last executing test programs: 7.625016943s ago: executing program 2 (id=138): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x881, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x8002, 0x0) ioctl$COMEDI_DEVCONFIG(0xffffffffffffffff, 0x40946400, 0x0) mount$9p_rdma(&(0x7f00000013c0), &(0x7f0000001400)='.\x00', &(0x7f0000001440), 0x800, &(0x7f0000000340)=ANY=[@ANYBLOB='trans=rdma,port=0x0000000000004']) 6.074100149s ago: executing program 2 (id=142): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket(0x10, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000240), 0x4) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r5, 0x0, 0x40090) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x40042, 0x21) r6 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r6, @ANYBLOB=',rootmode=00000000000000000120000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',\x00']) 6.005610122s ago: executing program 0 (id=143): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) socket$igmp(0x2, 0x3, 0x2) sched_setscheduler(0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/tcp_rmem\x00', 0x1, 0x0) r5 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$VT_RESIZEX(r5, 0x560a, &(0x7f0000000300)={0x0, 0x0, 0x2c, 0x20, 0x104, 0x1}) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2400c414}, 0x4000) 4.452864599s ago: executing program 3 (id=145): ioctl$VIDIOC_G_AUDOUT(0xffffffffffffffff, 0x80345631, 0x0) ptrace$cont(0x7, 0x0, 0xc, 0x80) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xa, 0x4, &(0x7f0000006680)) syz_open_procfs(0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000004c00)=""/102392, 0x18ff8) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r2 = syz_io_uring_setup(0xa0, &(0x7f0000000100)={0x0, 0x200089bd, 0x80, 0x1, 0x385}, &(0x7f0000000240)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x40, 0x2007, @fd=r1, 0xc000000, &(0x7f00000000c0)=[{&(0x7f0000001600)=""/4096, 0x1000}], 0x1, 0x1e}) io_uring_enter(r2, 0x32dc, 0x0, 0xe, 0x0, 0x0) sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10040003}, 0x0) connect$qrtr(0xffffffffffffffff, &(0x7f0000000440)={0x2d, 0x0, 0x1}, 0xc) 4.101653144s ago: executing program 0 (id=146): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000280)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(des3_ede)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x80800) sendmmsg$alg(r1, &(0x7f0000004dc0)=[{0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000300)="11326d384a805032", 0x8}], 0x1, 0x0, 0x0, 0x20000000}], 0x1, 0x0) recvmsg(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)=""/4, 0x4}, {&(0x7f0000000140)=""/171, 0xab}], 0x2, 0x0, 0x63}, 0x2000) 4.003291748s ago: executing program 2 (id=148): r0 = open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) write$FUSE_DIRENT(r0, 0x0, 0x0) r4 = syz_io_uring_setup(0x497, &(0x7f00000000c0)={0x0, 0x7079, 0x400, 0x3, 0x288}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r4, 0x351a, 0x100, 0x0, 0x0, 0x0) 3.729429s ago: executing program 0 (id=149): syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x15, 0x17, 0xee, 0x40, 0xaf0, 0x7a05, 0x0, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xff, 0x5, 0x49}}]}}]}}, 0x0) ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, 0x0) socket$inet6(0xa, 0x80002, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) socket$inet(0x2, 0x4000000000000001, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='blkio.bfq.sectors_recursive\x00', 0x26e1, 0x0) syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$can_raw(0x1d, 0x3, 0x1) syz_open_dev$cec(&(0x7f0000000180), 0x0, 0x0) socket$inet_sctp(0x2, 0x5, 0x84) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010001ffe00989837a182138b00268f1c", @ANYRES32=0x0, @ANYBLOB="ff7f000080000000140012800a00010076786c616e0000000400028008000a00", @ANYRES64=r0], 0x3c}, 0x1, 0x8000a0ffffffff}, 0x0) 3.593194246s ago: executing program 1 (id=150): ioctl$VIDIOC_G_AUDOUT(0xffffffffffffffff, 0x80345631, 0x0) ptrace$cont(0x7, 0x0, 0xc, 0x80) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xa, 0x4, &(0x7f0000006680)) syz_open_procfs(0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000004c00)=""/102392, 0x18ff8) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r2 = syz_io_uring_setup(0xa0, &(0x7f0000000100)={0x0, 0x200089bd, 0x80, 0x1, 0x385}, &(0x7f0000000240)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x40, 0x2007, @fd=r1, 0xc000000, &(0x7f00000000c0)=[{&(0x7f0000001600)=""/4096, 0x1000}], 0x1, 0x1e}) io_uring_enter(r2, 0x32dc, 0x0, 0xe, 0x0, 0x0) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0) 3.467662011s ago: executing program 3 (id=151): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r0, 0x84, 0x81, &(0x7f00000002c0)="1a00000002", 0x5) setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r0, 0x84, 0x15, 0x0, 0x0) openat$cachefiles(0xffffffffffffff9c, 0x0, 0x20000, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) sendmsg$inet(0xffffffffffffffff, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) recvmsg$unix(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xb, 0xc, 0x4, 0xc4f, 0x1, 0x1}, 0x48) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f00000001c0)={'wpan1\x00', 0x0}) sendmsg$NL802154_CMD_GET_WPAN_PHY(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000200)={0x1c, r3, 0xb1d, 0x70bd2b, 0x25dfdbfe, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r4}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20008000}, 0x48850) 3.109259517s ago: executing program 3 (id=152): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) socket$kcm(0x11, 0x200000000000002, 0x300) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x3, 0x7, @loopback={0x0, 0x7ffffffe}, 0x800000}, 0x1c) 2.436721856s ago: executing program 1 (id=153): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x1b, &(0x7f00000000c0)={@remote={0xfe, 0x80, '\x00', 0xffffffffffffffff}, 0x0, 0x0, 0xff, 0x2}, 0x20) r1 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$inet6_mreq(r1, 0x29, 0x1b, &(0x7f0000000000)={@dev}, 0x14) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='net/anycast6\x00') read(r2, &(0x7f0000000100)=""/176, 0xb0) 2.093069771s ago: executing program 1 (id=154): syz_clone3(&(0x7f0000001240)={0x2d000000, 0x0, 0x0, 0x0, {0x1c}, 0x0, 0x0, 0x0, &(0x7f0000000180)=[0x0], 0x1}, 0x58) ioctl$SNDCTL_DSP_SETFMT(0xffffffffffffffff, 0xc0045005, &(0x7f0000000000)=0x3) syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) gettid() prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x89}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() sched_setaffinity(0x0, 0x0, 0x0) syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000040)='./file1\x00', 0x8c0, &(0x7f0000000680)=ANY=[@ANYBLOB="61636c2c6865617274626561743d6e6f6e652c6e6f757365725f78617474722c636f686572656e63793d66756c6c2c646174613d77726974656261636b2c6c6f63616c616c6c6f633d30303030303030303030303030303030303030312c61636c2c6e6f61636c2c6c6f63616c616c6c6f633d30303030303030303030303030303030303030302c00a89f6b8d5800aa954e6c8735dcd52921ce08462fb4ce7c1600883251443ac332f4d17b77d29867e4321610936dbc5963e9fb59a032c92e32ebffc3b739951e866d52bff6bd63136a656222062a8eea0cf97480bc8ac6c0e8a2aa38ffa8fa758cd54b9ef39a7f536d7b85173a83c34d78e210ecf4d040817bbe989e9eb015acb84bb90577b8b405a48292eeca69f5275cb7b7027d4bf643bd69b034c0221a30"], 0x1, 0x442d, &(0x7f0000004480)="$eJzs3c9PHGUfAPBnBvoW+rZ9oW8PfZM3cRObaNQQ6EmliZTSUmixptrGeNkusG3RhW1gMR56wFsTTyYejIdGE2+cGg5e65/gxWM9N9GDFxOTRszuzgIz7IaVsGDr53NgmOc3fGeefeYw+8SJyp25pdzcUq6wkCvP3Fo6k/u4XFqeL4Z4nzTt/9D+9U97OnGdHPS190929fzFd2+cCeH72R+frK+vr4eq7tDU0Jbff/v13szWY0OcqVNtt3lre+WDEMLJbeOq6gohvP9dCFEI4VySNpoce0MIx0I978a9z27m9mg0Dx8Xz+afTt1fGz49ufpgrfXfHoXwVel/r92e//nFruGfXtmj7gEAAAAAAAAAAAAAAAAAeMaNX7t6/Z3BofAoCt2r0fb3dceTY6v3Y9f3zAsh9HX+7wUAAAAAAAAAAAAAAAAAAIC/o833/3PRiSbv/48lx5EW9dff6vwY6ZyJt6+OXRgcSvZ/j7blv54k/XKuK/Q32fc9u//7uUz95vu/b+9ntxrja/TbF6J4IHUexwMDIXyTbPx+KjoSl8pLlVdvlZcXZvdsGM+sdPzru/enopNs6N9u/Ecz7Xd+////bruaquc39+4Se66l49/Vsty3n0Ztxf98pt5+xJ/dS8e/u5bWu7XASH0CqMb/8+6d4z+Wab9T8T8eQshF1bHmUjNAdQ1TTW+1XiEtHf9DtbTU1Jn8I1vd/79n4n8h0/5Bzf8r2Q8imkrH/1+1tJ5Uic37vz/e+f6/mGn/IOJfHf+Kz/+2pON/uJ7YnSpS+0+2O/+PZ9rvVPyvx8k4j0epK2A1qqe3+r460tLx79mWv/n8F7e1/ruUqb9fz3+NfhvPf43p/+Wo/vxHc+n497Ys1+79P5Gp1+n5f6S2/mO30vE/UktLr53rX8rZbvwnM+13Kv61VUlPI/6b88kfh+vpX1v/tSUd/3/XE+OtJVZqP2vrv2jn9f/lTPsHsf6rjn8l7myvz4t0/I+2LFeN/w9tfP5fydTrfPxDGLTW37V0/I+1LFe7/3t2jv9Upl6n4/9SJxsHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeAaMJse+EMUDqfM4HhgI4XxyfiociaYLs/npUnnmo6UQxpL0XDgR3S6Vpwul/NxCebaYL5RK5ZkQLiT5J0NPtFQqV/LzhbsXN9rqje4UC4uV6WKhEkIYT9L/H4412pqeq8wX7oYQLm3k/ScuL969U1jIz84tvjk4ODgYJjbG0B8VP6kUFyr13uu5IUxu1O2Ltgyuln15YyxHow/Ly4sLhVIt/cqWOqXyTKG0pc5UkvdF6I8qi8sLM4VKMV8q3270d5BGkuPYxLX3rl0Z2pZ/M6ofR/d3WAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD8RY+G3/gyhNBdP4tDCCONX6Jm5R8+Lp7NP526vzZ8enL1wdqTVuUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgT3bgQAAAAAAAyP+1EaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwS8coDQRRGIDfjIXaeQyrZbezXVFEC1cET6DH8DB6FC/hHVKkSJsiBJJZCJtd2Capvq95MD8z78E8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYJ6n9+7jrW4iUlxtLiP+vv4Xh/lLqT/34/cvzjAjp/P82j081k3593SU35WjZZt36Xr1/Rkjtfc72JPhPu31fa4n55rat6n5+r43kXIVEW3Jb1POVTXvLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAtO3AgAAAAAADk/9oIVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVdiBYwEAAAAAYf7WUfRtAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPwKAAD//+UFHyA=") r0 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x141) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r2 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0) write$cgroup_int(r0, &(0x7f0000000280)=0xffff, 0x12) read$msr(r2, &(0x7f0000002700)=""/102392, 0x18ff8) openat(0xffffffffffffff9c, &(0x7f0000000200)='./bus\x00', 0x40942, 0x0) r3 = open(&(0x7f0000000000)='./bus\x00', 0x60142, 0x0) r4 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0) sendfile(r3, r4, 0x0, 0x1000000201005) 761.634388ms ago: executing program 0 (id=155): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000016c0)=ANY=[@ANYBLOB="140000001000010000000000000000000700000a1c000000060a010200000000000000000700000408000a400000000120000000120a010100000000000000000100000a0900010073797a3100000000200000000b0a050000000000000000000a0000070c000b40000000000000000c600200000b0a01040000000000000000020000043c001280100001800a00010072656469720000002800018008000100647570001c000280080002400000000e08000240000000000800024000000015a9000d408b579248fc87f742e6a0e28b8b054a5a7cd7319531d4da5146fcc0fa81ed2150ce538a8744fbecd8897ab1bcf637e576895f0ec06b17daf3673b11e21791b94e5b95a701c52495ca4ebbc46b370effb29f627094c70031ca09e948332bdd91a35d25fe98c1ac360f091c40fcc0eb1dca780d42b9bde1f0fd6435e088ea02d42a8d10c34210b540ee956020a463efb0e1d20ed12b5e87b677a95b78f290f7ef0d4f3078f3e7000000080004400000000308000440000000050c000b400000000000000800480109800800014000800000080001400000000508000140000000092c0102800c00018008000140000000040c000180080001400000040024000180080001400000000f08000140000000030800014000000008080001400000000744000180080001400000000508000140000000010800014000000006080001400000000608000140000008e00800014000008000080001400000000808000140ffffffff040001800c00018008000140000000052c000180080001400000000808000140000000000800014000000007080001400000000d08000140000000061c000180080001400000080008000140000005c908000140b000000014000180080001400000000408000140000001003c00018008000140fffffffa0800e340000000060800014000000002080001400000000808000140000000040800014000001000080001400000000730000000000a01040000000000000000030000060900010073797a300000000008000240000000030800024000000002340000000e0a03000000000000000000010000010900020073797a30000000000900010073797a30"], 0x510}, 0x1, 0x0, 0x0, 0x5}, 0x4) 761.333758ms ago: executing program 3 (id=156): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_mount_image$squashfs(&(0x7f0000000180), &(0x7f0000000280)='./file1\x00', 0x10001, &(0x7f0000000240)=ANY=[], 0x1, 0x21e, &(0x7f0000000bc0)="$eJzsVT+LE0EU/73dSTbRFAdiY2vwrtG77IFY23hgqR/AkFvPw41/biOaELhYXaMgtn6AA0u/gI1gLRYigo0WClqcWJ1I5M282Ztkw7kb0Gv2B8v7zZv3b/e92bmR3E0CAL/3hh0sQIPQwAciKACLZHT7VSN/iBwLviizbon+ucjPIpP+4O0jQwc323EcbSX9w0kAAv5iM0myqosvH5/I7++QkypbKyGPO6mKcUXeXM8wT4Uu6fkmY3bryYQmMDYvJmzEF9ORW1fmrud/k3qmeEt+NuDBaeXXQ+JcLjZtfe5zXMFMG6JCsz6DcABNnEH61ci2aZq8f2oyz7Txxb0OoFA91el53j6Sdvv8L9Iar5B7AulHcumhh+8EVPBub9hh7TX5i/H2unnskdBevHjl2JxSwAggH2MC3gTAsDPeNvaLAJZ73TvLSX9wdrPb3og2olthuHp+5fVxOaJsuhlHK6TLgC5Dj6hCCj6ndWefJ+3jwf4IDsgpDfxe5iE3pP05L51GzR4H1KGPhvV1YmjURHL+wJSEe0kXV3FG790fcYpQPlATHE3hOr/aGgi+LFrKqRPYh4ea3jjXuR2v74BA1m0XKo3R+oRKughlwYmi1Qvp6++IbIpcE7l7kM90Rbi9k5SO8E1WSyOgigftXm9LX16Gsa6afmutCxfSzJ5ktbehTdYMkBPH8hqWKFGiRIkSJUr8I/wJAAD//zG7Mp0=") ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_IBSS(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000080)={0x60, r0, 0x101, 0x0, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_PRIVACY={0x4}, @NL80211_ATTR_KEYS={0x2c, 0x51, 0x0, 0x1, [{0x28, 0x0, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "02d0e86cbe4d68f75ce39f0dab"}, @NL80211_KEY_MODE={0x5}, @NL80211_KEY_IDX={0x5}]}]}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x60}}, 0x4004880) 761.124988ms ago: executing program 2 (id=157): syz_mount_image$hfs(&(0x7f0000000180), &(0x7f0000000580)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x2000000, &(0x7f0000000740)={[{@type={'type', 0x3d, "9d24b47a"}}, {@codepage={'codepage', 0x3d, 'cp850'}}, {}, {@umask={'umask', 0x3d, 0x9}}, {@creator={'creator', 0x3d, "811b705a"}}, {@iocharset={'iocharset', 0x3d, 'cp1250'}}]}, 0x1, 0x2db, &(0x7f0000000200)="$eJzs3T9v004cx/HPOUmb/lF//rVFSCygQiVYKgoMiCUIZWVnQkCTShVREW2RgIWCGBEPgJ2nwINgAfEEYGLiAXQzusvZdRrbaUsT98/7JTWyz3fn7+ns+L6WIAJwZt1r/vx887f9M1JFFUl3pEBSXapKOqfz9RfrW2tbnXarqKOKa2H/jLotTV+dlfV2VlPbzrXwQrtX1XS6LM3094xDiqLo7q+yg0Dp3N2fIZDG/X3ojtdHHNewbEsXy45h1NITbHa0o5eaKTEcAMAx4J//gX9MTLsioyCQFv1j/1Q9/3fKDuBo3er0FUWFDVLPf7e6i4yd3//cod18zyVa9ngQZ4n7Caa2Z39M3SurZ4FpBmWVLpZgYnWtqqWVt2oFeqeGl6o27z5b3Us3NiDahYzctEB+bzXdn+yOxq0o94pDWl3rtMftRir+OIK5g53x35mv5rt5aEJ9UitZ/1UjY6fJzVS4Z6aCmo3/en6PU66VrSU/sEajEfRU+d+d5II/gzdglPXsjCTdZ/yCYDuJoChOd+5Z9b5W6I5ueUCruaxWYbKX02q+p1XFXwlLK886ha9ShiMeovloHpgF/dEXNVPr/8DGt6jUnVn0VW9cTX9ldMczll2z6mqGfU+O3dvlUhKBN37gsUHKe1uW44Oe6LZmNl+9flrpdNobduNxxsbz6Q3jS2rvpcw6w9+oqKCOtndLIutNFO2352iYwV870g7t90dSYm+frMr2LktKglFP01nZaH5T0QV5cjaiSMo5NLTvKRwjmyaedLdb1UTZEWHE7LrLdPM/t5L3qzqXoNiPsGCdXpxkqqfH5SSD610KzrrPyQNlcFP5GVzqjDdyckaXc12+Kl1JFRoVnjH0cZ4SpqkfesT7fwAAAAAAAAAAAAAAAAAAgJNmFP/SoOwxAgAAAAAAAAAAAAAAAAAAAABw0h3q93+z/o949/u/4Uh+/xfA0fgbAAD//wA5eM4=") r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) getdents64(r0, &(0x7f0000000f80)=""/4096, 0x1000) 743.469859ms ago: executing program 1 (id=158): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$TIPC_NL_KEY_SET(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000240)={0x64, r1, 0x1, 0x70bd28, 0x25dfdbfc, {}, [@TIPC_NLA_NODE={0x50, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "96557917d5f52c02009347296de1ace2fe62c079fe2f56dec0196a968d2ae88f5a44a72b"}}]}]}, 0x64}, 0x1, 0x0, 0x0, 0x4000000}, 0x4004) 546.022477ms ago: executing program 0 (id=159): syz_mount_image$vfat(&(0x7f0000000540), &(0x7f0000000000)='./file1\x00', 0xa18c14, &(0x7f00000002c0)={[{@uni_xlate}, {@iocharset={'iocharset', 0x3d, 'maccenteuro'}}, {@shortname_winnt}, {@fat=@codepage={'codepage', 0x3d, '850'}}, {@shortname_win95}, {@shortname_winnt}, {@shortname_mixed}, {@shortname_win95}, {@shortname_lower}, {@shortname_winnt}, {@shortname_mixed}, {@rodir}, {@utf8no}]}, 0x1, 0x29b, &(0x7f0000000580)="$eJzs3c9qK1UYAPBv0iRNVEgWrkRwQBeuwr33CW6QChezUrLQjV5sC5KEQgMB/2Dsyr3gynfwHXwAN76BC5eCO7sQR5KZSdI0bY3EVOrvt5kvc74v509OWyjMyUevjgbHZ+PTiy9+jkYjicrTeBqXSbSjEqWvAgB4SC6zLH7LcnflVqMeEVmreFXZw/AAgH/BNn//AYCH4b33P3in2+sdvZumjYjR15N+Evk1b++exicxjJN4FK34IyJbyOOXnvWOopqm5T8DJs3oR4w+/LF43f01Yl7/OFrRXq+vF1npXLwxmk76s55n11q8kER0syRPeRKteDkiq0XxJvnl7We9oyfp9fro1+PN178rxv/nSXSiFT99HGcxjOP5Wyzrv3ycpm9l3/7+eT6DfkQynfQP53lL2cFePhAAAAAAAAAAAAAAAAAAAAAAAP4XOulCe/X8nPI0wE5nc/uN5wMVJ/xMV87XeZSmaXmMz6Rfi7y+Gq9Uo3p/MwcAAAAAAAAAAAAAAAAAAID/jvGnnw2eD4cn51eCH7JZ0Lw1Zz2ortwpH+u/u2pzMPg+YvuqvxPEQTG0YXKti6Rs2kFfh9skNzd1GpWb1rA6jHzw32w/sNd2NcFbg3J3DZ4ncUdyY/MmWdl15TY8HydbbMhsw9Id3FhV39Hc6y/+0/LmxoWazbi2WMyrVY3ZJ7lyp7bjn5Q1yc5/9wAAAAAAAAAAAAAAAAAAAFctH/qNX641XtzLkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABg75bf/78Ior1+Zz2YFsXzO5Xbkw/Pxxu6be95mgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADxwfwUAAP//5OlVhQ==") openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) 457.549671ms ago: executing program 3 (id=160): socket$nl_route(0x10, 0x3, 0x0) socket$inet(0x2, 0x4000000000000001, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) syz_init_net_socket$ax25(0x3, 0x5, 0xc3) socket$inet_sctp(0x2, 0x1, 0x84) socket$inet6_sctp(0xa, 0x1, 0x84) socket$nl_route(0x10, 0x3, 0x0) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r2, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) recvmsg$unix(r1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000f40)=[@cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}], 0x58}, 0x0) sendmsg$NFC_CMD_DEV_UP(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="010028bd70000700000002"], 0x1c}, 0x1, 0x0, 0x0, 0x40089}, 0x8004) 380.817984ms ago: executing program 1 (id=161): r0 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) sendto(r0, &(0x7f00000006c0)="a69975", 0x3, 0x2000c040, 0x0, 0x0) 353.378305ms ago: executing program 2 (id=162): symlink(&(0x7f0000000340)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000440)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') readlink(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000200)=""/62, 0x3e) 113.609306ms ago: executing program 0 (id=163): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x6, 0x0, 0x0, 0x40f00, 0x2, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000b00)={r1, 0x2000002, 0xe, 0x0, &(0x7f0000000200)="df33c9f7b9a15f87b68bda69a800", 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xfffffffc}, 0x3c) 113.320746ms ago: executing program 3 (id=164): openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) socket$inet_udp(0x2, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x358, 0x800000000000) sched_setaffinity(r2, 0x0, 0x0) listen(0xffffffffffffffff, 0x3) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000200), 0x0, 0x800) syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e130100c900", @ANYBLOB=' '], 0x16) setsockopt$MRT_DONE(0xffffffffffffffff, 0x0, 0xc9, 0x0, 0x0) sched_setscheduler(r0, 0x2, 0x0) 47.283128ms ago: executing program 2 (id=165): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sendmsg$inet(0xffffffffffffffff, 0x0, 0x800) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) r3 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0) r4 = fsmount(r3, 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f0000000040)='./bus\x00', 0x143142, 0x43) ftruncate(r5, 0x2007ffb) r6 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x88882, 0x200) r7 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1002, 0x0) sendfile(r7, r6, 0x0, 0x7ffff000) creat(&(0x7f0000000000)='./bus\x00', 0x48) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) 0s ago: executing program 1 (id=166): syz_mount_image$erofs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x3008003, &(0x7f0000002ac0)=ANY=[], 0x2, 0x200, &(0x7f00000002c0)="$eJzsmbFrFEEUxr+Z3ds7gwRtLGwsDBjR7O3uqaSJEMFSEKKo5WHWEN3k5LJC7kDwsLHRzkKwtbG0sLCy8C+w1UIFwcIrBQthZGZnd4e93fMOTwXzfpDJN/PezLz3YF6xB4Ig9iyfPn778PDc8qWTAPZjAXW9/sXKfbjh//7JnROPV84/ffHu2Zvt+buviucxAEJUXve9aHIAvF61EIPZyYoQmM/tC0YIWuMyOI5rfQUMbiJ/CEUyCcFwTfvcNHRnnxZR6F7vROs3NqPQk4Mvh0AOLTM+GdRwwLAOoKGiE4IZ9p1e/1Y7isJuUdREes+IaVrBK8up41vlWEFaPSGk/9UH9wdyrmsDDzyrnw8OX+sWGNa0XkYdruvmJTHyP2zn51uT5D9jcVbd9WjSXc+VOLj05wNLRPpGptkly/g3SvcfidpMzmHFFfmgs5VDw7QHmj6f/1nu+LVPY/xjhLaPmN7ORdGF34jQKSlUJvL+JDv7MaM/2bCz/tGMt243d3r9pc2t9ka4EW4HQeuMd8rzTgdN1YiScUz/a6j+NGecX6vwdZiD3XYcd/1dIO762TxIxjwBrL3sfJVbDkD1P47Fo+oI1VNV2vXyO5j+4+q/VItWuee9ypwIgiAIgiAIgiAIgiAIgiDKOQKG5JcwwfQH0TKCi+oL5c8AAAD//40vYXw=") prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="19000000040000000400000008"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) ioprio_set$uid(0x3, 0x0, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4085}, 0x4000800) r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x20) pwrite64(r6, 0x0, 0x0, 0x8080c61) sendmsg$nl_generic(r5, 0x0, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_GET(r7, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x4000000) r8 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) r9 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_MSFILTER(r9, 0x0, 0x30, &(0x7f0000000540)={0x0, {{0x2, 0x4e22, @broadcast}}, 0x1}, 0x90) fadvise64(r8, 0xe0ffff, 0x19, 0x3) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.55' (ED25519) to the list of known hosts. [ 81.703889][ T5775] cgroup: Unknown subsys name 'net' [ 81.838791][ T5775] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 83.551597][ T5775] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 85.325445][ T5795] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 85.334610][ T5795] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 85.343879][ T5795] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 85.351772][ T5795] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 85.360178][ T5795] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 85.367517][ T5802] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 85.383313][ T5797] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 85.390450][ T5802] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 85.401154][ T5799] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 85.409878][ T5797] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 85.417729][ T5799] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 85.420231][ T5802] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 85.427878][ T5799] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 85.438012][ T5795] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 85.439141][ T5797] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 85.446988][ T5795] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 85.455582][ T5799] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 85.460680][ T5795] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 85.467688][ T5797] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 85.474687][ T5802] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 85.481765][ T5799] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 85.496175][ T5799] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 85.503808][ T5799] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 85.504234][ T5102] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 86.125894][ T5789] chnl_net:caif_netlink_parms(): no params data found [ 86.149349][ T5788] chnl_net:caif_netlink_parms(): no params data found [ 86.159765][ T5786] chnl_net:caif_netlink_parms(): no params data found [ 86.283716][ T5785] chnl_net:caif_netlink_parms(): no params data found [ 86.372304][ T5786] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.379504][ T5786] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.387898][ T5786] bridge_slave_0: entered allmulticast mode [ 86.395533][ T5786] bridge_slave_0: entered promiscuous mode [ 86.444594][ T5786] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.451921][ T5786] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.459113][ T5786] bridge_slave_1: entered allmulticast mode [ 86.467674][ T5786] bridge_slave_1: entered promiscuous mode [ 86.475287][ T5789] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.482694][ T5789] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.489910][ T5789] bridge_slave_0: entered allmulticast mode [ 86.497267][ T5789] bridge_slave_0: entered promiscuous mode [ 86.536363][ T5789] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.543817][ T5789] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.551655][ T5789] bridge_slave_1: entered allmulticast mode [ 86.558924][ T5789] bridge_slave_1: entered promiscuous mode [ 86.580242][ T5788] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.587450][ T5788] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.595155][ T5788] bridge_slave_0: entered allmulticast mode [ 86.602549][ T5788] bridge_slave_0: entered promiscuous mode [ 86.661731][ T5789] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.674011][ T5788] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.681970][ T5788] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.689194][ T5788] bridge_slave_1: entered allmulticast mode [ 86.697924][ T5788] bridge_slave_1: entered promiscuous mode [ 86.720798][ T5786] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.733302][ T5786] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 86.744434][ T5789] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 86.829709][ T5785] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.837646][ T5785] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.845006][ T5785] bridge_slave_0: entered allmulticast mode [ 86.854310][ T5785] bridge_slave_0: entered promiscuous mode [ 86.862400][ T5785] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.869527][ T5785] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.877266][ T5785] bridge_slave_1: entered allmulticast mode [ 86.885154][ T5785] bridge_slave_1: entered promiscuous mode [ 86.907902][ T5789] team0: Port device team_slave_0 added [ 86.917880][ T5788] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.930722][ T5788] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 86.968380][ T5786] team0: Port device team_slave_0 added [ 86.978060][ T5786] team0: Port device team_slave_1 added [ 86.986383][ T5789] team0: Port device team_slave_1 added [ 87.007978][ T5785] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.064622][ T5785] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.122678][ T5788] team0: Port device team_slave_0 added [ 87.151757][ T5788] team0: Port device team_slave_1 added [ 87.158675][ T5786] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.166077][ T5786] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.202577][ T5786] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.219738][ T5786] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.230719][ T5786] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.260370][ T5786] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 87.287035][ T5789] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.299380][ T5789] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.330034][ T5789] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.347648][ T5789] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.354998][ T5789] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.381718][ T5789] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 87.397225][ T5785] team0: Port device team_slave_0 added [ 87.407720][ T5785] team0: Port device team_slave_1 added [ 87.550437][ T5788] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.557462][ T5788] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.581127][ T5102] Bluetooth: hci3: command tx timeout [ 87.589595][ T5102] Bluetooth: hci2: command tx timeout [ 87.595658][ T5795] Bluetooth: hci1: command tx timeout [ 87.601294][ T51] Bluetooth: hci0: command tx timeout [ 87.608279][ T5788] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.656631][ T5785] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.665262][ T5785] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.697279][ T5785] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.709106][ T5788] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.716511][ T5788] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.742810][ T5788] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 87.758236][ T5789] hsr_slave_0: entered promiscuous mode [ 87.764972][ T5789] hsr_slave_1: entered promiscuous mode [ 87.777273][ T5786] hsr_slave_0: entered promiscuous mode [ 87.784211][ T5786] hsr_slave_1: entered promiscuous mode [ 87.790619][ T5786] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 87.798543][ T5786] Cannot create hsr debugfs directory [ 87.806064][ T5785] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.813382][ T5785] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.839418][ T5785] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 87.952817][ T5788] hsr_slave_0: entered promiscuous mode [ 87.959583][ T5788] hsr_slave_1: entered promiscuous mode [ 87.966730][ T5788] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 87.975294][ T5788] Cannot create hsr debugfs directory [ 88.049362][ T5785] hsr_slave_0: entered promiscuous mode [ 88.056532][ T5785] hsr_slave_1: entered promiscuous mode [ 88.063200][ T5785] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 88.071524][ T5785] Cannot create hsr debugfs directory [ 88.450589][ T5786] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 88.470328][ T5786] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 88.483542][ T5786] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 88.496247][ T5786] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 88.572547][ T5789] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 88.592324][ T5789] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 88.605461][ T5789] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 88.623112][ T5789] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 88.691770][ T5788] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 88.713025][ T5788] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 88.731482][ T5788] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 88.743891][ T5788] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 88.842958][ T5785] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 88.856590][ T5785] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 88.867082][ T5785] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 88.886520][ T5785] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 88.974580][ T5786] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.029031][ T5786] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.067388][ T1074] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.074817][ T1074] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.087739][ T1074] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.094913][ T1074] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.148260][ T5789] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.184231][ T5788] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.256393][ T5789] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.273953][ T5788] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.287180][ T5785] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.324534][ T1072] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.331780][ T1072] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.354658][ T1072] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.362015][ T1072] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.382409][ T1072] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.390059][ T1072] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.432601][ T1072] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.439815][ T1072] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.499219][ T5785] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.566930][ T31] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.574297][ T31] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.603154][ T31] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.610396][ T31] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.660278][ T5795] Bluetooth: hci2: command tx timeout [ 89.665877][ T5102] Bluetooth: hci1: command tx timeout [ 89.665905][ T5793] Bluetooth: hci0: command tx timeout [ 89.672880][ T5102] Bluetooth: hci3: command tx timeout [ 89.685798][ T5786] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.886800][ T5786] veth0_vlan: entered promiscuous mode [ 89.941405][ T5786] veth1_vlan: entered promiscuous mode [ 90.044102][ T5786] veth0_macvtap: entered promiscuous mode [ 90.073391][ T5786] veth1_macvtap: entered promiscuous mode [ 90.138185][ T5788] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.167851][ T5786] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 90.199047][ T5786] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 90.215669][ T5786] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.228955][ T5786] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.239938][ T5786] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.254758][ T5786] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.283872][ T5789] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.342770][ T5785] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.424000][ T5788] veth0_vlan: entered promiscuous mode [ 90.485285][ T1085] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.503614][ T5788] veth1_vlan: entered promiscuous mode [ 90.513621][ T1085] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.533885][ T5789] veth0_vlan: entered promiscuous mode [ 90.579465][ T1127] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.593215][ T1127] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.607472][ T5789] veth1_vlan: entered promiscuous mode [ 90.615673][ T5785] veth0_vlan: entered promiscuous mode [ 90.664227][ T5785] veth1_vlan: entered promiscuous mode [ 90.676948][ T5788] veth0_macvtap: entered promiscuous mode [ 90.715588][ T5788] veth1_macvtap: entered promiscuous mode [ 90.738321][ T5789] veth0_macvtap: entered promiscuous mode [ 90.779356][ T5789] veth1_macvtap: entered promiscuous mode [ 90.807880][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 90.820055][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.837330][ T5788] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 90.864337][ T5785] veth0_macvtap: entered promiscuous mode [ 90.897430][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 90.908721][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.926059][ T5788] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 90.943014][ T5785] veth1_macvtap: entered promiscuous mode [ 90.964175][ T5788] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.977349][ T5788] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.988932][ T5788] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.997968][ T5788] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.014874][ T5789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.026083][ T5789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.036428][ T5789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.048837][ T5789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.067176][ T5789] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.108225][ T5789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.119253][ T5789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.129563][ T5882] ======================================================= [ 91.129563][ T5882] WARNING: The mand mount option has been deprecated and [ 91.129563][ T5882] and is ignored by this kernel. Remove the mand [ 91.129563][ T5882] option from the mount to silence this warning. [ 91.129563][ T5882] ======================================================= [ 91.129585][ T5789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.177987][ T5789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.190597][ T5789] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.234920][ T5789] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.243904][ T5789] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.253112][ T5789] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.263392][ T5789] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.308490][ T5785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.324908][ T5785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.335730][ T5785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.350730][ T5785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.365138][ T5785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.376093][ T5785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.389016][ T5785] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.442401][ T5785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.454614][ T5785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.465643][ T5785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.476560][ T5785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.490312][ T5785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.502402][ T5785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.514529][ T5785] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.565843][ T1085] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.577641][ T1085] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.588414][ T5785] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.603632][ T5785] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.613080][ T5785] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.623416][ T5785] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.715671][ T5889] syz.1.8[5889]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 91.746390][ T5102] Bluetooth: hci0: command tx timeout [ 91.753368][ T5795] Bluetooth: hci3: command tx timeout [ 91.753392][ T5793] Bluetooth: hci1: command tx timeout [ 91.758898][ T5795] Bluetooth: hci2: command tx timeout [ 91.770943][ T1127] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.778906][ T1127] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.841784][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.849681][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.913792][ T5889] loop1: detected capacity change from 0 to 4096 [ 91.931563][ T5889] ntfs3: loop1: Different NTFS sector size (4096) and media sector size (512). [ 92.003787][ T5889] ntfs3: loop1: Mark volume as dirty due to NTFS errors [ 92.025988][ T31] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.037014][ T5889] ntfs3: loop1: mft corrupted [ 92.062497][ T5889] ntfs3: loop1: Failed to load $Extend (-22). [ 92.068924][ T5889] ntfs3: loop1: Failed to initialize $Extend. [ 92.080289][ T31] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.120270][ T1127] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.129452][ T1127] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.231704][ T1190] cfg80211: failed to load regulatory.db [ 92.266250][ T27] audit: type=1326 audit(1764318931.984:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5890 comm="syz.2.3" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f54a618f749 code=0x0 [ 92.445043][ T31] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.476240][ T5894] ntfs3: loop1: ino=1e, "file1" failed to parse mft record [ 92.483792][ T5894] ntfs3: loop1: ino=1e, "file1" attr_set_size [ 92.502977][ T31] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.908994][ T5896] loop0: detected capacity change from 0 to 32768 [ 93.014514][ T5896] ocfs2: Mounting device (7,0) on (node local, slot 0) with writeback data mode. [ 93.125266][ T27] audit: type=1800 audit(1764318932.914:3): pid=5896 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1" name="file1" dev="loop0" ino=17058 res=0 errno=0 [ 93.825592][ T5102] Bluetooth: hci0: command tx timeout [ 93.831221][ T5795] Bluetooth: hci2: command tx timeout [ 93.831688][ T51] Bluetooth: hci3: command tx timeout [ 93.842470][ T5793] Bluetooth: hci1: command tx timeout [ 94.380698][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 95.345610][ T5789] ocfs2: Unmounting device (7,0) on (node local) [ 96.190073][ T0] NOHZ tick-stop error: local softirq work is pending, handler #282!!! [ 96.380681][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 96.460885][ T0] NOHZ tick-stop error: local softirq work is pending, handler #108!!! [ 96.470863][ T0] NOHZ tick-stop error: local softirq work is pending, handler #242!!! [ 96.490198][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 96.870610][ T0] NOHZ tick-stop error: local softirq work is pending, handler #342!!! [ 98.453077][ T5954] loop2: detected capacity change from 0 to 512 [ 98.557119][ T5954] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x61000000 (sector = 1) [ 98.600281][ T5957] loop1: detected capacity change from 0 to 47 [ 98.725979][ T5954] pim6reg: entered allmulticast mode [ 98.735994][ T5957] syz.1.24 uses obsolete (PF_INET,SOCK_PACKET) [ 98.759528][ T5957] syz.1.24: attempt to access beyond end of device [ 98.759528][ T5957] loop1: rw=2049, sector=48, nr_sectors = 2 limit=47 [ 98.817722][ T5957] Buffer I/O error on dev loop1, logical block 24, lost async page write [ 98.841703][ T5957] syz.1.24: attempt to access beyond end of device [ 98.841703][ T5957] loop1: rw=2049, sector=50, nr_sectors = 2 limit=47 [ 98.882427][ T5957] Buffer I/O error on dev loop1, logical block 25, lost async page write [ 98.966952][ T1074] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x61000000 (sector = 1) [ 98.977499][ T5962] netlink: 'syz.3.26': attribute type 1 has an invalid length. [ 99.600960][ T5840] usb 4-1: new full-speed USB device number 2 using dummy_hcd [ 100.460027][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 100.468606][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 100.541040][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 100.693528][ T5840] usb 4-1: config 0 has no interfaces? [ 100.717496][ T5840] usb 4-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 100.740836][ T5840] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 100.773020][ T5840] usb 4-1: config 0 descriptor?? [ 101.010748][ T5897] usb 4-1: USB disconnect, device number 2 [ 101.230061][ T5840] usb 2-1: new full-speed USB device number 2 using dummy_hcd [ 101.445546][ T5840] usb 2-1: config 0 interface 0 altsetting 251 has an invalid endpoint with address 0x93, skipping [ 101.473023][ T5840] usb 2-1: config 0 interface 0 has no altsetting 0 [ 101.503149][ T5840] usb 2-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 101.536608][ T5840] usb 2-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 101.616908][ T5840] usb 2-1: Product: syz [ 101.630344][ T5840] usb 2-1: Manufacturer: syz [ 101.645557][ T5840] usb 2-1: SerialNumber: syz [ 101.666796][ T5840] usb 2-1: config 0 descriptor?? [ 101.687462][ T5982] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 101.801971][ T5840] snd-usb-audio: probe of 2-1:0.0 failed with error -22 [ 101.867243][ T5787] udevd[5787]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 101.953133][ T5897] usb 2-1: USB disconnect, device number 2 [ 103.123203][ T6008] loop2: detected capacity change from 0 to 4096 [ 103.141687][ T6008] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 103.197034][ T6008] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 103.235261][ T6010] Zero length message leads to an empty skb [ 103.245408][ T6008] EXT4-fs (loop2): shut down requested (0) [ 103.361353][ T5788] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 103.860063][ T28] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 103.894496][ T6017] loop3: detected capacity change from 0 to 32768 [ 103.990137][ T6017] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 104.794796][ T5785] ocfs2: Unmounting device (7,3) on (node local) [ 104.840064][ T28] usb 3-1: Using ep0 maxpacket: 32 [ 104.859676][ T28] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 104.908176][ T28] usb 3-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 104.927734][ T28] usb 3-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 104.955099][ T28] usb 3-1: Product: syz [ 104.975182][ T28] usb 3-1: Manufacturer: syz [ 104.979870][ T28] usb 3-1: SerialNumber: syz [ 104.986806][ T6035] loop0: detected capacity change from 0 to 16 [ 105.015190][ T28] usb 3-1: config 0 descriptor?? [ 105.063973][ T6035] erofs: (device loop0): mounted with root inode @ nid 36. [ 105.078912][ T6021] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 105.099222][ T28] hub 3-1:0.0: bad descriptor, ignoring hub [ 105.109438][ T28] hub: probe of 3-1:0.0 failed with error -5 [ 105.490400][ T5777] usb 3-1: USB disconnect, device number 2 [ 105.794753][ T6047] kernel profiling enabled (shift: 5) [ 107.174603][ T6055] loop2: detected capacity change from 0 to 256 [ 107.221367][ T6055] exfat: Deprecated parameter 'namecase' [ 107.274151][ T6055] exfat: Deprecated parameter 'utf8' [ 107.364329][ T6055] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d) [ 107.687723][ T6055] netlink: 8 bytes leftover after parsing attributes in process `syz.2.56'. [ 107.750173][ T6055] netlink: 8 bytes leftover after parsing attributes in process `syz.2.56'. [ 110.097152][ T6085] netlink: 4 bytes leftover after parsing attributes in process `syz.0.65'. [ 114.774057][ T6129] loop0: detected capacity change from 0 to 2048 [ 114.837486][ T6136] random: crng reseeded on system resumption [ 114.961997][ T6129] UDF-fs: warning (device loop0): udf_load_vrs: No anchor found [ 115.788135][ T6129] UDF-fs: Scanning with blocksize 512 failed [ 115.847160][ T6129] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 116.239842][ T6142] loop9: detected capacity change from 0 to 7 [ 116.270761][ T6142] Dev loop9: unable to read RDB block 7 [ 116.286987][ T6142] loop9: AHDI p3 p4 [ 116.297147][ T6142] loop9: partition table partially beyond EOD, truncated [ 116.321046][ T6142] loop9: p3 size 4227858431 extends beyond EOD, truncated [ 117.459190][ T6060] udevd[6060]: inotify_add_watch(7, /dev/loop9p3, 10) failed: No such file or directory [ 118.901599][ T5847] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 119.110343][ T5847] usb 2-1: Using ep0 maxpacket: 32 [ 119.168803][ T5847] usb 2-1: config index 0 descriptor too short (expected 156, got 27) [ 119.200425][ T5847] usb 2-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 119.250365][ T5847] usb 2-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 119.296141][ T5847] usb 2-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 119.310235][ T5847] usb 2-1: config 0 interface 0 has no altsetting 0 [ 119.354999][ T5847] usb 2-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 119.364330][ T5847] usb 2-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 119.373134][ T5847] usb 2-1: Product: syz [ 119.380015][ T5847] usb 2-1: Manufacturer: syz [ 119.384736][ T5847] usb 2-1: SerialNumber: syz [ 119.470474][ T5847] usb 2-1: config 0 descriptor?? [ 119.521226][ T5847] ldusb 2-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 119.713984][ T5847] ldusb 2-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 120.438492][ T6189] loop3: detected capacity change from 0 to 256 [ 121.747500][ T6181] loop0: detected capacity change from 0 to 32768 [ 121.908518][ T6201] sch_tbf: burst 1023 is lower than device lo mtu (65550) ! [ 122.002694][ T6181] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 122.316177][ T6181] syz.0.99 (6181) used greatest stack depth: 19248 bytes left [ 122.478181][ T5789] ocfs2: Unmounting device (7,0) on (node local) [ 122.970521][ T6198] loop3: detected capacity change from 0 to 131072 [ 122.999410][ T6198] F2FS-fs (loop3): invalid crc value [ 123.023691][ T6198] F2FS-fs (loop3): Found nat_bits in checkpoint [ 123.083403][ T6198] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 123.395410][ T6217] loop2: detected capacity change from 0 to 64 [ 125.101018][ T6177] ldusb 2-1:0.0: Couldn't submit HID_REQ_SET_REPORT -110 [ 125.118745][ T6229] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input5 [ 125.223658][ T28] usb 2-1: USB disconnect, device number 3 [ 125.283209][ T28] ldusb 2-1:0.0: LD USB Device #0 now disconnected [ 126.551739][ T6244] netlink: 116 bytes leftover after parsing attributes in process `syz.3.118'. [ 127.574259][ T6251] capability: warning: `syz.2.121' uses deprecated v2 capabilities in a way that may be insecure [ 128.279861][ T6257] loop3: detected capacity change from 0 to 512 [ 128.533932][ T6261] usb usb8: usbfs: process 6261 (syz.2.124) did not claim interface 0 before use [ 128.672721][ T6257] EXT4-fs (loop3): Test dummy encryption mode enabled [ 128.686146][ T6257] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 128.720468][ T6257] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 128.783757][ T6257] EXT4-fs error (device loop3): ext4_orphan_get:1425: comm syz.3.123: bad orphan inode 131083 [ 128.818389][ T6257] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 128.900086][ T27] audit: type=1800 audit(1764318968.694:4): pid=6271 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.127" name="bus" dev="overlay" ino=173 res=0 errno=0 [ 129.057793][ T6274] Sensor B: ================= START STATUS ================= [ 129.066758][ T6274] Sensor B: Test Pattern: 75% Colorbar [ 129.075382][ T6274] Sensor B: Show Information: All [ 129.080844][ T6274] Sensor B: Vertical Flip: false [ 129.087065][ T6274] Sensor B: Horizontal Flip: false [ 129.093570][ T6274] Sensor B: Brightness: 128 [ 129.109613][ T6274] Sensor B: Contrast: 128 [ 129.151449][ T6274] Sensor B: Hue: 0 [ 129.159730][ T6274] Sensor B: Saturation: 128 [ 129.165086][ T6274] Sensor B: ================== END STATUS ================== [ 129.574932][ T6272] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 129.706570][ T6257] fscrypt: AES-256-CTS-CBC using implementation "cts-cbc-aes-aesni" [ 130.877216][ T5785] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 132.227938][ T6301] program syz.0.137 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 133.260964][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.268068][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 135.335006][ T6321] loop1: detected capacity change from 0 to 4096 [ 135.370613][ T6321] EXT4-fs: Ignoring removed mblk_io_submit option [ 135.409781][ T6321] EXT4-fs: Ignoring removed orlov option [ 135.444316][ T6321] EXT4-fs (loop1): Test dummy encryption mode enabled [ 135.484051][ T6321] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 135.708279][ T5786] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 136.290101][ T5840] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 137.175139][ T5840] usb 1-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00 [ 137.185749][ T5840] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 137.195907][ T5840] usb 1-1: Product: syz [ 137.200213][ T5840] usb 1-1: Manufacturer: syz [ 137.204858][ T5840] usb 1-1: SerialNumber: syz [ 137.223157][ T5840] usb 1-1: config 0 descriptor?? [ 137.499032][ T6342] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 137.508450][ T6342] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 137.517355][ T6342] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 137.526601][ T6342] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 137.543567][ T6342] bond0: (slave vxlan0): Enslaving as an active interface with an up link [ 137.601372][ T5840] usb-storage 1-1:0.0: USB Mass Storage device detected [ 137.800891][ T5840] usb 1-1: USB disconnect, device number 2 [ 138.157371][ T6356] loop1: detected capacity change from 0 to 32768 [ 138.221379][ T6356] ocfs2: Mounting device (7,1) on (node local, slot 0) with writeback data mode. [ 138.246581][ T27] audit: type=1800 audit(1764318978.044:5): pid=6356 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.154" name="file1" dev="loop1" ino=17058 res=0 errno=0 [ 139.017476][ T6363] netlink: 8 bytes leftover after parsing attributes in process `syz.0.155'. [ 139.041698][ T5786] ocfs2: Unmounting device (7,1) on (node local) [ 139.045559][ T6364] loop3: detected capacity change from 0 to 8 [ 139.142414][ T6368] loop2: detected capacity change from 0 to 64 [ 139.299478][ T6371] loop0: detected capacity change from 0 to 256 [ 139.557249][ T6378] ieee802154 phy0 wpan0: encryption failed: -22 [ 140.233070][ T6390] loop1: detected capacity change from 0 to 16 [ 140.371836][ T6390] erofs: (device loop1): mounted with root inode @ nid 36. [ 141.989537][ T6393] syz.1.166: attempt to access beyond end of device [ 141.989537][ T6393] loop1: rw=0, sector=8, nr_sectors = 32 limit=16 [ 142.039512][ T6393] syz.1.166: attempt to access beyond end of device [ 142.039512][ T6393] loop1: rw=524288, sector=16, nr_sectors = 32 limit=16 [ 142.054183][ T6393] syz.1.166: attempt to access beyond end of device [ 142.054183][ T6393] loop1: rw=524288, sector=8, nr_sectors = 32 limit=16 [ 143.521898][ T5786] BUG: Bad page state in process syz-executor pfn:614bf [ 143.529322][ T5786] page:ffffea0001852fc0 refcount:0 mapcount:0 mapping:ffff8880787787c8 index:0x2 pfn:0x614bf [ 143.539705][ T5786] aops:z_erofs_cache_aops ino:0 [ 143.544678][ T5786] flags: 0xfff00000000001(locked|node=0|zone=1|lastcpupid=0x7ff) [ 143.552556][ T5786] page_type: 0xffffffff() [ 143.556929][ T5786] raw: 00fff00000000001 dead000000000100 dead000000000122 ffff8880787787c8 [ 143.566950][ T5786] raw: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000 [ 143.576090][ T5786] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set [ 143.583572][ T5786] page_owner tracks the page as allocated [ 143.589603][ T5786] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x192840(GFP_NOWAIT|__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 6393, tgid 6389 (syz.1.166), ts 141988151532, free_ts 127713901252 [ 143.611941][ T5786] post_alloc_hook+0x1cd/0x210 [ 143.616775][ T5786] get_page_from_freelist+0x195c/0x19f0 [ 143.622438][ T5786] __alloc_pages+0x1e3/0x460 [ 143.627078][ T5786] z_erofs_do_read_page+0x20c0/0x3680 [ 143.632551][ T5786] z_erofs_pcluster_readmore+0x2cf/0x450 [ 143.638226][ T5786] z_erofs_read_folio+0x208/0x540 [ 143.643377][ T5786] filemap_read_folio+0x167/0x760 [ 143.648438][ T5786] do_read_cache_folio+0x470/0x7e0 [ 143.653652][ T5786] erofs_bread+0x16f/0x630 [ 143.658137][ T5786] erofs_namei+0x28c/0xf00 [ 143.662811][ T5786] erofs_lookup+0x135/0x310 [ 143.668463][ T5786] path_openat+0x10b8/0x3190 [ 143.673330][ T5786] do_filp_open+0x1c5/0x3d0 [ 143.677878][ T5786] do_sys_openat2+0x12c/0x1c0 [ 143.682658][ T5786] __x64_sys_openat+0x139/0x160 [ 143.687550][ T5786] do_syscall_64+0x55/0xb0 [ 143.692092][ T5786] page last free stack trace: [ 143.696878][ T5786] free_unref_page_prepare+0x7ce/0x8e0 [ 143.702422][ T5786] free_unref_page+0x32/0x2e0 [ 143.707144][ T5786] skb_release_data+0x49a/0x800 [ 143.712101][ T5786] consume_skb+0xb2/0x110 [ 143.716478][ T5786] __sk_msg_free+0x2b4/0x340 [ 143.721181][ T5786] sk_psock_destroy+0x3cc/0x930 [ 143.726067][ T5786] process_scheduled_works+0xa45/0x15b0 [ 143.731731][ T5786] worker_thread+0xa55/0xfc0 [ 143.736394][ T5786] kthread+0x2fa/0x390 [ 143.740818][ T5786] ret_from_fork+0x48/0x80 [ 143.745292][ T5786] ret_from_fork_asm+0x11/0x20 [ 143.750521][ T5786] Modules linked in: [ 143.754479][ T5786] CPU: 0 PID: 5786 Comm: syz-executor Not tainted syzkaller #0 [ 143.762064][ T5786] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 143.772179][ T5786] Call Trace: [ 143.775491][ T5786] [ 143.778478][ T5786] dump_stack_lvl+0x16c/0x230 [ 143.783222][ T5786] ? show_regs_print_info+0x20/0x20 [ 143.788556][ T5786] ? swiotlb_print_info+0x70/0x70 [ 143.793636][ T5786] bad_page+0x14b/0x170 [ 143.797837][ T5786] free_unref_page_prepare+0x887/0x8e0 [ 143.803376][ T5786] free_unref_page+0x32/0x2e0 [ 143.808192][ T5786] ? __folio_put+0xef/0x210 [ 143.812740][ T5786] erofs_try_to_free_all_cached_pages+0x295/0x600 [ 143.819209][ T5786] erofs_shrink_workstation+0x118/0x290 [ 143.824802][ T5786] ? erofs_shrinker_unregister+0x170/0x170 [ 143.830652][ T5786] ? io_schedule+0xd0/0xd0 [ 143.835115][ T5786] ? kobject_put+0x43c/0x470 [ 143.839748][ T5786] erofs_shrinker_unregister+0x5d/0x170 [ 143.845334][ T5786] erofs_put_super+0x4e/0x150 [ 143.850063][ T5786] ? erofs_free_inode+0xb0/0xb0 [ 143.854974][ T5786] generic_shutdown_super+0x134/0x2b0 [ 143.860399][ T5786] kill_block_super+0x44/0x90 [ 143.865136][ T5786] erofs_kill_sb+0x4c/0x140 [ 143.869706][ T5786] deactivate_locked_super+0x97/0x100 [ 143.875154][ T5786] cleanup_mnt+0x429/0x4c0 [ 143.879636][ T5786] task_work_run+0x1ce/0x250 [ 143.884285][ T5786] ? task_work_cancel+0x240/0x240 [ 143.889366][ T5786] ? exit_to_user_mode_loop+0x3b/0x110 [ 143.894888][ T5786] exit_to_user_mode_loop+0xe6/0x110 [ 143.900223][ T5786] exit_to_user_mode_prepare+0xf6/0x180 [ 143.905792][ T5786] syscall_exit_to_user_mode+0x1a/0x50 [ 143.911269][ T5786] do_syscall_64+0x61/0xb0 [ 143.915706][ T5786] ? clear_bhb_loop+0x40/0x90 [ 143.920400][ T5786] ? clear_bhb_loop+0x40/0x90 [ 143.925100][ T5786] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 143.931013][ T5786] RIP: 0033:0x7f219a390a77 [ 143.935460][ T5786] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 143.955203][ T5786] RSP: 002b:00007fffc95c9508 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 143.963742][ T5786] RAX: 0000000000000000 RBX: 00007f219a413d7d RCX: 00007f219a390a77 [ 143.971737][ T5786] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fffc95c95c0 [ 143.979733][ T5786] RBP: 00007fffc95c95c0 R08: 0000000000000000 R09: 0000000000000000 [ 143.987724][ T5786] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fffc95ca650 [ 143.995713][ T5786] R13: 00007f219a413d7d R14: 000000000002245b R15: 00007fffc95ca690 [ 144.003715][ T5786] [ 144.008054][ T5786] Disabling lock debugging due to kernel taint [ 144.014594][ T5786] BUG: Bad page state in process syz-executor pfn:61548 [ 144.021716][ T5786] page:ffffea0001855200 refcount:0 mapcount:0 mapping:ffff8880787787c8 index:0x3 pfn:0x61548 [ 144.032591][ T5786] aops:z_erofs_cache_aops ino:0 [ 144.037478][ T5786] flags: 0xfff00000000001(locked|node=0|zone=1|lastcpupid=0x7ff) [ 144.045661][ T5786] page_type: 0xffffffff() [ 144.050549][ T5786] raw: 00fff00000000001 dead000000000100 dead000000000122 ffff8880787787c8 [ 144.059183][ T5786] raw: 0000000000000003 0000000000000000 00000000ffffffff 0000000000000000 [ 144.068213][ T5786] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set [ 144.075872][ T5786] page_owner tracks the page as allocated [ 144.082918][ T5786] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x192840(GFP_NOWAIT|__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 6393, tgid 6389 (syz.1.166), ts 141988176555, free_ts 127713823721 [ 144.105377][ T5786] post_alloc_hook+0x1cd/0x210 [ 144.110658][ T5786] get_page_from_freelist+0x195c/0x19f0 [ 144.116257][ T5786] __alloc_pages+0x1e3/0x460 [ 144.121366][ T5786] z_erofs_do_read_page+0x20c0/0x3680 [ 144.127169][ T5786] z_erofs_pcluster_readmore+0x2cf/0x450 [ 144.133268][ T5786] z_erofs_read_folio+0x208/0x540 [ 144.138639][ T5786] filemap_read_folio+0x167/0x760 [ 144.144135][ T5786] do_read_cache_folio+0x470/0x7e0 [ 144.148651][ T6398] loop3: detected capacity change from 0 to 16 [ 144.149544][ T5786] erofs_bread+0x16f/0x630 [ 144.161107][ T5786] erofs_namei+0x28c/0xf00 [ 144.163009][ T6398] erofs: (device loop3): mounted with root inode @ nid 36. [ 144.165578][ T5786] erofs_lookup+0x135/0x310 [ 144.177714][ T5786] path_openat+0x10b8/0x3190 [ 144.183655][ T5786] do_filp_open+0x1c5/0x3d0 [ 144.188218][ T5786] do_sys_openat2+0x12c/0x1c0 [ 144.193417][ T5786] __x64_sys_openat+0x139/0x160 [ 144.198323][ T5786] do_syscall_64+0x55/0xb0 [ 144.203192][ T5786] page last free stack trace: [ 144.207903][ T5786] free_unref_page_prepare+0x7ce/0x8e0 [ 144.213811][ T5786] free_unref_page+0x32/0x2e0 [ 144.218545][ T5786] skb_release_data+0x49a/0x800 [ 144.223851][ T5786] consume_skb+0xb2/0x110 [ 144.228243][ T5786] __sk_msg_free+0x2b4/0x340 [ 144.233230][ T5786] sk_psock_destroy+0x3cc/0x930 [ 144.238102][ T5786] process_scheduled_works+0xa45/0x15b0 [ 144.243879][ T5786] worker_thread+0xa55/0xfc0 [ 144.248510][ T5786] kthread+0x2fa/0x390 [ 144.252829][ T5786] ret_from_fork+0x48/0x80 [ 144.257276][ T5786] ret_from_fork_asm+0x11/0x20 [ 144.262123][ T5786] Modules linked in: [ 144.266052][ T5786] CPU: 0 PID: 5786 Comm: syz-executor Tainted: G B syzkaller #0 [ 144.275093][ T5786] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 144.285176][ T5786] Call Trace: [ 144.288462][ T5786] [ 144.291404][ T5786] dump_stack_lvl+0x16c/0x230 [ 144.296102][ T5786] ? show_regs_print_info+0x20/0x20 [ 144.301325][ T5786] ? swiotlb_print_info+0x70/0x70 [ 144.306390][ T5786] bad_page+0x14b/0x170 [ 144.310559][ T5786] free_unref_page_prepare+0x887/0x8e0 [ 144.316130][ T5786] free_unref_page+0x32/0x2e0 [ 144.320833][ T5786] ? __folio_put+0xef/0x210 [ 144.325348][ T5786] erofs_try_to_free_all_cached_pages+0x295/0x600 [ 144.331783][ T5786] erofs_shrink_workstation+0x118/0x290 [ 144.337339][ T5786] ? erofs_shrinker_unregister+0x170/0x170 [ 144.343160][ T5786] ? io_schedule+0xd0/0xd0 [ 144.347680][ T5786] ? kobject_put+0x43c/0x470 [ 144.352287][ T5786] erofs_shrinker_unregister+0x5d/0x170 [ 144.357853][ T5786] erofs_put_super+0x4e/0x150 [ 144.362553][ T5786] ? erofs_free_inode+0xb0/0xb0 [ 144.367419][ T5786] generic_shutdown_super+0x134/0x2b0 [ 144.372819][ T5786] kill_block_super+0x44/0x90 [ 144.377858][ T5786] erofs_kill_sb+0x4c/0x140 [ 144.382446][ T5786] deactivate_locked_super+0x97/0x100 [ 144.387841][ T5786] cleanup_mnt+0x429/0x4c0 [ 144.392280][ T5786] task_work_run+0x1ce/0x250 [ 144.396887][ T5786] ? task_work_cancel+0x240/0x240 [ 144.401927][ T5786] ? exit_to_user_mode_loop+0x3b/0x110 [ 144.407403][ T5786] exit_to_user_mode_loop+0xe6/0x110 [ 144.412702][ T5786] exit_to_user_mode_prepare+0xf6/0x180 [ 144.418266][ T5786] syscall_exit_to_user_mode+0x1a/0x50 [ 144.423736][ T5786] do_syscall_64+0x61/0xb0 [ 144.428177][ T5786] ? clear_bhb_loop+0x40/0x90 [ 144.432952][ T5786] ? clear_bhb_loop+0x40/0x90 [ 144.437645][ T5786] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 144.443555][ T5786] RIP: 0033:0x7f219a390a77 [ 144.447979][ T5786] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 144.467621][ T5786] RSP: 002b:00007fffc95c9508 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 144.476046][ T5786] RAX: 0000000000000000 RBX: 00007f219a413d7d RCX: 00007f219a390a77 [ 144.484045][ T5786] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fffc95c95c0 [ 144.492027][ T5786] RBP: 00007fffc95c95c0 R08: 0000000000000000 R09: 0000000000000000 [ 144.500007][ T5786] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fffc95ca650 [ 144.508078][ T5786] R13: 00007f219a413d7d R14: 000000000002245b R15: 00007fffc95ca690 [ 144.516097][ T5786] [ 144.520560][ T5786] BUG: Bad page state in process syz-executor pfn:61549 [ 144.527624][ T5786] page:ffffea0001855240 refcount:0 mapcount:0 mapping:ffff8880787787c8 index:0x4 pfn:0x61549 [ 144.538095][ T5786] aops:z_erofs_cache_aops ino:0 [ 144.543190][ T5786] flags: 0xfff00000000001(locked|node=0|zone=1|lastcpupid=0x7ff) [ 144.551024][ T5786] page_type: 0xffffffff() [ 144.555384][ T5786] raw: 00fff00000000001 dead000000000100 dead000000000122 ffff8880787787c8 [ 144.564028][ T5786] raw: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 144.572770][ T5786] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set [ 144.580130][ T5786] page_owner tracks the page as allocated [ 144.585869][ T5786] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x192840(GFP_NOWAIT|__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 6393, tgid 6389 (syz.1.166), ts 141988303833, free_ts 127713823721 [ 144.608559][ T5786] post_alloc_hook+0x1cd/0x210 [ 144.613530][ T5786] get_page_from_freelist+0x195c/0x19f0 [ 144.619222][ T5786] __alloc_pages+0x1e3/0x460 [ 144.623949][ T5786] z_erofs_do_read_page+0x20c0/0x3680 [ 144.629386][ T5786] z_erofs_pcluster_readmore+0x2cf/0x450 [ 144.635128][ T5786] z_erofs_read_folio+0x208/0x540 [ 144.640255][ T5786] filemap_read_folio+0x167/0x760 [ 144.645352][ T5786] do_read_cache_folio+0x470/0x7e0 [ 144.650589][ T5786] erofs_bread+0x16f/0x630 [ 144.655057][ T5786] erofs_namei+0x28c/0xf00 [ 144.659579][ T5786] erofs_lookup+0x135/0x310 [ 144.664272][ T5786] path_openat+0x10b8/0x3190 [ 144.668991][ T5786] do_filp_open+0x1c5/0x3d0 [ 144.673582][ T5786] do_sys_openat2+0x12c/0x1c0 [ 144.678306][ T5786] __x64_sys_openat+0x139/0x160 [ 144.683330][ T5786] do_syscall_64+0x55/0xb0 [ 144.687782][ T5786] page last free stack trace: [ 144.693428][ T5786] free_unref_page_prepare+0x7ce/0x8e0 [ 144.698918][ T5786] free_unref_page+0x32/0x2e0 [ 144.706509][ T5786] skb_release_data+0x49a/0x800 [ 144.711568][ T5786] consume_skb+0xb2/0x110 [ 144.715940][ T5786] __sk_msg_free+0x2b4/0x340 [ 144.720619][ T5786] sk_psock_destroy+0x3cc/0x930 [ 144.725502][ T5786] process_scheduled_works+0xa45/0x15b0 [ 144.731120][ T5786] worker_thread+0xa55/0xfc0 [ 144.735763][ T5786] kthread+0x2fa/0x390 [ 144.739864][ T5786] ret_from_fork+0x48/0x80 [ 144.744349][ T5786] ret_from_fork_asm+0x11/0x20 [ 144.749335][ T5786] Modules linked in: [ 144.753299][ T5786] CPU: 0 PID: 5786 Comm: syz-executor Tainted: G B syzkaller #0 [ 144.762449][ T5786] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 144.772970][ T5786] Call Trace: [ 144.776258][ T5786] [ 144.779199][ T5786] dump_stack_lvl+0x16c/0x230 [ 144.783938][ T5786] ? show_regs_print_info+0x20/0x20 [ 144.789158][ T5786] ? swiotlb_print_info+0x70/0x70 [ 144.794200][ T5786] bad_page+0x14b/0x170 [ 144.798381][ T5786] free_unref_page_prepare+0x887/0x8e0 [ 144.803901][ T5786] free_unref_page+0x32/0x2e0 [ 144.808622][ T5786] ? __folio_put+0xef/0x210 [ 144.813138][ T5786] erofs_try_to_free_all_cached_pages+0x295/0x600 [ 144.819573][ T5786] erofs_shrink_workstation+0x118/0x290 [ 144.825240][ T5786] ? erofs_shrinker_unregister+0x170/0x170 [ 144.831059][ T5786] ? io_schedule+0xd0/0xd0 [ 144.835501][ T5786] ? kobject_put+0x43c/0x470 [ 144.840109][ T5786] erofs_shrinker_unregister+0x5d/0x170 [ 144.845688][ T5786] erofs_put_super+0x4e/0x150 [ 144.850386][ T5786] ? erofs_free_inode+0xb0/0xb0 [ 144.855253][ T5786] generic_shutdown_super+0x134/0x2b0 [ 144.860822][ T5786] kill_block_super+0x44/0x90 [ 144.865509][ T5786] erofs_kill_sb+0x4c/0x140 [ 144.870154][ T5786] deactivate_locked_super+0x97/0x100 [ 144.875551][ T5786] cleanup_mnt+0x429/0x4c0 [ 144.879983][ T5786] task_work_run+0x1ce/0x250 [ 144.884590][ T5786] ? task_work_cancel+0x240/0x240 [ 144.889634][ T5786] ? exit_to_user_mode_loop+0x3b/0x110 [ 144.895113][ T5786] exit_to_user_mode_loop+0xe6/0x110 [ 144.900425][ T5786] exit_to_user_mode_prepare+0xf6/0x180 [ 144.905986][ T5786] syscall_exit_to_user_mode+0x1a/0x50 [ 144.911457][ T5786] do_syscall_64+0x61/0xb0 [ 144.915890][ T5786] ? clear_bhb_loop+0x40/0x90 [ 144.920582][ T5786] ? clear_bhb_loop+0x40/0x90 [ 144.925275][ T5786] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 144.931187][ T5786] RIP: 0033:0x7f219a390a77 [ 144.935615][ T5786] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 144.955327][ T5786] RSP: 002b:00007fffc95c9508 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 144.964115][ T5786] RAX: 0000000000000000 RBX: 00007f219a413d7d RCX: 00007f219a390a77 [ 144.972248][ T5786] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fffc95c95c0 [ 144.980231][ T5786] RBP: 00007fffc95c95c0 R08: 0000000000000000 R09: 0000000000000000 [ 144.988209][ T5786] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fffc95ca650 [ 144.996205][ T5786] R13: 00007f219a413d7d R14: 000000000002245b R15: 00007fffc95ca690 [ 145.004200][ T5786] [ 145.316552][ T6400] syz.3.167: attempt to access beyond end of device [ 145.316552][ T6400] loop3: rw=0, sector=8, nr_sectors = 32 limit=16 [ 145.354284][ T6400] syz.3.167: attempt to access beyond end of device [ 145.354284][ T6400] loop3: rw=524288, sector=16, nr_sectors = 32 limit=16 [ 145.368333][ T6400] syz.3.167: attempt to access beyond end of device [ 145.368333][ T6400] loop3: rw=524288, sector=8, nr_sectors = 32 limit=16