last executing test programs: 41.572966857s ago: executing program 2 (id=293): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = dup(r1) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, 0x0}], 0x1, 0x69, 0x0, 0x0) ioctl$KVM_SET_CPUID2(r3, 0x4008ae90, &(0x7f0000000040)=ANY=[]) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x100000008}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, 0x0, 0x0) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 19.808215207s ago: executing program 4 (id=333): gettid() mkdir(0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000", @ANYBLOB, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={0x0, r3}, 0x18) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x10, 0x803, 0x0) getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14) sendmsg$nl_route(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000900)=ANY=[@ANYBLOB="8c0000001000370400"/20, @ANYRES32=r6, @ANYBLOB="00000000000000006c0012800e00010069703665727370616e000000580002801400060020010000000000000000000000000002050016000100000014000700fc02000000000000000000000000000004001200050008004b00", @ANYRES32=0x0], 0x8c}}, 0x0) 18.465820821s ago: executing program 4 (id=335): r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f00000006c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000600)={'gretap0\x00', 0x0}) openat(0xffffffffffffff9c, 0x0, 0x183341, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = openat$dir(0xffffffffffffff9c, &(0x7f0000000380)='./file0\x00', 0x20242, 0x0) ioctl$FS_IOC_RESVSP(r5, 0x40305828, &(0x7f0000000140)={0x0, 0x0, 0xffffc, 0x5}) read$FUSE(r0, &(0x7f0000000480)={0x2020}, 0x2020) 16.729922108s ago: executing program 4 (id=336): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./bus\x00', 0x405c, &(0x7f0000000280)={[{@grpid}, {@nobh}, {@data_err_ignore}, {@nolazytime}, {@grpjquota}, {@acl}]}, 0x1, 0x42f, &(0x7f0000000940)="$eJzs289rHFUcAPDvzCat/WViqT+aVo1WMfgjadJae/CiKHhQEPRQjzFJS+y2kSaCLUGjSD1Kwbt4FPwLPOlF1JPgVe9SKJJLq6eV2Z1Jdje7aZJustX9fGCS92be8t53Z97ue/N2AuhZw9mfJGJ/RPweEQO1bGOB4dq/W8uLU38vL04lUam89VdSLXdzeXGqKFq8bl+R6YtIP0viSIt65y9fOT9ZLs9cyvNjCxfeH5u/fOW52QuT52bOzVycOH365InxF05NPN+ROLO4bg59NHf08GvvXHtj6sy1d3/+Ninib4qjQ4bXO/hkpdLh6rrrQF066etiQ9iUUq2bRn+1/w9EKVZP3kC8+mlXGwdsq0qlUnmg/eGlCvA/lkS3WwB0R/FFn81/i22Hhh53hRsv1SZAWdy38q12pC/SvEx/0/y2k4Yj4szSP19lW2zPfQgAgAbfZ+OfZ1uN/9Kovy90b76GMhgR90XEwYg4FRGHIuL+iGrZByPioU3W37xIsnb8k17fUmAblI3/XszXthrHf8XoLwZLee5ANf7+5OxseeZ4/p6MRP/uLD++Th0/vPLbF+2O1Y//si2rvxgL5u243re78TXTkwuTdxJzvRufRAz1tYo/WVkJSCLicEQMbbGO2ae/Odru2O3jX0cH1pkqX0c8VTv/S9EUfyFZf31y7J4ozxwfK66KtX759eqb7eq/o/g7IDv/e1te/yvxDyb167Xzm6/j6h+ft53TbPX635W83bDvw8mFhUvjEbuS12uNrt8/0VRuYrV8Fv/Isdb9/2CsvhNHIiK7iB+OiEci4tG87Y9FxOMRcWyd+H96+Yn3th7/9srin97U+V9N7IrmPa0TpfM/ftdQ6eBm4s/O/8lqaiTfs5HPv420a2tXMwAAAPz3pBGxP5J0dCWdpqOjtd/wH4q9aXlufuGZs3MfXJyuPSMwGP1pcadroO5+6Hg+rS/yE035E/l94y9Le6r50am58nS3g4cet69N/8/8Wep264Bt53kt6F36P/Qu/R96l/4PvatF/9/TjXYAO6/V9//HXWgHsPOa+r9lP+gh5v/Qu/R/6F36P/Sk+T1x+4fkJSTWJCK9K5ohsU2Jbn8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdMa/AQAA//9QOObV") pipe2(&(0x7f0000001440)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) fcntl$setpipe(r0, 0x407, 0x0) ftruncate(0xffffffffffffffff, 0x97a9) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000900)=@file={0x0, '.\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket(0x840000000002, 0x3, 0x100) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000340)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) 13.486910444s ago: executing program 0 (id=342): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000000000000002004000b7080000000000007b8af8ff00000000b7080000000200007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018", @ANYBLOB="0000000000000000b70500000800000085000000a50000009500000000000000"], 0x0, 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000200)={0x8, 0x4}, 0x8, 0x10, &(0x7f0000000240)={0x3, 0x4, 0x7fff, 0x6}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x35, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) syz_clone(0x800c000, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) socket$nl_route(0x10, 0x3, 0x0) r5 = syz_io_uring_setup(0x10d, &(0x7f0000000500)={0x0, 0x40000, 0x0, 0xfffffffc, 0x356}, &(0x7f0000000380)=0x0, &(0x7f0000000280)=0x0) syz_io_uring_submit(r6, r7, &(0x7f00000002c0)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, r4, &(0x7f00000004c0)}) io_uring_enter(r5, 0x3f70, 0x0, 0x0, 0x0, 0x0) 12.020324219s ago: executing program 4 (id=344): syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000040)='./file3\x00', 0x8c0, &(0x7f0000000340)={[{@acl}, {@heartbeat_none}, {@heartbeat_none}, {@coherency_full}, {@coherency_full}, {@coherency_buffered}, {@err_cont}, {@user_xattr}, {@barrier={'barrier', 0x3d, 0x6603}}, {@data_writeback}, {@intr}, {@journal_async_commit}]}, 0x1, 0x442a, &(0x7f0000008940)="$eJzs3c9PHGUfAPBnBvoW+rZ9oW8PfZM3cRObaNQQ6EmliZTSUmixptrGeNkusG3RhW1gMR56wFsTTyYejIdGE2+cGg5e65/gxWM9N9GDFxOTRszuzgIz7IaVsGDr53NgmOc3+5159pnD8MSJyp25pdzcUq6wkCvP3Fo6k/u4XFqeL4Z4nzTt/9D+9U97OnGdHPS190929fzFd2+cCeH72R+frK+vr4eq7tDU0Jbff/v13szWY0OcqVNtt3lre+WDEMLJbeOq6gohvP9dCFEI4VySNpoce0MIx0I978a9z27m9mg0Dx8Xz+afTt1fGz49ufpgrfXfHoXwVel/r92e//nFruGfXtmj7gEAAAAAAAAAAAAAAAAAeMaNX7t6/Z3BofAoCt2r0fb3dceTY6v3Y9f3zAud/2MBAAAAAAAAAAAAAAAAAADgb2rz/f9cdKLJ+/9jyXGkRf31tzo/Rjpn4u2rYxcGh5L936Nt+a8nSb+c6wr9TfZ9z+7/fi5Tv/n+79v72a3G+Br99oUoHkidx/HAQAjfJBu/n4qOxKXyUuXVW+Xlhdk9G8YzKx3/+u79qegkG/q3G//RTPud3///v9uupur5zb27xJ5r6fh3tSz37adRW/E/n6m3H/Fn99Lx766l9W4tMFKfAKrx/7x75/iPZdrvVPyPhxByUXWsudQMUF3DVNNbrVdIS8f/UC0tNXUmH2Sr+//3TPwvZNo/qPl/JftFRFPp+P+rltaTKrF5//fHO9//FzPtH0T8q+Nf8f3flnT8D9cTu1NFap9ku/P/eKb9TsX/epyM83iUugJWo3p6q/9XR1o6/j3b8jef/+K21n+XMvX36/mv0W/j+a8x/b8c1Z//aC4d/96W5dq9/ycy9To9/4/U1n/sVjr+R2pp6bVzX+1nu/GfzLTfqfjXViU9jfhvzid/HK6nf23915Z0/P9dT4y3llip/ayt/6Kd1/+XM+0fxPqvOv6VuLO9Pi/S8T/aslw1/j+08f1/JVOv8/EPYdBaf9fS8T/Wslzt/u/ZOf5TmXqdjv9LnWwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Bkwmhz7QhQPpM7jeGAghPPJ+alwJJouzOanS+WZj5ZCGEvSc+FEdLtUni6U8nML5dlivlAqlWdCuJDknww90VKpXMnPF+5e3GirN7pTLCxWpouFSghhPEn/fzjWaGt6rjJfuBtCuLSR95+4vHj3TmEhPzu3+Obg4OBgmNgYQ39U/KRSXKjUe6/nhjC5Ubcv2jK4WvbljbEcjT4sLy8uFEq19Ctb6pTKM4XSljpTSd4XoT+qLC4vzBQqxXypfLvR30EaSY5jE9feu3ZlaFv+zah+HN3fYQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwFz0afuPLEEJ3/SwOIYw0fomalX/4uHg2/3Tq/trw6cnVB2tPWpUDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+JMdOBAAAAAAAPJ/bYSqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqoq7NIxSgNBFAbgN2Ohdh7DatntbFcU0cIVwRPoMTyMHsVLeIcUKdKmCIFkFsJmF7ZJqu9rHszPzHswDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgHme3ruPt7qJSHG1uYz4+/pfHOYvpf7cj9+/OMOMnM7za/fwWDfl39NRfleOlm3epevV92eM1N7vYE+G+7TX97menGtq36bm6/veRMpVRLQlv005V9W8twAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgyw4cCAAAAAAA+b82QlVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVRV24FgAAAAAQJi/dRR9GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPArAAD///4CHxA=") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8c}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc(&(0x7f00000003c0), 0xffffffffffffffff) sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r3, &(0x7f0000000480)={0x0, 0x0, 0x0}, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) r4 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x80000) ioctl$DRM_IOCTL_DROP_MASTER(r3, 0x641f) r5 = socket(0x10, 0x80002, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x20}) sendmsg$NFT_BATCH(r5, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24008000}, 0x20040884) sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r5, &(0x7f0000000500)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000440)={0x20, 0x0, 0x4, 0x70bd2d, 0x25dfdbfd, {}, [@MPTCP_PM_ATTR_ADDR_REMOTE={0xc, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @broadcast}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x20000004}, 0x4000800) ioctl$DRM_IOCTL_WAIT_VBLANK(r4, 0xc018643a, &(0x7f00000000c0)={0x4000000, 0x6, 0x1}) 10.82034335s ago: executing program 2 (id=309): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp\x00') r2 = socket$inet_tcp(0x2, 0x1, 0x0) connect$inet(r2, 0x0, 0x0) sendto$inet(r2, &(0x7f00000004c0), 0x0, 0x0, 0x0, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r4}, 0x10) pselect6(0x40, &(0x7f00000001c0), 0x0, &(0x7f00000002c0)={0x3ff}, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffea4, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@bloom_filter={0x1e, 0xfff, 0x401, 0x2, 0x81, 0x1, 0x20, '\x00', 0x0, r1, 0x0, 0x4, 0x3, 0x1, @void, @value, @void, @value}, 0x50) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map, 0xffffffffffffffff, 0x26, 0x0, 0x0, @void, @value}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0}, 0x18) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0xb, &(0x7f0000000040)=0x3, 0x4) bpf$MAP_CREATE(0x0, 0x0, 0x0) sendto$inet6(r0, 0x0, 0x1e, 0x2200c851, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c) 10.095020602s ago: executing program 0 (id=348): write$uinput_user_dev(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000180)='./file0\x00', 0x0, &(0x7f0000000600)=ANY=[], 0x5, 0x558b, &(0x7f00000079c0)="$eJzs3EtvG2UXAOAzTtP71y9CLNh1pAopkWqrTi+CFQVacRGtKi4LVuDYruXW9kSx64auumCJWPBPEEisWPIbWMASdogFiB1SkWcmULdJC63jQPs80vjMHL8+874jK9KZiRzAU2sp/e2XJI7FoYhYiIijSeT7SblF3I44X4x9LiKOR0Tlri0p838m9kfE4Yg4Nile1EzKtz47OT5x9uc3f/362wP7jnz+1Xd7unBgTz0fEf31Yv9mv4hZJw93Fsp8Y9zNY//MuIzrUzX6WZG/2V7LK9xsbI1r5PF0pxifrd8YTuLVXqM5iZ3u1Ty/PihOOBx3tupMPpBea2zkx632Wh67wyyPnVvFeTdvFX/bbg1HRZ1WWe+jvHyMRluxyLc328V61q/nsTkYlfmibtZqb07iuIzl6aKZ9Vr5PNYe9Sr/+73VHdzYTMftjWE3G6Rna/UXavVz1fpG1mqP2meqjX7r3Jl0udObDKuO2o3++U6WdXrtWjPrr6TLnWazWq+nyxfaa93GIK3Xa6drp6pnV8q9k+lrl99Le610eRJf6Q5ujLq9YXo120iLT6ykq7XTL66kJ+rpO5eupFfevnjx0pV3P7jw/uWXL73xajnovmmly6unVler9VPV1frKU7T+j8tJ/4P1J9unf/j+8S4bFHb4ggGws/v6/7i3/w/9PzBzD+j/49pD+v/+9fJ4d/r/2Lb/r0z3/zHL/n/SUun/H97/Vvag/10M/f8urh8ey6P1//tnPg8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAObux8UvXs93lorjI2X+f2XqmfI4iYhKRNzZxkLsn6q5UNZZ3GH84j1z+CaJvMLkHAfK7XBEnC+33/+/21cBAAAAnlxf3j7+adGtFy9Lez0h5qm4aVM5+uGM6iURsbj004yqVSYvz86oWP793hebM6qW38A6OKNixS23fbOq9rcsTIWDd4WkCJW5TgcAAJiL6U5gvl0IAAAA8/TJA999aW7zYM6S2HqUufUsOP/P+78eCB6aeg8AAAD4D0r2egIAAADArsv7f7//BwAAAE+24vf/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+YOd+ctMGojgAPxsM/auiqvtepTs4Ro/QZZeFA/QSHIGeoFIvwBmolEWOkIQIe4LkBKRIjHGCvk+ynRlHP88AmzeWBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAu/a9Wsz+/vv4+Mebv7fY0maYDAAAAHLCpVrP6j0nTfp/6P6auz6ldREQZEYdq90GMWpmDlFMd+f/q0Rj+RdQJu/5xOt5FxLd03Hzq+lMAAACAy7VeLKdNtd6c0hLAVb+j4kyaRZvyw/dMeUVEVJPrTGnl7vQlU1j9+x7Gz0xp9QLWm0xhzZLb8PC9Ua6HtA1al4eZzOsvsW6V3TwXAADoU7sSOFKFAAAAcAF+9D0AzuFpaV/sT/v3jOPmkl4Ivm21AAAAgFeo6HsAAAAAQOfq+v8l7f9X2P8PAAAAsmv2/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKBLm2o1Wy+W02P358/MudueJt+MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIB79ucdBUIgDMJg7/rOZO5/WGnQ0NikCoSPvzEYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN787i//J6bGmWTutbH0PJKsnRpbp8beuXH0h/H1awAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYn5cUCIEgiII5438nff/DSoKeQYQIaHhUUYsGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAL/rdL/8npsaZZO60sXQ8kqxdNbauGnsPGkcPxtu/AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYt2PfNqowAOCffbbbFBAhoEgEUJE6wEJTt7R0RQgUMfAnIEWpUwIuhTYDrSJKFjaUuQuCESEkUNjyP3RupC5l65AhSEwMQXe+S8+JoVFp79zm95Oe3+fz9b3vna0qn98ZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKCw9W682szjJH2YHMTFsdvbKwtpv7mnT22s3ZlJWxo3Ks77CfBa+cnx6foSAQAA4PBIivo+Iu621+fSvjmZ1f/t4py05v/huUFc1PN76/7N7ZWj+UszRf3/+2/3XtqdaDLJ5kkHXVzq907tT6X1mJY49p5/4Bmt7Mpn370k2RvS/HD1xa12dj0b39269X4nC49UkS0A8DBOFn0eFH8PpX23zsQAODRapcK7qP+TyXpzAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKjC1mo8U8SNiJhp3Y9Tm9srC6P6b9buzGzk7dzNm2vlMdMh2hGxuNTvnapwLeOruJrXP5vv93tXrl6rOjgeESNeunGwf57k6f/rOZ2IGDpy4uUR43x8gLn2jLMvyD+eUe01nEjX98CTG0NHGvsu+Hs7A3V8AKoKmvn7My75PMqg+Ow9+pEr/u8IAICnXjtvaSV6t70+lx5rTEXs/Dhc/79RimOo7t+5MTgyeL5Rqv/vfXLudnmucv3frWh9T4LZ5UtfzF69dv2tpUvzF3sXe5+/fbr7TvfM+bNnz89m35XMLkbTNyYAAAD8D528lev/5tT+/f9jpTj+Y/+/XP9/+X336/Jcifp/pPubfnVnAgAAcBh1dqMXXv/rz8aIMxqdTnw1v7x8pTt43H1+evBYaboP6UjeyvV/MlV3VgAAAEAVtlYbQ/v/F0pxHHD//9mfXvmlPGYSERMRlyOid3Lhcv9CdcsZa1X8UDmbqFP3SgEAAKjLRN7K+//t7P7/5u4tD82IePNExN/5b/jjgPV/8sG3P5fnKt//f6bSVY6f5vTgemT9dERruu6MAAAAeJodzVta7P/RXp/79NdjH3Xc/w8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQtX8CAAD//4ztMoY=") syz_mount_image$fuse(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea048500000050000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) syz_mount_image$fuse(0x0, &(0x7f0000001040)='./file2\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f00000000c0)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c}) syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000140)='./file0\x00', 0x0, &(0x7f0000000340)={[], [{@subj_user={'subj_user', 0x3d, '{'}}, {@dont_appraise}, {@permit_directio}, {@context={'context', 0x3d, 'system_u'}}, {@flag='sync'}, {@fsname}, {@uid_lt}, {@euid_eq}, {@subj_type={'subj_type', 0x3d, 'ext4\x00'}}]}, 0x25, 0x4b6, &(0x7f0000000540)="$eJzs3c9vVFsdAPDvvW1pKYUWJfFHVBBRNISZdoCGsMKNxhASI3HlAmo7NE1nOk1nirSyKP+DiSSu9E9wYeLChJV7d7pzgwsTVOILfclbzMudmZZSOm3fo8x96Xw+ycm9555hvt/D9J4zPW3nBNC3LkTERkSciIgHETHeuZ50Stxul+xxr189md189WQ2iWbz3n+TVnt2LXb8m8ypznOORMTPfhzxy+TduPW19cWZSqW80qkXG9XlYn1t/epCdWa+PF9eKpWmp6Ynb167UTqyvp6v/vHljxbu/Pwvf/7mi79t/ODXWVpjnbad/ThK7a4PbcfJDEbEnQ8RLAcDnf6cyDsRPpc0Ir4UERez+7+ZdzYAQC80m+PRHN9ZBwCOu7S1Bpakhc5awFikaaHQXsM7F6NppVZvXHlYW12aa6+VTcRQ+nChUp7srBVOxFCS1ada52/qpV31axFxNiJ+M3yyVS/M1ipzeb7xAYA+dmrX/P/RcHv+BwCOuZG8EwAAes78DwD9x/wPAP3H/A8A/cf8DwD9x/wPAP3H/A8AfeWnd+9mpbnZ+fzruUdrq4u1R1fnyvXFQnV1tjBbW1kuzNdq863P7Kke9HyVWm156nqsPi42yvVGsb62fr9aW11q3G99rvf98lBPegUA7Ofs+ef/SCJi49bJVokdezmYq+F4S/NOAMjNQN4JALkZzDsBIDe+xwf22KL3LV1/RejZ0ecC9Mblr1n/h35l/R/6l/V/6F/W/6F/NZuJPf8BoM9Y4wf8/B8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+u7FWSdJCZy/wsUjTQiHidERMxFDycKFSnoyIMxHx9+Gh4aw+lXfSAMB7Sv+ddPb/ujx+aWx364nk4+HWMSJ+9bt7v30802isTGXX/7d9vfGsc72UR/4AwEG25umteXzL61dPZrdKL/N5+cP25qJZ3M1OabcMxmDrOBJDETH6/6RTb8verwwcQfyNpxHx1b36n7TWRiY6O5/ujp/FPt3T+Olb8dNWW/uY/V98+QhygX7zPBt/bu91/6VxoXXc+/4faY1Q729r/Nt8Z/xLt8e/gS7j34XDxrj+1590bXsa8fXBveIn2/GTLvEvHTL+P7/xrYvd2pq/j7gce8ffGavYqC4X62vrVxeqM/Pl+fJSqTQ9NT1589qNUrG1Rl3cWql+139uXTmzX/9Hu8QfOaD/3z1k///wyYNffHuf+N//zt6v/7l94mdz4vcOGX9m9E9dt+/O4s916f9Br/+VQ8Z/8a/1uUM+FADogfra+uJMpVJecdKzk+y92xcgDSe5nWRfAUfxPF/5gKnmPTIBH9qbmz7vTAAAAAAAAAAAAAAAgG568QdPefcRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA4+vTAAAA//+0tdao") r4 = fspick(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r4, 0x7, 0x0, 0x0, 0x0) 9.605692244s ago: executing program 2 (id=349): mkdir(&(0x7f0000000000)='./file0\x00', 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000108500000075000000a50000002300000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r0}, 0x10) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r1 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x123201, 0x0) ioctl$SNDCTL_DSP_GETISPACE(r1, 0x8010500d, &(0x7f0000000000)) r2 = semget$private(0x0, 0x7, 0x0) semop(r2, &(0x7f0000000000), 0x0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sysvipc/sem\x00', 0x0, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r4, 0x29, 0x4e, 0x0, 0x0) sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x38}}, 0x0) r5 = dup(r4) bind$unix(r5, &(0x7f00000001c0)=@abs={0xa, 0x2}, 0x6e) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xd, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bind$unix(0xffffffffffffffff, 0x0, 0x0) read$FUSE(r3, &(0x7f0000001580)={0x2020}, 0x2020) getpid() bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000200)=@framed, &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffe3c, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) mount$afs(0x0, &(0x7f0000002840)='./file0\x00', &(0x7f0000002880), 0x0, &(0x7f0000000040)={[{@dyn}]}) 9.276649502s ago: executing program 2 (id=352): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) openat(0xffffffffffffff9c, 0x0, 0x103042, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, 0x0, 0x0) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32=r3, @ANYBLOB="0000000000000000b70200001400894fb7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b7000000"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x2d) r5 = syz_open_procfs(0x0, &(0x7f0000000180)='pagemap\x00') r6 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x0) mmap(&(0x7f000001a000/0x3000)=nil, 0x3000, 0xf, 0x11012, r6, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) pread64(r5, &(0x7f000001a240)=""/102400, 0x19000, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) 8.980508947s ago: executing program 3 (id=353): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1) syz_mount_image$hfsplus(&(0x7f0000000600), &(0x7f0000000080)='./file0\x00', 0xa00010, &(0x7f0000000700)=ANY=[@ANYBLOB='nodecompose,decompose,nobarrier,gid=', @ANYRESHEX=0xee01, @ANYBLOB="2c6e6c733d69736f383835392d310000000072726965722c00bcd0f0b5c4e2957974ff5d7ea3c3dcee087e4983684e8a4c4e4e87b134e30ce77162b12885b964b3506ff3eae0f3599447b17861d19be78079e5dd7bdc7f1eb36e31ac14de48349767164f5f6431bbdeaef96a4f2bce64b5cfa76ce3a2c4302374bc5535d7e2eb8dfb2e5d58a37b7e37836597c21f51bcdf6df4cad825cfd9ef5ee9e89e04b15cd3cea9e152d67b9a7eedc5dfe6d85a3ce7c342da8cc969b552197cb8bcc4a1009f38f4a85b7c742101ba5bc03115feca2b994c699812"], 0x6, 0x635, &(0x7f0000000c80)="$eJzs3c1rHOcdB/DvrFZryQVHSezELYGKGNJSUVsvKK16iVtK0SGUkB56FrYcC6+VIClFCaWo79BTD/kD0oNuPRV6N6Tn9parjoFCLznppjKzs9LaWil6s1ZqPx/z7PM888w888xvZ2Zndi0mwP+t+Yk0n6TI/MTb62V9a3OmvbU5c6Vubicpy42k2clSLCfFZ8nddFK+Xk6s5y8OWs8nS3Pvfv7l1hedWrNO1fyNw5Y7mo06ZTzJUJ0/o/Wn4/Q33CmU/dzr398xFLtbWAbsVjdwMGg7+2wcZ/FTHrfARVB0Pjf3GUuuJhmprwNSnx0a5zu6s3essxwAAABcUi9sZzvruTbocQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBlUj//v6hTo1seT9F9/n+rnpa6fKk9GfQAAAAAAAAAAOAMfHM721nPtW59p6h+83+9qlyvXr+WD7OaxazkdtazkLWsZSVTScZ6OmqtL6ytrUwdYcnpvktOn8/2AgAAAAAAAMD/qN9kfu/3fwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGKShOi86xaJO17vlsTSaSUaStMr5NpJ/dcuXRNFv4pPzHwcAAACcysgJlnlhO9tZz7Vufaeo7vlfqe6XR/JhlrOWpaylncXcr++hy7v+xtbmTHtrc+Zxmfb3+8P/HGsYVY+7X0P0W/PNao7RPMhSNeV27lWDuZ9GtWTpZnc8/cf163JMxVu1I47sfp2XK/vzQd8iDMRYFZHh3YhM1mMro/Hi4ZH4yneneeiaptLY/ebn+nOI+dU6L7fnDxcz5o1UkZju2fteOTwSybf+/tefP2wvP3r4YHXi4mzSCT27T8z0ROLVSx2J5jHnn6wicWO3Pp+f5GeZyHjeyUqW8ossZC2L2anbF+r9uXwdOzxSd5+qvfNVI2nV70vnLHqUMY3nx1VpIa9Xy17LUoq8n/tZzJvVv+lM5XuZzWzmet7hGweOu9q26qhvHO+ov/XtujCa5I91Pmidj9Qyri/2xLX3nDtWtfVO2YvSS2d/bmx+oy6U6/htnV8Mz0ZiqicSLx8eib9Ux8Zqe/nRysOFDw7of+OZ+ht1Xu5xv79QnxLl/vJSRuozydN7R9n28u5Z5ul4tepfXDptjX1tN6q2ougeqT898Eht1ddw+3uartpe7ds2U7Xd7Gl76nor76e9ez0EwAV29TtXW6P/Hv3n6Kejvxt9OPr2yI+ufP/Ka60M/2P4B83JoTcarxV/y6f51d79PwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcHKrH338aKHdXlzpX2gc3HS2haJ+kM95rEth0IXuQwRP3eHdC7E5l7owlKRfU/0WneThosClcGft8Qd3Vj/6+LtLjxfeW3xvcXl4dnZucm72zZk7D5bai5Od10GPEnge9j70+7cXF+oBmwAAAAAAAAAAAECO9vc2O/X//zvxXxoMehsBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAy21+Is0nKTI1eXuyrG9tzrTL1C3vzdlM0mgkxS+T4rPkbjopYz3dFW8dsJ5Plube/fzLrS/2+mpW85ed1vkpbNQp40mG6vys+rt36v6K3S0sA3arGzgYtP8GAAD//+IHAOM=") r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='mounts\x00') read$FUSE(r1, &(0x7f000000c1c0)={0x2020}, 0x2020) r2 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r3 = dup(r2) ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x8000000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, "898a4d6828f0fa48a23d3b9d96a7aba4383b44eda799840adeb6e5d7aa373461676f3aee3619557355fcbc081c158492d881e60085fa46cb2fd6231f75580fb0", "ec988646b226dff7bbfa4b3c9f7101f65dbf1d7a4693c9f597bf78f96b6fc252b1dc53394dbae226abd4e6ffdaaf4b399a57aefcec52b618377d046a0ff13fc0", "9ff6856c7bee6edfe8b2d7e6b397a1722c6a41411fd1d23a9d6fe1b436557677"}) ioctl$PTP_EXTTS_REQUEST2(r3, 0x40603d07, &(0x7f0000000040)) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000040)={'netdevsim0\x00', &(0x7f0000000000)=@ethtool_pauseparam={0x13, 0x80000000}}) 8.918116052s ago: executing program 1 (id=354): setregid(0x0, 0xee01) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f0000000000)={0x3, 0xfff, {}, {0xee01}, 0x9, 0x7fffffffffffffff}) syz_mount_image$fuse(&(0x7f0000000080), &(0x7f0000002080)='./file0\x00', 0x0, &(0x7f00000020c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id', 0x3d, r1}}, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r3, &(0x7f0000000000)=ANY=[@ANYBLOB="1500000065ffff"], 0x15) r4 = dup(r3) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000240), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r4]) write$FUSE_BMAP(r4, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r4, &(0x7f0000000280)=ANY=[@ANYBLOB="b0"], 0xb0) write$FUSE_NOTIFY_RETRIEVE(r4, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000180)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) chdir(&(0x7f0000000000)='./file0\x00') r5 = socket$unix(0x1, 0x5, 0x0) bind$unix(r5, &(0x7f0000000200)=@file={0x1, './file0\x00'}, 0x6e) r6 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r6, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r7) lstat(&(0x7f0000002600)='./file0\x00', 0x0) listxattr(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) 8.569946432s ago: executing program 1 (id=355): bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb70300000200"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) prlimit64(0x0, 0xe, 0x0, 0x0) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f00000004c0)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r4, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$NFQNL_MSG_CONFIG(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x40, 0x2, 0x3, 0x301, 0x0, 0x0, {0x7, 0x0, 0xa}, [@NFQA_CFG_QUEUE_MAXLEN={0x8, 0x3, 0x1, 0x0, 0x66}, @NFQA_CFG_CMD={0x8, 0x1, {0x2, 0x0, 0x22}}, @NFQA_CFG_MASK={0x8, 0x4, 0x1, 0x0, 0x8}, @NFQA_CFG_PARAMS={0x9, 0x2, {0x8, 0x2}}, @NFQA_CFG_CMD={0x8, 0x1, {0x1, 0x0, 0x29}}]}, 0x40}, 0x1, 0x0, 0x0, 0x4000}, 0xc4) 8.412422045s ago: executing program 3 (id=356): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000001040)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xe, &(0x7f0000000440), 0x3, 0x440, &(0x7f00000006c0)="$eJzs28tvG8UfAPDvrpP019cvoZRHH0CgICIeSZMW6IEDIJA4FAkJDnCMkrQqdRvUBIlWFRSEygkhJO6II/8CJ7ggxAmJK9xRpQr10paT0dq7ie3YbuLaNcWfj7TtzO5sZr7eHXtmxw5gaE1m/yQRuyLi94gYr2UbC0zW/rtx7eLCzWsXF5KoVN76K6mWu37t4kJRtDhvZ56ZSiPSz5I40KLelfMXTs+Xy0vn8vzM6pn3Z1bOX3j21Jn5k0snl87OHTt29MjsC8/PPdeTOLM2Xd//0fLBfa+/+9Ubx79oiL8pjh6Z7HTwiUqlx9UN1u66dDIywIawJaWIyC7XaLX/j0cp1i/eeLz26UAbB/RVpVKp7Gx/+FIF+A9LojGvy8OwKD7os/lvsTUPAl7q3/Bj4K6+XJsAZXHfyLfakZFI8zKjTfPbXpqMiHcu/f1NtkV/nkMAADT4IRv/PNNq/JfG/XXl/p+vDU1ExD0RsSci7o2IvRFxX0S17AMR8eAW629eJNk4/kmvdBXYJmXjvxfzta3G8V8x+ouJUp7bXY1/NDlxqrx0OH9NpmJ0W5af7VDHj6/+9mW7Y/Xjv2zL6i/Ggnk7roxsazxncX51/nZirnf1k4j9I63iT9ZWApKI2BcR+7us49RT3x1sd+zW8XfQg3WmyrcRT9au/6Voir+QdF6fnPlflJcOzxR3xUa//Hr5zXb131b8PZBd/x0t7/+1+CeS+vXala3XcfmPz9vOabq9/8eSt6vpsXzfh/Orq+dmI8aS47VG1++fWz+3yBfls/inDrXu/3ti/ZU4EBHZTfxQRDwcEY/kbX80Ih6LiEMd4v/5lcff6z7+/sriX9zS9V9PjEXzntaJ0umfvm+odGJD/Dc7X/+j1dRUvmcz73+baVd3dzMAAADcfdKI2BVJOr2WTtPp6dr35ffGjrS8vLL69InlD84u1n4jMBGjafGka7zueehsPq0v8nNR+2pBkT+SPzf+urS9mp9eWC4vDjp4GHI72/T/zJ+lQbcO6Du/14Lhpf/D8NL/YXjp/zC8WvT/7YNoB3Dntfr8/3gA7QDuvKb+b9kPhoj5Pwwv/R+Gl/4PQ2lle9z6R/IdE8Vf6vJ0ibs0Eem/ohkSfUoM9n0JAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgV/4JAAD//3sE4iY=") r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0, r0}, 0x18) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ptrace$ARCH_GET_CPUID(0x1e, 0x0, 0x0, 0x1011) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000640)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000040)='kmem_cache_free\x00', r4}, 0x10) r5 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$GIO_UNIMAP(r5, 0x5605, 0x0) r6 = syz_open_dev$usbfs(0x0, 0x74, 0x101301) ioctl$USBDEVFS_IOCTL(r6, 0xc0105512, &(0x7f0000000200)) 8.293787645s ago: executing program 4 (id=357): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f00000003c0)=ANY=[@ANYBLOB, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000040)='./bus\x00', 0x1808014, &(0x7f0000000600)=ANY=[@ANYBLOB="66617374626f6f742c71756f7461002018bbdecde39739fcd1df176dde746ec834120600000000003b048000ecffffff0072462abc30ef5b65c70f73ecea54b5e5bec5aca9836c319f653557e79a002208ceae6dda659bd5ba0f4ce5c2080002223dc60000000000000044cd0a1e36868736000000f6a55493b4b81d5b9fa9b40fe4d76afc3a989c6d60044e89eb96e44d01a1174e3797ffa86870b82939f41ffa0f3d726f085663c29cbdc4c766a7eb77cc369c71e57fafab52f325ca91e684160191acf5ae7469c82ab4145b595b987d75912afdcc1c061835294cc0c618aba204f8adaa20c80108d356cd887ba217c8f569e6d0caf75052a77056b06e7068c40f807d9e539f8f5b64a8ee0725aa8d00000000007cb6ac0d90ea79b8027cf75964dd86c2ed2b5e75779677a28c76b848dd03dab190b5f02ec52830f3ff01eaae1c3df076000000000000000000000000000083a48a6b926c668b9ba42490175018ea3619f9d80a0b894e212178e1a19909d764666264fa29e2c055fd7f8e67c2acfb75f0a8d41692f4542a575ee42ed94a0014fba44985cca9df12fe93bfaccf0122a6e7e593613ac011170182f99766e86fb125cc6799c43aa4dc708dc4a00a6decad26f0378072a571da000000aec3dfbae348b5b494f6fddb9f56142a47a40ef81690a7eca421bd0ad198afa58ce69d61c29deaa93c0efea0f1415e90fd0400bad5f796374bb196e60e537b8ffca80a5ec3c5c063aab2c87a7824c4fbfab7264185e1b2e59012acbf3732abe75b848de8ec4aaba2e3c8cd14dd9bf9499952815b9fb34057a585a9c18a11f3d496825b3fcb0c8aa89e079fd78997da864b302139b2b10597100846b55f7d0b050b7b0ef7e9c897c50b53404acdd701425323201b33465fddec69c37cb13fd441a830af5ea73f4ac82d7926eb0db1141003d148473077a76c3bee7e37dc799abb47bd67cde7958c50fb2d15c9cc196e4bff1d00"/716], 0x5, 0x559b, &(0x7f0000001480)="$eJzs3M2LG/UbAPBnst2+//or4sFbB4qwC01oti/oyaotarGl+HLwpNkkDWmTzLJJ07WnHjyKB/8TUfDk0b/Bgx71IIgHRfAgVDIzW5q2ttomu+76+cDkmXnmm2e+32lZeGYgAfxnHU1/+yWJI3EgIhYi4nAS+X5SbhG3I84VY5+LiGMRUblnS8r83cTeiDgYEUcmxYuaSXnq0xPj42d+vvjrV9/s23Posy+/3daFA9vq+YjorxX7N/tFzDp5uLNQ5hvjbh77p8dlXJuq0c+K/M32al7hZmNzXCOPpzrF+GztxnASr/YazUnsdK/m+bVBccHhuLNZZ/KF9FpjPT9utVfz2B1meezcKq67cav423ZrOCrqtMp6H+blYzTajEW+vdEu1rN2PY/NwajMF3WzVntjEsdlLC8XzazXyuex+qR3+d/vze7gxkY6bq8Pu9kgPVOrv1Crn63W17NWe9Q+XW30W2dPp0ud3mRYddRu9M91sqzTa9eaWX85Xeo0m9V6PV06317tNgZpvV47VTtZPbNc7p1IX7v8btprpUuT+Ep3cGPU7VXiaraeFt9YTldqp15cTo/X07cvXUmvvHXhwqUr77x//r3LL19649Vy0APTSpdWTq6sVOsnqyv15R23/mH6pOv/qJz0P1h/UsaL0+nvv3u62waFZLsnALDzPND/x/39f+j/gZl7RP8f1x7T//evl8fz6f/jof1/Zbr/j1n2/5OWSv//+P63sg3972Lo/+e4fngqT9b/7535PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2HI/LH7+er5ztDg+VOb/V6aeKY+TiKhExJ2HWIi9UzUXyjqLfzF+8b45fJ1EXmFyjX3ldjAizpXbH/+f910AAACA3euL28c+Kbr14qN8BHBfN88uVfwzVw5/MKN6SUQsHv1pRtUqk49nZ1Qs//+9JzZmVC1/gLV/RsWKR257ZlXtb1mYCvvvCUkRKls6HQAAYEtMdwKP6kJub8l8AAAAmJePH3n2pS2bB3P0+48P5pLYfJV595X/viKULwQPTJ0DAAAAdqBkuycAAAAAzF3e//v9PwAAANjdit//AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgT3buJjdxGAoA8EsgMMyPBo3mQLODY8wRZjlbuApH4AaVegHOQKUueoS2VCQuUlqQkHCgRd8nxWAHnm3I5tmSAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALp0Vy2no9PD3DxtTpNjLgAAAMB+62o5rd+Mm/q31P4jNf1K9SIiyojYl7v3YtCK2UtxqgOfr96M4TaijrBtH6bra0T8Sdfjz65/BQAAALheq/li0mTrTZGWAO6P+e6w05FxBs2iTfn9b6Z4RURU44dM0cpt8TtTsPr57sf/TNHqBawvmYI1S279/fcGuTpp67VeXmcyq//EulZ20y8AAHBJ7UzgQBYCAADAFfh36QFwDu9T+2JX7PYZ065+2hActWoAAADAJ1RcegAAAABA5+r8/yOd/1c4/w8AAACya87/AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoEvrajldzReTQ/dnR8Z53pwm34wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOCF/XlHgRAIgzDYu74zmfsfVho0NDapAuHjbwwGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3vzuL/8npsaZZO61sfQ8kqydGlunxt65cfSH8fVrAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC725yUFQiAIomDO+N9J3/+wkqBnECECGh5V1KIBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAv+t0v/yemxplk7rSxdDySrF01tq4aew8aRw/G278BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC727acnjjIMAPizO+y0VI2IhkTU1KQHvVi6ra29GqMhHvwIJoQuFd1apRxsQ6xcvBnOvRg9GmOiwRvfoeeS9FJvPXDAxJMHzMzO0FlYLal2hsrvl7z7Pjs7vP+YEJ55ZwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAobb0dL7eLOMleJgZxeezO9sp8Vm/uqTMba3ens5LFrZrH/QR4pfrm5FRzAwEAAODoSMr8PiLuddZns7o9kef/nfKcLOf/7plBXObze/P+ze2V48VH02X+/+sv91/Y7WgiyfvJGl1Y7PfO7B/K2GOa4qH37EPPGMtXPr/3kuS/kPb7q89vdfL1bH1z+/a7aR4eq2O0AMCjOF3WRVD+P5TV3SYHBsCRMVZJvMv8P5lodkwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAddhajafKuBUR02MP4szm9sr8qPqrtbvTG0W5cOvWWrXNrIlORCws9ntnapzL4VWu5o1P5vr93tK163UHJyNixEc3D/bjSTH8vz0njYihI6deHNHOhwfoa087+4Li8ox613A8m99DT24NHWntW/B3dgaauAD6vaW0jqVrF500McHHHZTX3n/fco1/igAAOBI6Rcky0Xud9dnsWGsyYuf74fz/tUocQ3n/zs3BkcH7jUr+f/+jC3eqfVXz/25N83sSzCxf+Wzm2vUbbyxembvcu9z79M2z3be65y6eP39xJr9XMrMQbXdMAAAA+BfSolTz//bk/v3/E5U4/mH/v5r/f/5t98tqX4n8f6QHm35NjwQAAOAoSnej51794/fWiDNaaRpfzC0vL3UHr7vvzw5eax3uIzpWlGr+n0w2PSoAAACgDlurraH9/0uVOA64///0Dy/9VG0ziYjxiKsR0Ts9f7V/qb7pHGp1fFE57yhteqYAAAA0Zbwo1f3/Tv78f3v3kYd2RLx+KuLP4jv8ccD8P3nv6x+rfVWf/z9X6ywPn/bUYD3yeipibKrpEQEAAPB/drwoWbL/W2d99uOfT3yQev4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoG5/BQAA///mvC9s") mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) personality(0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x89}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x4e, &(0x7f0000000040)=0x5) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r3}, 0x10) r4 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000000)={0x2000, 0x3001}, 0x4) 7.069526839s ago: executing program 1 (id=358): bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, r0}, 0x18) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x804810, &(0x7f0000000a40), 0x26, 0x756, &(0x7f00000002c0)="$eJzs3M1rXOUaAPDnnGaafuTeyYUL9+pChBZaKD1Jmk27aty4KxQKbmtITkLISSZkJrUTC7auhdpsFARR1y7dCqX+Ae6koOBeEK1xIW5GzuSjNGam0ybpSPr7wcl53vP1vE/m8GYO5D0BvLReL38kEUMRcTUiqpvb04g42o6ORdzeOG790a2pckmi1br2S1KeFuut6va1ks31yWifEv+PiAeViHPv/z1vvbk6P1kU+fJme6SxsDRSb66en1uYnM1n88Wx8UujF8fHL46OP7WG//VY6+m3Lh2/9+2ba2vffdW4+9rA+SQm2nXHZm09XuaZbPxOKjGxY/viQSTro6TfHQAAoCfl9/wjETHQ/pZajSPtCAAAADhMWoMtAAAA4NBLot89AAAAAA7W1v8BbM3tPah5sJ38/EZEDO+Wf6A9hzjiWFQi4sR68sTMhGTjNNiT23ci4v7Ezvvvi/IOu73Ha4/uaD85R/roHq/Ofrhfjj8Tu40/6fb4E7uMPwNb707Yo87j3+P8RzqMf1d7zPH1p69UOua/E/HqwG75k+38SYf8b/eY/+7aB/c67Wt9HnFm178/yRO5urwfYmJmruj6+oEHf5592K3+E53yJ93rX+qx/nfXf5vvNJaU+c+e6v7575a/vCc+3OxHGhH3Ntdle21HjlML33/Trf7piNbzfP6f9Vj/j18O3uzxUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGhLI2IokjTbjtM0yyJORsR/40Ra1OqNczO1lcXpcl/EcFTSmbkiH42I6kY7Kdtj7fhx+8KO9nhE/OeH4xtJ54o8m6oV0/0uHgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgG0nI2IokjSLiDQifq+maZZFDPRw7uAL6B8AAACwT4b73QEAAADgwHn+BwAAgMPveZ//k33uBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHCoXb1ypVxa649uTZXt6RvNlfnajfPTeX0+W1iZyqZqy0vZbK02W+TZVG3hadcrarWlsUuxcnOkkdcbI/Xm6vWF2spi4/rcwuRsfj2vvJCqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeFZD7SVJs4hI23GaZlnEvyJiOCrJzFyRj0bEvyPiYbUyWLbH+t1pAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9l29uTo/WRT5skAgeGHBexHxD+hGl6DfIxMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP1Qb67OTxZFvlzvd08AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADor/SnJCLK5Uz19NDOvUeTP6rtdUS888m1j25ONhrLY+X2X7e3Nz7e3H6hH/0HAACAl8LlZzl46zl96zkeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgV/Xm6vxkUeTLewsuR3O1lXQ4pt81AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAz+evAAAA//8KQsc4") chdir(&(0x7f0000000240)='./file0\x00') r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0) r2 = openat$sysfs(0xffffff9c, &(0x7f0000000040)='/sys/kernel/notes', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) finit_module(r2, 0x0, 0x0) ioctl$FS_IOC_ENABLE_VERITY(r1, 0x40806685, &(0x7f0000000a80)={0x1, 0x2, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0}) 6.143640868s ago: executing program 0 (id=359): r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x101) socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$tipc(0xffffffffffffffff, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0xe0, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000300)=[0x0, 0x0, 0x0, 0x0], 0x0, 0x0, 0x5b, 0x0, 0x0, 0x10, &(0x7f0000000400), &(0x7f00000004c0), 0x8, 0xa9, 0x8, 0x0, 0x0}}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r4, &(0x7f0000000080)={0x2, 0x4e20, @loopback}, 0x10) sendto$inet(r4, &(0x7f0000000780)='+', 0xffc3, 0x0, 0x0, 0x0) 6.080134283s ago: executing program 3 (id=360): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r3, &(0x7f0000000440), 0x10) listen(r3, 0x0) r4 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r4, &(0x7f0000000100)={0x28, 0x0, 0x0, @local}, 0x10) writev(r4, &(0x7f00000002c0), 0x0) r5 = accept4$unix(r3, 0x0, 0x0, 0x0) recvmmsg(r5, &(0x7f0000001680), 0x0, 0x2, 0x0) recvmsg(r5, 0x0, 0x4c2103a0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0}, 0x18) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) 5.905960768s ago: executing program 1 (id=361): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001a80)=ANY=[@ANYBLOB="0e000000040000000800000008", @ANYBLOB], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='ext4_request_blocks\x00', r1}, 0x10) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') fchdir(r4) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000240)={'syzkaller1\x00', @link_local}) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) r5 = inotify_init1(0x0) fcntl$setown(r5, 0x8, 0xffffffffffffffff) fcntl$getownex(r5, 0x10, &(0x7f0000000140)={0x0, 0x0}) r7 = syz_open_procfs(r6, &(0x7f0000000600)='fd/4\x00') ioctl$EXT4_IOC_GROUP_EXTEND(r7, 0x40305839, &(0x7f0000000240)) 5.001645055s ago: executing program 3 (id=362): syz_open_dev$sg(&(0x7f0000002d00), 0x0, 0x103802) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) openat$sndseq(0xffffffffffffff9c, 0x0, 0x0) syz_init_net_socket$llc(0x1a, 0x802, 0x0) bind$llc(0xffffffffffffffff, 0x0, 0x0) r3 = socket$inet6(0xa, 0x806, 0x0) bind$inet6(r3, &(0x7f0000000080)={0xa, 0x4e23}, 0x1c) listen(r3, 0xfffffffd) r4 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r4, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) r5 = accept4(r3, 0x0, 0x0, 0x0) sendmmsg(r5, &(0x7f0000001500), 0x588, 0x0) 4.134965359s ago: executing program 3 (id=363): bpf$PROG_LOAD(0x5, 0x0, 0x0) socket(0x10, 0x803, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6) sendmsg$xdp(0xffffffffffffffff, 0x0, 0x0) r3 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000009c0)={'vcan0\x00', 0x0}) r5 = socket$can_j1939(0x1d, 0x2, 0x7) bind$can_j1939(r5, &(0x7f0000000400)={0x1d, r4, 0x0, {0x0, 0xf0}}, 0x18) sendmsg$can_j1939(r5, &(0x7f00000001c0)={&(0x7f0000000040), 0x18, &(0x7f0000000180)={&(0x7f00000000c0)="92", 0x1a000}}, 0xee) 3.598199415s ago: executing program 4 (id=364): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @remote, 0x12}, 0x1c) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r3, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r4, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r5, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r6, 0x0) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r7, 0x0) r8 = socket$netlink(0x10, 0x3, 0x8000000004) r9 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r9, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setreuid(0x0, r10) writev(r8, &(0x7f0000000040)=[{&(0x7f0000000200)="580000001400192340834b80040d8c560a0677bc45ff810500000000000058000b480400945f64009400050028925a01000000000000008000f0fffeffe809000000fff5dd0000001000010002081000418e00000004fcff", 0x58}], 0x1) 3.558293917s ago: executing program 2 (id=365): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x40000000000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0) ioctl$FS_IOC_ENABLE_VERITY(r2, 0x40286608, &(0x7f0000000140)={0x1, 0x0, 0x1000, 0x2, 0x0, 0x0, 0x0, 0x0}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) syz_emit_vhci(0x0, 0x22) syz_emit_vhci(&(0x7f0000000200)=@HCI_EVENT_PKT={0x4, @hci_ev_le_meta={{0x3e, 0xd}, @hci_ev_le_ltk_req={{}, {0x0, 0x4, 0x1000}}}}, 0x10) syz_read_part_table(0x5fd, &(0x7f0000001a40)="$eJzs2z9olGccB/DvxVzOP9B0cHKpcegkFMXRDFWSU7EQTqUQHLS1iJgpQuCkhwc6tBkUM0jHLlK4ReNkzOBQFIXORRxahAwuBV2kdshbrvc2rfaPR8kNxc9n+T338rvn+/zgWZ/wvzaUarkqar+VDz751/5i9I91O8c6E5MHi6IojiaVHE81Y9++s5hkOK/umh1JRv60z/WvNy9/+fxAtfP4yIv3T9ybH1rbs5Z3k2wZeePRa/1PyaDcGL8/evHSbP1y90e9tbL6cXLz2URj6fD8wuKh6v5T3e8Xkgdlf+9ibMq5NHM+Z3Ny+L+kVl7Jb3fzm+NnHtVbK191nuxa3Vbv3D699+X25St3dydz3Yip1/6XN9+vvqzNX+bPjV2dXmjt23lr67U9zTsPG083/Fz0lJHV9ckFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAwbozfH714abZ+uTl+5lG9tfLF9999dPPZRGPp8PzC4qGR/afKvgdlHS7ruTRzPmdzMjOZyWeZ7T9yuvKP+b9sTp7sWt1W79w+vffl5PKVu7vLvqn1GPZvvD7/3NjV6YXWvp23tl7b07zzsPF0Q69vppZPU+2tawM6CwAAAAAAAAAAAAAAAAAAAG+vicmD26c+bBxNKjm+MclPnw91vxflI/ff3+rvKOsPtWRTkusbk/bzA9XO4yMvRk7cm/+x7G+nlnaSLd8sHUveW8u58JfkyqBHow+/BgAA//8hVpWc") bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r5}, 0x10) syz_emit_vhci(&(0x7f0000000200)=ANY=[@ANYBLOB="040e044305"], 0x7) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x800000009) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x2, &(0x7f0000000400)=[{0x28, 0x0, 0x0, 0x7ffff024}, {0x6}]}, 0x10) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000380)=0xffffffffffffffff, 0x12) 3.546150499s ago: executing program 0 (id=366): prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000580)=0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) dup(0xffffffffffffffff) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r2, 0xc0502100, &(0x7f0000000680)) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x4, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x6, 0x400, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x9, 0x2, 0x56d, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000002c0)="223c525c73635d57c27d4553590622f2a2217660e66775418be6b4380e1b41e910ea32e1100e30636db209d96252c62b4efd8c2de12554c5cf2dd4e7c6786a15cb66b3ce564eaf0d8d4f7a8546159f561a3bb6b1d88e2245e26b63b239145ac681b538b0691ed676843fe038cd100229424540ad688f16938158c4c2e03cf67d160af13f1e18c0817a0698a36e8c24c0067a0d0cade1579fc471717bf8279b9cb453b3bced641f55bdec6a68544d", &(0x7f00000005c0), 0x1000, r3}, 0x38) 2.397526406s ago: executing program 1 (id=367): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) pread64(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x3ffffffffffffda, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') fchdir(r4) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a"], 0x50}}, 0x0) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) r5 = inotify_init1(0x0) fcntl$setown(r5, 0x8, 0xffffffffffffffff) fcntl$getownex(r5, 0x10, &(0x7f0000000140)={0x0, 0x0}) r7 = syz_open_procfs(r6, &(0x7f0000000600)='fd/4\x00') ioctl$EXT4_IOC_GROUP_EXTEND(r7, 0x40305839, &(0x7f0000000240)=0x28084) 1.483434714s ago: executing program 0 (id=368): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff0000, @void, @value}, 0x94) r3 = socket$vsock_stream(0x28, 0x1, 0x0) getsockopt(r3, 0x28, 0x6, &(0x7f0000000100)=""/81, &(0x7f0000000080)=0x51) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007ed, 0x0, 0x5c) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) setuid(0x0) write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000040), 0x12) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_DEL_NAN_FUNCTION(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000300)={0x20, r4, 0x400, 0x70bd29, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x401, 0x41}}}}}, 0x20}, 0x1, 0x0, 0x0, 0x800}, 0x880) 1.357647645s ago: executing program 2 (id=369): r0 = socket$nl_rdma(0x10, 0x3, 0x14) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) socket$inet6_sctp(0xa, 0x5, 0x84) socket$inet6_sctp(0xa, 0x1, 0x84) shutdown(0xffffffffffffffff, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x7c8) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r4, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) syz_emit_ethernet(0x2a, 0x0, 0x0) sendmsg$RDMA_NLDEV_CMD_PORT_GET(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000003c0)={0x10, 0x1405, 0x1}, 0x10}}, 0x0) 1.277870281s ago: executing program 3 (id=370): syz_open_dev$tty20(0xc, 0x4, 0x0) r0 = syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000280)='mnt\x00', 0x4, &(0x7f00000006c0)={[{@noblock_validity}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x4}}, {@errors_continue}]}, 0x0, 0x236, &(0x7f0000000300)="$eJzs3TFoM2UcBvDnLomf/b4gVRdBUEFEtFDqJrjURaEgpYgIKlREXJRWqC1urZOLg84qnVyKuFkdpUtxUQSnqh3qImhxsDjoELlcK9VGFFNz8t3vB5fcJe97//e4e95kOS5Aa00nmU/SSTKTpJekON/grnqZPt3cntpfTgaDx38shu3q7dpZv2tJtpI8mGSvLPJiN9nYffro54NH731jvXfPe7tPTU30IE8dHx0+dvLu4usfLjyw8fmX3y8WmU//D8d1+YoRn3WL5Jb/otj/RNFtegT8E0uvfvBVlftbk9w9zH8vZeqT9+baDXu93P/OX/V964cvbp/kWIHLNxj0qt/ArQHQOmWSfopyNkm9Xpazs/V/+K87V8uXVtdemXlhdX3l+aZnKuCy9JPDRz6+8tG1P+X/u06df+D6VeX/iaWdb6r1k07TowEmqcr/zLOb90X+oXXkH9pL/qG95B/aS/6hveQf2kv+ob3kH9pL/qG95B/a63z+AYB2GVxp+g5koClNzz8AAAAAAAAAAAAAAAAAAMBF21P7y2fLpGp++nZy/HCS7qj6neHziJMbh69XfyqqZr8r6m5jeebOMXcwpvcbvvv6pm+brf/ZHc3W31xJtl5LMtftXrz+itPr79+7+W++7z03ZoExPfRks/V/3Wm2/sJB8kk1/8yNmn/K3DZ8Hz3/9KvzN2b9l38ZcwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABMzG8BAAD//8n0bSk=") socket$inet6_tcp(0xa, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket(0x10, 0x3, 0x0) socket$packet(0x11, 0x2, 0x300) bpf$TOKEN_CREATE(0x24, 0x0, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f00000005c0)=ANY=[@ANYRESHEX, @ANYRES64=r4], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10) r6 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r6, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=@flushpolicy={0x10, 0x1d, 0x1}, 0x10}}, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r0, 0xc080661a, &(0x7f00000001c0)={@id={0x2, 0x0, @d}}) 17.362769ms ago: executing program 0 (id=371): syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0) gettid() r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.numa_stat\x00', 0x26e1, 0x0) close(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_serviced\x00', 0x26e1, 0x0) getpid() setsockopt$inet6_group_source_req(r1, 0x29, 0x2b, &(0x7f0000000340)={0x3, {{0xa, 0x4e23, 0x9, @private0={0xfc, 0x0, '\x00', 0x1}, 0x7}}, {{0xa, 0x4e20, 0x4, @remote, 0x1}}}, 0x108) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_pidfd_open(0x0, 0x0) close(r1) r2 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r2, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000000), 0x4) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r2, 0x10e, 0x4, 0x0, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8b18, &(0x7f0000000000)={'wlan1\x00', @random="010000000700"}) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000200)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)={0x44, r5, 0xb7a006d1969b963b, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_FRAME={0x26, 0x33, @probe_request={{{}, {}, @device_b, @device_b}, @void, @val, @void, @void, @val={0x72, 0x6}}}]}, 0x44}}, 0x0) ioctl$SIOCSIFHWADDR(r0, 0x8b06, &(0x7f0000000000)={'wlan1\x00', @random="02000000000a"}) 0s ago: executing program 1 (id=372): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(0xffffffffffffffff, 0x40045532, &(0x7f0000000040)) mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) r4 = creat(&(0x7f0000000140)='./file0\x00', 0x0) ioctl$BLKTRACESTART(r4, 0x40101287, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0x8, &(0x7f00000003c0)=ANY=[@ANYBLOB], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r5 = syz_open_dev$vbi(&(0x7f00000000c0), 0x2, 0x2) ioctl$VIDIOC_ENUM_FREQ_BANDS(r5, 0xc0405665, &(0x7f0000000280)={0x0, 0x2}) ioctl$KVM_GET_DEBUGREGS(0xffffffffffffffff, 0x8080aea1, 0x0) ioctl$SNDCTL_DSP_GETOPTR(0xffffffffffffffff, 0x800c5012, &(0x7f0000000080)) kernel console output (not intermixed with test programs): T3574] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 60.589369][ T3574] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 60.603462][ T3574] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 60.615363][ T3574] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 60.628235][ T3574] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 60.641860][ T3574] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 60.657385][ T3636] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 60.668091][ T3636] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 60.679188][ T383] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 60.689133][ T383] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 60.699582][ T383] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 60.715087][ T3574] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.724619][ T3574] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.733824][ T3574] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.742979][ T3574] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.787764][ T3636] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 60.796640][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 60.804194][ T3636] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 60.806209][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 60.849474][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 60.860430][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 60.904956][ T1246] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 60.921684][ T1246] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 60.945520][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 61.026120][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 61.048384][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 61.075362][ T3636] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 61.095197][ T3636] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 61.128190][ T3649] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 61.168493][ T3636] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 61.195318][ T1246] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 61.223470][ T154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 61.225518][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 61.247963][ T1246] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 61.298509][ T154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 61.334400][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 61.356178][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 61.566684][ T3659] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3'. [ 61.661249][ T3662] syz.0.6 uses obsolete (PF_INET,SOCK_PACKET) [ 61.759834][ T3610] Bluetooth: hci4: command 0x0419 tx timeout [ 61.766145][ T3610] Bluetooth: hci2: command 0x0419 tx timeout [ 61.779853][ T3610] Bluetooth: hci1: command 0x0419 tx timeout [ 61.819034][ T3610] Bluetooth: hci3: command 0x0419 tx timeout [ 61.833881][ T3610] Bluetooth: hci0: command 0x0419 tx timeout [ 61.883633][ T3670] loop4: detected capacity change from 0 to 164 [ 61.889172][ T3666] loop3: detected capacity change from 0 to 4096 [ 61.938688][ T3670] ======================================================= [ 61.938688][ T3670] WARNING: The mand mount option has been deprecated and [ 61.938688][ T3670] and is ignored by this kernel. Remove the mand [ 61.938688][ T3670] option from the mount to silence this warning. [ 61.938688][ T3670] ======================================================= [ 62.047654][ T3666] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 62.084394][ T3670] Unable to read rock-ridge attributes [ 62.263901][ T3647] loop2: detected capacity change from 0 to 32768 [ 62.417031][ T3651] loop1: detected capacity change from 0 to 40427 [ 62.647659][ T3651] F2FS-fs (loop1): invalid crc value [ 62.863771][ T3647] XFS (loop2): Mounting V5 Filesystem [ 62.984578][ T3651] F2FS-fs (loop1): Found nat_bits in checkpoint [ 63.266128][ T3651] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 63.435835][ T3696] netlink: 4 bytes leftover after parsing attributes in process `syz.0.12'. [ 63.476035][ T3647] XFS (loop2): Ending clean mount [ 63.507673][ T3696] netlink: 'syz.0.12': attribute type 15 has an invalid length. [ 63.518735][ T3647] XFS (loop2): Quotacheck needed: Please wait. [ 63.564580][ T3696] netlink: 'syz.0.12': attribute type 18 has an invalid length. [ 63.607908][ T3647] XFS (loop2): Quotacheck: Done. [ 63.631888][ T3696] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 3072 - 0 [ 63.641587][ T3696] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 3072 - 0 [ 63.641744][ T3651] F2FS-fs (loop1) : inject slab alloc in f2fs_kmem_cache_alloc of __vfs_getxattr+0x3e0/0x410 [ 63.650373][ T3696] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 3072 - 0 [ 63.650440][ T3696] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 3072 - 0 [ 63.670327][ T3696] device vxlan0 entered promiscuous mode [ 63.698890][ T3702] netlink: 8 bytes leftover after parsing attributes in process `syz.4.13'. [ 63.746641][ T3568] attempt to access beyond end of device [ 63.746641][ T3568] loop1: rw=2049, want=45104, limit=40427 [ 64.048093][ T3013] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 64.121111][ T3707] loop4: detected capacity change from 0 to 128 [ 64.252333][ T3707] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256 [ 64.301515][ T3707] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 64.319800][ T3013] usb 4-1: Using ep0 maxpacket: 8 [ 64.438069][ T3013] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 64.457145][ T3013] usb 4-1: New USB device found, idVendor=05ac, idProduct=0242, bcdDevice= 0.00 [ 64.484465][ T3013] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 64.536120][ T3013] usb 4-1: config 0 descriptor?? [ 64.594936][ T3013] input: bcm5974 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input5 [ 64.689384][ T3569] XFS (loop2): Unmounting Filesystem [ 64.797604][ T3012] bcm5974 4-1:0.0: could not read from device [ 64.828044][ T3012] bcm5974 4-1:0.0: could not read from device [ 64.831577][ T3013] usb 4-1: USB disconnect, device number 2 [ 64.850614][ T3720] loop4: detected capacity change from 0 to 1024 [ 64.907459][ T3656] bcm5974 4-1:0.0: could not read from device [ 64.926682][ T3012] bcm5974 4-1:0.0: could not read from device [ 65.321027][ C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 65.414708][ T3728] input: syz1 as /devices/virtual/input/input6 [ 66.097907][ T3013] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 66.349491][ T3013] usb 1-1: Using ep0 maxpacket: 16 [ 66.467140][ T3013] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 66.487057][ T3013] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 66.517030][ T3013] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 66.557097][ T3013] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 66.586837][ T3013] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 66.617907][ T3013] usb 1-1: config 0 descriptor?? [ 66.627000][ T3740] loop1: detected capacity change from 0 to 32768 [ 66.646816][ T3735] loop3: detected capacity change from 0 to 32768 [ 66.677231][ T2988] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 66.696737][ T3740] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 scanned by syz.1.25 (3740) [ 66.721152][ T3735] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 66.748244][ T3735] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 66.801460][ T3740] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [ 66.814897][ T3740] BTRFS info (device loop1): use zlib compression, level 3 [ 66.822733][ T3740] BTRFS info (device loop1): using free space tree [ 66.829563][ T3740] BTRFS info (device loop1): has skinny extents [ 66.888903][ T3735] gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents in 0ms [ 66.901473][ T7] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 66.919587][ T7] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 67.043230][ T3740] BTRFS info (device loop1): enabling ssd optimizations [ 67.087372][ T2988] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 67.113143][ T2988] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 67.127748][ T7] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 208ms [ 67.132803][ T3013] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0 [ 67.136189][ T7] gfs2: fsid=syz:syz.0: jid=0: Done [ 67.156903][ T3013] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0 [ 67.164622][ T3013] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0 [ 67.172167][ T3013] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0 [ 67.179493][ T3013] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0 [ 67.187079][ T3013] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0 [ 67.194329][ T3013] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0 [ 67.201794][ T3013] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0 [ 67.209353][ T3013] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0 [ 67.217010][ T3013] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0 [ 67.296483][ T3013] input: HID 045e:07da as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:045E:07DA.0001/input/input7 [ 67.413491][ T3013] microsoft 0003:045E:07DA.0001: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.0-1/input0 [ 67.466013][ T3763] loop4: detected capacity change from 0 to 40427 [ 67.475091][ T2988] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 67.484268][ T2988] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 67.493557][ T3735] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 67.554532][ T3763] F2FS-fs (loop4): invalid crc value [ 67.607367][ T2988] usb 3-1: config 0 descriptor?? [ 67.643220][ T3763] F2FS-fs (loop4): Found nat_bits in checkpoint [ 67.691898][ T3763] F2FS-fs (loop4): Cannot turn on quotas: -2 on 1 [ 67.715804][ T3612] usb 1-1: USB disconnect, device number 2 [ 67.740589][ T3763] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 68.208305][ T2988] hid (null): bogus close delimiter [ 68.263785][ T26] audit: type=1804 audit(1728973696.085:2): pid=3774 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.25" name="/newroot/3/file0/file1" dev="loop1" ino=260 res=1 errno=0 [ 68.584192][ T3773] BTRFS info (device loop1): balance: start -s [ 68.606510][ T3775] attempt to access beyond end of device [ 68.606510][ T3775] loop4: rw=2049, want=80784, limit=40427 [ 68.635936][ T3773] BTRFS info (device loop1): relocating block group 1048576 flags system [ 68.668210][ T3577] attempt to access beyond end of device [ 68.668210][ T3577] loop4: rw=2049, want=45104, limit=40427 [ 68.839504][ T3773] BTRFS info (device loop1): balance: ended with status: 0 [ 68.887393][ T2988] uclogic 0003:256C:006D.0002: failed retrieving Huion firmware version: -71 [ 68.916158][ T2988] uclogic 0003:256C:006D.0002: failed probing parameters: -71 [ 68.933065][ T2988] uclogic: probe of 0003:256C:006D.0002 failed with error -71 [ 68.975329][ T2988] usb 3-1: USB disconnect, device number 2 [ 69.436629][ T3783] binder: BINDER_SET_CONTEXT_MGR already set [ 69.449014][ T3783] binder: 3780:3783 ioctl 4018620d 20000180 returned -16 [ 69.808353][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #40!!! [ 71.123711][ T3813] netlink: 16 bytes leftover after parsing attributes in process `syz.4.39'. [ 71.363624][ T1399] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.370314][ T1399] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.621399][ T3821] loop1: detected capacity change from 0 to 128 [ 72.087453][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #08!!! [ 72.096444][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #08!!! [ 72.105507][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #0a!!! [ 72.114435][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #0a!!! [ 72.123678][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #0a!!! [ 72.154726][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #8a!!! [ 72.200339][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #18a!!! [ 72.209374][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #18a!!! [ 72.218470][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #18a!!! [ 72.248898][ T26] audit: type=1800 audit(1728973699.995:3): pid=3823 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.42" name="bus" dev="loop1" ino=1048590 res=0 errno=0 [ 72.966382][ T3825] loop4: detected capacity change from 0 to 64 [ 73.071940][ T3825] MINIX-fs: bad superblock or unable to read bitmaps [ 73.208335][ T3829] loop2: detected capacity change from 0 to 1024 [ 73.222493][ T3816] loop3: detected capacity change from 0 to 32768 [ 73.343138][ T3829] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 73.451639][ T3834] loop4: detected capacity change from 0 to 1024 [ 73.462213][ T3829] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 73.520098][ T3829] syz.2.45 (3829) used greatest stack depth: 19384 bytes left [ 73.772664][ T3834] EXT4-fs (loop4): Test dummy encryption mode enabled [ 73.789086][ T3841] device syzkaller0 entered promiscuous mode [ 73.796491][ T3834] EXT4-fs (loop4): inline encryption not supported [ 73.812698][ T3834] EXT4-fs (loop4): Ignoring removed orlov option [ 73.830107][ T3834] EXT4-fs (loop4): mounted filesystem without journal. Opts: test_dummy_encryption,debug_want_extra_isize=0x0000000000000084,inlinecrypt,commit=0x0000000000000005,orlov,barrier=0x0000000000000005,max_batch_time=0x0000000000000000,data_err=abort,,errors=continue. Quota mode: writeback. [ 74.017082][ T3612] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 74.024791][ T3851] loop3: detected capacity change from 0 to 512 [ 74.123522][ T3851] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities [ 74.169716][ T3834] fscrypt: AES-256-XTS using implementation "xts-aes-aesni" [ 74.397661][ T3612] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 74.412625][ T3612] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 74.438741][ T3612] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 74.448814][ T3612] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 74.460790][ T3612] usb 1-1: config 0 descriptor?? [ 74.845684][ T3873] loop4: detected capacity change from 0 to 4096 [ 74.969906][ T3612] plantronics 0003:047F:FFFF.0003: No inputs registered, leaving [ 75.229548][ T3873] ntfs3: loop4: Different NTFS' sector size (4096) and media sector size (512) [ 75.407798][ T3612] plantronics 0003:047F:FFFF.0003: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 75.627799][ T3861] loop3: detected capacity change from 0 to 40427 [ 75.648129][ T3784] usb 1-1: USB disconnect, device number 3 [ 75.727439][ T3861] F2FS-fs (loop3): invalid crc value [ 75.759265][ T3861] F2FS-fs (loop3): Found nat_bits in checkpoint [ 75.835569][ T3888] Cannot find set identified by id 0 to match [ 75.891886][ T3861] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 75.910766][ T3891] loop4: detected capacity change from 0 to 256 [ 76.044694][ T3574] F2FS-fs (loop3): access invalid blkaddr:2816 [ 76.069486][ T3574] CPU: 0 PID: 3574 Comm: syz-executor Not tainted 5.15.167-syzkaller #0 [ 76.077869][ T3574] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 76.087955][ T3574] Call Trace: [ 76.091296][ T3574] [ 76.094339][ T3574] dump_stack_lvl+0x1e3/0x2d0 [ 76.099049][ T3574] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 76.104717][ T3574] ? f2fs_get_next_page_offset+0x6c0/0x6c0 [ 76.110577][ T3574] f2fs_is_valid_blkaddr+0xca6/0x1270 [ 76.116078][ T3574] f2fs_map_blocks+0x159a/0x3720 [ 76.121087][ T3574] ? f2fs_force_buffered_io+0x630/0x630 [ 76.126685][ T3574] f2fs_mpage_readpages+0xe98/0x27c0 [ 76.132034][ T3574] ? dquot_release_reservation_block+0x90/0x90 [ 76.138334][ T3574] ? f2fs_is_compress_backend_ready+0x9d/0x130 [ 76.144797][ T3574] ? f2fs_readahead+0x16e/0x310 [ 76.149682][ T3574] ? f2fs_set_data_page_dirty+0xa90/0xa90 [ 76.155445][ T3574] read_pages+0x159/0x8e0 [ 76.159831][ T3574] ? page_cache_ra_unbounded+0x930/0x930 [ 76.165507][ T3574] ? add_to_page_cache_locked+0x40/0x40 [ 76.171102][ T3574] ? down_read+0x1b3/0x2e0 [ 76.175563][ T3574] page_cache_ra_unbounded+0x7b0/0x930 [ 76.181071][ T3574] ? read_cache_pages_invalidate_pages+0x1c0/0x1c0 [ 76.187615][ T3574] ? blk_cgroup_congested+0x30c/0x390 [ 76.193062][ T3574] f2fs_readdir+0x546/0xef0 [ 76.197640][ T3574] ? f2fs_fill_dentries+0xd60/0xd60 [ 76.202888][ T3574] ? f2fs_fill_dentries+0xd60/0xd60 [ 76.208134][ T3574] ? iterate_dir+0x10a/0x570 [ 76.212839][ T3574] ? fsnotify_perm+0x442/0x590 [ 76.217640][ T3574] iterate_dir+0x224/0x570 [ 76.222093][ T3574] ? f2fs_fill_dentries+0xd60/0xd60 [ 76.227368][ T3574] __se_sys_getdents64+0x209/0x4f0 [ 76.232544][ T3574] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 76.238552][ T3574] ? __x64_sys_getdents64+0x80/0x80 [ 76.243771][ T3574] ? filldir+0x720/0x720 [ 76.248297][ T3574] ? syscall_enter_from_user_mode+0x2e/0x240 [ 76.254309][ T3574] ? lockdep_hardirqs_on+0x94/0x130 [ 76.259543][ T3574] ? syscall_enter_from_user_mode+0x2e/0x240 [ 76.265554][ T3574] do_syscall_64+0x3b/0xb0 [ 76.269979][ T3574] ? clear_bhb_loop+0x15/0x70 [ 76.274674][ T3574] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 76.280594][ T3574] RIP: 0033:0x7fc5f1c80193 [ 76.285035][ T3574] Code: c1 66 0f 1f 44 00 00 48 83 c4 08 48 89 ef 5b 5d e9 42 43 f8 ff 66 90 b8 ff ff ff 7f 48 39 c2 48 0f 47 d0 b8 d9 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 05 c3 0f 1f 40 00 48 c7 c2 a8 ff ff ff f7 d8 [ 76.304730][ T3574] RSP: 002b:00007ffc83dc53e8 EFLAGS: 00000293 ORIG_RAX: 00000000000000d9 [ 76.313171][ T3574] RAX: ffffffffffffffda RBX: 000055555cfb4600 RCX: 00007fc5f1c80193 [ 76.321177][ T3574] RDX: 0000000000008000 RSI: 000055555cfb4600 RDI: 0000000000000005 [ 76.329263][ T3574] RBP: 000055555cfb45d4 R08: 0000000000000000 R09: 0000000000000000 [ 76.337730][ T3574] R10: 0000000000001000 R11: 0000000000000293 R12: ffffffffffffffa8 [ 76.345816][ T3574] R13: 0000000000000010 R14: 000055555cfb45d0 R15: 00007ffc83dc7690 [ 76.353915][ T3574] [ 76.373295][ T3574] F2FS-fs (loop3): access invalid blkaddr:2816 [ 76.392610][ T3574] CPU: 0 PID: 3574 Comm: syz-executor Not tainted 5.15.167-syzkaller #0 [ 76.400996][ T3574] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 76.411220][ T3574] Call Trace: [ 76.414529][ T3574] [ 76.417508][ T3574] dump_stack_lvl+0x1e3/0x2d0 [ 76.422230][ T3574] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 76.427889][ T3574] ? f2fs_get_next_page_offset+0x6c0/0x6c0 [ 76.433750][ T3574] f2fs_is_valid_blkaddr+0xca6/0x1270 [ 76.439201][ T3574] f2fs_map_blocks+0x159a/0x3720 [ 76.444208][ T3574] ? f2fs_force_buffered_io+0x630/0x630 [ 76.449817][ T3574] ? unlock_page+0x188/0x200 [ 76.454431][ T3574] f2fs_mpage_readpages+0xe98/0x27c0 [ 76.459781][ T3574] ? dquot_release_reservation_block+0x90/0x90 [ 76.466097][ T3574] ? f2fs_is_compress_backend_ready+0x9d/0x130 [ 76.472390][ T3574] ? f2fs_readahead+0x16e/0x310 [ 76.477450][ T3574] ? f2fs_set_data_page_dirty+0xa90/0xa90 [ 76.483211][ T3574] read_pages+0x159/0x8e0 [ 76.487580][ T3574] ? page_cache_ra_unbounded+0x930/0x930 [ 76.493256][ T3574] ? add_to_page_cache_locked+0x40/0x40 [ 76.498848][ T3574] ? down_read+0x1b3/0x2e0 [ 76.503301][ T3574] page_cache_ra_unbounded+0x7b0/0x930 [ 76.508862][ T3574] ? read_cache_pages_invalidate_pages+0x1c0/0x1c0 [ 76.515604][ T3574] ? blk_cgroup_congested+0x30c/0x390 [ 76.521023][ T3574] f2fs_readdir+0x546/0xef0 [ 76.525586][ T3574] ? f2fs_fill_dentries+0xd60/0xd60 [ 76.530833][ T3574] ? f2fs_fill_dentries+0xd60/0xd60 [ 76.536082][ T3574] ? iterate_dir+0x10a/0x570 [ 76.540704][ T3574] ? fsnotify_perm+0x442/0x590 [ 76.545510][ T3574] iterate_dir+0x224/0x570 [ 76.549966][ T3574] ? f2fs_fill_dentries+0xd60/0xd60 [ 76.555249][ T3574] __se_sys_getdents64+0x209/0x4f0 [ 76.560492][ T3574] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 76.566505][ T3574] ? __x64_sys_getdents64+0x80/0x80 [ 76.571728][ T3574] ? filldir+0x720/0x720 [ 76.576001][ T3574] ? syscall_enter_from_user_mode+0x2e/0x240 [ 76.582092][ T3574] ? lockdep_hardirqs_on+0x94/0x130 [ 76.587799][ T3574] ? syscall_enter_from_user_mode+0x2e/0x240 [ 76.593814][ T3574] do_syscall_64+0x3b/0xb0 [ 76.598345][ T3574] ? clear_bhb_loop+0x15/0x70 [ 76.603127][ T3574] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 76.609067][ T3574] RIP: 0033:0x7fc5f1c80193 [ 76.613509][ T3574] Code: c1 66 0f 1f 44 00 00 48 83 c4 08 48 89 ef 5b 5d e9 42 43 f8 ff 66 90 b8 ff ff ff 7f 48 39 c2 48 0f 47 d0 b8 d9 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 05 c3 0f 1f 40 00 48 c7 c2 a8 ff ff ff f7 d8 [ 76.633202][ T3574] RSP: 002b:00007ffc83dc53e8 EFLAGS: 00000293 ORIG_RAX: 00000000000000d9 [ 76.641652][ T3574] RAX: ffffffffffffffda RBX: 000055555cfb4600 RCX: 00007fc5f1c80193 [ 76.649752][ T3574] RDX: 0000000000008000 RSI: 000055555cfb4600 RDI: 0000000000000005 [ 76.658087][ T3574] RBP: 000055555cfb45d4 R08: 0000000000000000 R09: 0000000000000000 [ 76.666147][ T3574] R10: 0000000000001000 R11: 0000000000000293 R12: ffffffffffffffa8 [ 76.674145][ T3574] R13: 0000000000000010 R14: 000055555cfb45d0 R15: 00007ffc83dc7690 [ 76.682161][ T3574] [ 76.713615][ T3574] attempt to access beyond end of device [ 76.713615][ T3574] loop3: rw=0, want=45072, limit=40427 [ 76.935456][ T3574] attempt to access beyond end of device [ 76.935456][ T3574] loop3: rw=2049, want=45104, limit=40427 [ 78.206615][ T3913] dlm: no local IP address has been set [ 78.213168][ T3913] dlm: cannot start dlm midcomms -107 [ 79.513221][ T3687] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 80.212460][ T3929] overlayfs: failed to resolve './file1': -2 [ 80.383505][ T3937] loop1: detected capacity change from 0 to 1024 [ 80.496600][ T3937] EXT4-fs (loop1): Ignoring removed nomblk_io_submit option [ 80.547140][ T3937] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 80.603668][ T3687] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 80.845366][ T3937] EXT4-fs (loop1): mounted filesystem without journal. Opts: grpquota,delalloc,resuid=0x0000000000000000,init_itable,dioread_nolock,nojournal_checksum,nomblk_io_submit,data_err=abort,,errors=continue. Quota mode: writeback. [ 80.966216][ T26] audit: type=1400 audit(1728973708.785:4): apparmor="DENIED" operation="setprocattr" info="fscreate" error=-22 profile="unconfined" pid=3938 comm="syz.0.77" [ 81.269674][ T3687] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 81.599943][ T1075] cfg80211: failed to load regulatory.db [ 81.611749][ T26] audit: type=1800 audit(1728973709.435:5): pid=3947 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.75" name="bus" dev="loop1" ino=18 res=0 errno=0 [ 81.661728][ T3687] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 81.794189][ T3952] loop0: detected capacity change from 0 to 1764 [ 82.558945][ T3612] Bluetooth: hci3: command 0x0409 tx timeout [ 82.600165][ T3934] chnl_net:caif_netlink_parms(): no params data found [ 83.035431][ T3934] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.060606][ T3934] bridge0: port 1(bridge_slave_0) entered disabled state [ 83.088091][ T3934] device bridge_slave_0 entered promiscuous mode [ 83.127898][ T3967] loop2: detected capacity change from 0 to 32768 [ 83.163286][ T3934] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.204907][ T3934] bridge0: port 2(bridge_slave_1) entered disabled state [ 83.207232][ T3967] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz.2.83 (3967) [ 83.243864][ T3934] device bridge_slave_1 entered promiscuous mode [ 83.349295][ T3967] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 83.389973][ T3967] BTRFS info (device loop2): metadata ratio 4 [ 83.396164][ T3967] BTRFS info (device loop2): setting incompat feature flag for COMPRESS_LZO (0x8) [ 83.486990][ T3967] BTRFS info (device loop2): force lzo compression, level 0 [ 83.510246][ T3967] BTRFS warning (device loop2): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 83.563640][ T3967] BTRFS info (device loop2): trying to use backup root at mount time [ 83.589627][ T3967] BTRFS info (device loop2): doing ref verification [ 83.611826][ T3967] BTRFS info (device loop2): enabling auto defrag [ 83.628741][ T3934] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 83.637136][ T3967] BTRFS info (device loop2): disabling tree log [ 83.667283][ T3967] BTRFS info (device loop2): using free space tree [ 83.670966][ T3934] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 83.673839][ T3967] BTRFS info (device loop2): has skinny extents [ 83.786419][ T3934] team0: Port device team_slave_0 added [ 83.852241][ T3934] team0: Port device team_slave_1 added [ 83.926762][ T3689] BTRFS warning (device loop2): checksum verify failed on 5332992 wanted 0x0a5e5d25 found 0x26333c6f level 0 [ 83.943436][ T3972] loop1: detected capacity change from 0 to 32768 [ 83.961161][ T3967] BTRFS warning (device loop2): couldn't read tree root [ 83.972951][ T3689] BTRFS warning (device loop2): checksum verify failed on 5324800 wanted 0x9f73850b found 0x78ca8373 level 0 [ 83.973061][ T3934] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 83.993864][ T3967] BTRFS warning (device loop2): couldn't read tree root [ 84.018474][ T3967] BTRFS error (device loop2): parent transid verify failed on 5255168 wanted 5 found 7 [ 84.037563][ T3967] BTRFS warning (device loop2): couldn't read tree root [ 84.061875][ T3934] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 84.088490][ T3934] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 84.132947][ T3934] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 84.152925][ T3934] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 84.173164][ T3967] BTRFS info (device loop2): enabling ssd optimizations [ 84.203539][ T3934] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 84.213356][ T3967] BTRFS info (device loop2): clearing free space tree [ 84.223052][ T3967] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 84.235755][ T3967] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 84.250076][ T3960] chnl_net:caif_netlink_parms(): no params data found [ 84.340390][ T3967] BTRFS info (device loop2): creating free space tree [ 84.361096][ T3967] BTRFS info (device loop2): setting compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 84.378946][ T3967] BTRFS info (device loop2): setting compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 84.667566][ T3615] Bluetooth: hci3: command 0x041b tx timeout [ 84.721494][ T3934] device hsr_slave_0 entered promiscuous mode [ 84.779246][ T3934] device hsr_slave_1 entered promiscuous mode [ 84.799208][ T3615] Bluetooth: hci4: command 0x0409 tx timeout [ 84.806343][ T3934] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 84.949778][ T4025] dlm: no local IP address has been set [ 84.955417][ T4025] dlm: cannot start dlm midcomms -107 [ 85.136689][ T3934] Cannot create hsr debugfs directory [ 85.460626][ T3960] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.476617][ T3960] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.500556][ T3960] device bridge_slave_0 entered promiscuous mode [ 85.647262][ T3960] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.654382][ T3960] bridge0: port 2(bridge_slave_1) entered disabled state [ 85.682526][ T3960] device bridge_slave_1 entered promiscuous mode [ 86.179763][ T3960] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.262814][ T3960] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 86.565726][ T4060] loop0: detected capacity change from 0 to 128 [ 86.904852][ T4060] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 87.197561][ T4060] ext4 filesystem being mounted at /21/mnt supports timestamps until 2038 (0x7fffffff) [ 87.262480][ T3960] team0: Port device team_slave_0 added [ 87.333952][ T3612] Bluetooth: hci3: command 0x040f tx timeout [ 87.340906][ T3960] team0: Port device team_slave_1 added [ 87.342096][ T1075] Bluetooth: hci4: command 0x041b tx timeout [ 87.531319][ T4060] fscrypt: AES-256-CTS-CBC using implementation "cts-cbc-aes-aesni" [ 87.542265][ T3960] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.557594][ T3960] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.587897][ T4069] fscrypt: loop0: 1 inode(s) still busy after removing key with identifier 69b2f6edeee720cce0577937eb8a6751, including ino 12 [ 87.636216][ T3960] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.649750][ T3960] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.685791][ T3960] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.712700][ T3786] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 87.722874][ T3960] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 87.844851][ T4083] input: syz1 as /devices/virtual/input/input8 [ 87.945649][ T4055] loop2: detected capacity change from 0 to 32768 [ 87.959557][ T3687] device hsr_slave_0 left promiscuous mode [ 87.976580][ T3687] device hsr_slave_1 left promiscuous mode [ 87.990049][ T3687] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 88.000048][ T3687] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 88.015808][ T4055] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 scanned by syz.2.87 (4055) [ 88.032101][ T3687] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 88.032867][ T4055] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 88.044581][ T3687] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 88.065143][ T4055] BTRFS info (device loop2): setting nodatacow, compression disabled [ 88.073890][ T4055] BTRFS info (device loop2): setting datacow [ 88.080885][ T4055] BTRFS info (device loop2): doing ref verification [ 88.088270][ T4055] BTRFS info (device loop2): force clearing of disk cache [ 88.088500][ T3687] device bridge_slave_1 left promiscuous mode [ 88.095740][ T4055] BTRFS info (device loop2): turning off barriers [ 88.114645][ T3687] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.119113][ T4055] BTRFS info (device loop2): enabling ssd optimizations [ 88.129841][ T3786] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 88.143411][ T3786] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 88.160748][ T3687] device bridge_slave_0 left promiscuous mode [ 88.162297][ T4055] BTRFS info (device loop2): using spread ssd allocation scheme [ 88.177201][ T3687] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.179420][ T3786] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 88.199942][ T3786] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 88.210085][ T3687] device veth1_macvtap left promiscuous mode [ 88.213138][ T4055] BTRFS info (device loop2): not using ssd optimizations [ 88.216707][ T3687] device veth0_macvtap left promiscuous mode [ 88.232882][ T4055] BTRFS info (device loop2): not using spread ssd allocation scheme [ 88.239134][ T3687] device veth1_vlan left promiscuous mode [ 88.243577][ T3786] usb 2-1: config 0 descriptor?? [ 88.267788][ T3687] device veth0_vlan left promiscuous mode [ 88.270877][ T4055] BTRFS info (device loop2): using free space tree [ 88.291008][ T4088] input: syz1 as /devices/virtual/input/input9 [ 88.297556][ T4055] BTRFS info (device loop2): has skinny extents [ 88.385066][ T4055] BTRFS info (device loop2): clearing free space tree [ 88.402557][ T4055] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 88.422751][ T4055] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 88.444549][ T4055] BTRFS info (device loop2): creating free space tree [ 88.456454][ T4055] BTRFS info (device loop2): setting compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 88.466690][ T4055] BTRFS info (device loop2): setting compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 88.530278][ T26] audit: type=1800 audit(1728973716.355:6): pid=4055 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.87" name="bus" dev="loop2" ino=263 res=0 errno=0 [ 88.962308][ T3687] team0 (unregistering): Port device team_slave_1 removed [ 89.088288][ T3687] team0 (unregistering): Port device team_slave_0 removed [ 89.128793][ T3687] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 89.157423][ T3687] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 89.290847][ T3687] bond0 (unregistering): Released all slaves [ 89.316486][ T4110] loop2: detected capacity change from 0 to 1764 [ 89.357511][ T3610] Bluetooth: hci4: command 0x040f tx timeout [ 89.387366][ T3610] Bluetooth: hci3: command 0x0419 tx timeout [ 89.691683][ T3786] input: HID 256c:006d Pen as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:256C:006D.0004/input/input10 [ 89.713320][ T3960] device hsr_slave_0 entered promiscuous mode [ 89.748474][ T3960] device hsr_slave_1 entered promiscuous mode [ 89.803167][ T3960] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 89.820549][ T3960] Cannot create hsr debugfs directory [ 89.854333][ T3786] input: HID 256c:006d Pad as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:256C:006D.0004/input/input11 [ 89.914251][ T3786] uclogic 0003:256C:006D.0004: input,hidraw0: USB HID v0.00 Keypad [HID 256c:006d] on usb-dummy_hcd.1-1/input0 [ 89.981953][ T3786] usb 2-1: USB disconnect, device number 2 [ 90.459682][ T3934] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 90.508682][ T3934] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 90.571462][ T3934] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 90.724381][ T3960] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 90.799812][ T3934] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 90.932606][ T3960] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 91.048060][ T4153] Zero length message leads to an empty skb [ 91.111269][ T3960] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 91.220160][ T3960] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 91.322703][ T3934] 8021q: adding VLAN 0 to HW filter on device bond0 [ 91.382300][ T3930] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 91.404900][ T3930] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 91.437304][ T3610] Bluetooth: hci4: command 0x0419 tx timeout [ 91.450689][ T3934] 8021q: adding VLAN 0 to HW filter on device team0 [ 91.581955][ T3931] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 91.605473][ T3931] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 91.631850][ T3931] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.639088][ T3931] bridge0: port 1(bridge_slave_0) entered forwarding state [ 91.661761][ T3931] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 91.690976][ T3931] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 91.718099][ T3931] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.725269][ T3931] bridge0: port 2(bridge_slave_1) entered forwarding state [ 91.768804][ T3931] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 91.798109][ T3931] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 91.829543][ T3931] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 91.887835][ T3930] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 91.927995][ T3930] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 91.958402][ T3930] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 91.979201][ T3930] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 92.009485][ T3930] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 92.035911][ T3930] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 92.075399][ T3930] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 92.100820][ T3960] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 92.136328][ T3930] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 92.187579][ T3930] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 92.229795][ T3960] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 92.288019][ T3960] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 92.339407][ T3934] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 92.378850][ T3960] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 92.631792][ T4156] loop0: detected capacity change from 0 to 32768 [ 92.739276][ T4156] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 92.749262][ T3960] 8021q: adding VLAN 0 to HW filter on device bond0 [ 92.776411][ T4190] loop1: detected capacity change from 0 to 1024 [ 92.787052][ T4156] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 92.861749][ T4156] gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents in 0ms [ 92.903875][ T3636] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 92.909139][ T4046] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 92.920786][ T4046] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 92.937300][ T3636] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 92.966401][ T3636] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 92.976371][ T4190] EXT4-fs (loop1): mounted filesystem without journal. Opts: nombcache,abort,dioread_lock,norecovery,discard,lazytime,noload,usrquota,noauto_da_alloc,,errors=continue. Quota mode: writeback. [ 93.055014][ T3636] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 93.068857][ T3960] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.079970][ T3934] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 93.095443][ T4046] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 174ms [ 93.137303][ T3931] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 93.152558][ T3931] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 93.174579][ T4046] gfs2: fsid=syz:syz.0: jid=0: Done [ 93.184757][ T4156] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 93.231820][ T3931] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.239001][ T3931] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.248244][ T4201] Process accounting resumed [ 93.307094][ T3931] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 93.347593][ T3931] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 93.356599][ T3931] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 93.367613][ T3931] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.374924][ T3931] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.384953][ T3931] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 93.425574][ T3654] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 93.468129][ T3654] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 93.500164][ T3654] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 93.548164][ T3654] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 93.591664][ T3654] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 93.635776][ T3654] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 93.686200][ T3960] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 93.726985][ T3960] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 93.781823][ T3654] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 93.807961][ T3654] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 93.848105][ T3654] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 93.907737][ T3654] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 93.950705][ T3654] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 94.013146][ T3636] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 94.068174][ T3636] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 94.153585][ T3934] device veth0_vlan entered promiscuous mode [ 94.291210][ T3934] device veth1_vlan entered promiscuous mode [ 94.459079][ T3934] device veth0_macvtap entered promiscuous mode [ 94.531280][ T3934] device veth1_macvtap entered promiscuous mode [ 94.598225][ T3636] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 94.634278][ T3636] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 94.675832][ T3636] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 94.697370][ T3636] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 94.749479][ T3636] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 94.798180][ T3636] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 94.808651][ T3636] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 94.841431][ T3636] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 94.863237][ T3636] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 94.922327][ T3636] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 94.971555][ T3934] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 95.032208][ T3934] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 95.120811][ T3934] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 95.170680][ T3934] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 95.216584][ T4250] loop0: detected capacity change from 0 to 2048 [ 95.226717][ T3934] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 95.264958][ T3934] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 95.282136][ T3934] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 95.294180][ T3934] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 95.314597][ T3934] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.332773][ T3654] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 95.397948][ T3654] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 95.490002][ T3934] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 95.511404][ T3934] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 95.540889][ T3934] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 95.589800][ T4255] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 95.606582][ T3934] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 95.618389][ T3934] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 95.629948][ T3934] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 95.641404][ T3934] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 95.652965][ T3934] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 95.703102][ T3934] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.763815][ T3934] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.772810][ T3934] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.781737][ T3934] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.790745][ T3934] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.804458][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 95.833523][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 95.848211][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 95.880308][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 95.922675][ T3960] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.109167][ T3636] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 96.125504][ T3636] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 96.151519][ T3636] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.163602][ T3636] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.215220][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 96.239082][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 96.248634][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 96.260068][ T3960] device veth0_vlan entered promiscuous mode [ 96.270075][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 96.279145][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 96.281875][ T3689] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.304133][ T3960] device veth1_vlan entered promiscuous mode [ 96.319792][ T3689] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.341531][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 96.353190][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 96.362417][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 96.385483][ T3689] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 96.397047][ T3689] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 96.476418][ T3960] device veth0_macvtap entered promiscuous mode [ 96.493126][ T3960] device veth1_macvtap entered promiscuous mode [ 96.559926][ T4269] input: syz1 as /devices/virtual/input/input12 [ 96.612209][ T3772] udevd[3772]: setting mode of /dev/input/mouse1 to 020660 failed: No such file or directory [ 96.623631][ T3960] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 96.635240][ T3772] udevd[3772]: setting owner of /dev/input/mouse1 to uid=0, gid=104 failed: No such file or directory [ 96.675442][ T3960] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 96.693905][ T3960] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 96.712704][ T3960] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 96.724769][ T3960] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 96.747065][ T3960] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 96.764500][ T3960] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 96.785327][ T3960] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 96.796475][ T3960] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 96.823504][ T3960] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 96.835285][ T3960] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 96.854300][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 96.881400][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 96.897737][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 96.906708][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 96.944931][ T3960] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 96.976822][ T3960] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 96.989223][ T3960] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 97.003124][ T3960] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.019937][ T3960] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 97.043684][ T3960] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.073061][ T3960] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 97.112043][ T3960] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.155277][ T3960] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 97.209967][ T3960] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.243276][ T3960] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.287712][ T3960] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.296761][ T3960] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.326100][ T3960] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.387427][ T3960] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.521396][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 97.585919][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 97.660621][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.685999][ T4283] mmap: syz.0.116 (4283) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst. [ 97.696510][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.720409][ T3654] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.729684][ T3689] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 97.740820][ T3654] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.762475][ T3636] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 98.145085][ T4296] netlink: 8 bytes leftover after parsing attributes in process `syz.4.118'. [ 98.169413][ T4297] loop0: detected capacity change from 0 to 512 [ 98.219363][ T4296] netlink: 8 bytes leftover after parsing attributes in process `syz.4.118'. [ 98.235656][ T4297] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem [ 98.269101][ T4297] EXT4-fs (loop0): invalid journal inode [ 98.286539][ T4297] EXT4-fs (loop0): can't get journal size [ 98.377483][ T4297] EXT4-fs (loop0): 1 truncate cleaned up [ 98.387246][ T4297] EXT4-fs (loop0): mounted filesystem without journal. Opts: norecovery,,errors=continue. Quota mode: none. [ 98.521592][ T4300] tipc: Started in network mode [ 98.542167][ T4300] tipc: Node identity b84, cluster identity 4711 [ 98.590324][ T4300] tipc: Node number set to 2948 [ 98.815228][ T3687] device hsr_slave_0 left promiscuous mode [ 98.853579][ T3687] device hsr_slave_1 left promiscuous mode [ 98.872450][ T3687] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 98.949110][ T4310] loop3: detected capacity change from 0 to 2048 [ 98.956416][ T3687] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 98.995463][ T3687] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 99.018654][ T4310] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 99.037393][ T3687] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 99.079991][ T3687] device bridge_slave_1 left promiscuous mode [ 99.119873][ T3687] bridge0: port 2(bridge_slave_1) entered disabled state [ 99.271276][ T3687] device bridge_slave_0 left promiscuous mode [ 99.285629][ T3687] bridge0: port 1(bridge_slave_0) entered disabled state [ 100.011488][ T3687] device veth1_macvtap left promiscuous mode [ 100.041405][ T3687] device veth0_macvtap left promiscuous mode [ 100.061863][ T3687] device veth1_vlan left promiscuous mode [ 100.110789][ T3687] device veth0_vlan left promiscuous mode [ 101.470730][ T3687] team0 (unregistering): Port device team_slave_1 removed [ 101.489010][ T3687] team0 (unregistering): Port device team_slave_0 removed [ 101.504014][ T3687] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 101.523581][ T3687] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 101.711059][ T3687] bond0 (unregistering): Released all slaves [ 102.674343][ T4329] netlink: 'syz.0.131': attribute type 4 has an invalid length. [ 103.866303][ T4363] netlink: 12 bytes leftover after parsing attributes in process `syz.0.138'. [ 104.807930][ T26] audit: type=1326 audit(1728973732.625:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4366 comm="syz.0.141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd029174ff9 code=0x7ffc0000 [ 104.873665][ T26] audit: type=1326 audit(1728973732.675:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4366 comm="syz.0.141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fd029174ff9 code=0x7ffc0000 [ 104.917450][ T4370] loop3: detected capacity change from 0 to 512 [ 104.970644][ T26] audit: type=1326 audit(1728973732.675:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4366 comm="syz.0.141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd029174ff9 code=0x7ffc0000 [ 105.036911][ T26] audit: type=1326 audit(1728973732.675:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4366 comm="syz.0.141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fd029174ff9 code=0x7ffc0000 [ 105.112064][ T4370] EXT4-fs error (device loop3): ext4_orphan_get:1397: inode #15: comm syz.3.142: casefold flag without casefold feature [ 105.129801][ T4370] EXT4-fs error (device loop3): ext4_orphan_get:1402: comm syz.3.142: couldn't read orphan inode 15 (err -117) [ 105.260157][ T4370] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 105.363252][ T26] audit: type=1326 audit(1728973732.825:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4366 comm="syz.0.141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd029174ff9 code=0x7ffc0000 [ 105.417014][ T26] audit: type=1326 audit(1728973732.845:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4366 comm="syz.0.141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd029174ff9 code=0x7ffc0000 [ 105.530139][ T4354] loop4: detected capacity change from 0 to 32768 [ 105.642609][ T4360] chnl_net:caif_netlink_parms(): no params data found [ 105.680581][ T4354] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 scanned by syz.4.135 (4354) [ 106.503619][ T3612] Bluetooth: hci5: command 0x0409 tx timeout [ 106.620527][ T4354] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm [ 106.676474][ T4354] BTRFS info (device loop4): metadata ratio 2 [ 106.688717][ T4354] BTRFS info (device loop4): force zlib compression, level 3 [ 106.696169][ T4354] BTRFS info (device loop4): use zlib compression, level 3 [ 106.714414][ T4360] bridge0: port 1(bridge_slave_0) entered blocking state [ 106.734508][ T4360] bridge0: port 1(bridge_slave_0) entered disabled state [ 106.743447][ T4360] device bridge_slave_0 entered promiscuous mode [ 106.750837][ T4354] BTRFS info (device loop4): enabling auto defrag [ 106.765506][ T4360] bridge0: port 2(bridge_slave_1) entered blocking state [ 106.777053][ T4354] BTRFS info (device loop4): max_inline at 0 [ 106.783096][ T4354] BTRFS info (device loop4): using free space tree [ 106.798870][ T4360] bridge0: port 2(bridge_slave_1) entered disabled state [ 106.810177][ T4360] device bridge_slave_1 entered promiscuous mode [ 106.847510][ T4354] BTRFS info (device loop4): has skinny extents [ 106.957432][ T3612] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 106.969227][ T4354] BTRFS error (device loop4): open_ctree failed [ 106.993280][ T4403] loop3: detected capacity change from 0 to 1024 [ 107.202952][ T4360] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 107.226309][ T4360] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 107.317928][ T4403] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 107.347272][ T3612] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 107.356245][ T4403] ext4 filesystem being mounted at /7/file1 supports timestamps until 2038 (0x7fffffff) [ 107.367074][ T3612] usb 1-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 107.378460][ T3612] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 107.434338][ T4360] team0: Port device team_slave_0 added [ 107.580010][ T3612] usb 1-1: config 0 descriptor?? [ 107.610347][ T4360] team0: Port device team_slave_1 added [ 107.619425][ T3612] pwc: Askey VC010 type 2 USB webcam detected. [ 107.857139][ T3612] pwc: send_video_command error -71 [ 107.862381][ T3612] pwc: Failed to set video mode CIF@30 fps; return code = -71 [ 107.946551][ T3612] Philips webcam: probe of 1-1:0.0 failed with error -71 [ 108.015667][ T3612] usb 1-1: USB disconnect, device number 4 [ 108.116849][ T4428] loop4: detected capacity change from 0 to 4096 [ 108.199897][ T4360] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 108.257051][ T4360] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 108.357086][ T4360] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 108.362214][ T4431] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 108.414861][ T4360] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 108.454590][ T4360] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 108.497041][ T3612] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 108.606050][ T4360] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 108.637423][ T4420] Bluetooth: hci5: command 0x041b tx timeout [ 109.409296][ T4360] device hsr_slave_0 entered promiscuous mode [ 109.455074][ T4360] device hsr_slave_1 entered promiscuous mode [ 109.487270][ T4360] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 109.526125][ T4360] Cannot create hsr debugfs directory [ 109.626428][ T4437] loop3: detected capacity change from 0 to 1024 [ 109.737084][ T3612] usb 1-1: unable to read config index 0 descriptor/all [ 109.754723][ T3612] usb 1-1: can't read configurations, error -71 [ 109.803185][ T4360] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 109.951182][ T4360] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 109.963323][ T4430] loop2: detected capacity change from 0 to 32768 [ 109.991262][ T4440] sp0: Synchronizing with TNC [ 110.014983][ T4439] loop0: detected capacity change from 0 to 4096 [ 110.021599][ T1246] sp0: Found TNC [ 110.038782][ T4430] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 scanned by syz.2.147 (4430) [ 110.113084][ T4430] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 110.118047][ T4439] ntfs3: Bad value for 'uid' [ 110.141718][ T4430] BTRFS info (device loop2): using free space tree [ 110.156674][ T4430] BTRFS info (device loop2): has skinny extents [ 110.393155][ T4360] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 110.473539][ T4430] BTRFS info (device loop2): enabling ssd optimizations [ 110.558251][ T4360] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 110.572150][ T3933] hfsplus: b-tree write err: -5, ino 4 [ 111.211632][ T4430] overlayfs: failed to resolve './file0': -2 [ 111.261736][ T4421] Bluetooth: hci5: command 0x040f tx timeout [ 111.564653][ T4360] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 112.296363][ T4472] loop3: detected capacity change from 0 to 4096 [ 112.677900][ T4472] ntfs3: loop3: try to read out of volume at offset 0x3fffffc0c00 [ 112.700776][ T4472] ntfs3: loop3: try to read out of volume at offset 0x3fffffc0c00 [ 112.716904][ T4472] ntfs3: loop3: try to read out of volume at offset 0x3fffffc0c00 [ 112.727278][ T4472] ntfs3: loop3: try to read out of volume at offset 0x3fffffc0c00 [ 112.755357][ T4472] ntfs3: loop3: try to read out of volume at offset 0x3fffffc1c00 [ 112.774158][ T4472] ntfs3: loop3: try to read out of volume at offset 0x3fffffc2c00 [ 112.791851][ T4472] ntfs3: loop3: try to read out of volume at offset 0x3fffffc4c00 [ 112.817215][ T4472] ntfs3: loop3: try to read out of volume at offset 0x3fffffc8c00 [ 112.839868][ T4360] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 112.871029][ T4472] ntfs3: loop3: try to read out of volume at offset 0x3fffffd0c00 [ 112.892033][ T4472] ntfs3: loop3: try to read out of volume at offset 0x3fffffe0c00 [ 113.011779][ T4360] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 113.079932][ T4360] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 113.271150][ T4472] overlayfs: upper fs does not support tmpfile. [ 113.290305][ T4472] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 113.357309][ T4417] Bluetooth: hci5: command 0x0419 tx timeout [ 113.393930][ T4045] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 113.404856][ T4360] 8021q: adding VLAN 0 to HW filter on device bond0 [ 113.520460][ T4360] 8021q: adding VLAN 0 to HW filter on device team0 [ 113.563651][ T3933] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 113.582130][ T3933] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 113.618982][ T3933] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 113.646201][ T3933] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 113.667104][ T4045] usb 3-1: Using ep0 maxpacket: 16 [ 113.667907][ T3933] bridge0: port 1(bridge_slave_0) entered blocking state [ 113.679594][ T3933] bridge0: port 1(bridge_slave_0) entered forwarding state [ 113.767862][ T3933] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 113.787406][ T3933] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 113.796104][ T3933] bridge0: port 2(bridge_slave_1) entered blocking state [ 113.803338][ T3933] bridge0: port 2(bridge_slave_1) entered forwarding state [ 113.811396][ T4045] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 113.826977][ T4045] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 113.846875][ T3933] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 113.854508][ T4045] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 113.873865][ T4045] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 113.898410][ T4045] usb 3-1: config 0 descriptor?? [ 114.009310][ T3933] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 114.028301][ T3933] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 114.056151][ T3654] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 114.078655][ T3654] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 114.105120][ T3654] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 114.124588][ T3654] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 114.143293][ T3654] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 114.196262][ T4360] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 114.286557][ T4360] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 114.389753][ T3930] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 114.456585][ T3933] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 114.478687][ T3933] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 114.537880][ T3933] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 114.548757][ T3933] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 114.571684][ T3933] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 114.650052][ T3930] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 114.754115][ T3930] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 114.909514][ T3930] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 115.356349][ T3933] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 115.384681][ T3933] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 115.799167][ T4494] loop2: detected capacity change from 0 to 32768 [ 115.859622][ T4494] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz.2.154 (4494) [ 115.863903][ T4360] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 115.970240][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 116.019936][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 116.040161][ T4494] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 116.096265][ T4494] BTRFS info (device loop2): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 116.139283][ T4498] chnl_net:caif_netlink_parms(): no params data found [ 116.164555][ T4494] BTRFS info (device loop2): use zstd compression, level 3 [ 116.175056][ T3931] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 116.191720][ T3931] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 116.212807][ T4494] BTRFS info (device loop2): using free space tree [ 116.242886][ T4360] device veth0_vlan entered promiscuous mode [ 116.249148][ T4494] BTRFS info (device loop2): has skinny extents [ 116.338408][ T4494] BTRFS error (device loop2): open_ctree failed [ 116.595692][ T4409] usb 3-1: USB disconnect, device number 3 [ 116.609762][ T3931] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 116.629042][ T3931] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 116.778897][ T4360] device veth1_vlan entered promiscuous mode [ 116.877359][ T4409] Bluetooth: hci0: command 0x0409 tx timeout [ 116.928253][ T3877] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 116.945527][ T4498] bridge0: port 1(bridge_slave_0) entered blocking state [ 116.981331][ T4498] bridge0: port 1(bridge_slave_0) entered disabled state [ 118.699503][ T4498] device bridge_slave_0 entered promiscuous mode [ 118.730081][ T4498] bridge0: port 2(bridge_slave_1) entered blocking state [ 118.757485][ T4498] bridge0: port 2(bridge_slave_1) entered disabled state [ 118.798144][ T4498] device bridge_slave_1 entered promiscuous mode [ 118.967421][ T4046] Bluetooth: hci0: command 0x041b tx timeout [ 119.135071][ T3933] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 119.168126][ T3933] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 119.210111][ T4360] device veth0_macvtap entered promiscuous mode [ 119.273989][ T4498] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 119.307958][ T4360] device veth1_macvtap entered promiscuous mode [ 119.334276][ T4498] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 119.471783][ T4590] loop2: detected capacity change from 0 to 512 [ 119.495074][ T4498] team0: Port device team_slave_0 added [ 119.550904][ T4498] team0: Port device team_slave_1 added [ 119.734856][ T4590] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 119.991525][ T4590] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 120.262055][ T4590] EXT4-fs warning (device loop2): ext4_expand_extra_isize_ea:2815: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 120.293981][ T4360] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 120.342100][ T4590] EXT4-fs (loop2): 1 truncate cleaned up [ 120.348055][ T4360] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 120.371894][ T4590] EXT4-fs (loop2): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000001,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,lazytime,nombcache,noload,,errors=continue. Quota mode: none. [ 120.416506][ T4360] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 120.450407][ T4360] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 120.491120][ T4360] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 120.535150][ T4360] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 120.566984][ T4360] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 120.586655][ T4360] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 120.615746][ T4360] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 120.636742][ T4360] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 120.661581][ T4360] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 120.690593][ T3877] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 120.704254][ T3877] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 120.716245][ T3877] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 120.726772][ T3877] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 120.738101][ T4498] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 120.767138][ T4498] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 121.017100][ T4498] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 121.057565][ T4498] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 121.084167][ T4498] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 121.158329][ T4498] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 121.199020][ T4360] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 121.307094][ T4360] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 121.323625][ T4049] Bluetooth: hci0: command 0x040f tx timeout [ 121.353629][ T4360] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 121.373644][ T4360] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 121.384149][ T4360] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 121.395024][ T4360] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 121.405348][ T4360] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 121.416209][ T4360] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 121.426488][ T4360] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 121.447093][ T4360] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 121.468660][ T4360] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 121.520411][ T3877] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 121.529572][ T3877] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 121.612367][ T4360] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 121.641356][ T4360] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 121.667056][ T4360] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 121.715641][ T4360] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 121.877804][ T4498] device hsr_slave_0 entered promiscuous mode [ 121.906816][ T4498] device hsr_slave_1 entered promiscuous mode [ 121.927693][ T4498] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 121.941806][ T4498] Cannot create hsr debugfs directory [ 122.900431][ T3930] device hsr_slave_0 left promiscuous mode [ 122.926343][ T3930] device hsr_slave_1 left promiscuous mode [ 123.635290][ T4046] Bluetooth: hci0: command 0x0419 tx timeout [ 123.657701][ T3930] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 123.665446][ T3930] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 123.704750][ T3930] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 123.730377][ T3930] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 123.744711][ T3930] device bridge_slave_1 left promiscuous mode [ 123.751530][ T3930] bridge0: port 2(bridge_slave_1) entered disabled state [ 123.810464][ T4640] loop4: detected capacity change from 0 to 2048 [ 123.823675][ T3930] device bridge_slave_0 left promiscuous mode [ 123.872258][ T4640] NILFS (loop4): invalid segment: Sequence number mismatch [ 123.880071][ T4640] NILFS (loop4): trying rollback from an earlier position [ 123.898283][ T4640] NILFS (loop4): recovery complete [ 123.908471][ T4641] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 124.062307][ T3930] bridge0: port 1(bridge_slave_0) entered disabled state [ 124.863152][ T3930] device veth1_macvtap left promiscuous mode [ 124.880907][ T3930] device veth0_macvtap left promiscuous mode [ 124.891232][ T3930] device veth1_vlan left promiscuous mode [ 124.900160][ T3930] device veth0_vlan left promiscuous mode [ 126.201641][ T3930] team0 (unregistering): Port device team_slave_1 removed [ 126.220082][ T3930] team0 (unregistering): Port device team_slave_0 removed [ 126.269317][ T3930] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 126.310514][ T4648] loop4: detected capacity change from 0 to 32768 [ 126.314256][ T3930] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 126.338733][ T4660] kvm: emulating exchange as write [ 126.378330][ T4648] XFS: ikeep mount option is deprecated. [ 126.432463][ T4648] XFS (loop4): Mounting V5 Filesystem [ 126.527261][ T3930] bond0 (unregistering): Released all slaves [ 126.562393][ T4648] XFS (loop4): Ending clean mount [ 126.647332][ T4648] XFS (loop4): Quotacheck needed: Please wait. [ 126.746344][ T4670] loop0: detected capacity change from 0 to 512 [ 126.803384][ T4670] EXT4-fs (loop0): Ignoring removed nobh option [ 126.814682][ T4670] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 126.842468][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 126.884428][ T4648] XFS (loop4): Quotacheck: Done. [ 126.910316][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 126.915431][ T4670] EXT4-fs (loop0): 1 truncate cleaned up [ 126.955210][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 127.045278][ T3636] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 127.057174][ T4670] EXT4-fs (loop0): mounted filesystem without journal. Opts: i_version,nobh,data_err=ignore,nolazytime,init_itable=0x0000000000000004,acl,,errors=continue. Quota mode: none. [ 127.095235][ T3636] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 127.122488][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 127.143734][ T4676] loop2: detected capacity change from 0 to 1024 [ 127.387939][ T4676] EXT4-fs (loop2): Test dummy encryption mode enabled [ 127.539814][ T4676] EXT4-fs (loop2): Ignoring removed orlov option [ 127.749194][ T4676] EXT4-fs (loop2): mounted filesystem without journal. Opts: test_dummy_encryption,debug_want_extra_isize=0x0000000000000084,stripe=0x0000000000000007,commit=0x0000000000000005,orlov,barrier=0x0000000000000005,max_batch_time=0x0000000000000000,data_err=abort,,errors=continue. Quota mode: writeback. [ 129.541116][ T4498] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 129.616198][ T4498] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 129.780092][ T4498] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 129.833614][ T4498] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 130.160871][ T4724] loop0: detected capacity change from 0 to 512 [ 130.232483][ T4724] EXT4-fs (loop0): Ignoring removed mblk_io_submit option [ 130.253091][ T4724] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 130.274667][ T4498] 8021q: adding VLAN 0 to HW filter on device bond0 [ 130.288617][ T3934] XFS (loop4): Unmounting Filesystem [ 130.386839][ T4724] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2219: inode #15: comm syz.0.192: corrupted in-inode xattr [ 130.413789][ T4498] 8021q: adding VLAN 0 to HW filter on device team0 [ 130.454184][ T4724] EXT4-fs error (device loop0): ext4_orphan_get:1402: comm syz.0.192: couldn't read orphan inode 15 (err -117) [ 130.472157][ T3933] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 130.505670][ T3933] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 130.513593][ T4724] EXT4-fs (loop0): mounted filesystem without journal. Opts: norecovery,mblk_io_submit,lazytime,bsddf,block_validity,user_xattr,mb_optimize_scan=0x0000000000000001,init_itable=0x00000000000003ed,,errors=continue. Quota mode: none. [ 130.562441][ T3636] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 130.604830][ T3636] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 130.635064][ T3636] bridge0: port 1(bridge_slave_0) entered blocking state [ 130.642593][ T3636] bridge0: port 1(bridge_slave_0) entered forwarding state [ 130.714568][ T3636] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 130.848435][ T3636] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 130.882460][ T3636] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 130.993734][ T3636] bridge0: port 2(bridge_slave_1) entered blocking state [ 131.000905][ T3636] bridge0: port 2(bridge_slave_1) entered forwarding state [ 131.199691][ T3636] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 131.258153][ T3636] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 131.431116][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 131.457585][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 131.541472][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 131.678043][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 131.708183][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 131.737673][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 131.783130][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 131.819666][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 131.865110][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 132.062292][ T4498] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 132.840581][ T1399] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.849637][ T1399] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.233975][ T4758] syz.2.197[4758] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 133.234115][ T4758] syz.2.197[4758] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 133.439023][ T4498] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 133.509725][ T3931] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 133.519584][ T3931] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 134.240375][ T3931] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 134.278896][ T3931] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 134.450101][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 134.477961][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 134.528729][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 134.558192][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 134.670806][ T4498] device veth0_vlan entered promiscuous mode [ 135.114707][ T4498] device veth1_vlan entered promiscuous mode [ 135.533222][ T4498] device veth0_macvtap entered promiscuous mode [ 135.546123][ T4791] loop2: detected capacity change from 0 to 512 [ 135.617855][ T4498] device veth1_macvtap entered promiscuous mode [ 135.760209][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 135.807530][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 135.828248][ T4791] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 135.891993][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 135.909882][ T4791] ext4 filesystem being mounted at /49/bus supports timestamps until 2038 (0x7fffffff) [ 135.972926][ T4498] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 136.027387][ T4498] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 136.062237][ T4801] loop1: detected capacity change from 0 to 4096 [ 136.066250][ T4498] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 136.105015][ T26] audit: type=1804 audit(1728973763.925:13): pid=4805 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.203" name="/newroot/49/bus/bus" dev="loop2" ino=18 res=1 errno=0 [ 136.179860][ T4498] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 136.199736][ T26] audit: type=1804 audit(1728973763.955:14): pid=4805 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.203" name="/newroot/49/bus/bus" dev="loop2" ino=18 res=1 errno=0 [ 136.220558][ T4498] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 136.249360][ T4498] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 136.294860][ T4498] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 136.334539][ T4498] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 136.380893][ T4498] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 136.407036][ T4498] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 136.438921][ T4498] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 136.451241][ T4781] loop4: detected capacity change from 0 to 40427 [ 136.470708][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 136.495671][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 136.497762][ T4801] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 136.539286][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 136.586256][ T4781] F2FS-fs (loop4): invalid crc value [ 136.634174][ T4498] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 136.687356][ T4498] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 136.708768][ T4498] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 136.737049][ T4498] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 136.789287][ T4781] F2FS-fs (loop4): Found nat_bits in checkpoint [ 136.807055][ T4498] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 136.852317][ T4498] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 136.877108][ T4498] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 136.897207][ T4498] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 137.206972][ T4498] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 137.268543][ T4498] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 137.295819][ T4781] F2FS-fs (loop4): Cannot turn on quotas: -2 on 1 [ 137.331078][ T4498] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 137.447734][ T4781] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 137.487267][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 137.498341][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 137.516785][ T4781] attempt to access beyond end of device [ 137.516785][ T4781] loop4: rw=524288, want=45072, limit=40427 [ 137.549623][ T4781] attempt to access beyond end of device [ 137.549623][ T4781] loop4: rw=0, want=45072, limit=40427 [ 137.623795][ T4498] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 137.681805][ T4498] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 137.702715][ T4498] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 137.733724][ T4498] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 137.789570][ T3934] attempt to access beyond end of device [ 137.789570][ T3934] loop4: rw=2049, want=45104, limit=40427 [ 138.013865][ T3931] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 138.037209][ T3931] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 138.127094][ T3931] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 138.138525][ T154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 138.149162][ T154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 138.208750][ T3931] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 139.793080][ T4861] loop3: detected capacity change from 0 to 512 [ 139.814428][ T4831] loop2: detected capacity change from 0 to 32768 [ 139.940050][ T4861] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -2 [ 139.995817][ T4861] EXT4-fs (loop3): 1 truncate cleaned up [ 140.135386][ T4861] EXT4-fs (loop3): mounted filesystem without journal. Opts: resuid=0x000000000000ee01,noblock_validity,usrquota,resuid=0x0000000000000000,debug_want_extra_isize=0x0000000000000008,jqfmt=vfsold,usrjquota=min_batch_time=0x0000000000000a9b,nodiscard,,errors=continue. Quota mode: writeback. [ 145.835499][ T4928] dlm: plock device version mismatch: kernel (1.2.0), user (0.0.0) [ 145.882661][ T1075] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 146.197184][ T1075] usb 2-1: Using ep0 maxpacket: 8 [ 146.487881][ T1075] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 146.550091][ T1075] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 146.605902][ T1075] usb 2-1: Product: syz [ 146.627033][ T1075] usb 2-1: Manufacturer: syz [ 146.632077][ T1075] usb 2-1: SerialNumber: syz [ 146.666577][ T1075] usb 2-1: config 0 descriptor?? [ 147.261564][ T1075] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 147.380518][ T4941] xt_bpf: check failed: parse error [ 147.569723][ T4921] loop4: detected capacity change from 0 to 40427 [ 147.713080][ T4921] F2FS-fs (loop4): invalid crc value [ 147.834797][ T4921] F2FS-fs (loop4): Found nat_bits in checkpoint [ 148.037001][ T4921] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 150.896766][ T3934] attempt to access beyond end of device [ 150.896766][ T3934] loop4: rw=2049, want=45104, limit=40427 [ 151.007162][ T4409] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 151.078300][ T1075] dvb_usb_rtl28xxu: probe of 2-1:0.0 failed with error -71 [ 151.300594][ T1075] usb 2-1: USB disconnect, device number 3 [ 151.857464][ T4409] usb 3-1: New USB device found, idVendor=0572, idProduct=cb01, bcdDevice=26.65 [ 151.877392][ T4409] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 151.885525][ T4409] usb 3-1: Product: syz [ 151.898066][ T4409] usb 3-1: Manufacturer: syz [ 151.993006][ T4409] usb 3-1: SerialNumber: syz [ 152.000968][ T4409] usb 3-1: config 0 descriptor?? [ 152.356633][ T4962] udc-core: couldn't find an available UDC or it's busy [ 152.499025][ T4962] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 153.337173][ T4409] usb 3-1: ignoring: probably an ADSL modem [ 154.435999][ T4409] cxacru 3-1:0.0: usbatm_usb_probe: bind failed: -19! [ 154.446563][ T4409] usb 3-1: USB disconnect, device number 4 [ 154.614506][ T4995] loop4: detected capacity change from 0 to 8192 [ 156.073778][ T5005] loop1: detected capacity change from 0 to 256 [ 157.029608][ T5009] loop2: detected capacity change from 0 to 40427 [ 157.073713][ T5009] F2FS-fs (loop2): invalid crc value [ 157.086577][ T5014] loop4: detected capacity change from 0 to 512 [ 157.114881][ T5009] F2FS-fs (loop2): Found nat_bits in checkpoint [ 157.156043][ T5009] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4 [ 157.214152][ T5022] tipc: Started in network mode [ 157.226758][ T5022] tipc: Node identity 02e2f7ae354d, cluster identity 4711 [ 157.314339][ T4409] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 157.323436][ T5022] tipc: Enabled bearer , priority 0 [ 157.348303][ T5024] ªªªªªª: renamed from syzkaller0 [ 157.954816][ T5024] tipc: Disabling bearer [ 158.127486][ T4409] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 158.192321][ T4409] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 158.327357][ T4409] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 158.348894][ T4409] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 158.371227][ T4409] usb 1-1: SerialNumber: syz [ 158.420285][ T5031] loop1: detected capacity change from 0 to 128 [ 158.672632][ T4409] usb 1-1: 0:2 : does not exist [ 158.687545][ T4409] usb 1-1: unit 255 not found! [ 159.292012][ T4409] usb 1-1: 5:0: cannot get min/max values for control 2 (id 5) [ 159.534014][ T4409] usb 1-1: USB disconnect, device number 7 [ 160.971608][ T5059] loop3: detected capacity change from 0 to 512 [ 161.075472][ T5062] loop4: detected capacity change from 0 to 2048 [ 161.115828][ T5059] EXT4-fs (loop3): Quota format mount options ignored when QUOTA feature is enabled [ 161.159135][ T5059] EXT4-fs (loop3): Quota format mount options ignored when QUOTA feature is enabled [ 161.204927][ T5059] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 162.012217][ T5059] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e000e118, mo2=0002] [ 162.028658][ T5062] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024) [ 162.057055][ T5059] System zones: 0-1, 15-15, 18-18, 34-34 [ 163.354970][ T5059] EXT4-fs (loop3): orphan cleanup on readonly fs [ 163.427674][ T5059] Quota error (device loop3): v2_read_header: Failed header read: expected=8 got=0 [ 163.451104][ T5059] EXT4-fs warning (device loop3): ext4_enable_quotas:6431: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 163.489452][ T5071] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 163.490575][ T5062] NILFS error (device loop4): nilfs_bmap_lookup_at_level: broken bmap (inode number=6) [ 163.524679][ T5059] EXT4-fs (loop3): Cannot turn on quotas: error -22 [ 163.569608][ T3643] udevd[3643]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 163.579855][ T5062] Remounting filesystem read-only [ 163.638842][ T5059] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz.3.253: bg 0: block 40: padding at end of block bitmap is not set [ 163.743384][ T5059] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6185: Corrupt filesystem [ 163.835840][ T5059] EXT4-fs (loop3): 1 truncate cleaned up [ 163.852854][ T5059] EXT4-fs (loop3): mounted filesystem without journal. Opts: jqfmt=vfsv1,nouid32,jqfmt=vfsv0,norecovery,norecovery,dioread_lock,,errors=continue. Quota mode: writeback. [ 163.910531][ T5073] netlink: 12 bytes leftover after parsing attributes in process `syz.4.257'. [ 163.948590][ T5059] fscrypt (loop3, inode 16): Error -61 getting encryption context [ 164.005207][ T5076] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 164.025660][ T5077] fscrypt (loop3, inode 16): Error -61 getting encryption context [ 164.088148][ T5059] fscrypt (loop3, inode 16): Error -61 getting encryption context [ 164.181898][ T5059] fscrypt (loop3, inode 16): Error -61 getting encryption context [ 164.234609][ T5059] fscrypt (loop3, inode 16): Error -61 getting encryption context [ 164.264941][ T5082] xt_socket: unknown flags 0x50 [ 164.312782][ T5077] fscrypt (loop3, inode 16): Error -61 getting encryption context [ 166.535454][ T5096] loop2: detected capacity change from 0 to 512 [ 167.087173][ T5096] EXT4-fs (loop2): 1 orphan inode deleted [ 167.238769][ T5096] EXT4-fs (loop2): mounted filesystem without journal. Opts: errors=remount-ro,nodiscard,grpquota,lazytime,stripe=0x0000000000000079,resgid=0x0000000000000000,sysvgroups,noauto_da_alloc,usrquota,. Quota mode: writeback. [ 167.371873][ T5096] ext4 filesystem being mounted at /61/file1 supports timestamps until 2038 (0x7fffffff) [ 167.383631][ T5107] loop0: detected capacity change from 0 to 2048 [ 167.638532][ T5111] 9pnet: Could not find request transport: 0xffffffffffffffff0xffffffffffffffff [ 168.462080][ T5109] loop4: detected capacity change from 0 to 8192 [ 168.587641][ T5109] REISERFS (device loop4): found reiserfs format "3.5" with non-standard journal [ 168.607998][ T5109] REISERFS (device loop4): using ordered data mode [ 168.637562][ T5109] reiserfs: using flush barriers [ 168.687803][ T5109] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 168.767868][ T5109] REISERFS (device loop4): checking transaction log (loop4) [ 168.804977][ T5109] REISERFS (device loop4): Using r5 hash to sort names [ 168.900020][ T5109] reiserfs: enabling write barrier flush mode [ 168.984944][ T5109] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage. [ 169.064813][ T5128] loop0: detected capacity change from 0 to 512 [ 169.231406][ T5128] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8802e02c, mo2=0002] [ 169.342506][ T26] audit: type=1400 audit(1728973797.125:15): apparmor="DENIED" operation="setprocattr" info="fscreate" error=-22 profile="unconfined" pid=5108 comm="syz.4.267" [ 169.495996][ T5128] EXT4-fs error (device loop0): __ext4_iget:4872: inode #11: block 393240: comm syz.0.270: invalid block [ 169.600349][ T5128] EXT4-fs (loop0): Remounting filesystem read-only [ 169.641228][ T5128] EXT4-fs error (device loop0): ext4_orphan_get:1402: comm syz.0.270: couldn't read orphan inode 11 (err -117) [ 169.755390][ T5128] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,min_batch_time=0x0000000000000001,errors=remount-ro,sb=0x0000000000000008,lazytime. Quota mode: none. [ 169.795460][ T5116] loop3: detected capacity change from 0 to 40427 [ 169.890307][ T5116] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 169.900164][ T5126] kvm [5125]: vcpu0, guest rIP: 0x1be disabled perfctr wrmsr: 0x186 data 0x1460c000030 [ 169.923483][ T5116] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 169.950203][ T5126] kvm [5125]: vcpu0, guest rIP: 0x1be ignored wrmsr: 0x11e data 0xbe702111 [ 169.976850][ T5126] kvm [5125]: vcpu0, guest rIP: 0x1be ignored wrmsr: 0x11e data 0xbe702111 [ 170.004057][ T5126] kvm [5125]: vcpu0, guest rIP: 0x1be disabled perfctr wrmsr: 0x187 data 0xd600000000 [ 170.701794][ T5116] F2FS-fs (loop3): Found nat_bits in checkpoint [ 174.323917][ T5172] loop2: detected capacity change from 0 to 512 [ 174.579985][ T5172] EXT4-fs (loop2): Mount option "nouser_xattr" will be removed by 3.5 [ 174.579985][ T5172] Contact linux-ext4@vger.kernel.org if you think we should keep it. [ 174.579985][ T5172] [ 175.432426][ T5172] EXT4-fs (loop2): Unrecognized mount option "smackfsfloor=ext4" or missing value [ 175.729860][ T5183] loop0: detected capacity change from 0 to 256 [ 175.903149][ T5185] xt_hashlimit: max too large, truncated to 1048576 [ 175.925047][ T5185] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 176.473410][ T23] Bluetooth: hci2: command 0x0406 tx timeout [ 176.528607][ T23] Bluetooth: hci1: command 0x0406 tx timeout [ 176.588535][ T5183] FAT-fs (loop0): Directory bread(block 64) failed [ 176.664568][ T5183] FAT-fs (loop0): Directory bread(block 65) failed [ 176.717106][ T5183] FAT-fs (loop0): Directory bread(block 66) failed [ 176.727086][ T5183] FAT-fs (loop0): Directory bread(block 67) failed [ 178.145010][ T5183] FAT-fs (loop0): Directory bread(block 68) failed [ 178.277070][ T5183] FAT-fs (loop0): Directory bread(block 69) failed [ 178.324454][ T5183] FAT-fs (loop0): Directory bread(block 70) failed [ 178.354816][ T5183] FAT-fs (loop0): Directory bread(block 71) failed [ 178.397149][ T5183] FAT-fs (loop0): Directory bread(block 72) failed [ 178.403733][ T5183] FAT-fs (loop0): Directory bread(block 73) failed [ 179.604866][ T3779] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 180.614736][ T3779] usb 3-1: Using ep0 maxpacket: 32 [ 180.690350][ T5208] loop1: detected capacity change from 0 to 4096 [ 181.499483][ T3779] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 221, using maximum allowed: 30 [ 181.515099][ T3779] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 221 [ 181.780999][ T5220] netlink: 52 bytes leftover after parsing attributes in process `syz.4.291'. [ 181.853873][ T3779] usb 3-1: string descriptor 0 read error: -71 [ 181.860774][ T3779] usb 3-1: New USB device found, idVendor=0572, idProduct=c69a, bcdDevice=50.5e [ 181.870090][ T3779] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 182.338718][ T3779] usb 3-1: config 0 descriptor?? [ 182.383439][ T3779] usb 3-1: can't set config #0, error -71 [ 182.428871][ T3779] usb 3-1: USB disconnect, device number 5 [ 188.461559][ T5260] loop0: detected capacity change from 0 to 512 [ 189.079768][ T5260] EXT4-fs (loop0): 1 truncate cleaned up [ 189.156843][ T5260] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 189.966910][ C0] sched: RT throttling activated [ 191.969001][ T4880] device hsr_slave_0 left promiscuous mode [ 192.016402][ T4880] device hsr_slave_1 left promiscuous mode [ 192.042997][ T4880] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 192.070672][ T4880] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 192.117157][ T4880] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 192.130075][ T4880] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 192.204669][ T4880] device bridge_slave_1 left promiscuous mode [ 192.212065][ T4880] bridge0: port 2(bridge_slave_1) entered disabled state [ 192.231327][ T4880] device bridge_slave_0 left promiscuous mode [ 192.239808][ T4880] bridge0: port 1(bridge_slave_0) entered disabled state [ 192.301741][ T4880] device veth1_macvtap left promiscuous mode [ 192.331945][ T4880] device veth0_macvtap left promiscuous mode [ 192.356461][ T4880] device veth1_vlan left promiscuous mode [ 192.394487][ T5276] loop3: detected capacity change from 0 to 32768 [ 192.407068][ T4880] device veth0_vlan left promiscuous mode [ 192.497513][ T5285] loop0: detected capacity change from 0 to 128 [ 192.519551][ T5276] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 192.536616][ T5276] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 192.606588][ T5276] gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents in 0ms [ 192.615541][ T5285] EXT4-fs (loop0): Test dummy encryption mode enabled [ 192.656804][ T3611] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 192.665438][ T3611] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 192.675643][ T5285] EXT4-fs (loop0): mounted filesystem without journal. Opts: test_dummy_encryption,,errors=continue. Quota mode: none. [ 192.713455][ T5287] loop4: detected capacity change from 0 to 512 [ 192.733026][ T5285] ext4 filesystem being mounted at /81/mnt supports timestamps until 2038 (0x7fffffff) [ 193.135595][ T4880] team0 (unregistering): Port device team_slave_1 removed [ 193.151798][ T3611] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 486ms [ 193.160461][ T3611] gfs2: fsid=syz:syz.0: jid=0: Done [ 193.167430][ T5276] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 194.036097][ T5287] EXT4-fs (loop4): 1 orphan inode deleted [ 194.043022][ T4880] team0 (unregistering): Port device team_slave_0 removed [ 194.065401][ T5287] EXT4-fs (loop4): mounted filesystem without journal. Opts: dioread_nolock,nojournal_checksum,noquota,barrier=0x0000000000000006,stripe=0x0000000000000079,resgid=0x0000000000000000,sysvgroups,bsddf,dioread_lock,,errors=continue. Quota mode: writeback. [ 194.101441][ T5287] ext4 filesystem being mounted at /42/file1 supports timestamps until 2038 (0x7fffffff) [ 194.147249][ T4880] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 194.179306][ T4880] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 194.240620][ T1399] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.247001][ T1399] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.458518][ T3610] Bluetooth: hci1: command 0x0409 tx timeout [ 195.320152][ T4880] bond0 (unregistering): Released all slaves [ 195.378622][ T5310] loop4: detected capacity change from 0 to 764 [ 195.902234][ T3569] syz-executor (3569) used greatest stack depth: 19128 bytes left [ 196.200429][ T5319] loop4: detected capacity change from 0 to 128 [ 196.261976][ T5282] chnl_net:caif_netlink_parms(): no params data found [ 196.303168][ T5319] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x61000772 (sector = 1) [ 196.478636][ T1075] Bluetooth: hci1: command 0x041b tx timeout [ 196.531189][ T5325] loop3: detected capacity change from 0 to 128 [ 197.111654][ T5328] raw_sendmsg: syz.4.319 forgot to set AF_INET. Fix it! [ 197.951338][ T26] audit: type=1800 audit(1728973825.775:16): pid=5330 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.317" name="bus" dev="loop3" ino=1048632 res=0 errno=0 [ 198.023825][ T3689] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x61000772 (sector = 1) [ 198.123318][ T5282] bridge0: port 1(bridge_slave_0) entered blocking state [ 198.136030][ T5282] bridge0: port 1(bridge_slave_0) entered disabled state [ 198.204476][ T5282] device bridge_slave_0 entered promiscuous mode [ 198.274035][ T5282] bridge0: port 2(bridge_slave_1) entered blocking state [ 198.300119][ T5282] bridge0: port 2(bridge_slave_1) entered disabled state [ 198.321592][ T5282] device bridge_slave_1 entered promiscuous mode [ 198.420168][ T5282] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 198.472488][ T5282] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 198.557034][ T4409] Bluetooth: hci1: command 0x040f tx timeout [ 198.601947][ T5282] team0: Port device team_slave_0 added [ 198.605083][ T5338] loop1: detected capacity change from 0 to 8192 [ 198.636418][ T5282] team0: Port device team_slave_1 added [ 198.714407][ T5338] REISERFS (device loop1): found reiserfs format "3.6" with non-standard journal [ 198.729411][ T5282] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 198.757388][ T5282] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 198.784792][ T5338] REISERFS (device loop1): using ordered data mode [ 198.791869][ T5338] reiserfs: using flush barriers [ 198.877046][ T5338] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 198.896478][ T5282] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 198.926743][ T5282] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 198.943649][ T5338] REISERFS (device loop1): checking transaction log (loop1) [ 198.947719][ T5282] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 198.971206][ T5338] REISERFS (device loop1): Using r5 hash to sort names [ 199.020870][ T5338] REISERFS warning (device loop1): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 199.033191][ T5346] loop4: detected capacity change from 0 to 4096 [ 199.043540][ T5282] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 199.072736][ T5338] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage. [ 199.154528][ T5282] device hsr_slave_0 entered promiscuous mode [ 199.176536][ T5282] device hsr_slave_1 entered promiscuous mode [ 199.202084][ T5282] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 199.228014][ T5282] Cannot create hsr debugfs directory [ 199.353644][ T5346] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 199.459452][ T5350] REISERFS warning (device loop1): sh-2029: %s: bitmap block (#%u) reading failed reiserfs_read_bitmap_block: reiserfs_read_bitmap_block [ 199.479125][ T5350] REISERFS warning (device loop1): sh-2029: %s: bitmap block (#%u) reading failed reiserfs_read_bitmap_block: reiserfs_read_bitmap_block [ 199.497397][ T5350] REISERFS warning (device loop1): sh-2029: %s: bitmap block (#%u) reading failed reiserfs_read_bitmap_block: reiserfs_read_bitmap_block [ 200.359074][ T5282] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 200.588290][ T26] audit: type=1326 audit(1728973828.415:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5353 comm="syz.1.324" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f566e6bcff9 code=0x7ffc0000 [ 200.638479][ T3610] Bluetooth: hci1: command 0x0419 tx timeout [ 200.691875][ T26] audit: type=1326 audit(1728973828.415:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5353 comm="syz.1.324" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f566e6bcff9 code=0x7ffc0000 [ 200.785887][ T26] audit: type=1326 audit(1728973828.435:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5353 comm="syz.1.324" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f566e6bcff9 code=0x7ffc0000 [ 200.837207][ T26] audit: type=1326 audit(1728973828.435:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5353 comm="syz.1.324" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f566e6bcff9 code=0x7ffc0000 [ 200.856941][ T5282] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 200.860408][ T26] audit: type=1326 audit(1728973828.435:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5353 comm="syz.1.324" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f566e6bcff9 code=0x7ffc0000 [ 201.206424][ T26] audit: type=1326 audit(1728973828.445:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5353 comm="syz.1.324" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f566e6bb990 code=0x7ffc0000 [ 201.617022][ T26] audit: type=1326 audit(1728973828.445:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5353 comm="syz.1.324" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f566e6bcff9 code=0x7ffc0000 [ 201.639172][ C0] vkms_vblank_simulate: vblank timer overrun [ 201.668565][ T5282] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 201.752397][ T26] audit: type=1326 audit(1728973828.445:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5353 comm="syz.1.324" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f566e6bcff9 code=0x7ffc0000 [ 201.978737][ T5363] loop4: detected capacity change from 0 to 16 [ 202.057302][ T5363] erofs: (device loop4): mounted with root inode @ nid 36. [ 202.066301][ T5369] vivid-002: disconnect [ 202.070567][ T26] audit: type=1326 audit(1728973828.445:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5353 comm="syz.1.324" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f566e6bcff9 code=0x7ffc0000 [ 202.106177][ T5370] loop0: detected capacity change from 0 to 512 [ 202.357809][ T5282] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 202.380127][ T5370] EXT4-fs (loop0): Journaled quota options ignored when QUOTA feature is enabled [ 202.389959][ T5370] EXT4-fs (loop0): Mount option "noacl" will be removed by 3.5 [ 202.389959][ T5370] Contact linux-ext4@vger.kernel.org if you think we should keep it. [ 202.389959][ T5370] [ 202.407936][ T5370] EXT4-fs (loop0): Unrecognized mount option "seclabel" or missing value [ 202.517778][ T5360] vivid-002: reconnect [ 203.247638][ T5282] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 203.269778][ T5282] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 203.318643][ T5282] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 203.352510][ T5282] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 203.528118][ T5378] loop0: detected capacity change from 0 to 128 [ 203.558726][ T5282] 8021q: adding VLAN 0 to HW filter on device bond0 [ 203.641041][ T5378] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x61000772 (sector = 1) [ 203.655963][ T5282] 8021q: adding VLAN 0 to HW filter on device team0 [ 203.758628][ T3933] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 203.874152][ T3933] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 203.887850][ T5375] netlink: 24 bytes leftover after parsing attributes in process `syz.4.333'. [ 204.639599][ T3933] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 204.677609][ T3933] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 204.927931][ T3933] bridge0: port 1(bridge_slave_0) entered blocking state [ 204.935943][ T3933] bridge0: port 1(bridge_slave_0) entered forwarding state [ 204.989931][ T3933] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 204.999519][ T3933] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 205.008411][ T3933] bridge0: port 2(bridge_slave_1) entered blocking state [ 205.015534][ T3933] bridge0: port 2(bridge_slave_1) entered forwarding state [ 205.027427][ T3933] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 205.276060][ T3689] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 206.609817][ T3689] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x61000772 (sector = 1) [ 206.618774][ T5395] loop4: detected capacity change from 0 to 512 [ 206.651056][ T3933] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 206.687175][ T5395] EXT4-fs (loop4): Ignoring removed nobh option [ 206.706151][ T3933] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 206.714880][ T5395] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 206.748613][ T3933] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 206.775809][ T3933] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 206.807965][ T3933] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 206.874518][ T5282] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 206.896173][ T4409] Bluetooth: hci3: command 0x0406 tx timeout [ 206.907562][ T5395] EXT4-fs (loop4): 1 truncate cleaned up [ 206.941850][ T5395] EXT4-fs (loop4): mounted filesystem without journal. Opts: grpid,nobh,data_err=ignore,nolazytime,grpjquota=,acl,,errors=continue. Quota mode: none. [ 207.104946][ T5282] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 207.140439][ T3933] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 207.276703][ T3933] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 207.396421][ T3933] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 208.138391][ T3933] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 208.173034][ T5409] loop3: detected capacity change from 0 to 2048 [ 208.184001][ T3933] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 208.195645][ T3933] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 208.292213][ T5409] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 209.899175][ T5282] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 209.925241][ T3933] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 209.954141][ T3933] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 209.995518][ T3654] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 210.005707][ T3654] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 210.032856][ T5282] device veth0_vlan entered promiscuous mode [ 210.054550][ T5282] device veth1_vlan entered promiscuous mode [ 210.112930][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 210.122395][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 210.150131][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 210.198561][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 210.216418][ T5428] loop3: detected capacity change from 0 to 8192 [ 210.227646][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 210.324353][ T3878] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 210.333330][ T26] kauditd_printk_skb: 20 callbacks suppressed [ 210.333348][ T26] audit: type=1800 audit(1728973838.145:46): pid=5428 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.341" name="bus" dev="loop3" ino=1048636 res=0 errno=0 [ 210.399689][ T3878] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 210.427005][ T26] audit: type=1800 audit(1728973838.155:47): pid=5428 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.341" name="bus" dev="loop3" ino=1048636 res=0 errno=0 [ 210.448026][ T3878] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 210.482185][ T5282] device veth0_macvtap entered promiscuous mode [ 210.518890][ T5282] device veth1_macvtap entered promiscuous mode [ 210.589620][ T5282] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 210.626944][ T5282] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 210.651120][ T5282] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 210.665327][ T5282] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 210.676077][ T5282] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 210.697077][ T5282] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 210.723575][ T5282] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 210.734964][ T4045] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 210.753053][ T5282] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 210.794188][ T5282] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 210.822673][ T5282] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 210.856672][ T5282] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 210.902470][ T3933] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 210.929156][ T3933] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 210.955168][ T3933] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 210.985093][ T3933] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 210.987059][ T4045] usb 4-1: Using ep0 maxpacket: 8 [ 211.032487][ T5282] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 211.063898][ T5282] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 211.091997][ T5282] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 211.123551][ T5282] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 211.158594][ T4045] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 211.161649][ T5282] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 211.196497][ T5282] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 211.214800][ T5282] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 211.234329][ T5282] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 211.245940][ T5282] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 211.257261][ T4045] usb 4-1: New USB device found, idVendor=05ac, idProduct=9219, bcdDevice=61.da [ 211.265904][ T5282] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 211.277354][ T4045] usb 4-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 211.286486][ T5282] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 211.287501][ T4045] usb 4-1: Manufacturer: syz [ 211.421910][ T4045] usb 4-1: config 0 descriptor?? [ 211.526548][ T3654] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 211.577153][ T3654] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 211.648701][ T5282] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 211.696193][ T5282] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 211.745749][ T4045] appledisplay 4-1:0.0: Error while getting initial brightness: -71 [ 211.773356][ T4045] appledisplay: probe of 4-1:0.0 failed with error -71 [ 211.791087][ T5282] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 211.856723][ T5282] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 211.906414][ T4045] usb 4-1: USB disconnect, device number 3 [ 212.128962][ T154] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 212.145668][ T154] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 212.245730][ T3687] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 212.265789][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 212.274446][ T3687] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 212.326164][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 212.438244][ T5437] loop4: detected capacity change from 0 to 32768 [ 212.784762][ T5437] ocfs2: Mounting device (7,4) on (node local, slot 0) with writeback data mode. [ 214.489564][ T5475] loop3: detected capacity change from 0 to 1024 [ 215.100779][ T5456] loop0: detected capacity change from 0 to 40427 [ 215.110749][ T5478] loop3: detected capacity change from 0 to 512 [ 215.236355][ T3934] ocfs2: Unmounting device (7,4) on (node local) [ 215.345623][ T5456] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 215.355761][ T5456] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 215.413304][ T5456] F2FS-fs (loop0): invalid crc value [ 216.190596][ T5478] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 216.244471][ T5456] F2FS-fs (loop0): Found nat_bits in checkpoint [ 216.252561][ T5478] EXT4-fs (loop3): 1 truncate cleaned up [ 216.261552][ T5478] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 216.420234][ T5489] loop1: detected capacity change from 0 to 2048 [ 216.841417][ T5489] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 216.892976][ T5489] ext4 filesystem being mounted at /40/file0 supports timestamps until 2038 (0x7fffffff) [ 217.168322][ T5497] Invalid ELF header magic: != ELF [ 217.175090][ T5497] fs-verity: sha512 using implementation "sha512-avx2" [ 218.734116][ T5492] loop4: detected capacity change from 0 to 40427 [ 220.500252][ T5521] loop2: detected capacity change from 0 to 2048 [ 221.013774][ T5521] loop2: p1 < > p4 [ 221.049518][ T5521] loop2: p4 size 8388608 extends beyond EOD, truncated [ 221.321105][ C0] vcan0: j1939_tp_rxtimer: 0xffff888061d17000: rx timeout, send abort [ 221.762180][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff888061d17000: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 221.944960][ T3028] loop2: p1 < > p4 [ 221.974760][ T3028] loop2: p4 size 8388608 extends beyond EOD, truncated [ 223.250580][ T5533] loop3: detected capacity change from 0 to 128 [ 223.657972][ T5533] EXT4-fs (loop3): mounted filesystem without journal. Opts: noblock_validity,inode_readahead_blks=0x0000000000000004,errors=continue,,errors=continue. Quota mode: none. [ 223.948235][ T5539] ------------[ cut here ]------------ [ 223.954373][ T5539] WARNING: CPU: 1 PID: 5539 at kernel/softirq.c:363 __local_bh_enable_ip+0x1b3/0x1f0 [ 223.963987][ T5539] Modules linked in: [ 223.967912][ T5539] CPU: 1 PID: 5539 Comm: syz.0.371 Not tainted 5.15.167-syzkaller #0 [ 223.976078][ T5539] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 223.986239][ T5539] RIP: 0010:__local_bh_enable_ip+0x1b3/0x1f0 [ 223.992256][ T5539] Code: 04 25 28 00 00 00 48 3b 44 24 60 75 4a 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 0f 0b e9 d0 fe ff ff e8 3f 00 00 00 eb a2 <0f> 0b e9 02 ff ff ff 48 c7 c1 44 94 e9 8d 80 e1 07 80 c1 03 38 c1 [ 224.011978][ T5539] RSP: 0018:ffffc90002f97140 EFLAGS: 00010046 [ 224.018098][ T5539] RAX: 0000000000000000 RBX: 1ffff920005f2e2c RCX: 0000000000040000 [ 224.026094][ T5539] RDX: ffffc9000376b000 RSI: 0000000000000200 RDI: ffffffff884b8e55 [ 224.034277][ T5539] RBP: ffffc90002f971f0 R08: dffffc0000000000 R09: fffffbfff1bd2c16 [ 224.042499][ T5539] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000 [ 224.050699][ T5539] R13: 1ffff1100f9e3f98 R14: ffffc90002f97180 R15: 0000000000000200 [ 224.057204][ T5533] ext4 filesystem being mounted at /33/mnt supports timestamps until 2038 (0x7fffffff) [ 224.058705][ T5539] FS: 00007fd0275ed6c0(0000) GS:ffff8880b9100000(0000) knlGS:0000000000000000 [ 224.077430][ T5539] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 224.084057][ T5539] CR2: 0000001b2e31fffc CR3: 0000000024f3f000 CR4: 00000000003506e0 [ 224.092064][ T5539] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 224.100061][ T5539] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 224.108061][ T5539] Call Trace: [ 224.111452][ T5539] [ 224.114403][ T5539] ? __warn+0x15b/0x300 [ 224.118589][ T5539] ? __local_bh_enable_ip+0x1b3/0x1f0 [ 224.123981][ T5539] ? report_bug+0x1b7/0x2e0 [ 224.128526][ T5539] ? handle_bug+0x3d/0x70 [ 224.132879][ T5539] ? exc_invalid_op+0x16/0x40 [ 224.137578][ T5539] ? asm_exc_invalid_op+0x16/0x20 [ 224.142645][ T5539] ? local_bh_enable+0x5/0x20 [ 224.147342][ T5539] ? __local_bh_enable_ip+0x1b3/0x1f0 [ 224.152837][ T5539] ? local_bh_enable+0x5/0x20 [ 224.157560][ T5539] ? _local_bh_enable+0xa0/0xa0 [ 224.162471][ T5539] __dev_queue_xmit+0x1c56/0x3230 [ 224.167553][ T5539] ? dev_queue_xmit+0x20/0x20 [ 224.172251][ T5539] ? __copy_skb_header+0x47b/0x600 [ 224.177387][ T5539] ? __skb_clone+0x454/0x6c0 [ 224.182005][ T5539] ? skb_clone+0x1ee/0x350 [ 224.186448][ T5539] __netlink_deliver_tap+0x4d2/0x760 [ 224.191780][ T5539] netlink_deliver_tap+0x16c/0x180 [ 224.197008][ T5539] netlink_broadcast_filtered+0xc2d/0x11a0 [ 224.202871][ T5539] netlink_broadcast+0x35/0x50 [ 224.207668][ T5539] genlmsg_multicast_netns+0x8e/0xc0 [ 224.213162][ T5539] nl80211_frame_tx_status+0x659/0xa40 [ 224.218659][ T5539] ? cfg80211_control_port_tx_status+0x50/0x50 [ 224.224938][ T5539] ? do_raw_spin_unlock+0x137/0x8b0 [ 224.230175][ T5539] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 224.236119][ T5539] ? _raw_spin_unlock+0x40/0x40 [ 224.240999][ T5539] cfg80211_mgmt_tx_status+0x3a/0x50 [ 224.246315][ T5539] ieee80211_report_used_skb+0x12f6/0x1810 [ 224.252151][ T5539] ? _raw_spin_lock_irqsave+0xac/0x120 [ 224.257648][ T5539] ? ieee80211_handle_filtered_frame+0x750/0x750 [ 224.264014][ T5539] ? _raw_spin_lock_irqsave+0xdd/0x120 [ 224.269524][ T5539] ? _raw_spin_lock+0x40/0x40 [ 224.274237][ T5539] ? skb_queue_purge+0x2b9/0x2e0 [ 224.279218][ T5539] ieee80211_free_txskb+0x1e/0x30 [ 224.284281][ T5539] ieee80211_do_stop+0x10b8/0x1ce0 [ 224.289533][ T5539] ? ieee80211_stop_queues_by_reason+0x1ce/0x250 [ 224.295898][ T5539] ? ieee80211_sdata_stop+0x70/0x70 [ 224.301133][ T5539] ? ieee80211_add_pending_skbs+0x390/0x390 [ 224.307073][ T5539] ? ieee80211_get_vif_queues+0x228/0x390 [ 224.313034][ T5539] ieee80211_if_change_type+0x447/0x9f0 [ 224.318629][ T5539] ieee80211_change_iface+0x57/0x430 [ 224.323946][ T5539] ? cfg80211_mlme_purge_registrations+0x1f3/0x220 [ 224.330510][ T5539] cfg80211_change_iface+0x8ab/0x10c0 [ 224.335927][ T5539] __cfg80211_wext_siwmode+0x1b7/0x280 [ 224.341427][ T5539] ? __cfg80211_wext_giwfreq+0x7e0/0x7e0 [ 224.347112][ T5539] ? apparmor_capable+0x12e/0x190 [ 224.352167][ T5539] ? full_name_hash+0x8f/0xe0 [ 224.357419][ T5539] ioctl_standard_call+0xdb/0x280 [ 224.362517][ T5539] ? __cfg80211_wext_giwfreq+0x7e0/0x7e0 [ 224.368238][ T5539] ? __cfg80211_wext_giwfreq+0x7e0/0x7e0 [ 224.374853][ T5539] wext_ioctl_dispatch+0x16f/0x460 [ 224.380141][ T5539] ? wext_ioctl_dispatch+0x460/0x460 [ 224.385457][ T5539] ? iw_handler_get_private+0x1e0/0x1e0 [ 224.391129][ T5539] wext_handle_ioctl+0x15b/0x260 [ 224.396094][ T5539] ? call_commit_handler+0xf0/0xf0 [ 224.401252][ T5539] sock_ioctl+0x13b/0x770 [ 224.405609][ T5539] ? sock_poll+0x410/0x410 [ 224.410046][ T5539] ? __fget_files+0x413/0x480 [ 224.414757][ T5539] ? bpf_lsm_file_ioctl+0x5/0x10 [ 224.419719][ T5539] ? security_file_ioctl+0x7d/0xa0 [ 224.424850][ T5539] ? sock_poll+0x410/0x410 [ 224.429286][ T5539] __se_sys_ioctl+0xf1/0x160 [ 224.433897][ T5539] do_syscall_64+0x3b/0xb0 [ 224.438337][ T5539] ? clear_bhb_loop+0x15/0x70 [ 224.443037][ T5539] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 224.448952][ T5539] RIP: 0033:0x7fd029174ff9 [ 224.453399][ T5539] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 224.473050][ T5539] RSP: 002b:00007fd0275ed038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 224.481654][ T5539] RAX: ffffffffffffffda RBX: 00007fd02932cf80 RCX: 00007fd029174ff9 [ 224.489649][ T5539] RDX: 0000000020000000 RSI: 0000000000008b06 RDI: 0000000000000004 [ 224.497816][ T5539] RBP: 00007fd0291e7296 R08: 0000000000000000 R09: 0000000000000000 [ 224.505805][ T5539] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 224.513983][ T5539] R13: 0000000000000000 R14: 00007fd02932cf80 R15: 00007ffcd90d4278 [ 224.522166][ T5539] [ 224.525218][ T5539] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 224.532661][ T5539] CPU: 1 PID: 5539 Comm: syz.0.371 Not tainted 5.15.167-syzkaller #0 [ 224.540745][ T5539] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 224.551488][ T5539] Call Trace: [ 224.554794][ T5539] [ 224.557751][ T5539] dump_stack_lvl+0x1e3/0x2d0 [ 224.562624][ T5539] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 224.568291][ T5539] ? panic+0x860/0x860 [ 224.572418][ T5539] ? panic+0x860/0x860 [ 224.576541][ T5539] ? __local_bh_enable_ip+0xe0/0x1f0 [ 224.581847][ T5539] ? __local_bh_enable_ip+0xe0/0x1f0 [ 224.587154][ T5539] panic+0x318/0x860 [ 224.591084][ T5539] ? __warn+0x16a/0x300 [ 224.595259][ T5539] ? fb_is_primary_device+0xd0/0xd0 [ 224.600493][ T5539] ? __local_bh_enable_ip+0x1b3/0x1f0 [ 224.605880][ T5539] __warn+0x2b2/0x300 [ 224.609881][ T5539] ? __local_bh_enable_ip+0x1b3/0x1f0 [ 224.615360][ T5539] report_bug+0x1b7/0x2e0 [ 224.619738][ T5539] handle_bug+0x3d/0x70 [ 224.623909][ T5539] exc_invalid_op+0x16/0x40 [ 224.628450][ T5539] asm_exc_invalid_op+0x16/0x20 [ 224.633407][ T5539] RIP: 0010:__local_bh_enable_ip+0x1b3/0x1f0 [ 224.639420][ T5539] Code: 04 25 28 00 00 00 48 3b 44 24 60 75 4a 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 0f 0b e9 d0 fe ff ff e8 3f 00 00 00 eb a2 <0f> 0b e9 02 ff ff ff 48 c7 c1 44 94 e9 8d 80 e1 07 80 c1 03 38 c1 [ 224.659154][ T5539] RSP: 0018:ffffc90002f97140 EFLAGS: 00010046 [ 224.665335][ T5539] RAX: 0000000000000000 RBX: 1ffff920005f2e2c RCX: 0000000000040000 [ 224.673319][ T5539] RDX: ffffc9000376b000 RSI: 0000000000000200 RDI: ffffffff884b8e55 [ 224.681306][ T5539] RBP: ffffc90002f971f0 R08: dffffc0000000000 R09: fffffbfff1bd2c16 [ 224.689412][ T5539] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000 [ 224.697495][ T5539] R13: 1ffff1100f9e3f98 R14: ffffc90002f97180 R15: 0000000000000200 [ 224.705870][ T5539] ? local_bh_enable+0x5/0x20 [ 224.710575][ T5539] ? local_bh_enable+0x5/0x20 [ 224.715266][ T5539] ? _local_bh_enable+0xa0/0xa0 [ 224.720147][ T5539] __dev_queue_xmit+0x1c56/0x3230 [ 224.725215][ T5539] ? dev_queue_xmit+0x20/0x20 [ 224.729903][ T5539] ? __copy_skb_header+0x47b/0x600 [ 224.735246][ T5539] ? __skb_clone+0x454/0x6c0 [ 224.739961][ T5539] ? skb_clone+0x1ee/0x350 [ 224.744485][ T5539] __netlink_deliver_tap+0x4d2/0x760 [ 224.749811][ T5539] netlink_deliver_tap+0x16c/0x180 [ 224.755149][ T5539] netlink_broadcast_filtered+0xc2d/0x11a0 [ 224.760999][ T5539] netlink_broadcast+0x35/0x50 [ 224.765875][ T5539] genlmsg_multicast_netns+0x8e/0xc0 [ 224.771192][ T5539] nl80211_frame_tx_status+0x659/0xa40 [ 224.776683][ T5539] ? cfg80211_control_port_tx_status+0x50/0x50 [ 224.782854][ T5539] ? do_raw_spin_unlock+0x137/0x8b0 [ 224.788173][ T5539] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 224.794116][ T5539] ? _raw_spin_unlock+0x40/0x40 [ 224.799037][ T5539] cfg80211_mgmt_tx_status+0x3a/0x50 [ 224.804388][ T5539] ieee80211_report_used_skb+0x12f6/0x1810 [ 224.810290][ T5539] ? _raw_spin_lock_irqsave+0xac/0x120 [ 224.815797][ T5539] ? ieee80211_handle_filtered_frame+0x750/0x750 [ 224.822349][ T5539] ? _raw_spin_lock_irqsave+0xdd/0x120 [ 224.827851][ T5539] ? _raw_spin_lock+0x40/0x40 [ 224.832557][ T5539] ? skb_queue_purge+0x2b9/0x2e0 [ 224.837523][ T5539] ieee80211_free_txskb+0x1e/0x30 [ 224.842578][ T5539] ieee80211_do_stop+0x10b8/0x1ce0 [ 224.847727][ T5539] ? ieee80211_stop_queues_by_reason+0x1ce/0x250 [ 224.854255][ T5539] ? ieee80211_sdata_stop+0x70/0x70 [ 224.859545][ T5539] ? ieee80211_add_pending_skbs+0x390/0x390 [ 224.865742][ T5539] ? ieee80211_get_vif_queues+0x228/0x390 [ 224.871509][ T5539] ieee80211_if_change_type+0x447/0x9f0 [ 224.877405][ T5539] ieee80211_change_iface+0x57/0x430 [ 224.882739][ T5539] ? cfg80211_mlme_purge_registrations+0x1f3/0x220 [ 224.889594][ T5539] cfg80211_change_iface+0x8ab/0x10c0 [ 224.895016][ T5539] __cfg80211_wext_siwmode+0x1b7/0x280 [ 224.900517][ T5539] ? __cfg80211_wext_giwfreq+0x7e0/0x7e0 [ 224.906203][ T5539] ? apparmor_capable+0x12e/0x190 [ 224.911272][ T5539] ? full_name_hash+0x8f/0xe0 [ 224.915995][ T5539] ioctl_standard_call+0xdb/0x280 [ 224.921068][ T5539] ? __cfg80211_wext_giwfreq+0x7e0/0x7e0 [ 224.926741][ T5539] ? __cfg80211_wext_giwfreq+0x7e0/0x7e0 [ 224.932416][ T5539] wext_ioctl_dispatch+0x16f/0x460 [ 224.937566][ T5539] ? wext_ioctl_dispatch+0x460/0x460 [ 224.943052][ T5539] ? iw_handler_get_private+0x1e0/0x1e0 [ 224.948652][ T5539] wext_handle_ioctl+0x15b/0x260 [ 224.953636][ T5539] ? call_commit_handler+0xf0/0xf0 [ 224.958806][ T5539] sock_ioctl+0x13b/0x770 [ 224.963266][ T5539] ? sock_poll+0x410/0x410 [ 224.967717][ T5539] ? __fget_files+0x413/0x480 [ 224.972615][ T5539] ? bpf_lsm_file_ioctl+0x5/0x10 [ 224.977585][ T5539] ? security_file_ioctl+0x7d/0xa0 [ 224.982740][ T5539] ? sock_poll+0x410/0x410 [ 224.987185][ T5539] __se_sys_ioctl+0xf1/0x160 [ 224.991809][ T5539] do_syscall_64+0x3b/0xb0 [ 224.996256][ T5539] ? clear_bhb_loop+0x15/0x70 [ 225.000966][ T5539] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 225.006897][ T5539] RIP: 0033:0x7fd029174ff9 [ 225.011338][ T5539] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 225.030966][ T5539] RSP: 002b:00007fd0275ed038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 225.039500][ T5539] RAX: ffffffffffffffda RBX: 00007fd02932cf80 RCX: 00007fd029174ff9 [ 225.047598][ T5539] RDX: 0000000020000000 RSI: 0000000000008b06 RDI: 0000000000000004 [ 225.055608][ T5539] RBP: 00007fd0291e7296 R08: 0000000000000000 R09: 0000000000000000 [ 225.063620][ T5539] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 225.071671][ T5539] R13: 0000000000000000 R14: 00007fd02932cf80 R15: 00007ffcd90d4278 [ 225.080032][ T5539] [ 225.083351][ T5539] Kernel Offset: disabled [ 225.088253][ T5539] Rebooting in 86400 seconds..