last executing test programs: 5.391514072s ago: executing program 1 (id=50): bpf$BPF_PROG_DETACH(0x9, &(0x7f0000001c00)={@map, 0xffffffffffffffff, 0x16, 0x4}, 0x20) 5.391437282s ago: executing program 1 (id=51): bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="1400000004000000040000002200", @ANYRES32], 0x50) 5.391365942s ago: executing program 1 (id=52): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000080)={0x2, 0x3, 0x0, 0x3, 0xe, 0x0, 0x70bd2c, 0x25dfdbff, [@sadb_address={0x5, 0x6, 0x3c, 0x0, 0x0, @in6={0xa, 0x4e24, 0x8, @mcast1}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x7, 0xc, 0xc0000000}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x4e24, 0x9, @empty, 0x6}}]}, 0x70}, 0x1, 0x7}, 0x0) 5.382829852s ago: executing program 1 (id=53): syz_mount_image$ext4(&(0x7f00000005c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x0, &(0x7f0000000000)={[{@test_dummy_encryption_v1}, {@acl}, {@oldalloc}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x8}}]}, 0x1, 0x5b9, &(0x7f0000000680)="$eJzs3W2IHHcdB/Df7N6mebiaNLZqa2xOQ20gdPdyuYREfGGJD7UmtaL4IhTCkdvuhezdnrkN9LaCLb4pCiL4RgShYl9YEQ3kTaXU9kWLbxSU+kClxoAKIhStFERQV2YfrmszaYr3MHjz+cDc/ec/c/v/7y3fndmd/8wEUFgT6Y8kYjwiLkXEzv7sf68w0f/VOXRxLp2S6HY//Zekt97soYtzw1WHf7cj/TEWsTUidh9PYl/l6naXljvnZprN+vnBfK09v1hbWu7cdXZ+plFv1BcOH50+NnVk+uj02j3XyZ9uv+WPd9x35Ynn//7Pb/76yPfT/o4Plo0+j7UyEROD/0klbhqpH0si7l3rxnJS7r/UccdIXTKWY4d4y7rd3d9LX7+3R8S+Xv53Rjn6L95LTz/wt53xy3vy7iOwfrpD2Ytf7QKbVqm3D5yUqhHRL5dK1Wp/H/7m2F5qtpbaBx5sXViY7e8r74pK6cGzzfrk4LPCrqgk6fzBXvn1+ak3zB+K6O0DP1be1puvnmk1Zzf6zQ7oGY+4fOlzZ7bseEP+/1Tu5x/YvNL8/+KFp55Ny6+V8+4NsJHS/H/3tflPhPxD4cg/FJf8Q3HJPxSX/ENxyT8Ul/xDcck/FJf8Q3HJPxTXMP/3nzwZ95882e0Mzn9faDXOnptbPDY1WZ2/cKZ6pnV+sdpotRq9M3bmr/+4zVZr8eBUXHio1q4vtWtLy53T860LC+3TvfP6T9czLgUA5ODUla333rT3uZeSiHjkA9t6U2rLYLmswubW7SaR9znIQD589Ificqk2KC6f8YHkOsu3XmtBc+37AmyMUt4dAHJz562O/0FR+f4fisv3/1Bc9vEB3/9D8fj+H4pr/Br3/7px5N5dkxHxtoj4Sblyw/BeX8D/r/GIy5e//dnayn24FRQUFFYKeb9DAevt9dDn3RMgL7OHLs4Np41q85nGRrUEZHnl7v4goDT3ncHUXzK2cmygsk7jhF5+LGIifvjbx/fPldMpBu9D69AUkOGRRyPiXVnb/6R3bGDXYL3d/dXi5oi4JSLeERHvXGXbX/9Umv8X6qN18g8b563m/9aIuD0ibouId0fEnoh4zyrb/vmlNP+/2jZaJ/9QDJ9/Pu8eAHn5+FN59wDIyyljDKCwvvNw3j0A8vL0D/LuAZCXr7yYdw+g2J67OyIms47/lXrH+4cqg+sC3jC4FsC2iNgeETsG5xDeODhHcOfIMcPrOf3JiIm4/UejdY7/wcYZjv/rXDX+r7Qy/q8cEXtX0cYzHxz/clb9zJ40/088PBz/l05p+8OxgMD6euXRiNsy85+sjPlNIs1pxHv/xzYmvnDlyaz6F+9LH7fyM/mHfHS/FfH+yM7/UFqqtecXa0vLnbt69/Fu1BcOH50+NnVk+uh0rXeJkNrwQiEZTvz11QNZ9S9Ppfn/xmH5h3yk2//t18j/6P7/+1bRxvGvfelUVv3479P873n2zfNf+vOW5DO9+eF9CR6aabfPH4zYkpy4un5qFR2FTW6YkWGG0vzv35f9+X/34G/S7f/xiPhwur8QEf+KiH9HxEci4qMR8bGIuOdN2vzqnY0rWfW/ezLN/+PnbP8hH2n+Z6+z/U9//2MVbRzY/+MvZtV/aG+a/+pv/nDigbF0kn8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAtbe03Dk302zWz69jIe/nCAAAAAAAAEXxnwAAAP//xOQ08g==") r0 = openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f0000001f40)=ANY=[]) 5.267599204s ago: executing program 1 (id=54): io_uring_register$IORING_REGISTER_IOWQ_AFF(0xffffffffffffffff, 0x11, 0x0, 0x0) syz_usb_connect$cdc_ecm(0x2, 0x77, &(0x7f0000001c00)={{0x12, 0x1, 0x110, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x65, 0x1, 0x1, 0xf, 0x90, 0x0, "", [{{0x9, 0x4, 0x0, 0x4, 0x3, 0x2, 0x6, 0x0, 0x9, {{0x5}, {0x5, 0x24, 0x0, 0x2}, {0xd, 0x24, 0xf, 0x1, 0x9, 0x401, 0x8, 0x6}, [@mdlm={0x15}, @mdlm={0x15, 0x24, 0x12, 0x3}]}, {[], {{0x9, 0x5, 0x82, 0x2, 0x60, 0x4, 0x67, 0x1}}, {{0x9, 0x5, 0x3, 0x2, 0x200, 0x10, 0x3, 0x8}}}}}]}}]}}, 0x0) 2.739977706s ago: executing program 2 (id=83): syz_emit_ethernet(0x36, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x0, 0x0) syz_usb_connect(0x0, 0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000f3c7c820da059a0095620102030109023400010000000009049200030f6276000905000000000000000705e37e1b82e60905f2020000060000090501"], 0x0) 2.393682371s ago: executing program 1 (id=101): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000003c0)=ANY=[@ANYBLOB="12010000413f5f201d0650c16fce0102030109021b00010000100009043300011870fd00090582020002"], 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0x0, 0x0) setsockopt$MRT_ADD_MFC_PROXY(0xffffffffffffffff, 0x0, 0xd2, 0x0, 0x0) 1.751738082s ago: executing program 3 (id=109): syz_usb_connect(0x2, 0x36, 0x0, 0x0) r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = eventfd(0xfffffff9) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/72, 0x0, 0xf000}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680)) ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f00000002c0)={0x1, r1}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1) connect$unix(0xffffffffffffffff, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) socket(0x40000000015, 0x5, 0x0) r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r2) 1.012719064s ago: executing program 3 (id=121): r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='attr/current\x00') preadv(r0, &(0x7f00000003c0)=[{&(0x7f0000000180)=""/51, 0x51}], 0x1, 0x8000, 0x5) 939.526895ms ago: executing program 3 (id=123): stat(0x0, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) fstat(r0, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0}) setreuid(r1, r1) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = socket(0x10, 0x3, 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) setregid(0xffffffffffffffff, r3) 938.978635ms ago: executing program 3 (id=127): socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x101040, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000005000/0x18000)=nil, &(0x7f0000000380)=[@text32={0x20, &(0x7f0000000140)="b8050000000f01c10f46a78900000066ba2100b067ee66ba2000b000ee6d2f2f800000c0d23266bac0000f3066b808008ed0660f38806f008ee0", 0x3a}], 0x1, 0x2d, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040)={0x1}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{0x5, 0x0, 0x0, 0x0, 0xfc, 0x0, 0x8, 0x0, 0x0, 0x3, 0x4, 0x4}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfe, 0x0, 0x9, 0x1, 0x0, 0x2}, {0xeda7, 0x4, 0x1, 0x0, 0x0, 0x0, 0x8, 0x0, 0x9}]}) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x4, 0x1000000000080, 0xfffffffffffffff8, 0x0, 0x0, 0x2004cb, 0x3, 0x100000000000000, 0xfffffffffffffff8, 0x0, 0xfffffffffffff2eb, 0x2000000000002ff, 0x2, 0x0, 0x4c3], 0x0, 0x200306}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 675.38412ms ago: executing program 0 (id=135): gettid() r0 = fsopen(&(0x7f0000000140)='f2fs\x00', 0x1) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000100)='test_dummy_encryption', &(0x7f0000000240)='v2\x00ul\x00\x00\x00\x00\x00loc\x8d\x8b#\xe0\xb9\xbd\"\xeb.\xc7]\xa67\x97 \xc9\xfc|\x85o7Z\xdc}U\x8c\xdd\n\xaa?4\xafq\x1d\xf6(\xe6\x9em_\x1a\xbfDi\x15\x81\xd47\x8e\x86\xa2u~FC\x9c\xe3\x98\x87\x98\xf7\xa2\xb5\x12\x8cv\xe4_\x91\xa8G!mm\f\xcf\xfb[\xd5Qf\x15\xfe\xc80\xad\xaa\xe9', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000000)='test_dummy_encryption', &(0x7f0000000080)='v1\x00ul\x00\x00\x00\x00\x00loc\x8d\x8b#\xe0\xb9\xbd\"\xeb.\xc7]\xa67\x97 \xc9\xfc|\x85o7Z\xdc}U\x8c\xdd\n\xaa?4\xafq\x1d\xf6(\xe6\x9em_\x1a\xbfDi\x15\x81\xd47\x8e\x86\xa2u~FC\x9c\xe3\x98\x87\x98\xf7\xa2\xb5\x12\x8cv\xe4_\x91\xa8G!mm\f\xcf\xfb[\xd5Qf\x15\xfe\xc80\xad\xaa\xe9', 0x0) 675.131349ms ago: executing program 3 (id=137): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)={0x2c, r1, 0x321, 0x70bd2c, 0x25dfdbfe, {}, [@ETHTOOL_A_STRSET_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond_slave_0\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x404408d}, 0x4) 674.6983ms ago: executing program 2 (id=138): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f0000000000)='./file0\x00', 0x80401c, &(0x7f0000000040)=ANY=[@ANYBLOB="666c7573685f6d657267652c6e6f666c7573685f6d657267652c6d6f64653d667261676d656e743a7365676d656e742c636f6d70726573735f63616368652c696e6c696e655f78617474722c636f6d70726573735f63616368652c6e6f696e6c696e655f78617474722c6e6f646973636172642c6261636b67726f756e645f67633d6f6e2c6261636b67726f756e645f67633d6f66662c636865636b706f696e743d64697361626c652c617467632c67635f6d657267652c6e6f626172726965722c004b1c091f21dfc606226168fd668d440f"], 0xfd, 0x5531, &(0x7f0000000540)="$eJzs3M1rI2UYAPA3/djtfrgW8eBtBxahhU1o+rHoreoufmCXsurBk6bJNGQ3yZQmTWtPHjyKB/8TUfDk0b/Bg2dv4kHxJiiZd6pbXUFomtjN7weTZ95n3jzzTg6BZyYkAFNrMfn151K4Ea6EEGZDCNdDyPdLxZbbjOGFEMLNEMLMY1upyP+ZuBRCuBpCuDEsHmuWikOf3x7c2vjprV+++e7y3LUvvv6+SANTaPi10tmL+4edGLNmjA+LfG3QymNnfVDEeKC9EI93spg/THfyCoe1k3m1PK414/xs76A3jLvtWn0Ym63dPL/XjSfsDZondfI3PKzt5+NGupPHVi/LY/M4nvfoOH63Hff6sU6jqPdRXj70+ycx5tOjNF7P3qM81rv9Ih/rZo30aBgHRSxOF+pZu5GvY+cMH/T/3Nut7sFRMkj3e62sm2xUqi9VqnfK1f2skfbT9XKt07izniw128Np5X5a62w2s6zZTiv1rLOcLDXr9XK1mizdTXdatW5SrVbWKivljeVi73by+v33knYjWRrGV1vdg36r3Ut2s/0kvmM5Wa2svbyc3Kom72xtJ9sP7t3b2n73g7vv339l683Xikn/WFaytLqyulqurpRXq8tTdP2fFIse4fXDmZQmvQCAi2fC/T8wpV48Q//feVSMn9j/7z8I4fz7/6D/H4kL1f9Oe/9/DtcPZ6L/BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACYWj/Mf/lGvrMYx9eK/DNF6rliXAohzIQQfn+C2XDpVM3Zos78v8yf/9savi2FvMLwHJeL7WoIYbPYfnv2vD8FAAAAeHp99fHNz2K3Hl8WJ70gxinetJm5/uGI6i2EEOYXfxxRtZnhy/MjKhbm8u1oRNXyG1gLIyoWb7nNjarafzJ7Kiw8FkoxzIx1OQAAwFic7gTG24UAAAAwTp9OegFMRimcPMo8eRac//L+rweCV06NAAAAgAuoNOkFAAAAAOcu7//9/x8AAAA83eL//wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH+wcz83agNRHICfbRzIPwVFuaeV3KCMlJBjjhEFpAkKyIEa0gA1kFtKiHCEx8vCisNKHtta9H2SGWyZH28sOMyMNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADCkP/Wujh+ff/bNOTb95OkNAAAAcMuh3q3bN8t0/ra7/r679LE7LyKijIhbY/cqXl1lVl1O/Xj/r8v76yc1/I5oE07fMe+ONxHxpTv+fRj6KQAAAMD92m+2qzRaTy/LqQtiTGnSpnz3NVNeERH18m+mtPKU9ylTWPv7nsX3TGntBNYiU1iacpvlSnuW9u9+nrVbXDRFasqbHzsXma3vAADAiKqrZtxRCAAAAGP6NnUBTKOIh6XM81LgPDXd8t7rqzMAAADgBSqmLgAAAAAYXDv+H2n/v2ag/f+aKtvjAAAAgPuU9v8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgSId6t95vtqu+Ocemnzy9AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4z/68o0AIhEEY7F3fmcz9DysNmpqaVIHw8TcGAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDmd3/5PzE1ziRzr42l55Fk7dTYOjX2zo2jP4yvXwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAX+/OSAiEQBFEwZ/zvpO9/WEnQM4gQAQ2PKmrRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfNHvfvk/MTXOJHOnjaXjkWTtqrF11dh70Dh6MN7+DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXO/fzGkcVBwD8zczO1lbFGCWHiCh4sBebbmtrD4J4UIIH/wQhpNsau/VHm4MtRczFm+Tci6g3EUGJt578B3puoZd66yGHCuJxZGZndqdtsNtgZ6bJ5wNv33eG4b3vm4WQ77xJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDK9rvTOMk/5sZxXJ67cffKat7fvK/PXdu8tZi3PI6aTPrJ8HL9IFpoLxEAAAD2j6Sq70MIt9Ot5byP54r6P62uyWv+758dx1U9f3/dX/VV7Z+333+78+JkornxPPmgZ9ZGw6MPptJ7fKvstuceekWvuPPFs5ek+ELiDzZe2E6L+xl9e/36e/0iPNBEtgDAbhyp+jKofh/K+0GbiQGwb/RqhXdV/ydz7eYEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0ITtjfB0FUchhMXeNM7dvHtldaf+2uatxaqdvHp1M3w9HTMfIg0hnFkbDY82uppuu3jp8rmV0Wh4YYbg7cN//JhlWTbTxQ8PXgkh/B/j7CZ4p1z+uY9muDiEFjLcTfBPN9LoWhCXX3ZX8nkyghZ/KAEAsCelZcvr+tvp1nJ+LpoPIfvh3vr/9VocZqz/73x88kZ9rnr9P2hshd23tH7+86WLly6/sXZ+5ezw7PDTN48N3hocP3XixKml4lnJkicmAAAAPLIsy7LJQb9s9fo/nn9w//9QLQ4z1v9ffDf4qj5xov7f0XTTr+1MAAAA9rfnX/37r2iH81G/H75cWV+/MBh/To6PjT9bSPWRHShbvf5P5tvOCgAAAGjC9kZ0z/7/6VocZtz/f+anl36pj5mEEA6W+/9HVj8bnW5uOZ3WxJ8Tt71GAAAA2nWwbPX9/7R4/z+evPIQhxAOvzaOy38D+J/1f1rW/8n73/xcn6v+/v/x5pbYSfHC+H4U/UIIvYW2MwIAAGAve6psebH/Z7q1/Mmvhz7se/8fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoGn/BgAA//9kDEPy") r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e22, @empty}, 0x67) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000005c0)='syz_tun\x00', 0x10) sendto$inet(r0, 0x0, 0x0, 0x24000840, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10) syz_emit_ethernet(0x3e, &(0x7f00000013c0)={@local, @random="3747e76de379", @val={@void, {0x8100, 0x0, 0x0, 0x1}}, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x2c, 0x0, 0x0, 0xfd, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x6, 0x20, 0x0, 0x0, 0x0, {[@mss={0x2, 0x4, 0xfff8}]}}}}}}}, 0x0) 665.75624ms ago: executing program 3 (id=139): syz_usb_ep_write$ath9k_ep2(0xffffffffffffffff, 0x83, 0x8, 0x0) syz_open_dev$evdev(0x0, 0x40, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x20000010) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text16={0x10, &(0x7f0000000180)="64670feea1096f00003e660f38054c880f323e26640fb9a9c94f660fc7b27f1a360f09366764f4660fdd40e69a3a00e300baa000b0e5ee", 0x37}], 0x1, 0x6, 0x0, 0x0) ioctl$FS_IOC_RESVSP(r2, 0x40305828, 0x0) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x10001, 0x3, 0x40000, 0x2000, &(0x7f0000181000/0x2000)=nil}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x8031, 0xffffffffffffffff, 0x1000) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, 0x0) 651.31554ms ago: executing program 0 (id=140): openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4043, 0x1ff) creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc) socket$inet_tcp(0x2, 0x1, 0x0) openat$tun(0xffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) signalfd(0xffffffffffffffff, &(0x7f0000000580)={[0xfffffffffffffff8]}, 0x8) r0 = openat(0xffffffffffffff9c, 0x0, 0x40042, 0x1) close(r0) fsopen(&(0x7f0000000080)='binfmt_misc\x00', 0x0) socket$inet(0x2, 0x3, 0x4) socket(0x10, 0x80002, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000140), r1) sendmsg$ETHTOOL_MSG_COALESCE_SET(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000180)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000001400000008000f00fc00000018000180140002006e657464657673696d300000000000000800080000fcffff0800090000000000080011000000000008000e00800000000800", @ANYRES64=r1], 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x0) 522.210272ms ago: executing program 0 (id=142): syz_mount_image$erofs(&(0x7f0000000100), &(0x7f00000000c0)='./file2\x00', 0x10008, &(0x7f0000000000)=ANY=[@ANYRES32=0x0, @ANYRESHEX=0x0, @ANYBLOB="9deea131e4b80fd7de607f179bf087d5c3202b903ee8ed64aa4b837ab0cae0a4480162b7a97299e9d50e2f251b78b018f3c0cc896e0185a0976d8cf652b8dd85578adca7e4c147a171a4a037fe72f07d8829fd07a33486e412e13796c086"], 0x1, 0x1f3, &(0x7f00000007c0)="$eJzslb+LE0EUx7+zm9sfNvbXWHjgWbjZ7CnYHKyNlYXgj8NCMHiJRDdEki3cgKiNrb2dha3/gRBb/wiJgiiINmonjMyPzc4mbELUjcW9T/H2OzNvZ968Yd6AIIgjy4f3P6f8x/4nD4CPHbi6/7Nd+FiG/zvv28M3ly4ePLv58q07DfzybG65+YtzvmL9BoDJBRupbvO5X3b09yqsXHvXYOG07j8AQ6D1LVi4rnUHDDe0vmvogfAPgm4v6QS3B8mhEKEwLWEiYfbm4/v6hOHQiI8Z46NsfK+dJJ1hjUKsc3whc5Mvs/g8YN+IzzyvACrasMgfWrDQ0noPDFe0Pg83z41KibH/7UYxv710/w7+ctsfARQ93Toz64ilVI+HtX4H2EbOPhvnJ1/LEjakyE90A9vZsEDjn03IXaC+UMU1Xe4DfZXLQ+LiZ69jlIacR6q9XhhxxZCzeh4Xi5mf1U/+guGUUZ9UKXkuH4tm2r/fHGXjM71++46jncKzYXguaspCpOxC9Svqsy/r07G8zblf5eswBw/aaTp8Gr/aFh15O1K2XHEVlqx/FnZPYkv+IuYRYqvw+S7fTgXTh4THud61K4NHZagEQRC1cwJM1mRZl6WNwfVrMhvgPLr8n+MkCIIgCIIgCIIgCOLP+R0AAP//n29RNw==") openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0) bpf$MAP_LOOKUP_ELEM(0x1, 0x0, 0x0) 433.447733ms ago: executing program 4 (id=144): bpf$BPF_BTF_GET_FD_BY_ID(0x13, 0x0, 0x0) syz_emit_ethernet(0x34, &(0x7f0000000080)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x12, 0x0, @opaque='\x00'/10}}}}}, 0x0) 379.566114ms ago: executing program 4 (id=145): mmap$IORING_OFF_SQ_RING(0x0, 0xc00000, 0x2000007, 0x401d031, 0xffffffffffffffff, 0x0) r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) r1 = dup2(r0, r0) ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, 0x0) 343.088505ms ago: executing program 4 (id=146): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=@updpolicy={0x13c, 0x19, 0x1, 0x0, 0x1, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @in=@dev={0xac, 0x14, 0x14, 0x36}, 0xfffc, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}}, [@tmpl={0x84, 0x5, [{{@in=@local, 0x0, 0x33}, 0x0, @in=@broadcast, 0x3505, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, {{@in6=@empty, 0x0, 0x6c}, 0x0, @in=@local, 0xfffffffe}]}]}, 0x13c}, 0x1, 0x0, 0x0, 0x1}, 0x0) 335.542195ms ago: executing program 2 (id=147): r0 = socket(0x840000000002, 0x3, 0x100) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) sendmmsg$inet(r0, &(0x7f0000001880)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000001740)=[@ip_retopts={{0x10}}], 0x10}}], 0x1, 0x0) 275.527966ms ago: executing program 4 (id=148): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)={{0x14, 0x10, 0xc00e}, [@NFT_MSG_NEWSET={0x14, 0x9, 0xa, 0x401, 0x0, 0x0, {0x1}}], {0x14, 0x10}}, 0x3c}}, 0x0) 275.418866ms ago: executing program 4 (id=149): r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='smaps\x00') preadv(r0, &(0x7f0000000180)=[{&(0x7f0000001a80)=""/102396, 0x18ffc}, {0x0}], 0x2, 0x60e, 0x0) 275.354966ms ago: executing program 4 (id=150): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f066bbeeb, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) getpriority(0x2, 0xffffffffffffffff) r3 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0xc41, 0x20) fallocate(r3, 0x20, 0x4000, 0x3000000) setpriority(0x2, 0x0, 0x3) connect$inet6(0xffffffffffffffff, &(0x7f0000000140)={0xa, 0x4e20, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x2}, 0x1c) setresuid(0xee01, 0xee00, 0x0) 217.206217ms ago: executing program 0 (id=151): syz_emit_ethernet(0x3a, &(0x7f0000000000)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x2c, 0xffff, 0x0, 0x0, 0x6, 0x0, @remote, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@generic={0x89, 0x2}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x4, 0x5}}}}}}, 0x0) 181.567517ms ago: executing program 0 (id=152): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x28, 0x4, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @queue={{0xa}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_QUEUE_TOTAL={0x6, 0x2, 0x1, 0x0, 0x7}, @NFTA_QUEUE_NUM={0x6, 0x1, 0x1, 0x0, 0x6}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0xc4}}, 0x0) 119.510519ms ago: executing program 0 (id=153): sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0xc000) mprotect(&(0x7f00007d0000/0x2000)=nil, 0x2000, 0x1000005) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x400000000000001c, 0x40040001, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x3a8bc000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) setrlimit(0x40000000000008, &(0x7f0000000000)) 119.297969ms ago: executing program 2 (id=154): socket$inet6(0xa, 0x2, 0x0) r0 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r0, 0x1, 0x8, 0x0, 0x0) sendmsg$key(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="020b000102"], 0x10}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=@flushpolicy={0x10, 0x1d, 0x1}, 0x10}}, 0x0) 56.096239ms ago: executing program 2 (id=155): r0 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)={0x40040, 0xd2, 0xf}, 0x18) unlink(&(0x7f0000000100)='./file0\x00') unshare(0xe060400) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, 0x0) execveat(r0, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) 0s ago: executing program 2 (id=156): r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r1, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r0, {0x2, 0x0, @multicast1}, 0x2}}, 0x2e) ioctl$PPPIOCGL2TPSTATS(r1, 0x80487436, &(0x7f0000000040)="d9b604") kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.105' (ED25519) to the list of known hosts. [ 20.587909][ T30] audit: type=1400 audit(1782451135.216:64): avc: denied { mounton } for pid=277 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2023 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 20.589016][ T277] cgroup: Unknown subsys name 'net' [ 20.610577][ T30] audit: type=1400 audit(1782451135.216:65): avc: denied { mount } for pid=277 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 20.637895][ T30] audit: type=1400 audit(1782451135.246:66): avc: denied { unmount } for pid=277 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 20.638043][ T277] cgroup: Unknown subsys name 'devices' [ 20.752895][ T277] cgroup: Unknown subsys name 'hugetlb' [ 20.758508][ T277] cgroup: Unknown subsys name 'rlimit' [ 20.865623][ T30] audit: type=1400 audit(1782451135.496:67): avc: denied { setattr } for pid=277 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=254 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 20.888821][ T30] audit: type=1400 audit(1782451135.496:68): avc: denied { mounton } for pid=277 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 20.913681][ T30] audit: type=1400 audit(1782451135.496:69): avc: denied { mount } for pid=277 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 20.919410][ T279] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). Setting up swapspace version 1, size = 127995904 bytes [ 20.945949][ T30] audit: type=1400 audit(1782451135.576:70): avc: denied { relabelto } for pid=279 comm="mkswap" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 20.972168][ T30] audit: type=1400 audit(1782451135.576:71): avc: denied { write } for pid=279 comm="mkswap" path="/root/swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 20.998395][ T30] audit: type=1400 audit(1782451135.626:72): avc: denied { read } for pid=277 comm="syz-executor" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 20.998876][ T277] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 21.024068][ T30] audit: type=1400 audit(1782451135.626:73): avc: denied { open } for pid=277 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 21.523890][ T285] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.530958][ T285] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.538423][ T285] device bridge_slave_0 entered promiscuous mode [ 21.545370][ T285] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.552529][ T285] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.559933][ T285] device bridge_slave_1 entered promiscuous mode [ 21.654621][ T287] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.661741][ T287] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.669001][ T287] device bridge_slave_0 entered promiscuous mode [ 21.677333][ T287] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.684387][ T287] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.691821][ T287] device bridge_slave_1 entered promiscuous mode [ 21.701583][ T286] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.708618][ T286] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.715975][ T286] device bridge_slave_0 entered promiscuous mode [ 21.722782][ T286] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.729803][ T286] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.737270][ T286] device bridge_slave_1 entered promiscuous mode [ 21.799571][ T289] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.806806][ T289] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.814209][ T289] device bridge_slave_0 entered promiscuous mode [ 21.822875][ T288] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.830061][ T288] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.837505][ T288] device bridge_slave_0 entered promiscuous mode [ 21.844394][ T288] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.851486][ T288] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.858775][ T288] device bridge_slave_1 entered promiscuous mode [ 21.865414][ T289] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.872471][ T289] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.879814][ T289] device bridge_slave_1 entered promiscuous mode [ 22.004300][ T285] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.011377][ T285] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.018644][ T285] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.025682][ T285] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.065275][ T286] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.072344][ T286] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.079754][ T286] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.086805][ T286] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.095209][ T287] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.102273][ T287] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.109525][ T287] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.116566][ T287] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.140430][ T45] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.147813][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.154966][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 22.162710][ T45] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.169851][ T45] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.177250][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.184439][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.218245][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 22.226070][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 22.234418][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.241508][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.248993][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 22.257888][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.264930][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.272312][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 22.279673][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 22.287150][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 22.313190][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 22.321454][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.328523][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.336007][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 22.344365][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.351397][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.358710][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 22.366889][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.373920][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.381389][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 22.389492][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.396520][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.403854][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 22.411937][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 22.419808][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 22.427889][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 22.439638][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 22.452248][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 22.460339][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 22.468621][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.475654][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.499423][ T285] device veth0_vlan entered promiscuous mode [ 22.508132][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 22.517133][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 22.525244][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 22.532701][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 22.540725][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 22.549098][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.556150][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.563556][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 22.571821][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.578830][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.586353][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 22.594351][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 22.602373][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 22.610449][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.617476][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.625460][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 22.636290][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 22.644640][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 22.654376][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 22.662518][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 22.674202][ T286] device veth0_vlan entered promiscuous mode [ 22.681794][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 22.689798][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 22.697938][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 22.707932][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 22.719614][ T285] device veth1_macvtap entered promiscuous mode [ 22.728732][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 22.736330][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 22.743957][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 22.752204][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 22.760113][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 22.768411][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 22.776704][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 22.787785][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 22.796366][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 22.806019][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 22.814183][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 22.831208][ T286] device veth1_macvtap entered promiscuous mode [ 22.841844][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 22.850730][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 22.859421][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 22.867809][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 22.876323][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 22.884626][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 22.892747][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 22.900283][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 22.908712][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 22.920064][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 22.928213][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 22.940326][ T288] device veth0_vlan entered promiscuous mode [ 22.948468][ T289] device veth0_vlan entered promiscuous mode [ 22.955071][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 22.962723][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 22.970120][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 22.978136][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 22.986260][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 22.993721][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 23.010672][ T285] request_module fs-gadgetfs succeeded, but still no fs? [ 23.024775][ T288] device veth1_macvtap entered promiscuous mode [ 23.032210][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 23.042328][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 23.050695][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 23.059695][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 23.062112][ T311] loop3: detected capacity change from 0 to 512 [ 23.068212][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 23.087359][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 23.096313][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 23.097653][ T311] EXT4-fs warning (device loop3): dx_probe:893: inode #2: comm syz.3.6: dx entry: limit 1024 != root limit 124 [ 23.105240][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 23.116988][ T311] EXT4-fs warning (device loop3): dx_probe:966: inode #2: comm syz.3.6: Corrupt directory, running e2fsck is recommended [ 23.124879][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 23.137425][ T311] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -117 [ 23.147901][ T289] device veth1_macvtap entered promiscuous mode [ 23.159480][ T311] EXT4-fs error (device loop3): ext4_iget_extra_inode:4604: inode #15: comm syz.3.6: corrupted in-inode xattr [ 23.172120][ T311] EXT4-fs (loop3): Remounting filesystem read-only [ 23.178724][ T311] EXT4-fs error (device loop3): ext4_orphan_get:1411: comm syz.3.6: couldn't read orphan inode 15 (err -117) [ 23.192026][ T287] device veth0_vlan entered promiscuous mode [ 23.199181][ T311] EXT4-fs (loop3): Remounting filesystem read-only [ 23.199700][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 23.206316][ T311] EXT4-fs (loop3): mounted filesystem without journal. Opts: dioread_lock,noblock_validity,grpquota,init_itable,norecovery,grpjquota=.nouid32,errors=remount-ro,jqfmt=vfsv1,grpid,,. Quota mode: writeback. [ 23.215885][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 23.241808][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 23.249549][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 23.258464][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 23.267372][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 23.275847][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 23.284348][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 23.292911][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 23.301162][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 23.309584][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 23.342305][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 23.350519][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 23.364253][ T287] device veth1_macvtap entered promiscuous mode [ 23.392534][ T321] loop4: detected capacity change from 0 to 128 [ 23.407511][ T325] loop2: detected capacity change from 0 to 256 [ 23.423344][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 23.435095][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 23.437673][ T329] loop3: detected capacity change from 0 to 128 [ 23.447086][ T321] EXT4-fs (loop4): dax option not supported [ 23.450408][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 23.467908][ T325] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 23.483710][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 23.500540][ T329] EXT4-fs (loop3): mounted filesystem without journal. Opts: nogrpid,dioread_lock,nouid32,,errors=continue. Quota mode: none. [ 23.527362][ T329] ext4 filesystem being mounted at /4/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 23.543686][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 23.947179][ T386] overlayfs: missing 'lowerdir' [ 23.962269][ T388] netlink: 'syz.4.32': attribute type 3 has an invalid length. [ 23.970142][ T388] netlink: 'syz.4.32': attribute type 3 has an invalid length. [ 24.101001][ T398] loop4: detected capacity change from 0 to 8192 [ 24.171321][ T26] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 24.185443][ T398] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 0) [ 24.195310][ T398] FAT-fs (loop4): Filesystem has been set read-only [ 24.202975][ T398] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 0) [ 24.273354][ T403] process 'syz.4.39' launched './file1' with NULL argv: empty string added [ 24.536984][ T432] loop1: detected capacity change from 0 to 512 [ 24.552877][ T432] EXT4-fs (loop1): Test dummy encryption mode enabled [ 24.559886][ T432] EXT4-fs (loop1): Ignoring removed oldalloc option [ 24.573664][ T432] EXT4-fs (loop1): mounted filesystem without journal. Opts: test_dummy_encryption=v1,acl,oldalloc,debug_want_extra_isize=0x0000000000000008,,errors=continue. Quota mode: writeback. [ 24.591625][ T26] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 24.591649][ T26] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 24.701547][ T26] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 24.710999][ T26] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 24.719277][ T26] usb 1-1: SerialNumber: syz [ 24.961353][ T381] usb 2-1: new full-speed USB device number 2 using dummy_hcd [ 25.002053][ T26] usb 1-1: 0:2 : does not exist [ 25.010719][ T26] usb 1-1: USB disconnect, device number 2 [ 25.231892][ T332] udevd[332]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 25.331322][ T381] usb 2-1: config 1 interface 0 altsetting 4 endpoint 0x82 has invalid maxpacket 96, setting to 64 [ 25.343135][ T381] usb 2-1: config 1 interface 0 altsetting 4 endpoint 0x3 has invalid maxpacket 512, setting to 64 [ 25.360139][ T381] usb 2-1: config 1 interface 0 altsetting 4 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 25.373460][ T381] usb 2-1: config 1 interface 0 has no altsetting 0 [ 25.384162][ T471] loop4: detected capacity change from 0 to 1024 [ 25.473867][ T471] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 not in group (block 144115188075855875)! [ 25.485766][ T471] EXT4-fs (loop4): group descriptors corrupted! [ 25.657472][ T30] kauditd_printk_skb: 93 callbacks suppressed [ 25.657486][ T30] audit: type=1400 audit(1782451140.286:167): avc: denied { read } for pid=479 comm="syz.4.72" name="msr" dev="devtmpfs" ino=85 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 26.023914][ T475] loop0: detected capacity change from 0 to 131072 [ 26.091527][ T381] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 26.118482][ T381] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 26.127124][ T30] audit: type=1400 audit(1782451140.286:168): avc: denied { open } for pid=479 comm="syz.4.72" path="/dev/cpu/0/msr" dev="devtmpfs" ino=85 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 26.151666][ T475] F2FS-fs (loop0): Wrong CP boundary, start(512) end(1536) blocks(0) [ 26.160148][ T475] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 26.170380][ T475] F2FS-fs (loop0): invalid crc value [ 26.184128][ T381] usb 2-1: Product: syz [ 26.191574][ T381] usb 2-1: Manufacturer: syz [ 26.196267][ T381] usb 2-1: SerialNumber: syz [ 26.199776][ T492] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 26.239593][ T30] audit: type=1400 audit(1782451140.736:169): avc: denied { write } for pid=479 comm="syz.4.72" name="event0" dev="devtmpfs" ino=256 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 26.262852][ T439] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 26.263093][ T30] audit: type=1400 audit(1782451140.736:170): avc: denied { open } for pid=479 comm="syz.4.72" path="/dev/input/event0" dev="devtmpfs" ino=256 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 26.294221][ T439] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 26.295253][ T30] audit: type=1400 audit(1782451140.736:171): avc: denied { ioctl } for pid=479 comm="syz.4.72" path="/dev/input/event0" dev="devtmpfs" ino=256 ioctlcmd=0x45a0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 26.307035][ T475] F2FS-fs (loop0): Found nat_bits in checkpoint [ 26.377351][ T30] audit: type=1400 audit(1782451140.746:172): avc: denied { wake_alarm } for pid=487 comm="syz.2.77" capability=35 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 26.506657][ T475] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 26.513826][ T475] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4 [ 26.539535][ T30] audit: type=1400 audit(1782451140.786:173): avc: denied { read } for pid=491 comm="syz.2.79" name="kvm" dev="devtmpfs" ino=82 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 26.622906][ T505] netlink: 8 bytes leftover after parsing attributes in process `syz.4.80'. [ 26.632093][ T505] netlink: 8 bytes leftover after parsing attributes in process `syz.4.80'. [ 26.641110][ T505] netlink: 8 bytes leftover after parsing attributes in process `syz.4.80'. [ 26.672411][ T30] audit: type=1400 audit(1782451140.826:174): avc: denied { open } for pid=491 comm="syz.2.79" path="/dev/kvm" dev="devtmpfs" ino=82 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 27.063199][ T381] usb 2-1: bad CDC descriptors [ 27.073138][ T381] usb 2-1: USB disconnect, device number 2 [ 27.122836][ T513] netlink: 8 bytes leftover after parsing attributes in process `syz.3.82'. [ 27.147550][ T30] audit: type=1400 audit(1782451140.826:175): avc: denied { ioctl } for pid=491 comm="syz.2.79" path="/dev/kvm" dev="devtmpfs" ino=82 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 27.220839][ T30] audit: type=1400 audit(1782451141.286:176): avc: denied { write } for pid=496 comm="syz.4.80" name="kvm" dev="devtmpfs" ino=82 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 27.451415][ T60] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 27.711354][ T60] usb 3-1: Using ep0 maxpacket: 32 [ 27.831395][ T60] usb 3-1: config 0 has an invalid interface number: 146 but max is 0 [ 27.864358][ T60] usb 3-1: config 0 has no interface number 0 [ 27.908028][ T557] syz.0.103 (557) used greatest stack depth: 20872 bytes left [ 27.925487][ T381] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 27.938211][ T60] usb 3-1: config 0 interface 146 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 27.950515][ T60] usb 3-1: config 0 interface 146 altsetting 0 has an invalid endpoint with address 0xE3, skipping [ 27.955402][ T561] loop3: detected capacity change from 0 to 2048 [ 27.961340][ T60] usb 3-1: config 0 interface 146 altsetting 0 has an invalid endpoint with address 0xF2, skipping [ 27.979862][ T60] usb 3-1: config 0 interface 146 altsetting 0 endpoint 0x1 has invalid maxpacket 26159, setting to 1024 [ 28.022905][ T561] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 28.044992][ T60] usb 3-1: config 0 interface 146 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 1024 [ 28.080440][ T60] usb 3-1: config 0 interface 146 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3 [ 28.191252][ T381] usb 2-1: Using ep0 maxpacket: 32 [ 28.302619][ T60] usb 3-1: New USB device found, idVendor=05da, idProduct=009a, bcdDevice=62.95 [ 28.311843][ T381] usb 2-1: config 0 has an invalid interface number: 51 but max is 0 [ 28.319929][ T381] usb 2-1: config 0 has no interface number 0 [ 28.344226][ T580] loop0: detected capacity change from 0 to 512 [ 28.360302][ T60] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 28.371083][ T60] usb 3-1: Product: syz [ 28.375458][ T60] usb 3-1: Manufacturer: syz [ 28.385204][ T60] usb 3-1: SerialNumber: syz [ 28.395539][ T580] ======================================================= [ 28.395539][ T580] WARNING: The mand mount option has been deprecated and [ 28.395539][ T580] and is ignored by this kernel. Remove the mand [ 28.395539][ T580] option from the mount to silence this warning. [ 28.395539][ T580] ======================================================= [ 28.412951][ T588] loop4: detected capacity change from 0 to 512 [ 28.437014][ T60] usb 3-1: config 0 descriptor?? [ 28.447571][ T588] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 28.461569][ T515] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 28.468561][ T515] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 28.504178][ T588] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1176: group 0, block bitmap and bg descriptor inconsistent: 42 vs 41 free clusters [ 28.519061][ T588] EXT4-fs error (device loop4): ext4_do_update_inode:5260: inode #16: comm syz.4.115: corrupted inode contents [ 28.519809][ T580] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 28.542691][ T588] EXT4-fs error (device loop4): ext4_dirty_inode:6108: inode #16: comm syz.4.115: mark_inode_dirty error [ 28.542755][ T580] ext4 filesystem being mounted at /16/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 28.564504][ T381] usb 2-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 28.573714][ T381] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 28.573735][ T588] EXT4-fs error (device loop4): ext4_do_update_inode:5260: inode #16: comm syz.4.115: corrupted inode contents [ 28.591289][ T381] usb 2-1: Product: syz [ 28.597786][ T381] usb 2-1: Manufacturer: syz [ 28.607789][ T381] usb 2-1: SerialNumber: syz [ 28.620172][ T381] usb 2-1: config 0 descriptor?? [ 28.624122][ T588] EXT4-fs error (device loop4): __ext4_ext_dirty:183: inode #16: comm syz.4.115: mark_inode_dirty error [ 28.637292][ T588] EXT4-fs error (device loop4): ext4_do_update_inode:5260: inode #16: comm syz.4.115: corrupted inode contents [ 28.649374][ T588] EXT4-fs error (device loop4): __ext4_ext_dirty:183: inode #16: comm syz.4.115: mark_inode_dirty error [ 28.661057][ T588] EXT4-fs error (device loop4): ext4_do_update_inode:5260: inode #16: comm syz.4.115: corrupted inode contents [ 28.673193][ T588] EXT4-fs error (device loop4) in ext4_orphan_del:303: Corrupt filesystem [ 28.681997][ T588] EXT4-fs error (device loop4): ext4_do_update_inode:5260: inode #16: comm syz.4.115: corrupted inode contents [ 28.694083][ T588] EXT4-fs error (device loop4): ext4_truncate:4317: inode #16: comm syz.4.115: mark_inode_dirty error [ 28.705914][ T588] EXT4-fs error (device loop4) in ext4_process_orphan:345: Corrupt filesystem [ 28.715259][ T588] EXT4-fs (loop4): 1 truncate cleaned up [ 28.718482][ T381] usb 3-1: USB disconnect, device number 2 [ 28.726942][ T588] EXT4-fs (loop4): mounted filesystem without journal. Opts: barrier=0x0000000000000007,minixdf,,errors=continue. Quota mode: writeback. [ 28.742600][ T594] loop0: detected capacity change from 0 to 256 [ 28.755501][ T588] ext4 filesystem being mounted at /31/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 28.783654][ T594] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe3908169, utbl_chksum : 0xe619d30d) [ 28.913528][ T604] usb usb8: usbfs: process 604 (syz.0.120) did not claim interface 0 before use [ 29.058873][ T618] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 29.088623][ T629] loop4: detected capacity change from 0 to 256 [ 29.107906][ T618] kvm: pic: non byte read [ 29.117938][ T618] kvm: pic: non byte read [ 29.128541][ T618] kvm: pic: non byte read [ 29.139001][ T618] kvm: pic: non byte read [ 29.351994][ T647] netlink: 'syz.0.140': attribute type 12 has an invalid length. [ 29.383527][ T648] loop2: detected capacity change from 0 to 40427 [ 29.407906][ T654] loop0: detected capacity change from 0 to 16 [ 29.424821][ T648] F2FS-fs (loop2): Corrupted extension count (64 + 1 > 64) [ 29.432091][ T648] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 29.441927][ T648] F2FS-fs (loop2): invalid crc value [ 29.448074][ T648] F2FS-fs (loop2): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109) [ 29.486203][ T648] F2FS-fs (loop2): Start checkpoint disabled! [ 29.498104][ T648] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 29.505535][ T648] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 29.534167][ T654] erofs: (device loop0): erofs_read_superblock: blkszbits 9 isn't supported on this platform [ 29.971784][ T684] ================================================================== [ 29.979891][ T684] BUG: KASAN: use-after-free in mutex_lock+0x8e/0x1c0 [ 29.986685][ T684] Write of size 8 at addr ffff88811b693550 by task syz.2.156/684 [ 29.994411][ T684] [ 29.996743][ T684] CPU: 0 PID: 684 Comm: syz.2.156 Not tainted syzkaller #0 [ 30.003943][ T684] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 30.014015][ T684] Call Trace: [ 30.017295][ T684] [ 30.020330][ T684] __dump_stack+0x21/0x30 [ 30.024667][ T684] dump_stack_lvl+0x110/0x170 [ 30.029348][ T684] ? show_regs_print_info+0x20/0x20 [ 30.034554][ T684] ? load_image+0x3f0/0x3f0 [ 30.039064][ T684] print_address_description+0x7f/0x2c0 [ 30.044613][ T684] ? mutex_lock+0x8e/0x1c0 [ 30.049075][ T684] kasan_report+0x10f/0x150 [ 30.053695][ T684] ? mutex_lock+0x8e/0x1c0 [ 30.058118][ T684] kasan_check_range+0x249/0x2a0 [ 30.063065][ T684] __kasan_check_write+0x14/0x20 [ 30.068018][ T684] mutex_lock+0x8e/0x1c0 [ 30.072264][ T684] ? wait_for_completion_killable_timeout+0x10/0x10 [ 30.078881][ T684] ? l2tp_session_put+0xaf/0x1a0 [ 30.083839][ T684] ? l2tp_session_delete+0x3a9/0x4a0 [ 30.089150][ T684] pppol2tp_release+0x178/0x2b0 [ 30.094012][ T684] sock_close+0xb8/0x200 [ 30.098259][ T684] ? sock_mmap+0xa0/0xa0 [ 30.102515][ T684] __fput+0x22b/0x900 [ 30.106505][ T684] ____fput+0x15/0x20 [ 30.110499][ T684] task_work_run+0x127/0x190 [ 30.115099][ T684] exit_to_user_mode_loop+0xd0/0xe0 [ 30.120315][ T684] exit_to_user_mode_prepare+0x87/0xd0 [ 30.125795][ T684] syscall_exit_to_user_mode+0x1a/0x30 [ 30.131267][ T684] do_syscall_64+0x58/0xa0 [ 30.135691][ T684] ? clear_bhb_loop+0x50/0xa0 [ 30.140366][ T684] ? clear_bhb_loop+0x50/0xa0 [ 30.145048][ T684] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 30.151030][ T684] RIP: 0033:0x7fb054122e59 [ 30.155446][ T684] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 30.175052][ T684] RSP: 002b:00007ffc0a397dc8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 30.183473][ T684] RAX: 0000000000000000 RBX: 00007ffc0a397eb0 RCX: 00007fb054122e59 [ 30.191467][ T684] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 30.199525][ T684] RBP: 00000000000074df R08: 0000000000000001 R09: 0000000000000000 [ 30.207492][ T684] R10: 0000001b2da20000 R11: 0000000000000246 R12: 00007ffc0a397ef0 [ 30.215464][ T684] R13: 00007fb05439bfac R14: 0000000000007523 R15: 00007fb05439bfa0 [ 30.223525][ T684] [ 30.226537][ T684] [ 30.228852][ T684] Allocated by task 685: [ 30.233079][ T684] __kasan_kmalloc+0xd4/0x100 [ 30.237752][ T684] __kmalloc+0x13d/0x2c0 [ 30.241990][ T684] l2tp_session_create+0x39/0xb60 [ 30.247006][ T684] pppol2tp_connect+0xbf5/0x1640 [ 30.251938][ T684] __sys_connect+0x3cb/0x450 [ 30.256525][ T684] __x64_sys_connect+0x7a/0x90 [ 30.261290][ T684] x64_sys_call+0x7c/0x9a0 [ 30.265699][ T684] do_syscall_64+0x4c/0xa0 [ 30.270112][ T684] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 30.275995][ T684] [ 30.278309][ T684] Freed by task 684: [ 30.282187][ T684] kasan_set_track+0x4a/0x70 [ 30.286774][ T684] kasan_set_free_info+0x23/0x40 [ 30.291703][ T684] ____kasan_slab_free+0x125/0x160 [ 30.296804][ T684] __kasan_slab_free+0x11/0x20 [ 30.301566][ T684] slab_free_freelist_hook+0xc2/0x190 [ 30.306933][ T684] kfree+0xc4/0x270 [ 30.310733][ T684] l2tp_session_put+0xaf/0x1a0 [ 30.315492][ T684] l2tp_session_delete+0x3a9/0x4a0 [ 30.320597][ T684] pppol2tp_release+0x169/0x2b0 [ 30.325440][ T684] sock_close+0xb8/0x200 [ 30.329675][ T684] __fput+0x22b/0x900 [ 30.333660][ T684] ____fput+0x15/0x20 [ 30.337630][ T684] task_work_run+0x127/0x190 [ 30.342213][ T684] exit_to_user_mode_loop+0xd0/0xe0 [ 30.347403][ T684] exit_to_user_mode_prepare+0x87/0xd0 [ 30.352853][ T684] syscall_exit_to_user_mode+0x1a/0x30 [ 30.358303][ T684] do_syscall_64+0x58/0xa0 [ 30.362717][ T684] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 30.368602][ T684] [ 30.370912][ T684] The buggy address belongs to the object at ffff88811b693400 [ 30.370912][ T684] which belongs to the cache kmalloc-512 of size 512 [ 30.384955][ T684] The buggy address is located 336 bytes inside of [ 30.384955][ T684] 512-byte region [ffff88811b693400, ffff88811b693600) [ 30.398221][ T684] The buggy address belongs to the page: [ 30.403858][ T684] page:ffffea00046da400 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11b690 [ 30.414093][ T684] head:ffffea00046da400 order:2 compound_mapcount:0 compound_pincount:0 [ 30.422408][ T684] flags: 0x4000000000010200(slab|head|zone=1) [ 30.428475][ T684] raw: 4000000000010200 ffffea00046da300 0000000700000007 ffff888100042f00 [ 30.437062][ T684] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 30.445632][ T684] page dumped because: kasan: bad access detected [ 30.452048][ T684] page_owner tracks the page as allocated [ 30.457749][ T684] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 140, ts 5239974643, free_ts 0 [ 30.475893][ T684] post_alloc_hook+0x192/0x1b0 [ 30.480697][ T684] prep_new_page+0x1c/0x110 [ 30.485221][ T684] get_page_from_freelist+0x2c3a/0x2cd0 [ 30.490775][ T684] __alloc_pages+0x1a2/0x460 [ 30.495367][ T684] new_slab+0xa0/0x4d0 [ 30.499427][ T684] ___slab_alloc+0x3ac/0x840 [ 30.504009][ T684] __slab_alloc+0x49/0x90 [ 30.508343][ T684] __kmalloc_track_caller+0x169/0x2c0 [ 30.513784][ T684] __alloc_skb+0x210/0x730 [ 30.518206][ T684] alloc_skb_with_frags+0xa8/0x620 [ 30.523316][ T684] sock_alloc_send_pskb+0x87f/0x9a0 [ 30.528517][ T684] unix_dgram_sendmsg+0x6f3/0x19b0 [ 30.533619][ T684] unix_seqpacket_sendmsg+0x118/0x1e0 [ 30.538983][ T684] sock_write_iter+0x2a6/0x3a0 [ 30.543747][ T684] do_iter_readv_writev+0x477/0x5f0 [ 30.548939][ T684] do_iter_write+0x207/0x7b0 [ 30.553527][ T684] page_owner free stack trace missing [ 30.558880][ T684] [ 30.561195][ T684] Memory state around the buggy address: [ 30.566813][ T684] ffff88811b693400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.574864][ T684] ffff88811b693480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.582917][ T684] >ffff88811b693500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.590966][ T684] ^ [ 30.597627][ T684] ffff88811b693580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.605681][ T684] ffff88811b693600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.613728][ T684] ================================================================== [ 30.621774][ T684] Disabling lock debugging due to kernel taint [ 30.690135][ T60] usb 2-1: USB disconnect, device number 3 [ 30.699911][ T30] kauditd_printk_skb: 50 callbacks suppressed [ 30.699924][ T30] audit: type=1400 audit(1782451145.326:227): avc: denied { read } for pid=83 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 30.768363][ T30] audit: type=1400 audit(1782451145.326:228): avc: denied { search } for pid=83 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 30.811880][ T30] audit: type=1400 audit(1782451145.326:229): avc: denied { write } for pid=83 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 30.871278][ T30] audit: type=1400 audit(1782451145.326:230): avc: denied { add_name } for pid=83 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 30.934747][ T30] audit: type=1400 audit(1782451145.326:231): avc: denied { create } for pid=83 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 31.000667][ T30] audit: type=1400 audit(1782451145.326:232): avc: denied { append open } for pid=83 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 31.047727][ T30] audit: type=1400 audit(1782451145.326:233): avc: denied { getattr } for pid=83 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1