last executing test programs: 8.06898154s ago: executing program 0 (id=1158): openat(0xffffffffffffff9c, &(0x7f0000002400)='./file1\x00', 0x6142, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x0, 0x0) ftruncate(r0, 0x0) 7.903068605s ago: executing program 0 (id=1159): syz_mount_image$fuse(0x0, &(0x7f00000004c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$fuse(0x0, &(0x7f0000000800)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 7.833465338s ago: executing program 0 (id=1161): r0 = memfd_create(&(0x7f0000000480)='\xc0\x87:*\x18\xc1k\xa7\x87[\xa0o8\xaaK\xa5\xd3\v\x86\xca<\x7f\xfd6\x8d}\xd8\xf2G\xa3\xd9\x9a@\xdb #\xf8\b\xe0\xfa\xb1\xd8N\xb2W\xcb\x8d}3lm8\xa57\xc9\x00HOA\xc8\x80kR\xfc\xcb[\xc7%\x88 \xeeQR\x9f\x81\x8b\xdc\xc7\xdc\xde\x04\x00\x00\x00\x11)W\x9c\x82\x91\x17\xd8\xda@4\x9f\xf5\xc5\xe3\x8d.\xd1=\xcf\xbf\x81\b\x8d%K\x1d\xe7_\xde\x87\xdd\xc1\xf0\x91\x1a!\x9c\xd3\v\xc9\x95d\xe3*\xa9\xfa\x99\x9d\xb8\x89\xf5a2\x00;\xe5\xc81P[\x94\x98\x12\xac\xa4\xec>\xc9\xf2/\x13{\x1a\x7f\x00\x00\x00\x00+\x00\x02\xaa;*\x89\xb1\xa8\x8a\x13[\xfb\xe8\tX\xb7KV\x90\xc3D\x82`\xea\x16\xc6\xcef\xab\x05\x19\x96\xb9_6*-\xf3\x8c\x9a\x15\x9c\xf5\xb4O\x17@d\x81+\xf6\xe6+\xed\r\xd2\xb3\xaa\x9b\x7fC\'\xa2\xf6\x12\xa1\x15Punfo\x7f\x92G\x0e.\xce\xd8h\xb9p2\xccC\xbaH\xc4\xdc\xe2\xa1%)\x85\xc7O]\'9\x92\xad\xfbJ\x02\x1d\x91-\xc3\x0e\t&\xbdq\x06`T\xc8\x92\xaf\xad#\xd8b\x90\xeb\x05\x9f\t5\x06\xdd\xaf\x84\xf4\"\x13\xcf\xe5\x93D\x8d~\x01\t\x00\x00\xaa\xb2\xb1\x03m\x82+\x06\x1bF^\xd3n\xc4F\xc1\xc08\x94\xe6\xe5\x1f\xa7\xf6\xcaA\x90T\x1b\xe6\xb9\xe7\xff\xc5H\x04\x8d\xca\xad\x17UlY\x9a}\r4\xac\x93\xac\v2\xc6\xf9\xbe\xfeI\x8b\xd4/`\xab\x1e\xcf\x7f\b\x94 2.{\xc1\xbe\x9bth~\xcb\xb9E\x10W\xed\xed51[\xc5\xeb2\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\xdem\xe3)q:3\xfa*\x98o\'f\xbcY\x8e?\xf9\x84y\x89Y\x1c]\xad$\x7fp\xf1\xa3\x99[\xff\x1f\x94\xc2\xdb\xbaG\xa6UD\x88Y6\x11Y\xd4\xd1\xde\x9a{]\xe2\x98W\xb9\x13\x17<\x8b!?\x8e\xbc\xae\xf9\xcc\b\x90n\x15\x7f\xd5WS\xfbN\xec)B\xe7R\xa5\xd7O\x83\x80}\xcc5\x99\xdb\xd6\xbd\x9c\x05l\xfc.\xf4\xbbeF\xa3\xea}\xf1\x8bz\xca\xad\x82\xd9IRV5\xa77\'\x1a\x1c\x89\xef:\xee\x10\xb2\xd6\xc8\xf4\xb5\xdd\xd8c!@JRY\xa3|Pjk\xdc\xa5d\xc2\xecn\xc9X\xfc\xd4D\x13\"\xb2\x06\xbd&\xf86\xddXv\xc9\x1322L\xaa\xa4\xb67\x89D\x93L\xc0\xa41\xf9sNG\x02\x83\xe6Bl\xd2\x02\xfb[\x82\xc0I\xb7\xf6 \xa2\xa1}\xee}\x00\x00\x00\x00\'\xc7J\xca\xdf:\x8ft\xe0\xf8\a\xf6\xf6\xa6\x88\xfd\xc2\xa9\x14\xf3\xe1}\r.\a\x97~A\x16lR\x96\xf0\xaa,;+\xa6\x1eD\xbb1\xe3\xb7-\x96\xc1\x19\x85\xe8\x9b\xfb4\x97\x9d\xdf;*S\xcf\xad\xe3\n\xac\x85\xacVI\xf1\x8b\xa0g\ap\xe3m\xac\xa5\x8fly\x95\b1L\xd91\x06\xeb(\xe9\xad\x81\x7f!\x9d%n7\xb9\xf3\x83\x1fN\xbf]\xa0\xd8\xd6**\xe3\x89\xa1V\x9cCN\x92c\x83\x8c\xf7\xfa\x95p\x92\xdag\xa9\x03\xd7\x8f\x8b\x91\xc7+\xa4\x01$\xe7\x12\xc6>\xf0*\xee\xcb.q\xa6\xe3\"\x1b\x88_y?\x96\xab|\x853\xa7\xf1\"\x8b\xde\xc5_Rtg\xcc,s\"]\xcd?\x80\xa8|?\xaf\xdc^3L\xf5I<\xa4\xe5\x8c\x14Re\xb9|\x1d\xb5\xeb8\x82\xf0\x84\xe1h\xc3\xb9\xc6\x7fY\xa6\x92;V\xe7+\xb9\"', 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='gid_map\x00') mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x11, r0, 0x0) fallocate(r0, 0x0, 0x0, 0x800000b) pwritev(r1, &(0x7f0000000240), 0x0, 0x0, 0x0) symlink(&(0x7f0000000000)='./file1\x00', &(0x7f0000000040)='.\x00') 6.672008025s ago: executing program 0 (id=1170): syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) mlockall(0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7ffffffb}]}) write(0xffffffffffffffff, 0x0, 0x0) timer_create(0x0, &(0x7f0000000200)={0x0, 0x0, 0x800000000004, @thr={0x0, 0x0}}, 0x0) openat$null(0xffffffffffffff9c, 0x0, 0x0, 0x0) unshare(0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) 5.778543294s ago: executing program 0 (id=1174): r0 = memfd_create(&(0x7f00000006c0)='\x00\xac=W[[\x87\x12\x04\xd5\xbc\x80K\x06\xcd]4(\xa2\xee2>\xa1\x9c\x86x\x1c\x9f\x97\x87\xd9c\xecR\xd6\xe8\xf3Y\x121p^\xc1\x0f\x00\x00\x00\x00\x00\x00\x00t\x00\x00\x00\x00\x00\x00\x00\x05\x00\x00\x00\x00M\xc2N%\x93t[\xf3\xee\xa4\xb4\xfbf\x8dz7\\\x8e\xac\x18\x00\xfd\x89\xe1d\xfa\xcfb\xf3\xdc\xd4CY\x9a{8=\xef*\xef\xa3\\\xa7\xa9^\xafL:[\x8e\x83U\xff\xfd\xb0\xfa\xdaL\xa99\x9b\xcfA\xe4n\xa0^\n\x1c\x84\x04\xc5a\xdf\xe5\xd4Hyn\xba:/\xa5\xf4\xaa\xfa\xcd\xc7T\x83\xf5N^\xf2n\xd0=\xb9\t\xdd-F\xacb\xac \xd3\xccj\x13\xa2\x9fLu\'\xed\x91\x867\xaa\xf5\xa0]\xb6\xaa\xea\xfd\xde\xa6\xec\b\x16\x86l:;\xf9\xdb\xcf\x88\"\xca\xe0E\xdb\xec\xf9\xb3\xed\a\x00\x00\x00\x00\x00\x00\x00\xd6.\xf7\x92\xc42\xdf\xefE\xce}\x1b\xda\xdd?\n6\xe1\xb1\xd8Y\x960\xd1\x00\x00\x00\x00\x00\x00MW\x8f\xc6\x82\xe4\x15\xf7\xe9\xd8\xc5b\x0e\x91\xc5\xc76$\x18\xa4\xbe\xe8V\x8d-\xe3\x8fC\xd5\xf5\xd6L\xe3\xce\xa1\x8dz\xce\xa7\xa5\xc8\xcbhM\x1b\xf8\x98\xc4\xfbD6\x88\xfd\xe5i\x8a\xd8\xcfm\x81Z\x19\xf0\xef\xc15\xe8\xcb\xf5\t\t\x00\x17\xfa\x1fqb\xe7\"\xcb4\xb8\xe5/\xd52\x17\x12\x1d\xd8\x87\xb9|\x8d\x83\xea\xcc\x94\xebZ\xae\xaf\x19\xa4\xb2\xc6\xe1\x926B\xb6\x89Z\xa9\xb5/\xbb\x9d&\xeeO\xb3\xb3\xd4\b`\xa9f\x84\xad\t\x1a\xc2\xd5\x88\xbfo\x80V\x93\x9fX\xd7\xff\x03\xb7J\xed\x183\xe3\x7f\xfaq,\xca\x06\xb0\xc9\x92\x93\xa5I\x89\xb7\x85\x90\xb7\x1b0\xce\xd7!\x8fD\x96\xe1 ^>\x9f\x04\x89<\xb7S\x7f\x1a\x88\xab$\xd3y\xc2\xe1\x99\xbch\xd3\x83\xcd\x7f\xc5n\xb1\xc1X \xe2\xbb\x1f\x01\x90\xb1O\x8d\x7f\xa8\xd4\xdbO\xef\x99\xf3\xd3M\x0f\t\x7f\n,\x84\x1f\xfa\xe2\xc8\x99\x97Oq\xae\x9b\x86h\xfa3\xb9\xfd\xbb\xd4^\xc0t\xa7]Y\xe9\x7f[\x11\xb1\xf3m\xf2w\x91\x9f\xe4\xa8\xbdF\xf5\x02s\xee\b\xbc\xaf\xd0\x17F\x9d\x18\xe2\xe1\x01\xb6f=-?\xbcI\xf2\xd9\xc4>-\xc0E\x9a\x82\xcc7S\xd4\xb6\'\xd2DY\xa5\x83,\xd1\xbc\xc7\xf6\xe0\x1f o\x06\xc2t\x14\xc2\xe0\x92\xc1\x8a\x85>@\xc9\xb0% \xc7\x13l\x8bJ\xe5\xec\x1dE\xf5\xc5\xe2\xe3\x10G7r#\xbc\x95&\x14\x1e\x97\xce\x83>Q@\xfb\xeb=\x1e\xb3\xd5H\x02\x86\xc6\xf3\xe1i\\\x1d\xf4\xc1\xacJC+\xc8}\x1b{\x86\x17\x00\n\"\xec\xa5x\xe6\xb1i\xeb\xb3\xb7I\x90\x9eai\xde\x01\xdc\xfeA\x05Sn\xe6\xe8^\xdf\x8c`\x17\xca\xbd\\QG\xb15\x82*=\xbd\xe9\xaf\x12<\xd7\xe1$\xa4\xdaU\xfb^\xd8!\xacxy\xd5X\xef\x03\xa7\x10\xa1C#S~\x0f\x17\t>X\\mv0\x9eZ\x89\xf4\xae\a\xc8\x16\xd2t\x16\xf3X%Q\xbd\xe9\x86V\xf2\x99^0\xe8xI(\xde-\x04s\x15\x06#2\xef\xef@\xa3t0d^^\xad\xf6\xad\xe0\x16\xf6\xa8\x99!\x0e\x9d+;D&\xebN\x94\x12\x04\x95o\xd6\x9fl\xcb\x16gc\xf5(\xaa_\xec\x9aiE\f\xd4\xc6\xf2\xae\x85n\x995\xcd\xa7\xbb\xf0pz\xaf\tC\x1cq\xaa\x92,Li\r\x95Z\x89\"\xaf]\x95\xb9b_\xe4\xba\xd4\x93\xab\xe1\xf50\xeb&\x1d\x88\xd3\x8f+\xbe\x81N\xd2\xae\xf4\x18\xd0\xe7\x98\x90,\xce\ft\xc4\xc7\x02\xaa\xc7\xeb1;\x86b\x8f\x12{k#c\x1d@\xc31\x00\xd2}f\x8cX\xce\xed\xa4\xe4\xca`<_}\'\xce\x81\xb3O\xae\xa1\xbfwcN,\xf2#\x16\xc4\xad\a&\xb1U\x83w\xd0K\xaa\xdf\x84\xe5\xe4\xdb\xa3G(\x7fv\x93\xb8m\x96\xd89Kb\xa9\x852\xb9\xcaG\x8b\x11\x16\x16\xeeI\x14\xcb\xe4\x9a\x1e\xb6^\xa3\xaa^\xdc\xcfo\xfb\xd6<\xa2\xc6\xbdj\xc4\xb1B\xf3S}\xfeI\xe2e\xec}o\xcfB\xa6\x877\'\x80\x82\t\xec\xc1&\xb8\xa9\x82&\xb8XQ8M@\xaa\x1f\vj\x9aW\xec\x92\x19\xdb^\x9d\x94\x87-&\x00/z\xa2\xd7\x01\\\t\xae~\xed\no\x1a\x9cKG^+\xc9\xe0v\xc0\x96\xc4\xcc\xb7\xdd\xdf\xf9\x01\x91\xe5\to[\x97\xbe\x110\x93\x14\xf8\x8a\x8d\xeb\t\xe7?/C\xaa\xd9\xc4\xc9', 0x0) write(r0, &(0x7f0000000140)='/', 0x1) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x100000c, 0x11, r0, 0x0) umount2(&(0x7f0000000300)='./file0\x00', 0x0) 4.824200965s ago: executing program 0 (id=1179): r0 = memfd_create(&(0x7f00000004c0)='\x01\fD\xd1\x1e\x803\x00\x00\xbf\xecs \xc5\xb55nVg\x1b\xa3\x8a\xcc\xf2!PmENs\xe5\x83rz\xc0\x03\x00\x00\x00\xd1\x8e\x81\n\xc0\xb3Ac\xfe(\x00\x13\xaeZ\x8bp\x1e\xdc\x18\xddf\xe9\xe1\t\bR) \xa9P\x02\x00\xe1-q \xb3\x80\xb9\xdfj\xed\xb9_o\xa6\x04\xf5\x9f\x04\xf1\xd5\xe3\xfa\xfd\x161\x13rCc\x84\xa6y\xb7\xbe\xf5\xcc\a\fM\xa9\xcbX\x891\xed\a\xf9\xa6\xd8\xd0\x03\x00\x00\x00\x00\x00\x00\x00\']\by\xb5\xbcI\xbf\xac*\xb4\xed\xf0^\xd35\xeb=\xc7\x82;\xb32;\xc5\xa3\xc8\xb9\xf2\xe5\xf4\x93[\x91F\x83?\xfe\xd9\x7ffvQ\xff\xc0\x8f\xe4\xb8\xa3\xbf\xceAT\x17\xc6\x81\xc0m}O\xfd\xe0\x05$\xcd\xfdkMu\x9bQ\xd8z\xe0\xd6\xe2\xbe\xf4\xd5\x16\x94\xe0\xbf0\xde\xcaS/\xf7\xeb\x89bmX0\x94T\x10\x9dx@\xce:]\xb68\xa2W\xcb\x86\b\x03s\xb4q>\xe88\x19\x1a\x14Z\xf3\xd7\x92\xe4bT\xc1.\xfc\xd4\xcay)$\n\x05\xd1\xc5V\x91\xe3W\x10r\x9b~n`z\x8c\x16c\xa1d\x00\x00\x00\x00\x00\x00\x00\x00\x00\x89\xba\xad!\xfe\xdb\xe9\x8d\xffI\x8a=\x81\xc8\x9f\x17N\x80\x06\xc7\xbe\xf2\x9b\x86Z\xc8\xf8\x16)\xef\xab\xbaD8\xecd\\\x10\x10btN\xd0g!\xcc\xbe\xcd\xb7\x16\x19\x89\xceBy|\xe0\x12\x92`Y\x06\x17\xc8mt\xc4d\xd4{\xaa/+9\x87\xf5L\xa9+4\x12Z\x15\xc8\nb}\x15\xc3^r\x03{\xb2\n\x02\xc7;\xdd\xac\xec\xde\x14#`\xcc\xaa\x0f\xdc\x8b\x9a3\n9\x11\xe8Y;@7Cl\xe7\x90\x17\xbb\x9c\xfb\xcc\xb7\'\xf4\xff\xd0\xc2+\xc6)\x15\"\xff\'L\x06\xc2\x8bC\xc7\xee\xb9\xa2B\x7f\'\nU4w\x9c\x15 \"lR\xf1\xbe\xe6', 0x0) r1 = dup(r0) write$binfmt_aout(r0, &(0x7f00000006c0)={{}, "", ['\x00']}, 0x120) sendfile(r0, r1, &(0x7f0000000080), 0x20000080000001) r2 = memfd_create(&(0x7f00000004c0)='\x01\fD\xd1\x1e\x803\x00\x00\xbf\xecs \xc5\xb55nVg\x1b\xa3\x8a\xcc\xf2!PmENs\xe5\x83rz\xc0\x03\x00\x00\x00\xd1\x8e\x81\n\xc0\xb3Ac\xfe(\x00\x13\xaeZ\x8bp\x1e\xdc\x18\xddf\xe9\xe1\t\bR) \xa9P\x02\x00\xe1-q \xb3\x80\xb9\xdfj\xed\xb9_o\xa6\x04\xf5\x9f\x04\xf1\xd5\xe3\xfa\xfd\x161\x13rCc\x84\xa6y\xb7\xbe\xf5\xcc\a\fM\xa9\xcbX\x891\xed\a\xf9\xa6\xd8\xd0\x03\x00\x00\x00\x00\x00\x00\x00\']\by\xb5\xbcI\xbf\xac*\xb4\xed\xf0^\xd35\xeb=\xc7\x82;\xb32;\xc5\xa3\xc8\xb9\xf2\xe5\xf4\x93[\x91F\x83?\xfe\xd9\x7ffvQ\xff\xc0\x8f\xe4\xb8\xa3\xbf\xceAT\x17\xc6\x81\xc0m}O\xfd\xe0\x05$\xcd\xfdkMu\x9bQ\xd8z\xe0\xd6\xe2\xbe\xf4\xd5\x16\x94\xe0\xbf0\xde\xcaS/\xf7\xeb\x89bmX0\x94T\x10\x9dx@\xce:]\xb68\xa2W\xcb\x86\b\x03s\xb4q>\xe88\x19\x1a\x14Z\xf3\xd7\x92\xe4bT\xc1.\xfc\xd4\xcay)$\n\x05\xd1\xc5V\x91\xe3W\x10r\x9b~n`z\x8c\x16c\xa1d\x00\x00\x00\x00\x00\x00\x00\x00\x00\x89\xba\xad!\xfe\xdb\xe9\x8d\xffI\x8a=\x81\xc8\x9f\x17N\x80\x06\xc7\xbe\xf2\x9b\x86Z\xc8\xf8\x16)\xef\xab\xbaD8\xecd\\\x10\x10btN\xd0g!\xcc\xbe\xcd\xb7\x16\x19\x89\xceBy|\xe0\x12\x92`Y\x06\x17\xc8mt\xc4d\xd4{\xaa/+9\x87\xf5L\xa9+4\x12Z\x15\xc8\nb}\x15\xc3^r\x03{\xb2\n\x02\xc7;\xdd\xac\xec\xde\x14#`\xcc\xaa\x0f\xdc\x8b\x9a3\n9\x11\xe8Y;@7Cl\xe7\x90\x17\xbb\x9c\xfb\xcc\xb7\'\xf4\xff\xd0\xc2+\xc6)\x15\"\xff\'L\x06\xc2\x8bC\xc7\xee\xb9\xa2B\x7f\'\nU4w\x9c\x15 \"lR\xf1\xbe\xe6', 0x0) r3 = dup(r2) write$binfmt_aout(r2, &(0x7f00000006c0), 0x20) sendfile(r2, r3, &(0x7f0000000080), 0x20000080000001) ftruncate(r3, 0x0) 3.486548828s ago: executing program 1 (id=1194): socket$inet6_tcp(0xa, 0x1, 0x0) syz_read_part_table(0x403a, &(0x7f0000004040)="$eJzs0D1KA2EQBuBZQbCxsBAs5wiyspZ6AQ+hrAsKi40/mCLN5l6BXCNFjpArJLAJSbtFElI8T/O98DHDy7x8fv3+Zz1qs8y39ifv8+M9y6rK76bOx4c4gWKXrmISRXRxE5dDBl+vF8tjFjsXt3dxsY1Fn1bxvP99mm1u2L8RMe6G7p1Pm79DdwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYM0OHAgAAAAAAPm/NkJVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVUVduBAAAAAAADI/7URqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqrADByQAAAAAgv6/bkegAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC8FAAD//8QZE0c=") seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)) timer_create(0x0, 0x0, &(0x7f0000bbdffc)) 3.080806361s ago: executing program 3 (id=1197): mkdir(0x0, 0x101) open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) syz_mount_image$vfat(&(0x7f0000000540), &(0x7f0000000040)='./file1\x00', 0xa18c14, &(0x7f0000000080)=ANY=[@ANYBLOB='uni_xlate=1,iocharset=cp437,shortname=wodepage=1250,utf8=0,shortname=win95,shortname=win95,nonumtail=0,shortname=lower,shortname=mixed,rodir,rodir,nonumtail=0,\x00\x00\x00\x00\x00\x00\x00'], 0x81, 0x29b, &(0x7f0000000580)="$eJzs3c9qK1UYAPBv0iRNVEgWrkRwQBeuwr33CW6QChezUrLQjV5sC5KEQgMB/2Dsyr3gynfwHXwAN76BC5eCO7sQR5KZSdI0bY3EVOrvt5kvc74v509OWyjMyUevjgbHZ+PTiy9+jkYjicrTeBqXSbSjEqWvAgB4SC6zLH7LcnflVqMeEVmreFXZw/AAgH/BNn//AYCH4b33P3in2+sdvZumjYjR15N+Evk1b++exicxjJN4FK34IyJbyOOXnvWOopqm5T8DJs3oR4w+/LF43f01Yl7/OFrRXq+vF1npXLwxmk76s55n11q8kER0syRPeRKteDkiq0XxJvnl7We9oyfp9fro1+PN178rxv/nSXSiFT99HGcxjOP5Wyzrv3ycpm9l3/7+eT6DfkQynfQP53lL2cFePhAAAAAAAAAAAAAAAAAAAAAAAP4XOulCe/X8nPI0wE5nc/uN5wMVJ/xMV87XeZSmaXmMz6Rfi7y+Gq9Uo3p/MwcAAAAAAAAAAAAAAAAAAID/jvGnnw2eD4cn51eCH7JZ0Lw1Zz2ortwpH+u/u2pzMPg+YvuqvxPEQTG0YXKti6Rs2kFfh9skNzd1GpWb1rA6jHzw32w/sNd2NcFbg3J3DZ4ncUdyY/MmWdl15TY8HydbbMhsw9Id3FhV39Hc6y/+0/LmxoWazbi2WMyrVY3ZJ7lyp7bjn5Q1yc5/9wAAAAAAAAAAAAAAAAAAAFctH/qNX641XtzLkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABg75bf/78Ior1+Zz2YFsXzO5Xbkw/Pxxu6be95mgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADxwfwUAAP//5OlVhQ==") syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000800)='./file2\x00', 0x404a, &(0x7f0000000880), 0x1, 0x751, &(0x7f0000000000)="$eJzs3c1rXFUfB/DfvZNJ0pfnSSqlWhEccFFBnTS19W3VVlGoIqLiukM6LaXTpiQRTOwidelCBAWX6n9RcNONa8FF1a2uFIpUu6koI3demiGZSWKYzEXv5wN3cs49k5zzzSU5984d5gRQWJXsIY04HBFnk4ipzv4kIsqt0ljEyfbz7t25NvfHnWtzSTSbb/2atJ6T7Yue78ns61QmI+Lb00k8UNrY7+LyyqVao1Ff6NRnli5fnVlcXnnq4uXahfqF+pVjx0/MPnviuWeOPz+sqKVDZ558/dAHL976qvnmKy99c2I1yYKNtRt7cwxLJSr3fye9si5fHnZnOSl18vTmTMZyHBD/SNpzDA/FVJRi7eBNxdff5To4AGBXNEsRTQCgYBLzPwAUTPd1gHt3rs11t3xfkRit26eidaNyY/6xONn6OtUsR8Te35O1OyOV9v2u6SH0X4mIG3ffuZVtsUv3ITezej0iHuqXv3V3NKZbd3HX5e/cMzo6hP4r6+r/pvwnh9B/3vkBKKabp9oT2cb5L+3Mb/3nv8k+c9dO5D3/DT7/W8tf6pM/O/97Y5t9fPHRIw8Oaus9/8u2rP/uueAo3L4e8fDY4POfLH8yIP/ZbfZx4+f3a4Pa8s7f/DLiSN/rn7V3tCWbvz9x5vzFRv1o+7FvH5/MnPlwUP9558+O/94B+bc6/le32cdfB388Paht6/zpL+PJ263SeGfPe7WlpYXZiPHktY37j20+lu5zuj8jy//4Y5v//ffLn10Trm4z/+ev/vbZzvPvriz/uR0e/4+32cef8z9NDmrLOz8AAAAAAAAAAAAAAAAAAAAAAAAAjEIaEfsjSav3y2larbbX8D4Ye9PG/OLSE+fn371yLmuLmI5y2v2ky6l2Pcnqs53Pw+/Wj62rPx0RByLi04k9rXp1br5xLu/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANCxb936/3cn2uv/AwD/cZN5DwAAGDnzPwAUj/kfAIrH/A8AxWP+B4DiMf8DQPGY/wEAAAAAAAAAAAAAAAAAAAAAYKQOPHrzhyQiVl/Y09oy4522cq4jA3ZbmvcAgNyU8h4AkJuxvAcA5MY1PpBs0T7wI8JXXUEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFAcRw5b/x+Kyvr/UFxW74Tisv4/FJdrfMD6/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsLX9rS1Jq521wPdHmlarEf+LiOkoJ+cvNupHI+L/EfH9RHkiq8/mPWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGLLF5ZVLtUajvqCgoKBwv5D3fyYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYvbVFv/MeCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHlaXF65VGs06gu7WMg7IwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAw/R0AAP//8lssMw==") r0 = userfaultfd(0x1) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000400)={0xaa, 0x13}) ioctl$UFFDIO_COPY(r0, 0xc028aa03, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = syz_open_dev$tty1(0xc, 0x4, 0x1) r2 = dup(r1) write$UHID_INPUT(r2, &(0x7f0000001040)={0xf, {"a2e3ad21ed0d09f91b48090987f70e06d038e7ff7fc6e5539b0d3d0e8b089b3f3b0063090890e0878f0e1ac6e7049b074a959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070d074a0936cd3b78130daa61d8e8040000095802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006) 2.51165531s ago: executing program 1 (id=1202): syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000580)='./file0\x00', 0x40, &(0x7f00000005c0), 0x1, 0x583, &(0x7f0000000bc0)="$eJzs3U9oHFUYAPBvZhNr22haUFDpoahQoXST9I9WT+lVLBR6ELzEsNmGkE02Zje1CT2k9yIWFJVeqicFPSoiHsSLR69eFM+CaFFpepDIZHf7J8mu27TZLdnfD2b73rzpfu9l9ns7M8ywAfSsg9lLGvF0RJxJIgbvaOuLeuPB2nYr1y8WbvZFIYnV1bN/JJFExI3rFwuN7ZP6v3sjYjkinoqI7/sjDqcb41YWl6bHS6XifL0+VJ2ZG6osLh2ZmhmfLE4WZ4+99PKJk8dPjBwdeWBjvfzLlXcu//jqtSuffXFgufD+eBKjMVBvu3McD1Ltb9Ifo+vWH9+OYF2UNG3ZZOfz0MjV87w/Ip6MwcjVsx7Y+VZ3RawCPSq55/zfHeYM2AkaxwHZ+W9j6eTxx++naicgWdyV+lJr6atdm4hH185N9vyV3HVmkp1v7utkR9mRli9FxHBf38bPf1L//G3d8IPoINvqu1O1HbVx/6fZ/n/r8/p26+efgca10/vUmP9WNsx/6a35L9dk/jvTZox/3/j1o6bxL0U8s2n85Fb8ZJP4aUS82Wb8q69/fbJZ2+rHEYdi8/gNSevrw0PnpkrF4drrpjG+PXTglVbj39Mk/miL8Wfr5toc/1c/fPnscov4LzzXev9vFj87Bn+3zfj7b3z6WrO2LP5Ek/G3ip+tu9Zm/BdHD/7c5qYAAAAAAAAAAMA9SNfuZUvS/K1ymubztWd4n4g9aalcqR4+V16Ynajd87Yv+tPGnVaDtXqS1Ufq9+M26kfX1Y9FxP6IeC+3e62eL5RLE90ePAAAAAAAAAAAAAAAAAAAADwk9q57/v/vXO35f6BH+Mlv6F3yH3rX3fmfdK0fQOf5/ofeJf+hdzXL/5vfdLgjQMc1/f7v72w/gM5z/A+9S/5D75L/0LvkPwAAAAAAAAAAAAAAAAAAAAAAAAAAbIszp09ny+rN6xcLWX3i/OLCdPn8kYliZTo/s1DIF8rzc/nJcnmyVMwXyjP/936lcnluOGYXLgxVi5XqUGVxaWymvDBbHZuaGZ8sjhX9oggAAAAAAAAAAAAAAAAAAABsNLC2JGk+ItK1cprm8xGPRcS+6E/OTZWKwxHxeET8lOvfldVHut1pAAAAAAAAAAAAAAAAAAAA2GEqi0vT46VScb51IW1jm51XiIjldWvu7X3G/ulcn7PObum/J8v3FT2Jbu8mhW368AMAAAAAAAAAAAAAAAAAAB11+6HfbvcEAAAAAAAAAAAAAAAAAAAAeln6W/aaRMShwecH1rc+kqzkIj4ZzMpvXz37wYXxanV+JFv/Z26tPSKqH9bXH+1C94G2NfK0kccAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAbZXFpenxUqk4v8XCrjbep8tDBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANiS/wIAAP//7YjRGA==") setxattr$trusted_overlay_upper(&(0x7f0000000200)='./file1\x00', &(0x7f00000001c0), &(0x7f0000000240)=ANY=[], 0x835, 0x0) 2.408146713s ago: executing program 2 (id=1203): r0 = socket$inet(0x2, 0x3, 0x7) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000000)={'sit0\x00', &(0x7f00000003c0)=@ethtool_dump={0x3e}}) 2.306984536s ago: executing program 3 (id=1204): pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000140)) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 2.152425771s ago: executing program 2 (id=1205): r0 = memfd_create(&(0x7f00000004c0)='\x01\fD\xd1\x1e\x803\x00\x00\xbf\xecs \xc5\xb55nVg\x1b\xa3\x8a\xcc\xf2!PmENs\xe5\x83rz\xc0\x03\x00\x00\x00\xd1\x8e\x81\n\xc0\xb3Ac\xfe(\x00\x13\xaeZ\x8bp\x1e\xdc\x18\xddf\xe9\xe1\t\bR) \xa9P\x02\x00\xe1-q \xb3\x80\xb9\xdfj\xed\xb9_o\xa6\x04\xf5\x9f\x04\xf1\xd5\xe3\xfa\xfd\x161\x13rCc\x84\xa6y\xb7\xbe\xf5\xcc\a\fM\xa9\xcbX\x891\xed\a\xf9\xa6\xd8\xd0\x03\x00\x00\x00\x00\x00\x00\x00\']\by\xb5\xbcI\xbf\xac*\xb4\xed\xf0^\xd35\xeb=\xc7\x82;\xb32;\xc5\xa3\xc8\xb9\xf2\xe5\xf4\x93[\x91F\x83?\xfe\xd9\x7ffvQ\xff\xc0\x8f\xe4\xb8\xa3\xbf\xceAT\x17\xc6\x81\xc0m}O\xfd\xe0\x05$\xcd\xfdkMu\x9bQ\xd8z\xe0\xd6\xe2\xbe\xf4\xd5\x16\x94\xe0\xbf0\xde\xcaS/\xf7\xeb\x89bmX0\x94T\x10\x9dx@\xce:]\xb68\xa2W\xcb\x86\b\x03s\xb4q>\xe88\x19\x1a\x14Z\xf3\xd7\x92\xe4bT\xc1.\xfc\xd4\xcay)$\n\x05\xd1\xc5V\x91\xe3W\x10r\x9b~n`z\x8c\x16c\xa1d\x00\x00\x00\x00\x00\x00\x00\x00\x00\x89\xba\xad!\xfe\xdb\xe9\x8d\xffI\x8a=\x81\xc8\x9f\x17N\x80\x06\xc7\xbe\xf2\x9b\x86Z\xc8\xf8\x16)\xef\xab\xbaD8\xecd\\\x10\x10btN\xd0g!\xcc\xbe\xcd\xb7\x16\x19\x89\xceBy|\xe0\x12\x92`Y\x06\x17\xc8mt\xc4d\xd4{\xaa/+9\x87\xf5L\xa9+4\x12Z\x15\xc8\nb}\x15\xc3^r\x03{\xb2\n\x02\xc7;\xdd\xac\xec\xde\x14#`\xcc\xaa\x0f\xdc\x8b\x9a3\n9\x11\xe8Y;@7Cl\xe7\x90\x17\xbb\x9c\xfb\xcc\xb7\'\xf4\xff\xd0\xc2+\xc6)\x15\"\xff\'L\x06\xc2\x8bC\xc7\xee\xb9\xa2B\x7f\'\nU4w\x9c\x15 \"lR\xf1\xbe\xe6', 0x0) r1 = dup(r0) write$binfmt_aout(r0, &(0x7f00000006c0)={{}, "", ['\x00']}, 0x120) sendfile(r0, r1, &(0x7f0000000080), 0x20000080000001) r2 = memfd_create(&(0x7f00000004c0)='\x01\fD\xd1\x1e\x803\x00\x00\xbf\xecs \xc5\xb55nVg\x1b\xa3\x8a\xcc\xf2!PmENs\xe5\x83rz\xc0\x03\x00\x00\x00\xd1\x8e\x81\n\xc0\xb3Ac\xfe(\x00\x13\xaeZ\x8bp\x1e\xdc\x18\xddf\xe9\xe1\t\bR) \xa9P\x02\x00\xe1-q \xb3\x80\xb9\xdfj\xed\xb9_o\xa6\x04\xf5\x9f\x04\xf1\xd5\xe3\xfa\xfd\x161\x13rCc\x84\xa6y\xb7\xbe\xf5\xcc\a\fM\xa9\xcbX\x891\xed\a\xf9\xa6\xd8\xd0\x03\x00\x00\x00\x00\x00\x00\x00\']\by\xb5\xbcI\xbf\xac*\xb4\xed\xf0^\xd35\xeb=\xc7\x82;\xb32;\xc5\xa3\xc8\xb9\xf2\xe5\xf4\x93[\x91F\x83?\xfe\xd9\x7ffvQ\xff\xc0\x8f\xe4\xb8\xa3\xbf\xceAT\x17\xc6\x81\xc0m}O\xfd\xe0\x05$\xcd\xfdkMu\x9bQ\xd8z\xe0\xd6\xe2\xbe\xf4\xd5\x16\x94\xe0\xbf0\xde\xcaS/\xf7\xeb\x89bmX0\x94T\x10\x9dx@\xce:]\xb68\xa2W\xcb\x86\b\x03s\xb4q>\xe88\x19\x1a\x14Z\xf3\xd7\x92\xe4bT\xc1.\xfc\xd4\xcay)$\n\x05\xd1\xc5V\x91\xe3W\x10r\x9b~n`z\x8c\x16c\xa1d\x00\x00\x00\x00\x00\x00\x00\x00\x00\x89\xba\xad!\xfe\xdb\xe9\x8d\xffI\x8a=\x81\xc8\x9f\x17N\x80\x06\xc7\xbe\xf2\x9b\x86Z\xc8\xf8\x16)\xef\xab\xbaD8\xecd\\\x10\x10btN\xd0g!\xcc\xbe\xcd\xb7\x16\x19\x89\xceBy|\xe0\x12\x92`Y\x06\x17\xc8mt\xc4d\xd4{\xaa/+9\x87\xf5L\xa9+4\x12Z\x15\xc8\nb}\x15\xc3^r\x03{\xb2\n\x02\xc7;\xdd\xac\xec\xde\x14#`\xcc\xaa\x0f\xdc\x8b\x9a3\n9\x11\xe8Y;@7Cl\xe7\x90\x17\xbb\x9c\xfb\xcc\xb7\'\xf4\xff\xd0\xc2+\xc6)\x15\"\xff\'L\x06\xc2\x8bC\xc7\xee\xb9\xa2B\x7f\'\nU4w\x9c\x15 \"lR\xf1\xbe\xe6', 0x0) r3 = dup(r2) write$binfmt_aout(r2, &(0x7f00000006c0), 0x20) sendfile(r2, r3, &(0x7f0000000080), 0x20000080000001) ftruncate(r3, 0x0) 1.987541566s ago: executing program 1 (id=1207): r0 = syz_open_dev$sndpcmc(&(0x7f0000000000), 0x0, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) recvmmsg(r1, &(0x7f00000000c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40, 0x0) syz_mount_image$squashfs(&(0x7f0000000180), &(0x7f0000000000)='./file0\x00', 0x1000824, &(0x7f0000000300)=ANY=[@ANYRES32, @ANYRESHEX=r0, @ANYBLOB="b50f2cc59315a3787e57014a91085610806c92e849b9a910af2a710a33e2d6d66a733a96", @ANYBLOB='[T', @ANYRESOCT=r1, @ANYRES16=r0, @ANYRES16, @ANYRESDEC, @ANYBLOB="2ee4df9cacbce1b9a9c97e47fa783d7f85199ce2fb5276d13a31d6b7bd42cadb574b9991bf1aa7dc52cdcb8e7c281c72c092938710b0fe"], 0x1, 0x1ea, &(0x7f0000000480)="$eJzslU1rE0EYx3+zO2kSzaFnTwWL9qI2WxC/gQWvfgBDutbixpduQBMKRi+9eBC/RMFP4UHQuwcRwUs9KOih4qkikdl5ZpyQwFqphcD+ITwv87xm53nmVn4/rwO/Dna6LFJA0eKDUmjgvLK6wwVLvwsdCz5rK7dF/0LoJ6H5YPj2qWWHtztZlm7ngxJGKSizycZYRtIzaaRnJHOWpaHfPNETGsVM4wj4q36OhTHZpo76sW1p2uvZhKY+y0Z8OYHi/51ZOsK9sZ1a5kdr8kp8Oe7Cavzv3sFrfrbKP9P75/ZzzrSJxb05NSnzxkRH8sqR9ZVffRzxrRDeHex0DXNDtpjRbdifG4nCxgivApszGkagYsY+joaGyq4VPjV69y7lg+GFrV5nM91M7yTJ2uXV16dlRMePYCtLV1VQhhlq3F4CzJw2g/Ma8PHP+YgAKijN4BQo2bk+pFvOK2cDxyZEgW8Yw8Z96fPXRRfT4zrnaAAPRmoJEuy/tYyJprlpWltHEYvQ1kGdcEhEozi42L2bbeyiUM5tD+1jtPepeSERwSRK16749neFLgtdF7ondF+oe7vcm6SLCF9FWhnBAg87/f528XhZzusSr0sWfeZIsrrXULlK6lSoUKFChQoVKswJfgcAAP//kSFBFw==") mkdir(&(0x7f00000002c0)='./bus\x00', 0x0) mkdir(&(0x7f0000000200)='./bus/file0\x00', 0x0) mkdir(&(0x7f0000000240)='./file0/file0\x00', 0x0) mount(&(0x7f0000000040)=@filename='./bus/file0\x00', &(0x7f0000000100)='./file0/file0\x00', 0x0, 0x3000, 0x0) rmdir(&(0x7f00000000c0)='./bus/file0\x00') chdir(&(0x7f00000001c0)='./file0\x00') socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)) syz_read_part_table(0x5d1, &(0x7f0000001180)="$eJzs2z9I22kYB/An1lBoB5dOndoOHY4uLR2boS1J2tJCSOtSbmihpRQzpVCIXKDQDppBMYM4uohcFv9MxgxOioJwm4iDh+Dgcocugos57nwPDu7/nR5X+Hzgx8Pv937f98kzZHyDz1pPfN/tdjMR0T3/24nuH+zub+ULD6+U7pafRWRiICK+Xh3s+3El8/PudOq19L6d3qcmL3SGDx5kW1tPD6+/WG70pPUP6bk43e4/lQE5UzO5lb6Pn6rFkVru7Waxvju0sf5kdj9fbj9uNOceZe+/SrnVVHtTfRe1GIyBeBmVqMTrqJ5S/4nWzs3jy8XWwps7R4XO6NKtlCv9yzn/av/3V8eeN+v3bsxfGr9dW1wr7507yVV+598FAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMD/y0xupe/jp2pxpJZ7u1ms7w5trD+Z3c+X248bzblH2fuvUm411d5U30UtBmMgXkYlMvE6qr86uecf9Z9o7dw8vlxsLby5c1TojC7dSrnSKcz6p/0js/v+6tjzZv3ejflL47dri2vlvXMnucr5M/oBAAAAAAAAAAAAAAAAAAAAEBH5wsMrpbvlZxGZ+DJ644vvvvrp4n433XfPpNy1VLfT96nJC53hgwfZ1tbTw+svlhvfpu8f0nNxut3/yz5L3/xXE/F3/BAAAP//rXqXRQ==") openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) r2 = syz_open_dev$tty1(0xc, 0x4, 0x1) r3 = dup(r2) ioctl$TIOCL_SETSEL(r3, 0x541c, &(0x7f0000001900)={0x2, {0xc, 0xa00, 0x0, 0x101, 0x100}}) 1.987447226s ago: executing program 3 (id=1208): socket(0x0, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7ffc0000}]}) rseq(&(0x7f0000000040), 0x20, 0x0, 0x0) stat(0x0, 0x0) 1.765544074s ago: executing program 3 (id=1210): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x33}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xd, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006100000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000058850000008200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r1, 0x0, 0x14, 0xe40, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) 1.466954933s ago: executing program 3 (id=1211): socketpair$unix(0x1, 0x0, 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) ioctl$TUNSETDEBUG(0xffffffffffffffff, 0x8906, 0x0) timer_create(0x3, &(0x7f00000001c0)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, 0x0) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, 0x0, 0x30c) r0 = mq_open(&(0x7f0000000680)=',--\\\x97-\x00Y\x9eo1X\xbf\x0fvV\a\xa3y\xc3<\x12im\xef*^;\xbb{\v\x005\x94v\xd0@<\x01\x00H\x01\xbco5L\xc4\xf9\xf6\xb1g\x0eVEh:\x13\x9b\xaex\x00\x00\x8d\r\xf9\xae\x97\xe3_\xb0\x990\x0f\xfd\xc7\x01\'%\x1aHu\xdb\x00\xa4\xfb\xcaM\x18w\x0e\xa1\x82\x16\xe1\xef|\xf7*\xf8\t8\xc0\xc6q\xce.\xd2\xa2\xf55\x06\x03d\xa9|q)6X=\x89-z\xf4\xa0\xc5HO\x8f\xcdU\xba\xdb\x8bP\x86\xb0(J6\x82\x85\xbe\xc6A\xab&\x04\x8f\xfd\xab8L\x99\xaf\x8e\xd6\x1d\x00\xe0{\xe8\xcc\x15\xa9\xc0\x970\x1f[\xdbqK\x96b\xd7\xb5\x93$\xd1\xc0{K\x8c5\xaa3`b2\x99{n/\xb8\xf7\x91U\xfd\xf8A :?aOgY3\xb4:U\x10\xa9\xaa\xbc\xf0\xe0\xb1\x19\xf3\xc4\xf1O\xe8R\"\xa3Q\xcc\x06\x84\xe1\x90\xcd.5\xedD\xa9\x89W&\xf7\xcb\xbf\xd9\xdaoQ\xa3|\xea\xbf\xe6A\x97\x0f\xa4*QOlI\x00U\x94\xfe/a\xcc\xe7\",\v\xec-\xdb3\a\x91\x11\xc1\x91\xc30)B\x02\xa7\x1e{\x1e\x9dSI!\xafA\xa8\xd4uj\xd6~\x1ae\x8cBjx\xc2\xfa\xf2\xc3\x1d#\xe7\xe0l5\xfa\xf8\'\x8b\xc9\xf5\xc9\x00a\x10\xb1}\x82\xbe\xfa\foZ5\xa7-\x959\x01\x8d\xb4\xebs\xa0\x89\xa9\xd7\x99\n\xbf\x94\x00\xe31\xb8\x8a\x13;\x98d\x04\xf4+\xd4\xe2U\xfa\v\x18\xcfP\xe6~\xfc\x9e\x0e\xfb\xcfB\x9f\xab{l(\x1cl\xab\xda\xf4<\xc5\xe1\xde\xc2hI{\xa3\xd1\x94\xf0\x18\xbf\x87~\xcb)TN\x95w\x06\r\xb0\xab\xb0j/\xf0\x05`&An\x06\x89\xd6a\xb1\xdfsZ\xbc\x87Q3B\xcc\t\x8c|\x03\xf2KD)\r\xfa)\x13\xf8I%\xbc\x05\x01\r\xa5t\x8c\xe4\x99\x1e3N\x86p;h,l\x92c\xff\x92J\x938\x84D8\xae3ic\xcb:u\xf3\xe1\xcd\xf2\xc3\xc9\xd8\xfc\x1ez\xf7A\xb67!\b?\xa1e\xf3L\xd6};\x86\\\b^\xeb\xe7\xa9\xf7\x88\xc8\x8b\xe5\xe4\xc5\x0f\x89\xff\n\v\x83_\x85\x02\xf7Z\xa8\xae\n:\xf8\x90D\x7f}\xcb\x14\xe9h?\x8d\x16\xa5\x8a\xc0\xa1\xb3\xa6\xbfb\xd3\xd3^\x06\x01\xcdP\xaah\xbd\x9bn<\xd8wY\x12=\x92\x8a\x10\xf1M', 0x40, 0x0, 0x0) socket$inet6(0xa, 0xa, 0x0) poll(0x0, 0x0, 0x64) rt_sigreturn() gettid() timer_create(0x0, &(0x7f0000533fa0), 0x0) ioctl$sock_SIOCSIFVLAN_GET_VLAN_VID_CMD(r0, 0x5421, &(0x7f0000000180)) 1.274696989s ago: executing program 4 (id=1213): semget(0x0, 0x3, 0x390) 1.190938452s ago: executing program 4 (id=1214): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x77359400}, {0x0, 0x989680}}, 0x0) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) write$binfmt_script(r2, &(0x7f0000000340), 0xffffff46) r3 = dup3(r2, r1, 0x0) sendmsg$netlink(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000001340)={0x10}, 0x10}], 0x1}, 0x0) close(r1) timer_settime(0x0, 0x0, &(0x7f000006b000)={{}, {0x0, 0x3938700}}, 0x0) 1.190777672s ago: executing program 3 (id=1215): r0 = gettid() r1 = signalfd(0xffffffffffffffff, &(0x7f0000000080), 0x8) readv(r1, 0x0, 0x0) close(r1) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) rt_sigreturn() openat$pidfd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) mlockall(0x1) poll(0x0, 0x0, 0x200001) 1.143559563s ago: executing program 1 (id=1216): syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000580)='./file0\x00', 0x40, &(0x7f00000005c0), 0x1, 0x583, &(0x7f0000000bc0)="$eJzs3U9oHFUYAPBvZhNr22haUFDpoahQoXST9I9WT+lVLBR6ELzEsNmGkE02Zje1CT2k9yIWFJVeqicFPSoiHsSLR69eFM+CaFFpepDIZHf7J8mu27TZLdnfD2b73rzpfu9l9ns7M8ywAfSsg9lLGvF0RJxJIgbvaOuLeuPB2nYr1y8WbvZFIYnV1bN/JJFExI3rFwuN7ZP6v3sjYjkinoqI7/sjDqcb41YWl6bHS6XifL0+VJ2ZG6osLh2ZmhmfLE4WZ4+99PKJk8dPjBwdeWBjvfzLlXcu//jqtSuffXFgufD+eBKjMVBvu3McD1Ltb9Ifo+vWH9+OYF2UNG3ZZOfz0MjV87w/Ip6MwcjVsx7Y+VZ3RawCPSq55/zfHeYM2AkaxwHZ+W9j6eTxx++naicgWdyV+lJr6atdm4hH185N9vyV3HVmkp1v7utkR9mRli9FxHBf38bPf1L//G3d8IPoINvqu1O1HbVx/6fZ/n/r8/p26+efgca10/vUmP9WNsx/6a35L9dk/jvTZox/3/j1o6bxL0U8s2n85Fb8ZJP4aUS82Wb8q69/fbJZ2+rHEYdi8/gNSevrw0PnpkrF4drrpjG+PXTglVbj39Mk/miL8Wfr5toc/1c/fPnscov4LzzXev9vFj87Bn+3zfj7b3z6WrO2LP5Ek/G3ip+tu9Zm/BdHD/7c5qYAAAAAAAAAAMA9SNfuZUvS/K1ymubztWd4n4g9aalcqR4+V16Ynajd87Yv+tPGnVaDtXqS1Ufq9+M26kfX1Y9FxP6IeC+3e62eL5RLE90ePAAAAAAAAAAAAAAAAAAAADwk9q57/v/vXO35f6BH+Mlv6F3yH3rX3fmfdK0fQOf5/ofeJf+hdzXL/5vfdLgjQMc1/f7v72w/gM5z/A+9S/5D75L/0LvkPwAAAAAAAAAAAAAAAAAAAAAAAAAAbIszp09ny+rN6xcLWX3i/OLCdPn8kYliZTo/s1DIF8rzc/nJcnmyVMwXyjP/936lcnluOGYXLgxVi5XqUGVxaWymvDBbHZuaGZ8sjhX9oggAAAAAAAAAAAAAAAAAAABsNLC2JGk+ItK1cprm8xGPRcS+6E/OTZWKwxHxeET8lOvfldVHut1pAAAAAAAAAAAAAAAAAAAA2GEqi0vT46VScb51IW1jm51XiIjldWvu7X3G/ulcn7PObum/J8v3FT2Jbu8mhW368AMAAAAAAAAAAAAAAAAAAB11+6HfbvcEAAAAAAAAAAAAAAAAAAAAeln6W/aaRMShwecH1rc+kqzkIj4ZzMpvXz37wYXxanV+JFv/Z26tPSKqH9bXH+1C94G2NfK0kccAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAbZXFpenxUqk4v8XCrjbep8tDBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANiS/wIAAP//7YjRGA==") setxattr$trusted_overlay_upper(&(0x7f0000000200)='./file1\x00', &(0x7f00000001c0), &(0x7f0000000240)=ANY=[], 0x835, 0x0) 1.025959658s ago: executing program 4 (id=1217): openat$incfs(0xffffffffffffffff, &(0x7f0000000080)='.pending_reads\x00', 0x0, 0x0) r0 = gettid() timer_create(0x0, &(0x7f0000000040)={0x0, 0x21, 0x4, @tid=r0}, &(0x7f0000bbdffc)) pipe2(&(0x7f0000000140)={0xffffffffffffffff}, 0x0) read$char_usb(r1, &(0x7f0000000840)=""/171, 0xab) close(r1) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) write$FUSE_NOTIFY_STORE(r2, &(0x7f00000004c0)=ANY=[], 0x2b) dup3(r2, r1, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) recvmsg(r3, &(0x7f0000000140)={&(0x7f0000000080)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x80, 0x0}, 0x0) close(r4) rt_sigreturn() clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) timer_settime(0x0, 0x1, &(0x7f0000000080)={{0x77359400}, {r5, r6+60000000}}, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) 918.820601ms ago: executing program 2 (id=1218): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x77359400}, {0x0, 0x989680}}, 0x0) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) write$binfmt_script(r2, &(0x7f0000000340), 0xffffff46) r3 = dup3(r2, r1, 0x0) sendmsg$netlink(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000001340)={0x10}, 0x10}], 0x1}, 0x0) close(r1) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{}, {0x0, 0x3938700}}, 0x0) 750.803936ms ago: executing program 4 (id=1219): socket(0x1, 0x3, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000280)) r0 = socket$inet_tcp(0x2, 0x1, 0x0) dup3(r0, 0xffffffffffffffff, 0x0) setsockopt$netlink_NETLINK_PKTINFO(0xffffffffffffffff, 0x10e, 0x3, 0x0, 0x0) timer_create(0x0, 0x0, &(0x7f0000bbdffc)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)) rt_sigreturn() openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/fscaps', 0x0, 0x0) creat(&(0x7f0000004040)='./file0\x00', 0x0) futex(&(0x7f0000004080)=0x2, 0x0, 0x2, &(0x7f0000000740)={0x0, 0x3938700}, 0x0, 0x0) rt_sigreturn() syz_read_part_table(0x4019, &(0x7f0000000000)="$eJzszzEOAUEAheE3G1FwA5fQqInSUbbRSTQaV1E5hkTjIC7gBBqSJRNBu99XzUtm/mTG1+MySZlu1u02L5rOedEkJcnssUv65/3Pl2R+SjL6JTLsjvZWvTP4WNjta6lvPdurw+T8z3sAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuLMDBwIAAAAAQP6vjVBVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVWFHTgQAAAAAADyf22EqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqKuzAgQwAAACAMH/rPNoPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALwUAAD//xe4ClM=") r1 = eventfd(0x0) eventfd(0x0) write$eventfd(r1, &(0x7f0000000000)=0xffffffffffffff81, 0x8) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000003080)) write$cgroup_freezer_state(r1, &(0x7f0000000080)='FREEZING\x00', 0x9) 655.520859ms ago: executing program 2 (id=1220): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x3938700}}, 0x0) poll(0x0, 0x0, 0x0) pipe2$9p(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RSETATTR(r1, &(0x7f0000000000)={0x7}, 0x69ff9a93bfc25838) r2 = dup(r1) write$P9_RGETATTR(r2, 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x77359400}, {0x0, 0x3938700}}, 0x0) close(r2) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r4, r3, 0x80000) rt_sigreturn() r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000000)={'macvlan0\x00', 0x1}) pread64(r5, 0x0, 0x0, 0x0) 620.38306ms ago: executing program 4 (id=1221): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = dup(r1) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, 0x0, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xffffffffffffffff, 0x4031, 0xffffffffffffffff, 0x0) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x0) 280.224512ms ago: executing program 2 (id=1222): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x77359400}, {0x0, 0x989680}}, 0x0) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) write$binfmt_script(r2, &(0x7f0000000340), 0xffffff46) dup3(r2, r1, 0x0) sendmsg$netlink(r1, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000380)=ANY=[], 0x10}], 0x1}, 0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x2, 0x0, 0x0) bind$inet(r3, &(0x7f0000000000)={0x2, 0x4e21, @local}, 0x10) connect$inet(r3, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) sendto$inet(r3, &(0x7f0000000480)="fbbf0b5044e308cb7bd572aa2b42e9678bcf30eff9f3aed14dc94a114bd2b45956aebe2b108a87e865501a5f9e0383611afdd3f8bac3d5cfd7772a3ab48d0ba4b600731e357e38716c449fae7c28548a4f2105f44b8fd9b33041270ae01f1a405e3f650fc3b0926d481c364fca00000000000000006d3a3ede9fc738b8d86209c060161d5ddb5fcf3d09001117cdb9d055aa2d89fe3458720724853a876448d4a1fe9ef0569ad98a05ab5df763923b4e2c576e00000000000000000000000000000000002090666159e3075f7244cf4ec3d7814c0c934f44e200219e6dd7bc23397d5f2f2c76a5baddd0fd8c340362691ef226f7a0ac51b74b6be5ed6737948514cd466943d08eeb3895b80499da2b209da4f3ec5e3744ce3e863b0e04d0ec2f39edf50b6e08c4b47e448a35414763d687fbe3792ee15c5b9791310a346472723c100bf77a310b0ced8004b5ac6d48c40439f512e8ef34a53d65f55563f68136a577736ca5f6f66e01ef4ec2cdc8db34f6de50713adaa3f70189958263fddc1314f8a28ccdef6e1390c5fbaeadc3035d019f0dc75de307de6c0d010000000000000027083d1d5b4b013c503b863b560688d94de886b6dc73d5da2dfeff4bed1a49a975a6c8dbb480e4415ddca5657a5a8e3b111015499e952bb5e8d8f60de3d688df7802c6e8b27b31fac4e199038b79a3999920e634a5af162a9581b0e6647e410700246548234acacf9cb43ab332a37bbc926c39897395c974fda31536be523bf4260300730ae6136fecae5f0fa6ab2df8d98128b24589e3bbe5230e07dc5e0d65cc397e3f8204d48e59e8e294a6d7008ba8fba28cd5009fe1a7c569ce740078bf1c7389a6ba0f89257f0eac417aac0d2d89b05ee5dafa2f1d936c87264d077b2c0d5abdbc64ce943f895dd4c2e9dd7393543d89b00dc6b3a25045d4ec932366c67dfad087fa8dc104644828440bdf67dd97ebccb3bd", 0xfffffea5, 0xc000, 0x0, 0xfffffcef) recvmsg(0xffffffffffffffff, &(0x7f0000001300)={&(0x7f0000000100)=@in6={0xa, 0x0, 0x0, @local}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffffa}, 0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) rt_sigreturn() ioctl$F2FS_IOC_GET_FEATURES(0xffffffffffffffff, 0x5451, 0x0) listen(r3, 0x0) 279.416911ms ago: executing program 1 (id=1223): io_setup(0x6, &(0x7f00000000c0)=0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/profiling', 0x1a1081, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) io_submit(r0, 0x1, &(0x7f0000000040)=[&(0x7f0000001500)={0x0, 0x0, 0x0, 0x1, 0x0, r1, &(0x7f0000000100)='9', 0x1}]) 119.713287ms ago: executing program 4 (id=1224): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10) connect$inet(r0, &(0x7f0000000100)={0x2, 0x0, @dev}, 0x10) connect$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @broadcast}, 0x10) rt_sigreturn() memfd_create(&(0x7f0000000080)='}\xa4-}{\x00\xaa\x81\xde\xac\xc0\xe8\xf1v\xbd\xd2\xd4\x03[t\xe8\x92\x9d\xc2\xdep\x11y\xf7\xb0\x90\v\xb9\x9f\x12\xfc\x8c\x19\xf7v\xdb\r\xf4\xce\xdb\xf8Cw\xe6c\xd1\xe9\xe1\x8e\x1bKn\x9c{[\xbe|\x13\x97{\x12z\xea(\xb8\xc7\xca\x9a\x17)\xfcl\xe9\x87\xe7\xf5U\xc9@\xeb\x02\x90\'\x8d\xccd\x05\xf7zJ\x8f+\\\x16\x9e\x10t^\xb7\x90\xa7\x8f \xc0#\xeb&s\xc6\x11\xfb\xc3\x1fp\xeb^\x82\x8a\x1d\xe3\x93\xfdt\x86-\b*c2\xe6\xd4\xc6\xf9\x172\xf7', 0x0) r1 = socket$inet_icmp(0x2, 0x2, 0x1) r2 = socket(0x1, 0x3, 0x0) recvmsg$inet_nvme(r2, &(0x7f0000000000)={&(0x7f0000000080)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @mcast2}}}, 0x80, 0x0}, 0x0) close(r3) ioctl$KDGKBMETA(r1, 0x5450, 0x0) shutdown(r0, 0x0) 588.13µs ago: executing program 2 (id=1225): socketpair$nbd(0x1, 0x1, 0x0, 0x0) r0 = socket(0x1, 0x5, 0x0) openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) recvmsg(r1, &(0x7f0000000100)={&(0x7f0000000080)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x80, 0x0}, 0x0) close(r2) rt_sigreturn() ioctl$KDGETKEYCODE(r0, 0x5450, 0x0) write$FUSE_NOTIFY_INVAL_ENTRY(0xffffffffffffffff, &(0x7f0000002340)=ANY=[], 0x28) 0s ago: executing program 1 (id=1226): syz_read_part_table(0x4019, &(0x7f0000000000)="$eJzszzEOAUEAheE3G1FwA5fQqInSUbbRSTQaV1E5hkTjIC7gBBqSJRNBu99XzUtm/mTG1+MySZlu1u02L5rOedEkJcnssUv65/3Pl2R+SjL6JTLsjvZWvTP4WNjta6lvPdurw+T8z3sAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuLMDBwIAAAAAQP6vjVBVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVWFHTgQAAAAAADyf22EqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqKuzAgQwAAACAMH/rPNoPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALwUAAD//xe4ClM=") r0 = eventfd(0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) write$cgroup_freezer_state(r0, &(0x7f0000000080)='FREEZING\x00', 0x9) kernel console output (not intermixed with test programs): T8469] BTRFS info (device loop0): use zlib compression, level 3 [ 375.570084][ T8469] BTRFS info (device loop0): using free space tree [ 375.607951][ T8469] BTRFS info (device loop0): has skinny extents [ 375.611540][ T26] audit: type=1804 audit(1719722107.649:69): pid=8448 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.786" name="/root/syzkaller.hOlofP/159/bus/bus" dev="loop1" ino=10 res=1 errno=0 [ 375.653416][ T3503] attempt to access beyond end of device [ 375.653416][ T3503] loop1: rw=2049, want=45112, limit=40427 [ 375.808188][ T8501] loop2: detected capacity change from 0 to 512 [ 375.889982][ T8469] BTRFS info (device loop0): enabling ssd optimizations [ 375.913562][ T8501] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 375.925195][ T8501] ext4 filesystem being mounted at /root/syzkaller.tGrW1V/158/bus supports timestamps until 2038 (0x7fffffff) [ 375.960100][ T3750] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0 [ 376.002067][ T3750] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0 [ 376.054316][ T3750] plantronics 0003:047F:FFFF.0003: No inputs registered, leaving [ 376.142382][ T3750] plantronics 0003:047F:FFFF.0003: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 376.887795][ T7] usb 4-1: USB disconnect, device number 32 [ 377.179245][ T8512] loop1: detected capacity change from 0 to 2048 [ 377.207247][ T8514] loop2: detected capacity change from 0 to 1024 [ 377.290162][ T8518] loop4: detected capacity change from 0 to 2048 [ 377.339960][ T8512] UDF-fs: error (device loop1): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 378.228490][ T8518] UDF-fs: error (device loop4): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 378.240962][ T8512] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 378.286410][ T8518] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 378.463739][ T1375] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.470100][ T1375] ieee802154 phy1 wpan1: encryption failed: -22 [ 378.741532][ T7] usb 2-1: new high-speed USB device number 31 using dummy_hcd [ 378.783065][ T3838] usb 5-1: new high-speed USB device number 41 using dummy_hcd [ 379.059607][ T8529] loop3: detected capacity change from 0 to 32768 [ 379.127765][ T8529] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 scanned by syz.3.798 (8529) [ 379.130540][ T8536] loop0: detected capacity change from 0 to 32768 [ 379.167065][ T8529] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 379.178557][ T8529] BTRFS info (device loop3): use zlib compression, level 3 [ 379.186295][ T8529] BTRFS info (device loop3): using free space tree [ 379.193903][ T8529] BTRFS info (device loop3): has skinny extents [ 379.219178][ T8536] BTRFS warning: duplicate device /dev/loop0 devid 1 generation 8 scanned by syz.0.800 (8536) [ 379.241118][ T6536] BTRFS warning: duplicate device /dev/loop0 devid 1 generation 8 scanned by udevd (6536) [ 379.321950][ T7] usb 2-1: New USB device found, idVendor=0c98, idProduct=1140, bcdDevice= 2.f0 [ 379.332106][ T7] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 379.340126][ T7] usb 2-1: Product: syz [ 379.358654][ T7] usb 2-1: Manufacturer: syz [ 379.364116][ T7] usb 2-1: SerialNumber: syz [ 379.372282][ T7] usb 2-1: config 0 descriptor?? [ 379.390018][ T8529] BTRFS info (device loop3): enabling ssd optimizations [ 379.401811][ T3838] usb 5-1: New USB device found, idVendor=0c98, idProduct=1140, bcdDevice= 2.f0 [ 379.421464][ T3838] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 379.433902][ T7] cdc_ether 2-1:0.0: invalid descriptor buffer length [ 379.440705][ T7] usb 2-1: bad CDC descriptors [ 379.445837][ T3838] usb 5-1: Product: syz [ 379.450022][ T3838] usb 5-1: Manufacturer: syz [ 380.072978][ T8538] loop2: detected capacity change from 0 to 40427 [ 380.273255][ T7] pcwd_usb: This driver only supports 1 device [ 380.282399][ T3838] usb 5-1: SerialNumber: syz [ 380.290484][ T3838] usb 5-1: config 0 descriptor?? [ 380.297795][ T7] usb 2-1: USB disconnect, device number 31 [ 380.322674][ T3838] usb 5-1: can't set config #0, error -71 [ 380.334297][ T3838] usb 5-1: USB disconnect, device number 41 [ 380.451857][ T8538] F2FS-fs (loop2): invalid crc value [ 380.523321][ T8538] F2FS-fs (loop2): Found nat_bits in checkpoint [ 380.539283][ T8574] loop4: detected capacity change from 0 to 512 [ 380.641711][ T8581] loop1: detected capacity change from 0 to 256 [ 380.645184][ T8574] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 380.659196][ T8574] ext4 filesystem being mounted at /root/syzkaller.AmZFOV/91/bus supports timestamps until 2038 (0x7fffffff) [ 380.713148][ T8538] F2FS-fs (loop2): Cannot turn on quotas: -2 on 0 [ 380.748850][ T8575] loop0: detected capacity change from 0 to 256 [ 380.834793][ T8575] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fe7f, chksum : 0x38db593b, utbl_chksum : 0xe619d30d) [ 380.857192][ T8581] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xc14df490, utbl_chksum : 0xe619d30d) [ 380.869825][ T8538] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4 [ 381.288571][ T8586] attempt to access beyond end of device [ 381.288571][ T8586] loop2: rw=2049, want=77832, limit=40427 [ 381.581733][ T3502] attempt to access beyond end of device [ 381.581733][ T3502] loop2: rw=2049, want=45112, limit=40427 [ 381.808126][ T8593] loop4: detected capacity change from 0 to 1024 [ 382.736069][ T3592] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 382.850044][ T3592] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 382.964383][ T3592] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 382.981354][ T7] usb 4-1: new high-speed USB device number 33 using dummy_hcd [ 383.079688][ T3592] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 383.233301][ T8598] loop0: detected capacity change from 0 to 32768 [ 383.276235][ T3756] usb 3-1: new high-speed USB device number 38 using dummy_hcd [ 383.314869][ T8598] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz.0.812 (8598) [ 383.367095][ T7] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 383.388306][ T7] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 383.408760][ T7] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 383.431480][ T7] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 383.449102][ T7] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 383.497210][ T7] usb 4-1: config 0 descriptor?? [ 383.520315][ T8598] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 383.547421][ T8598] BTRFS info (device loop0): use zlib compression, level 3 [ 383.560454][ T8598] BTRFS info (device loop0): using free space tree [ 383.575403][ T8598] BTRFS info (device loop0): has skinny extents [ 383.652919][ T3756] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 383.685927][ T3756] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 383.728366][ T3756] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 383.751495][ T3756] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 383.766228][ T3756] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 383.791464][ T3756] usb 3-1: config 0 descriptor?? [ 383.899016][ T8598] BTRFS info (device loop0): enabling ssd optimizations [ 383.910877][ T8605] chnl_net:caif_netlink_parms(): no params data found [ 384.006005][ T7] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0 [ 384.037357][ T7] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0 [ 384.071918][ T7] plantronics 0003:047F:FFFF.0004: No inputs registered, leaving [ 384.135726][ T7] plantronics 0003:047F:FFFF.0004: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 384.278921][ T8644] loop4: detected capacity change from 0 to 2048 [ 384.298457][ T3756] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 384.319474][ T3756] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 384.327626][ T3835] usb 4-1: USB disconnect, device number 33 [ 384.334726][ T3756] plantronics 0003:047F:FFFF.0005: No inputs registered, leaving [ 384.379262][ T3756] plantronics 0003:047F:FFFF.0005: hiddev1,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 384.412798][ T8644] UDF-fs: error (device loop4): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 384.456097][ T8644] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 384.760609][ T8605] bridge0: port 1(bridge_slave_0) entered blocking state [ 384.781924][ T3547] usb 3-1: USB disconnect, device number 38 [ 384.802129][ T8605] bridge0: port 1(bridge_slave_0) entered disabled state [ 384.810598][ T8605] device bridge_slave_0 entered promiscuous mode [ 384.829780][ T8650] loop0: detected capacity change from 0 to 2048 [ 384.906555][ T8650] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 384.918305][ T8605] bridge0: port 2(bridge_slave_1) entered blocking state [ 384.953577][ T8605] bridge0: port 2(bridge_slave_1) entered disabled state [ 384.964031][ T8650] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 384.973145][ T3748] usb 5-1: new high-speed USB device number 42 using dummy_hcd [ 384.991684][ T8605] device bridge_slave_1 entered promiscuous mode [ 385.165042][ T8605] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 385.203413][ T8605] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 385.267806][ T8605] team0: Port device team_slave_0 added [ 385.281126][ T3595] Bluetooth: hci3: command 0x0409 tx timeout [ 385.294472][ T8605] team0: Port device team_slave_1 added [ 385.382172][ T8605] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 385.398511][ T3547] usb 1-1: new high-speed USB device number 29 using dummy_hcd [ 385.401728][ T8605] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 385.471677][ T8605] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 385.519044][ T3748] usb 5-1: New USB device found, idVendor=0c98, idProduct=1140, bcdDevice= 2.f0 [ 385.529589][ T8605] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 385.545402][ T3748] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 385.557923][ T8605] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 385.604674][ T3748] usb 5-1: Product: syz [ 385.616511][ T3748] usb 5-1: Manufacturer: syz [ 385.621149][ T3748] usb 5-1: SerialNumber: syz [ 385.639132][ T3748] usb 5-1: config 0 descriptor?? [ 385.648525][ T8605] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 385.692356][ T3748] cdc_ether 5-1:0.0: invalid descriptor buffer length [ 385.699170][ T3748] usb 5-1: bad CDC descriptors [ 385.719366][ T3748] pcwd_usb: This driver only supports 1 device [ 385.875855][ T8605] device hsr_slave_0 entered promiscuous mode [ 385.899825][ T8657] loop3: detected capacity change from 0 to 32768 [ 385.914177][ T8605] device hsr_slave_1 entered promiscuous mode [ 385.923979][ T3748] usb 5-1: USB disconnect, device number 42 [ 385.948160][ T8605] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 385.961645][ T3547] usb 1-1: New USB device found, idVendor=0c98, idProduct=1140, bcdDevice= 2.f0 [ 385.980985][ T3547] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 385.989358][ T8657] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 scanned by syz.3.818 (8657) [ 385.990101][ T8605] Cannot create hsr debugfs directory [ 386.018743][ T3547] usb 1-1: Product: syz [ 386.024951][ T3547] usb 1-1: Manufacturer: syz [ 386.029661][ T3547] usb 1-1: SerialNumber: syz [ 386.044122][ T3547] usb 1-1: config 0 descriptor?? [ 386.079472][ T8657] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 386.088753][ T8657] BTRFS info (device loop3): use zlib compression, level 3 [ 386.098676][ T3547] cdc_ether 1-1:0.0: invalid descriptor buffer length [ 386.112304][ T3547] usb 1-1: bad CDC descriptors [ 386.119165][ T3547] pcwd_usb: This driver only supports 1 device [ 386.136721][ T8657] BTRFS info (device loop3): using free space tree [ 386.148944][ T8657] BTRFS info (device loop3): has skinny extents [ 386.265397][ T3592] device hsr_slave_0 left promiscuous mode [ 386.276027][ T8673] loop2: detected capacity change from 0 to 32768 [ 386.292235][ T3592] device hsr_slave_1 left promiscuous mode [ 386.350036][ T8657] BTRFS info (device loop3): enabling ssd optimizations [ 386.364616][ T8673] BTRFS warning: duplicate device /dev/loop2 devid 1 generation 8 scanned by syz.2.819 (8673) [ 386.423357][ T3592] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 386.446939][ T3521] BTRFS warning: duplicate device /dev/loop2 devid 1 generation 8 scanned by udevd (3521) [ 386.474387][ T3748] usb 1-1: USB disconnect, device number 29 [ 386.481525][ T3592] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 386.549751][ T3592] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 386.587225][ T3592] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 386.625984][ T3592] bridge0: port 3(bond0) entered disabled state [ 386.660098][ T3592] device bridge_slave_1 left promiscuous mode [ 386.711443][ T3592] bridge0: port 2(bridge_slave_1) entered disabled state [ 386.736668][ T3592] device bridge_slave_0 left promiscuous mode [ 386.764661][ T3592] bridge0: port 1(bridge_slave_0) entered disabled state [ 386.941640][ T3592] device veth1_macvtap left promiscuous mode [ 386.951778][ T3592] device veth0_macvtap left promiscuous mode [ 386.957885][ T3592] device veth1_vlan left promiscuous mode [ 387.009820][ T3592] device veth0_vlan left promiscuous mode [ 387.331397][ T3748] Bluetooth: hci3: command 0x041b tx timeout [ 387.424041][ T8716] loop0: detected capacity change from 0 to 512 [ 387.571896][ T8716] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 387.583075][ T8716] ext4 filesystem being mounted at /root/syzkaller.HtlLNS/179/bus supports timestamps until 2038 (0x7fffffff) [ 388.665354][ T8711] loop4: detected capacity change from 0 to 40427 [ 388.794912][ T3592] team0 (unregistering): Port device team_slave_1 removed [ 388.806442][ T8711] F2FS-fs (loop4): invalid crc value [ 388.818456][ T3592] team0 (unregistering): Port device team_slave_0 removed [ 388.869055][ T3592] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 388.908676][ T8711] F2FS-fs (loop4): Found nat_bits in checkpoint [ 388.915467][ T3592] device bond_slave_1 left promiscuous mode [ 388.927834][ T8730] loop0: detected capacity change from 0 to 1024 [ 388.945781][ T8714] loop2: detected capacity change from 0 to 40427 [ 388.960004][ T3592] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 388.976716][ T3592] device bond_slave_0 left promiscuous mode [ 388.993756][ T8711] F2FS-fs (loop4): Cannot turn on quotas: -2 on 0 [ 389.026658][ T8711] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4 [ 389.044160][ T8714] F2FS-fs (loop2): invalid crc value [ 389.074866][ T8711] attempt to access beyond end of device [ 389.074866][ T8711] loop4: rw=2049, want=77832, limit=40427 [ 389.100755][ T8714] F2FS-fs (loop2): Found nat_bits in checkpoint [ 389.140182][ T5879] attempt to access beyond end of device [ 389.140182][ T5879] loop4: rw=2049, want=45112, limit=40427 [ 389.268695][ T8714] F2FS-fs (loop2): Cannot turn on quotas: -2 on 0 [ 389.286128][ T8714] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4 [ 389.778745][ T8714] attempt to access beyond end of device [ 389.778745][ T8714] loop2: rw=2049, want=77832, limit=40427 [ 389.908745][ T3592] bond0 (unregistering): Released all slaves [ 389.980920][ T3502] attempt to access beyond end of device [ 389.980920][ T3502] loop2: rw=2049, want=45112, limit=40427 [ 390.018516][ T3548] Bluetooth: hci3: command 0x040f tx timeout [ 390.561424][ T3748] usb 1-1: new high-speed USB device number 30 using dummy_hcd [ 390.921869][ T3748] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 390.941342][ T8605] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 390.957264][ T3748] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 390.962266][ T8605] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 390.978769][ T3748] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 391.007400][ T8605] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 391.024996][ T3748] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 391.034450][ T3756] usb 3-1: new high-speed USB device number 39 using dummy_hcd [ 391.049203][ T8605] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 391.079635][ T3748] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 391.113159][ T3748] usb 1-1: config 0 descriptor?? [ 391.248475][ T8764] loop3: detected capacity change from 0 to 2048 [ 391.313813][ T8605] 8021q: adding VLAN 0 to HW filter on device bond0 [ 391.344038][ T8749] loop4: detected capacity change from 0 to 32768 [ 391.367338][ T3754] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 391.382868][ T8764] UDF-fs: error (device loop3): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 391.400071][ T3754] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 391.408949][ T3756] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 391.428893][ T8749] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 scanned by syz.4.825 (8749) [ 391.429367][ T3756] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 391.450257][ T8764] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 391.459141][ T3756] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 391.482212][ T8605] 8021q: adding VLAN 0 to HW filter on device team0 [ 391.507123][ T3756] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 391.558249][ T3756] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 391.586099][ T8605] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 391.599286][ T3748] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 391.622608][ T3756] usb 3-1: config 0 descriptor?? [ 391.631170][ T3748] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 391.656694][ T3748] plantronics 0003:047F:FFFF.0006: No inputs registered, leaving [ 391.664811][ T8605] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 391.703677][ T3748] plantronics 0003:047F:FFFF.0006: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 391.768886][ T3748] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 391.783997][ T3748] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 391.794082][ T3748] bridge0: port 1(bridge_slave_0) entered blocking state [ 391.802058][ T3748] bridge0: port 1(bridge_slave_0) entered forwarding state [ 391.802305][ T8749] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm [ 391.810037][ T3748] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 391.847795][ T8749] BTRFS info (device loop4): use zlib compression, level 3 [ 391.862153][ T8749] BTRFS info (device loop4): using free space tree [ 391.862506][ T3748] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 391.883743][ T8749] BTRFS info (device loop4): has skinny extents [ 391.921980][ T3748] bridge0: port 2(bridge_slave_1) entered blocking state [ 391.929302][ T3748] bridge0: port 2(bridge_slave_1) entered forwarding state [ 391.977223][ T3548] usb 1-1: USB disconnect, device number 30 [ 391.981919][ T3748] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 392.012552][ T3748] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 392.023325][ T3748] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 392.036769][ T3748] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 392.049983][ T3748] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 392.059272][ T3748] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 392.065217][ T3838] Bluetooth: hci3: command 0x0419 tx timeout [ 392.068876][ T3748] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 392.082313][ T3748] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 392.091449][ T3748] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 392.100163][ T3748] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 392.109704][ T3754] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 392.117992][ T3754] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 392.126322][ T3754] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 392.151408][ T8749] BTRFS info (device loop4): enabling ssd optimizations [ 392.294734][ T3838] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 392.307896][ T3838] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 392.340036][ T8605] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 392.361603][ T3756] usbhid 3-1:0.0: can't add hid device: -71 [ 392.367634][ T3756] usbhid: probe of 3-1:0.0 failed with error -71 [ 392.374689][ T3748] usb 4-1: new high-speed USB device number 34 using dummy_hcd [ 392.399764][ T3756] usb 3-1: USB disconnect, device number 39 [ 392.422425][ T3838] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 392.449141][ T3838] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 392.505675][ T3548] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 392.540576][ T3548] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 392.581056][ T8605] device veth0_vlan entered promiscuous mode [ 392.594278][ T3838] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 392.602511][ T3838] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 392.617613][ T8605] device veth1_vlan entered promiscuous mode [ 392.665264][ T3838] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 392.675750][ T3838] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 392.706248][ T3838] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 392.736619][ T3838] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 392.780190][ T8605] device veth0_macvtap entered promiscuous mode [ 392.838700][ T8605] device veth1_macvtap entered promiscuous mode [ 392.911616][ T3748] usb 4-1: New USB device found, idVendor=0c98, idProduct=1140, bcdDevice= 2.f0 [ 392.920788][ T3748] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 392.930929][ T8605] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 392.966283][ T3748] usb 4-1: Product: syz [ 392.970495][ T3748] usb 4-1: Manufacturer: syz [ 392.975201][ T8605] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 392.982253][ T8810] loop2: detected capacity change from 0 to 512 [ 393.005830][ T3748] usb 4-1: SerialNumber: syz [ 393.011686][ T8605] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 393.038291][ T3748] usb 4-1: config 0 descriptor?? [ 393.050376][ T8605] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 393.083332][ T3748] cdc_ether 4-1:0.0: invalid descriptor buffer length [ 393.091044][ T8605] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 393.108517][ T3748] usb 4-1: bad CDC descriptors [ 393.115369][ T3748] pcwd_usb: This driver only supports 1 device [ 393.147338][ T8605] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 393.180508][ T8605] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 393.219992][ T8605] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 393.243011][ T8605] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 393.277384][ T3748] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 393.307855][ T3748] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 393.327905][ T3548] usb 4-1: USB disconnect, device number 34 [ 393.332700][ T3748] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 393.392039][ T3748] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 393.431868][ T8810] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 393.443064][ T8810] ext4 filesystem being mounted at /root/syzkaller.tGrW1V/165/bus supports timestamps until 2038 (0x7fffffff) [ 393.645488][ T8605] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 393.691475][ T8605] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 393.991325][ T8605] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 394.031519][ T8605] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 394.071416][ T8605] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 394.118202][ T8605] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 394.158754][ T8605] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 394.219114][ T8605] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 394.239478][ T8806] loop0: detected capacity change from 0 to 32768 [ 394.247643][ T8605] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 394.282179][ T3750] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 394.291075][ T3750] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 394.351990][ T8605] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 394.359390][ T8806] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz.0.832 (8806) [ 394.372937][ T8605] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 394.391377][ T8605] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 394.446412][ T8605] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 394.453076][ T8806] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 394.473947][ T8818] loop4: detected capacity change from 0 to 32768 [ 394.489877][ T8806] BTRFS info (device loop0): use zlib compression, level 3 [ 394.521063][ T8806] BTRFS info (device loop0): using free space tree [ 394.589642][ T8818] BTRFS warning: duplicate device /dev/loop4 devid 1 generation 8 scanned by syz.4.831 (8818) [ 394.606548][ T8806] BTRFS info (device loop0): has skinny extents [ 394.630790][ T3521] BTRFS warning: duplicate device /dev/loop4 devid 1 generation 8 scanned by udevd (3521) [ 394.749506][ T8845] loop3: detected capacity change from 0 to 2048 [ 394.761223][ T3692] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 394.772542][ T3692] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 394.858658][ T5591] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 394.869805][ T8845] UDF-fs: error (device loop3): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 394.889823][ T8845] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 394.950072][ T3670] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 394.967696][ T5591] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 395.068400][ T3670] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 395.171903][ T8806] BTRFS info (device loop0): enabling ssd optimizations [ 396.151904][ T3670] usb 4-1: new high-speed USB device number 35 using dummy_hcd [ 396.240619][ T8880] loop4: detected capacity change from 0 to 1024 [ 397.422539][ T3670] usb 4-1: New USB device found, idVendor=0c98, idProduct=1140, bcdDevice= 2.f0 [ 397.437048][ T3670] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 397.448332][ T3670] usb 4-1: Product: syz [ 397.457141][ T3670] usb 4-1: Manufacturer: syz [ 397.465293][ T3670] usb 4-1: SerialNumber: syz [ 397.480228][ T3670] usb 4-1: config 0 descriptor?? [ 397.527032][ T3670] cdc_ether 4-1:0.0: invalid descriptor buffer length [ 397.544525][ T3670] usb 4-1: bad CDC descriptors [ 397.551062][ T3670] pcwd_usb: This driver only supports 1 device [ 397.655119][ T8841] loop2: detected capacity change from 0 to 40427 [ 397.700605][ T1066] usb 4-1: USB disconnect, device number 35 [ 398.291862][ T1066] usb 2-1: new high-speed USB device number 32 using dummy_hcd [ 398.368693][ T8912] loop0: detected capacity change from 0 to 16 [ 398.592730][ T8912] loop0: detected capacity change from 0 to 512 [ 398.651501][ T1066] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 398.682286][ T1066] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 398.715788][ T8903] loop3: detected capacity change from 0 to 32768 [ 398.725063][ T1066] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 398.748515][ T1066] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 398.768740][ T1066] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 398.790914][ T1066] usb 2-1: config 0 descriptor?? [ 398.799323][ T8903] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 scanned by syz.3.840 (8903) [ 398.867354][ T8903] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 398.891361][ T8903] BTRFS info (device loop3): use zlib compression, level 3 [ 398.935321][ T8927] loop0: detected capacity change from 0 to 512 [ 398.949938][ T8903] BTRFS info (device loop3): using free space tree [ 398.967226][ T8903] BTRFS info (device loop3): has skinny extents [ 399.084819][ T8920] loop2: detected capacity change from 0 to 40427 [ 399.110191][ T8927] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 399.122592][ T8927] ext4 filesystem being mounted at /root/syzkaller.HtlLNS/186/bus supports timestamps until 2038 (0x7fffffff) [ 399.164060][ T8920] F2FS-fs (loop2): invalid crc value [ 399.205155][ T8945] loop4: detected capacity change from 0 to 2048 [ 399.293936][ T8920] F2FS-fs (loop2): Found nat_bits in checkpoint [ 399.350566][ T8945] UDF-fs: error (device loop4): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 399.362129][ T8903] BTRFS info (device loop3): enabling ssd optimizations [ 399.412405][ T8945] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 399.813614][ T8920] F2FS-fs (loop2): Cannot turn on quotas: -2 on 0 [ 399.900869][ T8920] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4 [ 400.071547][ T1066] usbhid 2-1:0.0: can't add hid device: -71 [ 400.077617][ T1066] usbhid: probe of 2-1:0.0 failed with error -71 [ 400.090712][ T8920] attempt to access beyond end of device [ 400.090712][ T8920] loop2: rw=2049, want=77832, limit=40427 [ 400.114875][ T1066] usb 2-1: USB disconnect, device number 32 [ 400.350017][ T3502] attempt to access beyond end of device [ 400.350017][ T3502] loop2: rw=2049, want=45112, limit=40427 [ 400.501635][ T4094] usb 5-1: new high-speed USB device number 43 using dummy_hcd [ 400.873737][ T8962] loop1: detected capacity change from 0 to 32768 [ 400.950991][ T8962] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 scanned by syz.1.848 (8962) [ 401.020073][ T8962] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm [ 401.067934][ T8962] BTRFS info (device loop1): use zlib compression, level 3 [ 401.088207][ T8962] BTRFS info (device loop1): using free space tree [ 401.095791][ T8962] BTRFS info (device loop1): has skinny extents [ 401.174752][ T8964] loop3: detected capacity change from 0 to 32768 [ 401.387504][ T8964] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop3 scanned by syz.3.846 (8964) [ 401.913873][ T8966] loop0: detected capacity change from 0 to 32768 [ 401.943218][ T4094] usb 5-1: New USB device found, idVendor=0c98, idProduct=1140, bcdDevice= 2.f0 [ 401.986317][ T4094] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 401.994415][ T4094] usb 5-1: Product: syz [ 401.999172][ T4094] usb 5-1: Manufacturer: syz [ 402.011331][ T4094] usb 5-1: SerialNumber: syz [ 402.022824][ T4094] usb 5-1: config 0 descriptor?? [ 402.031558][ T6536] BTRFS warning: duplicate device /dev/loop0 devid 1 generation 8 scanned by udevd (6536) [ 402.071888][ T8966] BTRFS warning: duplicate device /dev/loop0 devid 1 generation 8 scanned by syz.0.847 (8966) [ 402.078123][ T8964] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 402.095695][ T8964] BTRFS info (device loop3): using free space tree [ 402.104172][ T8964] BTRFS info (device loop3): has skinny extents [ 402.111902][ T4094] usb 5-1: can't set config #0, error -71 [ 402.141898][ T8989] loop2: detected capacity change from 0 to 8192 [ 402.147685][ T4094] usb 5-1: USB disconnect, device number 43 [ 402.166671][ T8962] BTRFS info (device loop1): enabling ssd optimizations [ 402.272301][ T8989] REISERFS warning (device loop2): super-6502 reiserfs_getopt: unknown mount option "euid=00000000000000000000" [ 402.391079][ T8964] BTRFS info (device loop3): enabling ssd optimizations [ 403.040458][ T9024] loop0: detected capacity change from 0 to 2048 [ 403.236499][ T9024] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 403.277567][ T9024] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 403.300872][ T9030] loop2: detected capacity change from 0 to 1024 [ 403.689918][ T9014] loop4: detected capacity change from 0 to 40427 [ 403.965210][ T9014] F2FS-fs (loop4): invalid crc value [ 404.173466][ T9014] F2FS-fs (loop4): Found nat_bits in checkpoint [ 404.362661][ T9014] F2FS-fs (loop4): Cannot turn on quotas: -2 on 0 [ 404.389492][ T9014] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4 [ 404.430231][ T9014] attempt to access beyond end of device [ 404.430231][ T9014] loop4: rw=2049, want=77832, limit=40427 [ 404.491494][ T5879] attempt to access beyond end of device [ 404.491494][ T5879] loop4: rw=2049, want=45112, limit=40427 [ 404.539647][ T9046] loop1: detected capacity change from 0 to 512 [ 404.551531][ T3563] usb 1-1: new high-speed USB device number 31 using dummy_hcd [ 404.591089][ T9046] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 404.602574][ T9046] ext4 filesystem being mounted at /root/syzkaller.XIAsj3/6/bus supports timestamps until 2038 (0x7fffffff) [ 404.871521][ T1066] usb 4-1: new high-speed USB device number 36 using dummy_hcd [ 405.242125][ T1066] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 405.343620][ T1066] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 405.437659][ T1066] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 405.501523][ T1066] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 405.539418][ T1066] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 405.577754][ T1066] usb 4-1: config 0 descriptor?? [ 405.649150][ T9048] loop2: detected capacity change from 0 to 32768 [ 405.701436][ T9048] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz.2.856 (9048) [ 406.291874][ T3563] usb 1-1: New USB device found, idVendor=0c98, idProduct=1140, bcdDevice= 2.f0 [ 406.345065][ T3563] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 406.440632][ T3563] usb 1-1: Product: syz [ 406.491807][ T3563] usb 1-1: Manufacturer: syz [ 406.570955][ T3563] usb 1-1: config 0 descriptor?? [ 406.597999][ T9048] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 406.651510][ T3563] usb 1-1: can't set config #0, error -71 [ 406.667696][ T9048] BTRFS info (device loop2): use zlib compression, level 3 [ 406.691325][ T9048] BTRFS info (device loop2): using free space tree [ 406.692627][ T3563] usb 1-1: USB disconnect, device number 31 [ 406.697897][ T9048] BTRFS info (device loop2): has skinny extents [ 406.754982][ T9064] loop1: detected capacity change from 0 to 2048 [ 406.829728][ T9048] BTRFS info (device loop2): enabling ssd optimizations [ 406.891447][ T1066] usbhid 4-1:0.0: can't add hid device: -71 [ 406.897470][ T1066] usbhid: probe of 4-1:0.0 failed with error -71 [ 406.898588][ T9064] UDF-fs: error (device loop1): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 406.916688][ T1066] usb 4-1: USB disconnect, device number 36 [ 407.043263][ T9064] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 407.063023][ T9055] loop4: detected capacity change from 0 to 40427 [ 407.131799][ T9055] F2FS-fs (loop4): invalid crc value [ 407.180472][ T9055] F2FS-fs (loop4): Found nat_bits in checkpoint [ 407.328186][ T9055] F2FS-fs (loop4): Cannot turn on quotas: -2 on 0 [ 407.356355][ T9055] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4 [ 407.461594][ T1066] usb 2-1: new high-speed USB device number 33 using dummy_hcd [ 407.527346][ T9055] attempt to access beyond end of device [ 407.527346][ T9055] loop4: rw=2049, want=77832, limit=40427 [ 407.661247][ T5879] attempt to access beyond end of device [ 407.661247][ T5879] loop4: rw=2049, want=45112, limit=40427 [ 407.959680][ T9083] loop0: detected capacity change from 0 to 32768 [ 407.991638][ T1066] usb 2-1: New USB device found, idVendor=0c98, idProduct=1140, bcdDevice= 2.f0 [ 408.011400][ T1066] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 408.019529][ T1066] usb 2-1: Product: syz [ 408.046556][ T9083] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz.0.862 (9083) [ 408.061528][ T1066] usb 2-1: Manufacturer: syz [ 408.066187][ T1066] usb 2-1: SerialNumber: syz [ 408.082873][ T1066] usb 2-1: config 0 descriptor?? [ 408.130868][ T9083] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 408.148454][ T1066] cdc_ether 2-1:0.0: invalid descriptor buffer length [ 408.161606][ T1066] usb 2-1: bad CDC descriptors [ 408.168030][ T9083] BTRFS info (device loop0): use zlib compression, level 3 [ 408.181632][ T1066] pcwd_usb: This driver only supports 1 device [ 408.201182][ T9093] loop2: detected capacity change from 0 to 32768 [ 408.209253][ T9083] BTRFS info (device loop0): using free space tree [ 408.217614][ T9083] BTRFS info (device loop0): has skinny extents [ 408.286312][ T9093] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop2 scanned by syz.2.863 (9093) [ 408.372129][ T9091] loop3: detected capacity change from 0 to 32768 [ 408.399154][ T3984] usb 2-1: USB disconnect, device number 33 [ 408.414359][ T9091] BTRFS warning: duplicate device /dev/loop3 devid 1 generation 8 scanned by syz.3.864 (9091) [ 408.421607][ T9093] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 408.458964][ T9093] BTRFS info (device loop2): using free space tree [ 408.485913][ T9093] BTRFS info (device loop2): has skinny extents [ 408.508786][ T9083] BTRFS info (device loop0): enabling ssd optimizations [ 408.667258][ T9093] BTRFS info (device loop2): enabling ssd optimizations [ 408.903275][ T9142] loop4: detected capacity change from 0 to 1024 [ 409.921556][ T9150] loop3: detected capacity change from 0 to 512 [ 410.043459][ T9146] loop2: detected capacity change from 0 to 1024 [ 411.066299][ T9150] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 411.259315][ T9150] ext4 filesystem being mounted at /root/syzkaller.RBMX2S/36/bus supports timestamps until 2038 (0x7fffffff) [ 411.651457][ T4096] usb 5-1: new high-speed USB device number 44 using dummy_hcd [ 412.071592][ T4096] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 412.086726][ T9177] loop2: detected capacity change from 0 to 4096 [ 412.101319][ T4096] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 412.141315][ T4096] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 412.165445][ T9177] ntfs: (device loop2): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel. [ 412.174785][ T4096] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 412.231316][ T4096] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 412.264450][ T4096] usb 5-1: config 0 descriptor?? [ 412.279472][ T9177] ntfs: (device loop2): ntfs_is_extended_system_file(): Non-resident file name. You should run chkdsk. [ 412.321184][ T9177] ntfs: (device loop2): ntfs_read_locked_inode(): $DATA attribute is missing. [ 412.347223][ T9166] loop1: detected capacity change from 0 to 32768 [ 412.360606][ T9177] ntfs: (device loop2): ntfs_read_locked_inode(): Failed with error code -2. Marking corrupt inode 0x1 as bad. Run chkdsk. [ 412.411500][ T9177] ntfs: (device loop2): load_system_files(): Failed to load $MFTMirr. Mounting read-only. Run ntfsfix and/or chkdsk. [ 412.420594][ T9166] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 scanned by syz.1.873 (9166) [ 412.479084][ T9166] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm [ 412.496295][ T9177] ntfs: volume version 3.1. [ 412.501329][ T9166] BTRFS info (device loop1): use zlib compression, level 3 [ 412.508567][ T9166] BTRFS info (device loop1): using free space tree [ 412.545319][ T9166] BTRFS info (device loop1): has skinny extents [ 412.676327][ T9174] loop0: detected capacity change from 0 to 40427 [ 412.772192][ T9166] BTRFS info (device loop1): enabling ssd optimizations [ 412.792235][ T9174] F2FS-fs (loop0): invalid crc value [ 412.937195][ T9174] F2FS-fs (loop0): Found nat_bits in checkpoint [ 413.001595][ T4096] usbhid 5-1:0.0: can't add hid device: -71 [ 413.007837][ T4096] usbhid: probe of 5-1:0.0 failed with error -71 [ 413.075322][ T4096] usb 5-1: USB disconnect, device number 44 [ 413.094135][ T9174] F2FS-fs (loop0): Cannot turn on quotas: -2 on 0 [ 413.121866][ T9174] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4 [ 413.183204][ T9174] attempt to access beyond end of device [ 413.183204][ T9174] loop0: rw=2049, want=77832, limit=40427 [ 413.375253][ T3501] attempt to access beyond end of device [ 413.375253][ T3501] loop0: rw=2049, want=45112, limit=40427 [ 413.664705][ T9207] loop3: detected capacity change from 0 to 2048 [ 413.783182][ T9207] UDF-fs: error (device loop3): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 413.833914][ T9207] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 414.761491][ T3753] usb 4-1: new high-speed USB device number 37 using dummy_hcd [ 415.695852][ T9203] loop4: detected capacity change from 0 to 32768 [ 415.751974][ T9226] loop2: detected capacity change from 0 to 1024 [ 415.821510][ T3595] usb 1-1: new high-speed USB device number 32 using dummy_hcd [ 416.063025][ T9203] loop4: detected capacity change from 0 to 256 [ 416.071341][ T3595] usb 1-1: Using ep0 maxpacket: 16 [ 416.085389][ T9217] loop1: detected capacity change from 0 to 32768 [ 416.123972][ T9203] exfat: Bad value for 'uid' [ 416.129562][ T9217] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 scanned by syz.1.882 (9217) [ 416.202934][ T3753] usb 4-1: New USB device found, idVendor=0c98, idProduct=1140, bcdDevice= 2.f0 [ 416.255957][ T3753] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 416.372749][ T3753] usb 4-1: Product: syz [ 416.394039][ T9203] openvswitch: netlink: Message has 171 unknown bytes. [ 416.432869][ T3753] usb 4-1: Manufacturer: syz [ 416.504399][ T3753] usb 4-1: SerialNumber: syz [ 416.823521][ T3753] usb 4-1: config 0 descriptor?? [ 416.841549][ T9217] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm [ 416.851916][ T3753] usb 4-1: can't set config #0, error -71 [ 416.869007][ T9217] BTRFS info (device loop1): use zlib compression, level 3 [ 416.888916][ T3753] usb 4-1: USB disconnect, device number 37 [ 416.917030][ T9217] BTRFS info (device loop1): using free space tree [ 416.992750][ T3595] usb 1-1: config 1 interface 0 altsetting 254 bulk endpoint 0x1 has invalid maxpacket 1023 [ 417.005849][ T9217] BTRFS info (device loop1): has skinny extents [ 417.014817][ T3595] usb 1-1: config 1 interface 0 altsetting 254 bulk endpoint 0x82 has invalid maxpacket 64 [ 417.044979][ T9231] loop4: detected capacity change from 0 to 1024 [ 417.047488][ T3595] usb 1-1: config 1 interface 0 altsetting 254 has 2 endpoint descriptors, different from the interface descriptor's value: 4 [ 417.126212][ T3595] usb 1-1: config 1 interface 0 has no altsetting 0 [ 417.171553][ T9241] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 417.331667][ T3595] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 417.394426][ T3595] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 417.440075][ T9217] BTRFS info (device loop1): enabling ssd optimizations [ 418.117986][ T3595] usb 1-1: Product: syz [ 418.122530][ T3595] usb 1-1: Manufacturer: syz [ 418.127360][ T3595] usb 1-1: SerialNumber: syz [ 418.151959][ T3595] usb 1-1: can't set config #1, error -71 [ 418.171588][ T3595] usb 1-1: USB disconnect, device number 32 [ 418.540391][ T9265] loop1: detected capacity change from 0 to 512 [ 418.566499][ T9244] loop3: detected capacity change from 0 to 32768 [ 418.596307][ T3595] usb 1-1: new high-speed USB device number 33 using dummy_hcd [ 418.627159][ T9244] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 scanned by syz.3.887 (9244) [ 418.679956][ T9244] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 418.710536][ T9244] BTRFS info (device loop3): use zlib compression, level 3 [ 418.721125][ T9265] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 418.730811][ T9244] BTRFS info (device loop3): using free space tree [ 418.732796][ T9265] ext4 filesystem being mounted at /root/syzkaller.XIAsj3/14/bus supports timestamps until 2038 (0x7fffffff) [ 418.761554][ T9244] BTRFS info (device loop3): has skinny extents [ 419.538959][ T9244] BTRFS info (device loop3): enabling ssd optimizations [ 419.637006][ T9253] loop2: detected capacity change from 0 to 40427 [ 419.658231][ T3595] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 419.690469][ T3595] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 419.731192][ T3595] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 419.759909][ T9263] loop4: detected capacity change from 0 to 32768 [ 419.799689][ T9253] F2FS-fs (loop2): invalid crc value [ 419.805105][ T3595] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 419.821236][ T3595] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 419.878251][ T9263] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop4 scanned by syz.4.891 (9263) [ 419.901174][ T9253] F2FS-fs (loop2): Found nat_bits in checkpoint [ 419.969835][ T9253] F2FS-fs (loop2): Cannot turn on quotas: -2 on 0 [ 419.989164][ T9253] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4 [ 420.000495][ T3595] usb 1-1: config 0 descriptor?? [ 420.036783][ T9263] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm [ 420.062779][ T9253] attempt to access beyond end of device [ 420.062779][ T9253] loop2: rw=2049, want=77832, limit=40427 [ 420.092022][ T9263] BTRFS info (device loop4): using free space tree [ 420.098745][ T9263] BTRFS info (device loop4): has skinny extents [ 421.057081][ T3502] attempt to access beyond end of device [ 421.057081][ T3502] loop2: rw=2049, want=45112, limit=40427 [ 421.081727][ T3595] usbhid 1-1:0.0: can't add hid device: -71 [ 421.093404][ T3595] usbhid: probe of 1-1:0.0 failed with error -71 [ 421.128287][ T9263] BTRFS info (device loop4): enabling ssd optimizations [ 421.157877][ T3595] usb 1-1: USB disconnect, device number 33 [ 421.356161][ T9320] loop3: detected capacity change from 0 to 2048 [ 421.455180][ T9320] GPT:first_usable_lbas don't match. [ 421.460525][ T9320] GPT:34 != 290 [ 421.480193][ T9320] GPT: Use GNU Parted to correct GPT errors. [ 421.486760][ T9320] loop3: p1 p2 p3 [ 421.702641][ T9325] loop0: detected capacity change from 0 to 2048 [ 421.780765][ T9325] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 421.877426][ T9325] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 422.060044][ T5967] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 422.180562][ T9323] loop1: detected capacity change from 0 to 32768 [ 422.201910][ T5967] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 423.072737][ T3984] usb 1-1: new high-speed USB device number 34 using dummy_hcd [ 423.131437][ T9323] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 scanned by syz.1.895 (9323) [ 423.194407][ T5967] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 423.206367][ T9335] loop2: detected capacity change from 0 to 1024 [ 423.224653][ T9323] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm [ 423.244927][ T9323] BTRFS info (device loop1): use zlib compression, level 3 [ 423.261418][ T9323] BTRFS info (device loop1): using free space tree [ 423.278297][ T9323] BTRFS info (device loop1): has skinny extents [ 423.300007][ T5967] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 423.352659][ T9327] loop4: detected capacity change from 0 to 32768 [ 424.322061][ T9323] BTRFS error (device loop1): open_ctree failed [ 424.351912][ T3984] usb 1-1: New USB device found, idVendor=0c98, idProduct=1140, bcdDevice= 2.f0 [ 424.395384][ T3984] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 424.408475][ T9327] loop4: detected capacity change from 0 to 256 [ 424.450383][ T9360] loop2: detected capacity change from 0 to 512 [ 424.471243][ T3984] usb 1-1: Product: syz [ 424.476166][ T3984] usb 1-1: Manufacturer: syz [ 424.480778][ T3984] usb 1-1: SerialNumber: syz [ 424.486125][ T9327] exfat: Bad value for 'uid' [ 424.507598][ T3984] usb 1-1: config 0 descriptor?? [ 424.553327][ T9327] openvswitch: netlink: Message has 171 unknown bytes. [ 424.562398][ T3984] cdc_ether 1-1:0.0: invalid descriptor buffer length [ 424.569205][ T3984] usb 1-1: bad CDC descriptors [ 424.586899][ T3984] pcwd_usb: This driver only supports 1 device [ 424.602063][ T9360] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 424.613264][ T9360] ext4 filesystem being mounted at /root/syzkaller.tGrW1V/183/bus supports timestamps until 2038 (0x7fffffff) [ 424.644899][ T9345] chnl_net:caif_netlink_parms(): no params data found [ 424.719722][ T3756] usb 1-1: USB disconnect, device number 34 [ 425.406529][ T9345] bridge0: port 1(bridge_slave_0) entered blocking state [ 425.487232][ T9345] bridge0: port 1(bridge_slave_0) entered disabled state [ 425.527930][ T9345] device bridge_slave_0 entered promiscuous mode [ 425.585528][ T3839] Bluetooth: hci2: command 0x0409 tx timeout [ 425.593652][ T9345] bridge0: port 2(bridge_slave_1) entered blocking state [ 425.600746][ T9345] bridge0: port 2(bridge_slave_1) entered disabled state [ 425.710928][ T9345] device bridge_slave_1 entered promiscuous mode [ 425.832789][ T9345] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 425.950069][ T9345] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 426.913366][ T9345] team0: Port device team_slave_0 added [ 426.928766][ T9397] loop0: detected capacity change from 0 to 512 [ 426.942294][ T9345] team0: Port device team_slave_1 added [ 427.016798][ T9345] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 427.031329][ T9345] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 427.085145][ T9397] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 427.096658][ T9397] ext4 filesystem being mounted at /root/syzkaller.HtlLNS/195/bus supports timestamps until 2038 (0x7fffffff) [ 427.105931][ T9401] loop2: detected capacity change from 0 to 64 [ 427.115134][ T9345] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 427.184564][ T9345] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 427.248943][ T9373] loop4: detected capacity change from 0 to 40427 [ 427.255924][ T9345] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 427.324592][ T9345] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 427.556258][ T9373] F2FS-fs (loop4): invalid crc value [ 427.651455][ T3984] Bluetooth: hci2: command 0x041b tx timeout [ 427.977916][ T9373] F2FS-fs (loop4): Failed to start F2FS issue_checkpoint_thread (-12) [ 428.093762][ T9345] device hsr_slave_0 entered promiscuous mode [ 428.116923][ T9345] device hsr_slave_1 entered promiscuous mode [ 428.146850][ T9345] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 428.281307][ T9345] Cannot create hsr debugfs directory [ 428.593480][ T9413] loop4: detected capacity change from 0 to 1024 [ 429.696363][ T9406] loop2: detected capacity change from 0 to 32768 [ 430.021855][ T3839] Bluetooth: hci2: command 0x040f tx timeout [ 430.033786][ T9406] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz.2.909 (9406) [ 430.142094][ T9406] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 430.150984][ T9406] BTRFS info (device loop2): use zlib compression, level 3 [ 430.192889][ T9406] BTRFS info (device loop2): using free space tree [ 430.199445][ T9406] BTRFS info (device loop2): has skinny extents [ 430.313865][ T9437] loop4: detected capacity change from 0 to 2048 [ 430.575034][ T9406] BTRFS error (device loop2): open_ctree failed [ 430.583652][ T9427] loop0: detected capacity change from 0 to 32768 [ 430.607276][ T9437] UDF-fs: error (device loop4): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 430.629389][ T9437] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 430.671685][ T9427] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz.0.912 (9427) [ 430.713766][ T5967] device hsr_slave_0 left promiscuous mode [ 430.732102][ T5967] device hsr_slave_1 left promiscuous mode [ 430.768002][ T9427] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 430.782205][ T5967] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 430.789906][ T5967] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 430.811401][ T9427] BTRFS info (device loop0): use zlib compression, level 3 [ 430.818688][ T9427] BTRFS info (device loop0): using free space tree [ 430.842928][ T9427] BTRFS info (device loop0): has skinny extents [ 430.868037][ T5967] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 430.912748][ T5967] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 430.953222][ T9467] loop2: detected capacity change from 0 to 512 [ 430.977584][ T5967] device bridge_slave_1 left promiscuous mode [ 431.025748][ T5967] bridge0: port 2(bridge_slave_1) entered disabled state [ 431.039514][ T9467] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 431.050761][ T9467] ext4 filesystem being mounted at /root/syzkaller.tGrW1V/187/bus supports timestamps until 2038 (0x7fffffff) [ 431.065905][ T3837] usb 5-1: new high-speed USB device number 45 using dummy_hcd [ 431.222518][ T5967] device bridge_slave_0 left promiscuous mode [ 431.239905][ T5967] bridge0: port 1(bridge_slave_0) entered disabled state [ 431.297673][ T5967] device veth1_macvtap left promiscuous mode [ 431.377006][ T9427] BTRFS info (device loop0): enabling ssd optimizations [ 431.438778][ T5967] device veth0_macvtap left promiscuous mode [ 431.523123][ T5967] device veth1_vlan left promiscuous mode [ 431.580323][ T5967] device veth0_vlan left promiscuous mode [ 431.881654][ T3837] usb 5-1: New USB device found, idVendor=0c98, idProduct=1140, bcdDevice= 2.f0 [ 431.911197][ T3837] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 431.919891][ T3837] usb 5-1: Product: syz [ 431.945113][ T3837] usb 5-1: Manufacturer: syz [ 431.949751][ T3837] usb 5-1: SerialNumber: syz [ 432.047580][ T3837] usb 5-1: config 0 descriptor?? [ 432.080619][ T3563] Bluetooth: hci2: command 0x0419 tx timeout [ 432.124506][ T3837] cdc_ether 5-1:0.0: invalid descriptor buffer length [ 432.171924][ T3837] usb 5-1: bad CDC descriptors [ 432.218892][ T3837] pcwd_usb: This driver only supports 1 device [ 432.461948][ T3838] usb 5-1: USB disconnect, device number 45 [ 432.764975][ T5967] team0 (unregistering): Port device team_slave_1 removed [ 432.804832][ T5967] team0 (unregistering): Port device team_slave_0 removed [ 432.844265][ T5967] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 432.864491][ T5967] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 432.996774][ T5967] bond0 (unregistering): Released all slaves [ 433.972621][ T9497] vivid-008: disconnect [ 434.073673][ T9496] vivid-008: reconnect [ 434.975810][ T9507] loop2: detected capacity change from 0 to 1024 [ 435.106381][ T9345] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 435.302502][ T9345] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 435.480819][ T9345] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 435.969539][ T9345] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 436.200518][ T9523] loop2: detected capacity change from 0 to 512 [ 436.383523][ T9523] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 436.394889][ T9523] ext4 filesystem being mounted at /root/syzkaller.tGrW1V/190/bus supports timestamps until 2038 (0x7fffffff) [ 436.417056][ T9511] loop1: detected capacity change from 0 to 40427 [ 436.531177][ T9503] loop4: detected capacity change from 0 to 32768 [ 436.634735][ T9503] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 scanned by syz.4.922 (9503) [ 436.864862][ T9511] F2FS-fs (loop1): invalid crc value [ 437.052680][ T9345] 8021q: adding VLAN 0 to HW filter on device bond0 [ 437.112489][ T9511] F2FS-fs (loop1): Found nat_bits in checkpoint [ 437.216637][ T9345] 8021q: adding VLAN 0 to HW filter on device team0 [ 437.275050][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 437.293522][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 437.310985][ T9503] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm [ 437.351758][ T9503] BTRFS info (device loop4): use zlib compression, level 3 [ 437.391390][ T3756] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 437.400142][ T3756] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 437.403615][ T9511] F2FS-fs (loop1): Cannot turn on quotas: -2 on 0 [ 437.412406][ T9503] BTRFS info (device loop4): using free space tree [ 437.434414][ T9503] BTRFS info (device loop4): has skinny extents [ 437.451423][ T9511] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4 [ 437.461838][ T3756] bridge0: port 1(bridge_slave_0) entered blocking state [ 437.468926][ T3756] bridge0: port 1(bridge_slave_0) entered forwarding state [ 437.504420][ T9511] attempt to access beyond end of device [ 437.504420][ T9511] loop1: rw=2049, want=53264, limit=40427 [ 437.527808][ T3756] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 437.549314][ T3756] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 437.587703][ T3756] bridge0: port 2(bridge_slave_1) entered blocking state [ 437.594868][ T3756] bridge0: port 2(bridge_slave_1) entered forwarding state [ 437.633145][ T8605] attempt to access beyond end of device [ 437.633145][ T8605] loop1: rw=2049, want=45112, limit=40427 [ 437.731500][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 437.740179][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 437.749278][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 437.758415][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 437.769533][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 437.855760][ T3672] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 437.866884][ T3672] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 437.881803][ T9503] BTRFS error (device loop4): open_ctree failed [ 437.893722][ T3672] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 437.909912][ T3672] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 437.929228][ T3672] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 437.977721][ T3672] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 437.992340][ T3672] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 438.020272][ T9345] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 438.063398][ T9518] chnl_net:caif_netlink_parms(): no params data found [ 438.291408][ T3838] Bluetooth: hci1: command 0x0409 tx timeout [ 438.434588][ T9518] bridge0: port 1(bridge_slave_0) entered blocking state [ 438.455329][ T9573] 9pnet: Insufficient options for proto=fd [ 438.463949][ T9518] bridge0: port 1(bridge_slave_0) entered disabled state [ 438.506858][ T9518] device bridge_slave_0 entered promiscuous mode [ 438.544974][ T9518] bridge0: port 2(bridge_slave_1) entered blocking state [ 438.585457][ T9518] bridge0: port 2(bridge_slave_1) entered disabled state [ 438.622076][ T9518] device bridge_slave_1 entered promiscuous mode [ 438.745015][ T9518] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 438.951212][ T9518] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 439.892613][ T3838] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 439.900306][ T3838] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 439.910337][ T1375] ieee802154 phy0 wpan0: encryption failed: -22 [ 439.918006][ T1375] ieee802154 phy1 wpan1: encryption failed: -22 [ 439.933816][ T9345] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 439.978755][ T9518] team0: Port device team_slave_0 added [ 440.023267][ T3838] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 440.032738][ T3838] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 440.065750][ T9518] team0: Port device team_slave_1 added [ 440.093086][ T9345] device veth0_vlan entered promiscuous mode [ 440.164843][ T9560] loop2: detected capacity change from 0 to 32768 [ 440.212676][ T9027] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 440.241457][ T9560] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz.2.926 (9560) [ 440.257126][ T9027] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 440.270823][ T9345] device veth1_vlan entered promiscuous mode [ 440.288943][ T9518] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 440.317181][ T9560] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 440.327186][ T9518] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 440.372204][ T3984] Bluetooth: hci1: command 0x041b tx timeout [ 440.393067][ T9560] BTRFS info (device loop2): use zlib compression, level 3 [ 440.414918][ T9560] BTRFS info (device loop2): using free space tree [ 440.425085][ T9560] BTRFS info (device loop2): has skinny extents [ 440.434029][ T9518] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 440.458820][ T9027] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 440.469299][ T9027] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 440.489865][ T9027] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 440.532538][ T9518] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 440.539915][ T9518] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 440.595687][ T9518] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 440.620104][ T9345] device veth0_macvtap entered promiscuous mode [ 440.673545][ T3984] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 440.682147][ T3984] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 440.745639][ T3984] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 440.756017][ T9560] BTRFS info (device loop2): enabling ssd optimizations [ 440.809656][ T9345] device veth1_macvtap entered promiscuous mode [ 440.881988][ T3984] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 440.900563][ T3984] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 440.984821][ T9518] device hsr_slave_0 entered promiscuous mode [ 441.007824][ T9518] device hsr_slave_1 entered promiscuous mode [ 441.061781][ T9518] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 441.069514][ T9518] Cannot create hsr debugfs directory [ 441.113541][ T9345] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 441.132232][ T9345] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 441.149640][ T9345] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 441.168573][ T9345] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 441.224854][ T9345] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 441.246022][ T9345] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 441.268039][ T9345] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 441.308807][ T9345] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 441.363392][ T9345] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 441.384251][ T3838] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 441.396710][ T3838] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 441.446396][ T9345] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 441.469886][ T9345] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 441.495166][ T9345] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 441.512597][ T9345] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 441.541385][ T9345] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 441.556235][ T9345] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 441.579703][ T9345] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 441.620960][ T9345] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 441.659472][ T9345] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 441.783787][ T4096] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 441.802225][ T4096] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 441.851962][ T9345] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 441.860714][ T9345] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 441.898503][ T9345] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 441.928645][ T9345] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 442.076978][ T9655] loop4: detected capacity change from 0 to 512 [ 442.170311][ T9657] loop2: detected capacity change from 0 to 1024 [ 442.261361][ T9655] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 442.273252][ T9655] ext4 filesystem being mounted at /root/syzkaller.AmZFOV/119/bus supports timestamps until 2038 (0x7fffffff) [ 442.389551][ T4040] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 442.571448][ T4040] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 442.587774][ T3984] Bluetooth: hci1: command 0x040f tx timeout [ 443.065414][ T9518] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 443.172946][ T9027] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 443.287323][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 443.361351][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 443.380979][ T9518] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 443.419792][ T9675] loop2: detected capacity change from 0 to 512 [ 443.433668][ T3673] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 443.514827][ T9675] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 443.526067][ T9675] ext4 filesystem being mounted at /root/syzkaller.tGrW1V/193/bus supports timestamps until 2038 (0x7fffffff) [ 443.643253][ T9679] loop3: detected capacity change from 0 to 256 [ 443.765446][ T9665] loop1: detected capacity change from 0 to 32768 [ 443.790347][ T9518] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 443.988054][ T9665] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 scanned by syz.1.935 (9665) [ 444.123977][ T9679] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xc14df490, utbl_chksum : 0xe619d30d) [ 444.385725][ T9518] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 444.493547][ T9665] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm [ 444.542317][ T9665] BTRFS info (device loop1): use zlib compression, level 3 [ 444.582349][ T9665] BTRFS info (device loop1): using free space tree [ 444.588908][ T9665] BTRFS info (device loop1): has skinny extents [ 444.621638][ T9027] Bluetooth: hci1: command 0x0419 tx timeout [ 444.671896][ T9686] loop2: detected capacity change from 0 to 16 [ 444.850090][ T9665] BTRFS info (device loop1): enabling ssd optimizations [ 445.003823][ T9345] syz-executor (9345) used greatest stack depth: 17792 bytes left [ 445.150236][ T9518] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 445.222070][ T9518] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 445.297727][ T9716] input: syz0 as /devices/virtual/input/input7 [ 445.312282][ T9708] mmap: syz.2.939 (9708): VmData 176140288 exceed data ulimit 0. Update limits or use boot option ignore_rlimit_data. [ 445.327104][ T9518] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 445.370114][ T9518] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 445.852862][ T9728] fuse: Bad value for 'group_id' [ 445.970231][ T26] audit: type=1804 audit(1719722178.079:70): pid=9730 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.946" name="/root/syzkaller.AmZFOV/121/file1" dev="sda1" ino=1987 res=1 errno=0 [ 446.216923][ T9518] 8021q: adding VLAN 0 to HW filter on device bond0 [ 446.248156][ T9737] netlink: 'syz.1.948': attribute type 29 has an invalid length. [ 446.327821][ T9737] netlink: 'syz.1.948': attribute type 29 has an invalid length. [ 446.384981][ T3755] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 446.393360][ T3755] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 446.489690][ T3839] usb 5-1: new high-speed USB device number 46 using dummy_hcd [ 446.593320][ T9518] 8021q: adding VLAN 0 to HW filter on device team0 [ 446.640273][ T3673] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 446.652257][ T3673] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 446.671758][ T3673] bridge0: port 1(bridge_slave_0) entered blocking state [ 446.678865][ T3673] bridge0: port 1(bridge_slave_0) entered forwarding state [ 446.722080][ T9723] chnl_net:caif_netlink_parms(): no params data found [ 446.761557][ T3839] usb 5-1: Using ep0 maxpacket: 16 [ 446.775881][ T3753] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 446.794712][ T3753] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 446.820371][ T3753] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 446.851308][ T3753] bridge0: port 2(bridge_slave_1) entered blocking state [ 446.858503][ T3753] bridge0: port 2(bridge_slave_1) entered forwarding state [ 446.921762][ T3839] usb 5-1: config 0 has an invalid descriptor of length 123, skipping remainder of the config [ 446.943755][ T3839] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 446.964759][ T3839] usb 5-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 446.984099][ T3839] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 447.020506][ T3839] usb 5-1: config 0 descriptor?? [ 447.070024][ T3673] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 447.090902][ T3673] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 447.122544][ T3673] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 447.141931][ T3673] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 447.162300][ T3673] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 447.171216][ T3673] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 447.243331][ T3673] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 447.279131][ T9518] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 447.299176][ T9518] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 447.332322][ T3746] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 447.391856][ T3746] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 447.414737][ T3746] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 447.452363][ T3746] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 447.495134][ T9755] IPVS: set_ctl: invalid protocol: 0 127.0.0.1:0 [ 447.572040][ T3839] usb 5-1: string descriptor 0 read error: -71 [ 447.589212][ T1066] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 447.589332][ T3839] usb 5-1: USB disconnect, device number 46 [ 447.610035][ T9723] bridge0: port 1(bridge_slave_0) entered blocking state [ 447.621655][ T9723] bridge0: port 1(bridge_slave_0) entered disabled state [ 447.639354][ T9723] device bridge_slave_0 entered promiscuous mode [ 447.707175][ T9723] bridge0: port 2(bridge_slave_1) entered blocking state [ 447.732734][ T9723] bridge0: port 2(bridge_slave_1) entered disabled state [ 447.756025][ T9763] binder: 9762:9763 ioctl c0306201 0 returned -14 [ 447.769575][ T9723] device bridge_slave_1 entered promiscuous mode [ 447.811513][ T5967] device hsr_slave_0 left promiscuous mode [ 447.835845][ T5967] device hsr_slave_1 left promiscuous mode [ 447.862041][ T5967] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 447.889956][ T5967] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 447.903276][ T3839] Bluetooth: hci2: command 0x0409 tx timeout [ 447.916788][ T5967] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 447.925628][ T5967] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 447.943355][ T5967] bridge0: port 3(bond0) entered disabled state [ 447.953221][ T5967] device bridge_slave_1 left promiscuous mode [ 447.960374][ T5967] bridge0: port 2(bridge_slave_1) entered disabled state [ 447.984788][ T5967] device bridge_slave_0 left promiscuous mode [ 447.991553][ T5967] bridge0: port 1(bridge_slave_0) entered disabled state [ 448.015138][ T5967] device veth1_macvtap left promiscuous mode [ 448.021953][ T5967] device veth0_macvtap left promiscuous mode [ 448.032040][ T5967] device veth1_vlan left promiscuous mode [ 448.046754][ T5967] device veth0_vlan left promiscuous mode [ 448.533406][ T5967] team0 (unregistering): Port device team_slave_1 removed [ 448.549808][ T5967] team0 (unregistering): Port device team_slave_0 removed [ 448.567952][ T5967] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 448.578883][ T5967] device bond_slave_1 left promiscuous mode [ 448.594607][ T5967] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 448.603837][ T5967] device bond_slave_0 left promiscuous mode [ 448.753566][ T5967] bond0 (unregistering): Released all slaves [ 448.835811][ T9774] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 448.853325][ T9774] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 448.862695][ T9723] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 448.883813][ T9723] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 449.001109][ T9723] team0: Port device team_slave_0 added [ 449.020330][ T9723] team0: Port device team_slave_1 added [ 449.086478][ T9723] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 449.094294][ T9723] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 449.128627][ T9723] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 449.147570][ T3839] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 449.155188][ T3839] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 449.168542][ T9518] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 449.177418][ T9723] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 449.191326][ T9723] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 449.217798][ T9723] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 449.305803][ T9723] device hsr_slave_0 entered promiscuous mode [ 449.313251][ T9723] device hsr_slave_1 entered promiscuous mode [ 449.361442][ T3673] usb 2-1: new high-speed USB device number 34 using dummy_hcd [ 449.391062][ T3837] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 449.400471][ T3837] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 449.436455][ T3839] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 449.462574][ T3839] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 449.478994][ T3839] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 449.488523][ T3839] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 449.506614][ T9518] device veth0_vlan entered promiscuous mode [ 449.584465][ T9723] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 449.625270][ T9518] device veth1_vlan entered promiscuous mode [ 449.674166][ T9723] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 449.703081][ T3755] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 449.717228][ T3755] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 449.725900][ T3755] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 449.741961][ T3673] usb 2-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 449.757816][ T3755] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 449.778967][ T9518] device veth0_macvtap entered promiscuous mode [ 449.797383][ T9723] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 449.840187][ T9518] device veth1_macvtap entered promiscuous mode [ 449.852981][ T3755] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 449.864838][ T3755] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 449.889600][ T9723] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 449.923182][ T3673] usb 2-1: New USB device found, idVendor=6737, idProduct=0001, bcdDevice=5e.f6 [ 449.931606][ T3839] usb 5-1: new high-speed USB device number 47 using dummy_hcd [ 449.943035][ T9518] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 449.961632][ T3673] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 449.969850][ T3673] usb 2-1: Product: syz [ 449.974764][ T9518] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 449.981109][ T3673] usb 2-1: Manufacturer: syz [ 449.985123][ T3837] Bluetooth: hci2: command 0x041b tx timeout [ 449.994285][ T3673] usb 2-1: SerialNumber: syz [ 450.006492][ T3673] usb 2-1: config 0 descriptor?? [ 450.011323][ T9518] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 450.041387][ T9518] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 450.051233][ T9518] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 450.055449][ T3673] cypress_m8 2-1:0.0: HID->COM RS232 Adapter converter detected [ 450.075468][ T3673] cyphidcom ttyUSB0: required endpoint is missing [ 450.082639][ T9518] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 450.101381][ T9518] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 450.132855][ T9518] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 450.152283][ T9518] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 450.161381][ T3550] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 450.170247][ T3550] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 450.191522][ T3839] usb 5-1: Using ep0 maxpacket: 16 [ 450.202621][ T9518] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 450.221286][ T9518] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 450.252157][ T9518] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 450.257628][ T3753] usb 2-1: USB disconnect, device number 34 [ 450.271607][ T9518] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 450.302082][ T3753] cypress_m8 2-1:0.0: device disconnected [ 450.302579][ T9791] input: syz0 as /devices/virtual/input/input8 [ 450.316366][ T3839] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024 [ 450.327599][ T9518] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 450.351308][ T3839] usb 5-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 450.363041][ T3839] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 450.377158][ T9518] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 450.392396][ T3839] usb 5-1: config 0 descriptor?? [ 450.405193][ T9518] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 450.418392][ T9518] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 450.440783][ T9518] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 450.470932][ T3673] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 450.504302][ T3673] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 450.520557][ T9518] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 450.529930][ T9518] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 450.540895][ T9518] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 450.551047][ T9518] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 450.717792][ T5591] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 450.752242][ T5591] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 450.784548][ T3673] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 450.799149][ T9723] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 450.828968][ T3596] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 450.832969][ T9723] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 450.848669][ T3596] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 450.882755][ T9789] udc-core: couldn't find an available UDC or it's busy [ 450.893446][ T3612] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 450.902071][ T9789] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 450.931599][ T9723] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 450.972728][ T3839] hid (null): unknown global tag 0xd [ 450.978087][ T3839] hid (null): unknown global tag 0xc [ 450.986813][ T9723] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 450.992717][ T3839] hid (null): unknown global tag 0x83 [ 450.999480][ T9804] loop0: detected capacity change from 0 to 1024 [ 451.006251][ T3839] hid (null): unknown global tag 0xc [ 451.033676][ T3839] hid-generic 0003:0158:0100.0007: unknown main item tag 0x1 [ 451.041123][ T3839] hid-generic 0003:0158:0100.0007: unexpected long global item [ 451.104764][ T3839] hid-generic: probe of 0003:0158:0100.0007 failed with error -22 [ 451.108323][ T9807] netlink: 'syz.2.974': attribute type 1 has an invalid length. [ 451.201518][ T3550] usb 5-1: USB disconnect, device number 47 [ 451.400432][ T9810] 8021q: adding VLAN 0 to HW filter on device bond1 [ 452.174582][ T7752] Bluetooth: hci2: command 0x040f tx timeout [ 452.327864][ T9723] 8021q: adding VLAN 0 to HW filter on device bond0 [ 452.348028][ T3753] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 452.368471][ T3753] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 452.385611][ T9723] 8021q: adding VLAN 0 to HW filter on device team0 [ 452.438741][ T3753] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 452.464551][ T3753] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 452.501079][ T3753] bridge0: port 1(bridge_slave_0) entered blocking state [ 452.508263][ T3753] bridge0: port 1(bridge_slave_0) entered forwarding state [ 452.557411][ T3753] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 452.569176][ T3753] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 452.582765][ T3612] usb 5-1: new high-speed USB device number 48 using dummy_hcd [ 452.606247][ T3753] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 452.616588][ T3753] bridge0: port 2(bridge_slave_1) entered blocking state [ 452.623722][ T3753] bridge0: port 2(bridge_slave_1) entered forwarding state [ 452.638969][ T3753] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 452.708802][ T3755] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 452.719760][ T3755] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 452.732958][ T3755] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 452.742312][ T3755] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 452.752221][ T3755] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 452.762157][ T3755] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 452.772238][ T3755] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 452.785124][ T9723] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 452.814756][ T9723] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 452.834238][ T1066] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 452.842278][ T3612] usb 5-1: Using ep0 maxpacket: 16 [ 452.859385][ T1066] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 452.880748][ T1066] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 452.961548][ T3612] usb 5-1: config 0 has an invalid descriptor of length 123, skipping remainder of the config [ 452.972350][ T3753] usb 1-1: new high-speed USB device number 35 using dummy_hcd [ 452.990194][ T3612] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 453.010720][ T3612] usb 5-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 453.021942][ T3837] usb 3-1: new high-speed USB device number 40 using dummy_hcd [ 453.030790][ T3612] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 453.053670][ T3612] usb 5-1: config 0 descriptor?? [ 453.166873][ T1066] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 453.175330][ T1066] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 453.198058][ T9723] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 453.242368][ T1066] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 453.261980][ T1066] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 453.287217][ T1066] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 453.297391][ T1066] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 453.301452][ T3837] usb 3-1: Using ep0 maxpacket: 16 [ 453.317928][ T9723] device veth0_vlan entered promiscuous mode [ 453.337163][ T3607] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 453.349968][ T3607] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 453.361781][ T3753] usb 1-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 453.387277][ T9723] device veth1_vlan entered promiscuous mode [ 453.430370][ T3839] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 453.439528][ T3839] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 453.448801][ T3837] usb 3-1: config 0 has an invalid descriptor of length 123, skipping remainder of the config [ 453.460255][ T3839] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 453.472323][ T3837] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 453.482804][ T3839] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 453.491312][ T3837] usb 3-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 453.500678][ T3837] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 453.511921][ T9723] device veth0_macvtap entered promiscuous mode [ 453.523465][ T9723] device veth1_macvtap entered promiscuous mode [ 453.531856][ T3837] usb 3-1: config 0 descriptor?? [ 453.538203][ T3753] usb 1-1: New USB device found, idVendor=6737, idProduct=0001, bcdDevice=5e.f6 [ 453.561118][ T3753] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 453.592079][ T3612] usb 5-1: string descriptor 0 read error: -71 [ 453.610801][ T9723] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 453.629292][ T3612] usb 5-1: USB disconnect, device number 48 [ 453.635792][ T3753] usb 1-1: Product: syz [ 453.639975][ T3753] usb 1-1: Manufacturer: syz [ 453.653208][ T3753] usb 1-1: SerialNumber: syz [ 453.660592][ T9723] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 453.681104][ T3753] usb 1-1: config 0 descriptor?? [ 453.686553][ T9723] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 453.704721][ T9723] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 453.720239][ T9723] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 453.739582][ T3753] cypress_m8 1-1:0.0: HID->COM RS232 Adapter converter detected [ 453.747494][ T9723] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 453.758804][ T3753] cyphidcom ttyUSB0: required endpoint is missing [ 453.768976][ T9723] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 453.781460][ T9829] udc-core: couldn't find an available UDC or it's busy [ 453.790090][ T9723] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 453.800108][ T9723] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 453.809584][ T9829] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 453.812868][ T9723] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 453.829879][ T9723] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 453.863285][ T3753] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 453.877324][ T3753] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 453.889591][ T3753] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 453.900160][ T3753] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 453.910834][ T9723] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 453.925949][ T9723] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 453.959356][ T3607] usb 1-1: USB disconnect, device number 35 [ 453.965056][ T9723] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 453.966599][ T3607] cypress_m8 1-1:0.0: device disconnected [ 453.979427][ T9723] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 453.998928][ T9723] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 454.009908][ T9723] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 454.021078][ T9723] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 454.032772][ T9723] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 454.042820][ T9723] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 454.054631][ T9723] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 454.066178][ T9723] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 454.080680][ T3612] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 454.081519][ T3837] usb 3-1: string descriptor 0 read error: -71 [ 454.104447][ T3612] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 454.121741][ T9723] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 454.130485][ T9723] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 454.144059][ T9723] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 454.148303][ T3837] usb 3-1: USB disconnect, device number 40 [ 454.168804][ T9723] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 454.211809][ T3839] Bluetooth: hci2: command 0x0419 tx timeout [ 454.338116][ T4769] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 454.357570][ T4769] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 454.395275][ T3839] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 454.443940][ T5591] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 454.457977][ T5591] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 454.477150][ T3612] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 454.966785][ T9872] vivid-000: disconnect [ 454.972669][ T9871] vivid-000: reconnect [ 455.028168][ T5967] device hsr_slave_0 left promiscuous mode [ 455.053256][ T5967] device hsr_slave_1 left promiscuous mode [ 455.081436][ T3837] usb 5-1: new high-speed USB device number 49 using dummy_hcd [ 455.090565][ T5967] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 455.096881][ T3612] usb 1-1: new high-speed USB device number 36 using dummy_hcd [ 455.107390][ T5967] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 455.220994][ T5967] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 455.259124][ T5967] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 455.302668][ T5967] device bridge_slave_1 left promiscuous mode [ 455.351481][ T3612] usb 1-1: Using ep0 maxpacket: 8 [ 455.375115][ T5967] bridge0: port 2(bridge_slave_1) entered disabled state [ 455.423272][ T26] audit: type=1804 audit(1719722187.519:71): pid=9884 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.998" name="/root/syzkaller.tGrW1V/218/bus" dev="sda1" ino=1996 res=1 errno=0 [ 455.552600][ T3612] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 1536, setting to 1024 [ 455.624473][ T3612] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 455.734687][ T3612] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 455.881975][ T3612] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 455.956587][ T3612] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 455.976028][ T3612] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 455.995329][ T5967] device bridge_slave_0 left promiscuous mode [ 456.019454][ T5967] bridge0: port 1(bridge_slave_0) entered disabled state [ 456.106386][ T5967] device veth1_macvtap left promiscuous mode [ 456.142165][ T5967] device veth0_macvtap left promiscuous mode [ 456.171519][ T3837] usb 5-1: Using ep0 maxpacket: 16 [ 456.208115][ T5967] device veth1_vlan left promiscuous mode [ 456.257919][ T5967] device veth0_vlan left promiscuous mode [ 456.301452][ T3612] usb 1-1: usb_control_msg returned -32 [ 456.302553][ T3837] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0 [ 456.314588][ T3612] usbtmc 1-1:16.0: can't read capabilities [ 456.593454][ T3837] usb 5-1: New USB device found, idVendor=054c, idProduct=02e1, bcdDevice= b.55 [ 456.741847][ T3837] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 456.976173][ T3837] usb 5-1: Product: syz [ 456.980389][ T3837] usb 5-1: Manufacturer: syz [ 457.051138][ T3837] usb 5-1: SerialNumber: syz [ 457.142370][ T3837] usb 5-1: config 0 descriptor?? [ 457.215148][ T3837] pn533_usb 5-1:0.0: NFC: Could not find bulk-in or bulk-out endpoint [ 457.436859][ T3612] usb 5-1: USB disconnect, device number 49 [ 457.531647][ T9900] usbtmc 1-1:16.0: stb usb_control_msg returned -32 [ 457.594020][ T3550] usb 1-1: USB disconnect, device number 36 [ 457.738619][ T5967] team0 (unregistering): Port device team_slave_1 removed [ 457.756004][ T5967] team0 (unregistering): Port device team_slave_0 removed [ 457.770097][ T5967] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 457.797078][ T5967] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 457.883740][ T5967] bond0 (unregistering): Released all slaves [ 457.939149][ T9913] netlink: 'syz.1.1012': attribute type 4 has an invalid length. [ 459.380027][ T9971] chnl_net:caif_netlink_parms(): no params data found [ 459.693417][ T9971] bridge0: port 1(bridge_slave_0) entered blocking state [ 459.739522][ T9971] bridge0: port 1(bridge_slave_0) entered disabled state [ 459.760997][ T9971] device bridge_slave_0 entered promiscuous mode [ 459.793107][ T9971] bridge0: port 2(bridge_slave_1) entered blocking state [ 459.814203][ T9971] bridge0: port 2(bridge_slave_1) entered disabled state [ 459.867210][ T9971] device bridge_slave_1 entered promiscuous mode [ 459.930800][ T9971] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 459.961633][ T9971] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 460.053325][ T1066] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 460.082109][ T1066] Bluetooth: hci2: Injecting HCI hardware error event [ 460.115683][ T9971] team0: Port device team_slave_0 added [ 460.130630][ T3510] Bluetooth: hci2: hardware error 0x00 [ 460.214351][ T9971] team0: Port device team_slave_1 added [ 460.394286][ T9971] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 460.411683][ T9971] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 460.514832][ T9971] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 460.563315][ T9971] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 460.619023][ T9971] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 460.712232][ T9971] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 460.748126][T10040] netlink: 'syz.1.1059': attribute type 1 has an invalid length. [ 460.892394][T10041] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 460.900967][T10041] bond1: (slave batadv1): Enslaving as a backup interface with an up link [ 460.938923][ T1066] Bluetooth: hci0: command 0x0409 tx timeout [ 460.991516][T10044] 8021q: adding VLAN 0 to HW filter on device bond1 [ 461.001122][ T5591] bond1: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 461.092221][ T1066] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready [ 461.124839][ T9971] device hsr_slave_0 entered promiscuous mode [ 461.156602][ T3693] bond1: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 461.182617][ T9971] device hsr_slave_1 entered promiscuous mode [ 461.204161][ T9971] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 461.239599][ T9971] Cannot create hsr debugfs directory [ 461.616671][ T9971] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 461.783788][ T9971] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 461.918873][ T9971] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 462.020014][ T9971] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 462.290505][ T9971] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 462.372649][ T9971] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 462.418574][ T9971] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 462.442633][ T9971] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 462.711576][ T9971] 8021q: adding VLAN 0 to HW filter on device bond0 [ 462.781183][ T3753] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 462.792217][ T3753] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 462.825655][ T9971] 8021q: adding VLAN 0 to HW filter on device team0 [ 462.856242][ T3753] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 462.872333][ T3753] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 462.898110][ T3753] bridge0: port 1(bridge_slave_0) entered blocking state [ 462.905310][ T3753] bridge0: port 1(bridge_slave_0) entered forwarding state [ 462.965606][ T3753] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 463.003313][ T3753] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 463.032654][ T3753] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 463.041167][ T3753] bridge0: port 2(bridge_slave_1) entered blocking state [ 463.048335][ T3753] bridge0: port 2(bridge_slave_1) entered forwarding state [ 463.081845][ T3753] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 463.120984][ T3607] Bluetooth: hci0: command 0x041b tx timeout [ 463.197148][ T3612] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 463.242545][ T3612] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 463.273426][ T3612] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 463.310544][ T3612] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 463.340219][ T3612] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 463.432061][ T3607] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 463.450175][ T3607] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 463.477606][ T3607] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 463.504488][ T3607] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 463.538982][ T3607] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 463.562146][ T9971] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 463.856477][ T3607] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 463.872199][ T3607] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 463.906418][ T9971] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 463.967156][ T3607] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 463.992733][ T3607] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 464.093568][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 464.110848][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 464.183022][ T9971] device veth0_vlan entered promiscuous mode [ 464.191955][ T3839] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 464.199883][ T3839] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 464.256584][ T9971] device veth1_vlan entered promiscuous mode [ 464.395797][ T9971] device veth0_macvtap entered promiscuous mode [ 464.403830][ T3839] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 464.420792][ T3839] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 464.453281][ T9971] device veth1_macvtap entered promiscuous mode [ 464.517491][ T3839] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 464.533155][ T3839] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 464.600521][ T9971] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 464.631299][ T9971] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 464.641145][ T9971] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 464.688056][ T9971] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 464.729573][ T9971] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 464.761453][ T9971] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 464.791473][ T9971] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 464.821426][ T9971] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 464.842040][ T9971] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 464.891586][ T9971] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 464.912055][ T9971] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 464.930008][ T3837] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 464.962395][ T3837] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 464.987575][ T9971] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 465.026556][ T9971] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 465.042647][ T9971] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 465.059280][ T9971] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 465.071893][ T9971] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 465.111312][ T9971] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 465.149418][ T9971] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 465.171432][ T3612] Bluetooth: hci0: command 0x040f tx timeout [ 465.191627][ T9971] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 465.202775][ C1] TCP: request_sock_TCP: Possible SYN flooding on port 2. Sending cookies. Check SNMP counters. [ 465.211318][ T9971] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 465.282072][ T9971] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 465.304056][ T9971] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 465.330511][ T3839] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 465.363529][ T3839] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 465.389955][ T5967] device hsr_slave_0 left promiscuous mode [ 465.431738][ T5967] device hsr_slave_1 left promiscuous mode [ 465.438835][ T5967] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 465.471330][ T5967] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 465.498643][ T5967] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 465.558693][ T5967] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 465.593517][ T5967] bridge0: port 3(bond0) entered disabled state [ 465.603939][ T5967] device bridge_slave_1 left promiscuous mode [ 465.610189][ T5967] bridge0: port 2(bridge_slave_1) entered disabled state [ 465.663222][ T5967] device bridge_slave_0 left promiscuous mode [ 465.679690][ T5967] bridge0: port 1(bridge_slave_0) entered disabled state [ 465.717933][ T5967] device veth1_macvtap left promiscuous mode [ 465.741494][ T5967] device veth0_macvtap left promiscuous mode [ 465.761515][ T5967] device veth1_vlan left promiscuous mode [ 465.767341][ T5967] device veth0_vlan left promiscuous mode [ 466.199895][ T5967] bond1 (unregistering): Released all slaves [ 466.604978][ T5967] team0 (unregistering): Port device team_slave_1 removed [ 466.670309][ T5967] team0 (unregistering): Port device team_slave_0 removed [ 466.717192][ T5967] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 466.746961][ T5967] device bond_slave_1 left promiscuous mode [ 466.792286][ T5967] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 466.832423][ T5967] device bond_slave_0 left promiscuous mode [ 467.125618][ T5967] bond0 (unregistering): Released all slaves [ 467.261281][ T3612] Bluetooth: hci0: command 0x0419 tx timeout [ 467.291591][ T9971] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 467.314154][ T9971] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 467.343105][ T9971] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 467.370860][ T9971] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 467.569791][ T3692] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 467.598621][ T3692] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 467.664840][ T3595] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 467.687634][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 467.701195][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 467.732757][ T3595] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 471.414666][T10140] netlink: 71 bytes leftover after parsing attributes in process `syz.2.1086'. [ 482.547542][T10223] kvm: emulating exchange as write [ 483.751411][T10250] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 483.828222][ T3837] usb 4-1: new high-speed USB device number 38 using dummy_hcd [ 483.852805][T10250] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 484.263550][ T3837] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=1a.9e [ 484.280784][ T3837] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 484.311750][ T3837] usb 4-1: config 0 descriptor?? [ 484.335673][T10259] RDS: rds_bind could not find a transport for ::ffff:172.20.20.0, load rds_tcp or rds_rdma? [ 484.591559][ T3837] ath6kl: Failed to submit usb control message: -71 [ 484.598388][ T3837] ath6kl: unable to send the bmi data to the device: -71 [ 484.640504][ T3837] ath6kl: Unable to send get target info: -71 [ 484.698984][ T3837] ath6kl: Failed to init ath6kl core: -71 [ 484.739682][ T3837] ath6kl_usb: probe of 4-1:0.0 failed with error -71 [ 484.777473][ T3837] usb 4-1: USB disconnect, device number 38 [ 484.859858][ C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 485.681407][ T3595] usb 4-1: new high-speed USB device number 39 using dummy_hcd [ 486.121531][ T3595] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 486.148504][ T3595] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=1a.9e [ 486.169773][ T3595] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 486.212014][ T3595] usb 4-1: config 0 descriptor?? [ 486.471396][ T3595] ath6kl: Failed to submit usb control message: -71 [ 486.488981][ T3595] ath6kl: unable to send the bmi data to the device: -71 [ 486.514662][ T3595] ath6kl: Unable to send get target info: -71 [ 486.551966][ T3595] ath6kl: Failed to init ath6kl core: -71 [ 486.606468][ T3595] ath6kl_usb: probe of 4-1:0.0 failed with error -71 [ 486.639681][ T3595] usb 4-1: USB disconnect, device number 39 [ 487.121619][ T3612] usb 1-1: new high-speed USB device number 37 using dummy_hcd [ 487.491898][ T3612] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=1a.9e [ 487.514721][ T3612] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 487.541692][ T3612] usb 1-1: config 0 descriptor?? [ 487.791429][ T3612] ath6kl: Failed to submit usb control message: -71 [ 487.800452][ T3612] ath6kl: unable to send the bmi data to the device: -71 [ 487.834404][ T3612] ath6kl: Unable to send get target info: -71 [ 487.857958][ T3612] ath6kl: Failed to init ath6kl core: -71 [ 487.923961][ T3612] ath6kl_usb: probe of 1-1:0.0 failed with error -71 [ 487.952167][ T3612] usb 1-1: USB disconnect, device number 37 [ 488.470783][ T26] audit: type=1800 audit(1719722220.579:72): pid=10347 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1158" name="file1" dev="sda1" ino=2006 res=0 errno=0 [ 488.545199][ T26] audit: type=1804 audit(1719722220.629:73): pid=10347 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.1158" name="/root/syzkaller.TlEAfp/30/file1" dev="sda1" ino=2006 res=1 errno=0 [ 489.811956][ T3673] usb 4-1: new high-speed USB device number 40 using dummy_hcd [ 490.182793][ T3673] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=1a.9e [ 490.202208][ T3673] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 490.248871][ T3673] usb 4-1: config 0 descriptor?? [ 490.511422][ T3673] ath6kl: Failed to submit usb control message: -71 [ 490.518261][ T3673] ath6kl: unable to send the bmi data to the device: -71 [ 490.531218][ T3673] ath6kl: Unable to send get target info: -71 [ 490.542081][ T3673] ath6kl: Failed to init ath6kl core: -71 [ 490.595002][ T3673] ath6kl_usb: probe of 4-1:0.0 failed with error -71 [ 490.622290][ T3673] usb 4-1: USB disconnect, device number 40 [ 490.877659][ T26] audit: type=1326 audit(1719722222.989:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10388 comm="syz.2.1173" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1641efbb99 code=0x0 [ 493.489639][T10453] loop3: detected capacity change from 0 to 256 [ 493.790532][ T4769] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 493.801965][T10453] loop3: detected capacity change from 0 to 2048 [ 493.819156][T10445] loop1: detected capacity change from 0 to 32768 [ 493.871524][T10445] loop1: p1 p2 p3 [ 493.883850][T10453] EXT4-fs error (device loop3): ext4_fill_super:4840: inode #2: comm syz.3.1197: casefold flag without casefold feature [ 493.920851][ T4769] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 493.921186][T10463] loop2: detected capacity change from 0 to 1024 [ 493.934461][T10453] EXT4-fs (loop3): warning: mounting fs with errors, running e2fsck is recommended [ 493.954369][T10453] EXT4-fs (loop3): Errors on filesystem, clearing orphan list. [ 493.954398][T10453] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 494.046997][T10467] loop1: detected capacity change from 0 to 1024 [ 494.055871][ T4769] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 494.062222][T10468] loop4: detected capacity change from 0 to 1024 [ 494.087408][ T3592] hfsplus: b-tree write err: -5, ino 4 [ 494.123357][T10467] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 494.142987][T10467] ext4 filesystem being mounted at /root/syzkaller.XIAsj3/90/file0 supports timestamps until 2038 (0x7fffffff) [ 494.202791][T10467] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: comm syz.1.1202: inode #262275072: comm syz.1.1202: iget: illegal inode # [ 494.266985][ T4769] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 494.288346][T10467] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz.1.1202: error while reading EA inode 262275072 err=-117 [ 494.308733][ T3592] hfsplus: b-tree write err: -5, ino 4 [ 494.387642][ T3493] udevd[3493]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory [ 494.401632][ T3521] udevd[3521]: inotify_add_watch(7, /dev/loop1p2, 10) failed: No such file or directory [ 494.492575][T10483] mmap: syz.4.1206 (10483) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst. [ 494.621455][ T26] audit: type=1326 audit(1719722226.729:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10484 comm="syz.3.1208" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd5c3d9db99 code=0x7ffc0000 [ 494.683094][ T26] audit: type=1326 audit(1719722226.729:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10484 comm="syz.3.1208" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7fd5c3d9db99 code=0x7ffc0000 [ 494.692506][T10490] loop1: detected capacity change from 0 to 8 [ 494.727455][ T26] audit: type=1326 audit(1719722226.729:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10484 comm="syz.3.1208" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd5c3d9db99 code=0x7ffc0000 [ 494.823364][T10456] chnl_net:caif_netlink_parms(): no params data found [ 494.839465][ T26] audit: type=1326 audit(1719722226.729:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10484 comm="syz.3.1208" exe="/root/syz-executor" sig=0 arch=c000003e syscall=4 compat=0 ip=0x7fd5c3d9db99 code=0x7ffc0000 [ 494.875982][ T3493] udevd[3493]: inotify_add_watch(7, /dev/loop1p3, 10) failed: No such file or directory [ 494.956621][ T26] audit: type=1326 audit(1719722226.729:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10484 comm="syz.3.1208" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd5c3d9db99 code=0x7ffc0000 [ 494.980637][T10490] loop1: detected capacity change from 0 to 2048 [ 495.032383][ T26] audit: type=1326 audit(1719722226.729:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10484 comm="syz.3.1208" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd5c3d9db99 code=0x7ffc0000 [ 495.075765][ T2961] Alternate GPT is invalid, using primary GPT. [ 495.092774][ T2961] loop1: p1 p2 p3 [ 495.107306][T10456] bridge0: port 1(bridge_slave_0) entered blocking state [ 495.116291][T10456] bridge0: port 1(bridge_slave_0) entered disabled state [ 495.129039][T10456] device bridge_slave_0 entered promiscuous mode [ 495.183076][T10456] bridge0: port 2(bridge_slave_1) entered blocking state [ 495.191862][T10490] Alternate GPT is invalid, using primary GPT. [ 495.192112][T10456] bridge0: port 2(bridge_slave_1) entered disabled state [ 495.201528][T10490] loop1: p1 p2 p3 [ 495.232735][T10456] device bridge_slave_1 entered promiscuous mode [ 495.365236][ T2961] Alternate GPT is invalid, using primary GPT. [ 495.372739][T10456] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 495.380147][ T2961] loop1: p1 p2 p3 [ 495.412809][T10456] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 495.520635][T10517] loop1: detected capacity change from 0 to 1024 [ 495.598356][T10456] team0: Port device team_slave_0 added [ 495.620772][T10456] team0: Port device team_slave_1 added [ 495.652111][ T3595] Bluetooth: hci1: command 0x0409 tx timeout [ 495.744234][T10517] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 495.849992][T10517] ext4 filesystem being mounted at /root/syzkaller.XIAsj3/92/file0 supports timestamps until 2038 (0x7fffffff) [ 495.953568][T10517] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: comm syz.1.1216: inode #262275072: comm syz.1.1216: iget: illegal inode # [ 496.010730][T10456] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 496.020598][T10517] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz.1.1216: error while reading EA inode 262275072 err=-117 [ 496.056076][T10456] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 496.092747][T10456] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 496.172466][T10456] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 496.179945][T10456] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 496.319393][ T3521] udevd[3521]: inotify_add_watch(7, /dev/loop1p2, 10) failed: No such file or directory [ 496.329837][ T6536] udevd[6536]: inotify_add_watch(7, /dev/loop1p3, 10) failed: No such file or directory [ 496.343993][ T3493] udevd[3493]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory [ 496.361295][T10456] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 496.373089][T10541] kernel profiling enabled (shift: 9) [ 496.434738][ T3495] udevd[3495]: inotify_add_watch(7, /dev/loop1p3, 10) failed: No such file or directory [ 496.460209][ T6536] udevd[6536]: inotify_add_watch(7, /dev/loop1p2, 10) failed: No such file or directory [ 496.499500][ T3493] udevd[3493]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory [ 496.571001][T10456] device hsr_slave_0 entered promiscuous mode [ 496.571604][ C0] ================================================================== [ 496.585628][ C0] BUG: KASAN: stack-out-of-bounds in profile_pc+0xa4/0xe0 [ 496.588583][ T6536] udevd[6536]: inotify_add_watch(7, /dev/loop1p3, 10) failed: No such file or directory [ 496.592760][ C0] Read of size 8 at addr ffffc9000458f360 by task syz.3.1215/10514 [ 496.592781][ C0] [ 496.592796][ C0] CPU: 0 PID: 10514 Comm: syz.3.1215 Not tainted 5.15.161-syzkaller #0 [ 496.592817][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 496.592835][ C0] Call Trace: [ 496.592844][ C0] [ 496.592853][ C0] dump_stack_lvl+0x1e3/0x2d0 [ 496.641760][ C0] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 496.647393][ C0] ? _printk+0xd1/0x120 [ 496.651549][ C0] ? __wake_up_klogd+0xcc/0x100 [ 496.656394][ C0] ? panic+0x860/0x860 [ 496.660456][ C0] ? _raw_spin_lock_irqsave+0xdd/0x120 [ 496.665935][ C0] print_address_description+0x63/0x3b0 [ 496.671491][ C0] ? profile_pc+0xa4/0xe0 [ 496.675812][ C0] kasan_report+0x16b/0x1c0 [ 496.680317][ C0] ? profile_pc+0xa4/0xe0 [ 496.684641][ C0] ? trigger_load_balance+0x1d5/0xd90 [ 496.690012][ C0] ? _raw_spin_unlock_irqrestore+0xd4/0x130 [ 496.695903][ C0] profile_pc+0xa4/0xe0 [ 496.700067][ C0] profile_tick+0xd4/0x130 [ 496.704476][ C0] tick_sched_timer+0x390/0x550 [ 496.709329][ C0] ? tick_setup_sched_timer+0x2d0/0x2d0 [ 496.714870][ C0] __hrtimer_run_queues+0x55b/0xcf0 [ 496.720071][ C0] ? hrtimer_interrupt+0x980/0x980 [ 496.725261][ C0] ? ktime_get_update_offsets_now+0x407/0x420 [ 496.731334][ C0] hrtimer_interrupt+0x392/0x980 [ 496.736299][ C0] __sysvec_apic_timer_interrupt+0x139/0x470 [ 496.742284][ C0] sysvec_apic_timer_interrupt+0x8c/0xb0 [ 496.747916][ C0] [ 496.750929][ C0] [ 496.753852][ C0] asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 496.759850][ C0] RIP: 0010:_raw_spin_unlock_irqrestore+0xd4/0x130 [ 496.766367][ C0] Code: 9c 8f 44 24 20 42 80 3c 23 00 74 08 4c 89 f7 e8 62 6c a2 f7 f6 44 24 21 02 75 4e 41 f7 c7 00 02 00 00 74 01 fb bf 01 00 00 00 57 ac 2f f7 65 8b 05 d8 b2 da 75 85 c0 74 3f 48 c7 04 24 0e 36 [ 496.786005][ C0] RSP: 0018:ffffc9000458f360 EFLAGS: 00000206 [ 496.792135][ C0] RAX: 8dee40fe2d283a00 RBX: 1ffff920008b1e70 RCX: ffffffff913f0f03 [ 496.800218][ C0] RDX: dffffc0000000000 RSI: ffffffff8a8b2a00 RDI: 0000000000000001 [ 496.808182][ C0] RBP: ffffc9000458f3f0 R08: ffffffff8186db40 R09: ffffed100e88c40b [ 496.816148][ C0] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000 [ 496.824201][ C0] R13: 1ffff920008b1e6c R14: ffffc9000458f380 R15: 0000000000000246 [ 496.832171][ C0] ? trace_hardirqs_on+0x30/0x80 [ 496.837112][ C0] ? _raw_spin_unlock+0x40/0x40 [ 496.841982][ C0] __pagevec_lru_add+0x155a/0x18d0 [ 496.847106][ C0] ? lru_cache_add+0x7e0/0x7e0 [ 496.851858][ C0] ? do_raw_spin_unlock+0x137/0x8b0 [ 496.857065][ C0] ? unlock_page+0x188/0x200 [ 496.861656][ C0] munlock_vma_pages_range+0x28fd/0x3100 [ 496.867298][ C0] ? __munlock_isolation_failed+0x250/0x250 [ 496.873203][ C0] ? rcu_lock_release+0x20/0x20 [ 496.878081][ C0] exit_mmap+0x2d5/0x670 [ 496.882320][ C0] ? vm_brk+0x20/0x20 [ 496.886305][ C0] ? uprobe_clear_state+0x304/0x460 [ 496.891503][ C0] __mmput+0x112/0x3b0 [ 496.895569][ C0] exit_mm+0x688/0x7f0 [ 496.899673][ C0] ? _raw_spin_unlock+0x40/0x40 [ 496.904524][ C0] ? do_exit+0x2480/0x2480 [ 496.908939][ C0] ? taskstats_exit+0x491/0xa10 [ 496.913782][ C0] ? tty_audit_exit+0x150/0x1f0 [ 496.918628][ C0] do_exit+0x626/0x2480 [ 496.922783][ C0] ? put_task_struct+0x80/0x80 [ 496.927540][ C0] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 496.933521][ C0] do_group_exit+0x144/0x310 [ 496.938106][ C0] ? lockdep_hardirqs_on+0x94/0x130 [ 496.943404][ C0] get_signal+0xc66/0x14e0 [ 496.947833][ C0] arch_do_signal_or_restart+0xc3/0x1890 [ 496.953481][ C0] ? __mm_populate+0x3ea/0x4a0 [ 496.958327][ C0] ? __lock_acquire+0x1ff0/0x1ff0 [ 496.963470][ C0] ? __up_read+0x2b9/0x690 [ 496.967899][ C0] ? up_read+0x20/0x20 [ 496.971974][ C0] ? get_sigframe_size+0x10/0x10 [ 496.976925][ C0] ? populate_vma_page_range+0x215/0x2a0 [ 496.982579][ C0] ? check_vma_flags+0x490/0x490 [ 496.987515][ C0] ? exit_to_user_mode_loop+0x39/0x130 [ 496.993185][ C0] exit_to_user_mode_loop+0x97/0x130 [ 496.998554][ C0] exit_to_user_mode_prepare+0xb1/0x140 [ 497.004095][ C0] syscall_exit_to_user_mode+0x5d/0x240 [ 497.009639][ C0] do_syscall_64+0x47/0xb0 [ 497.014049][ C0] ? clear_bhb_loop+0x15/0x70 [ 497.018849][ C0] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 497.024753][ C0] RIP: 0033:0x7fd5c3d9db99 [ 497.029289][ C0] Code: Unable to access opcode bytes at RIP 0x7fd5c3d9db6f. [ 497.036651][ C0] RSP: 002b:00007fd5c281e048 EFLAGS: 00040246 ORIG_RAX: 0000000000000097 [ 497.045326][ C0] RAX: 0000000000000000 RBX: 00007fd5c3f2bfa0 RCX: 00007fd5c3d9db99 [ 497.053394][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 497.061361][ C0] RBP: 00007fd5c3e1e77e R08: 0000000000000000 R09: 0000000000000000 [ 497.069426][ C0] R10: 0000000000000000 R11: 0000000000040246 R12: 0000000000000000 [ 497.077759][ C0] R13: 000000000000000b R14: 00007fd5c3f2bfa0 R15: 00007ffe640bdaa8 [ 497.085737][ C0] [ 497.088752][ C0] [ 497.091158][ C0] [ 497.093471][ C0] addr ffffc9000458f360 is located in stack of task syz.3.1215/10514 at offset 0 in frame: [ 497.103437][ C0] _raw_spin_unlock_irqrestore+0x0/0x130 [ 497.109067][ C0] [ 497.111382][ C0] this frame has 1 object: [ 497.115785][ C0] [32, 40) 'flags.i.i.i.i' [ 497.115796][ C0] [ 497.122583][ C0] Memory state around the buggy address: [ 497.128200][ C0] ffffc9000458f200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 497.136248][ C0] ffffc9000458f280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 497.144302][ C0] >ffffc9000458f300: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 [ 497.152348][ C0] ^ [ 497.159530][ C0] ffffc9000458f380: 00 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 [ 497.167579][ C0] ffffc9000458f400: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 [ 497.175716][ C0] ================================================================== [ 497.183764][ C0] Disabling lock debugging due to kernel taint [ 497.189924][ C0] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 497.197104][ C0] CPU: 0 PID: 10514 Comm: syz.3.1215 Tainted: G B 5.15.161-syzkaller #0 [ 497.206732][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 497.216777][ C0] Call Trace: [ 497.220048][ C0] [ 497.222883][ C0] dump_stack_lvl+0x1e3/0x2d0 [ 497.227557][ C0] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 497.233179][ C0] ? panic+0x860/0x860 [ 497.237266][ C0] ? lock_release+0xb9/0x9a0 [ 497.241846][ C0] ? irq_work_queue+0xcd/0x150 [ 497.246603][ C0] panic+0x318/0x860 [ 497.250508][ C0] ? check_panic_on_warn+0x1d/0xa0 [ 497.255611][ C0] ? fb_is_primary_device+0xd0/0xd0 [ 497.260899][ C0] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 497.266786][ C0] ? _raw_spin_unlock+0x40/0x40 [ 497.271629][ C0] check_panic_on_warn+0x7e/0xa0 [ 497.276556][ C0] ? profile_pc+0xa4/0xe0 [ 497.280880][ C0] end_report+0x6d/0xf0 [ 497.285024][ C0] kasan_report+0x18e/0x1c0 [ 497.289521][ C0] ? profile_pc+0xa4/0xe0 [ 497.293837][ C0] ? trigger_load_balance+0x1d5/0xd90 [ 497.299198][ C0] ? _raw_spin_unlock_irqrestore+0xd4/0x130 [ 497.305083][ C0] profile_pc+0xa4/0xe0 [ 497.309247][ C0] profile_tick+0xd4/0x130 [ 497.313654][ C0] tick_sched_timer+0x390/0x550 [ 497.318499][ C0] ? tick_setup_sched_timer+0x2d0/0x2d0 [ 497.324034][ C0] __hrtimer_run_queues+0x55b/0xcf0 [ 497.329228][ C0] ? hrtimer_interrupt+0x980/0x980 [ 497.334326][ C0] ? ktime_get_update_offsets_now+0x407/0x420 [ 497.340386][ C0] hrtimer_interrupt+0x392/0x980 [ 497.345318][ C0] __sysvec_apic_timer_interrupt+0x139/0x470 [ 497.351290][ C0] sysvec_apic_timer_interrupt+0x8c/0xb0 [ 497.356915][ C0] [ 497.359832][ C0] [ 497.362763][ C0] asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 497.368734][ C0] RIP: 0010:_raw_spin_unlock_irqrestore+0xd4/0x130 [ 497.375227][ C0] Code: 9c 8f 44 24 20 42 80 3c 23 00 74 08 4c 89 f7 e8 62 6c a2 f7 f6 44 24 21 02 75 4e 41 f7 c7 00 02 00 00 74 01 fb bf 01 00 00 00 57 ac 2f f7 65 8b 05 d8 b2 da 75 85 c0 74 3f 48 c7 04 24 0e 36 [ 497.394821][ C0] RSP: 0018:ffffc9000458f360 EFLAGS: 00000206 [ 497.400877][ C0] RAX: 8dee40fe2d283a00 RBX: 1ffff920008b1e70 RCX: ffffffff913f0f03 [ 497.408836][ C0] RDX: dffffc0000000000 RSI: ffffffff8a8b2a00 RDI: 0000000000000001 [ 497.416797][ C0] RBP: ffffc9000458f3f0 R08: ffffffff8186db40 R09: ffffed100e88c40b [ 497.424757][ C0] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000 [ 497.432717][ C0] R13: 1ffff920008b1e6c R14: ffffc9000458f380 R15: 0000000000000246 [ 497.440684][ C0] ? trace_hardirqs_on+0x30/0x80 [ 497.445620][ C0] ? _raw_spin_unlock+0x40/0x40 [ 497.450462][ C0] __pagevec_lru_add+0x155a/0x18d0 [ 497.455568][ C0] ? lru_cache_add+0x7e0/0x7e0 [ 497.460321][ C0] ? do_raw_spin_unlock+0x137/0x8b0 [ 497.465508][ C0] ? unlock_page+0x188/0x200 [ 497.470090][ C0] munlock_vma_pages_range+0x28fd/0x3100 [ 497.475717][ C0] ? __munlock_isolation_failed+0x250/0x250 [ 497.481608][ C0] ? rcu_lock_release+0x20/0x20 [ 497.486456][ C0] exit_mmap+0x2d5/0x670 [ 497.490690][ C0] ? vm_brk+0x20/0x20 [ 497.494661][ C0] ? uprobe_clear_state+0x304/0x460 [ 497.499849][ C0] __mmput+0x112/0x3b0 [ 497.503905][ C0] exit_mm+0x688/0x7f0 [ 497.507969][ C0] ? _raw_spin_unlock+0x40/0x40 [ 497.512820][ C0] ? do_exit+0x2480/0x2480 [ 497.517227][ C0] ? taskstats_exit+0x491/0xa10 [ 497.522065][ C0] ? tty_audit_exit+0x150/0x1f0 [ 497.526907][ C0] do_exit+0x626/0x2480 [ 497.531056][ C0] ? put_task_struct+0x80/0x80 [ 497.535807][ C0] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 497.541780][ C0] do_group_exit+0x144/0x310 [ 497.546362][ C0] ? lockdep_hardirqs_on+0x94/0x130 [ 497.551550][ C0] get_signal+0xc66/0x14e0 [ 497.555958][ C0] arch_do_signal_or_restart+0xc3/0x1890 [ 497.561591][ C0] ? __mm_populate+0x3ea/0x4a0 [ 497.566354][ C0] ? __lock_acquire+0x1ff0/0x1ff0 [ 497.571368][ C0] ? __up_read+0x2b9/0x690 [ 497.575778][ C0] ? up_read+0x20/0x20 [ 497.579835][ C0] ? get_sigframe_size+0x10/0x10 [ 497.584760][ C0] ? populate_vma_page_range+0x215/0x2a0 [ 497.590384][ C0] ? check_vma_flags+0x490/0x490 [ 497.595308][ C0] ? exit_to_user_mode_loop+0x39/0x130 [ 497.600760][ C0] exit_to_user_mode_loop+0x97/0x130 [ 497.606034][ C0] exit_to_user_mode_prepare+0xb1/0x140 [ 497.611569][ C0] syscall_exit_to_user_mode+0x5d/0x240 [ 497.617103][ C0] do_syscall_64+0x47/0xb0 [ 497.621511][ C0] ? clear_bhb_loop+0x15/0x70 [ 497.626179][ C0] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 497.632059][ C0] RIP: 0033:0x7fd5c3d9db99 [ 497.636459][ C0] Code: Unable to access opcode bytes at RIP 0x7fd5c3d9db6f. [ 497.643807][ C0] RSP: 002b:00007fd5c281e048 EFLAGS: 00040246 ORIG_RAX: 0000000000000097 [ 497.652211][ C0] RAX: 0000000000000000 RBX: 00007fd5c3f2bfa0 RCX: 00007fd5c3d9db99 [ 497.660172][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 497.668127][ C0] RBP: 00007fd5c3e1e77e R08: 0000000000000000 R09: 0000000000000000 [ 497.676083][ C0] R10: 0000000000000000 R11: 0000000000040246 R12: 0000000000000000 [ 497.684146][ C0] R13: 000000000000000b R14: 00007fd5c3f2bfa0 R15: 00007ffe640bdaa8 [ 497.692113][ C0] [ 497.695491][ C0] Kernel Offset: disabled [ 497.699805][ C0] Rebooting in 86400 seconds..