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 97.463516][ T2693] bridge0: port 2(bridge_slave_1) entered forwarding state [ 97.479181][ T2717] fscrypt: AES-256-XTS using implementation "xts-aes-aesni" [ 97.486386][ T2693] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.493193][ T2693] bridge0: port 1(bridge_slave_0) entered forwarding state [ 97.500774][ T28] audit: type=1400 audit(2000000026.110:6385): avc: denied { unlink } for pid=2716 comm="syz-executor.0" name="file0" dev="loop0" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 97.523464][ T331] bridge0: port 1(bridge_slave_0) entered disabled state [ 97.531740][ T331] bridge0: port 2(bridge_slave_1) entered disabled state [ 97.539364][ T331] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 97.539768][ T613] EXT4-fs (loop0): unmounting filesystem. [ 97.546724][ T331] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 97.589881][ T331] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 97.598048][ T331] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.604919][ T331] bridge0: port 1(bridge_slave_0) entered forwarding state [ 97.612630][ T331] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 97.620673][ T331] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.627527][ T331] bridge0: port 2(bridge_slave_1) entered forwarding state [ 97.655048][ T2693] device veth0_vlan entered promiscuous mode [ 97.671766][ T2693] device veth1_macvtap entered promiscuous mode [ 97.697212][ T337] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 97.720031][ T28] audit: type=1400 audit(2000000026.340:6386): avc: denied { getattr } for pid=2729 comm="syz-executor.0" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=24643 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 97.727324][ T337] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 97.749547][ T28] audit: type=1400 audit(2000000026.370:6387): avc: denied { sys_module } for pid=2729 comm="syz-executor.0" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 97.771281][ T337] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 97.775341][ T2732] futex_wake_op: syz-executor.1 tries to shift op by 32; fix this program [ 97.799343][ T337] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 97.957801][ T2059] EXT4-fs (loop3): unmounting filesystem. [ 98.104278][ T337] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 98.111649][ T337] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 98.119024][ T337] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 98.127348][ T337] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 98.137490][ T337] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 98.159746][ T2737] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 98.161208][ T2741] loop2: detected capacity change from 0 to 2048 [ 98.192616][ T2741] EXT4-fs error (device loop2): __ext4_fill_super:5386: inode #2: comm syz-executor.2: casefold flag without casefold feature [ 98.205834][ T2741] EXT4-fs (loop2): warning: mounting fs with errors, running e2fsck is recommended [ 98.218924][ T2741] EXT4-fs (loop2): Errors on filesystem, clearing orphan list. [ 98.226298][ T2741] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 98.277548][ T2613] EXT4-fs (loop2): unmounting filesystem. [ 98.323202][ T28] audit: type=1326 audit(2000000026.940:6388): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2751 comm="syz-executor.2" exe="/root/syz-executor.2" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f29b067cea9 code=0x0 [ 98.362444][ T2755] syz-executor.0[2755] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 98.362521][ T2755] syz-executor.0[2755] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 98.658138][ T336] device bridge_slave_1 left promiscuous mode [ 98.789983][ T336] bridge0: port 2(bridge_slave_1) entered disabled state [ 98.818355][ T336] device bridge_slave_0 left promiscuous mode [ 98.824314][ T336] bridge0: port 1(bridge_slave_0) entered disabled state [ 98.848090][ T336] device veth1_macvtap left promiscuous mode [ 98.853946][ T336] device veth0_vlan left promiscuous mode [ 98.883514][ T2773] fuse: Bad value for 'fd' [ 98.892776][ T28] audit: type=1400 audit(2000000027.510:6389): avc: denied { read } for pid=2772 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 98.943854][ T28] audit: type=1400 audit(2000000027.560:6390): avc: denied { write } for pid=2772 comm="syz-executor.4" name="ipv6_route" dev="proc" ino=4026532542 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 99.062022][ T2775] device macsec2 entered promiscuous mode [ 99.071889][ T2775] device bridge0 entered promiscuous mode [ 99.086922][ T2775] device bridge0 left promiscuous mode [ 99.199217][ T2778] loop1: detected capacity change from 0 to 2048 [ 99.207359][ T2778] EXT4-fs error (device loop1): __ext4_fill_super:5386: inode #2: comm syz-executor.1: casefold flag without casefold feature [ 99.220751][ T2778] EXT4-fs (loop1): warning: mounting fs with errors, running e2fsck is recommended [ 99.249219][ T2778] EXT4-fs (loop1): Errors on filesystem, clearing orphan list. [ 99.268058][ T2778] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 99.356821][ T2693] EXT4-fs (loop1): unmounting filesystem. [ 99.424180][ T2803] futex_wake_op: syz-executor.2 tries to shift op by 32; fix this program [ 99.454245][ T28] audit: type=1326 audit(2000000028.070:6391): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2804 comm="syz-executor.1" exe="/root/syz-executor.1" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f670da7cea9 code=0x0 [ 99.607832][ T2815] loop3: detected capacity change from 0 to 2048 [ 99.818238][ T28] audit: type=1400 audit(2000000028.300:6392): avc: denied { block_suspend } for pid=2807 comm="syz-executor.0" capability=36 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 99.913403][ T2815] EXT4-fs error (device loop3): __ext4_fill_super:5386: inode #2: comm syz-executor.3: casefold flag without casefold feature [ 99.943403][ T2815] EXT4-fs (loop3): warning: mounting fs with errors, running e2fsck is recommended [ 99.975203][ T2815] EXT4-fs (loop3): Errors on filesystem, clearing orphan list. [ 99.992094][ T2815] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 100.019846][ T2824] loop4: detected capacity change from 0 to 1024 [ 100.031446][ T2824] EXT4-fs: Ignoring removed orlov option [ 100.037471][ T2059] EXT4-fs (loop3): unmounting filesystem. [ 100.043175][ T2824] EXT4-fs (loop4): Test dummy encryption mode enabled [ 100.058865][ T2824] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 100.100144][ T1322] EXT4-fs (loop4): unmounting filesystem. [ 100.133200][ T2829] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=2829 comm=syz-executor.3 [ 100.151083][ T2831] loop4: detected capacity change from 0 to 256 [ 100.163122][ T2831] exFAT-fs (loop4): failed to load upcase table (idx : 0x00012153, chksum : 0x555ffa9e, utbl_chksum : 0xe619d30d) [ 100.175505][ T2829] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 100.190837][ T28] audit: type=1400 audit(2000000028.810:6393): avc: denied { accept } for pid=2828 comm="syz-executor.3" lport=2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 100.212162][ T2829] device veth0_to_bridge entered promiscuous mode [ 100.236173][ T2828] device veth0_to_bridge left promiscuous mode [ 100.242918][ T2829] syz-executor.3 (2829) used greatest stack depth: 19976 bytes left [ 100.339800][ T2845] device dummy0 entered promiscuous mode [ 100.351789][ T2845] device dummy0 left promiscuous mode [ 100.577966][ T331] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 100.666570][ T2865] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=2865 comm=syz-executor.1 [ 100.689907][ T2863] loop2: detected capacity change from 0 to 256 [ 100.764811][ T2865] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 100.820648][ T2866] device veth0_to_bridge entered promiscuous mode [ 100.827962][ T19] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 100.864146][ T2863] exFAT-fs (loop2): failed to load upcase table (idx : 0x00012153, chksum : 0x555ffa9e, utbl_chksum : 0xe619d30d) [ 100.892379][ T2864] device veth0_to_bridge left promiscuous mode [ 101.028261][ T331] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 101.048304][ T2869] device pim6reg1 entered promiscuous mode [ 101.092003][ T331] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 101.148116][ T331] usb 4-1: New USB device found, idVendor=0eef, idProduct=72d0, bcdDevice= 0.00 [ 101.208125][ T19] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 101.232292][ T331] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 101.258670][ T19] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 101.301411][ T28] audit: type=1326 audit(2000000029.920:6394): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2870 comm="syz-executor.1" exe="/root/syz-executor.1" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f670da7cea9 code=0x0 [ 101.327216][ T331] usb 4-1: config 0 descriptor?? [ 101.376680][ T19] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 101.445651][ T19] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 101.499631][ T19] usb 5-1: config 0 descriptor?? [ 101.869170][ T2881] xt_NFQUEUE: number of total queues is 0 [ 101.966166][ T331] hid-multitouch 0003:0EEF:72D0.0012: hidraw0: USB HID v0.00 Device [HID 0eef:72d0] on usb-dummy_hcd.3-1/input0 [ 102.019171][ T19] plantronics 0003:047F:FFFF.0013: No inputs registered, leaving [ 102.073351][ T19] plantronics 0003:047F:FFFF.0013: hiddev96,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 102.131928][ T315] usb 4-1: USB disconnect, device number 7 [ 102.374540][ T2899] loop0: detected capacity change from 0 to 256 [ 102.467733][ T2899] exFAT-fs (loop0): failed to load upcase table (idx : 0x00012153, chksum : 0x555ffa9e, utbl_chksum : 0xe619d30d) [ 102.709812][ T2913] device pim6reg1 entered promiscuous mode [ 102.925620][ T2925] loop2: detected capacity change from 0 to 256 [ 102.948972][ T331] usb 5-1: USB disconnect, device number 11 [ 103.047089][ T2941] loop0: detected capacity change from 0 to 256 [ 103.062769][ T2941] exFAT-fs (loop0): failed to load upcase table (idx : 0x00012153, chksum : 0x555ffa9e, utbl_chksum : 0xe619d30d) [ 103.166415][ T2951] device pim6reg1 entered promiscuous mode [ 103.190722][ T2956] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=2956 comm=syz-executor.2 [ 103.203762][ T2956] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 103.213330][ T2956] device veth0_to_bridge entered promiscuous mode [ 103.351262][ T2954] device veth0_to_bridge left promiscuous mode [ 103.549976][ T2965] loop1: detected capacity change from 0 to 2048 [ 103.564501][ T2965] EXT4-fs error (device loop1): __ext4_fill_super:5386: inode #2: comm syz-executor.1: casefold flag without casefold feature [ 103.577766][ T2965] EXT4-fs (loop1): warning: mounting fs with errors, running e2fsck is recommended [ 103.589557][ T2965] EXT4-fs (loop1): Errors on filesystem, clearing orphan list. [ 103.597351][ T2965] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 103.608486][ T2973] loop0: detected capacity change from 0 to 256 [ 103.655530][ T2693] EXT4-fs (loop1): unmounting filesystem. [ 103.941746][ T2997] loop0: detected capacity change from 0 to 512 [ 104.120413][ T2997] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 219 vs 220 free clusters [ 104.134631][ T2997] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #11: comm syz-executor.0: invalid indirect mapped block 1 (level 1) [ 104.148698][ T2997] EXT4-fs (loop0): 1 truncate cleaned up [ 104.154178][ T2997] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 104.222077][ T3015] loop3: detected capacity change from 0 to 256 [ 104.277693][ T3019] loop3: detected capacity change from 0 to 128 [ 104.497944][ T529] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 104.544407][ T613] EXT4-fs (loop0): unmounting filesystem. [ 104.760625][ T3021] loop1: detected capacity change from 0 to 1024 [ 104.873884][ T3021] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 104.911092][ T2693] EXT4-fs (loop1): unmounting filesystem. [ 105.028161][ T529] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 105.040118][ T589] device bridge_slave_1 left promiscuous mode [ 105.046272][ T589] bridge0: port 2(bridge_slave_1) entered disabled state [ 105.078327][ T529] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 105.106051][ T589] device bridge_slave_0 left promiscuous mode [ 105.139283][ T589] bridge0: port 1(bridge_slave_0) entered disabled state [ 105.159024][ T529] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 105.201254][ T589] device veth1_macvtap left promiscuous mode [ 105.240033][ T529] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 105.255341][ T589] device veth0_vlan left promiscuous mode [ 105.305987][ T529] usb 5-1: config 0 descriptor?? [ 105.649291][ T3017] loop2: detected capacity change from 0 to 40427 [ 105.716902][ T3017] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 105.773557][ T3017] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 105.825979][ T3017] F2FS-fs (loop2): invalid crc value [ 105.832547][ T529] plantronics 0003:047F:FFFF.0014: No inputs registered, leaving [ 105.863815][ T529] plantronics 0003:047F:FFFF.0014: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 105.922692][ T3017] F2FS-fs (loop2): Found nat_bits in checkpoint [ 106.085123][ T3050] loop0: detected capacity change from 0 to 256 [ 106.216340][ T3051] loop1: detected capacity change from 0 to 2048 [ 106.321674][ T3017] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 106.329053][ T3051] EXT4-fs error (device loop1): __ext4_fill_super:5386: inode #2: comm syz-executor.1: casefold flag without casefold feature [ 106.362774][ T3017] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 106.458582][ T3051] EXT4-fs (loop1): warning: mounting fs with errors, running e2fsck is recommended [ 106.472840][ T3053] loop0: detected capacity change from 0 to 512 [ 106.552512][ T3051] EXT4-fs (loop1): Errors on filesystem, clearing orphan list. [ 106.564393][ T3053] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 219 vs 220 free clusters [ 106.579205][ T3053] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #11: comm syz-executor.0: invalid indirect mapped block 1 (level 1) [ 106.598054][ T3051] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 106.658451][ T3053] EXT4-fs (loop0): 1 truncate cleaned up [ 106.663930][ T3053] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 106.862450][ T613] EXT4-fs (loop0): unmounting filesystem. [ 106.878560][ T40] usb 5-1: USB disconnect, device number 12 [ 106.891561][ T3044] bridge0: port 1(bridge_slave_0) entered blocking state [ 106.898566][ T3044] bridge0: port 1(bridge_slave_0) entered disabled state [ 106.906070][ T3044] device bridge_slave_0 entered promiscuous mode [ 106.917450][ T3044] bridge0: port 2(bridge_slave_1) entered blocking state [ 106.924343][ T3044] bridge0: port 2(bridge_slave_1) entered disabled state [ 106.931673][ T3044] device bridge_slave_1 entered promiscuous mode [ 106.952174][ T589] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 106.961700][ T589] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 106.986787][ T3068] loop0: detected capacity change from 0 to 256 [ 107.059010][ T3074] netlink: 'syz-executor.0': attribute type 5 has an invalid length. [ 107.085892][ T3044] bridge0: port 2(bridge_slave_1) entered blocking state [ 107.092758][ T3044] bridge0: port 2(bridge_slave_1) entered forwarding state [ 107.099847][ T3044] bridge0: port 1(bridge_slave_0) entered blocking state [ 107.106621][ T3044] bridge0: port 1(bridge_slave_0) entered forwarding state [ 107.114683][ T331] bridge0: port 1(bridge_slave_0) entered disabled state [ 107.122236][ T331] bridge0: port 2(bridge_slave_1) entered disabled state [ 107.143657][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 107.151023][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 107.159769][ T331] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 107.171623][ T331] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 107.179800][ T331] bridge0: port 1(bridge_slave_0) entered blocking state [ 107.181779][ T3080] loop2: detected capacity change from 0 to 128 [ 107.186661][ T331] bridge0: port 1(bridge_slave_0) entered forwarding state [ 107.200337][ T3078] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.0'. [ 107.218037][ T331] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 107.226158][ T331] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 107.227710][ T3082] syz-executor.0[3082] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 107.234282][ T331] bridge0: port 2(bridge_slave_1) entered blocking state [ 107.236662][ T3082] syz-executor.0[3082] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 107.245726][ T331] bridge0: port 2(bridge_slave_1) entered forwarding state [ 107.246007][ T331] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 107.265739][ T3082] syz-executor.0[3082] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 107.271480][ T3080] loop2: detected capacity change from 128 to 0 [ 107.279296][ T3082] syz-executor.0[3082] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 107.291440][ T331] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 107.296779][ C1] I/O error, dev loop2, sector 31 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 107.324798][ T331] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 107.329025][ C1] I/O error, dev loop2, sector 3 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 107.332867][ T331] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 107.348974][ T3083] FAT-fs (loop2): unable to read inode block for updating (i_pos 52) [ 107.357090][ T331] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 107.370356][ C0] I/O error, dev loop2, sector 3 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 107.379371][ T2613] FAT-fs (loop2): Directory bread(block 3) failed [ 107.380259][ T331] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 107.387726][ C1] I/O error, dev loop2, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 107.402504][ T2613] FAT-fs (loop2): Directory bread(block 4) failed [ 107.410237][ C0] I/O error, dev loop2, sector 5 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 107.424499][ T2613] FAT-fs (loop2): Directory bread(block 5) failed [ 107.434386][ C0] I/O error, dev loop2, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 107.437362][ T3044] device veth0_vlan entered promiscuous mode [ 107.443415][ T2613] FAT-fs (loop2): Directory bread(block 6) failed [ 107.457360][ T28] audit: type=1400 audit(2000000036.080:6395): avc: denied { read } for pid=3087 comm="syz-executor.4" dev="sockfs" ino=25446 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 107.468438][ T529] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 107.487994][ C1] I/O error, dev loop2, sector 3 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 107.496962][ T589] FAT-fs (loop2): unable to read inode block for updating (i_pos 52) [ 107.507737][ T529] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 107.515520][ C1] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 107.520044][ T28] audit: type=1400 audit(2000000036.140:6396): avc: denied { append } for pid=3089 comm="syz-executor.4" name="kvm" dev="devtmpfs" ino=83 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 107.528681][ T529] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 107.547426][ T2613] FAT-fs (loop2): unable to read boot sector to mark fs as dirty [ 107.564721][ T529] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 107.592035][ T3044] device veth1_macvtap entered promiscuous mode [ 107.608525][ T529] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 107.616505][ T529] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 107.625640][ T529] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 107.648778][ T529] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 107.656841][ T529] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 107.673220][ T529] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 107.682874][ T529] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 107.705905][ T3090] kvm [3089]: vcpu0, guest rIP: 0x1be disabled perfctr wrmsr: 0xc1 data 0x0 [ 107.740301][ T3090] kvm [3089]: vcpu0, guest rIP: 0x1be disabled perfctr wrmsr: 0xc2 data 0x0 [ 107.834653][ T2693] EXT4-fs (loop1): unmounting filesystem. [ 108.190895][ T3105] tipc: Started in network mode [ 108.201355][ T3105] tipc: Node identity 1ff, cluster identity 4711 [ 108.210413][ T3105] tipc: Node number set to 511 [ 108.215144][ T3105] tipc: Cannot configure node identity twice [ 108.226458][ T3107] bridge0: port 4(veth1_macvtap) entered blocking state [ 108.238046][ T3107] bridge0: port 4(veth1_macvtap) entered disabled state [ 108.240704][ T3113] syz-executor.1[3113] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 108.244894][ T3113] syz-executor.1[3113] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 108.259426][ T3113] syz-executor.1[3113] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 108.271060][ T3113] syz-executor.1[3113] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 108.279952][ T3107] loop0: detected capacity change from 0 to 2048 [ 108.344334][ T3107] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 108.352823][ T3107] ext4 filesystem being mounted at /root/syzkaller-testdir2437024948/syzkaller.5tnkZr/226/file0 supports timestamps until 2038 (0x7fffffff) [ 108.367831][ T3107] EXT4-fs (loop0): unmounting filesystem. [ 108.374799][ T3125] netlink: 'syz-executor.4': attribute type 5 has an invalid length. [ 108.387753][ T3098] bridge0: port 1(bridge_slave_0) entered blocking state [ 108.394744][ T3098] bridge0: port 1(bridge_slave_0) entered disabled state [ 108.402291][ T3098] device bridge_slave_0 entered promiscuous mode [ 108.415715][ T3098] bridge0: port 2(bridge_slave_1) entered blocking state [ 108.439926][ T3098] bridge0: port 2(bridge_slave_1) entered disabled state [ 108.449192][ T3098] device bridge_slave_1 entered promiscuous mode [ 108.510167][ T3132] loop1: detected capacity change from 0 to 1024 [ 108.766150][ T3132] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 108.802006][ T3137] loop3: detected capacity change from 0 to 512 [ 108.819620][ T3137] EXT4-fs: Ignoring removed nobh option [ 108.830684][ T3137] EXT4-fs (loop3): couldn't mount as ext2 due to feature incompatibilities [ 108.910287][ T3098] bridge0: port 2(bridge_slave_1) entered blocking state [ 108.917178][ T3098] bridge0: port 2(bridge_slave_1) entered forwarding state [ 108.924375][ T3098] bridge0: port 1(bridge_slave_0) entered blocking state [ 108.931133][ T3098] bridge0: port 1(bridge_slave_0) entered forwarding state [ 108.956789][ T529] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 108.965122][ T529] bridge0: port 1(bridge_slave_0) entered disabled state [ 108.973087][ T529] bridge0: port 2(bridge_slave_1) entered disabled state [ 109.061412][ T529] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 109.081071][ T529] bridge0: port 1(bridge_slave_0) entered blocking state [ 109.087955][ T529] bridge0: port 1(bridge_slave_0) entered forwarding state [ 109.270349][ T2693] EXT4-fs (loop1): unmounting filesystem. [ 109.276180][ T589] device bridge_slave_1 left promiscuous mode [ 109.282704][ T589] bridge0: port 2(bridge_slave_1) entered disabled state [ 109.308625][ T589] device bridge_slave_0 left promiscuous mode [ 109.315448][ T589] bridge0: port 1(bridge_slave_0) entered disabled state [ 109.326409][ T589] device veth1_macvtap left promiscuous mode [ 109.332478][ T589] device veth0_vlan left promiscuous mode [ 109.426557][ T3172] loop1: detected capacity change from 0 to 1024 [ 109.442454][ T3172] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 109.475298][ T3179] loop4: detected capacity change from 0 to 2048 [ 109.512641][ T3179] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 109.546298][ T1322] EXT4-fs (loop4): unmounting filesystem. [ 109.584890][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 109.593692][ T40] bridge0: port 2(bridge_slave_1) entered blocking state [ 109.600553][ T40] bridge0: port 2(bridge_slave_1) entered forwarding state [ 109.611506][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 109.619383][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 110.053845][ T3188] loop4: detected capacity change from 0 to 1024 [ 110.068256][ T3188] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 110.079860][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 110.098428][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 110.117165][ T3098] device veth0_vlan entered promiscuous mode [ 110.127996][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 110.132424][ T3195] SELinux: Context system_u:object_r:tty_device_t:s0 is not valid (left unmapped). [ 110.149789][ T28] audit: type=1400 audit(2000000038.770:6397): avc: denied { relabelto } for pid=3194 comm="syz-executor.3" name=131377C5FC35D41454D5D41D29AD1A6029598146E6BE166E41AD0DBD4054033C9F33BBDA8224A2F3D772E7636E48B33CBF708372E8F1B9933EC5127743BE2206209EF02DF9CBF2F6E880D338 dev="sda1" ino=1969 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:tty_device_t:s0" [ 110.149907][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 110.201095][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 110.208424][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 110.215596][ T28] audit: type=1400 audit(2000000038.830:6398): avc: denied { rmdir } for pid=3044 comm="syz-executor.3" name=131377C5FC35D41454D5D41D29AD1A6029598146E6BE166E41AD0DBD4054033C9F33BBDA8224A2F3D772E7636E48B33CBF708372E8F1B9933EC5127743BE2206209EF02DF9CBF2F6E880D338 dev="sda1" ino=1969 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:tty_device_t:s0" [ 110.258427][ T337] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 110.271511][ T337] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 110.272412][ T2693] EXT4-fs (loop1): unmounting filesystem. [ 110.287204][ T28] audit: type=1400 audit(2000000038.910:6399): avc: denied { ioctl } for pid=3196 comm="syz-executor.3" path="socket:[26469]" dev="sockfs" ino=26469 ioctlcmd=0x48d4 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 110.315091][ T3098] device veth1_macvtap entered promiscuous mode [ 110.342801][ T337] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 110.351471][ T337] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 110.359639][ T337] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 110.370032][ T28] audit: type=1400 audit(2000000038.990:6400): avc: denied { relabelfrom } for pid=3202 comm="syz-executor.0" name="UDP" dev="sockfs" ino=26491 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=udp_socket permissive=1 [ 110.370070][ T3203] SELinux: Context system_u:object_r:udev_var_run_t:s0 is not valid (left unmapped). [ 110.405173][ T28] audit: type=1400 audit(2000000039.020:6401): avc: denied { relabelto } for pid=3202 comm="syz-executor.0" name="UDP" dev="sockfs" ino=26491 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=udp_socket permissive=1 trawcon="system_u:object_r:udev_var_run_t:s0" [ 110.446631][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 110.457700][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 110.469821][ T1322] EXT4-fs (loop4): unmounting filesystem. [ 110.475893][ T3209] bridge0: port 3(veth1_macvtap) entered blocking state [ 110.483176][ T3209] bridge0: port 3(veth1_macvtap) entered disabled state [ 110.504835][ T3209] loop3: detected capacity change from 0 to 2048 [ 110.521758][ T3217] tipc: Started in network mode [ 110.522830][ T3220] syz-executor.2[3220] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 110.526463][ T3217] tipc: Node identity 1ff, cluster identity 4711 [ 110.526514][ T3220] syz-executor.2[3220] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 110.554176][ T3217] tipc: Node number set to 511 [ 110.556868][ T3209] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 110.565774][ T3217] tipc: Cannot configure node identity twice [ 110.572421][ T3209] ext4 filesystem being mounted at /root/syzkaller-testdir4208493506/syzkaller.JmUMxv/12/file0 supports timestamps until 2038 (0x7fffffff) [ 110.606639][ T3209] EXT4-fs (loop3): unmounting filesystem. [ 110.634424][ T3237] loop4: detected capacity change from 0 to 1024 [ 110.641241][ T3237] EXT4-fs: Ignoring removed nomblk_io_submit option [ 110.659743][ T3237] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 110.680391][ T28] audit: type=1400 audit(2000000039.300:6402): avc: denied { mounton } for pid=3236 comm="syz-executor.4" path="/root/syzkaller-testdir1270270825/syzkaller.bJffka/146/file1/bus" dev="loop4" ino=19 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 110.713329][ T3242] loop1: detected capacity change from 0 to 1024 [ 110.738043][ T3242] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 110.758007][ T3237] loop4: detected capacity change from 1024 to 64 [ 110.787410][ T28] audit: type=1400 audit(2000000039.400:6403): avc: denied { rmdir } for pid=1322 comm="syz-executor.4" name="lost+found" dev="loop4" ino=11 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 110.787423][ T1322] EXT4-fs warning (device loop4): ext4_empty_dir:3093: inode #11: lblock 0: comm syz-executor.4: error -12 reading directory block [ 110.814351][ T3234] kvm [3231]: vcpu0, guest rIP: 0x1be disabled perfctr wrmsr: 0xc1 data 0x0 [ 110.823830][ T1322] EXT4-fs warning (device loop4): ext4_empty_dir:3093: inode #11: lblock 0: comm syz-executor.4: error -12 reading directory block [ 110.845945][ T1322] EXT4-fs warning (device loop4): ext4_empty_dir:3093: inode #11: lblock 0: comm syz-executor.4: error -12 reading directory block [ 110.859541][ T1322] EXT4-fs warning (device loop4): ext4_empty_dir:3093: inode #11: lblock 0: comm syz-executor.4: error -12 reading directory block [ 110.859753][ T3234] kvm [3231]: vcpu0, guest rIP: 0x1be disabled perfctr wrmsr: 0xc2 data 0x0 [ 110.873246][ T1322] EXT4-fs warning (device loop4): ext4_empty_dir:3093: inode #11: lblock 0: comm syz-executor.4: error -12 reading directory block [ 110.895063][ T1322] EXT4-fs warning (device loop4): ext4_empty_dir:3093: inode #11: lblock 0: comm syz-executor.4: error -12 reading directory block [ 110.908602][ T1322] EXT4-fs warning (device loop4): ext4_empty_dir:3093: inode #11: lblock 0: comm syz-executor.4: error -12 reading directory block [ 110.922153][ T1322] EXT4-fs warning (device loop4): ext4_empty_dir:3093: inode #11: lblock 0: comm syz-executor.4: error -12 reading directory block [ 110.935671][ T1322] EXT4-fs warning (device loop4): ext4_empty_dir:3093: inode #11: lblock 0: comm syz-executor.4: error -12 reading directory block [ 110.950373][ T1322] EXT4-fs warning (device loop4): ext4_empty_dir:3093: inode #11: lblock 0: comm syz-executor.4: error -12 reading directory block [ 111.009092][ T336] tipc: Left network mode [ 111.009948][ T1322] EXT4-fs (loop4): unmounting filesystem. [ 111.020688][ T3239] kmmpd-loop4: attempt to access beyond end of device [ 111.020688][ T3239] loop4: rw=14337, sector=128, nr_sectors = 2 limit=64 [ 111.034035][ T3239] Buffer I/O error on dev loop4, logical block 64, lost sync page write [ 111.145949][ T3257] tipc: Started in network mode [ 111.151601][ T3257] tipc: Node identity 1ff, cluster identity 4711 [ 111.158141][ T3257] tipc: Node number set to 511 [ 111.163560][ T3257] tipc: Cannot configure node identity twice [ 111.285452][ T3268] bridge0: port 1(bridge_slave_0) entered blocking state [ 111.292471][ T3268] bridge0: port 1(bridge_slave_0) entered disabled state [ 111.293195][ T3277] loop2: detected capacity change from 0 to 1024 [ 111.299931][ T3268] device bridge_slave_0 entered promiscuous mode [ 111.306098][ T3277] EXT4-fs: Ignoring removed nomblk_io_submit option [ 111.312596][ T3268] bridge0: port 2(bridge_slave_1) entered blocking state [ 111.325085][ T3268] bridge0: port 2(bridge_slave_1) entered disabled state [ 111.332431][ T3268] device bridge_slave_1 entered promiscuous mode [ 111.344479][ T3277] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 111.357326][ T3281] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 111.397992][ T3277] loop2: detected capacity change from 1024 to 64 [ 111.400480][ T3285] loop0: detected capacity change from 0 to 1024 [ 111.452867][ T2693] EXT4-fs (loop1): unmounting filesystem. [ 111.455366][ T3098] EXT4-fs warning (device loop2): ext4_empty_dir:3093: inode #11: lblock 0: comm syz-executor.2: error -12 reading directory block [ 111.470450][ T3285] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 111.481850][ T3098] EXT4-fs warning (device loop2): ext4_empty_dir:3093: inode #11: lblock 0: comm syz-executor.2: error -12 reading directory block [ 111.503689][ T613] EXT4-fs (loop0): unmounting filesystem. [ 111.513311][ T3098] EXT4-fs warning (device loop2): ext4_empty_dir:3093: inode #11: lblock 0: comm syz-executor.2: error -12 reading directory block [ 111.527420][ T3098] EXT4-fs warning (device loop2): ext4_empty_dir:3093: inode #11: lblock 0: comm syz-executor.2: error -12 reading directory block [ 111.541111][ T3098] EXT4-fs warning (device loop2): ext4_empty_dir:3093: inode #11: lblock 0: comm syz-executor.2: error -12 reading directory block [ 111.555201][ T3098] EXT4-fs warning (device loop2): ext4_empty_dir:3093: inode #11: lblock 0: comm syz-executor.2: error -12 reading directory block [ 111.569250][ T3098] EXT4-fs warning (device loop2): ext4_empty_dir:3093: inode #11: lblock 0: comm syz-executor.2: error -12 reading directory block [ 111.583049][ T3098] EXT4-fs warning (device loop2): ext4_empty_dir:3093: inode #11: lblock 0: comm syz-executor.2: error -12 reading directory block [ 111.596629][ T3098] EXT4-fs warning (device loop2): ext4_empty_dir:3093: inode #11: lblock 0: comm syz-executor.2: error -12 reading directory block [ 111.604854][ T3268] bridge0: port 2(bridge_slave_1) entered blocking state [ 111.616754][ T3268] bridge0: port 2(bridge_slave_1) entered forwarding state [ 111.623917][ T3268] bridge0: port 1(bridge_slave_0) entered blocking state [ 111.630764][ T3268] bridge0: port 1(bridge_slave_0) entered forwarding state [ 111.638716][ T3098] EXT4-fs warning (device loop2): ext4_empty_dir:3093: inode #11: lblock 0: comm syz-executor.2: error -12 reading directory block [ 111.682590][ T3299] loop3: detected capacity change from 0 to 1024 [ 111.694082][ T3299] EXT4-fs: Ignoring removed orlov option [ 111.696868][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 111.700259][ T3299] EXT4-fs: Ignoring removed nomblk_io_submit option [ 111.714080][ T40] bridge0: port 1(bridge_slave_0) entered disabled state [ 111.722210][ T40] bridge0: port 2(bridge_slave_1) entered disabled state [ 111.730867][ T3098] EXT4-fs (loop2): unmounting filesystem. [ 111.741901][ T3307] netlink: 45 bytes leftover after parsing attributes in process `syz-executor.0'. [ 111.752529][ T3299] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 111.761366][ T529] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 111.770135][ T3278] kmmpd-loop2: attempt to access beyond end of device [ 111.770135][ T3278] loop2: rw=14337, sector=128, nr_sectors = 2 limit=64 [ 111.783728][ T315] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 111.791522][ T529] bridge0: port 1(bridge_slave_0) entered blocking state [ 111.798379][ T529] bridge0: port 1(bridge_slave_0) entered forwarding state [ 111.805999][ T3278] Buffer I/O error on dev loop2, logical block 64, lost sync page write [ 111.847496][ T3311] netlink: 'syz-executor.0': attribute type 29 has an invalid length. [ 111.880240][ T529] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 111.888299][ T529] bridge0: port 2(bridge_slave_1) entered blocking state [ 111.895144][ T529] bridge0: port 2(bridge_slave_1) entered forwarding state [ 111.901809][ T28] audit: type=1400 audit(2000000040.510:6404): avc: denied { create } for pid=3310 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 111.928670][ T529] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 111.936643][ T529] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 111.955368][ T3268] device veth0_vlan entered promiscuous mode [ 111.962897][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 111.971425][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 111.982612][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 111.992249][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 112.033188][ T336] device bridge_slave_1 left promiscuous mode [ 112.041078][ T336] bridge0: port 2(bridge_slave_1) entered disabled state [ 112.079657][ T336] device bridge_slave_0 left promiscuous mode [ 112.143992][ T336] bridge0: port 1(bridge_slave_0) entered disabled state [ 112.218496][ T315] usb 2-1: config 0 has an invalid interface number: 18 but max is 0 [ 112.234189][ T315] usb 2-1: config 0 has no interface number 0 [ 112.262062][ T315] usb 2-1: config 0 interface 18 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 112.314281][ T315] usb 2-1: config 0 interface 18 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 112.408343][ T315] usb 2-1: New USB device found, idVendor=054c, idProduct=03d5, bcdDevice= 0.10 [ 112.422823][ T315] usb 2-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 112.430957][ T315] usb 2-1: Manufacturer: syz [ 112.439279][ T315] usb 2-1: config 0 descriptor?? [ 112.650699][ T3044] EXT4-fs (loop3): unmounting filesystem. [ 112.696025][ T3320] SELinux: Context system_u:object_r:systemd_notify_exec_t:s0 is not valid (left unmapped). [ 112.707557][ T28] kauditd_printk_skb: 1 callbacks suppressed [ 112.707572][ T28] audit: type=1400 audit(2000000041.320:6406): avc: denied { relabelto } for pid=3319 comm="syz-executor.3" name="file0" dev="sda1" ino=1957 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:systemd_notify_exec_t:s0" [ 112.789093][ T28] audit: type=1400 audit(2000000041.410:6407): avc: denied { rmdir } for pid=3044 comm="syz-executor.3" name="file0" dev="sda1" ino=1957 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:systemd_notify_exec_t:s0" [ 112.937584][ T3333] loop0: detected capacity change from 0 to 1024 [ 112.974557][ T3333] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 113.154873][ T315] input: syz as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.18/0003:054C:03D5.0015/input/input20 [ 113.173740][ T315] sony 0003:054C:03D5.0015: input,hidraw0: USB HID v0.00 Joystick [syz] on usb-dummy_hcd.1-1/input18 [ 113.175214][ T28] audit: type=1400 audit(2000000041.790:6408): avc: denied { read } for pid=86 comm="acpid" name="event3" dev="devtmpfs" ino=488 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 113.186199][ T315] usb 2-1: USB disconnect, device number 11 [ 113.209049][ T28] audit: type=1400 audit(2000000041.790:6409): avc: denied { open } for pid=86 comm="acpid" path="/dev/input/event3" dev="devtmpfs" ino=488 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 113.245166][ T3268] device veth1_macvtap entered promiscuous mode [ 113.252534][ T28] audit: type=1400 audit(2000000041.860:6410): avc: denied { ioctl } for pid=86 comm="acpid" path="/dev/input/event3" dev="devtmpfs" ino=488 ioctlcmd=0x4520 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 113.263852][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 113.285591][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 113.293930][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 113.306935][ T3340] loop3: detected capacity change from 0 to 512 [ 113.315721][ T3340] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 113.325684][ T529] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 113.330552][ T3340] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -2 [ 113.335203][ T529] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 113.342847][ T3340] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #13: comm syz-executor.3: invalid indirect mapped block 2683928664 (level 1) [ 113.351129][ T529] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 113.366056][ T3340] EXT4-fs (loop3): Remounting filesystem read-only [ 113.373519][ T529] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 113.379262][ T3340] EXT4-fs (loop3): 1 truncate cleaned up [ 113.392538][ T3340] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 113.414284][ T28] audit: type=1400 audit(2000000042.030:6411): avc: denied { mounton } for pid=3339 comm="syz-executor.3" path="/root/syzkaller-testdir4208493506/syzkaller.JmUMxv/32/file0/file0" dev="loop3" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 113.443245][ T3044] EXT4-fs error (device loop3): htree_dirblock_to_tree:1111: inode #2: block 13: comm syz-executor.3: bad entry in directory: rec_len % 4 != 0 - offset=108, inode=4294901777, rec_len=65535, size=1024 fake=0 [ 113.464167][ T3044] EXT4-fs (loop3): Remounting filesystem read-only [ 113.473251][ T3044] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2213: inode #15: comm syz-executor.3: corrupted in-inode xattr [ 113.485804][ T3044] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2213: inode #15: comm syz-executor.3: corrupted in-inode xattr [ 113.491204][ T3316] bridge0: port 1(bridge_slave_0) entered blocking state [ 113.507817][ T3316] bridge0: port 1(bridge_slave_0) entered disabled state [ 113.515279][ T3316] device bridge_slave_0 entered promiscuous mode [ 113.525478][ T3316] bridge0: port 2(bridge_slave_1) entered blocking state [ 113.532508][ T3316] bridge0: port 2(bridge_slave_1) entered disabled state [ 113.539958][ T3316] device bridge_slave_1 entered promiscuous mode [ 113.569452][ T3044] EXT4-fs (loop3): unmounting filesystem. [ 113.626249][ T613] EXT4-fs (loop0): unmounting filesystem. [ 113.630872][ T3316] bridge0: port 2(bridge_slave_1) entered blocking state [ 113.638806][ T3316] bridge0: port 2(bridge_slave_1) entered forwarding state [ 113.645975][ T3316] bridge0: port 1(bridge_slave_0) entered blocking state [ 113.652780][ T3316] bridge0: port 1(bridge_slave_0) entered forwarding state [ 113.724516][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 113.732583][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 113.741733][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 113.768390][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 113.776312][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 113.793576][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 113.809804][ T28] audit: type=1400 audit(2000000042.430:6412): avc: denied { read } for pid=3364 comm="syz-executor.3" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 113.831637][ T3316] device veth0_vlan entered promiscuous mode [ 113.839616][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 113.847548][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 113.854739][ T28] audit: type=1400 audit(2000000042.430:6413): avc: denied { open } for pid=3364 comm="syz-executor.3" path="net:[4026531840]" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 113.879106][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 113.908593][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 113.917462][ T3316] device veth1_macvtap entered promiscuous mode [ 113.944944][ T3363] input: syz0 as /devices/virtual/input/input21 [ 113.945000][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 113.963268][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 114.033661][ T3377] netlink: 45 bytes leftover after parsing attributes in process `syz-executor.1'. [ 114.053710][ T3364] bridge0: port 1(bridge_slave_0) entered blocking state [ 114.066417][ T3364] bridge0: port 1(bridge_slave_0) entered disabled state [ 114.079306][ T3364] device bridge_slave_0 entered promiscuous mode [ 114.176366][ T3384] loop2: detected capacity change from 0 to 1024 [ 114.255916][ T3384] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 114.315038][ T3364] bridge0: port 2(bridge_slave_1) entered blocking state [ 114.346134][ T3364] bridge0: port 2(bridge_slave_1) entered disabled state [ 114.429517][ T3364] device bridge_slave_1 entered promiscuous mode [ 114.472816][ T3391] loop1: detected capacity change from 0 to 1024 [ 114.488581][ T3391] EXT4-fs: Ignoring removed nomblk_io_submit option [ 114.498764][ T336] device bridge_slave_1 left promiscuous mode [ 114.505635][ T336] bridge0: port 2(bridge_slave_1) entered disabled state [ 114.514824][ T336] device bridge_slave_0 left promiscuous mode [ 114.518265][ T3372] loop0: detected capacity change from 0 to 40427 [ 114.521263][ T336] bridge0: port 1(bridge_slave_0) entered disabled state [ 114.528770][ T3372] F2FS-fs (loop0): invalid crc value [ 114.535984][ T3391] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 114.541435][ T3372] F2FS-fs (loop0): Found nat_bits in checkpoint [ 114.554375][ T336] device veth1_macvtap left promiscuous mode [ 114.560593][ T336] device veth0_vlan left promiscuous mode [ 114.602932][ T3372] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 114.610411][ T3391] loop1: detected capacity change from 1024 to 64 [ 114.631541][ T2693] EXT4-fs warning (device loop1): ext4_empty_dir:3093: inode #11: lblock 0: comm syz-executor.1: error -12 reading directory block [ 114.645052][ T2693] EXT4-fs warning (device loop1): ext4_empty_dir:3093: inode #11: lblock 0: comm syz-executor.1: error -12 reading directory block [ 114.659878][ T2693] EXT4-fs warning (device loop1): ext4_empty_dir:3093: inode #11: lblock 0: comm syz-executor.1: error -12 reading directory block [ 114.683164][ T2693] EXT4-fs warning (device loop1): ext4_empty_dir:3093: inode #11: lblock 0: comm syz-executor.1: error -12 reading directory block [ 114.700684][ T2693] EXT4-fs warning (device loop1): ext4_empty_dir:3093: inode #11: lblock 0: comm syz-executor.1: error -12 reading directory block [ 114.715155][ T331] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 114.723543][ T2693] EXT4-fs warning (device loop1): ext4_empty_dir:3093: inode #11: lblock 0: comm syz-executor.1: error -12 reading directory block [ 114.737499][ T2693] EXT4-fs warning (device loop1): ext4_empty_dir:3093: inode #11: lblock 0: comm syz-executor.1: error -12 reading directory block [ 114.754633][ T2693] EXT4-fs warning (device loop1): ext4_empty_dir:3093: inode #11: lblock 0: comm syz-executor.1: error -12 reading directory block [ 114.768643][ T2693] EXT4-fs warning (device loop1): ext4_empty_dir:3093: inode #11: lblock 0: comm syz-executor.1: error -12 reading directory block [ 114.782386][ T2693] EXT4-fs warning (device loop1): ext4_empty_dir:3093: inode #11: lblock 0: comm syz-executor.1: error -12 reading directory block [ 114.864251][ T3398] syz-executor.0: attempt to access beyond end of device [ 114.864251][ T3398] loop0: rw=10241, sector=45096, nr_sectors = 8 limit=40427 [ 114.878855][ T3398] syz-executor.0: attempt to access beyond end of device [ 114.878855][ T3398] loop0: rw=2049, sector=45104, nr_sectors = 8 limit=40427 [ 114.893044][ T3398] syz-executor.0: attempt to access beyond end of device [ 114.893044][ T3398] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 114.908059][ T3398] syz-executor.0: attempt to access beyond end of device [ 114.908059][ T3398] loop0: rw=2049, sector=45104, nr_sectors = 8 limit=40427 [ 114.922898][ T3398] syz-executor.0: attempt to access beyond end of device [ 114.922898][ T3398] loop0: rw=2049, sector=45104, nr_sectors = 8 limit=40427 [ 114.938241][ T3398] syz-executor.0: attempt to access beyond end of device [ 114.938241][ T3398] loop0: rw=2049, sector=45112, nr_sectors = 8 limit=40427 [ 114.952319][ T3398] syz-executor.0: attempt to access beyond end of device [ 114.952319][ T3398] loop0: rw=2049, sector=45104, nr_sectors = 8 limit=40427 [ 114.973168][ T3398] syz-executor.0: attempt to access beyond end of device [ 114.973168][ T3398] loop0: rw=2049, sector=45112, nr_sectors = 8 limit=40427 [ 115.072981][ T3316] EXT4-fs (loop2): unmounting filesystem. [ 115.090470][ T2693] EXT4-fs (loop1): unmounting filesystem. [ 115.098062][ T3392] Buffer I/O error on dev loop1, logical block 64, lost sync page write [ 115.131932][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 115.139523][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 115.155430][ T529] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 115.163716][ T529] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 115.172842][ T529] bridge0: port 1(bridge_slave_0) entered blocking state [ 115.179719][ T529] bridge0: port 1(bridge_slave_0) entered forwarding state [ 115.233928][ T529] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 115.242907][ T529] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 115.251172][ T529] bridge0: port 2(bridge_slave_1) entered blocking state [ 115.258038][ T529] bridge0: port 2(bridge_slave_1) entered forwarding state [ 115.265365][ T529] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 115.283763][ T529] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 115.292192][ T529] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 115.307768][ T3364] device veth0_vlan entered promiscuous mode [ 115.318690][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 115.326945][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 115.335520][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 115.345131][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 115.352875][ T336] tipc: Left network mode [ 115.355011][ T331] usb 5-1: config 0 has an invalid interface number: 18 but max is 0 [ 115.371359][ T3364] device veth1_macvtap entered promiscuous mode [ 115.375815][ T331] usb 5-1: config 0 has no interface number 0 [ 115.382108][ T529] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 115.385889][ T331] usb 5-1: config 0 interface 18 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 115.392199][ T336] tipc: Left network mode [ 115.414329][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 115.423278][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 115.431415][ T331] usb 5-1: config 0 interface 18 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 115.518021][ T331] usb 5-1: New USB device found, idVendor=054c, idProduct=03d5, bcdDevice= 0.10 [ 115.526959][ T331] usb 5-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 115.537515][ T331] usb 5-1: Manufacturer: syz [ 115.556103][ T331] usb 5-1: config 0 descriptor?? [ 115.563660][ T3408] bridge0: port 1(bridge_slave_0) entered blocking state [ 115.578020][ T3408] bridge0: port 1(bridge_slave_0) entered disabled state [ 115.595536][ T3408] device bridge_slave_0 entered promiscuous mode [ 115.612396][ T3408] bridge0: port 2(bridge_slave_1) entered blocking state [ 115.630562][ T3408] bridge0: port 2(bridge_slave_1) entered disabled state [ 115.640849][ T3408] device bridge_slave_1 entered promiscuous mode [ 115.659838][ T3418] input: syz0 as /devices/virtual/input/input22 [ 115.689903][ T3429] loop3: detected capacity change from 0 to 512 [ 115.709970][ T3429] EXT4-fs error (device loop3): ext4_orphan_get:1396: inode #15: comm syz-executor.3: casefold flag without casefold feature [ 115.723371][ T3429] EXT4-fs error (device loop3): __ext4_iget:5046: inode #12: block 2: comm syz-executor.3: invalid block [ 115.735464][ T3429] EXT4-fs error (device loop3): ext4_xattr_inode_iget:409: comm syz-executor.3: error while reading EA inode 12 err=-117 [ 115.749459][ T3429] EXT4-fs (loop3): 1 orphan inode deleted [ 115.755059][ T3429] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 115.791130][ T3421] kvm [3420]: vcpu0, guest rIP: 0x1be disabled perfctr wrmsr: 0xc1 data 0x0 [ 115.804987][ T3421] kvm [3420]: vcpu0, guest rIP: 0x1be disabled perfctr wrmsr: 0xc2 data 0x0 [ 115.818510][ T3429] loop3: detected capacity change from 512 to 0 [ 115.825081][ C0] I/O error, dev loop3, sector 18 op 0x0:(READ) flags 0x3000 phys_seg 1 prio class 2 [ 115.825583][ T3421] kvm [3420]: vcpu0, guest rIP: 0x1be ignored wrmsr: 0x11e data 0xbe702111 [ 115.834449][ C0] I/O error, dev loop3, sector 26 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 115.842919][ T3427] EXT4-fs error (device loop3): ext4_get_inode_loc:4635: inode #19: block 9: comm syz-executor.3: unable to read itable block [ 115.852219][ C0] I/O error, dev loop3, sector 24 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 115.852254][ C0] I/O error, dev loop3, sector 22 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 115.852281][ C0] I/O error, dev loop3, sector 20 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 115.893425][ C0] I/O error, dev loop3, sector 16 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 115.902786][ C0] I/O error, dev loop3, sector 14 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 115.912146][ C0] I/O error, dev loop3, sector 12 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 115.921700][ C0] I/O error, dev loop3, sector 10 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 115.921763][ T589] loop: Write error at byte offset 9223372036854776831, length 1024. [ 115.939200][ C1] I/O error, dev loop3, sector 2 op 0x1:(WRITE) flags 0x3800 phys_seg 1 prio class 2 [ 115.948506][ C1] Buffer I/O error on dev loop3, logical block 1, lost sync page write [ 115.956640][ T3427] EXT4-fs (loop3): I/O error while writing superblock [ 115.963541][ T3427] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5870: IO failure [ 115.972388][ T589] loop: Write error at byte offset 9223372036854776831, length 1024. [ 115.980514][ C1] Buffer I/O error on dev loop3, logical block 1, lost sync page write [ 115.988662][ T3427] EXT4-fs (loop3): I/O error while writing superblock [ 115.995383][ T3427] EXT4-fs error (device loop3): ext4_dirty_inode:6074: inode #19: comm syz-executor.3: mark_inode_dirty error [ 116.007011][ T589] loop: Write error at byte offset 9223372036854776831, length 1024. [ 116.022562][ C1] Buffer I/O error on dev loop3, logical block 1, lost sync page write [ 116.030740][ T3427] EXT4-fs (loop3): I/O error while writing superblock [ 116.037764][ T3427] EXT4-fs error (device loop3): ext4_get_inode_loc:4635: inode #19: block 9: comm syz-executor.3: unable to read itable block [ 116.050811][ T589] loop: Write error at byte offset 9223372036854776831, length 1024. [ 116.059105][ C1] Buffer I/O error on dev loop3, logical block 1, lost sync page write [ 116.062321][ T331] input: syz as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.18/0003:054C:03D5.0016/input/input23 [ 116.067244][ T3427] EXT4-fs (loop3): I/O error while writing superblock [ 116.080525][ T3408] bridge0: port 2(bridge_slave_1) entered blocking state [ 116.091378][ T3408] bridge0: port 2(bridge_slave_1) entered forwarding state [ 116.098462][ T3408] bridge0: port 1(bridge_slave_0) entered blocking state [ 116.105233][ T3408] bridge0: port 1(bridge_slave_0) entered forwarding state [ 116.111562][ T3427] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5870: IO failure [ 116.120911][ T589] loop: Write error at byte offset 9223372036854776831, length 1024. [ 116.128900][ C1] Buffer I/O error on dev loop3, logical block 1, lost sync page write [ 116.137555][ T3427] EXT4-fs (loop3): I/O error while writing superblock [ 116.153013][ T331] sony 0003:054C:03D5.0016: input,hidraw0: USB HID v0.00 Joystick [syz] on usb-dummy_hcd.4-1/input18 [ 116.163808][ T3427] EXT4-fs error (device loop3): ext4_dirty_inode:6074: inode #19: comm syz-executor.3: mark_inode_dirty error [ 116.177211][ T589] loop: Write error at byte offset 9223372036854776831, length 1024. [ 116.186644][ C1] Buffer I/O error on dev loop3, logical block 1, lost sync page write [ 116.194759][ T3427] EXT4-fs (loop3): I/O error while writing superblock [ 116.203335][ T3427] EXT4-fs error (device loop3): ext4_check_bdev_write_error:218: comm syz-executor.3: Error while async write back metadata [ 116.211664][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 116.223146][ T589] loop: Write error at byte offset 9223372036854776831, length 1024. [ 116.231603][ C0] Buffer I/O error on dev loop3, logical block 1, lost sync page write [ 116.239726][ T3427] EXT4-fs (loop3): I/O error while writing superblock [ 116.242409][ T24] bridge0: port 1(bridge_slave_0) entered disabled state [ 116.253383][ T3427] EXT4-fs error (device loop3): ext4_check_bdev_write_error:218: comm syz-executor.3: Error while async write back metadata [ 116.266370][ T24] bridge0: port 2(bridge_slave_1) entered disabled state [ 116.278387][ T337] usb 5-1: USB disconnect, device number 13 [ 116.281278][ T589] loop: Write error at byte offset 9223372036854776831, length 1024. [ 116.292188][ C0] Buffer I/O error on dev loop3, logical block 1, lost sync page write [ 116.300323][ T3427] EXT4-fs (loop3): I/O error while writing superblock [ 116.309839][ T3427] EXT4-fs error (device loop3): ext4_get_inode_loc:4635: inode #19: block 9: comm syz-executor.3: unable to read itable block [ 116.322909][ T589] loop: Write error at byte offset 9223372036854776831, length 1024. [ 116.330903][ C0] Buffer I/O error on dev loop3, logical block 1, lost sync page write [ 116.333425][ T3445] incfs: Can't find or create .index dir in ./file0 [ 116.339372][ T3427] EXT4-fs (loop3): I/O error while writing superblock [ 116.346819][ T3445] incfs: mount failed -14 [ 116.352158][ T3427] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5870: IO failure [ 116.370088][ T331] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 116.378120][ T589] loop: Write error at byte offset 9223372036854776831, length 1024. [ 116.385940][ C0] Buffer I/O error on dev loop3, logical block 1, lost sync page write [ 116.394116][ C1] Buffer I/O error on dev loop3, logical block 1, lost sync page write [ 116.394460][ T331] bridge0: port 1(bridge_slave_0) entered blocking state [ 116.402758][ C1] Buffer I/O error on dev loop3, logical block 1, lost sync page write [ 116.409055][ T331] bridge0: port 1(bridge_slave_0) entered forwarding state [ 116.409350][ T331] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 116.417433][ C1] Buffer I/O error on dev loop3, logical block 1, lost sync page write [ 116.424452][ T331] bridge0: port 2(bridge_slave_1) entered blocking state [ 116.446880][ T331] bridge0: port 2(bridge_slave_1) entered forwarding state [ 116.469093][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 116.476842][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 116.492305][ T331] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 116.500562][ T331] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 116.521044][ T3408] device veth0_vlan entered promiscuous mode [ 116.529197][ T337] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 116.536921][ T337] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 116.558078][ T337] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 116.570606][ T337] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 116.584171][ T3408] device veth1_macvtap entered promiscuous mode [ 116.590520][ C1] EXT4-fs warning (device loop3): ext4_end_bio:347: I/O error 10 writing to inode 19 starting block 65) [ 116.601643][ C1] Buffer I/O error on device loop3, logical block 65 [ 116.608092][ C1] Buffer I/O error on device loop3, logical block 66 [ 116.614602][ C1] Buffer I/O error on device loop3, logical block 67 [ 116.621109][ C1] Buffer I/O error on device loop3, logical block 68 [ 116.627666][ C1] Buffer I/O error on device loop3, logical block 69 [ 116.634126][ C1] Buffer I/O error on device loop3, logical block 70 [ 116.640642][ C1] Buffer I/O error on device loop3, logical block 71 [ 116.647147][ C1] Buffer I/O error on device loop3, logical block 72 [ 116.663150][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 116.671249][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 116.679557][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 116.689840][ T336] device bridge_slave_1 left promiscuous mode [ 116.695788][ T336] bridge0: port 2(bridge_slave_1) entered disabled state [ 116.704396][ T336] device bridge_slave_0 left promiscuous mode [ 116.704742][ T3451] loop2: detected capacity change from 0 to 40427 [ 116.710443][ T336] bridge0: port 1(bridge_slave_0) entered disabled state [ 116.725461][ T336] device bridge_slave_1 left promiscuous mode [ 116.731513][ T3451] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 116.731694][ T336] bridge0: port 2(bridge_slave_1) entered disabled state [ 116.746282][ T3451] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 116.754551][ T336] device bridge_slave_0 left promiscuous mode [ 116.755472][ T3451] F2FS-fs (loop2): invalid crc value [ 116.761688][ T336] bridge0: port 1(bridge_slave_0) entered disabled state [ 116.774882][ T336] device veth1_macvtap left promiscuous mode [ 116.780992][ T336] device veth0_vlan left promiscuous mode [ 116.781841][ T3451] F2FS-fs (loop2): Found nat_bits in checkpoint [ 116.793877][ T336] device veth1_macvtap left promiscuous mode [ 116.803827][ T336] device veth0_vlan left promiscuous mode [ 116.811475][ T3457] incfs: Options parsing error. -22 [ 116.822999][ T3457] incfs: mount failed -22 [ 116.889959][ T3451] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 116.902531][ T3451] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 117.034318][ T3464] kvm [3463]: vcpu0, guest rIP: 0x1be disabled perfctr wrmsr: 0xc1 data 0x0 [ 117.043286][ T3464] kvm [3463]: vcpu0, guest rIP: 0x1be disabled perfctr wrmsr: 0xc2 data 0x0 [ 117.056066][ T3464] kvm [3463]: vcpu0, guest rIP: 0x1be ignored wrmsr: 0x11e data 0xbe702111 [ 117.103687][ T3451] bio_check_eod: 41 callbacks suppressed [ 117.103706][ T3451] syz-executor.2: attempt to access beyond end of device [ 117.103706][ T3451] loop2: rw=10241, sector=45096, nr_sectors = 8 limit=40427 [ 117.123484][ T3451] syz-executor.2: attempt to access beyond end of device [ 117.123484][ T3451] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 117.147735][ T589] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 117.156823][ T589] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 117.229812][ T337] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 117.240130][ T337] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 117.248330][ T337] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 117.256298][ T337] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 117.279041][ T3474] device wg2 entered promiscuous mode [ 117.367743][ T3466] bridge0: port 1(bridge_slave_0) entered blocking state [ 117.375204][ T3466] bridge0: port 1(bridge_slave_0) entered disabled state [ 117.382659][ T3466] device bridge_slave_0 entered promiscuous mode [ 117.390078][ T3466] bridge0: port 2(bridge_slave_1) entered blocking state [ 117.397059][ T3466] bridge0: port 2(bridge_slave_1) entered disabled state [ 117.404618][ T3466] device bridge_slave_1 entered promiscuous mode [ 117.644533][ T3500] overlayfs: failed to resolve './file0': -2 [ 117.736513][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 117.746423][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 117.809637][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 117.861058][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 117.871008][ T315] bridge0: port 1(bridge_slave_0) entered blocking state [ 117.877908][ T315] bridge0: port 1(bridge_slave_0) entered forwarding state [ 117.885213][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 117.893709][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 117.902118][ T315] bridge0: port 2(bridge_slave_1) entered blocking state [ 117.906398][ T331] hid-generic 0000:0000:0000.0017: unknown main item tag 0x0 [ 117.908999][ T315] bridge0: port 2(bridge_slave_1) entered forwarding state [ 117.913270][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 117.928597][ T331] hid-generic 0000:0000:0000.0017: unknown main item tag 0x0 [ 117.938918][ T331] hid-generic 0000:0000:0000.0017: hidraw0: HID v0.00 Device [syz0] on syz1 [ 117.948303][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 117.948568][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 117.965221][ T28] audit: type=1400 audit(2000000046.590:6414): avc: denied { read } for pid=3508 comm="syz-executor.0" name="loop-control" dev="devtmpfs" ino=113 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 118.002980][ T28] audit: type=1400 audit(2000000046.590:6415): avc: denied { open } for pid=3508 comm="syz-executor.0" path="/dev/loop-control" dev="devtmpfs" ino=113 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 118.012251][ T331] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 118.035889][ T28] audit: type=1400 audit(2000000046.590:6416): avc: denied { ioctl } for pid=3508 comm="syz-executor.0" path="/dev/loop-control" dev="devtmpfs" ino=113 ioctlcmd=0x4c80 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 118.044612][ T3466] device veth0_vlan entered promiscuous mode [ 118.073510][ T331] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 118.082922][ T331] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 118.097630][ T331] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 118.115885][ T707] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 118.125764][ T3466] device veth1_macvtap entered promiscuous mode [ 118.140421][ T707] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 118.154376][ T707] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 118.172870][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 118.241501][ T28] audit: type=1400 audit(2000000046.860:6417): avc: denied { connect } for pid=3525 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 118.325778][ T3529] incfs: Options parsing error. -22 [ 118.342878][ T3529] incfs: mount failed -22 [ 118.345188][ T3521] loop0: detected capacity change from 0 to 40427 [ 118.361728][ T3521] F2FS-fs (loop0): invalid crc value [ 118.376011][ T3521] F2FS-fs (loop0): Found nat_bits in checkpoint [ 118.464356][ T3521] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 118.635448][ T336] device bridge_slave_1 left promiscuous mode [ 118.644371][ T336] bridge0: port 2(bridge_slave_1) entered disabled state [ 118.661787][ T336] device bridge_slave_0 left promiscuous mode [ 118.668613][ T336] bridge0: port 1(bridge_slave_0) entered disabled state [ 118.787643][ T3560] overlayfs: failed to resolve './file0': -2 [ 118.924810][ T336] device veth1_macvtap left promiscuous mode [ 118.949604][ T336] device veth0_vlan left promiscuous mode [ 119.048500][ T3552] loop4: detected capacity change from 0 to 40427 [ 119.066519][ T28] audit: type=1400 audit(2000000047.680:6418): avc: denied { mount } for pid=3565 comm="syz-executor.2" name="/" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1 [ 119.075409][ T3552] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 119.096466][ T3552] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 119.111921][ T28] audit: type=1400 audit(2000000047.730:6419): avc: denied { unmount } for pid=3316 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1 [ 119.132258][ T3552] F2FS-fs (loop4): invalid crc value [ 119.157388][ T3558] kvm [3557]: vcpu0, guest rIP: 0x1be disabled perfctr wrmsr: 0xc1 data 0x0 [ 119.166811][ T28] audit: type=1400 audit(2000000047.770:6420): avc: denied { connect } for pid=3570 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 119.187222][ T3558] kvm [3557]: vcpu0, guest rIP: 0x1be disabled perfctr wrmsr: 0xc2 data 0x0 [ 119.190485][ T3552] F2FS-fs (loop4): Found nat_bits in checkpoint [ 119.200927][ T3558] kvm [3557]: vcpu0, guest rIP: 0x1be ignored wrmsr: 0x11e data 0xbe702111 [ 119.255864][ T3552] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 119.263990][ T3552] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 119.465074][ T3552] syz-executor.4: attempt to access beyond end of device [ 119.465074][ T3552] loop4: rw=10241, sector=45096, nr_sectors = 8 limit=40427 [ 119.493642][ T3552] syz-executor.4: attempt to access beyond end of device [ 119.493642][ T3552] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 119.522039][ T336] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 119.524174][ T3596] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.2'. [ 119.531437][ T336] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 119.747853][ T3597] loop1: detected capacity change from 0 to 512 [ 119.821584][ T3597] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 219 vs 220 free clusters [ 119.836082][ T3597] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #11: comm syz-executor.1: invalid indirect mapped block 1 (level 1) [ 119.849904][ T3597] EXT4-fs (loop1): 1 truncate cleaned up [ 119.855378][ T3597] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 119.898235][ T707] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 119.919957][ T3604] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.2'. [ 119.939449][ T3604] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 119.951867][ T3604] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 119.963220][ T3606] loop0: detected capacity change from 0 to 512 [ 119.989605][ T3606] EXT4-fs (loop0): 1 orphan inode deleted [ 119.998919][ T3606] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 120.007647][ T3606] ext4 filesystem being mounted at /root/syzkaller-testdir2437024948/syzkaller.5tnkZr/267/file1 supports timestamps until 2038 (0x7fffffff) [ 120.202057][ T707] usb 4-1: Using ep0 maxpacket: 32 [ 120.368196][ T707] usb 4-1: config 0 has no interfaces? [ 120.373929][ T707] usb 4-1: New USB device found, idVendor=04d8, idProduct=f002, bcdDevice= 0.00 [ 120.386893][ T3408] EXT4-fs (loop1): unmounting filesystem. [ 120.462056][ T707] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 120.471077][ T707] usb 4-1: config 0 descriptor?? [ 120.503138][ T3639] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'. [ 120.513432][ T3639] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. [ 120.522730][ T3639] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. [ 120.559278][ T3644] device wg2 entered promiscuous mode [ 120.605179][ T3649] loop2: detected capacity change from 0 to 512 [ 120.612309][ T3649] EXT4-fs (loop2): couldn't mount as ext3 due to feature incompatibilities [ 120.666370][ T28] audit: type=1326 audit(2000000049.280:6421): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3655 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f203227cea9 code=0x7ffc0000 [ 120.695740][ T3649] loop2: detected capacity change from 0 to 16 [ 120.702649][ T28] audit: type=1326 audit(2000000049.280:6422): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3655 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f203227cea9 code=0x7ffc0000 [ 120.703169][ T3649] erofs: (device loop2): mounted with root inode @ nid 36. [ 120.731001][ T28] audit: type=1326 audit(2000000049.280:6423): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3655 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f203227cea9 code=0x7ffc0000 [ 120.767986][ T331] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 120.837543][ T613] EXT4-fs (loop0): unmounting filesystem. [ 120.924764][ T3668] serio: Serial port pts0 [ 120.959075][ T3594] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 120.973887][ T3594] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 120.990665][ T337] usb 4-1: USB disconnect, device number 8 [ 121.034627][ T3683] futex_wake_op: syz-executor.2 tries to shift op by 32; fix this program [ 121.047993][ T331] usb 5-1: Using ep0 maxpacket: 32 [ 121.072256][ T3687] loop0: detected capacity change from 0 to 512 [ 121.079571][ T3687] EXT4-fs (loop0): couldn't mount as ext3 due to feature incompatibilities [ 121.131649][ T3687] loop0: detected capacity change from 0 to 16 [ 121.138724][ T3687] erofs: (device loop0): mounted with root inode @ nid 36. [ 121.198598][ T331] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 121.209603][ T331] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 121.219216][ T331] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 121.228117][ T331] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 121.236901][ T331] usb 5-1: config 0 descriptor?? [ 121.288482][ T331] hub 5-1:0.0: USB hub found [ 121.338243][ T707] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 121.437940][ T24] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 121.497991][ T331] hub 5-1:0.0: 1 port detected [ 121.520528][ T3696] serio: Serial port pts0 [ 121.520858][ T3697] loop1: detected capacity change from 0 to 256 [ 121.548603][ T3699] loop1: detected capacity change from 0 to 1024 [ 121.557302][ T3699] EXT4-fs error (device loop1): ext4_read_block_bitmap_nowait:477: comm syz-executor.1: Invalid block bitmap block 0 in block_group 0 [ 121.571480][ T3699] EXT4-fs error (device loop1): ext4_free_blocks:6197: comm syz-executor.1: Freeing blocks not in datazone - block = 0, count = 4096 [ 121.585345][ T3699] EXT4-fs error (device loop1): ext4_read_inode_bitmap:140: comm syz-executor.1: Invalid inode bitmap blk 0 in block_group 0 [ 121.598606][ T3699] EXT4-fs error (device loop1) in ext4_free_inode:362: Corrupt filesystem [ 121.607163][ T3699] EXT4-fs (loop1): 1 orphan inode deleted [ 121.612786][ T3699] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 121.629498][ T3408] EXT4-fs (loop1): unmounting filesystem. [ 121.698037][ T707] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 121.708631][ T707] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 121.788525][ T707] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 121.797484][ T707] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 121.805281][ T707] usb 3-1: SerialNumber: syz [ 121.809841][ T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 121.822220][ T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 121.832505][ T24] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 121.841495][ T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 121.845033][ T3718] loop3: detected capacity change from 0 to 1024 [ 121.852614][ T24] usb 1-1: config 0 descriptor?? [ 121.859250][ T3718] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 121.919609][ T3719] bridge0: port 1(bridge_slave_0) entered blocking state [ 121.926539][ T3719] bridge0: port 1(bridge_slave_0) entered disabled state [ 121.933776][ T3719] device bridge_slave_0 entered promiscuous mode [ 121.941068][ T3719] bridge0: port 2(bridge_slave_1) entered blocking state [ 121.947967][ T3719] bridge0: port 2(bridge_slave_1) entered disabled state [ 121.955153][ T3719] device bridge_slave_1 entered promiscuous mode [ 122.035830][ T3719] bridge0: port 2(bridge_slave_1) entered blocking state [ 122.042698][ T3719] bridge0: port 2(bridge_slave_1) entered forwarding state [ 122.049806][ T3719] bridge0: port 1(bridge_slave_0) entered blocking state [ 122.056558][ T3719] bridge0: port 1(bridge_slave_0) entered forwarding state [ 122.078691][ T707] usb 3-1: 0:2 : does not exist [ 122.089259][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 122.096819][ T19] bridge0: port 1(bridge_slave_0) entered disabled state [ 122.104075][ T19] bridge0: port 2(bridge_slave_1) entered disabled state [ 122.124520][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 122.132554][ T19] bridge0: port 1(bridge_slave_0) entered blocking state [ 122.139405][ T19] bridge0: port 1(bridge_slave_0) entered forwarding state [ 122.146892][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 122.154734][ T331] hub 5-1:0.0: activate --> -90 [ 122.159619][ T19] bridge0: port 2(bridge_slave_1) entered blocking state [ 122.166445][ T19] bridge0: port 2(bridge_slave_1) entered forwarding state [ 122.180145][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 122.198429][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 122.208766][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 122.226122][ T3719] device veth0_vlan entered promiscuous mode [ 122.233762][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 122.242039][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 122.249263][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 122.266105][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 122.275989][ T3719] device veth1_macvtap entered promiscuous mode [ 122.286988][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 122.298943][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 122.308918][ T10] device bridge_slave_1 left promiscuous mode [ 122.314912][ T10] bridge0: port 2(bridge_slave_1) entered disabled state [ 122.322787][ T10] device bridge_slave_0 left promiscuous mode [ 122.329304][ T10] bridge0: port 1(bridge_slave_0) entered disabled state [ 122.338379][ T10] device veth1_macvtap left promiscuous mode [ 122.344239][ T10] device veth0_vlan left promiscuous mode [ 122.501217][ T337] usb 3-1: USB disconnect, device number 9 [ 122.568608][ T707] usb 5-1: USB disconnect, device number 14 [ 122.624014][ T3466] EXT4-fs (loop3): unmounting filesystem. [ 122.818429][ T3733] loop1: detected capacity change from 0 to 512 [ 123.227981][ T24] input: HID 256c:006d Pen as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:256C:006D.0018/input/input24 [ 123.249300][ T24] input: HID 256c:006d Pad as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:256C:006D.0018/input/input25 [ 123.269104][ T24] input: HID 256c:006d Touch Strip as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:256C:006D.0018/input/input26 [ 123.281521][ T3733] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 219 vs 220 free clusters [ 123.295895][ T3733] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #11: comm syz-executor.1: invalid indirect mapped block 1 (level 1) [ 123.322560][ T24] input: HID 256c:006d Dial as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:256C:006D.0018/input/input27 [ 123.340991][ T3733] EXT4-fs (loop1): 1 truncate cleaned up [ 123.346500][ T3733] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 123.385795][ T24] uclogic 0003:256C:006D.0018: input,hiddev96,hidraw0: USB HID v0.00 Keypad [HID 256c:006d] on usb-dummy_hcd.0-1/input0 [ 123.426716][ T28] kauditd_printk_skb: 5326 callbacks suppressed [ 123.426732][ T28] audit: type=1400 audit(2000000052.040:11747): avc: denied { bind } for pid=3739 comm=07D5F6BBCA4704D4B8C3AED0EA5A2A scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 123.454728][ T24] usb 1-1: USB disconnect, device number 10 [ 123.471310][ T3742] loop2: detected capacity change from 0 to 1024 [ 123.480395][ T3742] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:477: comm syz-executor.2: Invalid block bitmap block 0 in block_group 0 [ 123.494190][ T3742] Quota error (device loop2): write_blk: dquota write failed [ 123.504480][ T3742] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 123.514461][ T3742] EXT4-fs error (device loop2): ext4_free_blocks:6197: comm syz-executor.2: Freeing blocks not in datazone - block = 0, count = 4096 [ 123.528544][ T3742] EXT4-fs error (device loop2): ext4_read_inode_bitmap:140: comm syz-executor.2: Invalid inode bitmap blk 0 in block_group 0 [ 123.555669][ T336] Quota error (device loop2): do_check_range: Getting block 0 out of range 1-8 [ 123.567817][ T3719] EXT4-fs (loop1): unmounting filesystem. [ 123.575318][ T3742] EXT4-fs error (device loop2) in ext4_free_inode:362: Corrupt filesystem [ 123.584894][ T3742] EXT4-fs (loop2): 1 orphan inode deleted [ 123.590512][ T3742] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 123.620262][ T3751] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.4'. [ 123.643246][ T3316] EXT4-fs (loop2): unmounting filesystem. [ 123.645776][ T3753] bpf_get_probe_write_proto: 2 callbacks suppressed [ 123.645793][ T3753] syz-executor.3[3753] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 123.663258][ T3753] syz-executor.3[3753] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 123.686242][ T3760] loop2: detected capacity change from 0 to 256 [ 123.739361][ T3760] FAT-fs (loop2): Directory bread(block 64) failed [ 123.745844][ T3760] FAT-fs (loop2): Directory bread(block 65) failed [ 123.769953][ T3760] FAT-fs (loop2): Directory bread(block 66) failed [ 123.776493][ T3760] FAT-fs (loop2): Directory bread(block 67) failed [ 123.783037][ T3760] FAT-fs (loop2): Directory bread(block 68) failed [ 123.789605][ T3760] FAT-fs (loop2): Directory bread(block 69) failed [ 123.795957][ T3760] FAT-fs (loop2): Directory bread(block 70) failed [ 123.802528][ T3760] FAT-fs (loop2): Directory bread(block 71) failed [ 123.809283][ T3760] FAT-fs (loop2): Directory bread(block 72) failed [ 123.815683][ T3760] FAT-fs (loop2): Directory bread(block 73) failed [ 123.848155][ T43] kworker/u4:2: attempt to access beyond end of device [ 123.848155][ T43] loop2: rw=1, sector=1224, nr_sectors = 128 limit=256 [ 124.058029][ T707] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 124.138476][ T529] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 124.172623][ T3777] tmpfs: Unknown parameter 'nolazytime˙˙' [ 124.182463][ T3780] loop0: detected capacity change from 0 to 1024 [ 124.191361][ T3780] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:477: comm syz-executor.0: Invalid block bitmap block 0 in block_group 0 [ 124.205238][ T3780] Quota error (device loop0): write_blk: dquota write failed [ 124.212531][ T3780] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota [ 124.223113][ T3780] EXT4-fs error (device loop0): ext4_free_blocks:6197: comm syz-executor.0: Freeing blocks not in datazone - block = 0, count = 4096 [ 124.236827][ T3780] EXT4-fs error (device loop0): ext4_read_inode_bitmap:140: comm syz-executor.0: Invalid inode bitmap blk 0 in block_group 0 [ 124.250172][ T336] Quota error (device loop0): do_check_range: Getting block 0 out of range 1-8 [ 124.259038][ T3780] EXT4-fs error (device loop0) in ext4_free_inode:362: Corrupt filesystem [ 124.267491][ T3780] EXT4-fs (loop0): 1 orphan inode deleted [ 124.273326][ T3780] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 124.291338][ T613] EXT4-fs (loop0): unmounting filesystem. [ 124.315016][ T3791] syz-executor.1[3791] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 124.315062][ T3791] syz-executor.1[3791] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 124.344038][ T3795] loop0: detected capacity change from 0 to 512 [ 124.362854][ T3795] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended [ 124.388040][ T529] usb 3-1: Using ep0 maxpacket: 32 [ 124.394654][ T3795] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor.0: bg 0: block 64: padding at end of block bitmap is not set [ 124.409443][ T3795] Quota error (device loop0): write_blk: dquota write failed [ 124.416677][ T3795] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota [ 124.426513][ T3795] EXT4-fs (loop0): 1 truncate cleaned up [ 124.432307][ T3795] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 124.448046][ T707] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 124.458004][ T707] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 124.460505][ T3795] Quota error (device loop0): write_blk: dquota write failed [ 124.473568][ T3799] loop1: detected capacity change from 0 to 512 [ 124.481388][ T3795] syz-executor.0 (3795) used greatest stack depth: 19880 bytes left [ 124.490428][ T613] EXT4-fs (loop0): unmounting filesystem. [ 124.499955][ T3799] EXT4-fs (loop1): 1 orphan inode deleted [ 124.505614][ T3799] ext4 filesystem being mounted at /root/syzkaller-testdir4088542358/syzkaller.6Q3w16/10/file1 supports timestamps until 2038 (0x7fffffff) [ 124.519720][ T529] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 124.530516][ T529] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 124.586115][ T707] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 124.606623][ T529] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 124.615691][ T707] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 124.623941][ T529] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 124.653633][ T707] usb 5-1: SerialNumber: syz [ 124.665481][ T529] usb 3-1: config 0 descriptor?? [ 124.792279][ T529] hub 3-1:0.0: USB hub found [ 124.931579][ T707] usb 5-1: 0:2 : does not exist [ 125.001227][ T3817] loop3: detected capacity change from 0 to 256 [ 125.008139][ T529] hub 3-1:0.0: 1 port detected [ 125.036237][ T3819] loop3: detected capacity change from 0 to 1024 [ 125.045721][ T3819] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:477: comm syz-executor.3: Invalid block bitmap block 0 in block_group 0 [ 125.059705][ T3819] EXT4-fs error (device loop3): ext4_free_blocks:6197: comm syz-executor.3: Freeing blocks not in datazone - block = 0, count = 4096 [ 125.073793][ T3819] EXT4-fs error (device loop3): ext4_read_inode_bitmap:140: comm syz-executor.3: Invalid inode bitmap blk 0 in block_group 0 [ 125.086959][ T3819] EXT4-fs error (device loop3) in ext4_free_inode:362: Corrupt filesystem [ 125.095443][ T3819] EXT4-fs (loop3): 1 orphan inode deleted [ 125.243734][ T3826] loop3: detected capacity change from 0 to 40427 [ 125.250690][ T3826] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 125.258529][ T3826] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 125.267515][ T3826] F2FS-fs (loop3): invalid crc value [ 125.273989][ T3826] F2FS-fs (loop3): Found nat_bits in checkpoint [ 125.317860][ T3826] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 125.325195][ T3826] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 125.352172][ T24] usb 5-1: USB disconnect, device number 15 [ 125.490103][ T3826] syz-executor.3: attempt to access beyond end of device [ 125.490103][ T3826] loop3: rw=10241, sector=45096, nr_sectors = 8 limit=40427 [ 125.504752][ T3826] syz-executor.3: attempt to access beyond end of device [ 125.504752][ T3826] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 125.542345][ T3852] loop1: detected capacity change from 0 to 1024 [ 125.552905][ T336] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 125.562917][ T336] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 125.563428][ T3852] EXT4-fs error (device loop1): ext4_read_block_bitmap_nowait:477: comm syz-executor.1: Invalid block bitmap block 0 in block_group 0 [ 125.586967][ T3852] EXT4-fs error (device loop1): ext4_free_blocks:6197: comm syz-executor.1: Freeing blocks not in datazone - block = 0, count = 4096 [ 125.601396][ T3852] EXT4-fs error (device loop1): ext4_read_inode_bitmap:140: comm syz-executor.1: Invalid inode bitmap blk 0 in block_group 0 [ 125.614346][ T3852] EXT4-fs error (device loop1) in ext4_free_inode:362: Corrupt filesystem [ 125.622975][ T3852] EXT4-fs (loop1): 1 orphan inode deleted [ 125.657974][ T707] hub 3-1:0.0: activate --> -90 [ 125.771387][ T3872] loop0: detected capacity change from 0 to 512 [ 125.778530][ T3872] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 125.790391][ T3872] EXT4-fs (loop0): 1 truncate cleaned up [ 125.799944][ T3872] EXT4-fs warning (device loop0): __ext4fs_dirhash:270: inode #2: comm syz-executor.0: Siphash requires key [ 125.812279][ T3872] EXT4-fs warning (device loop0): dx_probe:844: inode #2: comm syz-executor.0: Hash code is SIPHASH, but hash not in dirent [ 125.825048][ T3872] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor.0: Corrupt directory, running e2fsck is recommended [ 125.838475][ T3872] EXT4-fs warning (device loop0): dx_probe:844: inode #2: comm syz-executor.0: Hash code is SIPHASH, but hash not in dirent [ 125.851212][ T3872] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor.0: Corrupt directory, running e2fsck is recommended [ 126.029270][ T3877] loop3: detected capacity change from 0 to 40427 [ 126.036269][ T3877] F2FS-fs (loop3): Invalid Fs Meta Ino: node(1) meta(2) root(0) [ 126.043785][ T3877] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 126.052834][ T3877] F2FS-fs (loop3): invalid crc value [ 126.059989][ T3877] F2FS-fs (loop3): Found nat_bits in checkpoint [ 126.083747][ T337] usb 3-1: USB disconnect, device number 10 [ 126.115176][ T3880] loop4: detected capacity change from 0 to 40427 [ 126.123009][ T3880] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 126.123066][ T3877] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 126.130709][ T3880] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 126.137553][ T3877] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 126.146892][ T3880] F2FS-fs (loop4): invalid crc value [ 126.158518][ T3877] syz-executor.3: attempt to access beyond end of device [ 126.158518][ T3877] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 126.159637][ T3880] F2FS-fs (loop4): Found nat_bits in checkpoint [ 126.203782][ T3466] syz-executor.3: attempt to access beyond end of device [ 126.203782][ T3466] loop3: rw=2049, sector=45104, nr_sectors = 8 limit=40427 [ 126.225115][ T3880] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 126.232428][ T3880] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 126.308188][ T331] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 126.384692][ T3880] syz-executor.4: attempt to access beyond end of device [ 126.384692][ T3880] loop4: rw=10241, sector=45096, nr_sectors = 8 limit=40427 [ 126.399128][ T3880] syz-executor.4: attempt to access beyond end of device [ 126.399128][ T3880] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 126.463101][ T43] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 126.472308][ T43] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 126.713782][ T3915] overlayfs: failed to resolve './file0': -2 [ 126.927992][ T529] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 126.987981][ T331] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 126.997874][ T331] usb 1-1: config 1 has 0 interfaces, different from the descriptor's value: 3 [ 127.017249][ T3909] loop2: detected capacity change from 0 to 40427 [ 127.026523][ T3909] F2FS-fs (loop2): Found nat_bits in checkpoint [ 127.060050][ T3909] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 127.075758][ T3909] syz-executor.2: attempt to access beyond end of device [ 127.075758][ T3909] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 127.094331][ T3316] syz-executor.2: attempt to access beyond end of device [ 127.094331][ T3316] loop2: rw=2049, sector=45104, nr_sectors = 8 limit=40427 [ 127.098088][ T331] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 127.117189][ T337] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 127.124714][ T331] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 127.132560][ T331] usb 1-1: SerialNumber: syz [ 127.308040][ T529] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 127.319060][ T529] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 127.328637][ T529] usb 5-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00 [ 127.337450][ T529] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 127.346246][ T529] usb 5-1: config 0 descriptor?? [ 127.394958][ T3935] serio: Serial port pts0 [ 127.419664][ T331] usb 1-1: USB disconnect, device number 11 [ 127.478026][ T337] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 127.488021][ T337] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 127.537996][ T707] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 127.578461][ T337] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 127.587372][ T337] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 127.595213][ T337] usb 2-1: SerialNumber: syz [ 127.828013][ T19] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 127.829327][ T529] lg-g15 0003:046D:C222.0019: unknown main item tag 0x0 [ 127.842838][ T529] lg-g15 0003:046D:C222.0019: hidraw0: USB HID v0.00 Device [HID 046d:c222] on usb-dummy_hcd.4-1/input0 [ 127.858510][ T337] usb 2-1: 0:2 : does not exist [ 127.898522][ T707] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 127.909520][ T707] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 127.919278][ T707] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 127.928105][ T707] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 127.936622][ T707] usb 3-1: config 0 descriptor?? [ 128.033808][ T3944] loop0: detected capacity change from 0 to 40427 [ 128.038049][ T331] usb 5-1: USB disconnect, device number 16 [ 128.041194][ T3944] F2FS-fs (loop0): Invalid Fs Meta Ino: node(1) meta(2) root(0) [ 128.053308][ T3944] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 128.062065][ T3944] F2FS-fs (loop0): invalid crc value [ 128.068461][ T3944] F2FS-fs (loop0): Found nat_bits in checkpoint [ 128.097950][ T19] usb 4-1: Using ep0 maxpacket: 32 [ 128.103515][ T3944] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 128.110412][ T3944] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 128.125461][ T3944] syz-executor.0: attempt to access beyond end of device [ 128.125461][ T3944] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 128.258014][ T19] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 128.268745][ T19] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 128.278315][ T19] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 128.287247][ T19] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 128.295622][ T19] usb 4-1: config 0 descriptor?? [ 128.300760][ T40] usb 2-1: USB disconnect, device number 12 [ 128.338289][ T19] hub 4-1:0.0: USB hub found [ 128.418174][ T707] hid (null): bogus close delimiter [ 128.507968][ T529] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 128.558013][ T19] hub 4-1:0.0: 1 port detected [ 128.638045][ T707] usb 3-1: language id specifier not provided by device, defaulting to English [ 128.747983][ T529] usb 1-1: Using ep0 maxpacket: 32 [ 128.813449][ T3964] loop4: detected capacity change from 0 to 40427 [ 128.820461][ T3964] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 128.824012][ T28] kauditd_printk_skb: 14 callbacks suppressed [ 128.824045][ T28] audit: type=1400 audit(2000000057.440:11751): avc: denied { module_load } for pid=3965 comm="syz-executor.1" path="/root/syzkaller-testdir4088542358/syzkaller.6Q3w16/20/bus" dev="sda1" ino=1969 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=system permissive=1 [ 128.828265][ T3964] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 128.870741][ T3964] F2FS-fs (loop4): invalid crc value [ 128.877106][ T3964] F2FS-fs (loop4): Found nat_bits in checkpoint [ 128.883270][ T529] usb 1-1: config 0 has no interfaces? [ 128.888754][ T529] usb 1-1: New USB device found, idVendor=04d8, idProduct=f002, bcdDevice= 0.00 [ 128.897600][ T529] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 128.918275][ T529] usb 1-1: config 0 descriptor?? [ 128.944311][ T3964] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 128.951222][ T3964] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 128.998891][ T28] audit: type=1400 audit(2000000057.620:11752): avc: denied { sqpoll } for pid=3973 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 129.070991][ T3964] bio_check_eod: 1 callbacks suppressed [ 129.071016][ T3964] syz-executor.4: attempt to access beyond end of device [ 129.071016][ T3964] loop4: rw=10241, sector=45096, nr_sectors = 8 limit=40427 [ 129.090642][ T3964] syz-executor.4: attempt to access beyond end of device [ 129.090642][ T3964] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 129.126583][ T336] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 129.135836][ T336] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 129.207963][ T19] hub 4-1:0.0: activate --> -90 [ 129.361432][ T3950] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 129.378130][ T3950] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 129.386674][ T331] usb 1-1: USB disconnect, device number 12 [ 129.388023][ T707] uclogic 0003:256C:006D.001A: v1 frame probing failed: -71 [ 129.400583][ T707] uclogic 0003:256C:006D.001A: failed probing parameters: -71 [ 129.409496][ T707] uclogic: probe of 0003:256C:006D.001A failed with error -71 [ 129.419197][ T707] usb 3-1: USB disconnect, device number 11 [ 129.645545][ T3986] loop4: detected capacity change from 0 to 512 [ 129.702045][ T40] usb 4-1: USB disconnect, device number 9 [ 129.714484][ T3986] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 219 vs 220 free clusters [ 129.728806][ T3986] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #11: comm syz-executor.4: invalid indirect mapped block 1 (level 1) [ 129.742411][ T3986] EXT4-fs (loop4): 1 truncate cleaned up [ 129.747862][ T3986] EXT4-fs mount: 8 callbacks suppressed [ 129.747877][ T3986] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 129.973326][ T3996] loop1: detected capacity change from 0 to 2048 [ 129.989232][ T3996] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 130.003569][ T3999] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 130.018483][ T3999] EXT4-fs (loop1): Remounting filesystem read-only [ 130.029267][ T3719] EXT4-fs (loop1): unmounting filesystem. [ 130.149343][ T28] audit: type=1326 audit(2000000058.770:11753): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4000 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46c387cea9 code=0x7fc00000 [ 130.190403][ T28] audit: type=1326 audit(2000000058.770:11754): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4000 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f46c387cea9 code=0x7fc00000 [ 130.215331][ T3268] EXT4-fs (loop4): unmounting filesystem. [ 130.803743][ T4016] overlayfs: failed to resolve './file0': -2 [ 131.152462][ T28] audit: type=1326 audit(2000000059.770:11755): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4000 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46c387cea9 code=0x7fc00000 [ 131.182204][ T28] audit: type=1326 audit(2000000059.770:11756): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4000 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f46c387cea9 code=0x7fc00000 [ 131.206211][ T28] audit: type=1326 audit(2000000059.770:11757): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4000 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46c387cea9 code=0x7fc00000 [ 131.244298][ T28] audit: type=1326 audit(2000000059.770:11758): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4000 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46c387cea9 code=0x7fc00000 [ 131.274284][ T28] audit: type=1326 audit(2000000059.770:11759): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4000 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46c387cea9 code=0x7fc00000 [ 131.300342][ T4030] serio: Serial port pts0 [ 131.308092][ T4025] device syzkaller0 entered promiscuous mode [ 131.308233][ T28] audit: type=1326 audit(2000000059.770:11760): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4000 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46c387cea9 code=0x7fc00000 [ 131.326618][ T4025] PF_CAN: dropped non conform CAN FD skbuff: dev type 65534, len 65487 [ 131.342683][ T4032] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN [ 131.357372][ T4032] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 131.365617][ T4032] CPU: 1 PID: 4032 Comm: syz-executor.4 Not tainted 6.1.78-syzkaller-00009-g25216be1ac5e #0 [ 131.375509][ T4032] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 131.385404][ T4032] RIP: 0010:dev_map_generic_redirect+0x90/0x7d0 [ 131.391481][ T4032] Code: f1 f1 00 f2 f2 f2 4b 89 04 26 43 c7 44 26 0f f3 f3 f3 f3 43 c6 44 26 13 f3 e8 ac 07 de ff 48 89 d8 48 c1 e8 03 48 89 44 24 48 <42> 80 3c 20 00 74 08 48 89 df e8 f1 04 25 00 48 89 5c 24 18 4c 8b [ 131.410918][ T4032] RSP: 0018:ffffc9000948f6c0 EFLAGS: 00010246 [ 131.416821][ T4032] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000040000 [ 131.424632][ T4032] RDX: ffffc90007185000 RSI: 000000000000041b RDI: 000000000000041c [ 131.432443][ T4032] RBP: ffffc9000948f818 R08: 0000000000000005 R09: ffffffff8411e7b3 [ 131.440264][ T4032] R10: 0000000000000004 R11: ffff88813a026540 R12: dffffc0000000000 [ 131.448153][ T4032] R13: ffff888126e738c0 R14: 1ffff92001291ee4 R15: 0000000000000000 [ 131.455964][ T4032] FS: 00007ff7e032d6c0(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 131.464732][ T4032] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 131.471153][ T4032] CR2: 0000000020010000 CR3: 0000000110943000 CR4: 00000000003526a0 [ 131.478965][ T4032] DR0: 0000000000000000 DR1: 00000000fec00000 DR2: 0000000000000000 [ 131.486865][ T4032] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 131.494673][ T4032] Call Trace: [ 131.497797][ T4032] [ 131.500578][ T4032] ? __die_body+0x62/0xb0 [ 131.504741][ T4032] ? die_addr+0x9f/0xd0 [ 131.508733][ T4032] ? exc_general_protection+0x317/0x4c0 [ 131.514121][ T4032] ? asm_exc_general_protection+0x27/0x30 [ 131.519673][ T4032] ? xdp_do_generic_redirect+0x303/0xad0 [ 131.525137][ T4032] ? dev_map_generic_redirect+0x90/0x7d0 [ 131.530782][ T4032] ? __free_pages_core+0x180/0x180 [ 131.535726][ T4032] ? __this_cpu_preempt_check+0x13/0x20 [ 131.541107][ T4032] ? bq_enqueue+0x3e0/0x3e0 [ 131.545533][ T4032] ? bpf_prog_run_generic_xdp+0x9aa/0x1110 [ 131.551178][ T4032] xdp_do_generic_redirect+0x411/0xad0 [ 131.556473][ T4032] do_xdp_generic+0x53e/0x800 [ 131.560985][ T4032] ? generic_xdp_tx+0x560/0x560 [ 131.565671][ T4032] ? __schedule+0xcaf/0x1550 [ 131.570095][ T4032] ? tun_get_user+0x2340/0x3a90 [ 131.574915][ T4032] tun_get_user+0x238a/0x3a90 [ 131.579857][ T4032] ? futex_q_unlock+0x30/0x30 [ 131.584366][ T4032] ? tun_do_read+0x1ee0/0x1ee0 [ 131.588962][ T4032] ? ref_tracker_alloc+0x31d/0x450 [ 131.593943][ T4032] ? ref_tracker_dir_print+0x160/0x160 [ 131.599205][ T4032] ? futex_wait+0x4b7/0x7e0 [ 131.603548][ T4032] ? avc_policy_seqno+0x1b/0x70 [ 131.608240][ T4032] ? tun_get+0xe9/0x120 [ 131.612223][ T4032] tun_chr_write_iter+0x129/0x210 [ 131.617085][ T4032] vfs_write+0x902/0xeb0 [ 131.621164][ T4032] ? __x64_sys_prctl+0xd0/0xd0 [ 131.625850][ T4032] ? file_end_write+0x1c0/0x1c0 [ 131.630542][ T4032] ? __fget_files+0x2cb/0x330 [ 131.635051][ T4032] ? __fdget_pos+0x204/0x390 [ 131.639476][ T4032] ? ksys_write+0x77/0x2c0 [ 131.643733][ T4032] ksys_write+0x199/0x2c0 [ 131.647897][ T4032] ? __x64_sys_futex+0x100/0x100 [ 131.652668][ T4032] ? __ia32_sys_read+0x90/0x90 [ 131.657267][ T4032] ? fpregs_restore_userregs+0x130/0x290 [ 131.662739][ T4032] __x64_sys_write+0x7b/0x90 [ 131.667161][ T4032] do_syscall_64+0x3d/0xb0 [ 131.671416][ T4032] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 131.677141][ T4032] RIP: 0033:0x7ff7df67bbef [ 131.681394][ T4032] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 b9 80 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 0c 81 02 00 48 [ 131.700839][ T4032] RSP: 002b:00007ff7e032d090 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 131.709082][ T4032] RAX: ffffffffffffffda RBX: 00007ff7df7b3f80 RCX: 00007ff7df67bbef [ 131.716893][ T4032] RDX: 000000000000fdef RSI: 0000000020000780 RDI: 00000000000000c8 [ 131.724703][ T4032] RBP: 00007ff7df6ebff4 R08: 0000000000000000 R09: 0000000000000000 [ 131.732513][ T4032] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000 [ 131.740325][ T4032] R13: 000000000000000b R14: 00007ff7df7b3f80 R15: 00007fffea337658 [ 131.748143][ T4032] [ 131.751000][ T4032] Modules linked in: [ 131.754839][ T4032] ---[ end trace 0000000000000000 ]--- [ 131.760066][ T4032] RIP: 0010:dev_map_generic_redirect+0x90/0x7d0 [ 131.766113][ T4032] Code: f1 f1 00 f2 f2 f2 4b 89 04 26 43 c7 44 26 0f f3 f3 f3 f3 43 c6 44 26 13 f3 e8 ac 07 de ff 48 89 d8 48 c1 e8 03 48 89 44 24 48 <42> 80 3c 20 00 74 08 48 89 df e8 f1 04 25 00 48 89 5c 24 18 4c 8b [ 131.785695][ T4032] RSP: 0018:ffffc9000948f6c0 EFLAGS: 00010246 [ 131.791575][ T4032] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000040000 [ 131.799384][ T4032] RDX: ffffc90007185000 RSI: 000000000000041b RDI: 000000000000041c [ 131.805511][ T4040] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 131.807181][ T4032] RBP: ffffc9000948f818 R08: 0000000000000005 R09: ffffffff8411e7b3 [ 131.807200][ T4032] R10: 0000000000000004 R11: ffff88813a026540 R12: dffffc0000000000 [ 131.830735][ T4032] R13: ffff888126e738c0 R14: 1ffff92001291ee4 R15: 0000000000000000 [ 131.838543][ T4032] FS: 00007ff7e032d6c0(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 131.847301][ T4032] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 131.853796][ T4032] CR2: 0000000020010000 CR3: 0000000110943000 CR4: 00000000003526a0 [ 131.861757][ T4032] DR0: 0000000000000000 DR1: 00000000fec00000 DR2: 0000000000000000 [ 131.869793][ T4032] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 131.877670][ T4032] Kernel panic - not syncing: Fatal exception in interrupt [ 131.885254][ T4032] Kernel Offset: disabled [ 131.889469][ T4032] Rebooting in 86400 seconds..