last executing test programs: 5.16890954s ago: executing program 2 (id=3): bpf$ENABLE_STATS(0x20, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000007c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000000800)=ANY=[@ANYBLOB="bf16000000000000b7070000010000004070000000000000400000004000e1ff95000000000000002ba76bb33123751c4e3409e62751ee00ba19ce670d25010000020000040000009fc404000000c788b277beee1cbf9b0a4def23d410f6accd3641110bec4e90a6341965dac03d046837d907b09ec39e9ef8f6e396ad200e011ea665c45a3449abe802f5ab3e89cf40b8580218ce740068720000074e3e8eea3fd8cf49827ca315f5b87e1ca6433a8acd715f5888b2007f0000000000000000010089937090c34410000000000000090000000000414027efc842b6d6f800005335001db43a5c000000000000000024000000000000000000e75a89faff01210cce39bf405f1e846c1242000000000000cad326ad7add65873d9f87463ad6f7c2e8ee1a39244960b318778f2a047f6d5bc24fef5d7d617da7fb5e2a431ab9142f3a06d55740a43088696daaed74b9c5c29647d2f950a959cf9938d6df8600a62e96b7cb8e52cbdce57a79d6fce424c22001f6c3784a1975fa657d05003a32a4fd67ce446ac5430207db79240acaf091231b986e77d05d988d6edc71df48dca02113a38300c2bd2b5543ffc16695572361629d1022f722ec23812b70d72cd0010000007881bfa35b9fd6864e90ddb31f75f6324989cdc7044f563a1f74d4efe895fdbc463f747c08f40105869035000000000003000000000000000000000000000000000000080000003ddf4aa4b1c8b8a0ae6feb6737c275dc2740f742b5425f1d5819610608bbab35471cdb0500000000000000d4123f955267fe4a75c114f874e086287547d4099aeec9f15b8ee25a2a5ccf4a9b603c88e12ff25184d4e3c2f7f623559435b2c505fb7113400000f0bc440550ee91302f5a00000000000000000000000000000000e67ccc00148ac4c43021cce9f24f4b2f9492c32e7a92a557ac2b44b8f7a49789906d922b3e4916f390ab7edcd3f5b9fe14446dd446a52131c464f2c08efb46d934615c8631b7c42efd0294bea179b0433f5c899119ec0c0acef5383b5a2720caeb68f1e9c05b05d89467ded84da092dea262e51811e2d7fa515722516bd5ef6c8c4966e5937562a5648a696abaa042a7097ddefe0671f977fb145890f5bf41ba92b8c4c8b14f0d4a880ef4518bb328790700000021e041254f06bd7f000000000000000000000000000000282ffe000000000000000431e8e3204a7d95938c5334a0dd177f1a7389ee570d95e543a27546d3770740f354df6dfdb3d1179b4b9fccd0cd5b7578802c66f5dbf22ad0bd03cbe0fecd096bcf419d35988948d1cd4c51c406040000000090a3bc3cbc08255975f3cee08dab765d8a4ef870aaae3f81ed6364837171ce5564f3cf6feba1b6745409000000000000003459263499fae97e7dcb30e4cff009e0f4f78c155c4ab19b878fcb4cc14b8d2823643a17120418f42b42ed879cb23e6d4e0d11db988d0bc46de02702d29243b72215d5563bdae8c2ccda4498687cd50f3a9058f61d52d70aabccb18d41d75788faf60ce9be97c13e4252d9d112d9ac47368829f8a29eca17de807c840293dd387eee13fdecf3d5a334350f045a22b9adb0539d44d58a00fb9e83ebf4fea36b87e2afdf63f7abf5caf2b01317a5f65f22c8bcf36b390dece1e98541ae932ec3486f74c1eea673c1647568acb17efcef24a9c3504dfa7c7eefe3dcb8d570a730a0837839f54527ce334b8173e7bf73bcd8d80ef294fde6549a0f1a23b78b41f79ea543d2b38b80d3d28c6c93901b763fc8b88794aa74facc345e28f0ad79de4df5afd52e7dfc387e4d2ca4d5caca74754987dbbd4d64e233b4a1d81a9aeb981734ca5416cacf516ca8384d85310f24d393fd48c668465546117377547d11a61bd2bd9e35fa0da5118554a1d93147b103a51baf94aeb1b6292038300423344e6add2226ba5f6724a08567ef515898f0f7dfd3fc198092af3265c5df377a66bbde4fa4a049692e06ee5022c58290bdc37eeb16f4e099e33679044ba21898f76c982c8203663f1adb7bbb42ed8d9b0bb8bd9255e342959b822fa8b3d08b29f2201dfe3a3c5c8bf8bc82f249e7eb9f8571823d730fdc78c6b3122a3fd9209dcae70c10c7b17e83dd759a52fe5c362358dbb780a52f540000000000000000000011230e1d6f9fd3315ada8ecee55fc0ec6ec0ec950c0ad006a06a162035d5729795c4a58b59f9a252723480b08ae9bd52c176380a42b972a3400b5d28b273e60000007cac9d35a991c27e23ce5217fec9ce89ea2dea8ddb383e53cdd077e7c2d73404b7450664f70225897307d8a140ba97bfc2232dccdb1dd0496c219315c02f2ef46f30add1aa13e52d67116328c3a5ee3356eadea07abe8506767771d68e760f8c623fb64865a942acc4912dcd1fa5d729cb45c15577bbb8b08a705efeaf09dd6aadeb8d61501e4fd9c9b1ac845a2138cbde58a04589888c0e528a5134e1dfa8b3f6d8a76517df589cae1019a3bc280e99fb661271357dbbd7e9c42d3fe45efaaa00"/1810], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x35}, 0x48) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000240)=r2, 0x4) write$cgroup_subtree(r1, &(0x7f0000000f40)=ANY=[], 0x9) 4.776666867s ago: executing program 2 (id=14): syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="6e6f646973636172642c6261636b67726f756e645f67633d73796e632c6261636b67726f756e645f67633d6f6e2c6e6f757365725f78617474722c6e6f71756f74612c64697361626c655f726f6c6c5f666f72776172642c67635f6d657267652c6e6f757365725f78617474722c636865636b706f696e743d64697361626c652c757365725f78617474722c6673796e635f6d6f64653d7374726963742c646973636172645f756e69743d73656374696f6e2c636865636b706f696e743d64697361626c652c6e6f696e6c696e655f64656e7472792c00ec6da92d1c80a6c720380e3c2c55bf27596d2776ce408c4bb19b149757508e1c7e919c6c2047023baa412d14fa75c8cac6e5f103e13ea52708af0a7c5da8af4ecb6612"], 0x2, 0x5519, &(0x7f0000009680)="$eJzs3E1vG1UXAODjpOn320avWLDrSBVSItVWnTYV7AK04kOkigosWIFjO5Zb2xPFjhOyYsESseCfIJBYseQ3sGDNDrEAsUMq8swEGmglpPiDNM8jjc/c6+sz51pVpTMTOYBTazH57ZdSXIkLETEfEZcjsvNScWTW8vBiRFyLiLknjlIx/+fE2Yi4GBFXR8nznKXirS9uDK+v/vz2r99+f+7MpS+/+WF2uwZm7aWI6G7n53vdPKatPD4s5mvDdha7t4dFzN/oPirGaR73mptZhr3a4bpaFm+18vXp9m5/FLc6tfoottpb2fx2L79gf9g6zJN94GFtJxs3mptZbPfTLLYO8rr2D/L/2w76gzxPo8j3cZY+BoPDmM8395v5frYfZbHeGxTzed600dwfxWERi8tFPe00sjo2j/NN/7e90+7t7ifD5k6/nfaS1Ur15Ur1Trm6kzaag+btcq3buHM7WWp1RsvKg2atu9ZK01anWamn3eVkqVWvl6vVZOluc7Nd6yXVauVW5WZ5dbk4u5G8cf/9pNNIlkbxtXZvd9Du9JOtdCfJP7GcrFRuvbKcXK8m765vJBsP7t1b33jvw7sf3H91/a3Xi0X/KCtZWrm5slKu3iyvVJdP0f4/LYoe4/7hWEqzLgDg5JlY/39F/w882+T6/50HEZPv/0P/PxYnqv897f3/BPYPx/LU/v/x9OsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGDqflz46s3sZDEfXyrm/1dM/b8YlyJiLiIeP8V8nD2Sc77Is/CM9Qt/q+G7UmQZRtc4VxwXI2KtOH6/OulvAQAAAJ5fX39y7fO8W89fFmddENOU37SZu/zRmPKVImJh8acxZZsbvbwwpmTZv+8zsT+mbNkNrPNjSpbfcjszrmz/yvyRcP6JUMrD3FTLAQAApuJoJzDdLgQAAIBp+mzWBTAbpTh8lHn4LDj7y/u/HgheODICAAAATqDSrAsAAAAAJi7r//3+HwAAADzf8t//AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgD3bu5zZxIIoD8LPBC/tPi1Z731b2BmVsCXvcY0QBaYICciAtpAFqILeUEEGExyEQcYjksa1E3yc5k7HMjzcIDjMjDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAECX7qv14vbq93XbnN2+nTyjAQAAAC7ZVutF/c8s9b829783t342/SIiyoi4NHcfxaezzFGTU708f3P6fPWqhruIOuHwHpPm+hIRf5rr8UfXnwIAAAB8XJvlap5m6+nPbOiC6FNatCm//c2UV0RENXvIlFYe8n5lCqu/3+P4nymtXsCaZgpLS27jXGlvUv/cj6t205OmSE158WXHIrONHQAA6NHorOl3FgIAAECf/g1dAMMo4nkr87gVOElNs733+awHAAAAvEPF0AUAAAAAnavn/z2d/7d3/h8AAAAMI53/BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQJe21XqxWa7mbXN2+3byjAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgCf25x0FQiAMwmDv+s5k7n9YadDU1KQKhI+/MRgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgze/+8n9iapxJ5l4bS88jydqpsXVq7J0bR38YX78GAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuNiflxMMYQAIg/s/1HiT9F+sLGgNIsxA4CNhDwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHijz3XyvePXOJL8k4zG0uuZZO1TY+ugMTpo7B3Mp38DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnOzcvW/cZBgA8Mf2+foBiBBQhiAEEgMsNL2Wlm6IARQx8CcgRem1hF75aDPQqkJkYYPMXRCMCCGBwtb/oXMrdSlbhxuKxAyyz865bSSOL/ua/H7S6/c5y/L7vO9JUR6/TgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAqI3fmsZZcViYxGl17tb9a+tFf/uhvnBj+85y0Yo4aTPpx8MLzQ/JUneJAAAAcHBkdX0fEXfzndWiTxfK+j+vrylq/m+fmsR1Pf9w3V/3de1ftF9+vvfc7kALk3GKm57bGA2PP5pK7/+b5Xx7+i+v6JUrXz57ycovJH1369lxXq5n8tXNm2/3y/BQG9kCAP/Esbqvgvr3oaIfdJkYAAdGr1F41/V/ttBtTgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABtGG/FE3WcRMRybxoXbt+/tr5Xf2P7znLdTl+/vh1fTO9Z3CKPiHMbo+HxVmcz3y5fuXphbTQaXmo/eDEiuhr9zWr6F96f4eKITtanGXwdXY7+XwSHo7PR0+rL7n4RHqegwx9KAADsS3nVirr+br6zWpxLFiP++O7B+v+VRhwz1v/3Pjh9qzlWs/4ftDbD+beyefGTlctXrr62cXHt/PD88KPXTwzeGJw8c+rUmZXyWcmKJyYAAAD8O/2qNev/dPHR/f+jjThmrP8//WbweXOsTP2/p+mmX9eZAAAAHGzPvPT7b8ke55N+Pz5b29y8NJgcdz+fmBw7SPVvO1S1Zv2fLXadFQAAANCG8VbywP7/2UYcM+7/P/n98z8275lFxJFq///Y+sejs+1NZ6618efEXc8RAACAbh2pWnP/Py/f/093X3lII+LVlydx9W8AZ6r/s3e+/KE5VvP9/5PtTXEupUuT9Sj7pYjeUtcZAQAAsJ8drlpR7P+a76x++NPR9/re/wcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo258BAAD///vePmo=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', 0x143142, 0x40) r1 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x2042, 0x50) fallocate(r1, 0x0, 0x0, 0x8000c62) pwritev2(r0, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x1, 0x5405, 0x0, 0x0) 2.921748444s ago: executing program 2 (id=25): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000105509147200ed0000000109022400010000000009040000030300000009210000000122050009058103"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000100)={0x2c, &(0x7f0000000280)=ANY=[@ANYBLOB="202617"], 0x0, 0x0, 0x0, 0x0}, 0x0) r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000000c0)=ANY=[@ANYBLOB="1c00000014000100000080000000000002000080080002"], 0x1c}], 0x1}, 0x0) 2.843422175s ago: executing program 1 (id=26): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x100, 0x1, 0x28}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000500)={r1}, 0xc) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000400)={r1}, 0xc) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) 2.665818189s ago: executing program 1 (id=28): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x80e02, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r2, 0x4068aea3, &(0x7f00000000c0)={0xbe, 0x0, 0x1}) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000380)={0x1, 0x0, [{0x4b564d02, 0x0, 0x6}]}) 2.285459436s ago: executing program 1 (id=31): r0 = socket$inet6_udp(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x1c) r1 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r1, &(0x7f0000000040)=@pppol2tp={0x18, 0x1, {0x0, r0, {0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x4}}, 0x26) syz_emit_ethernet(0x4c, &(0x7f0000000640)={@random="71967790196d", @random="001d00018000", @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "010100", 0x16, 0x11, 0x0, @private1={0xfc, 0x1, '\x00', 0x1}, @local, {[], {0x0, 0xe22, 0x16, 0x0, @gue={{0x2, 0x0, 0x0, 0x2, 0x0, @val=0x6000000}, "f721974ccf57"}}}}}}}, 0x0) 2.10368172s ago: executing program 1 (id=32): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x20802, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0xd) r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x80082, 0x0) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) 1.759783076s ago: executing program 3 (id=35): r0 = inotify_init() inotify_add_watch(r0, &(0x7f00000001c0)='.\x00', 0x4000423) r1 = open(&(0x7f00000001c0)='./file1\x00', 0x14927e, 0x20) fallocate(r1, 0x0, 0x0, 0x1001f0) copy_file_range(r1, 0x0, r1, &(0x7f00000000c0)=0xc615, 0x101, 0x0) 1.442658952s ago: executing program 3 (id=38): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000040)=0x46c, 0x4) r1 = socket(0x2, 0x2, 0x1) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'bridge0\x00', 0x0}) sendto$packet(r0, &(0x7f0000000140)="280320000a00140000007ef506be00000000000000000000000000143baa111f1f858ce632f47042195eb3", 0x2b, 0x400c010, &(0x7f0000000080)={0x11, 0x3, r2, 0x1, 0xe5, 0x6, @random="76caa6466f86"}, 0x14) 1.275093626s ago: executing program 3 (id=39): r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000480), 0x84, &(0x7f0000000180)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}}) close_range(r0, 0xffffffffffffffff, 0x0) 1.263157446s ago: executing program 0 (id=40): bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=@base={0x10, 0x0, 0x8}, 0x48) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040), 0xfea7) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r0, 0x0) syz_clone3(&(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 1.141229068s ago: executing program 0 (id=41): bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) connect$inet(r0, &(0x7f0000000280)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x2a}}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000000), 0x20000328) 1.0325682s ago: executing program 1 (id=42): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = dup(r2) ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000000800008205"]) 998.508721ms ago: executing program 3 (id=43): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000e00)={0x90, r1, 0x5, 0x0, 0x3, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x4a, 0xe, {{{}, {}, @device_b, @device_a, @random="a968dcf6a11b"}, 0x0, @default, 0x1, @void, @void, @void, @val={0x4, 0x6, {0x3, 0x7, 0x2, 0xfc}}, @void, @void, @void, @val={0x2a, 0x1, {0x1}}, @val={0x3c, 0x4, {0x1, 0x4, 0x7, 0x6}}, @void, @void, @val={0x71, 0x7, {0x0, 0x0, 0x0, 0x0, 0x1, 0x6, 0x8}}, @val={0x76, 0x6, {0xc, 0x2, 0xff7f, 0xe9}}}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_TX_RATES={0x10, 0x5a, 0x0, 0x1, [@NL80211_BAND_2GHZ={0xc, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HT={0x5, 0x2, [{0x1, 0x2}]}]}]}]}, 0x90}}, 0x0) 962.775112ms ago: executing program 0 (id=44): socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$int_in(r1, 0x5452, &(0x7f0000000040)=0x8001) r2 = getpgid(0x0) fcntl$setownex(r1, 0xf, &(0x7f0000000140)={0x2, r2}) sendmmsg$unix(r0, &(0x7f0000006c40)=[{{0x0, 0x0, &(0x7f0000000940)=[{&(0x7f00000008c0)='\x00', 0x1}], 0x1}}], 0x1, 0x408b1) 778.149215ms ago: executing program 0 (id=45): r0 = socket$alg(0x26, 0x5, 0x0) r1 = syz_io_uring_setup(0x10f, &(0x7f00000000c0)={0x0, 0x211a, 0x80, 0x4, 0x306}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000040)=0xffefffdc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_ACCEPT={0xd, 0x8, 0x1, r0, 0x0}) io_uring_enter(r1, 0x3516, 0xc2de, 0x8, 0x0, 0x0) 773.511915ms ago: executing program 3 (id=46): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xfc, 0x19, 0x1, 0x70bd2d, 0x0, {{@in6=@loopback, @in=@local, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xda, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa00, 0x407ffffffffffe, 0x800000000000002}, 0x0, 0x0, 0x1}, [@tmpl={0x44, 0x5, [{{@in6=@mcast1, 0x0, 0x3c}, 0x2, @in=@local, 0x6, 0x4, 0x3}]}]}, 0xfc}}, 0x0) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) sendmsg$inet6(r1, &(0x7f0000000800)={&(0x7f0000000000)={0xa, 0x4e24, 0x8, @loopback, 0x4}, 0x1c, &(0x7f0000000140)=[{&(0x7f0000000840)='{', 0x1}], 0x1}, 0x20048843) getsockopt$inet6_int(r1, 0x29, 0x18, 0x0, &(0x7f0000000340)) 609.075528ms ago: executing program 1 (id=47): r0 = syz_io_uring_setup(0x2439, &(0x7f0000001480)={0x0, 0x1064, 0x1000, 0x7, 0x40224}, &(0x7f00000006c0)=0x0, &(0x7f00000000c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_SENDMSG={0x9, 0x10, 0x0, r0, 0x0, &(0x7f0000000a00)={0x0, 0x0, 0x0}, 0x0, 0x1000}) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000009c0)=ANY=[@ANYBLOB="140000001000010000000000000000000200000a340000000b0a010100000000000000000700000908000f40000000060c000b4000000000000000060c000b40000000000000000248"], 0x148}, 0x1, 0x0, 0x0, 0x20085}, 0x2) io_uring_enter(r0, 0x47f8, 0x1e43, 0x0, 0x0, 0x0) 335.041884ms ago: executing program 3 (id=48): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f00000005c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000730000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000040)='contention_begin\x00', r0}, 0x18) r1 = syz_open_dev$usbfs(&(0x7f0000003f00), 0x1ff, 0xa401) ioctl$USBDEVFS_GET_SPEED(r1, 0x551f) syz_mount_image$ext4(&(0x7f00000000c0)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x2008803, &(0x7f0000000080), 0x1, 0x638, &(0x7f0000000240)="$eJzs3U1vVFUfAPD/nU5faJ/naSFPVFxIE2MgUVpawBBjIuwJwZedbiotBCmU0BotIaEkuDFx54LElQvxY0jCli/gwsS4MibEKAsxRMbc27nT2+lM6dt0yvT3Sy495972nnNL/3POPXPOnQB2reGIGImI/RFxNYkYLBwrZ/+Wsm9Kv+/RHzfOpVsSlcr7vydx42ayUDxXUv06UP3hfwYXd+3rWlnu7Pz1SxPT01PXqvnRuctXR2fnrx++eHniwtSFqSvjb46fOH7s+ImxI5u6vr2F9Onbn3w2+OWZD7/75kky9v1PZ5I4mV5dJr2uarKSX0fvpkpOf2fDUVn0uLg//b2e2OS5d4q/BvO/kyVJ/Q52tDQGuiPixRiMrsL/5mB88W5bKwa0VNrYVYBdKtlQ/PdtfUWAbZb3A/J7+8J98Goa3NEDz5uHpxYHpBZjvzsi8vgvZ2N+EX3Z2ED/o2TZOE8SEZsbmVuUlvHg/pnb6RbLx+GAFlu4lY9y17f/SRabQ9GX5foflZbFf6mwpfvfW0+hPUvJ4bpD4h+2z8KtiHip2v73xHrivxyF+P94g+WLfwAAAAAAANg6905FxBuN5v+VavN/ehrM/xmIiJNbUP6z3/8r5Uv0ki0oDih4eCri7Ybzf/Owi6Guau6/2XyA7uT8xempIxHxv4g4FN29aX6s7rylQvrwV/vuNCu/OP8v3dLyH9wvTi8u/VauW4g7OTE34dUANu/hrYiXs/m/B6p7ls//Sdv/pEH7n8b31TWWse+1u2eL+UqlcjNPN47/xbnAQGtVvo042LD9X2pgk9WfzzGa9QdG817BSq88KSw0qiP+oX3S9r+/efzXet615/XMru/8PRFxdL7cLPzXEP+N+/89yQddUVhK8PnE3Ny1sYie5PTK/ePrqzN0qjwe8nhJ4//Qq6uP/9X6/4U43BMRC2ss84WnA780O6b9h/ZJ439y9f7/UFJt/yNr/2sdgTUnxu8O/ZCdqcFz4c6uqf0/lrXph6p7svE/oKq0Ys9aA7Qt1QUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA51wpIv4TSWmkli6VRkYiBiLi/9Ffmp6ZnXv9/MynVybTY9nn/5fyT/odXMwn+ef/DxXy43X5oxGxNyK+7tqT5UfOzUxPtvviAQAAAAAAAAAAAAAAAAAAYIcYyNb8V3rr1/+nfu1qd+2AlitXvz4j3vu2oy7A9ipv+CcrvVtaEWDbbTz+gefd2uO/u6X1ALZf8/h//KSSyfNJUjz6Z4vrBbSe/j/sXhuMf28PQgdoEP/D7agHsN1WHdO7U0t59x86kvt/AAAAAADoKHsP3PsxiYiFt/ZkW6qnesxkf+hspXZXAGgbc3hh9yrPtLsGQLu4xweW1vX/XWl0vPns/6Q1FQIAAAAAAAAAAAAAVji43/p/2K1WX/9vbj90slXW/zcKfo8LgA7S/KM/tP3Q6dzjA89q7a3/BwAAAAAAAAAAAIAdoO/6pYnp6alrs/ObTETEz5UkYrPnaZL4qMGhd1pUVksTCxM7ohpbmnjamjN3R8TOuMCWJ7oiorAnfwRHGyvW5tclAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACg5t8AAAD//wB1KIo=") 172.199367ms ago: executing program 0 (id=49): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f0000000100)={0x3, &(0x7f0000000080)=[{0x28, 0x0, 0x0, 0xfffff034}, {0x48}, {0x6, 0x37, 0x0, 0x9}]}, 0x10) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r1, &(0x7f0000000040)='l', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) 0s ago: executing program 0 (id=50): ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(0xffffffffffffffff, 0x40182103, &(0x7f0000000300)={0x0, 0x2, 0xffffffffffffffff, 0x7ff}) r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x3, 0x822b01) r1 = openat$mice(0xffffffffffffff9c, &(0x7f00000000c0), 0x8501) fcntl$setstatus(r1, 0x4, 0x2400) write$char_usb(r0, &(0x7f0000000040)="e2", 0x918) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.81' (ED25519) to the list of known hosts. [ 73.820441][ T5774] cgroup: Unknown subsys name 'net' [ 73.956301][ T5774] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 75.622472][ T5774] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 77.085060][ T5786] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 77.099313][ T5786] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 77.109361][ T5786] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 77.139306][ T5786] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 77.147361][ T5786] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 77.159336][ T5786] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 77.209522][ T5791] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 77.219179][ T5791] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 77.229223][ T5791] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 77.237982][ T5791] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 77.247737][ T5791] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 77.255760][ T5791] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 77.289670][ T5791] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 77.319801][ T5799] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 77.328779][ T5799] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 77.334188][ T5795] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 77.337394][ T5799] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 77.344755][ T5795] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 77.352944][ T5798] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 77.362551][ T50] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 77.370342][ T5798] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 77.373188][ T50] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 77.389901][ T50] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 77.397960][ T50] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 77.612454][ T5785] chnl_net:caif_netlink_parms(): no params data found [ 77.799741][ T5785] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.806999][ T5785] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.814625][ T5785] bridge_slave_0: entered allmulticast mode [ 77.822314][ T5785] bridge_slave_0: entered promiscuous mode [ 77.835344][ T5785] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.842808][ T5785] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.850441][ T5785] bridge_slave_1: entered allmulticast mode [ 77.857496][ T5785] bridge_slave_1: entered promiscuous mode [ 77.916765][ T5785] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 77.942495][ T5785] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.017011][ T5785] team0: Port device team_slave_0 added [ 78.029681][ T5788] chnl_net:caif_netlink_parms(): no params data found [ 78.051539][ T5785] team0: Port device team_slave_1 added [ 78.137559][ T5785] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.145182][ T5785] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.172019][ T5785] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.197455][ T5792] chnl_net:caif_netlink_parms(): no params data found [ 78.212081][ T5785] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 78.219164][ T5785] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.245917][ T5785] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 78.330803][ T5788] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.338100][ T5788] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.346673][ T5788] bridge_slave_0: entered allmulticast mode [ 78.355039][ T5788] bridge_slave_0: entered promiscuous mode [ 78.388653][ T5788] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.397025][ T5788] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.404522][ T5788] bridge_slave_1: entered allmulticast mode [ 78.412487][ T5788] bridge_slave_1: entered promiscuous mode [ 78.436023][ T5785] hsr_slave_0: entered promiscuous mode [ 78.442633][ T5785] hsr_slave_1: entered promiscuous mode [ 78.474616][ T5789] chnl_net:caif_netlink_parms(): no params data found [ 78.505361][ T5788] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 78.538798][ T5788] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.606166][ T5788] team0: Port device team_slave_0 added [ 78.637963][ T5788] team0: Port device team_slave_1 added [ 78.684995][ T5792] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.693678][ T5792] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.701784][ T5792] bridge_slave_0: entered allmulticast mode [ 78.708566][ T5792] bridge_slave_0: entered promiscuous mode [ 78.721565][ T5792] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.729633][ T5792] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.737563][ T5792] bridge_slave_1: entered allmulticast mode [ 78.745276][ T5792] bridge_slave_1: entered promiscuous mode [ 78.754421][ T5788] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.761987][ T5788] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.795028][ T5788] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.856367][ T5788] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 78.863776][ T5788] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.890278][ T5788] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 78.936566][ T5792] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 78.952165][ T5792] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.962812][ T5789] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.970627][ T5789] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.977849][ T5789] bridge_slave_0: entered allmulticast mode [ 78.985510][ T5789] bridge_slave_0: entered promiscuous mode [ 79.041613][ T5789] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.049840][ T5789] bridge0: port 2(bridge_slave_1) entered disabled state [ 79.057782][ T5789] bridge_slave_1: entered allmulticast mode [ 79.065551][ T5789] bridge_slave_1: entered promiscuous mode [ 79.103657][ T5792] team0: Port device team_slave_0 added [ 79.139413][ T5789] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 79.154920][ T5788] hsr_slave_0: entered promiscuous mode [ 79.161815][ T5788] hsr_slave_1: entered promiscuous mode [ 79.167956][ T5788] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 79.176858][ T5788] Cannot create hsr debugfs directory [ 79.185242][ T5792] team0: Port device team_slave_1 added [ 79.217000][ T5789] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 79.249797][ T50] Bluetooth: hci0: command tx timeout [ 79.256316][ T5792] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 79.263907][ T5792] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 79.290931][ T5792] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 79.338630][ T5792] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 79.346233][ T5792] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 79.373269][ T5792] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 79.409100][ T50] Bluetooth: hci3: command tx timeout [ 79.438543][ T5789] team0: Port device team_slave_0 added [ 79.455995][ T5785] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 79.470800][ T5789] team0: Port device team_slave_1 added [ 79.489706][ T5786] Bluetooth: hci2: command tx timeout [ 79.495894][ T50] Bluetooth: hci1: command tx timeout [ 79.499123][ T5785] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 79.549333][ T5785] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 79.562800][ T5785] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 79.586906][ T5789] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 79.594340][ T5789] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 79.622913][ T5789] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 79.637492][ T5789] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 79.645149][ T5789] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 79.672175][ T5789] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 79.708338][ T5792] hsr_slave_0: entered promiscuous mode [ 79.715463][ T5792] hsr_slave_1: entered promiscuous mode [ 79.722618][ T5792] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 79.730617][ T5792] Cannot create hsr debugfs directory [ 79.847079][ T5789] hsr_slave_0: entered promiscuous mode [ 79.854274][ T5789] hsr_slave_1: entered promiscuous mode [ 79.861293][ T5789] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 79.869504][ T5789] Cannot create hsr debugfs directory [ 80.005673][ T5788] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 80.019771][ T5788] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 80.054606][ T5788] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 80.096060][ T5788] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 80.269121][ T5792] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 80.280978][ T5792] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 80.298102][ T5792] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 80.315047][ T5792] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 80.335456][ T5785] 8021q: adding VLAN 0 to HW filter on device bond0 [ 80.420687][ T5789] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 80.431360][ T5789] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 80.445443][ T5785] 8021q: adding VLAN 0 to HW filter on device team0 [ 80.457370][ T5789] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 80.468629][ T5789] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 80.493399][ T41] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.501049][ T41] bridge0: port 1(bridge_slave_0) entered forwarding state [ 80.546371][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.553841][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 80.621578][ T5788] 8021q: adding VLAN 0 to HW filter on device bond0 [ 80.643563][ T5785] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 80.745082][ T5788] 8021q: adding VLAN 0 to HW filter on device team0 [ 80.773471][ T2961] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.780723][ T2961] bridge0: port 1(bridge_slave_0) entered forwarding state [ 80.818840][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.826037][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 80.843664][ T5792] 8021q: adding VLAN 0 to HW filter on device bond0 [ 80.884439][ T5792] 8021q: adding VLAN 0 to HW filter on device team0 [ 80.917547][ T2961] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.924783][ T2961] bridge0: port 1(bridge_slave_0) entered forwarding state [ 80.967391][ T2985] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.974870][ T2985] bridge0: port 2(bridge_slave_1) entered forwarding state [ 81.003054][ T5789] 8021q: adding VLAN 0 to HW filter on device bond0 [ 81.045256][ T5789] 8021q: adding VLAN 0 to HW filter on device team0 [ 81.078864][ T2985] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.086776][ T2985] bridge0: port 1(bridge_slave_0) entered forwarding state [ 81.114921][ T58] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.123201][ T58] bridge0: port 2(bridge_slave_1) entered forwarding state [ 81.162524][ T5785] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 81.335910][ T50] Bluetooth: hci0: command tx timeout [ 81.351901][ T5785] veth0_vlan: entered promiscuous mode [ 81.426551][ T5785] veth1_vlan: entered promiscuous mode [ 81.490526][ T50] Bluetooth: hci3: command tx timeout [ 81.497055][ T5785] veth0_macvtap: entered promiscuous mode [ 81.515546][ T5785] veth1_macvtap: entered promiscuous mode [ 81.572604][ T50] Bluetooth: hci1: command tx timeout [ 81.578304][ T50] Bluetooth: hci2: command tx timeout [ 81.602224][ T5785] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 81.614955][ T5785] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 81.652264][ T5785] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.673266][ T5785] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.689049][ T5785] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.714543][ T5785] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.757326][ T5788] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 81.844809][ T5792] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 81.857120][ T5789] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 81.990822][ T2985] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 82.004526][ T2985] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 82.051510][ T5788] veth0_vlan: entered promiscuous mode [ 82.087161][ T5789] veth0_vlan: entered promiscuous mode [ 82.100055][ T2985] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 82.112124][ T2985] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 82.115755][ T5789] veth1_vlan: entered promiscuous mode [ 82.136437][ T5788] veth1_vlan: entered promiscuous mode [ 82.151073][ T5792] veth0_vlan: entered promiscuous mode [ 82.211703][ T5789] veth0_macvtap: entered promiscuous mode [ 82.241311][ T5792] veth1_vlan: entered promiscuous mode [ 82.264990][ T5789] veth1_macvtap: entered promiscuous mode [ 82.313241][ T5788] veth0_macvtap: entered promiscuous mode [ 82.340445][ T5789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 82.378411][ T5789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.421641][ T5789] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 82.444740][ T5789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 82.480383][ T5789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.517235][ T5789] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 82.546733][ T5788] veth1_macvtap: entered promiscuous mode [ 82.588447][ T5789] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.604508][ T5789] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.615841][ T5789] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.630089][ T5789] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.753232][ T5792] veth0_macvtap: entered promiscuous mode [ 82.764280][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 82.788418][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.809475][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 82.825379][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.859943][ T5788] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 82.919546][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 82.943528][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.967043][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 82.988503][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.015204][ T5788] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 83.057404][ T5792] veth1_macvtap: entered promiscuous mode [ 83.103347][ T5788] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.122915][ T5788] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.137438][ T5788] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.146869][ T5788] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.301182][ T5792] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 83.319070][ T5792] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.330867][ T5792] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 83.355537][ T5792] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.366932][ T5792] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 83.378910][ T5792] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.409788][ T50] Bluetooth: hci0: command tx timeout [ 83.417731][ T5792] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 83.426798][ T5883] syz.0.10[5883]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 83.463200][ T2961] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.482402][ T2961] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.485596][ T5792] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 83.505129][ T5792] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.510601][ T5883] loop0: detected capacity change from 0 to 2048 [ 83.517061][ T5792] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 83.533815][ T5792] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.543811][ T5792] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 83.554740][ T5792] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.567855][ T5792] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 83.575511][ T50] Bluetooth: hci3: command tx timeout [ 83.593679][ T5883] NILFS (loop0): invalid segment: Inconsistency found [ 83.603147][ T5883] NILFS (loop0): trying rollback from an earlier position [ 83.635070][ T5792] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.644615][ T5792] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.653902][ T50] Bluetooth: hci2: command tx timeout [ 83.660020][ T5786] Bluetooth: hci1: command tx timeout [ 83.669248][ T5792] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.678534][ T5792] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.678677][ T5883] NILFS (loop0): recovery complete [ 83.704770][ T5884] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 83.742988][ T2985] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.773560][ T2985] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.853062][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.877086][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.996132][ T41] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.013436][ T41] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.103072][ T2961] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.112288][ T48] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.154982][ T48] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.160385][ T2961] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.259682][ T5889] syz.0.11 uses obsolete (PF_INET,SOCK_PACKET) [ 84.720425][ T5893] loop3: detected capacity change from 0 to 32768 [ 84.779513][ T5893] JBD2: Ignoring recovery information on journal [ 84.839750][ T5893] ocfs2: Mounting device (7,3) on (node local, slot 0) with writeback data mode. [ 85.034115][ T5893] OCFS2: ERROR (device loop3): int ocfs2_claim_suballoc_bits(struct ocfs2_alloc_context *, handle_t *, u32, u32, struct ocfs2_suballoc_result *): Chain allocator dinode 23 has 4294967295 used bits but only 16777215 total [ 85.057413][ T5893] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted. [ 85.067763][ T5893] OCFS2: File system is now read-only. [ 85.073560][ T5893] (syz.3.4,5893,0):ocfs2_claim_suballoc_bits:1983 ERROR: status = -30 [ 85.082633][ T5893] (syz.3.4,5893,0):__ocfs2_claim_clusters:2355 ERROR: status = -30 [ 85.091419][ T5893] (syz.3.4,5893,0):__ocfs2_claim_clusters:2363 ERROR: status = -30 [ 85.099812][ T5893] (syz.3.4,5893,0):ocfs2_local_alloc_new_window:1203 ERROR: status = -30 [ 85.108385][ T5893] (syz.3.4,5893,0):ocfs2_local_alloc_new_window:1228 ERROR: status = -30 [ 85.117769][ T5893] (syz.3.4,5893,0):ocfs2_local_alloc_slide_window:1302 ERROR: status = -30 [ 85.127272][ T5893] (syz.3.4,5893,0):ocfs2_local_alloc_slide_window:1321 ERROR: status = -30 [ 85.136601][ T5893] (syz.3.4,5893,0):ocfs2_reserve_local_alloc_bits:671 ERROR: status = -30 [ 85.145309][ T5893] (syz.3.4,5893,0):ocfs2_reserve_local_alloc_bits:709 ERROR: status = -30 [ 85.154364][ T5893] (syz.3.4,5893,0):ocfs2_reserve_clusters_with_limit:1166 ERROR: status = -30 [ 85.164312][ T5893] (syz.3.4,5893,0):ocfs2_reserve_clusters_with_limit:1215 ERROR: status = -30 [ 85.173991][ T5893] (syz.3.4,5893,0):ocfs2_lock_allocators:2672 ERROR: status = -30 [ 85.182320][ T5893] (syz.3.4,5893,0):ocfs2_extend_allocation:592 ERROR: status = -30 [ 85.190791][ T5893] (syz.3.4,5893,0):ocfs2_allocate_unwritten_extents:1498 ERROR: status = -30 [ 85.201136][ T5893] (syz.3.4,5893,0):__ocfs2_change_file_space:2044 ERROR: status = -30 [ 85.466683][ T5792] ocfs2: Unmounting device (7,3) on (node local) [ 85.490154][ T50] Bluetooth: hci0: command tx timeout [ 85.659221][ T50] Bluetooth: hci3: command tx timeout [ 85.733900][ T50] Bluetooth: hci2: command tx timeout [ 85.739530][ T5786] Bluetooth: hci1: command tx timeout [ 85.980141][ T5905] loop2: detected capacity change from 0 to 40427 [ 86.010615][ T5905] F2FS-fs (loop2): Wrong NAT boundary, start(2560) end(3840) blocks(1024) [ 86.052268][ T5905] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 86.143657][ T5905] F2FS-fs (loop2): invalid crc value [ 86.200156][ T5905] F2FS-fs (loop2): Found nat_bits in checkpoint [ 86.379739][ T5924] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 86.405595][ T5905] F2FS-fs (loop2): Start checkpoint disabled! [ 86.466460][ T5905] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 86.480203][ T5905] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 86.962276][ T11] kworker/u4:0: attempt to access beyond end of device [ 86.962276][ T11] loop2: rw=2049, sector=40960, nr_sectors = 32 limit=40427 [ 86.990202][ T11] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 87.027179][ T11] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 87.046481][ T11] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 87.059651][ T5937] pimreg: entered allmulticast mode [ 87.067997][ T11] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 87.127422][ T5937] dvmrp8: entered allmulticast mode [ 87.200373][ T5937] pimreg: left allmulticast mode [ 87.205925][ T5937] dvmrp8: left allmulticast mode [ 87.488434][ T5944] loop3: detected capacity change from 0 to 512 [ 87.530218][ T5944] EXT4-fs: Ignoring removed bh option [ 87.568509][ T5944] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem [ 87.655923][ T5944] EXT4-fs (loop3): 1 truncate cleaned up [ 87.731428][ T5944] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 87.810280][ T5953] netlink: 8 bytes leftover after parsing attributes in process `syz.0.33'. [ 87.978662][ T5792] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 88.021264][ T5837] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 88.097004][ T5958] loop0: detected capacity change from 0 to 512 [ 88.239039][ T5837] usb 3-1: Using ep0 maxpacket: 16 [ 88.251980][ T5837] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 88.268326][ T5837] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 88.281887][ T5837] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 88.301025][ T5962] mkiss: ax0: crc mode is auto. [ 88.312234][ T5837] usb 3-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 88.342246][ T5837] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 88.383714][ T5837] usb 3-1: config 0 descriptor?? [ 88.867538][ T5837] shield 0003:0955:7214.0001: unknown main item tag 0x0 [ 88.891495][ T5837] shield 0003:0955:7214.0001: unknown main item tag 0x0 [ 88.919516][ T5837] shield 0003:0955:7214.0001: unknown main item tag 0x0 [ 88.926779][ T5837] shield 0003:0955:7214.0001: unknown main item tag 0x0 [ 88.967477][ T5837] shield 0003:0955:7214.0001: unknown main item tag 0x0 [ 89.003500][ T5837] input: HID 0955:7214 Haptics as /devices/virtual/input/input5 [ 89.120698][ T5837] shield 0003:0955:7214.0001: Registered Thunderstrike controller [ 89.170583][ T5837] shield 0003:0955:7214.0001: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.2-1/input0 [ 89.264296][ T23] shield 0003:0955:7214.0001: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 89.318353][ T5837] usb 3-1: USB disconnect, device number 2 [ 89.339271][ T23] shield 0003:0955:7214.0001: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 89.375532][ T23] shield 0003:0955:7214.0001: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 89.415301][ T23] shield 0003:0955:7214.0001: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 89.607814][ T5989] loop3: detected capacity change from 0 to 1024 [ 89.650943][ T5989] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem [ 89.673916][ T5989] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 89.720394][ T5989] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (59422!=20869) [ 89.758727][ T5989] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 89.800875][ T5989] EXT4-fs error (device loop3): ext4_get_journal_inode:5807: inode #17: comm syz.3.48: iget: bad i_size value: 4398046511204 [ 89.838075][ T5989] EXT4-fs (loop3): no journal found [ 89.867514][ T5993] [ 89.869929][ T5993] ===================================================== [ 89.876983][ T5993] WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected [ 89.884551][ T5993] syzkaller #0 Not tainted [ 89.889290][ T5993] ----------------------------------------------------- [ 89.896448][ T5993] syz.0.50/5993 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 89.904216][ T5993] ffff8880249680c0 (&new->fa_lock){....}-{2:2}, at: kill_fasync+0x192/0x4b0 [ 89.913172][ T5993] [ 89.913172][ T5993] and this task is already holding: [ 89.920917][ T5993] ffff888026640230 (&dev->event_lock#2){-...}-{2:2}, at: input_inject_event+0xab/0x320 [ 89.930742][ T5993] which would create a new lock dependency: [ 89.936659][ T5993] (&dev->event_lock#2){-...}-{2:2} -> (&new->fa_lock){....}-{2:2} [ 89.944902][ T5993] [ 89.944902][ T5993] but this new dependency connects a HARDIRQ-irq-safe lock: [ 89.954468][ T5993] (&dev->event_lock#2){-...}-{2:2} [ 89.954511][ T5993] [ 89.954511][ T5993] ... which became HARDIRQ-irq-safe at: [ 89.967471][ T5993] lock_acquire+0x197/0x410 [ 89.972277][ T5993] _raw_spin_lock_irqsave+0xa8/0xf0 [ 89.977840][ T5993] input_event+0x7a/0xc0 [ 89.982193][ T5993] psmouse_report_standard_packet+0x53/0x200 [ 89.988291][ T5993] psmouse_process_byte+0x478/0x670 [ 89.993793][ T5993] psmouse_handle_byte+0x43/0x490 [ 89.999018][ T5993] ps2_interrupt+0x164/0x980 [ 90.003879][ T5993] serio_interrupt+0x8b/0x130 [ 90.008762][ T5993] i8042_interrupt+0x394/0x730 [ 90.014056][ T5993] __handle_irq_event_percpu+0x276/0x930 [ 90.020100][ T5993] handle_irq_event+0x8b/0x1e0 [ 90.025142][ T5993] handle_edge_irq+0x247/0xb30 [ 90.030369][ T5993] __common_interrupt+0x13b/0x230 [ 90.036011][ T5993] common_interrupt+0xb4/0xd0 [ 90.040876][ T5993] asm_common_interrupt+0x26/0x40 [ 90.046169][ T5993] __kernfs_new_node+0xb4/0x7e0 [ 90.051378][ T5993] kernfs_new_node+0x14c/0x260 [ 90.056497][ T5993] kernfs_create_dir_ns+0x44/0x120 [ 90.061801][ T5993] sysfs_create_dir_ns+0x124/0x280 [ 90.067112][ T5993] kobject_add_internal+0x6b8/0xc70 [ 90.072981][ T5993] kobject_init_and_add+0x126/0x190 [ 90.078296][ T5993] lookup_or_create_module_kobject+0xe3/0x160 [ 90.084641][ T5993] module_add_driver+0xb9/0x300 [ 90.089941][ T5993] bus_add_driver+0x38c/0x640 [ 90.094896][ T5993] driver_register+0x23a/0x310 [ 90.100130][ T5993] usb_register_driver+0x206/0x3d0 [ 90.105360][ T5993] do_one_initcall+0x1fd/0x750 [ 90.110318][ T5993] do_initcall_level+0x137/0x1f0 [ 90.115525][ T5993] do_initcalls+0x69/0xd0 [ 90.120042][ T5993] kernel_init_freeable+0x3d2/0x570 [ 90.125436][ T5993] kernel_init+0x1d/0x1c0 [ 90.129882][ T5993] ret_from_fork+0x48/0x80 [ 90.134420][ T5993] ret_from_fork_asm+0x11/0x20 [ 90.139443][ T5993] [ 90.139443][ T5993] to a HARDIRQ-irq-unsafe lock: [ 90.146638][ T5993] (tasklist_lock){.+.+}-{2:2} [ 90.146664][ T5993] [ 90.146664][ T5993] ... which became HARDIRQ-irq-unsafe at: [ 90.159397][ T5993] ... [ 90.159405][ T5993] lock_acquire+0x197/0x410 [ 90.167017][ T5993] _raw_read_lock+0x36/0x50 [ 90.171722][ T5993] do_wait+0x294/0xaf0 [ 90.176031][ T5993] kernel_wait+0xac/0x170 [ 90.180456][ T5993] call_usermodehelper_exec_work+0xb9/0x220 [ 90.186540][ T5993] process_scheduled_works+0xa45/0x15b0 [ 90.192632][ T5993] worker_thread+0xa55/0xfc0 [ 90.197427][ T5993] kthread+0x2fa/0x390 [ 90.201808][ T5993] ret_from_fork+0x48/0x80 [ 90.206812][ T5993] ret_from_fork_asm+0x11/0x20 [ 90.211936][ T5993] [ 90.211936][ T5993] other info that might help us debug this: [ 90.211936][ T5993] [ 90.222781][ T5993] Chain exists of: [ 90.222781][ T5993] &dev->event_lock#2 --> &new->fa_lock --> tasklist_lock [ 90.222781][ T5993] [ 90.236420][ T5993] Possible interrupt unsafe locking scenario: [ 90.236420][ T5993] [ 90.245318][ T5993] CPU0 CPU1 [ 90.250786][ T5993] ---- ---- [ 90.256254][ T5993] lock(tasklist_lock); [ 90.260513][ T5993] local_irq_disable(); [ 90.267365][ T5993] lock(&dev->event_lock#2); [ 90.274767][ T5993] lock(&new->fa_lock); [ 90.281732][ T5993] [ 90.285378][ T5993] lock(&dev->event_lock#2); [ 90.290467][ T5993] [ 90.290467][ T5993] *** DEADLOCK *** [ 90.290467][ T5993] [ 90.298702][ T5993] 6 locks held by syz.0.50/5993: [ 90.303728][ T5993] #0: ffff888026642110 (&evdev->mutex){+.+.}-{3:3}, at: evdev_write+0x17b/0x470 [ 90.313862][ T5993] #1: ffff888026640230 (&dev->event_lock#2){-...}-{2:2}, at: input_inject_event+0xab/0x320 [ 90.324425][ T5993] #2: ffffffff8cd2fe20 (rcu_read_lock){....}-{1:2}, at: input_inject_event+0xbc/0x320 [ 90.334558][ T5993] #3: ffffffff8cd2fe20 (rcu_read_lock){....}-{1:2}, at: input_pass_values+0xa3/0x1300 [ 90.344758][ T5993] #4: ffffffff8cd2fe20 (rcu_read_lock){....}-{1:2}, at: mousedev_notify_readers+0x2c/0xc00 [ 90.354988][ T5993] #5: ffffffff8cd2fe20 (rcu_read_lock){....}-{1:2}, at: kill_fasync+0x53/0x4b0 [ 90.364330][ T5993] [ 90.364330][ T5993] the dependencies between HARDIRQ-irq-safe lock and the holding lock: [ 90.375092][ T5993] -> (&dev->event_lock#2){-...}-{2:2} { [ 90.380771][ T5993] IN-HARDIRQ-W at: [ 90.384931][ T5993] lock_acquire+0x197/0x410 [ 90.391289][ T5993] _raw_spin_lock_irqsave+0xa8/0xf0 [ 90.398355][ T5993] input_event+0x7a/0xc0 [ 90.404361][ T5993] psmouse_report_standard_packet+0x53/0x200 [ 90.412268][ T5993] psmouse_process_byte+0x478/0x670 [ 90.419218][ T5993] psmouse_handle_byte+0x43/0x490 [ 90.426444][ T5993] ps2_interrupt+0x164/0x980 [ 90.432696][ T5993] serio_interrupt+0x8b/0x130 [ 90.439030][ T5993] i8042_interrupt+0x394/0x730 [ 90.445477][ T5993] __handle_irq_event_percpu+0x276/0x930 [ 90.452809][ T5993] handle_irq_event+0x8b/0x1e0 [ 90.459245][ T5993] handle_edge_irq+0x247/0xb30 [ 90.465748][ T5993] __common_interrupt+0x13b/0x230 [ 90.472445][ T5993] common_interrupt+0xb4/0xd0 [ 90.478903][ T5993] asm_common_interrupt+0x26/0x40 [ 90.485757][ T5993] __kernfs_new_node+0xb4/0x7e0 [ 90.492355][ T5993] kernfs_new_node+0x14c/0x260 [ 90.499185][ T5993] kernfs_create_dir_ns+0x44/0x120 [ 90.506053][ T5993] sysfs_create_dir_ns+0x124/0x280 [ 90.513267][ T5993] kobject_add_internal+0x6b8/0xc70 [ 90.520314][ T5993] kobject_init_and_add+0x126/0x190 [ 90.527523][ T5993] lookup_or_create_module_kobject+0xe3/0x160 [ 90.535255][ T5993] module_add_driver+0xb9/0x300 [ 90.542476][ T5993] bus_add_driver+0x38c/0x640 [ 90.549208][ T5993] driver_register+0x23a/0x310 [ 90.555817][ T5993] usb_register_driver+0x206/0x3d0 [ 90.562853][ T5993] do_one_initcall+0x1fd/0x750 [ 90.569312][ T5993] do_initcall_level+0x137/0x1f0 [ 90.576012][ T5993] do_initcalls+0x69/0xd0 [ 90.582293][ T5993] kernel_init_freeable+0x3d2/0x570 [ 90.589507][ T5993] kernel_init+0x1d/0x1c0 [ 90.595627][ T5993] ret_from_fork+0x48/0x80 [ 90.602094][ T5993] ret_from_fork_asm+0x11/0x20 [ 90.609006][ T5993] INITIAL USE at: [ 90.613276][ T5993] lock_acquire+0x197/0x410 [ 90.620252][ T5993] _raw_spin_lock_irqsave+0xa8/0xf0 [ 90.627494][ T5993] input_inject_event+0xab/0x320 [ 90.634211][ T5993] led_trigger_event+0x133/0x210 [ 90.641250][ T5993] kbd_led_trigger_activate+0xbd/0x100 [ 90.648303][ T5993] led_trigger_set+0x524/0x940 [ 90.655054][ T5993] led_trigger_set_default+0x1a0/0x1e0 [ 90.662096][ T5993] led_classdev_register_ext+0x6e9/0x940 [ 90.669680][ T5993] input_leds_connect+0x4eb/0x6b0 [ 90.676503][ T5993] input_register_device+0xcdc/0x1070 [ 90.684011][ T5993] atkbd_connect+0x6fb/0x9a0 [ 90.690605][ T5993] serio_driver_probe+0x7a/0xa0 [ 90.697343][ T5993] really_probe+0x25b/0xb40 [ 90.703618][ T5993] __driver_probe_device+0x18c/0x330 [ 90.710832][ T5993] driver_probe_device+0x4f/0x420 [ 90.717689][ T5993] __driver_attach+0x44e/0x6f0 [ 90.724036][ T5993] bus_for_each_dev+0x22d/0x2a0 [ 90.730717][ T5993] serio_handle_event+0x1a2/0x860 [ 90.737571][ T5993] process_scheduled_works+0xa45/0x15b0 [ 90.745131][ T5993] worker_thread+0xa55/0xfc0 [ 90.751577][ T5993] kthread+0x2fa/0x390 [ 90.757511][ T5993] ret_from_fork+0x48/0x80 [ 90.763590][ T5993] ret_from_fork_asm+0x11/0x20 [ 90.770545][ T5993] } [ 90.773052][ T5993] ... key at: [] input_allocate_device.__key.5+0x0/0x20 [ 90.782338][ T5993] [ 90.782338][ T5993] the dependencies between the lock to be acquired [ 90.782350][ T5993] and HARDIRQ-irq-unsafe lock: [ 90.796269][ T5993] -> (tasklist_lock){.+.+}-{2:2} { [ 90.801860][ T5993] HARDIRQ-ON-R at: [ 90.806114][ T5993] lock_acquire+0x197/0x410 [ 90.812886][ T5993] _raw_read_lock+0x36/0x50 [ 90.819486][ T5993] do_wait+0x294/0xaf0 [ 90.825763][ T5993] kernel_wait+0xac/0x170 [ 90.832391][ T5993] call_usermodehelper_exec_work+0xb9/0x220 [ 90.840749][ T5993] process_scheduled_works+0xa45/0x15b0 [ 90.848632][ T5993] worker_thread+0xa55/0xfc0 [ 90.855528][ T5993] kthread+0x2fa/0x390 [ 90.861792][ T5993] ret_from_fork+0x48/0x80 [ 90.868236][ T5993] ret_from_fork_asm+0x11/0x20 [ 90.875210][ T5993] SOFTIRQ-ON-R at: [ 90.879509][ T5993] lock_acquire+0x197/0x410 [ 90.886311][ T5993] _raw_read_lock+0x36/0x50 [ 90.893029][ T5993] do_wait+0x294/0xaf0 [ 90.899380][ T5993] kernel_wait+0xac/0x170 [ 90.906000][ T5993] call_usermodehelper_exec_work+0xb9/0x220 [ 90.914439][ T5993] process_scheduled_works+0xa45/0x15b0 [ 90.922178][ T5993] worker_thread+0xa55/0xfc0 [ 90.928863][ T5993] kthread+0x2fa/0x390 [ 90.934945][ T5993] ret_from_fork+0x48/0x80 [ 90.941540][ T5993] ret_from_fork_asm+0x11/0x20 [ 90.948376][ T5993] INITIAL USE at: [ 90.952449][ T5993] lock_acquire+0x197/0x410 [ 90.959138][ T5993] _raw_write_lock_irq+0xa3/0xe0 [ 90.966090][ T5993] copy_process+0x225d/0x3d70 [ 90.972894][ T5993] kernel_clone+0x21b/0x840 [ 90.979537][ T5993] user_mode_thread+0xde/0x130 [ 90.986511][ T5993] rest_init+0x27/0x300 [ 90.992876][ T5993] arch_call_rest_init+0xe/0x10 [ 91.000289][ T5993] start_kernel+0x459/0x4e0 [ 91.006847][ T5993] x86_64_start_reservations+0x2a/0x30 [ 91.015366][ T5993] copy_bootdata+0x0/0xe0 [ 91.021882][ T5993] secondary_startup_64_no_verify+0x179/0x17b [ 91.030680][ T5993] INITIAL READ USE at: [ 91.035643][ T5993] lock_acquire+0x197/0x410 [ 91.042706][ T5993] _raw_read_lock+0x36/0x50 [ 91.049647][ T5993] do_wait+0x294/0xaf0 [ 91.056250][ T5993] kernel_wait+0xac/0x170 [ 91.063313][ T5993] call_usermodehelper_exec_work+0xb9/0x220 [ 91.071924][ T5993] process_scheduled_works+0xa45/0x15b0 [ 91.080463][ T5993] worker_thread+0xa55/0xfc0 [ 91.087429][ T5993] kthread+0x2fa/0x390 [ 91.094114][ T5993] ret_from_fork+0x48/0x80 [ 91.100891][ T5993] ret_from_fork_asm+0x11/0x20 [ 91.108095][ T5993] } [ 91.111034][ T5993] ... key at: [] tasklist_lock+0x18/0x40 [ 91.119323][ T5993] ... acquired at: [ 91.123387][ T5993] _raw_read_lock+0x36/0x50 [ 91.128533][ T5993] send_sigurg+0xf0/0x3c0 [ 91.133235][ T5993] sk_send_sigurg+0x6f/0xc0 [ 91.138237][ T5993] queue_oob+0x3d7/0x4e0 [ 91.142936][ T5993] unix_stream_sendmsg+0xaa2/0xba0 [ 91.148690][ T5993] ____sys_sendmsg+0x5bf/0x950 [ 91.153670][ T5993] ___sys_sendmsg+0x220/0x290 [ 91.158653][ T5993] __sys_sendmmsg+0x275/0x4a0 [ 91.163617][ T5993] __x64_sys_sendmmsg+0xa0/0xb0 [ 91.169135][ T5993] do_syscall_64+0x55/0xb0 [ 91.173936][ T5993] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 91.180031][ T5993] [ 91.182801][ T5993] -> (&f->f_owner.lock){....}-{2:2} { [ 91.188747][ T5993] INITIAL USE at: [ 91.193008][ T5993] lock_acquire+0x197/0x410 [ 91.199630][ T5993] _raw_write_lock_irq+0xa3/0xe0 [ 91.206488][ T5993] __f_setown+0x3b/0x330 [ 91.212840][ T5993] do_fcntl+0x10df/0x1380 [ 91.218943][ T5993] __se_sys_fcntl+0xc9/0x1a0 [ 91.225822][ T5993] do_syscall_64+0x55/0xb0 [ 91.232267][ T5993] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 91.240105][ T5993] INITIAL READ USE at: [ 91.244816][ T5993] lock_acquire+0x197/0x410 [ 91.251505][ T5993] _raw_read_lock_irqsave+0xb0/0x100 [ 91.259151][ T5993] send_sigurg+0x29/0x3c0 [ 91.266028][ T5993] sk_send_sigurg+0x6f/0xc0 [ 91.272814][ T5993] queue_oob+0x3d7/0x4e0 [ 91.279259][ T5993] unix_stream_sendmsg+0xaa2/0xba0 [ 91.286605][ T5993] ____sys_sendmsg+0x5bf/0x950 [ 91.293580][ T5993] ___sys_sendmsg+0x220/0x290 [ 91.300569][ T5993] __sys_sendmmsg+0x275/0x4a0 [ 91.307675][ T5993] __x64_sys_sendmmsg+0xa0/0xb0 [ 91.314880][ T5993] do_syscall_64+0x55/0xb0 [ 91.321655][ T5993] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 91.330187][ T5993] } [ 91.332780][ T5993] ... key at: [] init_file.__key+0x0/0x20 [ 91.340682][ T5993] ... acquired at: [ 91.344667][ T5993] _raw_read_lock_irqsave+0xb0/0x100 [ 91.350575][ T5993] send_sigio+0x33/0x360 [ 91.355232][ T5993] kill_fasync+0x228/0x4b0 [ 91.360004][ T5993] sock_wake_async+0x137/0x160 [ 91.365168][ T5993] sk_wake_async+0x184/0x280 [ 91.370161][ T5993] sock_def_readable+0x22d/0x430 [ 91.375378][ T5993] queue_oob+0x404/0x4e0 [ 91.379994][ T5993] unix_stream_sendmsg+0xaa2/0xba0 [ 91.385498][ T5993] ____sys_sendmsg+0x5bf/0x950 [ 91.390541][ T5993] ___sys_sendmsg+0x220/0x290 [ 91.395513][ T5993] __sys_sendmmsg+0x275/0x4a0 [ 91.400495][ T5993] __x64_sys_sendmmsg+0xa0/0xb0 [ 91.405803][ T5993] do_syscall_64+0x55/0xb0 [ 91.410476][ T5993] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 91.416645][ T5993] [ 91.418985][ T5993] -> (&new->fa_lock){....}-{2:2} { [ 91.424126][ T5993] INITIAL USE at: [ 91.428103][ T5993] lock_acquire+0x197/0x410 [ 91.434279][ T5993] _raw_write_lock_irq+0xa3/0xe0 [ 91.441164][ T5993] fasync_remove_entry+0xf4/0x1c0 [ 91.447767][ T5993] sock_fasync+0x88/0xf0 [ 91.453699][ T5993] __fput+0x7f3/0x970 [ 91.459438][ T5993] task_work_run+0x1ce/0x250 [ 91.465778][ T5993] exit_to_user_mode_loop+0xe6/0x110 [ 91.473381][ T5993] exit_to_user_mode_prepare+0xf6/0x180 [ 91.480869][ T5993] syscall_exit_to_user_mode+0x1a/0x50 [ 91.488546][ T5993] do_syscall_64+0x61/0xb0 [ 91.495077][ T5993] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 91.502817][ T5993] INITIAL READ USE at: [ 91.507294][ T5993] lock_acquire+0x197/0x410 [ 91.514613][ T5993] _raw_read_lock_irqsave+0xb0/0x100 [ 91.522130][ T5993] kill_fasync+0x192/0x4b0 [ 91.528839][ T5993] sock_wake_async+0x137/0x160 [ 91.535619][ T5993] sk_wake_async+0x184/0x280 [ 91.542737][ T5993] queue_oob+0x3d7/0x4e0 [ 91.549157][ T5993] unix_stream_sendmsg+0xaa2/0xba0 [ 91.556457][ T5993] ____sys_sendmsg+0x5bf/0x950 [ 91.563237][ T5993] ___sys_sendmsg+0x220/0x290 [ 91.570881][ T5993] __sys_sendmmsg+0x275/0x4a0 [ 91.577916][ T5993] __x64_sys_sendmmsg+0xa0/0xb0 [ 91.585049][ T5993] do_syscall_64+0x55/0xb0 [ 91.591473][ T5993] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 91.599465][ T5993] } [ 91.601975][ T5993] ... key at: [] fasync_insert_entry.__key+0x0/0x20 [ 91.610956][ T5993] ... acquired at: [ 91.614933][ T5993] _raw_read_lock_irqsave+0xb0/0x100 [ 91.620408][ T5993] kill_fasync+0x192/0x4b0 [ 91.625179][ T5993] mousedev_notify_readers+0x6eb/0xc00 [ 91.630830][ T5993] mousedev_event+0x5f0/0x1310 [ 91.636389][ T5993] input_pass_values+0x9c9/0x1300 [ 91.641601][ T5993] input_event_dispose+0x346/0x6c0 [ 91.647066][ T5993] input_inject_event+0x1f9/0x320 [ 91.652269][ T5993] evdev_write+0x32a/0x470 [ 91.657383][ T5993] vfs_write+0x288/0x940 [ 91.661981][ T5993] ksys_write+0x147/0x250 [ 91.666497][ T5993] do_syscall_64+0x55/0xb0 [ 91.671267][ T5993] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 91.677608][ T5993] [ 91.680032][ T5993] [ 91.680032][ T5993] stack backtrace: [ 91.686022][ T5993] CPU: 0 PID: 5993 Comm: syz.0.50 Not tainted syzkaller #0 [ 91.693753][ T5993] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 91.703989][ T5993] Call Trace: [ 91.707405][ T5993] [ 91.710455][ T5993] dump_stack_lvl+0x16c/0x230 [ 91.715321][ T5993] ? load_image+0x3b0/0x3b0 [ 91.720090][ T5993] ? show_regs_print_info+0x20/0x20 [ 91.725384][ T5993] ? load_image+0x3b0/0x3b0 [ 91.730150][ T5993] ? print_shortest_lock_dependencies+0xf4/0x160 [ 91.736749][ T5993] __lock_acquire+0x678f/0x7c80 [ 91.741788][ T5993] ? verify_lock_unused+0x140/0x140 [ 91.747006][ T5993] ? verify_lock_unused+0x140/0x140 [ 91.752404][ T5993] lock_acquire+0x197/0x410 [ 91.757088][ T5993] ? kill_fasync+0x192/0x4b0 [ 91.761943][ T5993] ? read_lock_is_recursive+0x20/0x20 [ 91.767506][ T5993] _raw_read_lock_irqsave+0xb0/0x100 [ 91.772892][ T5993] ? kill_fasync+0x192/0x4b0 [ 91.777576][ T5993] ? _raw_read_lock+0x50/0x50 [ 91.782350][ T5993] kill_fasync+0x192/0x4b0 [ 91.786775][ T5993] ? kill_fasync+0x53/0x4b0 [ 91.791285][ T5993] mousedev_notify_readers+0x6eb/0xc00 [ 91.796762][ T5993] ? mousedev_notify_readers+0x2c/0xc00 [ 91.802318][ T5993] mousedev_event+0x5f0/0x1310 [ 91.807086][ T5993] ? mousedev_packet+0x9f0/0x9f0 [ 91.812156][ T5993] input_pass_values+0x9c9/0x1300 [ 91.817375][ T5993] ? input_pass_values+0xa3/0x1300 [ 91.822502][ T5993] input_event_dispose+0x346/0x6c0 [ 91.827633][ T5993] input_inject_event+0x1f9/0x320 [ 91.832754][ T5993] ? input_inject_event+0xbc/0x320 [ 91.837881][ T5993] evdev_write+0x32a/0x470 [ 91.842303][ T5993] ? evdev_read+0xb50/0xb50 [ 91.846932][ T5993] ? common_file_perm+0x198/0x1f0 [ 91.851970][ T5993] ? fsnotify_perm+0x5d/0x5e0 [ 91.856851][ T5993] ? security_file_permission+0x79/0xa0 [ 91.862440][ T5993] ? evdev_read+0xb50/0xb50 [ 91.866982][ T5993] vfs_write+0x288/0x940 [ 91.871329][ T5993] ? file_end_write+0x250/0x250 [ 91.876277][ T5993] ? __fget_files+0x28/0x4d0 [ 91.880964][ T5993] ? __fget_files+0x44a/0x4d0 [ 91.885741][ T5993] ? __fdget_pos+0x1d8/0x330 [ 91.890429][ T5993] ? ksys_write+0x75/0x250 [ 91.895098][ T5993] ksys_write+0x147/0x250 [ 91.899528][ T5993] ? __ia32_sys_read+0x90/0x90 [ 91.904393][ T5993] ? lockdep_hardirqs_on+0x98/0x150 [ 91.909724][ T5993] do_syscall_64+0x55/0xb0 [ 91.914247][ T5993] ? clear_bhb_loop+0x40/0x90 [ 91.919110][ T5993] ? clear_bhb_loop+0x40/0x90 [ 91.923798][ T5993] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 91.929793][ T5993] RIP: 0033:0x7f279f18eec9 [ 91.934387][ T5993] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 91.954204][ T5993] RSP: 002b:00007f279ff42038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 91.962631][ T5993] RAX: ffffffffffffffda RBX: 00007f279f3e5fa0 RCX: 00007f279f18eec9 [ 91.970608][ T5993] RDX: 0000000000000918 RSI: 0000200000000040 RDI: 0000000000000003 [ 91.978586][ T5993] RBP: 00007f279f211f91 R08: 0000000000000000 R09: 0000000000000000 [ 91.986744][ T5993] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 91.995181][ T5993] R13: 00007f279f3e6038 R14: 00007f279f3e5fa0 R15: 00007ffc5637a7b8 [ 92.003356][ T5993] [ 92.455372][ T787] cfg80211: failed to load regulatory.db