last executing test programs: 4.74873757s ago: executing program 3 (id=156): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r0, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c) sendto$inet6(r0, &(0x7f0000000100)="b8", 0xffe0, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f0000000080)={0x0, 0x2a}, &(0x7f0000000240)=0x8) 4.502656261s ago: executing program 3 (id=158): sendmsg$key(0xffffffffffffffff, &(0x7f0000000000)={0x270, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="02"], 0x10}}, 0x0) io_submit(0x0, 0x1, &(0x7f0000000200)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x9, 0x2) socket$kcm(0x10, 0x2, 0x0) ioctl$vim2m_VIDIOC_G_FMT(r0, 0xc0285629, &(0x7f0000000080)={0x3, @win={{0x2}, 0x7, 0x0, &(0x7f0000000040)={{0x6, 0x0, 0x0, 0x4}}, 0x0, 0x0}}) 4.262600843s ago: executing program 3 (id=160): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000090024206d041cc340000000000109022400010000a00009040000010301010009210008000122010009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000380)={0x2c, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20, 0x29, 0xf, {0xf, 0x29, 0x2, 0x18, 0x0, 0x6d, "dcb9e7f3", "8173828d"}}, 0x0}, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) 3.829441805s ago: executing program 1 (id=163): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4000000}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r0}, 0x0, &(0x7f0000000040)}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0xb, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r1, 0x2000000, 0x11, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 3.341867458s ago: executing program 1 (id=164): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x8000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fd7000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_NESTED_STATE(r2, 0x4080aebf, &(0x7f0000003680)=@vmx={0x0, 0x0, 0x2080, {0x4000, 0x58000, {0x4}, 0x0, 0x2}}) 2.950756216s ago: executing program 1 (id=167): timer_create(0xfffffffffffffffc, 0x0, &(0x7f0000001400)) timer_create(0xfffffffc, 0x0, &(0x7f0000000040)=0x0) timer_settime(r0, 0x0, &(0x7f000006b000)={{}, {0x0, 0x989680}}, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000380)={{}, {0x0, 0x9}}, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) 2.715640759s ago: executing program 1 (id=168): r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/netlink\x00') preadv(r0, &(0x7f0000000600)=[{&(0x7f0000000280)=""/215, 0xd7}], 0x1, 0x6c, 0x0) r1 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000003005740ed0b0011c3ec000000010902120001000000000904"], 0x0) syz_usb_control_io$uac1(r1, 0x0, &(0x7f00000004c0)={0x44, &(0x7f0000000280)=ANY=[@ANYBLOB="000001080000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, 0x0) 2.318195586s ago: executing program 3 (id=170): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000580)={'wlan0\x00', 0x0}) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000840), 0xffffffffffffffff) sendmsg$NL80211_CMD_CONNECT(r2, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)={0x2c, r3, 0x1, 0x70bd27, 0x25dfdbff, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @crypto_settings=[@NL80211_ATTR_CONTROL_PORT_OVER_NL80211={0x4}]]}, 0x2c}, 0x1, 0x0, 0x0, 0x4040010}, 0x0) 2.139972028s ago: executing program 3 (id=171): syz_mount_image$f2fs(&(0x7f0000000040), &(0x7f0000000680)='./file2\x00', 0x800000, &(0x7f00000007c0)=ANY=[@ANYBLOB="6e6f757365725f78617474722c666c7573685f6d657267652c6673796e635f6d6f64653d706f7369782c64697361626c655f6578745f6964656e746966792c6261636b67726f756e645f67633d73796e632c6673796e635f6d6f64653d7374726963742c6e6f626172726965722c6e6f696e6c696e655f646174612c6e6f626172726965722c71756f74612c6261636b67726f756e645f67633d6f66662c6e6f61636c2c6e6f657874656e745f63616368652c6e6f646973636172642c6163746976655f6c6f67733d342c00e62bc03000c35169ed09803fa1bee488c680f339e530b5e8ad120a2b4f078093a8e0ba2b3d1b5fe99356b80a454c1ec2f8e12392bbffe9fae2fa05e18a6b61f5eded2e484f574d2757a5fe762c770477aa3460313ee54451c6a6159eca600d6c85a8c09cef9996dc851a5f5edf1a4a22576c6dfe6b9e8dade2d3a8e6a8c7710733c1f69aabd8880291"], 0x1, 0x5504, &(0x7f000000c0c0)="$eJzs3M1rI2UYAPB32u1+uxbx4G0HFqGFTWj6seit6i5+YJey6sGTpsk0ZDfJlCZNa08ePIoH/xNR8OTRv8GDZ2/iQfEmKJl3qls/QGma2O3vB5Nn5p03zzxvKIVnJiQA59Z8+vOPSbgRroQQZkMI10Mo9pNyK6zH8Fx5buaxLSnHfx+4GEK4GkK4MUoecyblqU9vD2+t/fDGT199c+nCtc++/HZ6qwam7fkQQncn7u93Y8xbMT4sx+vDdhG7q8MyxhPdR+VxHuN+tlVk2K8fzasXcaUV5+c7e/1R3O7UG6PYam8X4zu9eMH+sHWUp3jDw/pucdzMtorY7udFbB3Gug4O4/+2w/4g5mmW+T4o0ofB4CjG8ewgi+vZeVTERm9Qjse8eTM7GMVhGcvLhUbeaRZ1bJ3kk/5/e7Pd2ztIh9luv5330rVq7YVq7U6ltps3s0G2Wql3m3dW04VWZzStMsjq3fVWnrc6WbWRdxfThVajUanV0oW72Va73ktrtepKdamytlju3U5fvf9O2mmmC6P4cru3N2h3+ul2vpvGdyymy9WVFxfTW7X0rY3NdPPBvXsbm2+/d/fd+y9tvP5KOekvZaULy0vLy5XaUmW5tniO1v9RWfQY1w8nkky7AICz57/2/zf1/8AYnF7/v/sghNPv/4P+fyzOVP973vv/U1g/nIj+HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg3Ppu7vPXip35eHytHH+qHHqmPE5CCDMhhF//xmy4eCznbJln7h/mz/2phq+TUGQYXeNSuV0NIayX2y9Pn/anAAAAAE+uLz68+Uns1uPL/LQLYpLiTZuZ6++PKV8SQpib/35M2WZGL8+OKVnx930hHIwpW3ED6/KYksVbbhfGle1fmT0WLj8WkhhmJloOAAAwEcc7gcl2IQAAAEzSx9MugOlIwtGjzKNnwcU37/94IHjl2BEAAABwBiXTLgAAAAA4dUX/7/f/AAAA4MkWf/8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH5j535yUgfiOID/WuiD9y+PvLj3Ku7gGB7BpUvDAbwER8AreAHPgDuPYMDQqUQU3XRKI/l8kjJMQ77MELqY3yQDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHTpsVrO7m7Ob9vmrDft5JkNAAAAcMiqWs7qN5PU/93c/9vc+t/0i4goI+LQ2n0QP/YyB01O9cnnq3djuI+oE7bfMWquXxFx0VzP/7r+FQAAAOB0PcwX07RaTy+TvgfEMaWiTfnnMlNeERHV5ClTWrnNO8sUVv+/h3GdKa0uYI0zhaWS2zBX2kcHouvHfVe1G79pitSUX0dmmzsAAHBEg72mw1UIAAAAPbvqewD0o4jXrczdVuAoNc323s+9HgAAAPANFX0PAAAAAOhcvf53/h8AAACctnT+HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF1aVctZNV9M2+asN+3kmQ0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALywP+8oEAJhEAZ713cmc//DSoOmpiZVIHz8jcEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAm9/95f/E1DiTzL02lp5HkrVTY+vU2Ds3jv4wvn4NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwMX+vKRACARBFMwZ/zvp+x9WEvQMIkRAw6OKWjQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBFv/vl/8TUOJPMnTaWjkeStavG1lVj70Hj6MF4+zcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwMXO/bzGUcUBAP/uzs7WVsUYJYeIKHjQi023tbU38aAED/4JQki3NXbrjzYHW4qQizfJuRfRo4igxFv/h55b6KXeesihghcvlTc/kmkMuFo7s20+H3jzvjsZ3vu+GQj5zkwWAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgNr2u7txljZzZdyv9t28d3U19bf29Mn1zduLqaW412bSj4eXmx96C90lAgAAwMGR1fV9RNzJt5ZT358r6v+8PibV/N89W8Z1Pb+37q/7uvZP7ddf7r64M9FcOU8a9OzaZHzs76kMHt0qZ9tz/3jEoDjzxb2XrLgg/Q82XtjOi/PZ++bGjfeGRXiojWwBgP/iaN1XQf33UOpHXSYGwIExaBTedf2fzXWbEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAbtjfi6TruRcTiYDdObt27urpff33z9mLdTl27ttkcMw2RR8TZtcn4WItrmXWXLl85vzKZjC+2H7wSEV3N/k61/PMfTXFwRCfnR/A/Bf3qYs9KPg8T5NVaHv1cHf1CAgDgiZVXLdX1d/Kt5bSvNx9x//sH6//XG3FMWf/f/fjUzeZczfp/1NoKZ9/S+oXPly5dvvLm2oWVc+Nz40/fOj56e3Ti9MmTp5eKeyVL7pgAAADwcIZVa9b/wz3HpJ8dacQxZf3/xbejr5rjZOr/fe0+9Os6EwAAgIPt+Vf/+L23z/7ecBhfrqyvXxyV253Px8ttB6n+a4eq1qz/s/muswIAAADasL3Re+D9/zONOKZ8/v/MDy/91Bwzi4jD1fP/o6ufTc60t5yZ1sa/Lne9RgAAALp1uGrN5//5fKr/+zuvPPQj4o3Xyrj6GsCp6v/s/a9/bM7VfP//RHtLnEn9hfJ8FP1CxGCh64wAAAB4Uv15P+KpKFsq9n/Lt5Y/+fnIh0Pv/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC07a8AAAD//3npOno=") sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x44080) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000780)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}, {@userxattr}]}) 1.714978141s ago: executing program 0 (id=174): r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000580)=[@in={0x2, 0x4e21, @local}], 0x10) sendmsg$inet_sctp(r0, &(0x7f0000000700)={&(0x7f0000000340)=@in={0x2, 0x4e21, @local}, 0x10, &(0x7f00000006c0)=[{&(0x7f0000000380)='N', 0x1}], 0x1, 0x0, 0x0, 0x804c040}, 0x1) r1 = dup(r0) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r1, 0x84, 0x6c, &(0x7f0000000100), &(0x7f0000000180)=0x8) 1.432966707s ago: executing program 0 (id=176): r0 = socket$inet6_udp(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000000500)={0xa, 0x4e20, 0xffffffff, @mcast2, 0x1}, 0x1c) r1 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r1, 0x29, 0x4e, &(0x7f0000000040)=0x78, 0x4) bind$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x7fe00, @private0={0xfc, 0x0, '\x00', 0x1}, 0x6}, 0x1c) 1.404146862s ago: executing program 2 (id=177): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x1e, &(0x7f0000000180)=0x400000001, 0xc2) setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000340)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000200)={0xa, 0xfffc, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}}, 0x1c) shutdown(r0, 0x0) 1.305230396s ago: executing program 2 (id=178): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f0000000240), 0x3, 0x56a, &(0x7f00000015c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH") r0 = inotify_init1(0x0) inotify_add_watch(r0, &(0x7f0000000000)='.\x00', 0x50007a2) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0) getdents64(r1, &(0x7f0000000000)=""/49, 0x31) 1.300537635s ago: executing program 0 (id=179): mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='affs\x00', 0xc0800, &(0x7f0000000240)='/dev/cpu/#/msr\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) mount$fuseblk(&(0x7f0000002440), &(0x7f0000000040)='./file0\x00', &(0x7f00000003c0), 0x200840d, &(0x7f00000001c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x2000}}) 1.07223466s ago: executing program 1 (id=180): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000600)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50) bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0, 0xffffffffffffffff}, 0x4) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xc, 0x10, &(0x7f0000000740)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000020000007b8a00fe0000000087080000000000007b8af0ff00000000bda100000000000027000000f8ffffffbfa400000000000007040000f0ffffffb70200000200000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b704000008000000850000004900000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000900)={r2, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000040)="7638300c000000000000e9000000", 0x0, 0x0, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) 920.523266ms ago: executing program 0 (id=181): r0 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, 0x0) ioctl$sock_bt_hidp_HIDPCONNADD(r0, 0x400448c8, &(0x7f0000000280)={r1, r1, 0x1, 0x1, &(0x7f0000000000)="8d", 0x9, 0x3, 0xb57, 0x2, 0xc338, 0x2, 0x7, 'syz0\x00'}) 849.484015ms ago: executing program 2 (id=182): mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x9c35b528d9c50919, 0x5d031, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000600)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4}) ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000000)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000199000/0x800000)=nil, 0x800000}) 776.329473ms ago: executing program 1 (id=183): r0 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r0, 0x6, 0x21, &(0x7f0000000040)="5766b1b827f600333b09d3748ee7d700", 0x10) listen(r0, 0x0) ppoll(&(0x7f0000000000)=[{r0, 0x8200}], 0x1, 0x0, 0x0, 0x0) shutdown(r0, 0x1) 592.127564ms ago: executing program 0 (id=184): r0 = syz_open_dev$vim2m(&(0x7f00000001c0), 0x7fff, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f00000000c0)={0x2, 0x1, 0x1}) ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f0000000000)=0x1) ioctl$vim2m_VIDIOC_DQBUF(r0, 0xc0585611, &(0x7f0000000040)=@overlay={0x0, 0x1, 0x4, 0x0, 0xd, {}, {0x4, 0x0, 0x0, 0x1, 0x0, 0x0, "12848098"}, 0x3}) ioctl$vim2m_VIDIOC_QBUF(r0, 0xc058560f, &(0x7f0000000140)=@multiplanar_mmap={0x0, 0x1, 0x4, 0x0, 0x0, {}, {0x0, 0x1, 0x0, 0x0, 0x0, 0x0, "a730b801"}, 0x0, 0x1, {0x0}}) 442.92081ms ago: executing program 2 (id=185): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a44000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc0800034000000014480000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a31000000001c0003801800008008000340000000020c000440000000000000000b14000000110001"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETSETELEM(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)={0x2c, 0xd, 0xa, 0x301, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}]}, 0x2c}, 0x1, 0x0, 0x0, 0x24000801}, 0x8000) 330.313873ms ago: executing program 2 (id=186): r0 = syz_io_uring_setup(0x10f, &(0x7f0000000380)={0x0, 0xb5ac, 0x400, 0x0, 0x4003}, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000440)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_SHUTDOWN={0x22, 0x9, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x1, 0x0, 0x1}) io_uring_enter(r0, 0x3516, 0x0, 0x0, 0x0, 0x0) select(0x0, 0x0, 0x0, 0x0, &(0x7f0000000740)={0x0, 0xea60}) 273.999874ms ago: executing program 3 (id=187): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000008c0)={'wlan0\x00', 0x0}) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r0) sendmsg$NL80211_CMD_DEL_PMKSA(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x58, r3, 0x1, 0x70bd26, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_PMK={0x14, 0xfe, "2645d40c7af5d6eceda2eddd003a1b48"}, @NL80211_ATTR_FILS_CACHE_ID={0x6}, @NL80211_ATTR_PMKID={0x14, 0x55, "52d10a58e52e19bcb8fd206be0abbf6e"}]}, 0x58}}, 0x0) 153.150165ms ago: executing program 0 (id=188): syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./bus\x00', 0x0, &(0x7f0000000140)=ANY=[@ANYRES8=0x0], 0x1, 0x30e, &(0x7f0000000f00)="$eJzs3E1rE10UwPGTNEnTlHayeHhEQXrRjW6GNu7FIC2IAUttxBcQp81EQ8akZEIlIrZduXEhfggXpcvuCtov0I07V27cdSO4sAtxJDOTl7aJrWnSWPv/QZlD7j0z9+Y24dyBzPbdN0/zWVvPGmUJRpUERER2ROISlJqAfwy6cUSaLcvl4W+fzt++d/9mMpWanFFqKjl7JaGUGh17/+zFkN9tY1C24g+3vya+bP2/dXb75+yTnK1ytioUy8pQc8XPZWPOMlUmZ+d1paYt07BNlSvYZslrd5ZELFNlreLCQkUZhcxIbKFk2rYyChWVNyuqXFTlUkUZj41cQem6rkZigoOkV2dmjGSHyfNdHgx6pFRKGgMiMrSvJb3alwEBAIC+8uv/erUfrJb0ndT/oZb1/9qFzfLwnfVRv/7fiFTrf5Gm+v9R41ymygTr9X9URBr1f9HbH3S7/t9fEZ1sr3cvjjhOPYy06n+k+h8nRLX+j/mfX9fKg7VxN6D+BwAAAAAAAAAAAAAAAAAAAADgJNhxHM1xHM07DvivOtqgiETdX5B47X0eJnpk9/o3/lj/06Hx4I7QqIj1ajG9mPaOfodNEbHElHHR5If7/+CrxpFl5XZSVXH5YC35+UuLae+7JJmVnJs/IZrE9+Y7ztSN1OSE8uzOD0usOT8hmvzXOj+xNz9cPUbk0sWmfF00+TgvRbEk4/8yrpb/ckKp67dSe64/5PYDAAAAAOBfoKu6+v59sLld39/u7Y+9dm9/HZLW9we8/fV4y/19SM6F+jVrAAAAAABOF7vyPG9YllnqUbAiIj2+RJugNsPDZtUekNumT0AC7Zq6ENQu3ll6dWxdG0/4UO9YsKOhjkX+cFFaBrXbRu36yHQnZ3Y0kaO+h2fevvv++z7enTGRw5zw6nr0gJl2GkQOmmn42L6AAAAAABybRtFfe+VafwcEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMApdByP4uv3HAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIC/xa8AAAD//46ZAFE=") openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x800c4, 0x0) truncate(&(0x7f0000000000)='./bus\x00', 0x9471) r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x8) fallocate(r0, 0x1, 0x8e13, 0x8ffff) 0s ago: executing program 2 (id=189): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000500)=ANY=[@ANYBLOB="12010000000000207d1e5a2d00000000000109022400010000000009040000010300000009210000000122080009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000140)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="002208000000a20100c3"], 0x0}, 0x0) r1 = syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x0) ioctl$HIDIOCSREPORT(r1, 0x400c4808, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.77' (ED25519) to the list of known hosts. [ 82.267762][ T5756] cgroup: Unknown subsys name 'net' [ 82.407365][ T5756] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 84.105224][ T5756] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 85.719741][ T5769] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 85.729743][ T5769] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 85.737081][ T5769] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 85.744959][ T5769] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 85.753786][ T5769] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 85.764100][ T5778] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 85.772232][ T5769] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 85.788597][ T5769] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 85.801714][ T5777] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 85.809574][ T5777] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 85.818573][ T5777] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 85.826157][ T5779] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 85.834145][ T5779] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 85.838776][ T5776] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 85.842514][ T5779] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 85.859557][ T51] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 85.898360][ T5773] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 85.909883][ T5776] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 85.915454][ T5773] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 85.927104][ T5773] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 85.928321][ T5776] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 85.936290][ T5773] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 85.951678][ T5083] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 85.960237][ T5083] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 86.444521][ T5767] chnl_net:caif_netlink_parms(): no params data found [ 86.475395][ T5771] chnl_net:caif_netlink_parms(): no params data found [ 86.544070][ T5770] chnl_net:caif_netlink_parms(): no params data found [ 86.600452][ T5772] chnl_net:caif_netlink_parms(): no params data found [ 86.735693][ T5771] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.743825][ T5771] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.752067][ T5771] bridge_slave_0: entered allmulticast mode [ 86.759489][ T5771] bridge_slave_0: entered promiscuous mode [ 86.775650][ T5767] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.782866][ T5767] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.790376][ T5767] bridge_slave_0: entered allmulticast mode [ 86.797312][ T5767] bridge_slave_0: entered promiscuous mode [ 86.812655][ T5771] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.820052][ T5771] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.827300][ T5771] bridge_slave_1: entered allmulticast mode [ 86.834722][ T5771] bridge_slave_1: entered promiscuous mode [ 86.869706][ T5767] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.876892][ T5767] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.884365][ T5767] bridge_slave_1: entered allmulticast mode [ 86.892358][ T5767] bridge_slave_1: entered promiscuous mode [ 86.976132][ T5767] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.989692][ T5771] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.001986][ T5767] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.011969][ T5770] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.019431][ T5770] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.026627][ T5770] bridge_slave_0: entered allmulticast mode [ 87.034137][ T5770] bridge_slave_0: entered promiscuous mode [ 87.054700][ T5771] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.096997][ T5770] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.104433][ T5770] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.112233][ T5770] bridge_slave_1: entered allmulticast mode [ 87.120336][ T5770] bridge_slave_1: entered promiscuous mode [ 87.127278][ T5772] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.134647][ T5772] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.142015][ T5772] bridge_slave_0: entered allmulticast mode [ 87.150151][ T5772] bridge_slave_0: entered promiscuous mode [ 87.175795][ T5771] team0: Port device team_slave_0 added [ 87.200135][ T5771] team0: Port device team_slave_1 added [ 87.231581][ T5772] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.241994][ T5772] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.249427][ T5772] bridge_slave_1: entered allmulticast mode [ 87.257000][ T5772] bridge_slave_1: entered promiscuous mode [ 87.280941][ T5767] team0: Port device team_slave_0 added [ 87.302473][ T5770] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.327772][ T5770] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.340185][ T5767] team0: Port device team_slave_1 added [ 87.361922][ T5772] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.400309][ T5771] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.407327][ T5771] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.434206][ T5771] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.449340][ T5772] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.496951][ T5771] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.505299][ T5771] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.532080][ T5771] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 87.585299][ T5770] team0: Port device team_slave_0 added [ 87.592243][ T5767] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.600797][ T5767] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.627276][ T5767] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.657705][ T5772] team0: Port device team_slave_0 added [ 87.672041][ T5772] team0: Port device team_slave_1 added [ 87.683638][ T5770] team0: Port device team_slave_1 added [ 87.711606][ T5767] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.722584][ T5767] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.754100][ T5767] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 87.860765][ T5770] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.867802][ T5770] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.896254][ T5083] Bluetooth: hci1: command tx timeout [ 87.902180][ T5770] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.923539][ T5771] hsr_slave_0: entered promiscuous mode [ 87.930119][ T5771] hsr_slave_1: entered promiscuous mode [ 87.958286][ T5083] Bluetooth: hci2: command tx timeout [ 87.995715][ T5772] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 88.002944][ T5772] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.032355][ T5772] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.043253][ T5083] Bluetooth: hci3: command tx timeout [ 88.043276][ T5769] Bluetooth: hci0: command tx timeout [ 88.056211][ T5770] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.064836][ T5770] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.091494][ T5770] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.134749][ T5772] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.141939][ T5772] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.168830][ T5772] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.216944][ T5767] hsr_slave_0: entered promiscuous mode [ 88.223811][ T5767] hsr_slave_1: entered promiscuous mode [ 88.231282][ T5767] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 88.240042][ T5767] Cannot create hsr debugfs directory [ 88.278897][ T5770] hsr_slave_0: entered promiscuous mode [ 88.285696][ T5770] hsr_slave_1: entered promiscuous mode [ 88.293427][ T5770] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 88.301143][ T5770] Cannot create hsr debugfs directory [ 88.417504][ T5772] hsr_slave_0: entered promiscuous mode [ 88.424399][ T5772] hsr_slave_1: entered promiscuous mode [ 88.431284][ T5772] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 88.439476][ T5772] Cannot create hsr debugfs directory [ 88.728735][ T5771] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 88.788954][ T5771] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 88.800128][ T5771] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 88.832196][ T5771] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 88.906324][ T5770] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 88.925492][ T5770] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 88.936678][ T5770] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 88.957105][ T5770] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 89.045125][ T5772] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 89.079987][ T5772] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 89.103902][ T5772] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 89.134823][ T5772] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 89.185057][ T5767] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 89.195186][ T5767] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 89.225805][ T5767] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 89.236712][ T5767] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 89.306806][ T5771] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.357317][ T5770] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.383250][ T5771] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.416795][ T3487] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.424230][ T3487] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.453717][ T5770] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.482771][ T3487] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.490000][ T3487] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.506288][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.513478][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.544205][ T3053] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.551396][ T3053] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.643865][ T5772] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.691224][ T5767] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.734617][ T5772] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.764993][ T2968] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.772290][ T2968] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.802954][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.810222][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.831838][ T5767] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.873616][ T3053] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.880887][ T3053] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.917475][ T3053] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.924738][ T3053] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.959001][ T5083] Bluetooth: hci1: command tx timeout [ 90.048508][ T5083] Bluetooth: hci2: command tx timeout [ 90.118722][ T5083] Bluetooth: hci0: command tx timeout [ 90.118828][ T5769] Bluetooth: hci3: command tx timeout [ 90.303239][ T5771] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.386039][ T5770] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.480906][ T5771] veth0_vlan: entered promiscuous mode [ 90.522906][ T5772] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.539696][ T5771] veth1_vlan: entered promiscuous mode [ 90.635841][ T5771] veth0_macvtap: entered promiscuous mode [ 90.655568][ T5770] veth0_vlan: entered promiscuous mode [ 90.666773][ T5771] veth1_macvtap: entered promiscuous mode [ 90.686004][ T5767] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.713919][ T5770] veth1_vlan: entered promiscuous mode [ 90.771028][ T5772] veth0_vlan: entered promiscuous mode [ 90.802613][ T5771] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 90.815437][ T5767] veth0_vlan: entered promiscuous mode [ 90.841933][ T5771] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 90.866117][ T5767] veth1_vlan: entered promiscuous mode [ 90.887023][ T5771] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.897281][ T5771] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.906644][ T5771] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.915500][ T5771] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.935630][ T5770] veth0_macvtap: entered promiscuous mode [ 90.949932][ T5772] veth1_vlan: entered promiscuous mode [ 90.964249][ T5770] veth1_macvtap: entered promiscuous mode [ 91.087010][ T3487] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.097929][ T3487] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.099339][ T5767] veth0_macvtap: entered promiscuous mode [ 91.147420][ T5767] veth1_macvtap: entered promiscuous mode [ 91.167827][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.182501][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.194438][ T5770] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.216380][ T5772] veth0_macvtap: entered promiscuous mode [ 91.255884][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.267609][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.282856][ T5770] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.294697][ T5770] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.304113][ T34] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.313070][ T34] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.322423][ T5770] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.332259][ T5770] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.341928][ T5770] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.364329][ T5767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.384371][ T5767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.395035][ T5767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.408082][ T5767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.420871][ T5767] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.432868][ T5767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.443894][ T5767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.454910][ T5767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.466044][ T5767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.480892][ T5767] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.501135][ T5772] veth1_macvtap: entered promiscuous mode [ 91.521489][ T5767] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.530919][ T5767] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.541962][ T5767] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.551222][ T5767] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.657107][ T5772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.706329][ T5772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.725290][ T5772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.736365][ T5772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.748279][ T5772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.763110][ T5772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.779702][ T5772] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.837742][ T5772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.853131][ T5772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.868804][ T5772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.881569][ T5772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.891619][ T5772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.902354][ T5772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.914932][ T5772] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.956484][ T5772] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.988124][ T5772] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.996900][ T5772] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.013172][ T5772] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.039304][ T5769] Bluetooth: hci1: command tx timeout [ 92.067745][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.089869][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.118376][ T5769] Bluetooth: hci2: command tx timeout [ 92.141394][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.154261][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.167429][ T5837] tap0: tun_chr_ioctl cmd 1074025675 [ 92.179738][ T5837] tap0: persist enabled [ 92.196457][ T5838] tap0: tun_chr_ioctl cmd 1074025675 [ 92.199418][ T5769] Bluetooth: hci3: command tx timeout [ 92.205586][ T5083] Bluetooth: hci0: command tx timeout [ 92.214330][ T5838] tap0: persist enabled [ 92.262929][ T3487] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.292461][ T3487] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.302485][ T27] cfg80211: failed to load regulatory.db [ 92.382409][ T3487] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.400592][ T3487] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.426678][ T5840] syz.0.7[5840]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 92.456303][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.483575][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.513797][ T5840] loop0: detected capacity change from 0 to 128 [ 92.591024][ T27] kernel write not supported for file /3/attr/exec (pid: 27 comm: kworker/1:1) [ 92.627593][ T5840] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 92.704526][ T5840] ext4 filesystem being mounted at /3/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 92.719633][ T2968] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.727531][ T2968] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.779220][ T5846] loop3: detected capacity change from 0 to 64 [ 92.793668][ T28] audit: type=1800 audit(1772073139.080:2): pid=5840 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.7" name="bus" dev="loop0" ino=12 res=0 errno=0 [ 92.952308][ T5848] loop1: detected capacity change from 0 to 512 [ 92.967421][ T5848] EXT4-fs: Ignoring removed bh option [ 93.021925][ T5848] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem [ 93.072334][ T5848] EXT4-fs (loop1): 1 truncate cleaned up [ 93.114234][ T5848] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 93.141623][ T5771] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 93.431638][ T5767] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 93.836807][ T5867] loop2: detected capacity change from 0 to 2048 [ 93.851611][ T5869] warning: `syz.0.17' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 93.924795][ T5867] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 94.009980][ T5867] ext4 filesystem being mounted at /2/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 94.118241][ T5083] Bluetooth: hci1: command tx timeout [ 94.143628][ T5877] Illegal XDP return value 3890495897 on prog (id 5) dev syz_tun, expect packet loss! [ 94.201124][ T5083] Bluetooth: hci2: command tx timeout [ 94.279098][ T5083] Bluetooth: hci3: command tx timeout [ 94.284726][ T5083] Bluetooth: hci0: command tx timeout [ 94.320575][ T5867] overlayfs: Failed to create volatile/dirty file. [ 94.505177][ T5772] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 95.065566][ T5879] loop0: detected capacity change from 0 to 32768 [ 95.098718][ T5881] loop3: detected capacity change from 0 to 40427 [ 95.126236][ T5879] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 95.136129][ T5881] F2FS-fs (loop3): build fault injection attr: rate: 771, type: 0x7ffff [ 95.221831][ T5881] F2FS-fs (loop3): invalid crc value [ 95.288664][ T5881] F2FS-fs (loop3): Found nat_bits in checkpoint [ 95.300188][ T5885] loop1: detected capacity change from 0 to 40427 [ 95.363041][ T5885] F2FS-fs (loop1): invalid crc value [ 95.371314][ T5885] F2FS-fs (loop1): Found nat_bits in checkpoint [ 95.380006][ T5879] XFS (loop0): Ending clean mount [ 95.441258][ T5879] XFS (loop0): Quotacheck needed: Please wait. [ 95.623258][ T5881] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 95.645101][ T5885] F2FS-fs (loop1): Start checkpoint disabled! [ 95.659706][ T5879] XFS (loop0): Quotacheck: Done. [ 95.731272][ T5885] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [ 95.773510][ T5909] loop8: detected capacity change from 0 to 7 [ 95.799618][ T5909] Dev loop8: unable to read RDB block 7 [ 95.842731][ T5909] loop8: unable to read partition table [ 95.882929][ T5909] loop8: partition table beyond EOD, truncated [ 95.895944][ T5881] syz.3.23: attempt to access beyond end of device [ 95.895944][ T5881] loop3: rw=10241, sector=45096, nr_sectors = 8 limit=40427 [ 95.916775][ T5909] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5) [ 95.941981][ T28] audit: type=1804 audit(1772073142.230:3): pid=5885 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.24" name="/newroot/4/file0/file0" dev="loop1" ino=10 res=1 errno=0 [ 96.114432][ T5770] syz-executor: attempt to access beyond end of device [ 96.114432][ T5770] loop3: rw=2049, sector=45104, nr_sectors = 8 limit=40427 [ 96.149278][ T5771] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 96.174649][ T5770] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 96.332257][ T12] kworker/u4:1: attempt to access beyond end of device [ 96.332257][ T12] loop1: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 96.399557][ T12] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 96.406631][ T12] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 96.429693][ T28] audit: type=1326 audit(1772073142.720:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5913 comm="syz.2.33" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff1bc59c629 code=0x0 [ 96.784872][ T5917] batadv0: entered promiscuous mode [ 96.801618][ T5917] macvlan1: entered promiscuous mode [ 96.821376][ T5917] hsr1: entered promiscuous mode [ 96.826613][ T5917] hsr1: entered allmulticast mode [ 96.839774][ T5917] batadv0: entered allmulticast mode [ 96.848464][ T5917] macvlan1: entered allmulticast mode [ 96.865557][ T5917] veth1_vlan: entered allmulticast mode [ 97.085348][ T5920] loop0: detected capacity change from 0 to 512 [ 97.090272][ T5921] ======================================================= [ 97.090272][ T5921] WARNING: The mand mount option has been deprecated and [ 97.090272][ T5921] and is ignored by this kernel. Remove the mand [ 97.090272][ T5921] option from the mount to silence this warning. [ 97.090272][ T5921] ======================================================= [ 97.151198][ T5920] EXT4-fs error (device loop0): ext4_iget_extra_inode:4732: inode #15: comm syz.0.34: corrupted in-inode xattr: invalid ea_ino [ 97.190750][ T5920] EXT4-fs error (device loop0): ext4_orphan_get:1403: comm syz.0.34: couldn't read orphan inode 15 (err -117) [ 97.233625][ T5920] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 97.279254][ T5926] overlayfs: workdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 97.481080][ T5771] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 97.625102][ T5934] loop2: detected capacity change from 0 to 256 [ 97.674857][ T5934] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x8f9fe1ed, utbl_chksum : 0xe619d30d) [ 98.343490][ T5948] loop3: detected capacity change from 0 to 128 [ 98.371645][ T5948] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256 [ 98.373269][ T5936] loop0: detected capacity change from 0 to 32768 [ 98.405023][ T5948] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 98.479711][ T28] audit: type=1800 audit(1772073144.770:5): pid=5936 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.38" name="file1" dev="loop0" ino=4 res=0 errno=0 [ 98.671034][ T5831] kernel read not supported for file /dsp1 (pid: 5831 comm: kworker/1:5) [ 98.969258][ T5955] netlink: 32 bytes leftover after parsing attributes in process `syz.2.48'. [ 98.994270][ T5955] netlink: 16 bytes leftover after parsing attributes in process `syz.2.48'. [ 99.007091][ T5954] loop3: detected capacity change from 0 to 2048 [ 99.080789][ T5954] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 99.191430][ T5959] loop2: detected capacity change from 0 to 1024 [ 99.773254][ T12] hfsplus: b-tree write err: -5, ino 4 [ 99.804434][ T5970] capability: warning: `syz.3.55' uses 32-bit capabilities (legacy support in use) [ 100.880383][ T5994] loop1: detected capacity change from 0 to 8192 [ 100.887464][ T5982] loop0: detected capacity change from 0 to 32768 [ 100.933469][ T5994] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 100.956689][ T5982] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 100.973439][ T5994] REISERFS (device loop1): found reiserfs format "3.5" with non-standard journal [ 101.009982][ T5994] REISERFS (device loop1): using ordered data mode [ 101.092905][ T5982] XFS (loop0): Ending clean mount [ 101.105306][ T5994] reiserfs: using flush barriers [ 101.122725][ T5982] XFS (loop0): Quotacheck needed: Please wait. [ 101.143220][ T5994] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 101.227001][ T5994] REISERFS (device loop1): checking transaction log (loop1) [ 101.231424][ T5982] XFS (loop0): Quotacheck: Done. [ 101.298076][ T5994] REISERFS (device loop1): Using r5 hash to sort names [ 101.330313][ T5994] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage. [ 101.443052][ T6011] netlink: 28 bytes leftover after parsing attributes in process `syz.3.69'. [ 101.546779][ T5982] XFS (loop0): User initiated shutdown received. [ 101.557537][ T5982] XFS (loop0): Metadata I/O Error (0x4) detected at xfs_fs_goingdown+0x105/0x150 (fs/xfs/xfs_fsops.c:491). Shutting down filesystem. [ 101.577076][ T5982] XFS (loop0): Please unmount the filesystem and rectify the problem(s) [ 101.742904][ T5771] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 101.767337][ T6018] futex_wake_op: syz.2.73 tries to shift op by 32; fix this program [ 101.948898][ T789] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 102.098348][ T5831] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 102.117154][ T6024] loop0: detected capacity change from 0 to 512 [ 102.131541][ T6024] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended [ 102.145411][ T6024] EXT4-fs (loop0): Errors on filesystem, clearing orphan list. [ 102.157322][ T6024] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 102.171218][ T789] usb 4-1: Using ep0 maxpacket: 32 [ 102.181904][ T789] usb 4-1: config 0 interface 0 altsetting 1 endpoint 0x81 has an invalid bInterval 214, changing to 11 [ 102.193789][ T789] usb 4-1: config 0 interface 0 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 102.207005][ T789] usb 4-1: config 0 interface 0 has no altsetting 0 [ 102.213855][ T789] usb 4-1: New USB device found, idVendor=28bd, idProduct=0933, bcdDevice= 0.00 [ 102.225432][ T789] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 102.253417][ T789] usb 4-1: config 0 descriptor?? [ 102.259924][ T6024] EXT4-fs warning (device loop0): dx_probe:869: inode #2: comm syz.0.74: Unimplemented hash flags: 0x0001 [ 102.279562][ T6024] EXT4-fs warning (device loop0): dx_probe:966: inode #2: comm syz.0.74: Corrupt directory, running e2fsck is recommended [ 102.288445][ T1196] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 102.308246][ T5831] usb 2-1: Using ep0 maxpacket: 8 [ 102.325500][ T6027] EXT4-fs warning (device loop0): dx_probe:869: inode #2: comm syz.0.74: Unimplemented hash flags: 0x0001 [ 102.335748][ T5831] usb 2-1: config index 0 descriptor too short (expected 301, got 45) [ 102.337205][ T6027] EXT4-fs warning (device loop0): dx_probe:966: inode #2: comm syz.0.74: Corrupt directory, running e2fsck is recommended [ 102.364121][ T5831] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 102.393237][ T5831] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 102.407898][ T5831] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 102.421230][ T5831] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 102.431804][ T5771] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 102.439274][ T5831] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 102.452618][ T5831] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 102.496673][ T1196] usb 3-1: config 0 has no interfaces? [ 102.502403][ T1196] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 102.513501][ T1196] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 102.531962][ T1196] usb 3-1: config 0 descriptor?? [ 102.634841][ T6029] netlink: 4 bytes leftover after parsing attributes in process `syz.0.76'. [ 102.709143][ T5831] usb 2-1: usb_control_msg returned -32 [ 102.722541][ T5831] usbtmc 2-1:16.0: can't read capabilities [ 102.749683][ T789] input: HID 28bd:0933 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:28BD:0933.0001/input/input5 [ 102.809749][ T1196] usb 3-1: USB disconnect, device number 2 [ 102.920651][ T789] uclogic 0003:28BD:0933.0001: input,hidraw0: USB HID v5f.b2 Mouse [HID 28bd:0933] on usb-dummy_hcd.3-1/input0 [ 102.963685][ T6029] team0: Port device team_slave_0 removed [ 102.973677][ T789] usb 4-1: USB disconnect, device number 2 [ 103.117271][ T6032] usbtmc 2-1:16.0: INITIATE_CLEAR returned 0 [ 103.188953][ T6030] fido_id[6030]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory [ 103.320819][ T788] usb 2-1: USB disconnect, device number 2 [ 103.371170][ T6037] process 'syz.0.77' launched './file1' with NULL argv: empty string added [ 104.047993][ T6043] loop1: detected capacity change from 0 to 64 [ 104.683427][ T6039] loop2: detected capacity change from 0 to 32768 [ 104.766681][ T6039] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 104.807990][ T0] NOHZ tick-stop error: local softirq work is pending, handler #10!!! [ 104.898588][ T6039] XFS (loop2): Ending clean mount [ 104.935136][ T6039] XFS (loop2): Quotacheck needed: Please wait. [ 104.988382][ T23] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 105.016002][ T6039] XFS (loop2): Quotacheck: Done. [ 105.157744][ T5772] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 105.188680][ T788] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 105.200599][ T23] usb 2-1: Using ep0 maxpacket: 32 [ 105.211014][ T23] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 105.235335][ T23] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 105.246159][ T23] usb 2-1: config 0 interface 0 altsetting 245 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 105.264462][ T23] usb 2-1: config 0 interface 0 has no altsetting 1 [ 105.293792][ T23] usb 2-1: New USB device found, idVendor=0582, idProduct=0033, bcdDevice=8e.57 [ 105.316511][ T23] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 105.326213][ T23] usb 2-1: Product: syz [ 105.331014][ T23] usb 2-1: Manufacturer: syz [ 105.335766][ T23] usb 2-1: SerialNumber: syz [ 105.372377][ T23] usb 2-1: config 0 descriptor?? [ 105.385840][ T23] usb 2-1: Quirk or no altest; falling back to MIDI 1.0 [ 105.417303][ T788] usb 1-1: config index 0 descriptor too short (expected 45, got 36) [ 105.433163][ T788] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 105.478164][ T788] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 105.519337][ T788] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 105.545093][ T23] snd-usb-audio: probe of 2-1:0.0 failed with error -2 [ 105.553158][ T788] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 105.569366][ T788] usb 1-1: config 0 descriptor?? [ 105.672117][ T5906] udevd[5906]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 105.752111][ T5831] usb 2-1: USB disconnect, device number 3 [ 105.993753][ T6070] loop2: detected capacity change from 0 to 1024 [ 106.037557][ T788] plantronics 0003:047F:FFFF.0002: unknown main item tag 0xd [ 106.065895][ T6070] EXT4-fs (loop2): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 106.082890][ T788] plantronics 0003:047F:FFFF.0002: No inputs registered, leaving [ 106.098508][ T6070] ext4 filesystem being mounted at /23/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 106.159948][ T788] plantronics 0003:047F:FFFF.0002: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 106.241510][ T6070] EXT4-fs error (device loop2): ext4_map_blocks:718: inode #15: block 2: comm syz.2.88: lblock 2 mapped to illegal pblock 2 (length 4) [ 106.316330][ T6070] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 2 with max blocks 4 with error 117 [ 106.330299][ T6070] EXT4-fs (loop2): This should not happen!! Data will be lost [ 106.330299][ T6070] [ 106.409375][ T12] EXT4-fs error (device loop2): ext4_map_blocks:718: inode #15: block 8: comm kworker/u4:1: lblock 8 mapped to illegal pblock 8 (length 8) [ 106.460205][ T23] usb 1-1: USB disconnect, device number 2 [ 106.479949][ T12] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 8 with max blocks 8 with error 117 [ 106.515839][ T12] EXT4-fs (loop2): This should not happen!! Data will be lost [ 106.515839][ T12] [ 106.565818][ T5772] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 106.580923][ T6080] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 106.910051][ T6090] loop1: detected capacity change from 0 to 128 [ 107.578266][ T5831] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 107.598119][ T5813] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 107.636205][ T6094] loop3: detected capacity change from 0 to 32768 [ 107.695533][ T6094] JBD2: Ignoring recovery information on journal [ 107.773163][ T6094] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 107.781486][ T5831] usb 3-1: Using ep0 maxpacket: 16 [ 107.795834][ T5831] usb 3-1: unable to get BOS descriptor or descriptor too short [ 107.810362][ T5813] usb 1-1: Using ep0 maxpacket: 16 [ 107.828914][ T5813] usb 1-1: config 0 has an invalid interface number: 34 but max is 0 [ 107.829297][ T5831] usb 3-1: unable to read config index 0 descriptor/start: -71 [ 107.854631][ T5813] usb 1-1: config 0 has no interface number 0 [ 107.871145][ T5813] usb 1-1: config 0 interface 34 altsetting 0 bulk endpoint 0xA has invalid maxpacket 1023 [ 107.879026][ T5831] usb 3-1: can't read configurations, error -71 [ 107.908155][ T5813] usb 1-1: config 0 interface 34 altsetting 0 endpoint 0x82 has invalid maxpacket 1104, setting to 1024 [ 107.934138][ T6110] loop1: detected capacity change from 0 to 256 [ 107.939616][ T5813] usb 1-1: config 0 interface 34 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 1024 [ 107.977531][ T5813] usb 1-1: New USB device found, idVendor=0b95, idProduct=772a, bcdDevice=82.73 [ 108.001400][ T5813] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 108.017495][ T6110] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 108.029702][ T5813] usb 1-1: Product: syz [ 108.042896][ T5813] usb 1-1: Manufacturer: syz [ 108.054304][ T5813] usb 1-1: SerialNumber: syz [ 108.085960][ T5813] usb 1-1: config 0 descriptor?? [ 108.107208][ T6101] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 108.125237][ T6101] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 108.196354][ T5770] ocfs2: Unmounting device (7,3) on (node local) [ 108.380635][ T6101] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 108.398309][ T6101] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 108.598982][ T6118] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 108.643500][ T5813] asix 1-1:0.34 (unnamed net_device) (uninitialized): invalid hw address, using random [ 108.849226][ T5813] asix 1-1:0.34 (unnamed net_device) (uninitialized): invalid PHY address: 115 [ 109.385096][ T6125] loop1: detected capacity change from 0 to 32768 [ 109.431619][ T6125] XFS (loop1): Mounting V5 Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd [ 109.590715][ T6125] XFS (loop1): Ending clean mount [ 109.700428][ T6147] loop3: detected capacity change from 0 to 8192 [ 109.740621][ T6147] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 109.754049][ T6147] REISERFS (device loop3): found reiserfs format "3.5" with non-standard journal [ 109.764498][ T6147] REISERFS (device loop3): using ordered data mode [ 109.771618][ T6147] reiserfs: using flush barriers [ 109.780435][ T6147] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 109.797598][ T6147] REISERFS (device loop3): checking transaction log (loop3) [ 109.809999][ T6147] REISERFS (device loop3): Using r5 hash to sort names [ 109.817120][ T6147] REISERFS (device loop3): using 3.5.x disk format [ 109.824920][ T6147] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage. [ 109.898316][ T5767] XFS (loop1): Unmounting Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd [ 109.964094][ T6151] loop2: detected capacity change from 0 to 128 [ 110.001475][ T6151] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256 [ 110.235508][ T6151] UDF-fs: error (device loop2): udf_bitmap_new_block: bitmap for partition 0 corrupted (block 264 marked as free, partition length is 40) [ 110.392680][ T788] usb 1-1: USB disconnect, device number 3 [ 110.714770][ T6165] loop1: detected capacity change from 0 to 512 [ 110.763427][ T6165] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 110.802173][ T6165] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 110.865908][ T6165] EXT4-fs (loop1): 1 truncate cleaned up [ 110.886312][ T6169] loop0: detected capacity change from 0 to 1024 [ 110.899648][ T6165] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 111.008353][ T6165] EXT4-fs error (device loop1): ext4_find_dest_de:2115: inode #2: block 13: comm syz.1.125: bad entry in directory: rec_len is smaller than minimal - offset=24, inode=11, rec_len=8, size=1024 fake=0 [ 111.099557][ T6165] EXT4-fs (loop1): Remounting filesystem read-only [ 111.281591][ T5767] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 111.922063][ T6204] loop3: detected capacity change from 0 to 512 [ 112.244369][ T6215] netlink: 12 bytes leftover after parsing attributes in process `syz.2.147'. [ 112.729192][ T6223] loop2: detected capacity change from 0 to 32768 [ 112.750311][ T6223] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 scanned by syz.2.150 (6223) [ 112.820462][ T6223] BTRFS info (device loop2): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 112.831673][ T6223] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 112.846653][ T6223] BTRFS info (device loop2): setting nodatacow, compression disabled [ 112.857019][ T6223] BTRFS info (device loop2): force clearing of disk cache [ 112.872730][ T6223] BTRFS info (device loop2): enabling ssd optimizations [ 112.880221][ T6223] BTRFS info (device loop2): using spread ssd allocation scheme [ 112.888579][ T6223] BTRFS info (device loop2): turning off barriers [ 112.895248][ T6223] BTRFS info (device loop2): disabling free space tree [ 112.902717][ T6223] BTRFS info (device loop2): not using ssd optimizations [ 112.910349][ T6223] BTRFS info (device loop2): not using spread ssd allocation scheme [ 112.923124][ T6229] input: syz1 as /devices/virtual/input/input7 [ 112.949882][ T6229] input: failed to attach handler leds to device input7, error: -6 [ 112.996716][ T6223] BTRFS info (device loop2): rebuilding free space tree [ 113.148510][ T6223] BTRFS info (device loop2): disabling free space tree [ 113.179655][ T6223] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 113.222571][ T6223] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 114.036031][ T5772] BTRFS info (device loop2): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 114.108171][ T5831] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 114.288195][ T6247] loop0: detected capacity change from 0 to 40427 [ 114.310088][ T6247] F2FS-fs (loop0): build fault injection attr: rate: 771, type: 0x7ffff [ 114.318289][ T5831] usb 4-1: Using ep0 maxpacket: 32 [ 114.351561][ T5831] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 114.377599][ T6247] F2FS-fs (loop0): invalid crc value [ 114.378703][ T5831] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 114.409457][ T5831] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 114.421105][ T6247] F2FS-fs (loop0): Found nat_bits in checkpoint [ 114.458207][ T5831] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 114.500098][ T5831] usb 4-1: config 0 descriptor?? [ 114.564863][ T5831] hub 4-1:0.0: USB hub found [ 114.632402][ T6247] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 114.806327][ T5831] hub 4-1:0.0: 2 ports detected [ 114.940851][ T5771] syz-executor: attempt to access beyond end of device [ 114.940851][ T5771] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 114.955147][ T5771] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 114.979102][ T6275] capability: warning: `syz.2.165' uses deprecated v2 capabilities in a way that may be insecure [ 115.007715][ T5831] hub 4-1:0.0: hub_hub_status failed (err = -71) [ 115.048374][ T5831] hub 4-1:0.0: config failed, can't get hub status (err -71) [ 115.073686][ T5831] usbhid 4-1:0.0: can't add hid device: -71 [ 115.088177][ T5831] usbhid: probe of 4-1:0.0 failed with error -71 [ 115.153354][ T5831] usb 4-1: USB disconnect, device number 3 [ 115.457068][ T6275] mmap: syz.2.165 (6275) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 115.631012][ T23] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 115.727393][ T6285] loop2: detected capacity change from 0 to 2048 [ 115.776867][ T6285] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 115.843866][ T23] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 115.853348][ T23] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 115.864640][ T23] usb 2-1: config 0 descriptor?? [ 115.880243][ T23] cp210x 2-1:0.0: cp210x converter detected [ 115.984479][ T6285] EXT4-fs (loop2): shut down requested (0) [ 116.092351][ T5772] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 116.312769][ T23] cp210x 2-1:0.0: failed to get vendor val 0x0010 size 3: -71 [ 116.336711][ T23] cp210x 2-1:0.0: failed to get vendor val 0x000e size 678: -71 [ 116.352968][ T23] cp210x 2-1:0.0: GPIO initialisation failed: -71 [ 116.375597][ T23] usb 2-1: cp210x converter now attached to ttyUSB0 [ 116.417267][ T23] usb 2-1: USB disconnect, device number 4 [ 116.444466][ T23] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 116.468847][ T23] cp210x 2-1:0.0: device disconnected [ 116.496006][ T6300] netlink: 132 bytes leftover after parsing attributes in process `syz.2.175'. [ 116.772375][ T6308] loop2: detected capacity change from 0 to 1024 [ 116.840037][ T6308] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 116.980169][ T6292] loop3: detected capacity change from 0 to 40427 [ 116.997321][ T6292] F2FS-fs (loop3): Small segment_count (9 < 1 * 24) [ 117.022830][ T6292] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 117.108632][ T6292] F2FS-fs (loop3): Found nat_bits in checkpoint [ 117.135425][ T5772] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 117.265934][ T789] hid-generic 0005:0B57:0002.0003: item fetching failed at offset 0/1 [ 117.322998][ T789] hid-generic: probe of 0005:0B57:0002.0003 failed with error -22 [ 117.351214][ T6292] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 117.378103][ T6292] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 117.613238][ T6292] overlayfs: failed to set xattr on upper [ 117.619912][ T6292] overlayfs: ...falling back to index=off. [ 117.625886][ T6292] overlayfs: ...falling back to uuid=null. [ 117.713585][ T5770] syz-executor: attempt to access beyond end of device [ 117.713585][ T5770] loop3: rw=524288, sector=45064, nr_sectors = 8 limit=40427 [ 117.730881][ T5770] syz-executor: attempt to access beyond end of device [ 117.730881][ T5770] loop3: rw=0, sector=45064, nr_sectors = 8 limit=40427 [ 117.913127][ T34] kworker/u4:2: attempt to access beyond end of device [ 117.913127][ T34] loop3: rw=2049, sector=40960, nr_sectors = 72 limit=40427 [ 117.941750][ T34] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 117.952368][ T6335] loop0: detected capacity change from 0 to 128 [ 117.957631][ T34] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 117.966038][ T34] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 117.982882][ T34] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 117.997719][ T34] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 118.007181][ T34] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 118.014600][ T34] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 118.021854][ T34] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 118.029043][ T34] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 118.151432][ T6317] ================================================================== [ 118.159577][ T6317] BUG: KASAN: slab-use-after-free in __mutex_lock+0x6c2/0xcc0 [ 118.167113][ T6317] Read of size 8 at addr ffff8880300e40a0 by task khidpd_0b570002/6317 [ 118.175404][ T6317] [ 118.177791][ T6317] CPU: 1 PID: 6317 Comm: khidpd_0b570002 Not tainted syzkaller #0 [ 118.185640][ T6317] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 118.195765][ T6317] Call Trace: [ 118.199110][ T6317] [ 118.202087][ T6317] dump_stack_lvl+0x18c/0x250 [ 118.206823][ T6317] ? __lock_acquire+0x7d40/0x7d40 [ 118.211922][ T6317] ? show_regs_print_info+0x20/0x20 [ 118.217170][ T6317] ? load_image+0x400/0x400 [ 118.221734][ T6317] ? __virt_addr_valid+0x469/0x540 [ 118.226899][ T6317] print_report+0xa8/0x210 [ 118.231365][ T6317] ? __mutex_lock+0x6c2/0xcc0 [ 118.236146][ T6317] kasan_report+0x117/0x150 [ 118.240705][ T6317] ? __mutex_lock+0x6c2/0xcc0 [ 118.245445][ T6317] __mutex_lock+0x6c2/0xcc0 [ 118.249995][ T6317] ? __mutex_lock+0x4f9/0xcc0 [ 118.254811][ T6317] ? l2cap_unregister_user+0x6a/0x1a0 [ 118.260237][ T6317] ? mutex_lock_nested+0x20/0x20 [ 118.265228][ T6317] ? __wake_up_bit+0x210/0x210 [ 118.270041][ T6317] ? timer_delete_sync+0x20/0x20 [ 118.275024][ T6317] ? _raw_spin_unlock+0x40/0x40 [ 118.279916][ T6317] l2cap_unregister_user+0x6a/0x1a0 [ 118.285158][ T6317] hidp_session_thread+0x3ec/0x430 [ 118.290340][ T6317] ? hidp_session_get+0x80/0x80 [ 118.295249][ T6317] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 118.301198][ T6317] ? hidp_session_thread+0x430/0x430 [ 118.306546][ T6317] ? hidp_session_thread+0x430/0x430 [ 118.311887][ T6317] ? __kthread_parkme+0x7a/0x1c0 [ 118.316873][ T6317] ? __kthread_parkme+0x162/0x1c0 [ 118.321947][ T6317] kthread+0x2fa/0x390 [ 118.326061][ T6317] ? hidp_session_get+0x80/0x80 [ 118.330966][ T6317] ? kthread_blkcg+0xd0/0xd0 [ 118.335605][ T6317] ret_from_fork+0x48/0x80 [ 118.340072][ T6317] ? kthread_blkcg+0xd0/0xd0 [ 118.344709][ T6317] ret_from_fork_asm+0x11/0x20 [ 118.349526][ T6317] [ 118.352584][ T6317] [ 118.354934][ T6317] Allocated by task 5770: [ 118.359301][ T6317] kasan_set_track+0x4e/0x70 [ 118.363945][ T6317] __kasan_kmalloc+0x8f/0xa0 [ 118.368579][ T6317] __kmalloc+0xb4/0x230 [ 118.372960][ T6317] hci_alloc_dev_priv+0x28/0x2060 [ 118.378037][ T6317] vhci_create_device+0x11b/0x650 [ 118.383154][ T6317] vhci_write+0x3b5/0x470 [ 118.387548][ T6317] vfs_write+0x46c/0x990 [ 118.391838][ T6317] ksys_write+0x150/0x260 [ 118.396230][ T6317] do_syscall_64+0x55/0xa0 [ 118.400707][ T6317] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 118.406658][ T6317] [ 118.409019][ T6317] Freed by task 5770: [ 118.413033][ T6317] kasan_set_track+0x4e/0x70 [ 118.417689][ T6317] kasan_save_free_info+0x2e/0x50 [ 118.422939][ T6317] ____kasan_slab_free+0x126/0x1e0 [ 118.428109][ T6317] slab_free_freelist_hook+0x130/0x1a0 [ 118.433618][ T6317] __kmem_cache_free+0xba/0x1e0 [ 118.438529][ T6317] bt_host_release+0x82/0x90 [ 118.443158][ T6317] device_release+0x96/0x1c0 [ 118.447797][ T6317] kobject_put+0x221/0x460 [ 118.452262][ T6317] vhci_release+0x15d/0x1a0 [ 118.456814][ T6317] __fput+0x234/0x970 [ 118.460842][ T6317] task_work_run+0x1d4/0x260 [ 118.465491][ T6317] do_exit+0x95a/0x2460 [ 118.469701][ T6317] do_group_exit+0x21b/0x2d0 [ 118.474334][ T6317] __x64_sys_exit_group+0x3f/0x40 [ 118.479411][ T6317] do_syscall_64+0x55/0xa0 [ 118.483875][ T6317] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 118.489808][ T6317] [ 118.492161][ T6317] Last potentially related work creation: [ 118.497907][ T6317] kasan_save_stack+0x3e/0x60 [ 118.502622][ T6317] __kasan_record_aux_stack+0xaf/0xc0 [ 118.508069][ T6317] insert_work+0x3d/0x310 [ 118.512442][ T6317] __queue_work+0xd2c/0x1020 [ 118.517064][ T6317] queue_work_on+0x128/0x1f0 [ 118.521728][ T6317] process_scheduled_works+0xa5d/0x15d0 [ 118.527326][ T6317] worker_thread+0xa55/0xfc0 [ 118.531989][ T6317] kthread+0x2fa/0x390 [ 118.536086][ T6317] ret_from_fork+0x48/0x80 [ 118.540550][ T6317] ret_from_fork_asm+0x11/0x20 [ 118.545368][ T6317] [ 118.547730][ T6317] Second to last potentially related work creation: [ 118.554335][ T6317] kasan_save_stack+0x3e/0x60 [ 118.559058][ T6317] __kasan_record_aux_stack+0xaf/0xc0 [ 118.564483][ T6317] insert_work+0x3d/0x310 [ 118.568859][ T6317] __queue_work+0xc39/0x1020 [ 118.573069][ T789] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 118.573475][ T6317] call_timer_fn+0x189/0x540 [ 118.585593][ T6317] __run_timers+0x56d/0x800 [ 118.590135][ T6317] run_timer_softirq+0x67/0xf0 [ 118.594940][ T6317] handle_softirqs+0x280/0x820 [ 118.599742][ T6317] __irq_exit_rcu+0xd3/0x190 [ 118.604369][ T6317] irq_exit_rcu+0x9/0x20 [ 118.608658][ T6317] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 118.614335][ T6317] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 118.620361][ T6317] [ 118.622719][ T6317] The buggy address belongs to the object at ffff8880300e4000 [ 118.622719][ T6317] which belongs to the cache kmalloc-8k of size 8192 [ 118.636805][ T6317] The buggy address is located 160 bytes inside of [ 118.636805][ T6317] freed 8192-byte region [ffff8880300e4000, ffff8880300e6000) [ 118.650727][ T6317] [ 118.653089][ T6317] The buggy address belongs to the physical page: [ 118.659546][ T6317] page:ffffea0000c03800 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x300e0 [ 118.669743][ T6317] head:ffffea0000c03800 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 118.678713][ T6317] anon flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 118.687176][ T6317] page_type: 0xffffffff() [ 118.691606][ T6317] raw: 00fff00000000840 ffff888017c42280 ffffea0000c0ee00 0000000000000005 [ 118.700243][ T6317] raw: 0000000000000000 0000000000020002 00000001ffffffff 0000000000000000 [ 118.708874][ T6317] page dumped because: kasan: bad access detected [ 118.715331][ T6317] page_owner tracks the page as allocated [ 118.721086][ T6317] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5426, tgid 5426 (run-parts), ts 52895966911, free_ts 52798288920 [ 118.741464][ T6317] post_alloc_hook+0x1c1/0x200 [ 118.746295][ T6317] get_page_from_freelist+0x1951/0x19e0 [ 118.751889][ T6317] __alloc_pages+0x1f0/0x460 [ 118.756521][ T6317] alloc_slab_page+0x5d/0x160 [ 118.761237][ T6317] new_slab+0x87/0x2d0 [ 118.765368][ T6317] ___slab_alloc+0xc5d/0x12f0 [ 118.770099][ T6317] __kmem_cache_alloc_node+0x19e/0x250 [ 118.775619][ T6317] kmalloc_trace+0x2a/0xe0 [ 118.780094][ T6317] tomoyo_init_log+0x1114/0x1f50 [ 118.785094][ T6317] tomoyo_supervisor+0x363/0x1170 [ 118.790165][ T6317] tomoyo_env_perm+0x152/0x1f0 [ 118.794989][ T6317] tomoyo_find_next_domain+0x1592/0x1a60 [ 118.800671][ T6317] tomoyo_bprm_check_security+0x116/0x170 [ 118.806442][ T6317] security_bprm_check+0x62/0xa0 [ 118.811444][ T6317] bprm_execve+0xa6e/0x1700 [ 118.816008][ T6317] do_execveat_common+0x51b/0x6c0 [ 118.821081][ T6317] page last free stack trace: [ 118.825780][ T6317] free_unref_page_prepare+0x7b2/0x8c0 [ 118.831294][ T6317] free_unref_page+0x32/0x2e0 [ 118.836041][ T6317] __unfreeze_partials+0x1cf/0x210 [ 118.841194][ T6317] put_cpu_partial+0x17c/0x250 [ 118.845997][ T6317] __slab_free+0x319/0x400 [ 118.850483][ T6317] qlist_free_all+0x75/0xd0 [ 118.855039][ T6317] kasan_quarantine_reduce+0x143/0x160 [ 118.860550][ T6317] __kasan_slab_alloc+0x22/0x80 [ 118.865446][ T6317] slab_post_alloc_hook+0x6e/0x4b0 [ 118.868992][ T789] usb 3-1: Using ep0 maxpacket: 32 [ 118.870589][ T6317] __kmem_cache_alloc_node+0x13a/0x250 [ 118.881230][ T6317] __kmalloc+0xa4/0x230 [ 118.885457][ T6317] tomoyo_supervisor+0xbf4/0x1170 [ 118.890533][ T6317] tomoyo_path_permission+0x25a/0x380 [ 118.895954][ T6317] tomoyo_path_perm+0x3f0/0x560 [ 118.900852][ T6317] security_inode_getattr+0xd3/0x120 [ 118.906184][ T6317] __x64_sys_newfstat+0x12c/0x250 [ 118.911255][ T6317] [ 118.913620][ T6317] Memory state around the buggy address: [ 118.919286][ T6317] ffff8880300e3f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 118.922060][ T789] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 118.927374][ T6317] ffff8880300e4000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 118.946348][ T6317] >ffff8880300e4080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 118.954449][ T6317] ^ [ 118.959597][ T6317] ffff8880300e4100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 118.967616][ T789] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 118.967753][ T789] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 118.977411][ T6317] ffff8880300e4180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 118.977423][ T6317] ================================================================== [ 118.986661][ T6317] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 118.986678][ T6317] CPU: 1 PID: 6317 Comm: khidpd_0b570002 Not tainted syzkaller #0 [ 118.986699][ T6317] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 118.986710][ T6317] Call Trace: [ 118.986718][ T6317] [ 118.986725][ T6317] dump_stack_lvl+0x18c/0x250 [ 118.986761][ T6317] ? show_regs_print_info+0x20/0x20 [ 118.986789][ T6317] ? load_image+0x400/0x400 [ 118.986818][ T6317] panic+0x2dc/0x730 [ 118.986840][ T6317] ? bpf_jit_dump+0xd0/0xd0 [ 118.986860][ T6317] ? _raw_spin_unlock_irqrestore+0xc0/0x120 [ 118.986883][ T6317] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 118.986903][ T6317] ? _raw_spin_unlock+0x40/0x40 [ 118.986921][ T6317] ? print_memory_metadata+0x314/0x400 [ 119.079543][ T6317] ? __mutex_lock+0x6c2/0xcc0 [ 119.084258][ T6317] check_panic_on_warn+0x84/0xa0 [ 119.089235][ T6317] ? __mutex_lock+0x6c2/0xcc0 [ 119.093951][ T6317] end_report+0x6f/0x130 [ 119.098218][ T6317] kasan_report+0x128/0x150 [ 119.102743][ T6317] ? __mutex_lock+0x6c2/0xcc0 [ 119.107450][ T6317] __mutex_lock+0x6c2/0xcc0 [ 119.111985][ T6317] ? __mutex_lock+0x4f9/0xcc0 [ 119.116707][ T6317] ? l2cap_unregister_user+0x6a/0x1a0 [ 119.122147][ T6317] ? mutex_lock_nested+0x20/0x20 [ 119.127116][ T6317] ? __wake_up_bit+0x210/0x210 [ 119.131901][ T6317] ? timer_delete_sync+0x20/0x20 [ 119.136865][ T6317] ? _raw_spin_unlock+0x40/0x40 [ 119.141739][ T6317] l2cap_unregister_user+0x6a/0x1a0 [ 119.146968][ T6317] hidp_session_thread+0x3ec/0x430 [ 119.152115][ T6317] ? hidp_session_get+0x80/0x80 [ 119.156992][ T6317] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 119.162907][ T6317] ? hidp_session_thread+0x430/0x430 [ 119.168223][ T6317] ? hidp_session_thread+0x430/0x430 [ 119.173545][ T6317] ? __kthread_parkme+0x7a/0x1c0 [ 119.178539][ T6317] ? __kthread_parkme+0x162/0x1c0 [ 119.183607][ T6317] kthread+0x2fa/0x390 [ 119.187707][ T6317] ? hidp_session_get+0x80/0x80 [ 119.192596][ T6317] ? kthread_blkcg+0xd0/0xd0 [ 119.197209][ T6317] ret_from_fork+0x48/0x80 [ 119.201649][ T6317] ? kthread_blkcg+0xd0/0xd0 [ 119.206257][ T6317] ret_from_fork_asm+0x11/0x20 [ 119.211064][ T6317] [ 119.214674][ T6317] Kernel Offset: disabled [ 119.219024][ T6317] Rebooting in 86400 seconds..