last executing test programs: 13.48071778s ago: executing program 0 (id=474): socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x3, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x218, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = socket$qrtr(0x2a, 0x2, 0x0) getpgid(0xffffffffffffffff) r1 = syz_io_uring_setup(0x497, &(0x7f0000000200)={0x0, 0x4661, 0x400, 0x3, 0x288}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) ioctl$DRM_IOCTL_GET_CAP(0xffffffffffffffff, 0xc010640c, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}) syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff) ioctl$CEC_S_MODE(0xffffffffffffffff, 0x40046109, 0x0) io_uring_enter(r1, 0x40f9, 0x217, 0xa5, 0x0, 0x0) 12.368807097s ago: executing program 0 (id=479): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x8, 0x2, 0x4, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xe, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) bind$inet(r3, &(0x7f0000000080)={0x2, 0x4e21, @multicast1}, 0x10) connect$inet(r3, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000000)=[@mss, @sack_perm, @window={0x3, 0x7}, @mss={0x2, 0xfff}, @window={0x3, 0x0, 0x401}, @window], 0x20000000000000e4) setsockopt$inet_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f00000001c0), 0x4) sendto$inet(r3, &(0x7f0000000000), 0xffffffffffffff94, 0xb, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000280)='./file0\x00', 0x2800000, &(0x7f0000000380)={[{@debug}, {@delalloc}, {@journal_ioprio}, {@test_dummy_encryption}, {@nodiscard}, {@min_batch_time={'min_batch_time', 0x3d, 0x4}}, {@acl}, {@barrier}]}, 0x1, 0xbb4, &(0x7f00000017c0)="$eJzs3M1rXOUaAPDnnHy2zb2TXi6X27tpLpdLC+I0raTYIthKxY0LQbdCQzopIdMPkkhNmsVE/wFR14IbQS1KF3bdjYJbN1q3FhdCkdgoiGjkzEeSJjNJ2k5yYvL7wZvzvvOcOe/z5DBzzgszE8CeNZD9SSMORcT5JKJQfzyNiO5qrzeiUttvYX525Jf52ZEkFhdf/jGJJCLuz8+ONI6V1LcH6oPeiPjquST+8ebaeSenZ8aHy+XSRH18bOrS1WOT0zNPjl0avli6WLp8/OTTQyeGTg6eGmpbrb9+d+bWz/994fvKbx/9fuOndz5I4kz01WMr66hX/dgGYmDpf7JSZ0QMt+H4O0FHvZ6VdSadGzwp3eKkAABoKV1xD/evKERHLN+8FeLzr3NNDgAAAGiLxY6IRQAAAGCXS6z/AQAAYJdrfA7g/vzsSKPl+4mE7XXvbET01+pfqLdapDMq1W1vdEXE/vtJrPxaa1J72mMbiIi73576NGvR5HvIW60yFxH/bnb+k2r9/fVvQq+uP42IwTbMP7Bq/Feq/0wb5s+7fgD2pttnaxeytde/dOn+J5pc/zqbXLseRd7Xv8b938Ka+7/l+jta3P+9tMk5rn/43rVWsaz+Z249/0mjZfNn28cq6iHcm4v4T2ez+pOl+pMW9Z/f5ByFP66VWsXyrn/x/Ygj0bz+hmT93yc6NjpWLg3W/jadY+7LoY9bzZ93/dn539+i/o3O/9UHjtT6R31ePXfuZqvYxvWnP3Qnr1R73fVHXh+empo4HtGdvLj28RPr19vYp3GMrP6j/1v/9d+s/uw9oVL/P2SVz9W32fiNVXM+e+P6Z+vVn6398jz/Fx7x/L+1yTn+/8XbR1vFVq5/s5bNfzeprYUBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoCGNiL5I0mJEJNV+mhaLEQci4p+xPy1fmZx6YvTKa5cvZLGI/uhKR8fKpcGIKNTGSTY+Xu0vj0+sGj8VEQcj4t3Cvuq4OHKlfCHv4gEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFhyICL6IkmLEZFGxEIhTYvFvLMCAAAA2q4/7wQAAACALWf9DwAAALuf9T8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABb7ODh23eSiKic3ldtme56rCvXzICtluadAJCbjrwTAHLTmXcCQG4eco3vdgF2oWSDeG/LSE/bcwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABg5zpy6PadJCIqp/dVW6a7Hutq+ozD25gdsJXSvBMActOxXrBz+/IAtp+XOOxdzdf4wF6SbBDvXd6n8mCkZ8tyAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGDn6au2JC1GRFrtp2mxGPG3iOiPrmR0rFwajIi/R8Q3ha6ebNyTd9IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC03eT0zPhwuVya0NHRybeT7Iw0ap2835kAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMjD5PTM+HC5XJqYzDsTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIG+T0zPjw+VyaWITnZsPs/OKTt41AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACQnz8DAAD//9b4DfQ=") r4 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r4, 0xc0406618, 0x0) recvfrom$inet(r3, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0xc9100120, 0x0, 0xfffffffffffffd25) 9.923915231s ago: executing program 0 (id=482): creat(0x0, 0x60) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getrlimit(0x9, &(0x7f00000000c0)) r0 = getpid() sched_setscheduler(r0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket(0x1, 0x3, 0x0) ioctl$SIOCGETMIFCNT_IN6(r3, 0x89e0, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) r5 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0) ioctl$RNDADDTOENTCNT(r5, 0x40045201, 0xfffffffffffffffe) sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a78000000060a0b0400000000000000000200fffe4c0004802800018007000100637400001c000280080001400000000208000240000000160500030001000000200001800700010063740000140002800800024000000011080004400000000c0900010073797a30000000000900020073797a3200000000140000"], 0xa0}, 0x1, 0x0, 0x0, 0x840}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000340)) 9.789067829s ago: executing program 4 (id=483): futex(&(0x7f000000cffc)=0x4, 0x0, 0x4, &(0x7f000000b000)={0x77359400}, 0x0, 0x0) 8.233207779s ago: executing program 5 (id=489): syz_mount_image$erofs(&(0x7f0000000100), &(0x7f0000000300)='./file0\x00', 0x0, &(0x7f0000008fc0)={[{@dax}, {@cache_strategy_readahead}, {@cache_strategy_readahead}, {@cache_strategy_readahead}, {@cache_strategy_disabled}, {@cache_strategy_disabled}, {@noacl}]}, 0x1, 0x181, &(0x7f0000000500)="$eJzsmLFOwkAYx/93RVBjfAAXB0nEGEtb1LAwYOJuImrcJFIJWsBATYTEwQdwdDBxcfAFHJ0cfAsd1MmF0fnMtQdciIDGEAe/3/Dld9zHcf1I/kNBEMS/5e314+ViLZ2TPoU4Yurzd6Pbw7X+56uTxcvM+vXd0+1jZfrsvve8cQBCIP7d348AeMga8NVaCCH0/fZBOfCOb4FjQfkOGEzle+DYVu6CYVf5oeZV2W+aByXPNferXkGKJYstiyNLqvd+rXOGgnY/pu3XG82jvOe5tRHKsPm1shwZ7X76/9WejaXNzwaHrTwFhk3lacTaswlHoj3/TKR7vvH75wcb+dRISEj+Trr5JG4Y5rV8imj5kfTLx8l6o7lUKueLbtGtOE5q1Vq2rBUnGQRRWAfk30SQT5Pa+WN9eqMsitO879fssHbWTli/Slwe5B9HYi5cy+yP9r1NuM/U91hgCWNAO0EQBEEQBEEQBEEQBEEQxA+YBQvegg7B2Qi6PwMAAP//rvp2fg==") mkdirat(0xffffffffffffff9c, 0x0, 0x0) 8.160397382s ago: executing program 5 (id=490): syz_mount_image$btrfs(&(0x7f0000005100), &(0x7f0000000000)='./file1\x00', 0x810, &(0x7f0000000600), 0x1, 0x50f3, &(0x7f000000a2c0)="$eJzs3U+IVWUfB/Dnzp1x5lVw7isEtsoikGrh4CYioqtMUFF0y8VgBE4tgnThJEi0EMQW/Vt4S4paSK6kFsksjKA2LqQwArehYS7cKAaSi3Yac8957pz7HO+5d0ZtTD8fmTnnOb/zPOe5l7O43+uccwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACEEF74/bNDVfVT16bPnJtp7jywZebyvul1p0OodbbX8vqOrc++8ua2HS9OxA6zL2fLRqPfkFnX81ljVc/GhX69P6+HEMaSAer58pk1pVGLq3vKA1a6fnH30U17mxuPH27Xr146e7L80lkwsdITWCn5eXVh8Vxqdn6PJHt024VTr9Zzimb90xPuX3kRAMCSTLU6i+7H0fwjbre9P60n7WbSbift+AmhXWwsRzbuqn7z3JDWV2iezSwqjPedZ1LP3/9uu5X2T9pJ1FjCPHt3zSPNRL95ziX1lZonAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJ3kkbdHH6qqn7o2febcTHPngS0zl/dNrzsdQqOzvZaVa6vfP9z869utxw78uPmr4xeef6ye94vL0cLO4be48sRkCG8UKhfisBfXhtDqLXSa4cty4a3OynOxAAAAwN3k/s7vkW47i4NjPe1aJ03WOv+iLCxev7j76Ka9zY3HD7frVy+dPbn88Vp9xmvecLxuu7H4UysE4xh/0/EW63HXPaVxqqUjpnn+8fNTf1f1L+X/RnX+j++c/A8AAMDNkP/TcaoNyv/fvfbHJ1X9S/l/Q88hS/k/zjjm/5GwvPwPAAAAd7Lbnf+bpXGqDcr/4y+NfV3Vv5T/p4bL/6PFaceNv8YJ75oMYWrQ1AEAAIA+4v+7L361EPN69s1BmtefevTguarxSvm/OVz+H7ulrwoAAAC4GUe+2P5wVb2U/1vD5f/x2zprAAAAYCne+XDig6p6Kf/PDpf/V+fL/MqHrNNP8a8QDk2GMLGwMpcVfg7tp7sFAAAA4BaJOf3PT3f+ULVfKf/PVd//P97pIF7/33P/v9L1/4VCdte/J90YAAAAgHtR+Xr+eHv87MkF/Z6/P+z1/w/87+CrVccv5f/9w+X/enF5K5//BwAAAMvwX3v+3/bSONUG3f//vo/e/aWqfyn/t4fL/3G5pvjyTtRq2fvz3mQI6xdW8rsJfhMPtyspzI8VCh2tpMe22CMvzI8XCh1zSY/NkyE8uLCyPyn8PxbaSeHK2rxwJCmcjoX8fOgWjiWFE/FM+3xtPt208H0s5BdYzMcrKNZ0L4lIelzt12OhcMMeZ7sHBwAAuKfE8Jxn2bHeZkij7Hxt0A6rB+0wMmiH+qAdRpMd0h37bQ+zvYW4vX1m49Ke/39kuPwf34pV2aLf9f8hXv+fP9ewe/3/bCw0ksJ8LLTSOwa04jGysPtxPEajlfe4sr5bAAAAgLta/F6gvsLzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP5h715j5KruA4CffY734fVCUoXQKNkkNY6beL22gUQtVdaUqhEpzbqhoCqi2NhrsnjBjm1KjEJkbCIaIShtkJIPRRhFUc0HqBWISAoIFymOUHlEVEUBBAqtIQoipSQRaYIUqtl7z+ydc3cefqzx0t9P8s6Z+Z/nnYfn3HvnXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+P/h4Feu+dtm8Ud/e96zL1w8fsWetRe/et15pz4ZwsTM4x1ZuKP/xtvHf373uffseWD1HfcdPv+jvXm5PB4Gqn868zs3xFoPLw7h/o4QutPAisEs0JPfH4z1vW8whFPCbKBWYrI/K5E2HL7fF8K+MBuoVfW9vhAGC4ELn3rk4Zuridv6QlgaQqikbTxfydroSwNn9GaB/jSwtTsL/OqtTC3w3c4sAMcsvhlqL/oDE/UZhucu1+D113PcOvb2SofXFRPDjfP9bO08d6qgN31g4pietlJ1zIvS2+Ogd9sCeLeVtvOtnrbiF6n8G8pbs6FK6Nw0uXnD1dM74yOdYXS0q1FN8/Q8P/P6lzYeSXrBvA5jB4aPy+vwlieW3t21/ILH71ux9OX9H9v7yrF280eFTVpMz7dKyF9zC+Z5jMZ9niyAt1/pW9KIL10hhM2f/73PNIuX5v/Dzef/8eUcbzvrcsda3xzK5ubxkcGYeG0om5sDAADAgrEQ9ppuHX3oE83qK83/R9o7/h8P+eeT+Wy0B0MYn0nsXRLCaTOPZ4G7YnOXLQnhgzOpifrA2iRwMIT3ziSW16pKSiyKJUaSwE+G8sB4EjgUAxNJ4FsxcGsSuCEGDiSBjTFwMAmcGwNhqn4cvz+Uj6PtQF8MrM824oF4FsIvhmJrybZ6rlYVAADAcZLPDnvq7xbOdTjWDHF6eaCvVYZ4BnbDDJWkhnQGW5tWNayhu1UNna1qqI17d/Phl2ruaFVz6TSMjvoMt//ybz4bmijN/8eaz/8rc3Sko3T8P4R1M39j7s48Ml2Lr5+oywAAAAAcg4H/ffGbzeKl+f94e+f/x30iXYXM4bG4G2LLkhDG6gNZtX9YDmRHvQfyAAAAACwEtePxtWPhU/ltdop2Op8u5584wvzxwP/4nPl7Dz64vll/S/P/ifbO/++vv806cSj24mtLQlhUCPwg9rIamDESAz/+ZH0gH/+huAFuilXlJybUqropllgfA2NJYF+jEj+slTitPpA/WbXG99bGMZWXKAQAAADghIu7A+Jx+Xj+/4d+s/qaZuVK8//1R3b+/8w8uHR6//RACCu7Q+hKfxjwWH+2MGAMDHbkiYf6s7q60qqu7w/hnOrA0qpezNf/707XGHyqL6sqBk770P7Xz6gmvtkXwspi4OnP3XlWNbEzCdQa/8u+ED5QHW3a+HcWZY33pI1/fVEI7y8EalVdtiiEamO9aVWPVPLrGKRV/XMlhHcVArWqzq6EsCsAsEDF/0o3FR/csevaLRumpye3z2Mi7sPvC5unpidHN26d3lRp0KdNSZ/rljG6vjymdq9881y+RNFF964bbCdd+53gWLGtfD9+6cTB/H78LtQzM87VPXV316RD/siHy02EwjepRkPunOch9xcrmX0SS/XH/L1hICy6esfk9tEvbti5c/uq7G+72Vdnf+NhpmxbrUq3Vf9cfWvj5dFwtazE0W6rZcVKVu68ctvKHbuuXTF15YbLJy+fvGrV2avHzhxbM/bxM1dWRzWW/W0x1GVzVZ0M9a072xzXcRzq6d2FSk7Ep4aEhMRCS2wdWNb0/+TS/H9b8/l//NSJn/z5+gyNjv8Px8P82eOzh/nXx8C+do//Dzc6ml87MWAkCeyOgd0O8wMAAPDOECf5cW9m3Cv90+XfeblZudL8f3d7v/8/Tuv/15auP7/RMv/LY4mxRuv/p8v819b/391o/f90mf/a+v/73ob1/6+uBZJN8gvr/wMAAO8EJ279/5bL+6cXCChlaLm8f3qBgFKGlsv4t3uBgCNe///5//yr/w5NlOb/t7Y3/7dwPwAAAJw8vvxn1/xOs3hp/r+vvfn/iV//LzQ6/3+kUWCi0cKA1v8DAABggWq0/t/wjf2XNitXmv8faG/+H0+76KzLHWt9cyhb0y6ka9q9NlT7yQAAAAAsDJ1hdLSnzbx1K6OuPfo2n8mXAm2WLnrxTw4f2fn/B9ub/9f9LuOWJ5be3bX8gsffvG/F0pf3f2zvK7PH/wEAAID50+5+CQAAAAAAAAAAAAAA4O334n/sWdMsXvr9f1g383ij3//H6/7F3xe8uy53rLX1+n/5/Qs/fc+umSULHxsK4cPFwJY9W04J+bX5lxUDD1+y/D3VxJ60xIMvnPtSNXFpGvjUilPfqCbOSQLr4yKJ700D8aqKbyxOAnF5xX9PA3F7HEgDvXngq4uzcXSk2+qng9m26ki31bODISwpBGrb6v7BrI2OdIC3JYHaAL+QBuIA/zwPdKa9umcg61UMDMaidwxkvQIA4KQVvwX2hM1T05Nj8St8vD29u/42qluy7PpytR1tNv9cvjTZRfeuG2wn3ZV+F5291nhPqFSHsKr0dbWYpWNmlMenlhab7t0NhtxqtbfOBuVSR7rpehuPqC8b0ejGrdObeloOfE3rLKu7W2ZZVZrsFLN0zmzSNmppoy9tjKjNbdNGl+P9zjA62pXk+oMYHA51Wr0i2v29fnGdv0avgmKeqw7v/VWz+krz/+H25v+V4rjeyC8GsDteWe/vlljmHwAAAObXV9f++hvx32dvfPTpZnlL8/+R9ub/cQ9Wfig429txMF7/f++SEGYurT+cBe6KzV22JIQPzqQmYonsgvrnxxJjWeCuuMNkeSyxfqK+qkUxcCAJ/GQoDxxMAodiIN9LsT/ku3L+fiiEs2ZS6+pLbIslhpPAZ2JgJAmMxsBYElgcA+NJ4NXFeWAiCfxbDISp+m117+J8WwEAAByJfJ7VU383pPO8A92tMnS0ytDfKkNnqwyVVhkajSLe/3bM0JOcvNJRyNST1tqX1FLKEC+Gf8T9KmUIP6zPmRYsNR3PP6idb9BRn+GBT3RXQhOl+f9Ye/P//vrbrPVDcf4/e/2/LPCD2L2vxVPHR2Lgx5+sD+Q7Bg7Fye5Ntaom8hL5pP2mWGI8BkaSwLYYGE8C69flgX3vqQ/kM+1a43trjU/lJQoBAAAAOOHiDoK4mybO/+/Y8ZWBZuVK8//x9ub/sb2BYmM3xFoPLw7h/o7Z3tQCKwazQNyPMRh/Hv++wRBOKezgqJWY7M9K9CYNh+/3Zb9Q702r+l5f9uODeP/Cpx55+OZq4ra+EJYW9r7U2ni+krXRlwbO6M0C/Wlga3cWiHt+aoHvdmYBOGa1vYLxBZWf6lIzPHe5Bq+/d8o1QdPhlfaBzpFvrt9czZfSDtd8n2rNkT1tTfffctyU3h4HvdsW4rtt2Lut+EUq/4by1myoEjo3TW7ecPX0zvhI8ZesJfP0PBd/pdpO+ji8DncffW9bq6QdGEs+PsbmLjf367AjVnfLE0vv7lp+weP3rVj68v6P7X2l7W40EH8o/Mh1/zr4o8LmnW+VkL/mFtznyYTPk4X438CIpy2EsO7Vr9/ULF6a/0+0N//vTm5n/DpuzB1LQvhIYeM+Fjf/Hy/JPgcLgexT8l3lQHbI/b+GGn5yAgAAwPFW291R218wld9mJ4Sn8+Ry/okjzB/3V4zPmb/dfvf/9SVLm8VL8//1zef/i5JuOv7v+D/zxPH/OZ3su6IXpQ/sPqZd0aXqmBeO/8/pZH+3Of4/J8f/Hf+fi+P/LTj+P6eT/WkrfUva5ktXCOHlP3ro2Wbx0vx/W3vzf+v/zb1oX239v/WN1v/b1mj9v93W/wMAAOZVg4Xm0nleafW+UoZ09b5ShpYLBLZcYtD6f0e8/t9Lpz//m9BEaf6/u735f3w5DBRbXyjr/42sa1DVrTGwzcKAAAAAnIwa7SAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg7fXAP/zPpmbxR3973rMvXDx+xZ61F7963XmnPhnC1MzjHVm4o//G28d/fve59+x5YPUd9x0+/6OVvFxPfvu7dbljrW8OhbCv8MhgTLw2VL0zG7jw0/fs6q4mHhsK4cPFwJY9W06pJr41FMKyYuDhS5a/p5rYk5Z48IVzX6omLk0Dn1px6hvVxDl5oCPt7j8uzrrbkXb35sUhLCkEat29YnF9VbU2/jQPdKZt/NNg1kYMDMai3xjM2oiB6VhialEIK7tD6EqrerSSVdWVVvUvlayqrrSqL1dCOCeE0J1W9UJvVlV3OvIne7OqYuC0D+1//YxqYl9vCCuLgac/d+dZ1cQXkkCt8b/oDeED1ZdM2vi3e7LGe9LGb+sJ4f0hhN60xC+7sxK9aYkXu0N4VyFQa/zz3SHsCrwjxA+fuk+0Hbuu3bJhenpy+zwmevO2+sLmqenJ0Y1bpzdVkj410lFIv3X90Y/9ude/tLF6e9G96wbbSXfn5Xpmury6p+7umpO997Ff/cVKZp+PUv0xf28YCIuu3jG5ffSLG3bu3L4q+9tu9tXZ3648mm2rVQtlWy0rVrJy55XbVu7Yde2KqSs3XD55+eRVq85ePXbm2Jqxj5+5sjqqsezv8RjqnSd+qKd3Fyo5ER8AEhISCy3RWffpNnayf5CXvujPdrQnVGY+oEvTimKWjplRHo9Brz3KER/N95SWI1pVmjiUsqyeI8v19VnWlCYTs7X0ZVlmvteVJofFxjpnNmm83xlGR7sabYfh+rvFzfuzY9i8z+Sbrt00AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP/HDhwIAAAAAAD5vzZCVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVFXbgQAAAAAAAyP+1EaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwA8cCAAAAAML8rcPo2QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgEsBAAD//+erI4o=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x42, 0x1fe) ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(r0, 0x80489439, &(0x7f0000000040)) 8.136107886s ago: executing program 4 (id=491): setxattr$security_ima(0x0, 0x0, &(0x7f00000013c0)=ANY=[], 0x700, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_netfilter(0xffffffffffffffff, 0x0, 0x20000090) syz_emit_ethernet(0x0, 0x0, 0x0) r0 = socket$kcm(0x2d, 0x2, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89e2, &(0x7f0000000100)={r0}) syz_mount_image$fuse(0x0, 0x0, 0x3000009, 0x0, 0x1, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000001b00)=""/102392, 0x18ff8) r2 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000080)="1400000016000b63d25a80648c2594f9152cfc60", 0x14}], 0x1}, 0x4000000) 8.012579101s ago: executing program 1 (id=493): r0 = socket$inet_sctp(0x2, 0x1, 0x84) syz_io_uring_setup(0x83, &(0x7f0000000580)={0x0, 0xe7b7, 0x13500, 0x0, 0x352}, 0x0, 0x0) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r2, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15) r3 = dup(r2) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, 0x0) open(&(0x7f0000000100)='./file0\x00', 0x440, 0x0) write$FUSE_BMAP(r3, &(0x7f0000000000)={0x18, 0x0, 0x0, {0x3b9}}, 0x18) write$FUSE_DIRENTPLUS(r3, &(0x7f00000003c0)=ANY=[], 0xb0) write$FUSE_GETXATTR(r3, &(0x7f00000000c0)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r3, &(0x7f00000005c0)=ANY=[@ANYBLOB="b900"], 0xb8) mount$9p_fd(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000080), 0x1010412, &(0x7f0000000780)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r3]) r4 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x22) writev(r4, &(0x7f0000000000)=[{&(0x7f00000006c0)='\t', 0x2003f}], 0x1) sched_setscheduler(0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r5 = syz_open_dev$MSR(&(0x7f0000000580), 0xa, 0x0) read$msr(r5, &(0x7f0000032680)=""/102392, 0x18ff8) setsockopt$IP_VS_SO_SET_DELDEST(r0, 0x0, 0x488, &(0x7f0000000280)={{0x84, @empty, 0x4e20, 0x3, 'lblc\x00', 0x1d, 0x2, 0x2a}, {@loopback, 0x4e23, 0x10000, 0xc24, 0x9, 0xfffffffb}}, 0x44) 7.558794949s ago: executing program 3 (id=494): ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) unshare(0x2040400) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) bind$bt_l2cap(0xffffffffffffffff, 0x0, 0x0) syz_clone(0x60100000, &(0x7f0000002240)="dad1fae3f59257", 0x7, 0x0, &(0x7f0000002300), 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/asound/timers\x00', 0x0, 0x0) read$FUSE(r1, &(0x7f0000000200)={0x2020}, 0x2020) 7.503192308s ago: executing program 4 (id=495): r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, 0x0, 0x0) r1 = getpgid(0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x0, 0x0) r2 = epoll_create1(0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r4, &(0x7f0000000100)={0x20000014}) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r2, &(0x7f0000000000)={0xa0000001}) epoll_wait(r5, &(0x7f0000000340)=[{}], 0x1, 0x1000) syz_open_dev$sg(&(0x7f00000006c0), 0x738b, 0x101880) pipe2(&(0x7f0000001040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) gettid() write$P9_RGETLOCK(r6, &(0x7f00000000c0)=ANY=[], 0xffffff6a) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=@newlink={0x44, 0x10, 0x439, 0x70bd26, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, 0x20}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @geneve={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_GENEVE_UDP_CSUM={0x5, 0x8, 0x1}, @IFLA_GENEVE_UDP_ZERO_CSUM6_RX={0x5, 0xa, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4c880}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000000880)=ANY=[@ANYBLOB="200000002d00010026bd7000fcdbdf25040000000c000c000100000001000000e3209ee11a777a4efe00fdb72feefc070a2ef871c1e5092b1aca5981e9451cc104d0a45b09b794c0aa46f7bee0831d3a0f87a9e1acabf8abc5e3479dae9624d80fd2188719cd4f5f971a23b471f2c79d7448a5378675499a1870c187dee7bd5948fec37e7e1fb7d35ef228384daf967bb605d3275877f842"], 0x20}, 0x1, 0x0, 0x0, 0x800}, 0x4000804) 5.836390547s ago: executing program 1 (id=497): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = socket(0x2, 0x2, 0x1) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00', 0x0}) bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x6, 0x3, &(0x7f0000000200)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1}}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', r1, @xdp, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x99ec}, 0x94) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000040000000000000001000000950000000000000062449324"], &(0x7f0000000040)='GPL\x00', 0x5, 0x0, 0x0, 0x40f00, 0x40, '\x00', r1, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xff}, 0x94) r2 = socket$nl_route(0x10, 0x3, 0x0) openat(0xffffffffffffff9c, 0x0, 0x105042, 0x1db) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_mount_image$btrfs(&(0x7f00000055c0), &(0x7f0000005600)='./file0\x00', 0x0, &(0x7f0000000040)={[{@noacl}]}, 0x1, 0x5599, &(0x7f0000005680)="$eJzs3X1oVecdB/BzTaKhFpPV1alY6RSqdGVTW5DNUeNLZjvfkhq0NTXGaWudrViZW9qJCwliOi2NSh2jrjhkRVtWApO+iFPXoUM2psikszLnim44ahZ1gh2Tjdx7n+u955rk1nVNXz6fknvuc3/nec5zD+eP+731OTcCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAKIoSm289OevImvqxM8fNeeA/j7y669ljk5aNPnL25/N3TCuqWv1U3fSGlrq5UzqaKxfPP3p1/aEoSqT6pfsvnHzfA4/OWTizNAxYX53alpd3ecjk4+lUo2/Oi539cv8WRVFUEhugKL2tLMpqJ+IHiFblD9it6k1X3lxWM/XtxssXJg6vHbU3/63TqbS3J9Bb0tfVmWvXUkXysU9sj0w769JL5Fyiqf7xC+4jeRMAwAcypiq5yXwcTX/EzbQb4/VYuyLWbo21wyeE1uzGjUiN27ered4er/fSPCtSUaFfl/OM1dPnP9OuivePtWNR4wPMM3fXdKQp7WqeK2P13ponAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwMfJu5PmXZgy/cXLfSfV7hiy4a+z+mxcv+9UbfVLd+2sPrHujf61ddMbWurmTulorlw8/+jV9YeiqDzZL5Hqnnhj08Kn+tbNfHDzQ2srZ0w49FpRetywLc7aOfpjePLVsij6VlblTBj23IAoqsotJJvRj/MLy5JP7g8FAAAAPk2GJB/7ZNqpOFiS004k02Qi+V+QCovVm668uaxm6tuNly9MHF47au+Nj1fVxXgV1x0v0y6/9pfICsYh/sbHu1YPu67KG6d78RHjef7YtHdmnBlRf27rlfNNTWsv7h534K73tkw93/zNd/av6Hf/cyPy8n959/k/nDn5HwAAgP+F/B8fp3s95f+3ZlfOaPvDvT/6/biv/31o9cZ3m/YmVg09vmLkd+ZNPPXa869fzcv/t+ccMi//hxmH/N8nurH8DwAAAB9n/+/8X5E3Tvd6yv/PHDwxdM+ogzWN0furyv6VOLhk36nnvtZ8ec29216oPDvrsf55+X9MYfm/OHva4cXfhQkvL4uiMYWfVAAAACBH+P/u175aCHk99c1BPK+/PP7FnRdLZxYvKf7yrl3bnl5TevcdA5fWLn5l9EtDnjg8/9nVefm/orD8X/LRvF0AAACgAIs23L100D/mjd+2pH32rVePVg66Z/vRO25un7G6Zv2kFbec/kpe/q8qLP/36523AwAAAFzHsfmPLFrxt9071v16xOQxpe9PGTn7e3WX9hwe++9RNR0vjP/GW3n5v76w/H9Tepte+ZDqdCj8K4QtZVFU2vlkZarwm6h1YqYAAAAAfEhCTm/44eylDZuf2fbPizV3vtJ8y8utf374C+V3bpz2s+9vOT63adO+vPy/svv7/4c7HYT1/zn3/8tb/59VSN31b4IbAwAAAPBZlL+eP9weP/XLBV39/n6h6/8fe3r4o1u/+5Olv7itfHfitpNPfumJ5ocrfzpwYHvL6JHNRYNL8vJ/Y2H5vyh7+2H+/h8AAADcgE/a7/89lDdO93q6//+0BesOL2gf+/kDLe3Pjxn02znFDy7Y+af2m/c/Oax9/7nzLcPy8n9rYfk/bPtnv70D4fw0l0XR4M4n6bsJ7grTXR4rtJVkFVInPtZjTuiRLrT1yyokrYz1GFcWRV/sfNIYK3wuFFpjhY4B6cL2WOFIKKSvh0zh1VjhQLjStg5ITzdeeD0U0gss2sIKiv6ZJRGxHpe66tFZuG6Pk5mDAwAAfKaE8JzOsiW5zSgeZdsSPe1wU0879Olph6KediiO7RDfsavXo/rcQnj9L6dXv/f48l/WTmi4Z+7kPcOOP37f2bE/+PbaX83uv6XxxKUpTXn5f3th+T+cir6pTVfr/6Ow/j/9u4aZ9f/1oVAeK7SFQlX8jgFV4RipsLshHKO8Kt2jY3CmAAAAAJ9q4XuBol6eBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBf9u49Sq6qThTw7nd30uk0OI6AykSdJEZMdydBlICLPERUjHQYZFTGPEg65NEkIQ8kwYWBsBwUdQLBxDvDXQS4WYCixDgEERgSlcC9RHnNMAzyFLiBUSFc3nCZ3NV9aleqzulKV0wa0tzv+6NrV/3289Sja59zah8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPj/w+BDv7LgilOeuWnkC3936imNC59+bsxlB3/kiPqb5h48/PUtd8+6fcrxZ10w5eSJO1YeO+Mrd7/591tDaO8uV5EUr/j5RVOX1U6Z9KWLv3zOsZ8/auum2ly9uXgY2PWnMnfn/Njqk4NCuKEihOp0YGRjEqjJ3W+M9b2vMYQDwq5AvkTHgKREuuFwW0MI68KuQL6qGxtCaCwInHTvL2/9blfikoYQhoYQ6tJtPFyXtNGQDgyrTQID0oEF1UnglZ2JfODnlUkA9lp8M+Rf9BvaizM091yuxOuvZp917O2VHl5VTDSXzven8X3cqQK16Qfa9+ppy1RHn8i8PTZ7t/WDd1tmO6/ytBV+kcp9Q9m5K1QXKmd2zJq+tHNJfKQytLRUlaqpj57nh5//+ow9Sfeb12HsQPM+eR1W7dh+59mNn7pu9aD1r64ce+WWve3mQwWbtDDd1+pC7jXXb57HaJzPk37w9st8SxriS1cI4V9vqNv26hcuf/nTa7ZcPem8v13zzIjTW9veuO+F6yctWLXg+v/+i8z8v3n38//4co63lUW5Y6tvNCVz8/hIY0w815TMzQEAAKDf6A97Tac+NOvF4b/5xD9PvvHR7YOO/5tFqw/+de2Wdz34VOX4Z285ecT81zLz/yHlHf+Ph/wbC0e7OYRx3YmVg0M4qPvxJHBN7M6pg0P4QHeqvTgwPhXYHMLB3YkR+apSJepjiSGpwPamXGBcKrA1BtpTgfUxsCoVOD8GNqQCM2JgcyowIQbCnOJxfKQpN46yAw0xMC3ZiBviWQgvNMXWUtvqd/mqAAAA9pHc7LCm+G7BuQ57myFOLzc09JYhnoFdMkNdqob0DDY/rSpZQ3VvNVT2VkN+3Ct2P/xMzRW91Zw5DaOiOMPSb/7h/rFfXDW3euj22sNemnfczN8d8/41O1s++uPanT8cd9fahsz8v2338/+6HjpSkTn+H8Lk7r8xd2Uu0pmPT2svygAAAADshdETP/ZPl733l9fdcuLnfzv4jiOv2PjDqbVjv/XK0nt+uGLCudt+dEFm/j+uvPP/4z6RqoLMYVvcDTFvcAhtxYGk2qOygeSo98BcAAAAAPqD/PH4/LHwObnb5BTt9Hw6m799D/PHA//jesw//pC/fmzDf8z99k8nTjli7TmPzd9+1+EfrWn7m+cf/tIF86Z947JvZub/7eWd/z+g+DbpxNbYi9WDQ6gvCNwee9kV6DYkBh47pjiQG//WuAEujFXlTkzIV3VhLDEtBtpSgXWlStydL3FQcSD3ZOUbX5kfx5xciYIAAAAAvOXi7oB4XD6e/3/fgg/PPmpb3aG3rKr46V/uuKZz4vVtNc+M/VXT61/4whNff63xzMz8f9qenf/fPQ/OnN7fOTCE1uoQqtI/DNg2IFkYMAYaK3KJWwYkdVWlqzp3QAhHdw0sXdXjufX/q9NrDN7bkFQVAwd98Ornh3UlrmwIobUwcP8pl3+sK7EkFcg3/sWGEP6qa7Tpxq+vTxqvSTe+tj6EQwsC+apOrQ+hq7HadFW/rMtdxyBd1XV1IbyrIJCv6oi6EJYFAPqp+K90ZuGDi5ctnze9s7NjUR8m4j78hjBrTmdHy4wFnTPrSvRpZqrPRcsYnZsdU8nlkFLiEkWr7lk7tJx0/neCbYV9ye3Hz5w4mLsfvwvVdI9zdE3R3THpIX/4Q9kmQsE3qbdryAMKK9n1JGbqj/lrw8BQv3Rxx6KWs6YvWbJoVPK33Oyjk79xUMm2GpXeVgN66tt+8PIYXlhJ65LTF7YuXrZ85JzTp5/WcVrH/NFtYw5vO3LMqCM+3to1qrbkby9DHd5T1amh7rz8rR/qIdUFlbwVnxoSEhL9LfE/zjj95DuOnPOpE+5d+oGj1oybcPaNh89qXXPb9ZPWT3ts8I9GXZKZ/y/c/fw/furET/7c+gyljv83x8P8yeO7DvNPi4F15R7/by51ND9/YsCQVGBFDKxwmB8AAIB3hrg7Mu52jHutH6q74qrDL3329C2jJn7tzOaRv57wwXEHfvqML99x3H/+3/d/7xN//N+Z+f+K8n7/v4/W/88vXf+5Usv8j4gl2kqt/59e5j+//v+KUuv/p5f5z6//v+5tWP9/aT6Q2iQvWP8fAAB4J3jr1v/vdXn/9AUCMhl6Xd4/fYGATIZel/Ev9wIBe7z+/5PHXPv0B97/TPvPrr/j8ekXn3HOx9fUD9uxrL7l9m//+y9u/MqpgzLz/1Xlzf8t3A8AAAD7j2uPffLfjr3q+7ec3Pjsj2sWzT7/5vNuahz2WsWsjfMnDJh8zez/ysz/15U3/3/r1/8Lpc7/H1Iq0F5qYUDr/wEAANBPlVr/b/tP6i+9sHHHuk0bXv/ske9+/Tt3fOdrry34wQ8+89H3zV48adyEmzPz/w3lzf/jaReVRbljb95oSta0C+k17Z5ryv9kAAAAAPqHytDSUlNm3qKVUcf/+W3GpUB3ly504nE//WT70HffPufaKa3/cN99Ha2H3NnUsH7+zi+d8PTyp05YeWVm/r+5vPl/0e8yqnZsv/Psxk9d98bqQetfXTn2yi27jv8DAAAAfafc/RIAAAAAAAAAAAAAAMDb770Lxoy/t+Xxd1+0evn5zdddcfmbm1q3fPUfL6na/uHZf7hg7uiGzO//w+TucqV+/x+v+xd/X/AXRbljq72v/5e7f9LxP1nWvWThtqYQPlQYmHfevANC7tr8wwsDt351xHu6EuelS9z8yISnuhJT04HPjDzw5a7E0anAtLhI4sHpQLyq4suDUoG4vOJ96UDcHhvSgdpc4FuDknFUpLfVM43JtqpIb6sHG0MYXBDIb6sbGpM2KtIDvCQVyA/wjHQgDvALuUBlulc/GZj0KgYaY9HLBia9AgBgvxW/BdaEWXM6O9riV/h4e0h18W1UtGTZudlqq8psPi5NtuqetUPLSVelv4vuutZ4TajrGsKozNfVwiwV3aPcN7X0sun+osSQe1vtra82XW3pETUkI2qZsaBzZk2vAx/Te5bR1b1mGZWZ7BRmqezepGXUUkZfyhhRmdumjC7H+5WhpaUqlWtsDDaHIr29Isr9vX5Pa/6VekV0+cSXb/rD41ubPn3Ye9pPO/+eyvff+6sDr3jxQ688dN1hm/7bR9b++urM/L+5vPl/XeG4Xs5dDGBFvLLeUYNDmFbmiAAAAOCdb/b8Ry6+4FcXbX+sfdhTC1ovuvWBZT9YXt10zfnHPnjzmS+d8r2pexu/9skTfvvAb3+0cdj4WxaOGfDEWVdedtw9d92xetvxb95w2P8ZOePRzPx/SHnz/7hjLHcoONnbsTle/3/l4BC6L63fnASuicM9dXAIH+hOtccSyQX1PxdLtCWBa+IOkxGxxLT24qrqY2BDKrC9KRfYnApsjYHcXoqrQ25XzkVNIXysOzW5uMTCWKI5FTghBoakAi0x0JYKDIqBcanAHwflAu2pwJ0xEOYUb6ufDcptKwAAgD2Rm2fVFN8N6XnehureMlT0lmFAbxkqe8tQ11uGUqOI9zfGDDWFx+NzGeJDNelaG1K1ZDLEi+Hvcb8yGcLdxTnTBTNN588kaS7OGTN8+x8f/OT0lx6+YemP3hh+4rmf/PH3tm16be4Tp40cPO3VsfNGfPuPmfl/W3nz/wHFt0nrW+P8f9f1/5LA7bF7q+Op40Ni4LFjigO5HQNb42T3wnxV7bkSuUn7hbHEuBgYkgosjIFxqcC0ybnAuvcUB3Iz7XzjK/ONz8mVKAgAAADAWy7uIIi7aeL8/9K/mz353O+0dqyc9dWnps0Y+ukDL33fpcfcNOk3c9cedOCpd14zLzP/H1fe/D+2N7CwsfNjb54cFMINFbt6kw+MbEwCcT9GY/x5/PsaQzigYAdHvkTHgKREbarhcFtD8gv12nRVNzYkawzE+yfd+8tbv9uVuKQhhKEFe1/ybTxcl7TRkA4Mq00CA9KBBdVJIO75yQd+XpkEYK/l9wrGF1TuVJe85p7LlXj9vVOuCZoeXmYfaA/5evrNVV+pSz+Q26eat2dPW6Y6+kTm7bHZu60/vtuavdsKv0jlvqHs3BWqC5UzO2ZNX9q5JD5S+EvWjD56nnv6Jevu0vvgdbjiz+9t7+rSHWhLfXy09Vyu59dhRayuasf2O89u/NR1qwetf3Xl2Cu3lN2NEuIm/cuvjR/2UMHm7Wt1Ifea63efJ+0+T/rjv4EhnrYQwqbnvlF/5okn/tsB/7Rw0/cf/a/mV7/1zTs2blzW1HJz1ZpJF3722sz8v728+X916rbba3FjLh4cwocLNu62uPknDk4+BwsCyafku7KB5JD7E00lPzkBAABgX8vv7sjvL5iTu01OCE/Pk7P52/cwf9xfMa7H/OX2+4TP3/0vf7vid6u/uGX9AxW/+f3GK04YM3XhYwvvu3jiP/+v31/16I2Z+f+03c//61PddPzf8X/6iOP/Pdrfd0XXpx9YsVe7ojPV0Scc/+/R/v5uc/y/R47/O/7fE8f/e+H4f4/296ct8y1poS9dIYSnn/2XC//hgmUnPfTqu4+4+IE/PTjx7IobOv9j+kPPdLzx0Vdm3XpoZv6/sLz5v/X/el60L7/+37RS6/8tLLX+3wrr/wEAAH2qxEJz6XleZvW+TIb06n2ZDL0uENjrEoPW/9vj9f82nFz9+1/P/ffvf+6+pw+vnHr/f46eP++m4UcdM+KqNU+t+NcX2lsy8/8V5c3/48thYGHr/WX9vyGTS1S1KgYWWhgQAACA/VGpHQQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC8vcaceedL33lh+2G3Lrlt5cnj/3r1qV//7NEH/+zKnZ/YHL7x4vKX7ply/FkXTDl54o6Vx874yt1v/v3WEOZ0l6tIilf8/KKpy2qnTPrSxV8+59jPH7V1U12u3prc7XuLcsdW32gKYV3BI40x8VxT151dgZOO/8my6q7EtqYQPlQYmHfevAO6EuubQhheGLj1qyPe05U4L13i5kcmPNWVmJoOfGbkgS93JY7OBSrS3b10UNLdinR3vzsohMEFgXx35w4qrirfxnG5QGW6jasakzZioDEW/UFj0kYMdMYSc+pDaK0OoSpd1f+sS6qqSlf1i7qkqqp0VefUhXB0CKE6XdUjtUlV1emR31WbVBUDB33w6ueHdSXW1YbQWhi4/5TLP9aVOCMVyDd+Ym0If9X1kkk3vrEmabwm3fglNSEcGkKoTZd4sTopUZsu8Xh1CO8qCOQbn10dwrLAO0L88JlZ+ODiZcvnTe/s7FjUh4naXFsNYdaczo6WGQs6Z9al+lRKRUF657nZeGWZY3/4+a/P6Lpddc/aoeWkq3Plarq7PLqm6O6YfdX7ij7qfezXgMJKdj0fmfpj/towMNQvXdyxqOWs6UuWLBqV/C03++jkb1UummyrUftqW5Xrz91WwwsraV1y+sLWxcuWj5xz+vTTOk7rmD+6bczhbUeOGXXEx1u7RtWW/N0XQ708G6/q46EeUl1QyVvxASAhIdHfEpVFn25t+/u/7MwX/V0drQl13R/QmWlFYZaK7lHui0GP3318Xw46MyXJjGhUZuKQyTK69yxjMpOJXVkakizd3+syk8PCmiq7N2m8XxlaWkr+p2suvlu4+f7Uw+YtV9x05aYBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+H/swIEAAAAAAJD/ayNUVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYQcOBAAAAACA/F8boaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqgo7cCwAAAAAIMzfOoyeDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuBQAAP//CAsM0g==") add_key$keyring(&(0x7f00000006c0), &(0x7f0000000700)={'syz', 0x1}, 0x0, 0x0, 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x1001f0) open(0x0, 0x64942, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000280)={'batadv_slave_1\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@getchain={0x24, 0x11, 0x43d, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0xe, 0xb}}}, 0x24}}, 0x800) 5.835992205s ago: executing program 3 (id=498): pselect6(0x40, &(0x7f00000002c0)={0x2, 0x0, 0xc, 0xe9d9, 0x800, 0x2, 0x1, 0x1}, 0x0, &(0x7f0000000340)={0x3ff, 0xd0000000, 0x10007, 0x7e3, 0x3, 0x80000008, 0xfffffffffffffffe, 0xbf7}, 0x0, 0x0) 5.157042075s ago: executing program 3 (id=500): r0 = syz_usb_connect(0x0, 0x24, &(0x7f00000007c0)=ANY=[@ANYBLOB="12010000ed3ec908cd0cb300ea2d010203010902120001000000000904"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000004c0)={0x1c, &(0x7f0000000540)=ANY=[], 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000380)={0x24, &(0x7f0000000680)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000900)={0x84, &(0x7f0000000500)={0x40, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 4.83320433s ago: executing program 0 (id=502): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000140)={{r0, 0xffffffffffffffff}, &(0x7f00000001c0), &(0x7f0000000380)='%pI4 \x00'}, 0x20) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000040)={r1, 0xffffffffffffffff}, 0x4) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000001040)={0x1f, 0x18, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000010000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000000)={r3}, 0xc) 4.253471429s ago: executing program 5 (id=504): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) syz_io_uring_setup(0x239, &(0x7f0000000380)={0x0, 0xf691, 0x10100, 0xfffffffe, 0x2b4}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1}) futex(&(0x7f000000cffc)=0x4, 0x0, 0x4, &(0x7f000000b000)={0x77359400}, 0x0, 0x0) 4.252279453s ago: executing program 0 (id=505): r0 = syz_usb_connect(0x0, 0x24, &(0x7f00000007c0)=ANY=[@ANYBLOB="12010000ed3ec908cd0cb300ea2d010203010902120001000000"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000004c0)={0x1c, &(0x7f0000000540)=ANY=[], 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000380)={0x24, &(0x7f0000000680)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000440)={0x44, &(0x7f0000000080)={0x60, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 3.780791091s ago: executing program 2 (id=506): socket$packet(0x11, 0x3, 0x300) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0}, 0x90) r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000500)='page_pool_state_release\x00', r1}, 0x10) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x11, &(0x7f0000000000)='%', 0x0, 0xd01, 0x88be, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 3.54408096s ago: executing program 4 (id=507): r0 = syz_usb_connect(0x2, 0x3f, &(0x7f00000007c0)=ANY=[], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r1, 0x5b23, 0x0) poll(&(0x7f0000000200)=[{r1, 0x8110}], 0x1, 0x7f) 3.296170781s ago: executing program 5 (id=508): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000002c0)={'netdevsim0\x00', 0x0}) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x3, 0x3, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}}, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, '\x00', r4}, 0x94) 3.039960869s ago: executing program 1 (id=509): syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000240)='./file0\x00', 0x800700, &(0x7f0000000580)={[{@grpjquota}, {@stripe={'stripe', 0x3d, 0x3}}, {@norecovery}, {@noinit_itable}, {@init_itable_val={'init_itable', 0x3d, 0x1}}, {@minixdf}, {@usrjquota}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5c}}, {@errors_continue}, {@dioread_lock}, {@noblock_validity}, {@noquota}]}, 0x3, 0x465, &(0x7f0000000f00)="$eJzs3M9vFFUcAPDvzLYgP1sRf4CoVWJs/NHSgsrBi0YTDxhN9IDH2hZCWKihNRFCpBqDFxND1LPxaOJf4M2LUU8mXvVuSIhyAT3VzOwM7C67pYXtLnQ/n2SX92Ze+963b97Mm3m7BNC3RrK3JGJrRPwREUO1bGOBkdo/Vy+fnf738tnpJJaW3v47yctduXx2uixa/tyWIjOaRqSfJkUljeZPnzk+Va3Oniry4wsn3h+fP33muWMnpo7OHp09OXnw4IH9Ey++MPn8Mq3fuOI4s7iu7P5obs+u19+98Mb04Qvv/fJ91t6txf76ODplJAv8n6Vc3eYvs7cnO11Zj22rSycDPWwIq1KJiKy7BvPxPxSVuN55Q/HaJz1tHLCmsmvTMlfRxSVgHUtihcViZQWBu0V5oc/uf8tXl6Yed4RLL9dugLK4rxav2p6BSIsyg033t500EhGHF//7JnvFGj2HAACo9/n014fi2VbzvzQeqCu3vVhDGY6IeyNiR0TcFxE7I+L+iLzsgxHxUNuaNrTc2rw0dOP8J714y8GtQDb/e6lY22qc/5Wzv8pwpchty+MfTI4cq87uK/4mozG4MctPLFPHj6/+/kW7ffXzv+yV1V/OBYt2XBxoekA3M7UwlU9KO+DSxxG7B1rFn1xbCchu/XdFxO7V/ertZeLY09/taVfo5vEvowPrTEvfRjxV6//FaIq/lCy/Pjl+T1Rn942XR8WNfv3t/Fvt6r+t+Dsg6//Njcd/c5HhpH69dn71dZz/87O29zS3evxvSN7J+6U8q3w4tbBwaiJiQ3Iozzdsn7z+s2W+LJ/FP7q39fjfUUtsyt4ejojsIH4kIh6NiMeKtj8eEU9ExN5l4v/5lfb77oT+n2l5/rt2/Df1/+oTleM//dCu/pX1/4E8NVpsyc9/N7HSBt7O3w4AAADuFmn+GfgkHbuWTtOxsdpn+HfG5rQ6N7/wzJG5D07O1D4rPxyDafmka6jueehEslj8xlp+snhWXO7fXzw3/qqyKc+PTc9VZ3ocO/S7LW3Gf+avSq9bB6y5Vutoky3Xaxu+yAasA83jP23Mnnuzm40Busr3taF/3WT8p91qB9B9rv/Qv1qN/3NNeWsBsD65/kP/Mv6hfxn/0L+Mf+hLt/O9/n5OZKfMO6AZ1aGiH7tfe6S9jl1iLRKt/58mAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAu9X/AQAA//9l+OT1") chdir(&(0x7f0000000400)='./file0\x00') mkdir(&(0x7f0000000000)='./bus\x00', 0x0) rmdir(&(0x7f0000000040)='./bus\x00') 2.613048943s ago: executing program 2 (id=510): r0 = socket$packet(0x11, 0x3, 0x300) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000280)=0x8, 0x4) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1\x00', 0x0}) sendto$packet(r1, &(0x7f0000000180)="0b03f6ffe0ff64000200475400f6a13bb1000000080086dd4803", 0x100a6, 0x0, &(0x7f0000000140)={0x11, 0x0, r2}, 0x14) 2.36258653s ago: executing program 2 (id=511): prctl$PR_GET_IO_FLUSHER(0x3a) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x200000d4) r0 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$MAP_CREATE(0x0, 0x0, 0x50) bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = socket$inet6(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendto$inet6(r1, &(0x7f00000000c0)="900000001c001f4d154a817393278bff0a80a578020000000104740014000100ac1414bb0542d6401051a2d708f37ac8da1a297e0099c5ac0000c5b068d0bf46d323456536016466fcb78dcaaf6c3efed495a46215be0000760700c0c80cefd28581d158ba86c9d2896c6d3bca2d0000000b0015009e49a6560641263da4de1df32c1739d7fbee9aa241731ae9e0b390", 0x90, 0x0, 0x0, 0x56) 2.32979373s ago: executing program 5 (id=512): socket$inet_tcp(0x2, 0x1, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000b7403340861a22753635f10203010902120001000000000904"], 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000040)={0x1c, &(0x7f0000000180)={0x40, 0x3, 0x2, '#\t'}, 0x0, 0x0}) syz_usb_control_io$hid(r0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff02) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) 2.306902949s ago: executing program 1 (id=513): socket$inet6_sctp(0xa, 0x1, 0x84) r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) syz_emit_ethernet(0xbe, &(0x7f0000000000)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x23}, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698d0a881c51852e4451b57d037ad3c045942824251d7d17b5191584bcd4fbe40a23424d", "bcfd56f1375461caaa2f19935e6996c7096ffeeb0300000000000064", {"9a3bfbc1f39cb307b3472eb9cdb042d2", "643fcbb2c5a57df67d544af6e8dafe09"}}}}}}}, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x3}, 0x94) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x9}, 0x94) sendmmsg(0xffffffffffffffff, &(0x7f0000000e00)=[{{&(0x7f0000000080)=@qipcrtr={0x2a, 0x3, 0x4000}, 0x80, 0x0}}], 0x1, 0x45) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) socket$inet_mptcp(0x2, 0x1, 0x106) socket$inet6_tcp(0xa, 0x1, 0x0) pselect6(0x40, &(0x7f00000002c0)={0x2, 0x0, 0xc, 0xe9d9, 0x800, 0x2, 0x1, 0x1}, 0x0, &(0x7f0000000340)={0x3ff, 0xd0000000, 0x10007, 0x7e3, 0x3, 0x80000008, 0xfffffffffffffffe, 0xbf7}, 0x0, 0x0) 1.769227694s ago: executing program 3 (id=514): bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x50) syz_open_dev$sndctrl(0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = openat$vimc0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r1, 0xc100565c, &(0x7f00000001c0)={0x5fa, 0xfffffeff, 0x2, {0x1, @pix_mp={0xcf6, 0x1c00, 0x47504a4d, 0x5, 0x8, [{0x2a302c, 0x10000}, {0x1, 0xfffffffc}, {0x2, 0xffffffff}, {0x7fff0, 0x10002}, {0x0, 0xfffffffd}, {0x6, 0x5}, {0x9, 0x8}, {0x8, 0x10000}], 0x0, 0x5, 0x2}}, 0x7f}) 1.718064063s ago: executing program 2 (id=515): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) close(r3) r4 = socket$unix(0x1, 0x1, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000026c0)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2, 0xffff}}, [@qdisc_kind_options=@q_cbs={{0x8}, {0x1c, 0x2, @TCA_CBS_PARMS={0x18, 0x1, {0x0, '\x00', 0x1, 0x7, 0x100, 0x8}}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000006c0)=@newqdisc={0x3c, 0x24, 0x4ee4e6a52ff56541, 0x70b923, 0x80000, {0x0, 0x0, 0x0, r6, {0x0, 0xffe0}, {0x6, 0xb}, {0x9, 0xb}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_ACK_FILTER={0x8, 0x10, 0x2}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x2000c061}, 0x4008000) ioctl$SIOCSIFHWADDR(r3, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) 1.194237444s ago: executing program 3 (id=516): r0 = syz_open_dev$vbi(&(0x7f0000000040), 0x0, 0x2) ioctl$VIDIOC_QUERYSTD(r0, 0x8008563f, &(0x7f0000000140)) 1.100219556s ago: executing program 3 (id=517): syz_usb_connect(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x87, 0x1f, 0x36, 0x40, 0x424, 0xcf18, 0x4b60, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0xc2, 0x0, 0x2, 0x6b, 0x76, 0xf2, 0x0, [], [{{0x9, 0x5, 0x6, 0xc, 0x10, 0xa, 0x80, 0x9}}, {{0x9, 0x5, 0x2, 0x0, 0x200, 0x5, 0x0, 0x33}}]}}]}}]}}, 0x0) 1.096467564s ago: executing program 0 (id=518): bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x50) syz_open_dev$sndctrl(0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = openat$urandom(0xffffffffffffff9c, &(0x7f00000001c0), 0x80, 0x0) preadv(r0, &(0x7f0000000780)=[{&(0x7f0000000200)=""/217, 0xd9}], 0x1, 0x8001, 0x5) syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(0xffffffffffffffff, 0xc06864a1, &(0x7f00000003c0)={0x0, 0x0, r1, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(0xffffffffffffffff, 0xc06864ce, &(0x7f0000000440)={r2, 0x0, 0x0, 0x0, 0x0, [], [], [0x0, 0x0, 0x0, 0xffffffff]}) r3 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r4 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) dup3(r4, r3, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@nfs_export_on}]}) chdir(&(0x7f00000000c0)='./bus\x00') sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x2) r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8) r6 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0) r7 = creat(&(0x7f0000000580)='./file1\x00', 0x0) r8 = fanotify_init(0xf00, 0x1) fanotify_mark(r8, 0x105, 0x4000996f, r7, 0x0) fallocate(r6, 0x0, 0x1000000, 0x3) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r6, 0xffffd000) 920.816717ms ago: executing program 1 (id=519): setxattr$security_ima(0x0, 0x0, &(0x7f00000013c0)=ANY=[], 0x700, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_netfilter(0xffffffffffffffff, 0x0, 0x20000090) syz_emit_ethernet(0x0, 0x0, 0x0) r0 = socket$kcm(0x2d, 0x2, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89e2, &(0x7f0000000100)={r0}) syz_mount_image$fuse(0x0, 0x0, 0x3000009, 0x0, 0x1, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000001b00)=""/102392, 0x18ff8) r2 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000080)="1400000016000b63d25a80648c2594f9152cfc60", 0x14}], 0x1}, 0x4000000) 568.084122ms ago: executing program 2 (id=520): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000000000000000000001000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000280)='netlink_extack\x00', r0}, 0x10) syz_emit_ethernet(0x12, 0x0, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r2 = socket(0x10, 0x803, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffe, {0x0, 0x0, 0x0, r4, {0x0, 0x9}, {0xffff, 0xffff}, {0x0, 0xb}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x4, 0xc00}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000003840)=@newtfilter={0x38, 0x2c, 0xd27, 0xfffffffc, 0x0, {0x0, 0x0, 0x0, r4, {0xf, 0x4}, {}, {0xa, 0xfff3}}, [@filter_kind_options=@f_u32={{0x8}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x80000000}]}}]}, 0x38}}, 0x20008050) 511.649318ms ago: executing program 1 (id=521): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = socket(0x2, 0x2, 0x1) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00', 0x0}) bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x6, 0x3, &(0x7f0000000200)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1}}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', r1, @xdp, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x99ec}, 0x94) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000040000000000000001000000950000000000000062449324"], &(0x7f0000000040)='GPL\x00', 0x5, 0x0, 0x0, 0x40f00, 0x40, '\x00', r1, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xff}, 0x94) r2 = socket$nl_route(0x10, 0x3, 0x0) openat(0xffffffffffffff9c, 0x0, 0x105042, 0x1db) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_mount_image$btrfs(&(0x7f00000055c0), &(0x7f0000005600)='./file0\x00', 0x0, &(0x7f0000000040)={[{@noacl}]}, 0x1, 0x5599, &(0x7f0000005680)="$eJzs3X1oVecdB/BzTaKhFpPV1alY6RSqdGVTW5DNUeNLZjvfkhq0NTXGaWudrViZW9qJCwliOi2NSh2jrjhkRVtWApO+iFPXoUM2psikszLnim44ahZ1gh2Tjdx7n+u955rk1nVNXz6fknvuc3/nec5zD+eP+731OTcCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAKIoSm289OevImvqxM8fNeeA/j7y669ljk5aNPnL25/N3TCuqWv1U3fSGlrq5UzqaKxfPP3p1/aEoSqT6pfsvnHzfA4/OWTizNAxYX53alpd3ecjk4+lUo2/Oi539cv8WRVFUEhugKL2tLMpqJ+IHiFblD9it6k1X3lxWM/XtxssXJg6vHbU3/63TqbS3J9Bb0tfVmWvXUkXysU9sj0w769JL5Fyiqf7xC+4jeRMAwAcypiq5yXwcTX/EzbQb4/VYuyLWbo21wyeE1uzGjUiN27ered4er/fSPCtSUaFfl/OM1dPnP9OuivePtWNR4wPMM3fXdKQp7WqeK2P13ponAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwMfJu5PmXZgy/cXLfSfV7hiy4a+z+mxcv+9UbfVLd+2sPrHujf61ddMbWurmTulorlw8/+jV9YeiqDzZL5Hqnnhj08Kn+tbNfHDzQ2srZ0w49FpRetywLc7aOfpjePLVsij6VlblTBj23IAoqsotJJvRj/MLy5JP7g8FAAAAPk2GJB/7ZNqpOFiS004k02Qi+V+QCovVm668uaxm6tuNly9MHF47au+Nj1fVxXgV1x0v0y6/9pfICsYh/sbHu1YPu67KG6d78RHjef7YtHdmnBlRf27rlfNNTWsv7h534K73tkw93/zNd/av6Hf/cyPy8n959/k/nDn5HwAAgP+F/B8fp3s95f+3ZlfOaPvDvT/6/biv/31o9cZ3m/YmVg09vmLkd+ZNPPXa869fzcv/t+ccMi//hxmH/N8nurH8DwAAAB9n/+/8X5E3Tvd6yv/PHDwxdM+ogzWN0furyv6VOLhk36nnvtZ8ec29216oPDvrsf55+X9MYfm/OHva4cXfhQkvL4uiMYWfVAAAACBH+P/u175aCHk99c1BPK+/PP7FnRdLZxYvKf7yrl3bnl5TevcdA5fWLn5l9EtDnjg8/9nVefm/orD8X/LRvF0AAACgAIs23L100D/mjd+2pH32rVePVg66Z/vRO25un7G6Zv2kFbec/kpe/q8qLP/36523AwAAAFzHsfmPLFrxt9071v16xOQxpe9PGTn7e3WX9hwe++9RNR0vjP/GW3n5v76w/H9Tepte+ZDqdCj8K4QtZVFU2vlkZarwm6h1YqYAAAAAfEhCTm/44eylDZuf2fbPizV3vtJ8y8utf374C+V3bpz2s+9vOT63adO+vPy/svv7/4c7HYT1/zn3/8tb/59VSN31b4IbAwAAAPBZlL+eP9weP/XLBV39/n6h6/8fe3r4o1u/+5Olv7itfHfitpNPfumJ5ocrfzpwYHvL6JHNRYNL8vJ/Y2H5vyh7+2H+/h8AAADcgE/a7/89lDdO93q6//+0BesOL2gf+/kDLe3Pjxn02znFDy7Y+af2m/c/Oax9/7nzLcPy8n9rYfk/bPtnv70D4fw0l0XR4M4n6bsJ7grTXR4rtJVkFVInPtZjTuiRLrT1yyokrYz1GFcWRV/sfNIYK3wuFFpjhY4B6cL2WOFIKKSvh0zh1VjhQLjStg5ITzdeeD0U0gss2sIKiv6ZJRGxHpe66tFZuG6Pk5mDAwAAfKaE8JzOsiW5zSgeZdsSPe1wU0879Olph6KediiO7RDfsavXo/rcQnj9L6dXv/f48l/WTmi4Z+7kPcOOP37f2bE/+PbaX83uv6XxxKUpTXn5f3th+T+cir6pTVfr/6Ow/j/9u4aZ9f/1oVAeK7SFQlX8jgFV4RipsLshHKO8Kt2jY3CmAAAAAJ9q4XuBol6eBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBf9u49Sq6qThTw7nd30uk0OI6AykSdJEZMdydBlICLPERUjHQYZFTGPEg65NEkIQ8kwYWBsBwUdQLBxDvDXQS4WYCixDgEERgSlcC9RHnNMAzyFLiBUSFc3nCZ3NV9aleqzulKV0wa0tzv+6NrV/3289Sja59zah8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPj/w+BDv7LgilOeuWnkC3936imNC59+bsxlB3/kiPqb5h48/PUtd8+6fcrxZ10w5eSJO1YeO+Mrd7/591tDaO8uV5EUr/j5RVOX1U6Z9KWLv3zOsZ8/auum2ly9uXgY2PWnMnfn/Njqk4NCuKEihOp0YGRjEqjJ3W+M9b2vMYQDwq5AvkTHgKREuuFwW0MI68KuQL6qGxtCaCwInHTvL2/9blfikoYQhoYQ6tJtPFyXtNGQDgyrTQID0oEF1UnglZ2JfODnlUkA9lp8M+Rf9BvaizM091yuxOuvZp917O2VHl5VTDSXzven8X3cqQK16Qfa9+ppy1RHn8i8PTZ7t/WDd1tmO6/ytBV+kcp9Q9m5K1QXKmd2zJq+tHNJfKQytLRUlaqpj57nh5//+ow9Sfeb12HsQPM+eR1W7dh+59mNn7pu9aD1r64ce+WWve3mQwWbtDDd1+pC7jXXb57HaJzPk37w9st8SxriS1cI4V9vqNv26hcuf/nTa7ZcPem8v13zzIjTW9veuO+F6yctWLXg+v/+i8z8v3n38//4co63lUW5Y6tvNCVz8/hIY0w815TMzQEAAKDf6A97Tac+NOvF4b/5xD9PvvHR7YOO/5tFqw/+de2Wdz34VOX4Z285ecT81zLz/yHlHf+Ph/wbC0e7OYRx3YmVg0M4qPvxJHBN7M6pg0P4QHeqvTgwPhXYHMLB3YkR+apSJepjiSGpwPamXGBcKrA1BtpTgfUxsCoVOD8GNqQCM2JgcyowIQbCnOJxfKQpN46yAw0xMC3ZiBviWQgvNMXWUtvqd/mqAAAA9pHc7LCm+G7BuQ57myFOLzc09JYhnoFdMkNdqob0DDY/rSpZQ3VvNVT2VkN+3Ct2P/xMzRW91Zw5DaOiOMPSb/7h/rFfXDW3euj22sNemnfczN8d8/41O1s++uPanT8cd9fahsz8v2338/+6HjpSkTn+H8Lk7r8xd2Uu0pmPT2svygAAAADshdETP/ZPl733l9fdcuLnfzv4jiOv2PjDqbVjv/XK0nt+uGLCudt+dEFm/j+uvPP/4z6RqoLMYVvcDTFvcAhtxYGk2qOygeSo98BcAAAAAPqD/PH4/LHwObnb5BTt9Hw6m799D/PHA//jesw//pC/fmzDf8z99k8nTjli7TmPzd9+1+EfrWn7m+cf/tIF86Z947JvZub/7eWd/z+g+DbpxNbYi9WDQ6gvCNwee9kV6DYkBh47pjiQG//WuAEujFXlTkzIV3VhLDEtBtpSgXWlStydL3FQcSD3ZOUbX5kfx5xciYIAAAAAvOXi7oB4XD6e/3/fgg/PPmpb3aG3rKr46V/uuKZz4vVtNc+M/VXT61/4whNff63xzMz8f9qenf/fPQ/OnN7fOTCE1uoQqtI/DNg2IFkYMAYaK3KJWwYkdVWlqzp3QAhHdw0sXdXjufX/q9NrDN7bkFQVAwd98Ornh3UlrmwIobUwcP8pl3+sK7EkFcg3/sWGEP6qa7Tpxq+vTxqvSTe+tj6EQwsC+apOrQ+hq7HadFW/rMtdxyBd1XV1IbyrIJCv6oi6EJYFAPqp+K90ZuGDi5ctnze9s7NjUR8m4j78hjBrTmdHy4wFnTPrSvRpZqrPRcsYnZsdU8nlkFLiEkWr7lk7tJx0/neCbYV9ye3Hz5w4mLsfvwvVdI9zdE3R3THpIX/4Q9kmQsE3qbdryAMKK9n1JGbqj/lrw8BQv3Rxx6KWs6YvWbJoVPK33Oyjk79xUMm2GpXeVgN66tt+8PIYXlhJ65LTF7YuXrZ85JzTp5/WcVrH/NFtYw5vO3LMqCM+3to1qrbkby9DHd5T1amh7rz8rR/qIdUFlbwVnxoSEhL9LfE/zjj95DuOnPOpE+5d+oGj1oybcPaNh89qXXPb9ZPWT3ts8I9GXZKZ/y/c/fw/furET/7c+gyljv83x8P8yeO7DvNPi4F15R7/by51ND9/YsCQVGBFDKxwmB8AAIB3hrg7Mu52jHutH6q74qrDL3329C2jJn7tzOaRv57wwXEHfvqML99x3H/+3/d/7xN//N+Z+f+K8n7/v4/W/88vXf+5Usv8j4gl2kqt/59e5j+//v+KUuv/p5f5z6//v+5tWP9/aT6Q2iQvWP8fAAB4J3jr1v/vdXn/9AUCMhl6Xd4/fYGATIZel/Ev9wIBe7z+/5PHXPv0B97/TPvPrr/j8ekXn3HOx9fUD9uxrL7l9m//+y9u/MqpgzLz/1Xlzf8t3A8AAAD7j2uPffLfjr3q+7ec3Pjsj2sWzT7/5vNuahz2WsWsjfMnDJh8zez/ysz/15U3/3/r1/8Lpc7/H1Iq0F5qYUDr/wEAANBPlVr/b/tP6i+9sHHHuk0bXv/ske9+/Tt3fOdrry34wQ8+89H3zV48adyEmzPz/w3lzf/jaReVRbljb95oSta0C+k17Z5ryv9kAAAAAPqHytDSUlNm3qKVUcf/+W3GpUB3ly504nE//WT70HffPufaKa3/cN99Ha2H3NnUsH7+zi+d8PTyp05YeWVm/r+5vPl/0e8yqnZsv/Psxk9d98bqQetfXTn2yi27jv8DAAAAfafc/RIAAAAAAAAAAAAAAMDb770Lxoy/t+Xxd1+0evn5zdddcfmbm1q3fPUfL6na/uHZf7hg7uiGzO//w+TucqV+/x+v+xd/X/AXRbljq72v/5e7f9LxP1nWvWThtqYQPlQYmHfevANC7tr8wwsDt351xHu6EuelS9z8yISnuhJT04HPjDzw5a7E0anAtLhI4sHpQLyq4suDUoG4vOJ96UDcHhvSgdpc4FuDknFUpLfVM43JtqpIb6sHG0MYXBDIb6sbGpM2KtIDvCQVyA/wjHQgDvALuUBlulc/GZj0KgYaY9HLBia9AgBgvxW/BdaEWXM6O9riV/h4e0h18W1UtGTZudlqq8psPi5NtuqetUPLSVelv4vuutZ4TajrGsKozNfVwiwV3aPcN7X0sun+osSQe1vtra82XW3pETUkI2qZsaBzZk2vAx/Te5bR1b1mGZWZ7BRmqezepGXUUkZfyhhRmdumjC7H+5WhpaUqlWtsDDaHIr29Isr9vX5Pa/6VekV0+cSXb/rD41ubPn3Ye9pPO/+eyvff+6sDr3jxQ688dN1hm/7bR9b++urM/L+5vPl/XeG4Xs5dDGBFvLLeUYNDmFbmiAAAAOCdb/b8Ry6+4FcXbX+sfdhTC1ovuvWBZT9YXt10zfnHPnjzmS+d8r2pexu/9skTfvvAb3+0cdj4WxaOGfDEWVdedtw9d92xetvxb95w2P8ZOePRzPx/SHnz/7hjLHcoONnbsTle/3/l4BC6L63fnASuicM9dXAIH+hOtccSyQX1PxdLtCWBa+IOkxGxxLT24qrqY2BDKrC9KRfYnApsjYHcXoqrQ25XzkVNIXysOzW5uMTCWKI5FTghBoakAi0x0JYKDIqBcanAHwflAu2pwJ0xEOYUb6ufDcptKwAAgD2Rm2fVFN8N6XnehureMlT0lmFAbxkqe8tQ11uGUqOI9zfGDDWFx+NzGeJDNelaG1K1ZDLEi+Hvcb8yGcLdxTnTBTNN588kaS7OGTN8+x8f/OT0lx6+YemP3hh+4rmf/PH3tm16be4Tp40cPO3VsfNGfPuPmfl/W3nz/wHFt0nrW+P8f9f1/5LA7bF7q+Op40Ni4LFjigO5HQNb42T3wnxV7bkSuUn7hbHEuBgYkgosjIFxqcC0ybnAuvcUB3Iz7XzjK/ONz8mVKAgAAADAWy7uIIi7aeL8/9K/mz353O+0dqyc9dWnps0Y+ukDL33fpcfcNOk3c9cedOCpd14zLzP/H1fe/D+2N7CwsfNjb54cFMINFbt6kw+MbEwCcT9GY/x5/PsaQzigYAdHvkTHgKREbarhcFtD8gv12nRVNzYkawzE+yfd+8tbv9uVuKQhhKEFe1/ybTxcl7TRkA4Mq00CA9KBBdVJIO75yQd+XpkEYK/l9wrGF1TuVJe85p7LlXj9vVOuCZoeXmYfaA/5evrNVV+pSz+Q26eat2dPW6Y6+kTm7bHZu60/vtuavdsKv0jlvqHs3BWqC5UzO2ZNX9q5JD5S+EvWjD56nnv6Jevu0vvgdbjiz+9t7+rSHWhLfXy09Vyu59dhRayuasf2O89u/NR1qwetf3Xl2Cu3lN2NEuIm/cuvjR/2UMHm7Wt1Ifea63efJ+0+T/rjv4EhnrYQwqbnvlF/5okn/tsB/7Rw0/cf/a/mV7/1zTs2blzW1HJz1ZpJF3722sz8v728+X916rbba3FjLh4cwocLNu62uPknDk4+BwsCyafku7KB5JD7E00lPzkBAABgX8vv7sjvL5iTu01OCE/Pk7P52/cwf9xfMa7H/OX2+4TP3/0vf7vid6u/uGX9AxW/+f3GK04YM3XhYwvvu3jiP/+v31/16I2Z+f+03c//61PddPzf8X/6iOP/Pdrfd0XXpx9YsVe7ojPV0Scc/+/R/v5uc/y/R47/O/7fE8f/e+H4f4/296ct8y1poS9dIYSnn/2XC//hgmUnPfTqu4+4+IE/PTjx7IobOv9j+kPPdLzx0Vdm3XpoZv6/sLz5v/X/el60L7/+37RS6/8tLLX+3wrr/wEAAH2qxEJz6XleZvW+TIb06n2ZDL0uENjrEoPW/9vj9f82nFz9+1/P/ffvf+6+pw+vnHr/f46eP++m4UcdM+KqNU+t+NcX2lsy8/8V5c3/48thYGHr/WX9vyGTS1S1KgYWWhgQAACA/VGpHQQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC8vcaceedL33lh+2G3Lrlt5cnj/3r1qV//7NEH/+zKnZ/YHL7x4vKX7ply/FkXTDl54o6Vx874yt1v/v3WEOZ0l6tIilf8/KKpy2qnTPrSxV8+59jPH7V1U12u3prc7XuLcsdW32gKYV3BI40x8VxT151dgZOO/8my6q7EtqYQPlQYmHfevAO6EuubQhheGLj1qyPe05U4L13i5kcmPNWVmJoOfGbkgS93JY7OBSrS3b10UNLdinR3vzsohMEFgXx35w4qrirfxnG5QGW6jasakzZioDEW/UFj0kYMdMYSc+pDaK0OoSpd1f+sS6qqSlf1i7qkqqp0VefUhXB0CKE6XdUjtUlV1emR31WbVBUDB33w6ueHdSXW1YbQWhi4/5TLP9aVOCMVyDd+Ym0If9X1kkk3vrEmabwm3fglNSEcGkKoTZd4sTopUZsu8Xh1CO8qCOQbn10dwrLAO0L88JlZ+ODiZcvnTe/s7FjUh4naXFsNYdaczo6WGQs6Z9al+lRKRUF657nZeGWZY3/4+a/P6Lpddc/aoeWkq3Plarq7PLqm6O6YfdX7ij7qfezXgMJKdj0fmfpj/towMNQvXdyxqOWs6UuWLBqV/C03++jkb1UummyrUftqW5Xrz91WwwsraV1y+sLWxcuWj5xz+vTTOk7rmD+6bczhbUeOGXXEx1u7RtWW/N0XQ708G6/q46EeUl1QyVvxASAhIdHfEpVFn25t+/u/7MwX/V0drQl13R/QmWlFYZaK7lHui0GP3318Xw46MyXJjGhUZuKQyTK69yxjMpOJXVkakizd3+syk8PCmiq7N2m8XxlaWkr+p2suvlu4+f7Uw+YtV9x05aYBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+H/swIEAAAAAAJD/ayNUVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYQcOBAAAAACA/F8boaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqgo7cCwAAAAAIMzfOoyeDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuBQAAP//CAsM0g==") add_key$keyring(&(0x7f00000006c0), &(0x7f0000000700)={'syz', 0x1}, 0x0, 0x0, 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x1001f0) open(0x0, 0x64942, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000280)={'batadv_slave_1\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@getchain={0x24, 0x11, 0x43d, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0xe, 0xb}}}, 0x24}}, 0x800) 406.701856ms ago: executing program 4 (id=522): mkdir(&(0x7f0000000040)='./file0\x00', 0x80) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) ioprio_set$pid(0x1, 0x0, 0x2000) mkdir(&(0x7f0000000000)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x80, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) chdir(&(0x7f0000000440)='./bus\x00') sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7f03) 143.170212ms ago: executing program 4 (id=523): syz_usb_connect(0x0, 0x24, &(0x7f0000000140)=ANY=[@ANYBLOB="120100004b41460860163209ea8001020301090212000100000000090400"], 0x0) r0 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402) ioctl$I2C_RDWR(r0, 0x707, &(0x7f0000000100)={&(0x7f0000000080)=[{0x63, 0x4000, 0x0, 0x0}, {0x8, 0x4051, 0x0, 0x0}], 0x2}) 102.157696ms ago: executing program 2 (id=524): sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="60000000020601046c0001000000000000000000050005000a000000050001000600000005000400000000000900020073797a300000000014000300686173683a69702c706f72742c697000140007800800084000002f5408"], 0x60}}, 0x0) mprotect(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000140)={0xffffffffffffffff, 0x0, 0x0}, 0x20) 0s ago: executing program 5 (id=525): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000002c0)={'netdevsim0\x00', 0x0}) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x3, 0x3, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}}, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, '\x00', r4}, 0x94) kernel console output (not intermixed with test programs): 89.960986][ T5872] hsr_slave_0: entered promiscuous mode [ 89.967363][ T5872] hsr_slave_1: entered promiscuous mode [ 89.973457][ T5872] debugfs: 'hsr0' already exists in 'hsr' [ 89.979259][ T5872] Cannot create hsr debugfs directory [ 90.086753][ T5855] hsr_slave_0: entered promiscuous mode [ 90.093069][ T5855] hsr_slave_1: entered promiscuous mode [ 90.098992][ T5855] debugfs: 'hsr0' already exists in 'hsr' [ 90.105038][ T5855] Cannot create hsr debugfs directory [ 90.113979][ T5864] hsr_slave_0: entered promiscuous mode [ 90.120430][ T5864] hsr_slave_1: entered promiscuous mode [ 90.126346][ T5864] debugfs: 'hsr0' already exists in 'hsr' [ 90.132124][ T5864] Cannot create hsr debugfs directory [ 90.152547][ T5854] hsr_slave_0: entered promiscuous mode [ 90.158672][ T5854] hsr_slave_1: entered promiscuous mode [ 90.164739][ T5854] debugfs: 'hsr0' already exists in 'hsr' [ 90.170498][ T5854] Cannot create hsr debugfs directory [ 90.179253][ T5866] hsr_slave_0: entered promiscuous mode [ 90.185348][ T5866] hsr_slave_1: entered promiscuous mode [ 90.191612][ T5866] debugfs: 'hsr0' already exists in 'hsr' [ 90.197324][ T5866] Cannot create hsr debugfs directory [ 90.463412][ T5858] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 90.499516][ T5858] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 90.523667][ T5858] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 90.549446][ T5858] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 90.604309][ T5872] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 90.623955][ T5872] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 90.634633][ T5872] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 90.644045][ T5872] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 90.680808][ T5866] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 90.703239][ T5866] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 90.722732][ T5866] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 90.731913][ T5866] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 90.783111][ T5855] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 90.809613][ T5855] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 90.818731][ T5855] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 90.846180][ T5855] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 90.864159][ T5858] 8021q: adding VLAN 0 to HW filter on device bond0 [ 90.897658][ T5864] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 90.907745][ T5864] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 90.926216][ T5864] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 90.948034][ T5864] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 90.975026][ T5858] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.998660][ T2958] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.005864][ T2958] bridge0: port 1(bridge_slave_0) entered forwarding state [ 91.042796][ T5872] 8021q: adding VLAN 0 to HW filter on device bond0 [ 91.052981][ T5854] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 91.065035][ T5854] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 91.074859][ T5854] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 91.087886][ T2958] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.095026][ T2958] bridge0: port 2(bridge_slave_1) entered forwarding state [ 91.111055][ T5872] 8021q: adding VLAN 0 to HW filter on device team0 [ 91.124154][ T5854] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 91.219086][ T2958] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.226243][ T2958] bridge0: port 1(bridge_slave_0) entered forwarding state [ 91.245664][ T5858] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 91.256815][ T5858] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 91.286387][ T2958] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.293525][ T2958] bridge0: port 2(bridge_slave_1) entered forwarding state [ 91.333435][ T5866] 8021q: adding VLAN 0 to HW filter on device bond0 [ 91.405396][ T5866] 8021q: adding VLAN 0 to HW filter on device team0 [ 91.420017][ T5864] 8021q: adding VLAN 0 to HW filter on device bond0 [ 91.444444][ T1308] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.451602][ T1308] bridge0: port 1(bridge_slave_0) entered forwarding state [ 91.493520][ T5872] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 91.518877][ T5855] 8021q: adding VLAN 0 to HW filter on device bond0 [ 91.546981][ T1308] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.554140][ T1308] bridge0: port 2(bridge_slave_1) entered forwarding state [ 91.567298][ T5864] 8021q: adding VLAN 0 to HW filter on device team0 [ 91.608314][ T1308] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.615452][ T1308] bridge0: port 1(bridge_slave_0) entered forwarding state [ 91.631394][ T5855] 8021q: adding VLAN 0 to HW filter on device team0 [ 91.646528][ T5871] Bluetooth: hci0: command tx timeout [ 91.646538][ T5868] Bluetooth: hci1: command tx timeout [ 91.664660][ T1308] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.671794][ T1308] bridge0: port 1(bridge_slave_0) entered forwarding state [ 91.695907][ T3000] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.703051][ T3000] bridge0: port 2(bridge_slave_1) entered forwarding state [ 91.714470][ T3000] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.721629][ T3000] bridge0: port 2(bridge_slave_1) entered forwarding state [ 91.731322][ T5871] Bluetooth: hci2: command tx timeout [ 91.731339][ T5868] Bluetooth: hci5: command tx timeout [ 91.731374][ T5868] Bluetooth: hci3: command tx timeout [ 91.736722][ T5871] Bluetooth: hci4: command tx timeout [ 91.794791][ T5866] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 91.806816][ T5866] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 91.847258][ T5854] 8021q: adding VLAN 0 to HW filter on device bond0 [ 91.867274][ T5854] 8021q: adding VLAN 0 to HW filter on device team0 [ 91.905078][ T5858] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 91.944843][ T5864] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 91.987580][ T1157] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.994707][ T1157] bridge0: port 1(bridge_slave_0) entered forwarding state [ 92.006178][ T5872] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 92.056769][ T1157] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.063917][ T1157] bridge0: port 2(bridge_slave_1) entered forwarding state [ 92.125314][ T5855] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 92.272733][ T5866] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 92.283781][ T5872] veth0_vlan: entered promiscuous mode [ 92.316816][ T5872] veth1_vlan: entered promiscuous mode [ 92.453083][ T5872] veth0_macvtap: entered promiscuous mode [ 92.483756][ T5864] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 92.501173][ T5872] veth1_macvtap: entered promiscuous mode [ 92.515875][ T5866] veth0_vlan: entered promiscuous mode [ 92.558702][ T5858] veth0_vlan: entered promiscuous mode [ 92.578324][ T5872] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 92.598217][ T5858] veth1_vlan: entered promiscuous mode [ 92.624472][ T5866] veth1_vlan: entered promiscuous mode [ 92.633319][ T5872] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 92.676738][ T5864] veth0_vlan: entered promiscuous mode [ 92.692943][ T13] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.707873][ T13] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.723184][ T5855] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 92.734300][ T13] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.744539][ T13] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.768544][ T5864] veth1_vlan: entered promiscuous mode [ 92.785208][ T5866] veth0_macvtap: entered promiscuous mode [ 92.807427][ T5854] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 92.818254][ T5858] veth0_macvtap: entered promiscuous mode [ 92.828976][ T5866] veth1_macvtap: entered promiscuous mode [ 92.867066][ T5866] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 92.891153][ T5858] veth1_macvtap: entered promiscuous mode [ 92.943658][ T5864] veth0_macvtap: entered promiscuous mode [ 92.957060][ T5866] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 92.972467][ T3000] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.988111][ T3000] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.998865][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.019107][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.039299][ T3000] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.048607][ T5864] veth1_macvtap: entered promiscuous mode [ 93.075487][ T3000] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.098855][ T5864] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 93.112097][ T5858] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 93.122527][ T5855] veth0_vlan: entered promiscuous mode [ 93.132572][ T2958] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.148626][ T2958] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.151731][ T5858] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 93.177479][ T5855] veth1_vlan: entered promiscuous mode [ 93.195458][ T5864] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 93.214425][ T2958] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.236073][ T5872] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 93.259640][ T2958] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.268454][ T2958] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.290575][ T2958] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.339133][ T5855] veth0_macvtap: entered promiscuous mode [ 93.362110][ T2958] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.371930][ T2958] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.393754][ T2958] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.403101][ T2958] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.442912][ T5855] veth1_macvtap: entered promiscuous mode [ 93.488495][ T2958] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.491071][ T5855] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 93.504909][ T2958] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.505959][ T5854] veth0_vlan: entered promiscuous mode [ 93.527034][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.533318][ T2958] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.538476][ T5855] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 93.550247][ T2958] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.553700][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.588213][ T5854] veth1_vlan: entered promiscuous mode [ 93.599627][ T5942] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 93.618660][ T36] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.634646][ T3000] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.640139][ T36] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.649206][ T3000] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.666094][ T36] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.675095][ T36] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.705874][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.717978][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.725566][ T5871] Bluetooth: hci1: command tx timeout [ 93.729981][ T5871] Bluetooth: hci0: command tx timeout [ 93.750473][ T5854] veth0_macvtap: entered promiscuous mode [ 93.760015][ T5854] veth1_macvtap: entered promiscuous mode [ 93.760188][ T5942] usb 2-1: Using ep0 maxpacket: 8 [ 93.790687][ T5942] usb 2-1: config 0 has an invalid interface number: 246 but max is 0 [ 93.805015][ T5871] Bluetooth: hci4: command tx timeout [ 93.805164][ T5868] Bluetooth: hci3: command tx timeout [ 93.810443][ T5871] Bluetooth: hci2: command tx timeout [ 93.810476][ T5871] Bluetooth: hci5: command tx timeout [ 93.828913][ T5942] usb 2-1: config 0 has no interface number 0 [ 93.830422][ T3000] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.850894][ T5942] usb 2-1: New USB device found, idVendor=2040, idProduct=d300, bcdDevice=16.b3 [ 93.867998][ T5942] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 93.876313][ T3000] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.901055][ T2958] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.903287][ T5942] usb 2-1: Product: syz [ 93.924903][ T5942] usb 2-1: Manufacturer: syz [ 93.943477][ T5942] usb 2-1: SerialNumber: syz [ 93.952273][ T2958] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.959650][ T5942] usb 2-1: config 0 descriptor?? [ 93.996392][ T6012] binder_alloc: 6008: binder_alloc_buf, no vma [ 94.006845][ T5854] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 94.028990][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.040203][ T5854] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 94.047946][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.053338][ T5942] msi2500 2-1:0.246: Registered as swradio24 [ 94.091908][ T59] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.091930][ T5942] msi2500 2-1:0.246: SDR API is still slightly experimental and functionality changes may follow [ 94.099027][ T2958] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.128776][ T6014] loop3: detected capacity change from 0 to 2048 [ 94.155028][ T2958] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.193935][ T6014] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 94.217618][ T2958] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.239032][ T10] usb 2-1: USB disconnect, device number 2 [ 94.261243][ T6014] ext4 filesystem being mounted at /0/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 94.411162][ T6021] random: crng reseeded on system resumption [ 94.430132][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 94.439459][ T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!! [ 94.579903][ T5866] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 94.595502][ T1308] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.622563][ T1308] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.703153][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 94.849399][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 95.419948][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 95.489374][ T1308] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.503546][ T1308] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.529453][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 95.800972][ T5871] Bluetooth: hci0: command tx timeout [ 95.800997][ T5868] Bluetooth: hci1: command tx timeout [ 95.839447][ T5856] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 95.879921][ T5871] Bluetooth: hci3: command tx timeout [ 95.879974][ T5177] Bluetooth: hci4: command tx timeout [ 95.885344][ T5871] Bluetooth: hci5: command tx timeout [ 95.891058][ T5868] Bluetooth: hci2: command tx timeout [ 96.019647][ T5856] usb 3-1: Using ep0 maxpacket: 8 [ 96.025230][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 96.035484][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 96.044890][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 96.070191][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 96.255748][ T5856] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 96.315789][ T1211] cfg80211: failed to load regulatory.db [ 96.346936][ T5856] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 96.388218][ T5856] usb 3-1: Product: syz [ 96.412061][ T5856] usb 3-1: Manufacturer: syz [ 96.436189][ T5856] usb 3-1: SerialNumber: syz [ 96.520552][ T5856] usb 3-1: config 0 descriptor?? [ 97.066304][ T5856] usb 3-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 97.286042][ T6049] random: crng reseeded on system resumption [ 97.496506][ T6029] loop3: detected capacity change from 0 to 32768 [ 97.555206][ T6029] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.7 (6029) [ 97.627272][ T6029] BTRFS info (device loop3): first mount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6 [ 97.660816][ T6051] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 97.705641][ T6029] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 97.773220][ T6029] BTRFS info (device loop3): using free-space-tree [ 97.826728][ T6057] tipc: Enabling of bearer rejected, failed to enable media [ 97.836677][ T6029] workqueue: Failed to create a rescuer kthread for wq "btrfs-worker": -EINTR [ 97.836960][ T6029] workqueue: Failed to create a rescuer kthread for wq "btrfs-delalloc": -EINTR [ 97.872026][ T6029] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio": -EINTR [ 97.902928][ T6029] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-meta": -EINTR [ 98.366833][ T6058] Zero length message leads to an empty skb [ 98.379520][ T6029] workqueue: Failed to create a rescuer kthread for wq "btrfs-rmw": -EINTR [ 98.401734][ T6065] syzkaller0: entered promiscuous mode [ 98.422684][ T6029] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-write": -EINTR [ 98.423493][ T6029] workqueue: Failed to create a rescuer kthread for wq "btrfs-compressed-write": -EINTR [ 98.479685][ T6029] workqueue: Failed to create a rescuer kthread for wq "btrfs-freespace-write": -EINTR [ 98.559667][ T6029] workqueue: Failed to create a rescuer kthread for wq "btrfs-delayed-meta": -EINTR [ 98.597209][ T6029] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR [ 98.683512][ T5856] dvb_usb_rtl28xxu 3-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 98.726317][ T6029] BTRFS error (device loop3): open_ctree failed: -12 [ 98.839479][ T6078] loop4: detected capacity change from 0 to 128 [ 99.724456][ T5856] usb 3-1: USB disconnect, device number 2 [ 100.770141][ T6087] binder: 6083:6087 ioctl c0306201 200000000240 returned -11 [ 101.519362][ T6003] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 102.238703][ T6003] usb 6-1: Using ep0 maxpacket: 16 [ 102.243528][ T6109] random: crng reseeded on system resumption [ 102.308975][ T6003] usb 6-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config [ 102.389547][ T6003] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0 [ 102.399619][ T6003] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 0 [ 102.459024][ T6003] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 102.911097][ T6003] usb 6-1: New USB device found, idVendor=04d8, idProduct=0a30, bcdDevice=ce.47 [ 102.931882][ T6003] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 102.952359][ T6003] usb 6-1: Product: syz [ 102.972359][ T6003] usb 6-1: Manufacturer: syz [ 103.007452][ T6003] usb 6-1: SerialNumber: syz [ 103.045842][ T6003] usb 6-1: config 0 descriptor?? [ 103.066811][ T6112] random: crng reseeded on system resumption [ 103.233464][ T6003] mcba_usb 6-1:0.0: Can't find endpoints [ 103.315066][ T6116] loop1: detected capacity change from 0 to 512 [ 103.364538][ T6116] EXT4-fs (loop1): Test dummy encryption mode enabled [ 103.372492][ T6116] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 103.395754][ T6116] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 103.412910][ T6116] EXT4-fs error (device loop1): ext4_orphan_get:1418: comm syz.1.33: bad orphan inode 131083 [ 103.441716][ T44] usb 6-1: USB disconnect, device number 2 [ 103.466990][ T6116] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 103.494808][ T6116] 9pnet_fd: Insufficient options for proto=fd [ 103.563881][ T5872] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 103.749960][ T6126] tipc: Enabling of bearer rejected, failed to enable media [ 103.771656][ T6126] syzkaller0: entered promiscuous mode [ 103.840581][ T6126] syzkaller0: entered allmulticast mode [ 104.410991][ T6120] loop3: detected capacity change from 0 to 32768 [ 104.434729][ T6120] ======================================================= [ 104.434729][ T6120] WARNING: The mand mount option has been deprecated and [ 104.434729][ T6120] and is ignored by this kernel. Remove the mand [ 104.434729][ T6120] option from the mount to silence this warning. [ 104.434729][ T6120] ======================================================= [ 104.469632][ C0] vkms_vblank_simulate: vblank timer overrun [ 104.869924][ T6120] bcachefs (loop3): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nojournal_transaction_names [ 104.869954][ T6120] allowing incompatible features above 0.0: (unknown version) [ 104.869969][ T6120] features: atomic_nlink [ 104.905999][ T6120] bcachefs (loop3): Using encoding defined by superblock: utf8-12.1.0 [ 104.914254][ T6120] bcachefs (loop3): initializing new filesystem [ 104.927562][ T6120] bcachefs (loop3): going read-write [ 104.935310][ T6120] bcachefs (loop3): marking superblocks [ 105.089414][ T6120] bcachefs (loop3): initializing freespace [ 105.154548][ T6120] bcachefs (loop3): done initializing freespace [ 105.241363][ T6120] bcachefs (loop3): reading snapshots table [ 105.294653][ T6120] bcachefs (loop3): reading snapshots done [ 105.515612][ T6120] bcachefs (loop3): done starting filesystem [ 105.672564][ T6132] loop0: detected capacity change from 0 to 32768 [ 105.682286][ T6132] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.38 (6132) [ 105.700073][ T6132] BTRFS info (device loop0): first mount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6 [ 105.711235][ T6132] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 105.727437][ T6132] BTRFS info (device loop0): using free-space-tree [ 105.770503][ T6120] syz.3.34 (6120) used greatest stack depth: 19056 bytes left [ 105.854823][ T6166] random: crng reseeded on system resumption [ 105.906092][ T5866] bcachefs (loop3): shutting down [ 106.044388][ T5866] bcachefs (loop3): going read-only [ 106.169384][ T5866] bcachefs (loop3): finished waiting for writes to stop [ 106.322447][ T5866] bcachefs (loop3): flushing journal and stopping allocators, journal seq 4 [ 106.428623][ T5864] BTRFS info (device loop0): last unmount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6 [ 106.501893][ T5866] bcachefs (loop3): flushing journal and stopping allocators complete, journal seq 4 [ 106.534777][ T6181] syzkaller0: entered promiscuous mode [ 106.566825][ T6181] syzkaller0: entered allmulticast mode [ 106.581684][ T5866] bcachefs (loop3): clean shutdown complete, journal seq 5 [ 106.605316][ T5866] bcachefs (loop3): marking filesystem clean [ 106.670337][ T5866] bcachefs (loop3): shutdown complete [ 107.931323][ T6003] usb 6-1: new full-speed USB device number 3 using dummy_hcd [ 108.256964][ T6209] use of bytesused == 0 is deprecated and will be removed in the future, [ 108.265500][ T6209] use the actual size instead. [ 108.730095][ T6003] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 108.765228][ T6003] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 108.783034][ T6207] netlink: 96 bytes leftover after parsing attributes in process `syz.0.59'. [ 108.835762][ T6003] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 108.886156][ T6003] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 108.963688][ T6213] loop2: detected capacity change from 0 to 512 [ 109.035788][ T6213] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 109.108348][ T6213] ext4 filesystem being mounted at /11/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 109.134867][ T6003] usb 6-1: usb_control_msg returned -32 [ 109.221458][ T6003] usbtmc 6-1:16.0: can't read capabilities [ 109.409657][ T6222] netlink: 292 bytes leftover after parsing attributes in process `syz.1.62'. [ 110.289387][ T10] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 110.433034][ T5855] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 110.449626][ T10] usb 1-1: Using ep0 maxpacket: 8 [ 110.476748][ T10] usb 1-1: config index 0 descriptor too short (expected 301, got 45) [ 110.496097][ T10] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 110.516293][ T10] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 110.559331][ T10] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 110.594914][ T10] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 110.633278][ T10] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 110.689249][ T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 110.784594][ T6006] usb 6-1: USB disconnect, device number 3 [ 110.870777][ T6226] loop1: detected capacity change from 0 to 32768 [ 110.903534][ T10] usb 1-1: GET_CAPABILITIES returned 0 [ 110.935451][ T6226] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.63 (6226) [ 110.939072][ T10] usbtmc 1-1:16.0: can't read capabilities [ 111.208476][ T6243] netlink: 'syz.5.69': attribute type 1 has an invalid length. [ 111.216219][ T6243] netlink: 224 bytes leftover after parsing attributes in process `syz.5.69'. [ 111.546098][ T6226] BTRFS info (device loop1): first mount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6 [ 111.606694][ T6226] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [ 111.634124][ T6226] BTRFS info (device loop1): using free-space-tree [ 112.059444][ T6003] usb 1-1: USB disconnect, device number 2 [ 112.448250][ T5872] BTRFS info (device loop1): last unmount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6 [ 113.670893][ T6284] random: crng reseeded on system resumption [ 114.187978][ T6276] loop5: detected capacity change from 0 to 4096 [ 114.263557][ T6295] netlink: 292 bytes leftover after parsing attributes in process `syz.4.79'. [ 114.281224][ T6296] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 114.307257][ T30] audit: type=1800 audit(1755335076.895:2): pid=6276 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.74" name="file1" dev="loop5" ino=15 res=0 errno=0 [ 115.559615][ T10] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 115.750736][ T10] usb 6-1: Using ep0 maxpacket: 8 [ 115.770608][ T10] usb 6-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 115.787116][ T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 115.811642][ T10] usb 6-1: Product: syz [ 115.820580][ T10] usb 6-1: Manufacturer: syz [ 115.838165][ T10] usb 6-1: SerialNumber: syz [ 115.891609][ T10] usb 6-1: config 0 descriptor?? [ 116.426932][ T5942] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 116.434582][ T10] usb 6-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 116.588583][ T6305] loop0: detected capacity change from 0 to 32768 [ 116.605409][ T6305] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.83 (6305) [ 116.636559][ T6305] BTRFS info (device loop0): first mount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6 [ 116.665171][ T6305] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 116.669257][ T5942] usb 5-1: Using ep0 maxpacket: 8 [ 116.693095][ T6305] BTRFS info (device loop0): using free-space-tree [ 116.712083][ T5942] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 116.729249][ T5942] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 116.779943][ T5942] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 116.840009][ T5942] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 116.872690][ T5942] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 116.961089][ T6348] loop3: detected capacity change from 0 to 64 [ 116.985463][ T5942] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 117.017964][ T5942] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 117.060890][ T5864] BTRFS info (device loop0): last unmount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6 [ 117.309342][ T5942] usb 5-1: GET_CAPABILITIES returned 0 [ 117.314908][ T5942] usbtmc 5-1:16.0: can't read capabilities [ 117.334306][ T6350] syz.3.93: attempt to access beyond end of device [ 117.334306][ T6350] loop3: rw=0, sector=16777216, nr_sectors = 2 limit=64 [ 117.348047][ T6350] Buffer I/O error on dev loop3, logical block 8388608, async page read [ 117.359025][ T6350] syz.3.93: attempt to access beyond end of device [ 117.359025][ T6350] loop3: rw=0, sector=16777216, nr_sectors = 2 limit=64 [ 117.373439][ T6350] Buffer I/O error on dev loop3, logical block 8388608, async page read [ 117.833309][ T10] dvb_usb_rtl28xxu 6-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 117.869237][ T10] usb 6-1: USB disconnect, device number 4 [ 117.995118][ T44] usb 5-1: USB disconnect, device number 2 [ 119.088460][ T6360] loop5: detected capacity change from 0 to 4096 [ 119.282704][ T6346] loop1: detected capacity change from 0 to 32768 [ 119.321513][ T6364] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 119.393923][ T30] audit: type=1800 audit(1755335081.945:3): pid=6360 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.96" name="file1" dev="loop5" ino=15 res=0 errno=0 [ 119.582374][ T6370] netlink: 292 bytes leftover after parsing attributes in process `syz.4.97'. [ 120.387481][ T6390] loop4: detected capacity change from 0 to 16 [ 120.440394][ T6390] erofs (device loop4): algorithm 1 isn't enabled on this kernel [ 120.830739][ T6378] loop3: detected capacity change from 0 to 32768 [ 120.856435][ T6378] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.102 (6378) [ 120.869278][ T5942] usb 3-1: new full-speed USB device number 3 using dummy_hcd [ 120.899224][ T6378] BTRFS info (device loop3): first mount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6 [ 120.926558][ T6378] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 120.956990][ T6378] BTRFS info (device loop3): using free-space-tree [ 121.040642][ T5942] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 121.060707][ T5942] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 121.089207][ T5942] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 121.149707][ T5942] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 121.212622][ T6378] netlink: 4 bytes leftover after parsing attributes in process `syz.3.102'. [ 121.288480][ T6415] loop1: detected capacity change from 0 to 512 [ 121.299380][ T6378] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 121.457760][ T6415] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 121.473539][ T5942] usb 3-1: usb_control_msg returned -32 [ 121.496029][ T5942] usbtmc 3-1:16.0: can't read capabilities [ 121.508496][ T6378] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 121.572792][ T6415] ext4 filesystem being mounted at /20/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 121.707307][ T6397] loop4: detected capacity change from 0 to 32768 [ 121.748192][ T6397] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.108 (6397) [ 121.846534][ T6397] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 121.868111][ T5872] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 121.893673][ T6397] BTRFS info (device loop4): using crc32c (crc32c-lib) checksum algorithm [ 121.906366][ T6397] BTRFS info (device loop4): using free-space-tree [ 121.907349][ T5866] BTRFS info (device loop3): last unmount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6 [ 122.099332][ T5942] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 122.259272][ T5942] usb 6-1: Using ep0 maxpacket: 8 [ 122.292222][ T5942] usb 6-1: config index 0 descriptor too short (expected 301, got 45) [ 122.539092][ T6448] loop0: detected capacity change from 0 to 4096 [ 122.592909][ T5942] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 122.627238][ T5858] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 122.640071][ T6451] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 122.651988][ T30] audit: type=1800 audit(1755335085.235:4): pid=6448 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.114" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 122.683261][ T5942] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 122.808621][ T5942] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 122.843914][ T5942] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 122.954600][ T6442] loop1: detected capacity change from 0 to 40427 [ 122.995843][ T5942] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 122.998717][ T6442] F2FS-fs (loop1): invalid crc value [ 123.023822][ T5942] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 123.138690][ T6459] random: crng reseeded on system resumption [ 123.535707][ T6442] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 123.573211][ T6442] F2FS-fs (loop1): Start checkpoint disabled! [ 123.616608][ T5942] usb 6-1: GET_CAPABILITIES returned 0 [ 123.629308][ T5942] usbtmc 6-1:16.0: can't read capabilities [ 123.650156][ T6442] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [ 123.672444][ T6003] usb 3-1: USB disconnect, device number 3 [ 123.786656][ T30] audit: type=1800 audit(1755335086.375:5): pid=6442 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.111" name="file1" dev="loop1" ino=10 res=0 errno=0 [ 124.259024][ T6475] process 'syz.2.121' launched './file0' with NULL argv: empty string added [ 125.045039][ T5929] usb 6-1: USB disconnect, device number 5 [ 125.319257][ T6003] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 125.373335][ T6482] loop4: detected capacity change from 0 to 512 [ 125.451487][ T6482] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 125.508010][ T6482] ext4 filesystem being mounted at /23/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 125.519099][ T2958] kworker/u8:7: attempt to access beyond end of device [ 125.519099][ T2958] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 125.599278][ T6003] usb 3-1: Using ep0 maxpacket: 16 [ 125.605107][ T2958] CPU: 1 UID: 0 PID: 2958 Comm: kworker/u8:7 Not tainted 6.17.0-rc1-syzkaller-00199-gdfd4b508c8c6 #0 PREEMPT(full) [ 125.605152][ T2958] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 125.605175][ T2958] Workqueue: writeback wb_workfn (flush-7:1) [ 125.605238][ T2958] Call Trace: [ 125.605248][ T2958] [ 125.605260][ T2958] dump_stack_lvl+0x16c/0x1f0 [ 125.605310][ T2958] f2fs_handle_critical_error+0x624/0x9f0 [ 125.605357][ T2958] ? srso_alias_return_thunk+0x5/0xfbef5 [ 125.605401][ T2958] ? f2fs_build_fault_attr+0x53/0x1f0 [ 125.605445][ T2958] f2fs_write_end_io+0x958/0xcf0 [ 125.605495][ T2958] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 125.605538][ T2958] ? srso_alias_return_thunk+0x5/0xfbef5 [ 125.605589][ T2958] ? rcu_is_watching+0x12/0xc0 [ 125.605638][ T2958] ? srso_alias_return_thunk+0x5/0xfbef5 [ 125.605678][ T2958] ? lock_release+0x201/0x2f0 [ 125.605729][ T2958] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 125.605764][ T2958] bio_endio+0x70d/0x850 [ 125.605804][ T2958] submit_bio_noacct+0x306/0x1eb0 [ 125.605840][ T2958] __submit_merged_bio+0x33c/0x770 [ 125.605879][ T2958] __submit_merged_write_cond+0x319/0x3f0 [ 125.605921][ T2958] f2fs_write_cache_pages+0x2067/0x2570 [ 125.605980][ T2958] ? __pfx_f2fs_write_cache_pages+0x10/0x10 [ 125.606035][ T2958] ? srso_alias_return_thunk+0x5/0xfbef5 [ 125.606072][ T2958] ? srso_alias_return_thunk+0x5/0xfbef5 [ 125.606107][ T2958] ? rcu_is_watching+0x12/0xc0 [ 125.606139][ T2958] ? srso_alias_return_thunk+0x5/0xfbef5 [ 125.606171][ T2958] ? lock_release+0x201/0x2f0 [ 125.606213][ T2958] ? srso_alias_return_thunk+0x5/0xfbef5 [ 125.606245][ T2958] ? do_raw_spin_unlock+0x172/0x230 [ 125.606281][ T2958] ? srso_alias_return_thunk+0x5/0xfbef5 [ 125.606313][ T2958] ? f2fs_available_free_memory+0x279/0xa30 [ 125.606369][ T2958] ? srso_alias_return_thunk+0x5/0xfbef5 [ 125.606401][ T2958] ? rcu_is_watching+0x12/0xc0 [ 125.606433][ T2958] ? srso_alias_return_thunk+0x5/0xfbef5 [ 125.606467][ T2958] ? srso_alias_return_thunk+0x5/0xfbef5 [ 125.606503][ T2958] f2fs_write_data_pages+0x4ad/0xd90 [ 125.606549][ T2958] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 125.606595][ T2958] ? srso_alias_return_thunk+0x5/0xfbef5 [ 125.606632][ T2958] ? srso_alias_return_thunk+0x5/0xfbef5 [ 125.606667][ T2958] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 125.606710][ T2958] do_writepages+0x27a/0x600 [ 125.606748][ T2958] ? __pfx_do_writepages+0x10/0x10 [ 125.606781][ T2958] ? srso_alias_return_thunk+0x5/0xfbef5 [ 125.606814][ T2958] ? sched_clock_cpu+0x6c/0x530 [ 125.606852][ T2958] ? __dequeue_entity+0xa76/0x1830 [ 125.606893][ T2958] __writeback_single_inode+0x160/0xfb0 [ 125.606930][ T2958] ? lock_release+0x201/0x2f0 [ 125.606971][ T2958] ? __pfx___writeback_single_inode+0x10/0x10 [ 125.607007][ T2958] ? srso_alias_return_thunk+0x5/0xfbef5 [ 125.607038][ T2958] ? do_raw_spin_unlock+0x172/0x230 [ 125.607067][ T2958] ? srso_alias_return_thunk+0x5/0xfbef5 [ 125.607102][ T2958] writeback_sb_inodes+0x60d/0xfa0 [ 125.607145][ T2958] ? lock_release+0x201/0x2f0 [ 125.607186][ T2958] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 125.607223][ T2958] ? srso_alias_return_thunk+0x5/0xfbef5 [ 125.607255][ T2958] ? do_raw_spin_lock+0x12c/0x2b0 [ 125.607282][ T2958] ? srso_alias_return_thunk+0x5/0xfbef5 [ 125.607341][ T2958] ? srso_alias_return_thunk+0x5/0xfbef5 [ 125.607372][ T2958] ? rcu_is_watching+0x12/0xc0 [ 125.607405][ T2958] ? srso_alias_return_thunk+0x5/0xfbef5 [ 125.607437][ T2958] ? queue_io+0x3f6/0x520 [ 125.607468][ T2958] wb_writeback+0x419/0xb70 [ 125.607507][ T2958] ? __pfx_wb_writeback+0x10/0x10 [ 125.607545][ T2958] ? rcu_is_watching+0x12/0xc0 [ 125.607582][ T2958] ? srso_alias_return_thunk+0x5/0xfbef5 [ 125.607614][ T2958] ? rcu_is_watching+0x12/0xc0 [ 125.607650][ T2958] wb_workfn+0x14d/0xbe0 [ 125.607687][ T2958] ? srso_alias_return_thunk+0x5/0xfbef5 [ 125.607719][ T2958] ? try_to_wake_up+0x160/0x1870 [ 125.607751][ T2958] ? __pfx_wb_workfn+0x10/0x10 [ 125.607786][ T2958] ? __pfx_try_to_wake_up+0x10/0x10 [ 125.607820][ T2958] ? srso_alias_return_thunk+0x5/0xfbef5 [ 125.607852][ T2958] ? rcu_is_watching+0x12/0xc0 [ 125.607885][ T2958] ? srso_alias_return_thunk+0x5/0xfbef5 [ 125.607916][ T2958] ? lock_acquire+0x2cd/0x350 [ 125.607957][ T2958] ? rcu_is_watching+0x12/0xc0 [ 125.607990][ T2958] ? srso_alias_return_thunk+0x5/0xfbef5 [ 125.608022][ T2958] ? rcu_is_watching+0x12/0xc0 [ 125.608058][ T2958] process_one_work+0x9cf/0x1b70 [ 125.608094][ T2958] ? __pfx_batadv_nc_worker+0x10/0x10 [ 125.608125][ T2958] ? __pfx_process_one_work+0x10/0x10 [ 125.608154][ T2958] ? srso_alias_return_thunk+0x5/0xfbef5 [ 125.608198][ T2958] ? srso_alias_return_thunk+0x5/0xfbef5 [ 125.608236][ T2958] ? assign_work+0x1a0/0x250 [ 125.608263][ T2958] worker_thread+0x6c8/0xf10 [ 125.608302][ T2958] ? __pfx_worker_thread+0x10/0x10 [ 125.608331][ T2958] kthread+0x3c5/0x780 [ 125.608357][ T2958] ? __pfx_kthread+0x10/0x10 [ 125.608380][ T2958] ? srso_alias_return_thunk+0x5/0xfbef5 [ 125.608412][ T2958] ? rcu_is_watching+0x12/0xc0 [ 125.608454][ T2958] ? srso_alias_return_thunk+0x5/0xfbef5 [ 125.608496][ T2958] ? rcu_is_watching+0x12/0xc0 [ 125.608530][ T2958] ? __pfx_kthread+0x10/0x10 [ 125.608564][ T2958] ret_from_fork+0x5d7/0x6f0 [ 125.608589][ T2958] ? __pfx_kthread+0x10/0x10 [ 125.608615][ T2958] ret_from_fork_asm+0x1a/0x30 [ 125.608658][ T2958] [ 125.659462][ T2958] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 126.171287][ T6003] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0 [ 126.182819][ T6003] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 0 [ 126.193818][ T6003] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 126.324481][ T5858] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 127.052062][ T6003] usb 3-1: New USB device found, idVendor=04d8, idProduct=0a30, bcdDevice=ce.47 [ 127.070063][ T6003] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 127.078126][ T6003] usb 3-1: Product: syz [ 127.082426][ T6003] usb 3-1: Manufacturer: syz [ 127.087085][ T6003] usb 3-1: SerialNumber: syz [ 127.102925][ T6003] usb 3-1: config 0 descriptor?? [ 127.110094][ T6003] mcba_usb 3-1:0.0: Can't find endpoints [ 127.611430][ T5942] usb 3-1: USB disconnect, device number 4 [ 127.778534][ T6501] random: crng reseeded on system resumption [ 128.729986][ T1211] usb 5-1: new full-speed USB device number 3 using dummy_hcd [ 129.422330][ T1211] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 129.472071][ T1211] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 129.536680][ T1211] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 129.560676][ T1211] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 129.964981][ T1211] usb 5-1: usb_control_msg returned -32 [ 130.033459][ T1211] usbtmc 5-1:16.0: can't read capabilities [ 130.515179][ T6533] loop1: detected capacity change from 0 to 512 [ 130.540911][ T1211] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 130.606539][ T6533] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 130.700094][ T6526] loop0: detected capacity change from 0 to 32768 [ 130.706903][ T6533] ext4 filesystem being mounted at /23/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 130.719295][ T1211] usb 3-1: Using ep0 maxpacket: 8 [ 130.740996][ T1211] usb 3-1: config index 0 descriptor too short (expected 301, got 45) [ 130.753773][ T1211] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 130.790013][ T1211] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 130.816116][ T1211] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 130.830017][ T1211] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 130.845958][ T13] read_mapping_page failed! [ 130.856913][ T13] ERROR: (device loop0): txAbort: [ 130.856913][ T13] [ 130.867194][ T13] ERROR: (device loop0): remounting filesystem as read-only [ 130.875018][ T1211] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 130.886801][ T13] jfs_write_inode: jfs_commit_inode failed! [ 130.894457][ T1211] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 130.916955][ T5872] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 131.123910][ T1211] usb 3-1: GET_CAPABILITIES returned 0 [ 131.136259][ T1211] usbtmc 3-1:16.0: can't read capabilities [ 131.327132][ T6528] usbtmc 5-1:16.0: usb_control_msg returned -32 [ 131.329021][ T6006] usb 5-1: USB disconnect, device number 3 [ 131.722506][ T6542] loop0: detected capacity change from 0 to 32768 [ 131.760214][ T6006] usb 3-1: USB disconnect, device number 5 [ 131.993414][ T6542] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,erasure_code,degraded=yes,no_splitbrain_check,fsck,norecovery,nojournal_transaction_names,reconstruct_alloc,nocow [ 131.993465][ T6542] allowing incompatible features above 0.0: (unknown version) [ 131.993485][ T6542] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 132.031243][ T44] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 132.110984][ T6564] binder_alloc: 6563: binder_alloc_buf, no vma [ 132.153702][ T6542] bcachefs (loop0): Using encoding defined by superblock: utf8-12.1.0 [ 132.179220][ T44] usb 2-1: Using ep0 maxpacket: 16 [ 132.186701][ T6542] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 132.201537][ T44] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0 [ 132.227863][ T6542] bcachefs (loop0): Version upgrade required: [ 132.227863][ T6542] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete [ 132.227863][ T6542] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.28: inode_has_case_insensitive [ 132.227863][ T6542] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,check_rebalance_work,set_fs_needs_rebalance [ 132.306499][ T44] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 0 [ 132.329405][ T44] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 132.358184][ T44] usb 2-1: New USB device found, idVendor=04d8, idProduct=0a30, bcdDevice=ce.47 [ 132.368020][ T44] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 132.376249][ T44] usb 2-1: Product: syz [ 132.380734][ T44] usb 2-1: Manufacturer: syz [ 132.385397][ T44] usb 2-1: SerialNumber: syz [ 132.396305][ T6542] bcachefs (loop0): dropping and reconstructing all alloc info [ 132.446383][ T44] usb 2-1: config 0 descriptor?? [ 132.475240][ T44] mcba_usb 2-1:0.0: Can't find endpoints [ 132.553932][ T6542] bcachefs (loop0): accounting_read... [ 132.562041][ T6569] loop4: detected capacity change from 0 to 512 [ 132.633023][ T6542] done [ 132.635833][ T6542] bcachefs (loop0): alloc_read... done [ 132.644460][ T6542] bcachefs (loop0): snapshots_read... done [ 132.769646][ T44] usb 2-1: USB disconnect, device number 3 [ 132.770076][ T6542] bcachefs (loop0): done starting filesystem [ 132.852847][ T6569] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 132.943670][ T6569] ext4 filesystem being mounted at /27/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 133.173722][ T5864] bcachefs (loop0): shutting down [ 133.215828][ T5864] bcachefs (loop0): shutdown complete [ 133.840801][ T6579] random: crng reseeded on system resumption [ 134.197978][ T6575] loop2: detected capacity change from 0 to 4096 [ 134.255853][ T6587] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 134.347805][ T30] audit: type=1800 audit(1755335096.885:6): pid=6575 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.149" name="file1" dev="loop2" ino=15 res=0 errno=0 [ 134.574301][ T5858] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 137.021363][ T6591] loop4: detected capacity change from 0 to 32768 [ 137.051661][ T6591] XFS: ikeep mount option is deprecated. [ 137.132131][ T6591] XFS (loop4): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 137.146683][ T6612] syzkaller0: entered promiscuous mode [ 137.165578][ T6612] syzkaller0: entered allmulticast mode [ 137.216399][ T6624] loop5: detected capacity change from 0 to 2048 [ 137.315697][ T6624] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 137.319221][ T6003] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 137.377247][ T6591] XFS (loop4): Ending clean mount [ 137.422453][ T6591] XFS (loop4): Quotacheck needed: Please wait. [ 137.442626][ T6591] XFS (loop4): Quotacheck: Done. [ 138.231906][ T6624] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 138.259345][ T6003] usb 4-1: Using ep0 maxpacket: 8 [ 138.281494][ T6003] usb 4-1: config index 0 descriptor too short (expected 301, got 45) [ 138.298058][ T6003] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 138.313186][ T6003] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 138.381082][ T6591] syz.4.154 (6591): drop_caches: 2 [ 138.476837][ T6003] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 138.578677][ T6003] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 138.742757][ T6003] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 138.808953][ T5858] XFS (loop4): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 138.853178][ T6003] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 139.209305][ T6639] syzkaller0: entered promiscuous mode [ 139.219758][ T6003] usb 4-1: GET_CAPABILITIES returned 0 [ 139.225251][ T6003] usbtmc 4-1:16.0: can't read capabilities [ 139.248119][ T6639] syzkaller0: entered allmulticast mode [ 139.919375][ T6656] loop5: detected capacity change from 0 to 512 [ 139.957860][ T6656] EXT4-fs (loop5): Test dummy encryption mode enabled [ 140.007175][ T6656] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 140.069071][ T6656] EXT4-fs error (device loop5): ext4_orphan_get:1418: comm syz.5.171: bad orphan inode 131083 [ 140.461684][ T6656] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 140.530576][ T6656] 9pnet_fd: Insufficient options for proto=fd [ 140.725963][ T5854] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 140.970794][ T30] audit: type=1326 audit(1755335103.525:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6665 comm="syz.5.175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e33d8ebe9 code=0x7ffc0000 [ 141.113330][ T30] audit: type=1326 audit(1755335103.535:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6665 comm="syz.5.175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e33d8ebe9 code=0x7ffc0000 [ 141.306334][ T30] audit: type=1326 audit(1755335103.545:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6665 comm="syz.5.175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7f0e33d8ebe9 code=0x7ffc0000 [ 141.526389][ T6673] binder_alloc: 6671: binder_alloc_buf, no vma [ 141.629227][ T6649] loop4: detected capacity change from 0 to 32768 [ 141.659275][ T30] audit: type=1326 audit(1755335103.545:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6665 comm="syz.5.175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e33d8ebe9 code=0x7ffc0000 [ 141.785353][ T6649] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.168 (6649) [ 141.852972][ T30] audit: type=1326 audit(1755335103.545:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6665 comm="syz.5.175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e33d8ebe9 code=0x7ffc0000 [ 141.969733][ T6649] BTRFS info (device loop4): first mount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6 [ 142.062918][ T30] audit: type=1326 audit(1755335103.545:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6665 comm="syz.5.175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f0e33d8ebe9 code=0x7ffc0000 [ 142.122706][ T6649] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [ 142.156001][ T6657] loop0: detected capacity change from 0 to 32768 [ 142.172805][ T6649] BTRFS info (device loop4): using free-space-tree [ 142.229650][ T6657] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.170 (6657) [ 142.247569][ T30] audit: type=1326 audit(1755335103.545:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6665 comm="syz.5.175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e33d8ebe9 code=0x7ffc0000 [ 142.376697][ T6677] netlink: 'syz.1.178': attribute type 1 has an invalid length. [ 142.384417][ T6677] netlink: 224 bytes leftover after parsing attributes in process `syz.1.178'. [ 142.398295][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 142.414896][ T30] audit: type=1326 audit(1755335103.555:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6665 comm="syz.5.175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e33d8ebe9 code=0x7ffc0000 [ 142.431638][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 142.480628][ T6657] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 142.505663][ T6657] BTRFS info (device loop0): using crc32c (crc32c-lib) checksum algorithm [ 142.505718][ T30] audit: type=1326 audit(1755335103.555:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6665 comm="syz.5.175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=299 compat=0 ip=0x7f0e33d8ebe9 code=0x7ffc0000 [ 142.539310][ T30] audit: type=1326 audit(1755335103.625:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6665 comm="syz.5.175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=299 compat=0 ip=0x7f0e33d8ebe9 code=0x7ffc0000 [ 142.595244][ T6657] BTRFS info (device loop0): using free-space-tree [ 142.855994][ T6649] BTRFS error (device loop4): open_ctree failed: -4 [ 143.078024][ T6712] netlink: 292 bytes leftover after parsing attributes in process `syz.1.179'. [ 143.162329][ T5864] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 144.445605][ T6723] loop1: detected capacity change from 0 to 256 [ 144.500408][ T6725] syzkaller0: entered promiscuous mode [ 144.526354][ T6725] syzkaller0: entered allmulticast mode [ 144.567757][ T6723] exfat: Deprecated parameter 'namecase' [ 144.609243][ T6610] usbtmc 4-1:16.0: usb_control_msg returned -110 [ 144.645577][ T6723] exfat: Deprecated parameter 'utf8' [ 144.655895][ T10] usb 4-1: USB disconnect, device number 2 [ 144.908364][ T6723] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d) [ 144.951083][ T6731] loop0: detected capacity change from 0 to 4096 [ 144.986252][ T6731] EXT4-fs (loop0): filesystem too large to mount safely on this system [ 145.374184][ T6737] loop3: detected capacity change from 0 to 512 [ 145.445228][ T6737] EXT4-fs (loop3): Test dummy encryption mode enabled [ 145.483608][ T6737] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 145.563108][ T6737] EXT4-fs error (device loop3): ext4_orphan_get:1418: comm syz.3.188: bad orphan inode 131083 [ 145.693601][ T6737] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 145.762050][ T6746] random: crng reseeded on system resumption [ 145.994886][ T6737] 9pnet_fd: Insufficient options for proto=fd [ 146.007505][ T6751] netlink: 'syz.0.192': attribute type 1 has an invalid length. [ 146.015350][ T6751] netlink: 224 bytes leftover after parsing attributes in process `syz.0.192'. [ 146.204080][ T6750] program syz.2.190 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 146.356362][ T6754] loop2: detected capacity change from 0 to 1764 [ 146.434361][ T5866] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 146.535411][ T6757] syzkaller0: entered promiscuous mode [ 146.584282][ T6757] syzkaller0: entered allmulticast mode [ 146.677116][ T6760] loop1: detected capacity change from 0 to 2048 [ 146.812470][ T6760] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 147.623271][ T6760] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 148.144708][ T6763] loop3: detected capacity change from 0 to 32768 [ 148.190955][ T6763] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.194 (6763) [ 148.239335][ T1211] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 148.278611][ T6763] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 148.349308][ T6763] BTRFS info (device loop3): using crc32c (crc32c-lib) checksum algorithm [ 148.349726][ T5942] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 148.358030][ T6763] BTRFS info (device loop3): using free-space-tree [ 148.397377][ T1211] usb 5-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36 [ 148.409116][ T1211] usb 5-1: New USB device strings: Mfr=241, Product=2, SerialNumber=3 [ 148.429333][ T1211] usb 5-1: Product: syz [ 148.433561][ T1211] usb 5-1: Manufacturer: syz [ 148.486661][ T1211] usb 5-1: SerialNumber: syz [ 148.531942][ T1211] usb 5-1: config 0 descriptor?? [ 148.569727][ T5942] usb 2-1: Using ep0 maxpacket: 8 [ 148.571559][ T1211] ch341 5-1:0.0: ch341-uart converter detected [ 148.592639][ T5942] usb 2-1: config index 0 descriptor too short (expected 301, got 45) [ 148.661061][ T5942] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 148.713314][ T5942] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 148.767039][ T5942] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 148.858038][ T5942] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 148.936462][ T5942] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 148.959671][ T5942] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 149.123956][ T5866] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 149.153245][ T6778] loop5: detected capacity change from 0 to 32768 [ 149.183027][ T6780] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 149.191824][ T6780] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 149.212358][ T1211] usb 5-1: failed to send control message: -71 [ 149.218554][ T1211] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -71 [ 149.237591][ T5942] usb 2-1: GET_CAPABILITIES returned 0 [ 149.256156][ T5942] usbtmc 2-1:16.0: can't read capabilities [ 149.300805][ T6778] BTRFS info: device /dev/loop5 (7:5) using temp-fsid 99d9291f-c345-4b12-ae07-76122cefa93b [ 149.312178][ T1211] usb 5-1: USB disconnect, device number 4 [ 149.318626][ T1211] ch341 5-1:0.0: device disconnected [ 149.361714][ T6778] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.199 (6778) [ 149.442371][ T6778] BTRFS info (device loop5): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 149.531172][ T6778] BTRFS info (device loop5): using crc32c (crc32c-lib) checksum algorithm [ 149.680168][ T6778] BTRFS info (device loop5): using free-space-tree [ 150.108960][ T6785] usbtmc 2-1:16.0: usb_control_msg returned -71 [ 150.129135][ T6842] loop0: detected capacity change from 0 to 512 [ 150.163427][ T5942] usb 2-1: USB disconnect, device number 4 [ 150.170156][ T6822] usbtmc 2-1:16.0: send_request_dev_dep_msg_in returned -19 [ 150.195906][ T6842] EXT4-fs (loop0): Test dummy encryption mode enabled [ 150.228345][ T6842] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 150.274018][ T6842] EXT4-fs error (device loop0): ext4_orphan_get:1418: comm syz.0.206: bad orphan inode 131083 [ 150.298625][ T6842] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 150.539496][ T6006] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 150.563468][ T6853] netlink: 'syz.4.208': attribute type 1 has an invalid length. [ 150.571197][ T6853] netlink: 224 bytes leftover after parsing attributes in process `syz.4.208'. [ 150.610951][ T6842] 9pnet_fd: Insufficient options for proto=fd [ 150.749293][ T6006] usb 3-1: Using ep0 maxpacket: 32 [ 150.776282][ T5854] BTRFS info (device loop5): last unmount of filesystem 99d9291f-c345-4b12-ae07-76122cefa93b [ 150.776542][ T6006] usb 3-1: config index 0 descriptor too short (expected 156, got 27) [ 150.903877][ T6006] usb 3-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 150.944721][ T5864] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 150.987458][ T6006] usb 3-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 151.017785][ T6006] usb 3-1: config 0 interface 0 altsetting 191 endpoint 0x87 has invalid wMaxPacketSize 0 [ 151.045368][ T6006] usb 3-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 151.147885][ T6006] usb 3-1: config 0 interface 0 has no altsetting 0 [ 151.233457][ T6006] usb 3-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 151.273180][ T6006] usb 3-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 151.295987][ T6006] usb 3-1: Product: syz [ 151.929944][ T6006] usb 3-1: Manufacturer: syz [ 152.014658][ T6006] usb 3-1: SerialNumber: syz [ 152.396442][ T6006] usb 3-1: config 0 descriptor?? [ 152.424174][ T6006] ldusb 3-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 152.757975][ T6006] ldusb 3-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 152.841948][ T6006] usb 3-1: USB disconnect, device number 6 [ 152.971658][ T6006] ldusb 3-1:0.0: LD USB Device #0 now disconnected [ 153.314800][ T6899] binder: 6898:6899 unknown command 0 [ 153.346629][ T6899] binder: 6898:6899 ioctl c0306201 200000000080 returned -22 [ 153.406841][ T6899] binder: BINDER_SET_CONTEXT_MGR already set [ 153.446321][ T6899] binder: 6898:6899 ioctl 4018620d 200000000040 returned -16 [ 153.542083][ T6904] netlink: 52 bytes leftover after parsing attributes in process `syz.2.219'. [ 153.757754][ T6872] loop0: detected capacity change from 0 to 32768 [ 153.881477][ T6872] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 154.150109][ T5864] ocfs2: Unmounting device (7,0) on (node local) [ 154.283119][ T6916] syzkaller0: entered promiscuous mode [ 154.288610][ T6916] syzkaller0: entered allmulticast mode [ 154.320893][ T6896] loop5: detected capacity change from 0 to 32768 [ 155.327309][ T6936] random: crng reseeded on system resumption [ 156.682123][ T6948] loop1: detected capacity change from 0 to 512 [ 156.701092][ T6948] ext4: Unknown parameter 'rootcontext' [ 156.884540][ T1211] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 157.152187][ T6929] loop0: detected capacity change from 0 to 32768 [ 157.199404][ T1211] usb 6-1: Using ep0 maxpacket: 16 [ 157.205559][ T6929] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.224 (6929) [ 157.207801][ T1211] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0 [ 157.262819][ T6929] BTRFS info (device loop0): first mount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6 [ 157.316159][ T1211] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 0 [ 157.335617][ T1211] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 157.356670][ T1211] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 157.366907][ T6929] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 157.399771][ T5929] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 157.444526][ T6929] BTRFS info (device loop0): using free-space-tree [ 157.461883][ T1211] usb 6-1: New USB device found, idVendor=04d8, idProduct=0a30, bcdDevice=ce.47 [ 157.478192][ T1211] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 157.566658][ T1211] usb 6-1: Product: syz [ 157.571260][ T5929] usb 2-1: Using ep0 maxpacket: 8 [ 157.580543][ T6943] loop4: detected capacity change from 0 to 32768 [ 157.599804][ T6929] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR [ 157.601287][ T1211] usb 6-1: Manufacturer: syz [ 157.626966][ T6929] BTRFS error (device loop0): open_ctree failed: -12 [ 157.637229][ T1211] usb 6-1: SerialNumber: syz [ 157.644446][ T1211] usb 6-1: config 0 descriptor?? [ 157.650784][ T6946] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 157.658446][ T5929] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 157.668661][ T5929] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 157.676354][ T6943] XFS (loop4): Mounting V5 Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd [ 157.684125][ T1211] mcba_usb 6-1:0.0: Can't find endpoints [ 157.692181][ T5929] usb 2-1: Product: syz [ 157.696357][ T5929] usb 2-1: Manufacturer: syz [ 157.704914][ T5929] usb 2-1: SerialNumber: syz [ 157.711157][ T5929] usb 2-1: config 0 descriptor?? [ 157.817177][ T6943] XFS (loop4): Ending clean mount [ 157.911584][ T5856] usb 6-1: USB disconnect, device number 6 [ 158.269118][ T5929] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 158.411868][ T5858] XFS (loop4): Unmounting Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd [ 159.372853][ T6968] loop3: detected capacity change from 0 to 32768 [ 159.581674][ T6968] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 159.724365][ T5866] ocfs2: Unmounting device (7,3) on (node local) [ 159.783511][ T5929] dvb_usb_rtl28xxu 2-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 159.817097][ T5929] usb 2-1: USB disconnect, device number 5 [ 161.244974][ T7020] loop2: detected capacity change from 0 to 512 [ 161.268641][ T7020] EXT4-fs (loop2): Test dummy encryption mode enabled [ 161.298409][ T7022] binder: BINDER_SET_CONTEXT_MGR already set [ 161.308201][ T7020] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 161.317196][ T7022] binder: 7018:7022 ioctl 4018620d 2000000002c0 returned -16 [ 161.336087][ T7020] EXT4-fs error (device loop2): ext4_orphan_get:1418: comm syz.2.251: bad orphan inode 131083 [ 161.436418][ T7020] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 161.441713][ T7026] binder: 7025:7026 ioctl c0306201 200000000240 returned -11 [ 161.619978][ T7020] 9pnet_fd: Insufficient options for proto=fd [ 161.815059][ T5855] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 162.003374][ T7033] syzkaller0: entered promiscuous mode [ 162.035251][ T7033] syzkaller0: entered allmulticast mode [ 162.714258][ T7028] loop3: detected capacity change from 0 to 32768 [ 162.750091][ T5856] usb 3-1: new full-speed USB device number 7 using dummy_hcd [ 162.796401][ T7028] XFS (loop3): Mounting V5 Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd [ 162.856775][ T7028] XFS (loop3): Ending clean mount [ 162.865816][ T7054] syzkaller0: entered promiscuous mode [ 162.879439][ T6006] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 162.910154][ T7054] syzkaller0: entered allmulticast mode [ 162.932100][ T5856] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 162.943184][ T5856] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 162.957305][ T5856] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 162.969830][ T5856] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 163.019275][ T6006] usb 2-1: device descriptor read/64, error -71 [ 163.219105][ T5856] usb 3-1: usb_control_msg returned -32 [ 163.234833][ T5856] usbtmc 3-1:16.0: can't read capabilities [ 163.299333][ T6006] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 163.469374][ T6006] usb 2-1: device descriptor read/64, error -71 [ 163.604806][ T5866] XFS (loop3): Unmounting Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd [ 163.636602][ T5929] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 163.723196][ T6006] usb usb2-port1: attempt power cycle [ 163.873949][ T5929] usb 6-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 163.888300][ T5929] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 163.913004][ T5929] usb 6-1: config 0 descriptor?? [ 163.913911][ T7047] loop4: detected capacity change from 0 to 32768 [ 163.952305][ T5929] cp210x 6-1:0.0: cp210x converter detected [ 164.079316][ T6006] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 164.107818][ T6006] usb 2-1: device descriptor read/8, error -71 [ 164.182430][ T5929] cp210x 6-1:0.0: failed to get vendor val 0x370b size 1: -121 [ 164.190030][ T7071] syz.3.265 uses obsolete (PF_INET,SOCK_PACKET) [ 164.409729][ T5929] cp210x 6-1:0.0: querying part number failed [ 164.436578][ T5929] usb 6-1: cp210x converter now attached to ttyUSB0 [ 164.566893][ T7072] loop3: detected capacity change from 0 to 512 [ 164.620071][ T6006] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 164.651981][ T6006] usb 2-1: device descriptor read/8, error -71 [ 164.797233][ T7077] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=none:owns=io+mem [ 165.088672][ T6006] usb usb2-port1: unable to enumerate USB device [ 165.108258][ T7072] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 165.121059][ T7072] ext4 filesystem being mounted at /35/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 165.242557][ T7080] binder: 7079:7080 ioctl c0306201 200000000240 returned -11 [ 165.253157][ T7070] netlink: 324 bytes leftover after parsing attributes in process `syz.3.265'. [ 165.295430][ T7082] loop0: detected capacity change from 0 to 512 [ 165.305979][ T7082] EXT4-fs (loop0): Test dummy encryption mode enabled [ 165.323934][ T7082] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 165.354188][ T7082] EXT4-fs error (device loop0): ext4_orphan_get:1418: comm syz.0.268: bad orphan inode 131083 [ 165.367782][ T7082] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 165.387909][ T7082] 9pnet_fd: Insufficient options for proto=fd [ 165.444388][ T5864] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 165.516280][ T6006] usb 3-1: USB disconnect, device number 7 [ 165.615974][ T5866] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 166.437413][ T5942] usb 6-1: USB disconnect, device number 7 [ 166.449714][ T5942] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 166.477967][ T5942] cp210x 6-1:0.0: device disconnected [ 166.669404][ T6006] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 166.841524][ T6006] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 166.887868][ T6006] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 166.924303][ T6006] usb 1-1: New USB device found, idVendor=18b1, idProduct=0037, bcdDevice= 0.00 [ 166.964751][ T6006] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 167.020324][ T6006] usb 1-1: config 0 descriptor?? [ 167.366177][ T7087] loop2: detected capacity change from 0 to 32768 [ 167.426642][ T7106] loop5: detected capacity change from 0 to 32768 [ 167.435786][ T7087] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.271 (7087) [ 167.505490][ T6006] petalynx 0003:18B1:0037.0001: unknown main item tag 0x0 [ 167.532400][ T7106] XFS (loop5): Mounting V5 Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd [ 167.554300][ T6006] petalynx 0003:18B1:0037.0001: unknown global tag 0xe [ 167.599815][ T7087] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 167.634120][ T6006] petalynx 0003:18B1:0037.0001: item 0 0 1 14 parsing failed [ 167.649356][ T7087] BTRFS info (device loop2): using crc32c (crc32c-lib) checksum algorithm [ 167.658481][ T7087] BTRFS info (device loop2): using free-space-tree [ 167.690443][ T6006] petalynx 0003:18B1:0037.0001: parse failed [ 167.725268][ T7106] XFS (loop5): Ending clean mount [ 167.733705][ T6006] petalynx 0003:18B1:0037.0001: probe with driver petalynx failed with error -22 [ 167.779391][ T6006] usb 1-1: USB disconnect, device number 3 [ 168.374382][ T5854] XFS (loop5): Unmounting Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd [ 168.448078][ T7115] loop4: detected capacity change from 0 to 32768 [ 168.630078][ T7142] fs-verity (loop2, inode 260): Error -4 building Merkle tree [ 168.759387][ T6006] usb 2-1: new full-speed USB device number 10 using dummy_hcd [ 168.999316][ T7149] ERROR: (device loop4): dbAdjCtl: the maximum free buddy is not the old root [ 168.999316][ T7149] [ 169.016106][ T7149] ERROR: (device loop4): remounting filesystem as read-only [ 169.036158][ T6006] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 169.279390][ T6006] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 169.335915][ T6006] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 169.385678][ T6006] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 169.576083][ T7153] loop5: detected capacity change from 0 to 512 [ 169.639335][ T7153] EXT4-fs (loop5): Test dummy encryption mode enabled [ 169.651869][ T6006] usb 2-1: usb_control_msg returned -32 [ 169.657822][ T6006] usbtmc 2-1:16.0: can't read capabilities [ 169.670140][ T7153] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 169.679381][ T5856] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 169.688840][ T5855] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 169.716270][ T7153] EXT4-fs error (device loop5): ext4_orphan_get:1418: comm syz.5.283: bad orphan inode 131083 [ 169.755114][ T7153] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 169.785158][ T5929] usb 2-1: USB disconnect, device number 10 [ 169.800096][ T7147] loop0: detected capacity change from 0 to 32768 [ 169.809244][ T5856] usb 4-1: device descriptor read/64, error -71 [ 169.868895][ T30] kauditd_printk_skb: 1 callbacks suppressed [ 169.868920][ T30] audit: type=1800 audit(1755335132.415:18): pid=7147 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.285" name="file1" dev="loop0" ino=4 res=0 errno=0 [ 169.870628][ T7153] 9pnet_fd: Insufficient options for proto=fd [ 170.069563][ T5856] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 170.091743][ T5854] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 170.210284][ T5856] usb 4-1: device descriptor read/64, error -71 [ 170.394647][ T5856] usb usb4-port1: attempt power cycle [ 170.425435][ T7165] random: crng reseeded on system resumption [ 170.492783][ T7166] loop5: detected capacity change from 0 to 64 [ 170.824862][ T7169] vivid-001: disconnect [ 170.839528][ T5856] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 170.870649][ T5856] usb 4-1: device descriptor read/8, error -71 [ 170.883188][ T7168] vivid-001: reconnect [ 171.190110][ T5856] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 171.231704][ T5856] usb 4-1: device descriptor read/8, error -71 [ 171.323459][ T7181] loop2: detected capacity change from 0 to 4096 [ 171.334716][ T7181] EXT4-fs (loop2): filesystem too large to mount safely on this system [ 171.354578][ T5856] usb usb4-port1: unable to enumerate USB device [ 172.038038][ T7173] loop1: detected capacity change from 0 to 32768 [ 172.066113][ T7173] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.293 (7173) [ 172.107645][ T7173] BTRFS info (device loop1): first mount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6 [ 172.131859][ T7173] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [ 172.151679][ T7175] loop4: detected capacity change from 0 to 32768 [ 172.158332][ T7173] BTRFS info (device loop1): using free-space-tree [ 172.238271][ T7175] XFS (loop4): Mounting V5 Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd [ 172.465492][ T7175] XFS (loop4): Ending clean mount [ 172.704297][ T7222] netlink: 96 bytes leftover after parsing attributes in process `syz.3.302'. [ 172.927338][ T5872] BTRFS info (device loop1): last unmount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6 [ 173.077399][ T7225] loop2: detected capacity change from 0 to 512 [ 173.111595][ T7225] EXT4-fs (loop2): Test dummy encryption mode enabled [ 173.161317][ T7225] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 173.294211][ T7225] EXT4-fs error (device loop2): ext4_orphan_get:1418: comm syz.2.303: bad orphan inode 131083 [ 173.444042][ T7225] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 173.607534][ T5858] XFS (loop4): Unmounting Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd [ 173.754220][ T7236] binder: 7235:7236 unknown command 0 [ 173.807966][ T7236] binder: 7235:7236 ioctl c0306201 200000000080 returned -22 [ 173.856269][ T5855] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 174.039557][ T7242] random: crng reseeded on system resumption [ 174.580460][ T7246] syzkaller0: entered promiscuous mode [ 174.619762][ T7246] syzkaller0: entered allmulticast mode [ 174.710768][ T7253] binder: 7252:7253 ioctl c0306201 200000000240 returned -11 [ 174.889314][ T6003] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 175.059512][ T6003] usb 6-1: device descriptor read/64, error -71 [ 175.419912][ T6003] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 175.689340][ T6003] usb 6-1: device descriptor read/64, error -71 [ 175.801479][ T6003] usb usb6-port1: attempt power cycle [ 176.281848][ T5868] Bluetooth: hci6: command 0x1003 tx timeout [ 176.287981][ T5177] Bluetooth: hci6: Opcode 0x1003 failed: -110 [ 176.539326][ T6003] usb 6-1: new high-speed USB device number 10 using dummy_hcd [ 176.567512][ T7274] loop3: detected capacity change from 0 to 512 [ 176.575888][ T6003] usb 6-1: device descriptor read/8, error -71 [ 176.580019][ T7274] ext4: Unknown parameter 'rootcontext' [ 176.939372][ T6003] usb 6-1: new high-speed USB device number 11 using dummy_hcd [ 177.114630][ T7257] loop0: detected capacity change from 0 to 32768 [ 177.180629][ T7274] loop3: detected capacity change from 0 to 32768 [ 177.205562][ T6003] usb 6-1: device descriptor read/8, error -71 [ 177.254079][ T7274] ocfs2: Slot 0 on device (7,3) was already allocated to this node! [ 177.280114][ T7274] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 177.290968][ T7274] ocfs2: Unmounting device (7,3) on (node local) [ 177.323706][ T6003] usb usb6-port1: unable to enumerate USB device [ 179.157990][ T7296] syzkaller0: entered promiscuous mode [ 179.165242][ T7296] syzkaller0: entered allmulticast mode [ 179.343671][ T7299] random: crng reseeded on system resumption [ 179.551749][ T7302] ptrace attach of "./syz-executor exec"[5864] was attempted by "./syz-executor exec"[7302] [ 180.215765][ T7307] binder: 7306:7307 ioctl c0306201 200000000240 returned -11 [ 180.419922][ T7316] netlink: 292 bytes leftover after parsing attributes in process `syz.5.330'. [ 180.499260][ T5942] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 180.652939][ T7320] netlink: 'syz.1.342': attribute type 12 has an invalid length. [ 180.681560][ T5942] usb 5-1: Using ep0 maxpacket: 8 [ 181.119493][ T5942] usb 5-1: config 0 has an invalid interface number: 246 but max is 0 [ 181.132940][ T5942] usb 5-1: config 0 has no interface number 0 [ 181.628965][ T5942] usb 5-1: New USB device found, idVendor=2040, idProduct=d300, bcdDevice=16.b3 [ 181.638190][ T5942] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 181.646953][ T5942] usb 5-1: Product: syz [ 181.667704][ T5942] usb 5-1: Manufacturer: syz [ 181.687703][ T5942] usb 5-1: SerialNumber: syz [ 181.737282][ T5942] usb 5-1: config 0 descriptor?? [ 181.888459][ T5942] msi2500 5-1:0.246: Registered as swradio24 [ 181.904971][ T5942] msi2500 5-1:0.246: SDR API is still slightly experimental and functionality changes may follow [ 181.981288][ T5856] usb 3-1: new full-speed USB device number 8 using dummy_hcd [ 182.011343][ T5942] usb 5-1: USB disconnect, device number 5 [ 182.092745][ T7305] loop3: detected capacity change from 0 to 32768 [ 182.123222][ T44] usb 6-1: new high-speed USB device number 12 using dummy_hcd [ 182.153785][ T7305] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.328 (7305) [ 182.172767][ T5856] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 182.203606][ T5856] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 182.237557][ T5856] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 182.249561][ T7305] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 182.256958][ T5856] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 182.292344][ T7305] BTRFS info (device loop3): using crc32c (crc32c-lib) checksum algorithm [ 182.310443][ T44] usb 6-1: Using ep0 maxpacket: 8 [ 182.315840][ T7305] BTRFS info (device loop3): using free-space-tree [ 182.327340][ T44] usb 6-1: config index 0 descriptor too short (expected 301, got 45) [ 182.363331][ T44] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 182.399212][ T44] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 182.436392][ T44] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 182.454259][ T44] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 182.469004][ T44] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 182.478115][ T44] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 182.513414][ T5856] usb 3-1: usb_control_msg returned -71 [ 182.543063][ T5856] usbtmc 3-1:16.0: can't read capabilities [ 182.624598][ T5856] usb 3-1: USB disconnect, device number 8 [ 182.703783][ T7328] loop0: detected capacity change from 0 to 40427 [ 182.709252][ T44] usb 6-1: GET_CAPABILITIES returned 0 [ 182.715701][ T44] usbtmc 6-1:16.0: can't read capabilities [ 182.728029][ T7328] F2FS-fs (loop0): Invalid Fs Meta Ino: node(1) meta(2) root(0) [ 182.794586][ T7328] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 182.843254][ T7328] F2FS-fs (loop0): build fault injection rate: 18446 [ 182.876121][ T5866] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 182.886632][ T7328] F2FS-fs (loop0): invalid crc value [ 183.287246][ T7357] loop2: detected capacity change from 0 to 512 [ 183.318740][ T7328] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 1 [ 183.332609][ T7357] ext4: Unknown parameter 'rootcontext' [ 183.423082][ T7328] F2FS-fs (loop0): Start checkpoint disabled! [ 183.835813][ T7328] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 184.033584][ T7357] loop2: detected capacity change from 0 to 32768 [ 184.087230][ T7328] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [ 184.146031][ T7357] ocfs2: Slot 0 on device (7,2) was already allocated to this node! [ 185.546043][ T7357] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 185.579730][ T7357] ocfs2: Unmounting device (7,2) on (node local) [ 185.848596][ T3000] kworker/u8:8: attempt to access beyond end of device [ 185.848596][ T3000] loop0: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 185.968989][ T3000] CPU: 1 UID: 0 PID: 3000 Comm: kworker/u8:8 Not tainted 6.17.0-rc1-syzkaller-00199-gdfd4b508c8c6 #0 PREEMPT(full) [ 185.969042][ T3000] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 185.969066][ T3000] Workqueue: writeback wb_workfn (flush-7:0) [ 185.969131][ T3000] Call Trace: [ 185.969142][ T3000] [ 185.969155][ T3000] dump_stack_lvl+0x16c/0x1f0 [ 185.969204][ T3000] f2fs_handle_critical_error+0x624/0x9f0 [ 185.969253][ T3000] ? srso_alias_return_thunk+0x5/0xfbef5 [ 185.969298][ T3000] ? f2fs_build_fault_attr+0x53/0x1f0 [ 185.969343][ T3000] f2fs_write_end_io+0x958/0xcf0 [ 185.969395][ T3000] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 185.969441][ T3000] ? srso_alias_return_thunk+0x5/0xfbef5 [ 185.969485][ T3000] ? rcu_is_watching+0x12/0xc0 [ 185.969536][ T3000] ? srso_alias_return_thunk+0x5/0xfbef5 [ 185.969580][ T3000] ? lock_release+0x201/0x2f0 [ 185.969642][ T3000] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 185.969690][ T3000] bio_endio+0x70d/0x850 [ 185.969745][ T3000] submit_bio_noacct+0x306/0x1eb0 [ 185.969793][ T3000] __submit_merged_bio+0x33c/0x770 [ 185.969846][ T3000] __submit_merged_write_cond+0x319/0x3f0 [ 185.969905][ T3000] f2fs_write_cache_pages+0x2067/0x2570 [ 185.969988][ T3000] ? __pfx_f2fs_write_cache_pages+0x10/0x10 [ 185.970044][ T3000] ? srso_alias_return_thunk+0x5/0xfbef5 [ 185.970091][ T3000] ? srso_alias_return_thunk+0x5/0xfbef5 [ 185.970139][ T3000] ? rcu_is_watching+0x12/0xc0 [ 185.970183][ T3000] ? srso_alias_return_thunk+0x5/0xfbef5 [ 185.970227][ T3000] ? lock_release+0x201/0x2f0 [ 185.970283][ T3000] ? srso_alias_return_thunk+0x5/0xfbef5 [ 185.970327][ T3000] ? do_raw_spin_unlock+0x172/0x230 [ 185.970376][ T3000] ? srso_alias_return_thunk+0x5/0xfbef5 [ 185.970420][ T3000] ? f2fs_available_free_memory+0x279/0xa30 [ 185.970500][ T3000] ? rcu_is_watching+0x12/0xc0 [ 185.970546][ T3000] ? srso_alias_return_thunk+0x5/0xfbef5 [ 185.970592][ T3000] ? srso_alias_return_thunk+0x5/0xfbef5 [ 185.970641][ T3000] f2fs_write_data_pages+0x4ad/0xd90 [ 185.970703][ T3000] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 185.970759][ T3000] ? srso_alias_return_thunk+0x5/0xfbef5 [ 185.970809][ T3000] ? srso_alias_return_thunk+0x5/0xfbef5 [ 185.970852][ T3000] ? lock_release+0x201/0x2f0 [ 185.970912][ T3000] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 185.970977][ T3000] do_writepages+0x27a/0x600 [ 185.971028][ T3000] ? __pfx_do_writepages+0x10/0x10 [ 185.971073][ T3000] ? srso_alias_return_thunk+0x5/0xfbef5 [ 185.971117][ T3000] ? rcu_is_watching+0x12/0xc0 [ 185.971162][ T3000] ? srso_alias_return_thunk+0x5/0xfbef5 [ 185.971205][ T3000] ? trace_pelt_se_tp+0xf1/0x160 [ 185.971244][ T3000] __writeback_single_inode+0x160/0xfb0 [ 185.971294][ T3000] ? lock_release+0x201/0x2f0 [ 185.971350][ T3000] ? __pfx___writeback_single_inode+0x10/0x10 [ 185.971398][ T3000] ? srso_alias_return_thunk+0x5/0xfbef5 [ 185.971442][ T3000] ? do_raw_spin_unlock+0x172/0x230 [ 185.971482][ T3000] ? srso_alias_return_thunk+0x5/0xfbef5 [ 185.971530][ T3000] writeback_sb_inodes+0x60d/0xfa0 [ 185.971589][ T3000] ? check_preempt_wakeup_fair+0x51e/0x9d0 [ 185.971631][ T3000] ? psi_task_change+0x2c1/0x540 [ 185.971680][ T3000] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 185.971733][ T3000] ? srso_alias_return_thunk+0x5/0xfbef5 [ 185.971813][ T3000] ? srso_alias_return_thunk+0x5/0xfbef5 [ 185.971857][ T3000] ? rcu_is_watching+0x12/0xc0 [ 185.971902][ T3000] ? srso_alias_return_thunk+0x5/0xfbef5 [ 185.971951][ T3000] ? queue_io+0x3f6/0x520 [ 185.971994][ T3000] wb_writeback+0x419/0xb70 [ 185.972048][ T3000] ? __pfx_wb_writeback+0x10/0x10 [ 185.972100][ T3000] ? rcu_is_watching+0x12/0xc0 [ 185.972145][ T3000] ? srso_alias_return_thunk+0x5/0xfbef5 [ 185.972188][ T3000] ? rcu_is_watching+0x12/0xc0 [ 185.972237][ T3000] wb_workfn+0x14d/0xbe0 [ 185.972289][ T3000] ? srso_alias_return_thunk+0x5/0xfbef5 [ 185.972333][ T3000] ? try_to_wake_up+0x160/0x1870 [ 185.972376][ T3000] ? __pfx_wb_workfn+0x10/0x10 [ 185.972425][ T3000] ? __pfx_try_to_wake_up+0x10/0x10 [ 185.972466][ T3000] ? srso_alias_return_thunk+0x5/0xfbef5 [ 185.972510][ T3000] ? trace_sched_exit_tp+0xd1/0x120 [ 185.972551][ T3000] ? srso_alias_return_thunk+0x5/0xfbef5 [ 185.972594][ T3000] ? rcu_is_watching+0x12/0xc0 [ 185.972639][ T3000] ? srso_alias_return_thunk+0x5/0xfbef5 [ 185.972683][ T3000] ? lock_acquire+0x2cd/0x350 [ 185.972737][ T3000] ? rcu_is_watching+0x12/0xc0 [ 185.972783][ T3000] ? srso_alias_return_thunk+0x5/0xfbef5 [ 185.972827][ T3000] ? rcu_is_watching+0x12/0xc0 [ 185.972874][ T3000] process_one_work+0x9cf/0x1b70 [ 185.972930][ T3000] ? __pfx_loop_rootcg_workfn+0x10/0x10 [ 185.972970][ T3000] ? __pfx_process_one_work+0x10/0x10 [ 185.973008][ T3000] ? srso_alias_return_thunk+0x5/0xfbef5 [ 185.973058][ T3000] ? srso_alias_return_thunk+0x5/0xfbef5 [ 185.973100][ T3000] ? assign_work+0x1a0/0x250 [ 185.973137][ T3000] worker_thread+0x6c8/0xf10 [ 185.973183][ T3000] ? srso_alias_return_thunk+0x5/0xfbef5 [ 185.973228][ T3000] ? srso_alias_return_thunk+0x5/0xfbef5 [ 185.973271][ T3000] ? __kthread_parkme+0x19e/0x250 [ 185.973323][ T3000] ? srso_alias_return_thunk+0x5/0xfbef5 [ 185.973368][ T3000] ? __pfx_worker_thread+0x10/0x10 [ 185.973408][ T3000] kthread+0x3c5/0x780 [ 185.973442][ T3000] ? __pfx_kthread+0x10/0x10 [ 185.973475][ T3000] ? srso_alias_return_thunk+0x5/0xfbef5 [ 185.973518][ T3000] ? rcu_is_watching+0x12/0xc0 [ 185.973564][ T3000] ? srso_alias_return_thunk+0x5/0xfbef5 [ 185.973607][ T3000] ? rcu_is_watching+0x12/0xc0 [ 185.973652][ T3000] ? __pfx_kthread+0x10/0x10 [ 185.973688][ T3000] ret_from_fork+0x5d7/0x6f0 [ 185.973722][ T3000] ? __pfx_kthread+0x10/0x10 [ 185.973757][ T3000] ret_from_fork_asm+0x1a/0x30 [ 185.973815][ T3000] [ 186.696717][ T3000] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 186.703700][ T3000] CPU: 1 UID: 0 PID: 3000 Comm: kworker/u8:8 Not tainted 6.17.0-rc1-syzkaller-00199-gdfd4b508c8c6 #0 PREEMPT(full) [ 186.703748][ T3000] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 186.703772][ T3000] Workqueue: writeback wb_workfn (flush-7:0) [ 186.703833][ T3000] Call Trace: [ 186.703843][ T3000] [ 186.703855][ T3000] dump_stack_lvl+0x16c/0x1f0 [ 186.703905][ T3000] f2fs_handle_critical_error+0x624/0x9f0 [ 186.703954][ T3000] ? srso_alias_return_thunk+0x5/0xfbef5 [ 186.703998][ T3000] ? f2fs_build_fault_attr+0x53/0x1f0 [ 186.704041][ T3000] f2fs_write_end_io+0x958/0xcf0 [ 186.704092][ T3000] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 186.704137][ T3000] ? srso_alias_return_thunk+0x5/0xfbef5 [ 186.704180][ T3000] ? rcu_is_watching+0x12/0xc0 [ 186.704230][ T3000] ? srso_alias_return_thunk+0x5/0xfbef5 [ 186.704273][ T3000] ? lock_release+0x201/0x2f0 [ 186.704333][ T3000] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 186.704381][ T3000] bio_endio+0x70d/0x850 [ 186.704436][ T3000] submit_bio_noacct+0x306/0x1eb0 [ 186.704483][ T3000] __submit_merged_bio+0x33c/0x770 [ 186.704534][ T3000] __submit_merged_write_cond+0x319/0x3f0 [ 186.704591][ T3000] f2fs_write_cache_pages+0x2067/0x2570 [ 186.704664][ T3000] ? __pfx_f2fs_write_cache_pages+0x10/0x10 [ 186.704726][ T3000] ? srso_alias_return_thunk+0x5/0xfbef5 [ 186.704773][ T3000] ? srso_alias_return_thunk+0x5/0xfbef5 [ 186.704819][ T3000] ? rcu_is_watching+0x12/0xc0 [ 186.704862][ T3000] ? srso_alias_return_thunk+0x5/0xfbef5 [ 186.704904][ T3000] ? lock_release+0x201/0x2f0 [ 186.704960][ T3000] ? srso_alias_return_thunk+0x5/0xfbef5 [ 186.705002][ T3000] ? do_raw_spin_unlock+0x172/0x230 [ 186.705052][ T3000] ? srso_alias_return_thunk+0x5/0xfbef5 [ 186.705094][ T3000] ? f2fs_available_free_memory+0x279/0xa30 [ 186.705173][ T3000] ? rcu_is_watching+0x12/0xc0 [ 186.705218][ T3000] ? srso_alias_return_thunk+0x5/0xfbef5 [ 186.705262][ T3000] ? srso_alias_return_thunk+0x5/0xfbef5 [ 186.705310][ T3000] f2fs_write_data_pages+0x4ad/0xd90 [ 186.705370][ T3000] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 186.705425][ T3000] ? srso_alias_return_thunk+0x5/0xfbef5 [ 186.705475][ T3000] ? srso_alias_return_thunk+0x5/0xfbef5 [ 186.705517][ T3000] ? lock_release+0x201/0x2f0 [ 186.705575][ T3000] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 186.705636][ T3000] do_writepages+0x27a/0x600 [ 186.705690][ T3000] ? __pfx_do_writepages+0x10/0x10 [ 186.705735][ T3000] ? srso_alias_return_thunk+0x5/0xfbef5 [ 186.705777][ T3000] ? rcu_is_watching+0x12/0xc0 [ 186.705820][ T3000] ? srso_alias_return_thunk+0x5/0xfbef5 [ 186.705863][ T3000] ? trace_pelt_se_tp+0xf1/0x160 [ 186.705901][ T3000] __writeback_single_inode+0x160/0xfb0 [ 186.705948][ T3000] ? lock_release+0x201/0x2f0 [ 186.706003][ T3000] ? __pfx___writeback_single_inode+0x10/0x10 [ 186.706050][ T3000] ? srso_alias_return_thunk+0x5/0xfbef5 [ 186.706093][ T3000] ? do_raw_spin_unlock+0x172/0x230 [ 186.706131][ T3000] ? srso_alias_return_thunk+0x5/0xfbef5 [ 186.706177][ T3000] writeback_sb_inodes+0x60d/0xfa0 [ 186.706233][ T3000] ? check_preempt_wakeup_fair+0x51e/0x9d0 [ 186.706274][ T3000] ? psi_task_change+0x2c1/0x540 [ 186.706322][ T3000] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 186.706374][ T3000] ? srso_alias_return_thunk+0x5/0xfbef5 [ 186.706454][ T3000] ? srso_alias_return_thunk+0x5/0xfbef5 [ 186.706497][ T3000] ? rcu_is_watching+0x12/0xc0 [ 186.706540][ T3000] ? srso_alias_return_thunk+0x5/0xfbef5 [ 186.706583][ T3000] ? queue_io+0x3f6/0x520 [ 186.706626][ T3000] wb_writeback+0x419/0xb70 [ 186.706684][ T3000] ? __pfx_wb_writeback+0x10/0x10 [ 186.706736][ T3000] ? rcu_is_watching+0x12/0xc0 [ 186.706781][ T3000] ? srso_alias_return_thunk+0x5/0xfbef5 [ 186.706824][ T3000] ? rcu_is_watching+0x12/0xc0 [ 186.706872][ T3000] wb_workfn+0x14d/0xbe0 [ 186.706922][ T3000] ? srso_alias_return_thunk+0x5/0xfbef5 [ 186.706965][ T3000] ? try_to_wake_up+0x160/0x1870 [ 186.707008][ T3000] ? __pfx_wb_workfn+0x10/0x10 [ 186.707055][ T3000] ? __pfx_try_to_wake_up+0x10/0x10 [ 186.707096][ T3000] ? srso_alias_return_thunk+0x5/0xfbef5 [ 186.707139][ T3000] ? trace_sched_exit_tp+0xd1/0x120 [ 186.707179][ T3000] ? srso_alias_return_thunk+0x5/0xfbef5 [ 186.707222][ T3000] ? rcu_is_watching+0x12/0xc0 [ 186.707267][ T3000] ? srso_alias_return_thunk+0x5/0xfbef5 [ 186.707309][ T3000] ? lock_acquire+0x2cd/0x350 [ 186.707362][ T3000] ? rcu_is_watching+0x12/0xc0 [ 186.707407][ T3000] ? srso_alias_return_thunk+0x5/0xfbef5 [ 186.707450][ T3000] ? rcu_is_watching+0x12/0xc0 [ 186.707499][ T3000] process_one_work+0x9cf/0x1b70 [ 186.707549][ T3000] ? __pfx_loop_rootcg_workfn+0x10/0x10 [ 186.707592][ T3000] ? __pfx_process_one_work+0x10/0x10 [ 186.707632][ T3000] ? srso_alias_return_thunk+0x5/0xfbef5 [ 186.707690][ T3000] ? srso_alias_return_thunk+0x5/0xfbef5 [ 186.707734][ T3000] ? assign_work+0x1a0/0x250 [ 186.707772][ T3000] worker_thread+0x6c8/0xf10 [ 186.707817][ T3000] ? srso_alias_return_thunk+0x5/0xfbef5 [ 186.707863][ T3000] ? srso_alias_return_thunk+0x5/0xfbef5 [ 186.707906][ T3000] ? __kthread_parkme+0x19e/0x250 [ 186.707957][ T3000] ? srso_alias_return_thunk+0x5/0xfbef5 [ 186.708004][ T3000] ? __pfx_worker_thread+0x10/0x10 [ 186.708043][ T3000] kthread+0x3c5/0x780 [ 186.708078][ T3000] ? __pfx_kthread+0x10/0x10 [ 186.708111][ T3000] ? srso_alias_return_thunk+0x5/0xfbef5 [ 186.708154][ T3000] ? rcu_is_watching+0x12/0xc0 [ 186.708199][ T3000] ? srso_alias_return_thunk+0x5/0xfbef5 [ 186.708243][ T3000] ? rcu_is_watching+0x12/0xc0 [ 186.708288][ T3000] ? __pfx_kthread+0x10/0x10 [ 186.708325][ T3000] ret_from_fork+0x5d7/0x6f0 [ 186.708359][ T3000] ? __pfx_kthread+0x10/0x10 [ 186.708395][ T3000] ret_from_fork_asm+0x1a/0x30 [ 186.708455][ T3000] [ 187.257028][ T7379] fuse: Unknown parameter 'sched_switch' [ 187.534689][ T7384] tipc: Started in network mode [ 187.539622][ T7384] tipc: Node identity 4ac866166cc3, cluster identity 4711 [ 187.546891][ T7384] tipc: Enabled bearer , priority 0 [ 187.564584][ T7384] tipc: Resetting bearer [ 187.571533][ T3000] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 187.780776][ T7383] tipc: Disabling bearer [ 187.940104][ T44] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 187.959755][ T7330] usbtmc 6-1:16.0: usb_control_msg returned -110 [ 188.008235][ T5942] usb 6-1: USB disconnect, device number 12 [ 188.110018][ T44] usb 5-1: Using ep0 maxpacket: 8 [ 188.205457][ T44] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 188.291671][ T44] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 188.673075][ T44] usb 5-1: Product: syz [ 188.707450][ T44] usb 5-1: Manufacturer: syz [ 188.731822][ T44] usb 5-1: SerialNumber: syz [ 188.818961][ T44] usb 5-1: config 0 descriptor?? [ 189.119325][ T44] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 189.260142][ T7405] binder: 7402:7405 unknown command 0 [ 189.313534][ T7405] binder: 7402:7405 ioctl c0306201 200000000080 returned -22 [ 189.926985][ T7399] loop5: detected capacity change from 0 to 32768 [ 189.961598][ T7399] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.350 (7399) [ 190.071096][ T7399] BTRFS info (device loop5): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 190.105169][ T7399] BTRFS info (device loop5): using crc32c (crc32c-lib) checksum algorithm [ 190.124240][ T7399] BTRFS info (device loop5): using free-space-tree [ 190.579844][ T44] dvb_usb_rtl28xxu 5-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 190.982006][ T44] usb 5-1: USB disconnect, device number 6 [ 191.001494][ T7403] loop2: detected capacity change from 0 to 32768 [ 191.057952][ T7403] BTRFS info: device /dev/loop2 (7:2) using temp-fsid 488d61da-cf01-459b-abe9-11595c645da7 [ 191.100778][ T7403] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.351 (7403) [ 191.257608][ T7408] loop3: detected capacity change from 0 to 32768 [ 191.307523][ T7403] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 191.397635][ T7408] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 191.409390][ T7403] BTRFS info (device loop2): using crc32c (crc32c-lib) checksum algorithm [ 191.423793][ T7429] loop4: detected capacity change from 0 to 128 [ 191.459653][ T7434] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 191.483316][ T7403] BTRFS info (device loop2): using free-space-tree [ 192.309363][ T7403] workqueue: Failed to create a rescuer kthread for wq "btrfs-worker": -EINTR [ 192.309602][ T7403] workqueue: Failed to create a rescuer kthread for wq "btrfs-delalloc": -EINTR [ 192.318739][ T7403] workqueue: Failed to create a rescuer kthread for wq "btrfs-flush_delalloc": -EINTR [ 192.335006][ T7435] loop0: detected capacity change from 0 to 1024 [ 192.459521][ T7403] workqueue: Failed to create a rescuer kthread for wq "btrfs-cache": -EINTR [ 192.459721][ T7403] workqueue: Failed to create a rescuer kthread for wq "btrfs-fixup": -EINTR [ 192.468700][ T7403] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio": -EINTR [ 192.471389][ T5854] BTRFS info (device loop5): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 192.555679][ T37] kworker/u8:3: attempt to access beyond end of device [ 192.555679][ T37] loop4: rw=1, sector=145, nr_sectors = 896 limit=128 [ 192.578499][ T7403] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-meta": -EINTR [ 192.578777][ T7403] workqueue: Failed to create a rescuer kthread for wq "btrfs-rmw": -EINTR [ 192.594274][ T5866] ocfs2: Unmounting device (7,3) on (node local) [ 192.608998][ T7403] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-write": -EINTR [ 192.669997][ T7403] workqueue: Failed to create a rescuer kthread for wq "btrfs-compressed-write": -EINTR [ 192.702490][ T7449] binder_alloc: 7445: binder_alloc_buf, no vma [ 192.739518][ T7403] workqueue: Failed to create a rescuer kthread for wq "btrfs-freespace-write": -EINTR [ 192.739760][ T7403] workqueue: Failed to create a rescuer kthread for wq "btrfs-delayed-meta": -EINTR [ 192.751543][ T7449] binder: 7445:7449 ioctl c0306201 200000000240 returned -11 [ 192.792830][ T7403] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR [ 192.796025][ T7403] BTRFS error (device loop2): open_ctree failed: -12 [ 193.205861][ T7458] loop1: detected capacity change from 0 to 4096 [ 193.449468][ T1211] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 193.608295][ T7465] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 193.648837][ T30] audit: type=1800 audit(1755335156.235:19): pid=7458 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.361" name="file1" dev="loop1" ino=15 res=0 errno=0 [ 193.709335][ T1211] usb 3-1: Using ep0 maxpacket: 8 [ 193.739622][ T1211] usb 3-1: config index 0 descriptor too short (expected 301, got 45) [ 193.768473][ T1211] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 193.771084][ T7467] syzkaller0: entered promiscuous mode [ 193.779669][ T30] audit: type=1800 audit(1755335156.265:20): pid=7458 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.361" name="file1" dev="loop1" ino=15 res=0 errno=0 [ 193.820948][ T1211] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 193.869310][ T1211] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 193.870803][ T7467] syzkaller0: entered allmulticast mode [ 193.897897][ T1211] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 193.984009][ T1211] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 194.177316][ T1211] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 194.340843][ T7475] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem [ 194.882208][ T1211] usb 3-1: GET_CAPABILITIES returned 0 [ 194.887723][ T1211] usbtmc 3-1:16.0: can't read capabilities [ 195.016608][ T59] hfsplus: b-tree write err: -5, ino 3 [ 196.180303][ T7496] netlink: 'syz.5.367': attribute type 12 has an invalid length. [ 197.360722][ T7461] usbtmc 3-1:16.0: usb_control_msg returned -71 [ 197.369314][ T1211] usb 3-1: USB disconnect, device number 9 [ 197.459365][ T7492] usbtmc 3-1:16.0: send_request_dev_dep_msg_in returned -19 [ 199.237621][ T7501] loop1: detected capacity change from 0 to 32768 [ 199.280410][ T7501] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.370 (7501) [ 199.378951][ T7501] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 199.452890][ T7501] BTRFS info (device loop1): using crc32c (crc32c-lib) checksum algorithm [ 199.585391][ T7501] BTRFS info (device loop1): using free-space-tree [ 199.888176][ T7538] loop0: detected capacity change from 0 to 4096 [ 199.889987][ T7534] random: crng reseeded on system resumption [ 200.066502][ T7541] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 200.076329][ T30] audit: type=1800 audit(1755335162.655:21): pid=7538 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.378" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 200.177172][ T7513] loop2: detected capacity change from 0 to 32768 [ 200.204449][ T5872] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 200.230865][ T7513] BTRFS info: device /dev/loop2 (7:2) using temp-fsid 811fe0cf-38a6-409e-a4b2-e32e56b43380 [ 200.244379][ T30] audit: type=1800 audit(1755335162.655:22): pid=7538 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.378" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 200.282765][ T7513] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.374 (7513) [ 200.417326][ T7513] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 200.459349][ T7513] BTRFS info (device loop2): using crc32c (crc32c-lib) checksum algorithm [ 200.558177][ T7513] BTRFS info (device loop2): using free-space-tree [ 202.589460][ T7571] random: crng reseeded on system resumption [ 202.826466][ T5855] BTRFS info (device loop2): last unmount of filesystem 811fe0cf-38a6-409e-a4b2-e32e56b43380 [ 202.913445][ T7580] binder: 7578:7580 unknown command 0 [ 202.918834][ T7580] binder: 7578:7580 ioctl c0306201 200000000080 returned -22 [ 203.810745][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 203.817225][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 206.218752][ T7614] netlink: 'syz.0.393': attribute type 12 has an invalid length. [ 206.429405][ T7618] binder: BINDER_SET_CONTEXT_MGR already set [ 206.435420][ T7618] binder: 7617:7618 ioctl 4018620d 2000000002c0 returned -16 [ 206.784586][ T7622] loop1: detected capacity change from 0 to 4096 [ 206.803154][ T7622] EXT4-fs (loop1): filesystem too large to mount safely on this system [ 206.945055][ T7628] binder: 7625:7628 ioctl c0306201 200000000480 returned -22 [ 207.093815][ T7632] netlink: 292 bytes leftover after parsing attributes in process `syz.2.403'. [ 207.309509][ T7635] tipc: Started in network mode [ 207.324598][ T7635] tipc: Node identity 6e41f59e4901, cluster identity 4711 [ 207.336656][ T7635] tipc: Enabled bearer , priority 0 [ 207.358570][ T7635] syzkaller0: entered promiscuous mode [ 207.509275][ T7635] syzkaller0: entered allmulticast mode [ 207.565836][ T7634] tipc: Resetting bearer [ 208.031970][ T7634] tipc: Disabling bearer [ 208.096005][ T7619] loop5: detected capacity change from 0 to 32768 [ 208.108999][ T7619] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.399 (7619) [ 208.155099][ T7619] BTRFS info (device loop5): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 208.189032][ T7619] BTRFS info (device loop5): using crc32c (crc32c-lib) checksum algorithm [ 208.219265][ T7619] BTRFS info (device loop5): using free-space-tree [ 208.339423][ T10] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 208.999950][ T10] usb 5-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36 [ 209.038890][ T10] usb 5-1: New USB device strings: Mfr=241, Product=2, SerialNumber=3 [ 209.107401][ T10] usb 5-1: Product: syz [ 209.129500][ T10] usb 5-1: Manufacturer: syz [ 209.272669][ T10] usb 5-1: SerialNumber: syz [ 209.318819][ T10] usb 5-1: config 0 descriptor?? [ 209.362976][ T10] ch341 5-1:0.0: ch341-uart converter detected [ 209.542147][ T5854] BTRFS info (device loop5): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 209.959785][ T7641] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 209.971073][ T7641] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 210.120299][ T10] usb 5-1: failed to send control message: -71 [ 210.177987][ T10] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -71 [ 210.228866][ T10] usb 5-1: USB disconnect, device number 7 [ 210.262750][ T10] ch341 5-1:0.0: device disconnected [ 210.621171][ T7681] tipc: Enabling of bearer rejected, failed to enable media [ 210.680068][ T7681] syzkaller0: entered promiscuous mode [ 210.685569][ T7681] syzkaller0: entered allmulticast mode [ 210.989417][ T5856] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 211.009370][ T5878] Bluetooth: hci0: command 0x0406 tx timeout [ 211.019269][ T5877] Bluetooth: hci1: command 0x0406 tx timeout [ 211.025369][ T5878] Bluetooth: hci3: command 0x0406 tx timeout [ 211.025523][ T5875] Bluetooth: hci5: command 0x0406 tx timeout [ 211.032000][ T5877] Bluetooth: hci2: command 0x0406 tx timeout [ 211.032040][ T5877] Bluetooth: hci4: command 0x0406 tx timeout [ 211.038937][ T7677] loop2: detected capacity change from 0 to 32768 [ 211.113255][ T7673] loop0: detected capacity change from 0 to 32768 [ 211.152005][ T7677] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 211.182696][ T5856] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 211.193467][ T5856] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 211.232835][ T5856] usb 4-1: config 0 descriptor?? [ 211.265686][ T7673] XFS (loop0): Mounting V5 Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd [ 211.319122][ T5856] cp210x 4-1:0.0: cp210x converter detected [ 211.469970][ T5856] cp210x 4-1:0.0: failed to get vendor val 0x370b size 1: -121 [ 211.585322][ T5856] cp210x 4-1:0.0: querying part number failed [ 211.910226][ T5856] usb 4-1: cp210x converter now attached to ttyUSB0 [ 212.142711][ T7707] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem [ 212.631299][ T7705] netlink: 292 bytes leftover after parsing attributes in process `syz.4.418'. [ 212.654783][ T7673] XFS (loop0): Ending clean mount [ 212.768980][ T7679] loop1: detected capacity change from 0 to 32768 [ 212.802338][ T5864] XFS (loop0): Unmounting Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd [ 212.861799][ T5855] ocfs2: Unmounting device (7,2) on (node local) [ 213.935144][ T5929] usb 4-1: USB disconnect, device number 7 [ 213.981542][ T7720] random: crng reseeded on system resumption [ 214.063825][ T5929] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 214.222078][ T5929] cp210x 4-1:0.0: device disconnected [ 214.263348][ T7724] binder_alloc: 7723: binder_alloc_buf, no vma [ 214.316213][ T7724] binder: 7723:7724 ioctl c0306201 200000000240 returned -11 [ 214.440455][ T7726] netlink: 'syz.5.422': attribute type 12 has an invalid length. [ 214.740165][ T7733] random: crng reseeded on system resumption [ 215.803323][ T7722] loop4: detected capacity change from 0 to 32768 [ 215.827822][ T7719] loop1: detected capacity change from 0 to 32768 [ 215.902657][ T7722] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.424 (7722) [ 216.133028][ T7722] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 216.393992][ T7739] read_mapping_page failed! [ 216.398527][ T7739] ERROR: (device loop1): dbDiscardAG: -EIO [ 216.398527][ T7739] [ 216.569267][ T7739] ERROR: (device loop1): remounting filesystem as read-only [ 216.569283][ T7722] BTRFS info (device loop4): using crc32c (crc32c-lib) checksum algorithm [ 216.721094][ T7722] BTRFS info (device loop4): using free-space-tree [ 217.615000][ T5858] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 218.335827][ T7778] loop1: detected capacity change from 0 to 8 [ 218.459266][ T5856] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 218.674163][ T7784] netlink: set zone limit has 4 unknown bytes [ 218.680365][ T5856] usb 4-1: Using ep0 maxpacket: 8 [ 218.723312][ T5856] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 218.750970][ T5856] usb 4-1: config 0 has no interfaces? [ 218.769292][ T5856] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 218.784883][ T5856] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 218.803493][ T5856] usb 4-1: Product: syz [ 218.813929][ T5856] usb 4-1: Manufacturer: syz [ 218.826975][ T5856] usb 4-1: SerialNumber: syz [ 218.843629][ T5856] usb 4-1: config 0 descriptor?? [ 219.550223][ T7773] loop5: detected capacity change from 0 to 32768 [ 219.660577][ T7773] XFS (loop5): Mounting V5 Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd [ 219.800194][ T7773] XFS (loop5): Ending clean mount [ 220.235571][ T5854] XFS (loop5): Unmounting Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd [ 220.513125][ T7786] loop4: detected capacity change from 0 to 32768 [ 220.567464][ T7800] loop2: detected capacity change from 0 to 4096 [ 220.649235][ T7802] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 220.854931][ T30] audit: type=1800 audit(1755335183.445:23): pid=7800 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.437" name="file1" dev="loop2" ino=15 res=0 errno=0 [ 221.453663][ T5929] usb 4-1: USB disconnect, device number 8 [ 222.189431][ T5929] usb 5-1: new full-speed USB device number 8 using dummy_hcd [ 222.320289][ T7826] netlink: 'syz.3.441': attribute type 12 has an invalid length. [ 222.431435][ T5929] usb 5-1: device descriptor read/64, error -71 [ 223.353410][ T7838] netlink: 'syz.0.445': attribute type 12 has an invalid length. [ 223.379578][ T5929] usb 5-1: new full-speed USB device number 9 using dummy_hcd [ 224.071811][ T5929] usb 5-1: device descriptor read/64, error -71 [ 224.205555][ T5929] usb usb5-port1: attempt power cycle [ 224.460798][ T7847] warning: `syz.2.448' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 224.764750][ T5929] usb 5-1: new full-speed USB device number 10 using dummy_hcd [ 224.819815][ T5929] usb 5-1: device descriptor read/8, error -71 [ 225.308687][ T7860] loop1: detected capacity change from 0 to 4096 [ 227.735622][ T7866] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 227.768658][ T7860] netlink: 220 bytes leftover after parsing attributes in process `syz.1.452'. [ 227.777751][ T30] audit: type=1800 audit(1755335190.345:24): pid=7860 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.452" name="file1" dev="loop1" ino=15 res=0 errno=0 [ 227.819602][ T30] audit: type=1800 audit(1755335190.355:25): pid=7860 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.452" name="file1" dev="loop1" ino=15 res=0 errno=0 [ 228.484255][ T7871] loop4: detected capacity change from 0 to 4096 [ 228.537486][ T7875] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 228.550893][ T30] audit: type=1800 audit(1755335191.145:26): pid=7871 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.455" name="file1" dev="loop4" ino=15 res=0 errno=0 [ 230.093650][ T7893] fuse: Unknown parameter 'sched_switch' [ 230.591649][ T7900] loop4: detected capacity change from 0 to 64 [ 231.495165][ T7905] tipc: Enabling of bearer rejected, failed to enable media [ 231.583686][ T7909] binder: 7908:7909 ioctl c0306201 200000000240 returned -11 [ 231.592946][ T7910] syzkaller0: entered promiscuous mode [ 231.598436][ T7910] syzkaller0: entered allmulticast mode [ 232.271999][ T7913] loop1: detected capacity change from 0 to 4096 [ 232.346506][ T7922] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 232.589825][ T30] audit: type=1800 audit(1755335195.165:27): pid=7913 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.469" name="file1" dev="loop1" ino=15 res=0 errno=0 [ 232.941114][ T7932] openvswitch: netlink: Message has 20 unknown bytes. [ 232.949113][ T7932] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 234.530701][ T7945] loop0: detected capacity change from 0 to 4096 [ 234.839641][ T7945] EXT4-fs (loop0): Test dummy encryption mode enabled [ 234.889348][ T10] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 234.938477][ T7945] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003] [ 234.946910][ T7945] System zones: 0-5 [ 234.962934][ T7945] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 235.014929][ T7943] fscrypt: AES-256-XTS using implementation "xts-aes-vaes-avx2" [ 235.063458][ T7920] loop3: detected capacity change from 0 to 32768 [ 235.079256][ T10] usb 3-1: Using ep0 maxpacket: 8 [ 235.085134][ T7920] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.471 (7920) [ 235.104594][ T10] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 235.115792][ T10] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 235.127376][ T10] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 235.292526][ T7952] IPVS: sh: UDP 224.0.0.2:0 - no destination available [ 235.961841][ T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 236.009993][ T7920] BTRFS error (device loop3): open_ctree failed: -4 [ 236.029592][ T5856] IPVS: starting estimator thread 0... [ 236.038356][ T10] usb 3-1: Product: syz [ 236.085367][ T5864] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 236.114969][ T10] usb 3-1: Manufacturer: syz [ 236.120331][ T7954] IPVS: using max 31 ests per chain, 74400 per kthread [ 236.144055][ T10] usb 3-1: SerialNumber: syz [ 236.192754][ T10] usb 3-1: config 0 descriptor?? [ 236.810767][ T7965] loop3: detected capacity change from 0 to 4096 [ 236.874917][ T7948] loop5: detected capacity change from 0 to 32768 [ 236.929454][ T30] audit: type=1800 audit(1755335199.515:28): pid=7948 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.480" name="file1" dev="loop5" ino=4 res=0 errno=0 [ 237.749708][ T7968] loop1: detected capacity change from 0 to 4096 [ 237.806521][ T7968] EXT4-fs (loop1): filesystem too large to mount safely on this system [ 237.971909][ T5856] usb 3-1: USB disconnect, device number 10 [ 239.470243][ T8002] netlink: 'syz.4.495': attribute type 12 has an invalid length. [ 241.219957][ T6006] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 241.609378][ T6006] usb 4-1: Using ep0 maxpacket: 8 [ 241.622284][ T6006] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 241.651896][ T6006] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 241.689640][ T6006] usb 4-1: Product: syz [ 241.704036][ T6006] usb 4-1: Manufacturer: syz [ 241.708658][ T6006] usb 4-1: SerialNumber: syz [ 241.743538][ T6006] usb 4-1: config 0 descriptor?? [ 242.075674][ T6006] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 242.194681][ T1211] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 242.235702][ T8010] loop1: detected capacity change from 0 to 32768 [ 242.247995][ T8010] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.497 (8010) [ 242.327099][ T8010] BTRFS info (device loop1): first mount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6 [ 242.359411][ T1211] usb 1-1: Using ep0 maxpacket: 8 [ 242.370784][ T1211] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 242.399445][ T1211] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 242.409021][ T8010] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [ 242.421060][ T1211] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 242.437987][ T8010] BTRFS info (device loop1): using free-space-tree [ 242.444645][ T1211] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 242.452888][ T1211] usb 1-1: Product: syz [ 242.458080][ T1211] usb 1-1: Manufacturer: syz [ 242.463133][ T1211] usb 1-1: SerialNumber: syz [ 242.472654][ T1211] usb 1-1: config 0 descriptor?? [ 242.560019][ T8010] netlink: 4 bytes leftover after parsing attributes in process `syz.1.497'. [ 242.594501][ T8010] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 242.639574][ T8010] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 242.689103][ T6006] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32 [ 242.769240][ T1211] usb 5-1: new full-speed USB device number 12 using dummy_hcd [ 243.001645][ T5872] BTRFS info (device loop1): last unmount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6 [ 243.540329][ T1211] usb 5-1: device descriptor read/64, error -71 [ 243.819425][ T8068] netlink: 96 bytes leftover after parsing attributes in process `syz.2.511'. [ 243.829248][ T1211] usb 5-1: new full-speed USB device number 13 using dummy_hcd [ 243.969362][ T1211] usb 5-1: device descriptor read/64, error -71 [ 244.152085][ T1211] usb usb5-port1: attempt power cycle [ 244.252840][ T6003] usb 4-1: USB disconnect, device number 9 [ 244.429310][ T5929] usb 6-1: new high-speed USB device number 13 using dummy_hcd [ 244.499343][ T1211] usb 5-1: new full-speed USB device number 14 using dummy_hcd [ 244.585010][ T1211] usb 5-1: device descriptor read/8, error -71 [ 244.678357][ T5929] usb 6-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36 [ 244.711751][ T5929] usb 6-1: New USB device strings: Mfr=241, Product=2, SerialNumber=3 [ 244.753996][ T5929] usb 6-1: Product: syz [ 244.759642][ T5929] usb 6-1: Manufacturer: syz [ 244.760953][ T8080] syzkaller0: entered promiscuous mode [ 244.764410][ T5929] usb 6-1: SerialNumber: syz [ 244.795417][ T5929] usb 6-1: config 0 descriptor?? [ 244.804955][ T8080] syzkaller0: entered allmulticast mode [ 244.809900][ T5929] ch341 6-1:0.0: ch341-uart converter detected [ 244.879362][ T1211] usb 5-1: new full-speed USB device number 15 using dummy_hcd [ 244.909519][ T10] usb 1-1: USB disconnect, device number 4 [ 244.909850][ T1211] usb 5-1: device descriptor read/8, error -71 [ 245.039610][ T1211] usb usb5-port1: unable to enumerate USB device [ 245.269348][ T6006] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 245.425599][ T5929] usb 6-1: failed to send control message: -71 [ 245.487403][ T5929] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -71 [ 245.539221][ T5929] usb 6-1: USB disconnect, device number 13 [ 245.558048][ T5929] ch341 6-1:0.0: device disconnected [ 245.569020][ T8093] evm: overlay not supported [ 245.622501][ T6006] usb 4-1: config 0 has an invalid interface number: 194 but max is 0 [ 245.665374][ T6006] usb 4-1: config 0 has no interface number 0 [ 245.707399][ T6006] usb 4-1: config 0 interface 194 altsetting 0 endpoint 0x2 has invalid maxpacket 512, setting to 64 [ 245.791240][ T6006] usb 4-1: New USB device found, idVendor=0424, idProduct=cf18, bcdDevice=4b.60 [ 245.820885][ T6006] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 245.869557][ T6006] usb 4-1: Product: syz [ 245.884353][ T6006] usb 4-1: Manufacturer: syz [ 245.900268][ T6006] usb 4-1: SerialNumber: syz [ 245.936218][ T6006] usb 4-1: config 0 descriptor?? [ 246.281610][ T6006] usb 4-1: USB disconnect, device number 10 [ 246.292048][ T6006] ================================================================== [ 246.300220][ T6006] BUG: KASAN: slab-use-after-free in hdm_disconnect+0x227/0x250 [ 246.307931][ T6006] Read of size 8 at addr ffff888021f418a0 by task kworker/0:7/6006 [ 246.315928][ T6006] [ 246.318362][ T6006] CPU: 0 UID: 0 PID: 6006 Comm: kworker/0:7 Not tainted 6.17.0-rc1-syzkaller-00199-gdfd4b508c8c6 #0 PREEMPT(full) [ 246.318413][ T6006] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 246.318440][ T6006] Workqueue: usb_hub_wq hub_event [ 246.318498][ T6006] Call Trace: [ 246.318510][ T6006] [ 246.318525][ T6006] dump_stack_lvl+0x116/0x1f0 [ 246.318575][ T6006] print_report+0xcd/0x630 [ 246.318609][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 246.318656][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 246.318702][ T6006] ? __phys_addr+0xe8/0x180 [ 246.318756][ T6006] ? hdm_disconnect+0x227/0x250 [ 246.318801][ T6006] kasan_report+0xe0/0x110 [ 246.318837][ T6006] ? hdm_disconnect+0x227/0x250 [ 246.318890][ T6006] hdm_disconnect+0x227/0x250 [ 246.318937][ T6006] usb_unbind_interface+0x1dd/0x9e0 [ 246.318979][ T6006] ? kernfs_remove_by_name_ns+0xbe/0x110 [ 246.319040][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 246.319087][ T6006] ? __pfx_usb_unbind_interface+0x10/0x10 [ 246.319126][ T6006] device_remove+0x125/0x170 [ 246.319174][ T6006] device_release_driver_internal+0x44b/0x620 [ 246.319230][ T6006] ? __entry_text_end+0x1020b5/0x1020b9 [ 246.319280][ T6006] bus_remove_device+0x22f/0x420 [ 246.319328][ T6006] device_del+0x396/0x9f0 [ 246.319381][ T6006] ? __pfx_device_del+0x10/0x10 [ 246.319429][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 246.319475][ T6006] ? kobject_put+0x210/0x5a0 [ 246.319530][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 246.319581][ T6006] usb_disable_device+0x355/0x7d0 [ 246.319646][ T6006] usb_disconnect+0x2e1/0x9c0 [ 246.319707][ T6006] hub_event+0x1c81/0x4fe0 [ 246.319780][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 246.319826][ T6006] ? lock_release+0x201/0x2f0 [ 246.319886][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 246.319932][ T6006] ? do_raw_spin_unlock+0x172/0x230 [ 246.319975][ T6006] ? __pfx_hub_event+0x10/0x10 [ 246.320036][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 246.320081][ T6006] ? __ioread64_hi_lo+0x70/0xb0 [ 246.320131][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 246.320178][ T6006] ? __pfx_debug_object_deactivate+0x10/0x10 [ 246.320219][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 246.320265][ T6006] ? trace_sched_exit_tp+0xd1/0x120 [ 246.320308][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 246.320353][ T6006] ? rcu_is_watching+0x12/0xc0 [ 246.320401][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 246.320447][ T6006] ? lock_acquire+0x2cd/0x350 [ 246.320504][ T6006] ? rcu_is_watching+0x12/0xc0 [ 246.320552][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 246.320598][ T6006] ? rcu_is_watching+0x12/0xc0 [ 246.320650][ T6006] process_one_work+0x9cf/0x1b70 [ 246.320699][ T6006] ? __pfx_nsim_dev_hwstats_traffic_work+0x10/0x10 [ 246.320756][ T6006] ? __pfx_process_one_work+0x10/0x10 [ 246.320796][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 246.320849][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 246.320894][ T6006] ? assign_work+0x1a0/0x250 [ 246.320933][ T6006] worker_thread+0x6c8/0xf10 [ 246.320985][ T6006] ? __pfx_worker_thread+0x10/0x10 [ 246.321031][ T6006] kthread+0x3c5/0x780 [ 246.321068][ T6006] ? __pfx_kthread+0x10/0x10 [ 246.321103][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 246.321149][ T6006] ? rcu_is_watching+0x12/0xc0 [ 246.321196][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 246.321240][ T6006] ? rcu_is_watching+0x12/0xc0 [ 246.321283][ T6006] ? __pfx_kthread+0x10/0x10 [ 246.321319][ T6006] ret_from_fork+0x5d7/0x6f0 [ 246.321352][ T6006] ? __pfx_kthread+0x10/0x10 [ 246.321387][ T6006] ret_from_fork_asm+0x1a/0x30 [ 246.321445][ T6006] [ 246.321459][ T6006] [ 246.669479][ T6006] Allocated by task 6006: [ 246.673805][ T6006] kasan_save_stack+0x33/0x60 [ 246.678508][ T6006] kasan_save_track+0x14/0x30 [ 246.683207][ T6006] __kasan_kmalloc+0xaa/0xb0 [ 246.687822][ T6006] hdm_probe+0xb3/0x19a0 [ 246.692076][ T6006] usb_probe_interface+0x303/0xa40 [ 246.697190][ T6006] really_probe+0x241/0xa90 [ 246.701703][ T6006] __driver_probe_device+0x1de/0x440 [ 246.707029][ T6006] driver_probe_device+0x4c/0x1b0 [ 246.712069][ T6006] __device_attach_driver+0x1df/0x310 [ 246.717457][ T6006] bus_for_each_drv+0x159/0x1e0 [ 246.722313][ T6006] __device_attach+0x1e4/0x4b0 [ 246.727089][ T6006] bus_probe_device+0x17f/0x1c0 [ 246.731945][ T6006] device_add+0x1148/0x1aa0 [ 246.736467][ T6006] usb_set_configuration+0x1187/0x1e20 [ 246.741950][ T6006] usb_generic_driver_probe+0xb1/0x110 [ 246.751083][ T6006] usb_probe_device+0xef/0x3e0 [ 246.755871][ T6006] really_probe+0x241/0xa90 [ 246.760396][ T6006] __driver_probe_device+0x1de/0x440 [ 246.765870][ T6006] driver_probe_device+0x4c/0x1b0 [ 246.771002][ T6006] __device_attach_driver+0x1df/0x310 [ 246.776395][ T6006] bus_for_each_drv+0x159/0x1e0 [ 246.781253][ T6006] __device_attach+0x1e4/0x4b0 [ 246.786206][ T6006] bus_probe_device+0x17f/0x1c0 [ 246.791070][ T6006] device_add+0x1148/0x1aa0 [ 246.795596][ T6006] usb_new_device+0xd07/0x1a60 [ 246.800382][ T6006] hub_event+0x2f34/0x4fe0 [ 246.804820][ T6006] process_one_work+0x9cf/0x1b70 [ 246.809767][ T6006] worker_thread+0x6c8/0xf10 [ 246.814367][ T6006] kthread+0x3c5/0x780 [ 246.818436][ T6006] ret_from_fork+0x5d7/0x6f0 [ 246.823163][ T6006] ret_from_fork_asm+0x1a/0x30 [ 246.827948][ T6006] [ 246.830260][ T6006] Freed by task 6006: [ 246.834230][ T6006] kasan_save_stack+0x33/0x60 [ 246.838928][ T6006] kasan_save_track+0x14/0x30 [ 246.843626][ T6006] kasan_save_free_info+0x3b/0x60 [ 246.848664][ T6006] __kasan_slab_free+0x60/0x70 [ 246.853453][ T6006] kfree+0x2b4/0x4d0 [ 246.857364][ T6006] device_release+0xa4/0x240 [ 246.861961][ T6006] kobject_put+0x1e7/0x5a0 [ 246.866395][ T6006] device_unregister+0x2f/0xc0 [ 246.871174][ T6006] hdm_disconnect+0x10b/0x250 [ 246.875862][ T6006] usb_unbind_interface+0x1dd/0x9e0 [ 246.881063][ T6006] device_remove+0x125/0x170 [ 246.885669][ T6006] device_release_driver_internal+0x44b/0x620 [ 246.891756][ T6006] bus_remove_device+0x22f/0x420 [ 246.896704][ T6006] device_del+0x396/0x9f0 [ 246.901049][ T6006] usb_disable_device+0x355/0x7d0 [ 246.906099][ T6006] usb_disconnect+0x2e1/0x9c0 [ 246.910795][ T6006] hub_event+0x1c81/0x4fe0 [ 246.915229][ T6006] process_one_work+0x9cf/0x1b70 [ 246.920175][ T6006] worker_thread+0x6c8/0xf10 [ 246.924774][ T6006] kthread+0x3c5/0x780 [ 246.928843][ T6006] ret_from_fork+0x5d7/0x6f0 [ 246.933444][ T6006] ret_from_fork_asm+0x1a/0x30 [ 246.938221][ T6006] [ 246.940535][ T6006] The buggy address belongs to the object at ffff888021f40000 [ 246.940535][ T6006] which belongs to the cache kmalloc-8k of size 8192 [ 246.954600][ T6006] The buggy address is located 6304 bytes inside of [ 246.954600][ T6006] freed 8192-byte region [ffff888021f40000, ffff888021f42000) [ 246.968590][ T6006] [ 246.970913][ T6006] The buggy address belongs to the physical page: [ 246.977317][ T6006] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x21f40 [ 246.986082][ T6006] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 246.994584][ T6006] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 247.002564][ T6006] page_type: f5(slab) [ 247.006548][ T6006] raw: 00fff00000000040 ffff88801b842280 ffffea0000cf0200 dead000000000005 [ 247.015171][ T6006] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 247.023760][ T6006] head: 00fff00000000040 ffff88801b842280 ffffea0000cf0200 dead000000000005 [ 247.032436][ T6006] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 247.041116][ T6006] head: 00fff00000000003 ffffea000087d001 00000000ffffffff 00000000ffffffff [ 247.049792][ T6006] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 247.058452][ T6006] page dumped because: kasan: bad access detected [ 247.064855][ T6006] page_owner tracks the page as allocated [ 247.070555][ T6006] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 14554088218, free_ts 0 [ 247.090290][ T6006] post_alloc_hook+0x1c0/0x230 [ 247.095084][ T6006] get_page_from_freelist+0x132b/0x38e0 [ 247.100652][ T6006] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 247.106656][ T6006] alloc_pages_mpol+0x1fb/0x550 [ 247.111511][ T6006] new_slab+0x247/0x330 [ 247.115679][ T6006] ___slab_alloc+0xcf2/0x1740 [ 247.120367][ T6006] __slab_alloc.constprop.0+0x56/0xb0 [ 247.125759][ T6006] __kmalloc_noprof+0x2f2/0x510 [ 247.130632][ T6006] acpi_ut_initialize_buffer+0x133/0x210 [ 247.136279][ T6006] acpi_rs_create_pci_routing_table+0x11f/0x9f0 [ 247.142543][ T6006] acpi_rs_get_prt_method_data+0xa4/0xf0 [ 247.148199][ T6006] acpi_get_irq_routing_table+0xc2/0x100 [ 247.153856][ T6006] acpi_pci_irq_find_prt_entry+0x179/0xee0 [ 247.159690][ T6006] acpi_pci_irq_lookup+0x85/0x730 [ 247.164744][ T6006] acpi_pci_irq_enable+0x1e5/0x6f0 [ 247.169857][ T6006] pcibios_enable_device+0xb6/0xe0 [ 247.175004][ T6006] page_owner free stack trace missing [ 247.180366][ T6006] [ 247.182678][ T6006] Memory state around the buggy address: [ 247.188301][ T6006] ffff888021f41780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 247.196975][ T6006] ffff888021f41800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 247.205046][ T6006] >ffff888021f41880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 247.213105][ T6006] ^ [ 247.218206][ T6006] ffff888021f41900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 247.226266][ T6006] ffff888021f41980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 247.234323][ T6006] ================================================================== [ 247.245536][ T1211] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 247.348578][ T8112] binder: 8110:8112 unknown command 0 [ 247.354157][ T8112] binder: 8110:8112 ioctl c0306201 200000000080 returned -22 [ 247.380640][ T8112] binder: BINDER_SET_CONTEXT_MGR already set [ 247.388647][ T8112] binder: 8110:8112 ioctl 4018620d 200000000040 returned -16 [ 247.623921][ T6006] ================================================================== [ 247.632001][ T6006] BUG: KASAN: slab-use-after-free in hdm_disconnect+0x21d/0x250 [ 247.639656][ T6006] Read of size 8 at addr ffff888021f404f0 by task kworker/0:7/6006 [ 247.647541][ T6006] [ 247.649863][ T6006] CPU: 0 UID: 0 PID: 6006 Comm: kworker/0:7 Tainted: G B 6.17.0-rc1-syzkaller-00199-gdfd4b508c8c6 #0 PREEMPT(full) [ 247.649908][ T6006] Tainted: [B]=BAD_PAGE [ 247.649918][ T6006] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 247.649938][ T6006] Workqueue: usb_hub_wq hub_event [ 247.649982][ T6006] Call Trace: [ 247.649993][ T6006] [ 247.650005][ T6006] dump_stack_lvl+0x116/0x1f0 [ 247.650043][ T6006] print_report+0xcd/0x630 [ 247.650068][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 247.650102][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 247.650136][ T6006] ? __phys_addr+0xe8/0x180 [ 247.650175][ T6006] ? hdm_disconnect+0x21d/0x250 [ 247.650208][ T6006] kasan_report+0xe0/0x110 [ 247.650235][ T6006] ? hdm_disconnect+0x21d/0x250 [ 247.650273][ T6006] hdm_disconnect+0x21d/0x250 [ 247.650308][ T6006] usb_unbind_interface+0x1dd/0x9e0 [ 247.650339][ T6006] ? kernfs_remove_by_name_ns+0xbe/0x110 [ 247.650380][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 247.650413][ T6006] ? __pfx_usb_unbind_interface+0x10/0x10 [ 247.650441][ T6006] device_remove+0x125/0x170 [ 247.650477][ T6006] device_release_driver_internal+0x44b/0x620 [ 247.650519][ T6006] ? __entry_text_end+0x1020b5/0x1020b9 [ 247.650554][ T6006] bus_remove_device+0x22f/0x420 [ 247.650590][ T6006] device_del+0x396/0x9f0 [ 247.650628][ T6006] ? __pfx_device_del+0x10/0x10 [ 247.650663][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 247.650696][ T6006] ? kobject_put+0x210/0x5a0 [ 247.650735][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 247.650776][ T6006] usb_disable_device+0x355/0x7d0 [ 247.650822][ T6006] usb_disconnect+0x2e1/0x9c0 [ 247.650866][ T6006] hub_event+0x1c81/0x4fe0 [ 247.650920][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 247.650953][ T6006] ? lock_release+0x201/0x2f0 [ 247.650997][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 247.651030][ T6006] ? do_raw_spin_unlock+0x172/0x230 [ 247.651061][ T6006] ? __pfx_hub_event+0x10/0x10 [ 247.651101][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 247.651134][ T6006] ? __ioread64_hi_lo+0x70/0xb0 [ 247.651169][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 247.651204][ T6006] ? __pfx_debug_object_deactivate+0x10/0x10 [ 247.651234][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 247.651267][ T6006] ? trace_sched_exit_tp+0xd1/0x120 [ 247.651298][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 247.651331][ T6006] ? rcu_is_watching+0x12/0xc0 [ 247.651365][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 247.651398][ T6006] ? lock_acquire+0x2cd/0x350 [ 247.651439][ T6006] ? rcu_is_watching+0x12/0xc0 [ 247.651474][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 247.651507][ T6006] ? rcu_is_watching+0x12/0xc0 [ 247.651544][ T6006] process_one_work+0x9cf/0x1b70 [ 247.651580][ T6006] ? __pfx_nsim_dev_hwstats_traffic_work+0x10/0x10 [ 247.651620][ T6006] ? __pfx_process_one_work+0x10/0x10 [ 247.651651][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 247.651689][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 247.651722][ T6006] ? assign_work+0x1a0/0x250 [ 247.651750][ T6006] worker_thread+0x6c8/0xf10 [ 247.651792][ T6006] ? __pfx_worker_thread+0x10/0x10 [ 247.651822][ T6006] kthread+0x3c5/0x780 [ 247.651849][ T6006] ? __pfx_kthread+0x10/0x10 [ 247.651874][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 247.651907][ T6006] ? rcu_is_watching+0x12/0xc0 [ 247.651942][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 247.651975][ T6006] ? rcu_is_watching+0x12/0xc0 [ 247.652009][ T6006] ? __pfx_kthread+0x10/0x10 [ 247.652036][ T6006] ret_from_fork+0x5d7/0x6f0 [ 247.652061][ T6006] ? __pfx_kthread+0x10/0x10 [ 247.652088][ T6006] ret_from_fork_asm+0x1a/0x30 [ 247.652132][ T6006] [ 247.652141][ T6006] [ 248.005562][ T6006] Allocated by task 6006: [ 248.009895][ T6006] kasan_save_stack+0x33/0x60 [ 248.014612][ T6006] kasan_save_track+0x14/0x30 [ 248.019323][ T6006] __kasan_kmalloc+0xaa/0xb0 [ 248.023934][ T6006] hdm_probe+0xb3/0x19a0 [ 248.028191][ T6006] usb_probe_interface+0x303/0xa40 [ 248.033306][ T6006] really_probe+0x241/0xa90 [ 248.037822][ T6006] __driver_probe_device+0x1de/0x440 [ 248.043119][ T6006] driver_probe_device+0x4c/0x1b0 [ 248.048156][ T6006] __device_attach_driver+0x1df/0x310 [ 248.053542][ T6006] bus_for_each_drv+0x159/0x1e0 [ 248.058395][ T6006] __device_attach+0x1e4/0x4b0 [ 248.063168][ T6006] bus_probe_device+0x17f/0x1c0 [ 248.068025][ T6006] device_add+0x1148/0x1aa0 [ 248.072548][ T6006] usb_set_configuration+0x1187/0x1e20 [ 248.078027][ T6006] usb_generic_driver_probe+0xb1/0x110 [ 248.083498][ T6006] usb_probe_device+0xef/0x3e0 [ 248.088284][ T6006] really_probe+0x241/0xa90 [ 248.092798][ T6006] __driver_probe_device+0x1de/0x440 [ 248.098108][ T6006] driver_probe_device+0x4c/0x1b0 [ 248.103179][ T6006] __device_attach_driver+0x1df/0x310 [ 248.108578][ T6006] bus_for_each_drv+0x159/0x1e0 [ 248.113454][ T6006] __device_attach+0x1e4/0x4b0 [ 248.118241][ T6006] bus_probe_device+0x17f/0x1c0 [ 248.123104][ T6006] device_add+0x1148/0x1aa0 [ 248.127636][ T6006] usb_new_device+0xd07/0x1a60 [ 248.132507][ T6006] hub_event+0x2f34/0x4fe0 [ 248.136946][ T6006] process_one_work+0x9cf/0x1b70 [ 248.141895][ T6006] worker_thread+0x6c8/0xf10 [ 248.146587][ T6006] kthread+0x3c5/0x780 [ 248.150663][ T6006] ret_from_fork+0x5d7/0x6f0 [ 248.155263][ T6006] ret_from_fork_asm+0x1a/0x30 [ 248.160041][ T6006] [ 248.162371][ T6006] Freed by task 6006: [ 248.166342][ T6006] kasan_save_stack+0x33/0x60 [ 248.171042][ T6006] kasan_save_track+0x14/0x30 [ 248.175740][ T6006] kasan_save_free_info+0x3b/0x60 [ 248.180782][ T6006] __kasan_slab_free+0x60/0x70 [ 248.185571][ T6006] kfree+0x2b4/0x4d0 [ 248.189476][ T6006] device_release+0xa4/0x240 [ 248.194069][ T6006] kobject_put+0x1e7/0x5a0 [ 248.198508][ T6006] device_unregister+0x2f/0xc0 [ 248.203294][ T6006] hdm_disconnect+0x10b/0x250 [ 248.207984][ T6006] usb_unbind_interface+0x1dd/0x9e0 [ 248.213182][ T6006] device_remove+0x125/0x170 [ 248.217791][ T6006] device_release_driver_internal+0x44b/0x620 [ 248.223874][ T6006] bus_remove_device+0x22f/0x420 [ 248.228821][ T6006] device_del+0x396/0x9f0 [ 248.233160][ T6006] usb_disable_device+0x355/0x7d0 [ 248.238203][ T6006] usb_disconnect+0x2e1/0x9c0 [ 248.242896][ T6006] hub_event+0x1c81/0x4fe0 [ 248.247329][ T6006] process_one_work+0x9cf/0x1b70 [ 248.252271][ T6006] worker_thread+0x6c8/0xf10 [ 248.256865][ T6006] kthread+0x3c5/0x780 [ 248.260931][ T6006] ret_from_fork+0x5d7/0x6f0 [ 248.265530][ T6006] ret_from_fork_asm+0x1a/0x30 [ 248.270306][ T6006] [ 248.272616][ T6006] The buggy address belongs to the object at ffff888021f40000 [ 248.272616][ T6006] which belongs to the cache kmalloc-8k of size 8192 [ 248.286665][ T6006] The buggy address is located 1264 bytes inside of [ 248.286665][ T6006] freed 8192-byte region [ffff888021f40000, ffff888021f42000) [ 248.300647][ T6006] [ 248.302971][ T6006] The buggy address belongs to the physical page: [ 248.309381][ T6006] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x21f40 [ 248.318155][ T6006] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 248.326656][ T6006] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 248.334637][ T6006] page_type: f5(slab) [ 248.338623][ T6006] raw: 00fff00000000040 ffff88801b842280 ffffea0000cf0200 dead000000000005 [ 248.347214][ T6006] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 248.355809][ T6006] head: 00fff00000000040 ffff88801b842280 ffffea0000cf0200 dead000000000005 [ 248.364491][ T6006] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 248.373169][ T6006] head: 00fff00000000003 ffffea000087d001 00000000ffffffff 00000000ffffffff [ 248.381846][ T6006] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 248.390509][ T6006] page dumped because: kasan: bad access detected [ 248.396911][ T6006] page_owner tracks the page as allocated [ 248.402614][ T6006] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 14554088218, free_ts 0 [ 248.422347][ T6006] post_alloc_hook+0x1c0/0x230 [ 248.427141][ T6006] get_page_from_freelist+0x132b/0x38e0 [ 248.432710][ T6006] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 248.438650][ T6006] alloc_pages_mpol+0x1fb/0x550 [ 248.443504][ T6006] new_slab+0x247/0x330 [ 248.447680][ T6006] ___slab_alloc+0xcf2/0x1740 [ 248.452425][ T6006] __slab_alloc.constprop.0+0x56/0xb0 [ 248.457812][ T6006] __kmalloc_noprof+0x2f2/0x510 [ 248.462682][ T6006] acpi_ut_initialize_buffer+0x133/0x210 [ 248.468323][ T6006] acpi_rs_create_pci_routing_table+0x11f/0x9f0 [ 248.474580][ T6006] acpi_rs_get_prt_method_data+0xa4/0xf0 [ 248.480236][ T6006] acpi_get_irq_routing_table+0xc2/0x100 [ 248.485893][ T6006] acpi_pci_irq_find_prt_entry+0x179/0xee0 [ 248.491725][ T6006] acpi_pci_irq_lookup+0x85/0x730 [ 248.496780][ T6006] acpi_pci_irq_enable+0x1e5/0x6f0 [ 248.501893][ T6006] pcibios_enable_device+0xb6/0xe0 [ 248.507036][ T6006] page_owner free stack trace missing [ 248.512394][ T6006] [ 248.514705][ T6006] Memory state around the buggy address: [ 248.520325][ T6006] ffff888021f40380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 248.528388][ T6006] ffff888021f40400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 248.536447][ T6006] >ffff888021f40480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 248.544502][ T6006] ^ [ 248.552215][ T6006] ffff888021f40500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 248.560279][ T6006] ffff888021f40580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 248.568329][ T6006] ================================================================== [ 248.732156][ T1211] usb 5-1: Using ep0 maxpacket: 8 [ 248.747484][ T6006] ================================================================== [ 248.755574][ T6006] BUG: KASAN: slab-use-after-free in hdm_disconnect+0x213/0x250 [ 248.763238][ T6006] Read of size 8 at addr ffff888021f404f8 by task kworker/0:7/6006 [ 248.771130][ T6006] [ 248.773457][ T6006] CPU: 0 UID: 0 PID: 6006 Comm: kworker/0:7 Tainted: G B 6.17.0-rc1-syzkaller-00199-gdfd4b508c8c6 #0 PREEMPT(full) [ 248.773511][ T6006] Tainted: [B]=BAD_PAGE [ 248.773522][ T6006] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 248.773546][ T6006] Workqueue: usb_hub_wq hub_event [ 248.773598][ T6006] Call Trace: [ 248.773609][ T6006] [ 248.773621][ T6006] dump_stack_lvl+0x116/0x1f0 [ 248.773667][ T6006] print_report+0xcd/0x630 [ 248.773697][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 248.773739][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 248.773785][ T6006] ? __phys_addr+0xe8/0x180 [ 248.773832][ T6006] ? hdm_disconnect+0x213/0x250 [ 248.773877][ T6006] kasan_report+0xe0/0x110 [ 248.773911][ T6006] ? hdm_disconnect+0x213/0x250 [ 248.773959][ T6006] hdm_disconnect+0x213/0x250 [ 248.774001][ T6006] usb_unbind_interface+0x1dd/0x9e0 [ 248.774039][ T6006] ? kernfs_remove_by_name_ns+0xbe/0x110 [ 248.774089][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 248.774130][ T6006] ? __pfx_usb_unbind_interface+0x10/0x10 [ 248.774165][ T6006] device_remove+0x125/0x170 [ 248.774208][ T6006] device_release_driver_internal+0x44b/0x620 [ 248.774259][ T6006] ? __entry_text_end+0x1020b5/0x1020b9 [ 248.774302][ T6006] bus_remove_device+0x22f/0x420 [ 248.774345][ T6006] device_del+0x396/0x9f0 [ 248.774391][ T6006] ? __pfx_device_del+0x10/0x10 [ 248.774433][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 248.774473][ T6006] ? kobject_put+0x210/0x5a0 [ 248.774522][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 248.774566][ T6006] usb_disable_device+0x355/0x7d0 [ 248.774622][ T6006] usb_disconnect+0x2e1/0x9c0 [ 248.774675][ T6006] hub_event+0x1c81/0x4fe0 [ 248.774740][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 248.774784][ T6006] ? lock_release+0x201/0x2f0 [ 248.774837][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 248.774877][ T6006] ? do_raw_spin_unlock+0x172/0x230 [ 248.774915][ T6006] ? __pfx_hub_event+0x10/0x10 [ 248.774964][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 248.775003][ T6006] ? __ioread64_hi_lo+0x70/0xb0 [ 248.775047][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 248.775089][ T6006] ? __pfx_debug_object_deactivate+0x10/0x10 [ 248.775126][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 248.775165][ T6006] ? trace_sched_exit_tp+0xd1/0x120 [ 248.775203][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 248.775243][ T6006] ? rcu_is_watching+0x12/0xc0 [ 248.775284][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 248.775325][ T6006] ? lock_acquire+0x2cd/0x350 [ 248.775375][ T6006] ? rcu_is_watching+0x12/0xc0 [ 248.775417][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 248.775457][ T6006] ? rcu_is_watching+0x12/0xc0 [ 248.775501][ T6006] process_one_work+0x9cf/0x1b70 [ 248.775545][ T6006] ? __pfx_nsim_dev_hwstats_traffic_work+0x10/0x10 [ 248.775593][ T6006] ? __pfx_process_one_work+0x10/0x10 [ 248.775630][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 248.775676][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 248.775716][ T6006] ? assign_work+0x1a0/0x250 [ 248.775749][ T6006] worker_thread+0x6c8/0xf10 [ 248.775799][ T6006] ? __pfx_worker_thread+0x10/0x10 [ 248.775836][ T6006] kthread+0x3c5/0x780 [ 248.775868][ T6006] ? __pfx_kthread+0x10/0x10 [ 248.775898][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 248.775938][ T6006] ? rcu_is_watching+0x12/0xc0 [ 248.775980][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 248.776020][ T6006] ? rcu_is_watching+0x12/0xc0 [ 248.776062][ T6006] ? __pfx_kthread+0x10/0x10 [ 248.776095][ T6006] ret_from_fork+0x5d7/0x6f0 [ 248.776126][ T6006] ? __pfx_kthread+0x10/0x10 [ 248.776158][ T6006] ret_from_fork_asm+0x1a/0x30 [ 248.776211][ T6006] [ 248.776222][ T6006] [ 249.129678][ T6006] Allocated by task 6006: [ 249.134006][ T6006] kasan_save_stack+0x33/0x60 [ 249.138707][ T6006] kasan_save_track+0x14/0x30 [ 249.143407][ T6006] __kasan_kmalloc+0xaa/0xb0 [ 249.148017][ T6006] hdm_probe+0xb3/0x19a0 [ 249.152304][ T6006] usb_probe_interface+0x303/0xa40 [ 249.157418][ T6006] really_probe+0x241/0xa90 [ 249.161934][ T6006] __driver_probe_device+0x1de/0x440 [ 249.167235][ T6006] driver_probe_device+0x4c/0x1b0 [ 249.172271][ T6006] __device_attach_driver+0x1df/0x310 [ 249.177655][ T6006] bus_for_each_drv+0x159/0x1e0 [ 249.182506][ T6006] __device_attach+0x1e4/0x4b0 [ 249.187283][ T6006] bus_probe_device+0x17f/0x1c0 [ 249.192138][ T6006] device_add+0x1148/0x1aa0 [ 249.196659][ T6006] usb_set_configuration+0x1187/0x1e20 [ 249.202135][ T6006] usb_generic_driver_probe+0xb1/0x110 [ 249.207603][ T6006] usb_probe_device+0xef/0x3e0 [ 249.212384][ T6006] really_probe+0x241/0xa90 [ 249.216897][ T6006] __driver_probe_device+0x1de/0x440 [ 249.222213][ T6006] driver_probe_device+0x4c/0x1b0 [ 249.227299][ T6006] __device_attach_driver+0x1df/0x310 [ 249.232697][ T6006] bus_for_each_drv+0x159/0x1e0 [ 249.237559][ T6006] __device_attach+0x1e4/0x4b0 [ 249.242336][ T6006] bus_probe_device+0x17f/0x1c0 [ 249.247197][ T6006] device_add+0x1148/0x1aa0 [ 249.251726][ T6006] usb_new_device+0xd07/0x1a60 [ 249.256539][ T6006] hub_event+0x2f34/0x4fe0 [ 249.260976][ T6006] process_one_work+0x9cf/0x1b70 [ 249.265920][ T6006] worker_thread+0x6c8/0xf10 [ 249.270514][ T6006] kthread+0x3c5/0x780 [ 249.274585][ T6006] ret_from_fork+0x5d7/0x6f0 [ 249.279181][ T6006] ret_from_fork_asm+0x1a/0x30 [ 249.283962][ T6006] [ 249.286274][ T6006] Freed by task 6006: [ 249.290243][ T6006] kasan_save_stack+0x33/0x60 [ 249.294938][ T6006] kasan_save_track+0x14/0x30 [ 249.299631][ T6006] kasan_save_free_info+0x3b/0x60 [ 249.304665][ T6006] __kasan_slab_free+0x60/0x70 [ 249.309451][ T6006] kfree+0x2b4/0x4d0 [ 249.313426][ T6006] device_release+0xa4/0x240 [ 249.318027][ T6006] kobject_put+0x1e7/0x5a0 [ 249.322462][ T6006] device_unregister+0x2f/0xc0 [ 249.327255][ T6006] hdm_disconnect+0x10b/0x250 [ 249.331978][ T6006] usb_unbind_interface+0x1dd/0x9e0 [ 249.337185][ T6006] device_remove+0x125/0x170 [ 249.341799][ T6006] device_release_driver_internal+0x44b/0x620 [ 249.347892][ T6006] bus_remove_device+0x22f/0x420 [ 249.352839][ T6006] device_del+0x396/0x9f0 [ 249.357182][ T6006] usb_disable_device+0x355/0x7d0 [ 249.362231][ T6006] usb_disconnect+0x2e1/0x9c0 [ 249.366928][ T6006] hub_event+0x1c81/0x4fe0 [ 249.371360][ T6006] process_one_work+0x9cf/0x1b70 [ 249.376305][ T6006] worker_thread+0x6c8/0xf10 [ 249.380897][ T6006] kthread+0x3c5/0x780 [ 249.384965][ T6006] ret_from_fork+0x5d7/0x6f0 [ 249.389559][ T6006] ret_from_fork_asm+0x1a/0x30 [ 249.394339][ T6006] [ 249.396648][ T6006] The buggy address belongs to the object at ffff888021f40000 [ 249.396648][ T6006] which belongs to the cache kmalloc-8k of size 8192 [ 249.410702][ T6006] The buggy address is located 1272 bytes inside of [ 249.410702][ T6006] freed 8192-byte region [ffff888021f40000, ffff888021f42000) [ 249.424693][ T6006] [ 249.427054][ T6006] The buggy address belongs to the physical page: [ 249.433455][ T6006] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x21f40 [ 249.442216][ T6006] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 249.450713][ T6006] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 249.458695][ T6006] page_type: f5(slab) [ 249.462679][ T6006] raw: 00fff00000000040 ffff88801b842280 ffffea0000cf0200 dead000000000005 [ 249.471267][ T6006] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 249.479856][ T6006] head: 00fff00000000040 ffff88801b842280 ffffea0000cf0200 dead000000000005 [ 249.488537][ T6006] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 249.497209][ T6006] head: 00fff00000000003 ffffea000087d001 00000000ffffffff 00000000ffffffff [ 249.505887][ T6006] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 249.514554][ T6006] page dumped because: kasan: bad access detected [ 249.520967][ T6006] page_owner tracks the page as allocated [ 249.526682][ T6006] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 14554088218, free_ts 0 [ 249.546414][ T6006] post_alloc_hook+0x1c0/0x230 [ 249.551201][ T6006] get_page_from_freelist+0x132b/0x38e0 [ 249.556773][ T6006] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 249.562689][ T6006] alloc_pages_mpol+0x1fb/0x550 [ 249.567540][ T6006] new_slab+0x247/0x330 [ 249.571748][ T6006] ___slab_alloc+0xcf2/0x1740 [ 249.576438][ T6006] __slab_alloc.constprop.0+0x56/0xb0 [ 249.581826][ T6006] __kmalloc_noprof+0x2f2/0x510 [ 249.586734][ T6006] acpi_ut_initialize_buffer+0x133/0x210 [ 249.592383][ T6006] acpi_rs_create_pci_routing_table+0x11f/0x9f0 [ 249.598645][ T6006] acpi_rs_get_prt_method_data+0xa4/0xf0 [ 249.604297][ T6006] acpi_get_irq_routing_table+0xc2/0x100 [ 249.609955][ T6006] acpi_pci_irq_find_prt_entry+0x179/0xee0 [ 249.615794][ T6006] acpi_pci_irq_lookup+0x85/0x730 [ 249.620847][ T6006] acpi_pci_irq_enable+0x1e5/0x6f0 [ 249.625959][ T6006] pcibios_enable_device+0xb6/0xe0 [ 249.631096][ T6006] page_owner free stack trace missing [ 249.636452][ T6006] [ 249.638762][ T6006] Memory state around the buggy address: [ 249.644453][ T6006] ffff888021f40380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 249.652546][ T6006] ffff888021f40400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 249.660693][ T6006] >ffff888021f40480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 249.668745][ T6006] ^ [ 249.676887][ T6006] ffff888021f40500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 249.684947][ T6006] ffff888021f40580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 249.692999][ T6006] ================================================================== [ 249.795948][ T6006] ================================================================== [ 249.804055][ T6006] BUG: KASAN: slab-use-after-free in hdm_disconnect+0x20c/0x250 [ 249.811722][ T6006] Read of size 8 at addr ffff888021f40508 by task kworker/0:7/6006 [ 249.819624][ T6006] [ 249.821963][ T6006] CPU: 0 UID: 0 PID: 6006 Comm: kworker/0:7 Tainted: G B 6.17.0-rc1-syzkaller-00199-gdfd4b508c8c6 #0 PREEMPT(full) [ 249.822024][ T6006] Tainted: [B]=BAD_PAGE [ 249.822044][ T6006] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 249.822071][ T6006] Workqueue: usb_hub_wq hub_event [ 249.822129][ T6006] Call Trace: [ 249.822142][ T6006] [ 249.822156][ T6006] dump_stack_lvl+0x116/0x1f0 [ 249.822207][ T6006] print_report+0xcd/0x630 [ 249.822242][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 249.822290][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 249.822337][ T6006] ? __phys_addr+0xe8/0x180 [ 249.822390][ T6006] ? hdm_disconnect+0x20c/0x250 [ 249.822437][ T6006] kasan_report+0xe0/0x110 [ 249.822473][ T6006] ? hdm_disconnect+0x20c/0x250 [ 249.822526][ T6006] hdm_disconnect+0x20c/0x250 [ 249.822575][ T6006] usb_unbind_interface+0x1dd/0x9e0 [ 249.822616][ T6006] ? kernfs_remove_by_name_ns+0xbe/0x110 [ 249.822674][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 249.822721][ T6006] ? __pfx_usb_unbind_interface+0x10/0x10 [ 249.822760][ T6006] device_remove+0x125/0x170 [ 249.822810][ T6006] device_release_driver_internal+0x44b/0x620 [ 249.822868][ T6006] ? __entry_text_end+0x1020b5/0x1020b9 [ 249.822918][ T6006] bus_remove_device+0x22f/0x420 [ 249.822968][ T6006] device_del+0x396/0x9f0 [ 249.823023][ T6006] ? __pfx_device_del+0x10/0x10 [ 249.823077][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 249.823124][ T6006] ? kobject_put+0x210/0x5a0 [ 249.823181][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 249.823231][ T6006] usb_disable_device+0x355/0x7d0 [ 249.823297][ T6006] usb_disconnect+0x2e1/0x9c0 [ 249.823358][ T6006] hub_event+0x1c81/0x4fe0 [ 249.823432][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 249.823478][ T6006] ? lock_release+0x201/0x2f0 [ 249.823539][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 249.823587][ T6006] ? do_raw_spin_unlock+0x172/0x230 [ 249.823630][ T6006] ? __pfx_hub_event+0x10/0x10 [ 249.823686][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 249.823733][ T6006] ? __ioread64_hi_lo+0x70/0xb0 [ 249.823782][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 249.823830][ T6006] ? __pfx_debug_object_deactivate+0x10/0x10 [ 249.823873][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 249.823920][ T6006] ? trace_sched_exit_tp+0xd1/0x120 [ 249.823964][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 249.824011][ T6006] ? rcu_is_watching+0x12/0xc0 [ 249.824064][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 249.824112][ T6006] ? lock_acquire+0x2cd/0x350 [ 249.824171][ T6006] ? rcu_is_watching+0x12/0xc0 [ 249.824221][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 249.824268][ T6006] ? rcu_is_watching+0x12/0xc0 [ 249.824319][ T6006] process_one_work+0x9cf/0x1b70 [ 249.824369][ T6006] ? __pfx_nsim_dev_hwstats_traffic_work+0x10/0x10 [ 249.824425][ T6006] ? __pfx_process_one_work+0x10/0x10 [ 249.824468][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 249.824522][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 249.824568][ T6006] ? assign_work+0x1a0/0x250 [ 249.824608][ T6006] worker_thread+0x6c8/0xf10 [ 249.824660][ T6006] ? __pfx_worker_thread+0x10/0x10 [ 249.824703][ T6006] kthread+0x3c5/0x780 [ 249.824740][ T6006] ? __pfx_kthread+0x10/0x10 [ 249.824774][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 249.824820][ T6006] ? rcu_is_watching+0x12/0xc0 [ 249.824869][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 249.824915][ T6006] ? rcu_is_watching+0x12/0xc0 [ 249.824962][ T6006] ? __pfx_kthread+0x10/0x10 [ 249.825000][ T6006] ret_from_fork+0x5d7/0x6f0 [ 249.825047][ T6006] ? __pfx_kthread+0x10/0x10 [ 249.825084][ T6006] ret_from_fork_asm+0x1a/0x30 [ 249.825145][ T6006] [ 249.825158][ T6006] [ 250.178713][ T6006] Allocated by task 6006: [ 250.183039][ T6006] kasan_save_stack+0x33/0x60 [ 250.187741][ T6006] kasan_save_track+0x14/0x30 [ 250.192452][ T6006] __kasan_kmalloc+0xaa/0xb0 [ 250.197063][ T6006] hdm_probe+0xb3/0x19a0 [ 250.201315][ T6006] usb_probe_interface+0x303/0xa40 [ 250.206430][ T6006] really_probe+0x241/0xa90 [ 250.210958][ T6006] __driver_probe_device+0x1de/0x440 [ 250.216283][ T6006] driver_probe_device+0x4c/0x1b0 [ 250.221348][ T6006] __device_attach_driver+0x1df/0x310 [ 250.226746][ T6006] bus_for_each_drv+0x159/0x1e0 [ 250.231618][ T6006] __device_attach+0x1e4/0x4b0 [ 250.236411][ T6006] bus_probe_device+0x17f/0x1c0 [ 250.241274][ T6006] device_add+0x1148/0x1aa0 [ 250.245980][ T6006] usb_set_configuration+0x1187/0x1e20 [ 250.251470][ T6006] usb_generic_driver_probe+0xb1/0x110 [ 250.256950][ T6006] usb_probe_device+0xef/0x3e0 [ 250.261735][ T6006] really_probe+0x241/0xa90 [ 250.266273][ T6006] __driver_probe_device+0x1de/0x440 [ 250.271595][ T6006] driver_probe_device+0x4c/0x1b0 [ 250.276643][ T6006] __device_attach_driver+0x1df/0x310 [ 250.282033][ T6006] bus_for_each_drv+0x159/0x1e0 [ 250.286890][ T6006] __device_attach+0x1e4/0x4b0 [ 250.291669][ T6006] bus_probe_device+0x17f/0x1c0 [ 250.296530][ T6006] device_add+0x1148/0x1aa0 [ 250.301059][ T6006] usb_new_device+0xd07/0x1a60 [ 250.305843][ T6006] hub_event+0x2f34/0x4fe0 [ 250.310281][ T6006] process_one_work+0x9cf/0x1b70 [ 250.315292][ T6006] worker_thread+0x6c8/0xf10 [ 250.319899][ T6006] kthread+0x3c5/0x780 [ 250.323975][ T6006] ret_from_fork+0x5d7/0x6f0 [ 250.328567][ T6006] ret_from_fork_asm+0x1a/0x30 [ 250.333345][ T6006] [ 250.335660][ T6006] Freed by task 6006: [ 250.339631][ T6006] kasan_save_stack+0x33/0x60 [ 250.344332][ T6006] kasan_save_track+0x14/0x30 [ 250.349041][ T6006] kasan_save_free_info+0x3b/0x60 [ 250.354082][ T6006] __kasan_slab_free+0x60/0x70 [ 250.358876][ T6006] kfree+0x2b4/0x4d0 [ 250.362793][ T6006] device_release+0xa4/0x240 [ 250.367392][ T6006] kobject_put+0x1e7/0x5a0 [ 250.371834][ T6006] device_unregister+0x2f/0xc0 [ 250.376617][ T6006] hdm_disconnect+0x10b/0x250 [ 250.381309][ T6006] usb_unbind_interface+0x1dd/0x9e0 [ 250.386514][ T6006] device_remove+0x125/0x170 [ 250.391130][ T6006] device_release_driver_internal+0x44b/0x620 [ 250.397229][ T6006] bus_remove_device+0x22f/0x420 [ 250.402180][ T6006] device_del+0x396/0x9f0 [ 250.406615][ T6006] usb_disable_device+0x355/0x7d0 [ 250.411668][ T6006] usb_disconnect+0x2e1/0x9c0 [ 250.416368][ T6006] hub_event+0x1c81/0x4fe0 [ 250.420807][ T6006] process_one_work+0x9cf/0x1b70 [ 250.425755][ T6006] worker_thread+0x6c8/0xf10 [ 250.430353][ T6006] kthread+0x3c5/0x780 [ 250.434428][ T6006] ret_from_fork+0x5d7/0x6f0 [ 250.439029][ T6006] ret_from_fork_asm+0x1a/0x30 [ 250.443811][ T6006] [ 250.446126][ T6006] The buggy address belongs to the object at ffff888021f40000 [ 250.446126][ T6006] which belongs to the cache kmalloc-8k of size 8192 [ 250.460185][ T6006] The buggy address is located 1288 bytes inside of [ 250.460185][ T6006] freed 8192-byte region [ffff888021f40000, ffff888021f42000) [ 250.474169][ T6006] [ 250.476489][ T6006] The buggy address belongs to the physical page: [ 250.482894][ T6006] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x21f40 [ 250.491662][ T6006] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 250.500173][ T6006] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 250.508166][ T6006] page_type: f5(slab) [ 250.512153][ T6006] raw: 00fff00000000040 ffff88801b842280 ffffea0000cf0200 dead000000000005 [ 250.520740][ T6006] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 250.529350][ T6006] head: 00fff00000000040 ffff88801b842280 ffffea0000cf0200 dead000000000005 [ 250.538024][ T6006] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 250.546700][ T6006] head: 00fff00000000003 ffffea000087d001 00000000ffffffff 00000000ffffffff [ 250.555381][ T6006] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 250.564048][ T6006] page dumped because: kasan: bad access detected [ 250.570452][ T6006] page_owner tracks the page as allocated [ 250.576154][ T6006] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 14554088218, free_ts 0 [ 250.595879][ T6006] post_alloc_hook+0x1c0/0x230 [ 250.600661][ T6006] get_page_from_freelist+0x132b/0x38e0 [ 250.606238][ T6006] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 250.612172][ T6006] alloc_pages_mpol+0x1fb/0x550 [ 250.617031][ T6006] new_slab+0x247/0x330 [ 250.621203][ T6006] ___slab_alloc+0xcf2/0x1740 [ 250.625927][ T6006] __slab_alloc.constprop.0+0x56/0xb0 [ 250.631313][ T6006] __kmalloc_noprof+0x2f2/0x510 [ 250.636219][ T6006] acpi_ut_initialize_buffer+0x133/0x210 [ 250.641876][ T6006] acpi_rs_create_pci_routing_table+0x11f/0x9f0 [ 250.648143][ T6006] acpi_rs_get_prt_method_data+0xa4/0xf0 [ 250.653796][ T6006] acpi_get_irq_routing_table+0xc2/0x100 [ 250.659457][ T6006] acpi_pci_irq_find_prt_entry+0x179/0xee0 [ 250.665300][ T6006] acpi_pci_irq_lookup+0x85/0x730 [ 250.670356][ T6006] acpi_pci_irq_enable+0x1e5/0x6f0 [ 250.675474][ T6006] pcibios_enable_device+0xb6/0xe0 [ 250.680616][ T6006] page_owner free stack trace missing [ 250.685973][ T6006] [ 250.688282][ T6006] Memory state around the buggy address: [ 250.693904][ T6006] ffff888021f40400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 250.702054][ T6006] ffff888021f40480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 250.710118][ T6006] >ffff888021f40500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 250.718175][ T6006] ^ [ 250.722532][ T6006] ffff888021f40580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 250.730596][ T6006] ffff888021f40600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 250.738652][ T6006] ================================================================== [ 250.781675][ T1211] usb 5-1: device descriptor read/all, error -71 [ 250.783924][ T6006] ================================================================== [ 250.796099][ T6006] BUG: KASAN: slab-use-after-free in hdm_disconnect+0x205/0x250 [ 250.803774][ T6006] Read of size 8 at addr ffff888021f40500 by task kworker/0:7/6006 [ 250.811681][ T6006] [ 250.814017][ T6006] CPU: 0 UID: 0 PID: 6006 Comm: kworker/0:7 Tainted: G B 6.17.0-rc1-syzkaller-00199-gdfd4b508c8c6 #0 PREEMPT(full) [ 250.814076][ T6006] Tainted: [B]=BAD_PAGE [ 250.814090][ T6006] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 250.814115][ T6006] Workqueue: usb_hub_wq hub_event [ 250.814171][ T6006] Call Trace: [ 250.814183][ T6006] [ 250.814196][ T6006] dump_stack_lvl+0x116/0x1f0 [ 250.814246][ T6006] print_report+0xcd/0x630 [ 250.814279][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 250.814325][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 250.814370][ T6006] ? __phys_addr+0xe8/0x180 [ 250.814422][ T6006] ? hdm_disconnect+0x205/0x250 [ 250.814466][ T6006] kasan_report+0xe0/0x110 [ 250.814501][ T6006] ? hdm_disconnect+0x205/0x250 [ 250.814554][ T6006] hdm_disconnect+0x205/0x250 [ 250.814601][ T6006] usb_unbind_interface+0x1dd/0x9e0 [ 250.814642][ T6006] ? kernfs_remove_by_name_ns+0xbe/0x110 [ 250.814697][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 250.814742][ T6006] ? __pfx_usb_unbind_interface+0x10/0x10 [ 250.814787][ T6006] device_remove+0x125/0x170 [ 250.814835][ T6006] device_release_driver_internal+0x44b/0x620 [ 250.814891][ T6006] ? __entry_text_end+0x1020b5/0x1020b9 [ 250.814939][ T6006] bus_remove_device+0x22f/0x420 [ 250.814990][ T6006] device_del+0x396/0x9f0 [ 250.815041][ T6006] ? __pfx_device_del+0x10/0x10 [ 250.815088][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 250.815134][ T6006] ? kobject_put+0x210/0x5a0 [ 250.815187][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 250.815236][ T6006] usb_disable_device+0x355/0x7d0 [ 250.815298][ T6006] usb_disconnect+0x2e1/0x9c0 [ 250.815357][ T6006] hub_event+0x1c81/0x4fe0 [ 250.815428][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 250.815473][ T6006] ? lock_release+0x201/0x2f0 [ 250.815532][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 250.815580][ T6006] ? do_raw_spin_unlock+0x172/0x230 [ 250.815623][ T6006] ? __pfx_hub_event+0x10/0x10 [ 250.815678][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 250.815724][ T6006] ? __ioread64_hi_lo+0x70/0xb0 [ 250.815779][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 250.815825][ T6006] ? __pfx_debug_object_deactivate+0x10/0x10 [ 250.815867][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 250.815911][ T6006] ? trace_sched_exit_tp+0xd1/0x120 [ 250.815954][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 250.816001][ T6006] ? rcu_is_watching+0x12/0xc0 [ 250.816046][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 250.816090][ T6006] ? lock_acquire+0x2cd/0x350 [ 250.816145][ T6006] ? rcu_is_watching+0x12/0xc0 [ 250.816190][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 250.816235][ T6006] ? rcu_is_watching+0x12/0xc0 [ 250.816284][ T6006] process_one_work+0x9cf/0x1b70 [ 250.816333][ T6006] ? __pfx_nsim_dev_hwstats_traffic_work+0x10/0x10 [ 250.816387][ T6006] ? __pfx_process_one_work+0x10/0x10 [ 250.816425][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 250.816472][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 250.816505][ T6006] ? assign_work+0x1a0/0x250 [ 250.816533][ T6006] worker_thread+0x6c8/0xf10 [ 250.816575][ T6006] ? __pfx_worker_thread+0x10/0x10 [ 250.816605][ T6006] kthread+0x3c5/0x780 [ 250.816632][ T6006] ? __pfx_kthread+0x10/0x10 [ 250.816656][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 250.816695][ T6006] ? rcu_is_watching+0x12/0xc0 [ 250.816730][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 250.816763][ T6006] ? rcu_is_watching+0x12/0xc0 [ 250.816813][ T6006] ? __pfx_kthread+0x10/0x10 [ 250.816850][ T6006] ret_from_fork+0x5d7/0x6f0 [ 250.816884][ T6006] ? __pfx_kthread+0x10/0x10 [ 250.816920][ T6006] ret_from_fork_asm+0x1a/0x30 [ 250.816980][ T6006] [ 250.816993][ T6006] [ 251.170591][ T6006] Allocated by task 6006: [ 251.174909][ T6006] kasan_save_stack+0x33/0x60 [ 251.179612][ T6006] kasan_save_track+0x14/0x30 [ 251.184322][ T6006] __kasan_kmalloc+0xaa/0xb0 [ 251.188930][ T6006] hdm_probe+0xb3/0x19a0 [ 251.193182][ T6006] usb_probe_interface+0x303/0xa40 [ 251.198297][ T6006] really_probe+0x241/0xa90 [ 251.202813][ T6006] __driver_probe_device+0x1de/0x440 [ 251.208113][ T6006] driver_probe_device+0x4c/0x1b0 [ 251.213151][ T6006] __device_attach_driver+0x1df/0x310 [ 251.218537][ T6006] bus_for_each_drv+0x159/0x1e0 [ 251.223389][ T6006] __device_attach+0x1e4/0x4b0 [ 251.228168][ T6006] bus_probe_device+0x17f/0x1c0 [ 251.233026][ T6006] device_add+0x1148/0x1aa0 [ 251.237550][ T6006] usb_set_configuration+0x1187/0x1e20 [ 251.243032][ T6006] usb_generic_driver_probe+0xb1/0x110 [ 251.248505][ T6006] usb_probe_device+0xef/0x3e0 [ 251.253286][ T6006] really_probe+0x241/0xa90 [ 251.257803][ T6006] __driver_probe_device+0x1de/0x440 [ 251.263105][ T6006] driver_probe_device+0x4c/0x1b0 [ 251.268145][ T6006] __device_attach_driver+0x1df/0x310 [ 251.273529][ T6006] bus_for_each_drv+0x159/0x1e0 [ 251.278383][ T6006] __device_attach+0x1e4/0x4b0 [ 251.283164][ T6006] bus_probe_device+0x17f/0x1c0 [ 251.288033][ T6006] device_add+0x1148/0x1aa0 [ 251.292559][ T6006] usb_new_device+0xd07/0x1a60 [ 251.297343][ T6006] hub_event+0x2f34/0x4fe0 [ 251.301798][ T6006] process_one_work+0x9cf/0x1b70 [ 251.306743][ T6006] worker_thread+0x6c8/0xf10 [ 251.311349][ T6006] kthread+0x3c5/0x780 [ 251.315418][ T6006] ret_from_fork+0x5d7/0x6f0 [ 251.320015][ T6006] ret_from_fork_asm+0x1a/0x30 [ 251.324800][ T6006] [ 251.327112][ T6006] Freed by task 6006: [ 251.331078][ T6006] kasan_save_stack+0x33/0x60 [ 251.335775][ T6006] kasan_save_track+0x14/0x30 [ 251.340469][ T6006] kasan_save_free_info+0x3b/0x60 [ 251.345502][ T6006] __kasan_slab_free+0x60/0x70 [ 251.350284][ T6006] kfree+0x2b4/0x4d0 [ 251.354192][ T6006] device_release+0xa4/0x240 [ 251.358809][ T6006] kobject_put+0x1e7/0x5a0 [ 251.363251][ T6006] device_unregister+0x2f/0xc0 [ 251.368037][ T6006] hdm_disconnect+0x10b/0x250 [ 251.372724][ T6006] usb_unbind_interface+0x1dd/0x9e0 [ 251.377938][ T6006] device_remove+0x125/0x170 [ 251.383069][ T6006] device_release_driver_internal+0x44b/0x620 [ 251.389161][ T6006] bus_remove_device+0x22f/0x420 [ 251.394113][ T6006] device_del+0x396/0x9f0 [ 251.398458][ T6006] usb_disable_device+0x355/0x7d0 [ 251.403504][ T6006] usb_disconnect+0x2e1/0x9c0 [ 251.408199][ T6006] hub_event+0x1c81/0x4fe0 [ 251.412632][ T6006] process_one_work+0x9cf/0x1b70 [ 251.417574][ T6006] worker_thread+0x6c8/0xf10 [ 251.422166][ T6006] kthread+0x3c5/0x780 [ 251.426238][ T6006] ret_from_fork+0x5d7/0x6f0 [ 251.430827][ T6006] ret_from_fork_asm+0x1a/0x30 [ 251.435601][ T6006] [ 251.437913][ T6006] The buggy address belongs to the object at ffff888021f40000 [ 251.437913][ T6006] which belongs to the cache kmalloc-8k of size 8192 [ 251.451969][ T6006] The buggy address is located 1280 bytes inside of [ 251.451969][ T6006] freed 8192-byte region [ffff888021f40000, ffff888021f42000) [ 251.465950][ T6006] [ 251.468265][ T6006] The buggy address belongs to the physical page: [ 251.474661][ T6006] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x21f40 [ 251.483422][ T6006] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 251.491928][ T6006] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 251.499907][ T6006] page_type: f5(slab) [ 251.503891][ T6006] raw: 00fff00000000040 ffff88801b842280 ffffea0000cf0200 dead000000000005 [ 251.512481][ T6006] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 251.521089][ T6006] head: 00fff00000000040 ffff88801b842280 ffffea0000cf0200 dead000000000005 [ 251.529764][ T6006] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 251.538437][ T6006] head: 00fff00000000003 ffffea000087d001 00000000ffffffff 00000000ffffffff [ 251.547115][ T6006] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 251.555781][ T6006] page dumped because: kasan: bad access detected [ 251.562184][ T6006] page_owner tracks the page as allocated [ 251.567887][ T6006] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 14554088218, free_ts 0 [ 251.587616][ T6006] post_alloc_hook+0x1c0/0x230 [ 251.592409][ T6006] get_page_from_freelist+0x132b/0x38e0 [ 251.597980][ T6006] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 251.603896][ T6006] alloc_pages_mpol+0x1fb/0x550 [ 251.608747][ T6006] new_slab+0x247/0x330 [ 251.612922][ T6006] ___slab_alloc+0xcf2/0x1740 [ 251.617610][ T6006] __slab_alloc.constprop.0+0x56/0xb0 [ 251.623001][ T6006] __kmalloc_noprof+0x2f2/0x510 [ 251.627871][ T6006] acpi_ut_initialize_buffer+0x133/0x210 [ 251.633515][ T6006] acpi_rs_create_pci_routing_table+0x11f/0x9f0 [ 251.639786][ T6006] acpi_rs_get_prt_method_data+0xa4/0xf0 [ 251.645449][ T6006] acpi_get_irq_routing_table+0xc2/0x100 [ 251.651107][ T6006] acpi_pci_irq_find_prt_entry+0x179/0xee0 [ 251.656937][ T6006] acpi_pci_irq_lookup+0x85/0x730 [ 251.662001][ T6006] acpi_pci_irq_enable+0x1e5/0x6f0 [ 251.667111][ T6006] pcibios_enable_device+0xb6/0xe0 [ 251.672245][ T6006] page_owner free stack trace missing [ 251.677597][ T6006] [ 251.679905][ T6006] Memory state around the buggy address: [ 251.685526][ T6006] ffff888021f40400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 251.693588][ T6006] ffff888021f40480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 251.701649][ T6006] >ffff888021f40500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 251.709701][ T6006] ^ [ 251.713760][ T6006] ffff888021f40580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 251.721820][ T6006] ffff888021f40600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 251.729871][ T6006] ================================================================== [ 251.748063][ T6006] ================================================================== [ 251.756156][ T6006] BUG: KASAN: slab-use-after-free in kobject_put+0x4ed/0x5a0 [ 251.763566][ T6006] Read of size 1 at addr ffff88805243003c by task kworker/0:7/6006 [ 251.771456][ T6006] [ 251.773785][ T6006] CPU: 0 UID: 0 PID: 6006 Comm: kworker/0:7 Tainted: G B 6.17.0-rc1-syzkaller-00199-gdfd4b508c8c6 #0 PREEMPT(full) [ 251.773836][ T6006] Tainted: [B]=BAD_PAGE [ 251.773848][ T6006] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 251.773872][ T6006] Workqueue: usb_hub_wq hub_event [ 251.773924][ T6006] Call Trace: [ 251.773935][ T6006] [ 251.773948][ T6006] dump_stack_lvl+0x116/0x1f0 [ 251.773993][ T6006] print_report+0xcd/0x630 [ 251.774023][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 251.774064][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 251.774104][ T6006] ? __phys_addr+0xe8/0x180 [ 251.774150][ T6006] ? kobject_put+0x4ed/0x5a0 [ 251.774194][ T6006] kasan_report+0xe0/0x110 [ 251.774225][ T6006] ? kobject_put+0x4ed/0x5a0 [ 251.774276][ T6006] kobject_put+0x4ed/0x5a0 [ 251.774323][ T6006] put_device+0x1f/0x30 [ 251.774356][ T6006] hdm_disconnect+0x1e2/0x250 [ 251.774399][ T6006] usb_unbind_interface+0x1dd/0x9e0 [ 251.774434][ T6006] ? kernfs_remove_by_name_ns+0xbe/0x110 [ 251.774483][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 251.774524][ T6006] ? __pfx_usb_unbind_interface+0x10/0x10 [ 251.774557][ T6006] device_remove+0x125/0x170 [ 251.774599][ T6006] device_release_driver_internal+0x44b/0x620 [ 251.774649][ T6006] ? __entry_text_end+0x1020b5/0x1020b9 [ 251.774692][ T6006] bus_remove_device+0x22f/0x420 [ 251.774734][ T6006] device_del+0x396/0x9f0 [ 251.774785][ T6006] ? __pfx_device_del+0x10/0x10 [ 251.774827][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 251.774866][ T6006] ? kobject_put+0x210/0x5a0 [ 251.774912][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 251.774955][ T6006] usb_disable_device+0x355/0x7d0 [ 251.775010][ T6006] usb_disconnect+0x2e1/0x9c0 [ 251.775063][ T6006] hub_event+0x1c81/0x4fe0 [ 251.775126][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 251.775165][ T6006] ? lock_release+0x201/0x2f0 [ 251.775217][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 251.775256][ T6006] ? do_raw_spin_unlock+0x172/0x230 [ 251.775294][ T6006] ? __pfx_hub_event+0x10/0x10 [ 251.775342][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 251.775381][ T6006] ? __ioread64_hi_lo+0x70/0xb0 [ 251.775423][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 251.775464][ T6006] ? __pfx_debug_object_deactivate+0x10/0x10 [ 251.775501][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 251.775540][ T6006] ? trace_sched_exit_tp+0xd1/0x120 [ 251.775577][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 251.775616][ T6006] ? rcu_is_watching+0x12/0xc0 [ 251.775657][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 251.775696][ T6006] ? lock_acquire+0x2cd/0x350 [ 251.775746][ T6006] ? rcu_is_watching+0x12/0xc0 [ 251.775793][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 251.775833][ T6006] ? rcu_is_watching+0x12/0xc0 [ 251.775877][ T6006] process_one_work+0x9cf/0x1b70 [ 251.775920][ T6006] ? __pfx_nsim_dev_hwstats_traffic_work+0x10/0x10 [ 251.775968][ T6006] ? __pfx_process_one_work+0x10/0x10 [ 251.776005][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 251.776049][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 251.776089][ T6006] ? assign_work+0x1a0/0x250 [ 251.776122][ T6006] worker_thread+0x6c8/0xf10 [ 251.776167][ T6006] ? __pfx_worker_thread+0x10/0x10 [ 251.776203][ T6006] kthread+0x3c5/0x780 [ 251.776235][ T6006] ? __pfx_kthread+0x10/0x10 [ 251.776265][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 251.776304][ T6006] ? rcu_is_watching+0x12/0xc0 [ 251.776345][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 251.776385][ T6006] ? rcu_is_watching+0x12/0xc0 [ 251.776426][ T6006] ? __pfx_kthread+0x10/0x10 [ 251.776458][ T6006] ret_from_fork+0x5d7/0x6f0 [ 251.776488][ T6006] ? __pfx_kthread+0x10/0x10 [ 251.776520][ T6006] ret_from_fork_asm+0x1a/0x30 [ 251.776571][ T6006] [ 251.776582][ T6006] [ 252.138506][ T6006] Allocated by task 6006: [ 252.142828][ T6006] kasan_save_stack+0x33/0x60 [ 252.147531][ T6006] kasan_save_track+0x14/0x30 [ 252.152225][ T6006] __kasan_kmalloc+0xaa/0xb0 [ 252.156833][ T6006] hdm_probe+0x10c5/0x19a0 [ 252.161259][ T6006] usb_probe_interface+0x303/0xa40 [ 252.166372][ T6006] really_probe+0x241/0xa90 [ 252.170887][ T6006] __driver_probe_device+0x1de/0x440 [ 252.176184][ T6006] driver_probe_device+0x4c/0x1b0 [ 252.181223][ T6006] __device_attach_driver+0x1df/0x310 [ 252.186612][ T6006] bus_for_each_drv+0x159/0x1e0 [ 252.191465][ T6006] __device_attach+0x1e4/0x4b0 [ 252.196244][ T6006] bus_probe_device+0x17f/0x1c0 [ 252.201101][ T6006] device_add+0x1148/0x1aa0 [ 252.205626][ T6006] usb_set_configuration+0x1187/0x1e20 [ 252.211104][ T6006] usb_generic_driver_probe+0xb1/0x110 [ 252.216572][ T6006] usb_probe_device+0xef/0x3e0 [ 252.221358][ T6006] really_probe+0x241/0xa90 [ 252.225873][ T6006] __driver_probe_device+0x1de/0x440 [ 252.231173][ T6006] driver_probe_device+0x4c/0x1b0 [ 252.236209][ T6006] __device_attach_driver+0x1df/0x310 [ 252.241595][ T6006] bus_for_each_drv+0x159/0x1e0 [ 252.246446][ T6006] __device_attach+0x1e4/0x4b0 [ 252.251223][ T6006] bus_probe_device+0x17f/0x1c0 [ 252.256078][ T6006] device_add+0x1148/0x1aa0 [ 252.260600][ T6006] usb_new_device+0xd07/0x1a60 [ 252.265380][ T6006] hub_event+0x2f34/0x4fe0 [ 252.269814][ T6006] process_one_work+0x9cf/0x1b70 [ 252.274755][ T6006] worker_thread+0x6c8/0xf10 [ 252.279357][ T6006] kthread+0x3c5/0x780 [ 252.283425][ T6006] ret_from_fork+0x5d7/0x6f0 [ 252.288012][ T6006] ret_from_fork_asm+0x1a/0x30 [ 252.292789][ T6006] [ 252.295134][ T6006] Freed by task 6006: [ 252.299102][ T6006] kasan_save_stack+0x33/0x60 [ 252.303806][ T6006] kasan_save_track+0x14/0x30 [ 252.308502][ T6006] kasan_save_free_info+0x3b/0x60 [ 252.313537][ T6006] __kasan_slab_free+0x60/0x70 [ 252.318348][ T6006] kfree+0x2b4/0x4d0 [ 252.322255][ T6006] device_release+0xa4/0x240 [ 252.326845][ T6006] kobject_put+0x1e7/0x5a0 [ 252.331276][ T6006] device_unregister+0x2f/0xc0 [ 252.336053][ T6006] hdm_disconnect+0xfa/0x250 [ 252.340652][ T6006] usb_unbind_interface+0x1dd/0x9e0 [ 252.345851][ T6006] device_remove+0x125/0x170 [ 252.350449][ T6006] device_release_driver_internal+0x44b/0x620 [ 252.356534][ T6006] bus_remove_device+0x22f/0x420 [ 252.361479][ T6006] device_del+0x396/0x9f0 [ 252.365824][ T6006] usb_disable_device+0x355/0x7d0 [ 252.370865][ T6006] usb_disconnect+0x2e1/0x9c0 [ 252.375557][ T6006] hub_event+0x1c81/0x4fe0 [ 252.379990][ T6006] process_one_work+0x9cf/0x1b70 [ 252.385110][ T6006] worker_thread+0x6c8/0xf10 [ 252.389701][ T6006] kthread+0x3c5/0x780 [ 252.393767][ T6006] ret_from_fork+0x5d7/0x6f0 [ 252.398359][ T6006] ret_from_fork_asm+0x1a/0x30 [ 252.403138][ T6006] [ 252.405450][ T6006] The buggy address belongs to the object at ffff888052430000 [ 252.405450][ T6006] which belongs to the cache kmalloc-2k of size 2048 [ 252.419499][ T6006] The buggy address is located 60 bytes inside of [ 252.419499][ T6006] freed 2048-byte region [ffff888052430000, ffff888052430800) [ 252.433385][ T6006] [ 252.435701][ T6006] The buggy address belongs to the physical page: [ 252.442101][ T6006] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x52430 [ 252.450861][ T6006] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 252.459354][ T6006] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 252.467019][ T6006] page_type: f5(slab) [ 252.471002][ T6006] raw: 00fff00000000040 ffff88801b842000 dead000000000100 dead000000000122 [ 252.479611][ T6006] raw: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000 [ 252.488199][ T6006] head: 00fff00000000040 ffff88801b842000 dead000000000100 dead000000000122 [ 252.496869][ T6006] head: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000 [ 252.505541][ T6006] head: 00fff00000000003 ffffea0001490c01 00000000ffffffff 00000000ffffffff [ 252.514215][ T6006] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 252.522877][ T6006] page dumped because: kasan: bad access detected [ 252.529276][ T6006] page_owner tracks the page as allocated [ 252.534985][ T6006] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5958, tgid 5958 (kworker/1:7), ts 93854168886, free_ts 33007286435 [ 252.556452][ T6006] post_alloc_hook+0x1c0/0x230 [ 252.561241][ T6006] get_page_from_freelist+0x132b/0x38e0 [ 252.566808][ T6006] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 252.572723][ T6006] alloc_pages_mpol+0x1fb/0x550 [ 252.577580][ T6006] new_slab+0x247/0x330 [ 252.581832][ T6006] ___slab_alloc+0xcf2/0x1740 [ 252.586520][ T6006] __slab_alloc.constprop.0+0x56/0xb0 [ 252.591944][ T6006] __kmalloc_node_track_caller_noprof+0x2ee/0x510 [ 252.598483][ T6006] kmalloc_reserve+0xef/0x2c0 [ 252.603274][ T6006] __alloc_skb+0x166/0x380 [ 252.607723][ T6006] mld_newpack.isra.0+0x18e/0xa20 [ 252.612769][ T6006] add_grhead+0x299/0x340 [ 252.617378][ T6006] add_grec+0x11b5/0x1720 [ 252.621721][ T6006] mld_send_initial_cr+0x151/0x320 [ 252.626873][ T6006] mld_dad_work+0x32/0x1f0 [ 252.631306][ T6006] process_one_work+0x9cf/0x1b70 [ 252.636251][ T6006] page last free pid 1 tgid 1 stack trace: [ 252.642046][ T6006] __free_frozen_pages+0x7d5/0x10f0 [ 252.647263][ T6006] free_contig_range+0x183/0x4b0 [ 252.652221][ T6006] destroy_args+0x7f6/0xa60 [ 252.656739][ T6006] debug_vm_pgtable+0x1a32/0x3640 [ 252.661794][ T6006] do_one_initcall+0x123/0x6e0 [ 252.666567][ T6006] kernel_init_freeable+0x5c2/0x910 [ 252.671767][ T6006] kernel_init+0x1c/0x2b0 [ 252.676093][ T6006] ret_from_fork+0x5d7/0x6f0 [ 252.680683][ T6006] ret_from_fork_asm+0x1a/0x30 [ 252.685459][ T6006] [ 252.687767][ T6006] Memory state around the buggy address: [ 252.693387][ T6006] ffff88805242ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 252.701445][ T6006] ffff88805242ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 252.709505][ T6006] >ffff888052430000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 252.717566][ T6006] ^ [ 252.723455][ T6006] ffff888052430080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 252.731513][ T6006] ffff888052430100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 252.739574][ T6006] ================================================================== [ 252.767859][ T6006] ================================================================== [ 252.775972][ T6006] BUG: KASAN: slab-use-after-free in kobject_put+0x84/0x5a0 [ 252.783402][ T6006] Write of size 4 at addr ffff888052430038 by task kworker/0:7/6006 [ 252.791443][ T6006] [ 252.793775][ T6006] CPU: 0 UID: 0 PID: 6006 Comm: kworker/0:7 Tainted: G B 6.17.0-rc1-syzkaller-00199-gdfd4b508c8c6 #0 PREEMPT(full) [ 252.793828][ T6006] Tainted: [B]=BAD_PAGE [ 252.793841][ T6006] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 252.793865][ T6006] Workqueue: usb_hub_wq hub_event [ 252.793919][ T6006] Call Trace: [ 252.793930][ T6006] [ 252.793943][ T6006] dump_stack_lvl+0x116/0x1f0 [ 252.793990][ T6006] print_report+0xcd/0x630 [ 252.794021][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 252.794068][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 252.794109][ T6006] ? __phys_addr+0xe8/0x180 [ 252.794157][ T6006] ? kobject_put+0x84/0x5a0 [ 252.794203][ T6006] kasan_report+0xe0/0x110 [ 252.794235][ T6006] ? kobject_put+0x84/0x5a0 [ 252.794288][ T6006] kasan_check_range+0x100/0x1b0 [ 252.794328][ T6006] kobject_put+0x84/0x5a0 [ 252.794378][ T6006] put_device+0x1f/0x30 [ 252.794412][ T6006] hdm_disconnect+0x1e2/0x250 [ 252.794456][ T6006] usb_unbind_interface+0x1dd/0x9e0 [ 252.794493][ T6006] ? kernfs_remove_by_name_ns+0xbe/0x110 [ 252.794544][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 252.794586][ T6006] ? __pfx_usb_unbind_interface+0x10/0x10 [ 252.794621][ T6006] device_remove+0x125/0x170 [ 252.794665][ T6006] device_release_driver_internal+0x44b/0x620 [ 252.794717][ T6006] ? __entry_text_end+0x1020b5/0x1020b9 [ 252.794761][ T6006] bus_remove_device+0x22f/0x420 [ 252.794805][ T6006] device_del+0x396/0x9f0 [ 252.794852][ T6006] ? __pfx_device_del+0x10/0x10 [ 252.794896][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 252.794943][ T6006] ? kobject_put+0x210/0x5a0 [ 252.794991][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 252.795043][ T6006] usb_disable_device+0x355/0x7d0 [ 252.795100][ T6006] usb_disconnect+0x2e1/0x9c0 [ 252.795154][ T6006] hub_event+0x1c81/0x4fe0 [ 252.795220][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 252.795262][ T6006] ? lock_release+0x201/0x2f0 [ 252.795316][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 252.795357][ T6006] ? do_raw_spin_unlock+0x172/0x230 [ 252.795396][ T6006] ? __pfx_hub_event+0x10/0x10 [ 252.795445][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 252.795487][ T6006] ? __ioread64_hi_lo+0x70/0xb0 [ 252.795531][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 252.795575][ T6006] ? __pfx_debug_object_deactivate+0x10/0x10 [ 252.795612][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 252.795653][ T6006] ? trace_sched_exit_tp+0xd1/0x120 [ 252.795692][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 252.795733][ T6006] ? rcu_is_watching+0x12/0xc0 [ 252.795776][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 252.795816][ T6006] ? lock_acquire+0x2cd/0x350 [ 252.795869][ T6006] ? rcu_is_watching+0x12/0xc0 [ 252.795912][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 252.795953][ T6006] ? rcu_is_watching+0x12/0xc0 [ 252.795999][ T6006] process_one_work+0x9cf/0x1b70 [ 252.796047][ T6006] ? __pfx_nsim_dev_hwstats_traffic_work+0x10/0x10 [ 252.796097][ T6006] ? __pfx_process_one_work+0x10/0x10 [ 252.796135][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 252.796182][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 252.796224][ T6006] ? assign_work+0x1a0/0x250 [ 252.796258][ T6006] worker_thread+0x6c8/0xf10 [ 252.796305][ T6006] ? __pfx_worker_thread+0x10/0x10 [ 252.796342][ T6006] kthread+0x3c5/0x780 [ 252.796375][ T6006] ? __pfx_kthread+0x10/0x10 [ 252.796405][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 252.796447][ T6006] ? rcu_is_watching+0x12/0xc0 [ 252.796489][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 252.796531][ T6006] ? rcu_is_watching+0x12/0xc0 [ 252.796573][ T6006] ? __pfx_kthread+0x10/0x10 [ 252.796607][ T6006] ret_from_fork+0x5d7/0x6f0 [ 252.796638][ T6006] ? __pfx_kthread+0x10/0x10 [ 252.796671][ T6006] ret_from_fork_asm+0x1a/0x30 [ 252.796725][ T6006] [ 252.796736][ T6006] [ 253.162874][ T6006] Allocated by task 6006: [ 253.167195][ T6006] kasan_save_stack+0x33/0x60 [ 253.171894][ T6006] kasan_save_track+0x14/0x30 [ 253.176594][ T6006] __kasan_kmalloc+0xaa/0xb0 [ 253.181209][ T6006] hdm_probe+0x10c5/0x19a0 [ 253.185647][ T6006] usb_probe_interface+0x303/0xa40 [ 253.190768][ T6006] really_probe+0x241/0xa90 [ 253.195291][ T6006] __driver_probe_device+0x1de/0x440 [ 253.200601][ T6006] driver_probe_device+0x4c/0x1b0 [ 253.205731][ T6006] __device_attach_driver+0x1df/0x310 [ 253.211127][ T6006] bus_for_each_drv+0x159/0x1e0 [ 253.215988][ T6006] __device_attach+0x1e4/0x4b0 [ 253.220794][ T6006] bus_probe_device+0x17f/0x1c0 [ 253.225655][ T6006] device_add+0x1148/0x1aa0 [ 253.230180][ T6006] usb_set_configuration+0x1187/0x1e20 [ 253.235660][ T6006] usb_generic_driver_probe+0xb1/0x110 [ 253.241131][ T6006] usb_probe_device+0xef/0x3e0 [ 253.245917][ T6006] really_probe+0x241/0xa90 [ 253.250431][ T6006] __driver_probe_device+0x1de/0x440 [ 253.255732][ T6006] driver_probe_device+0x4c/0x1b0 [ 253.260769][ T6006] __device_attach_driver+0x1df/0x310 [ 253.266157][ T6006] bus_for_each_drv+0x159/0x1e0 [ 253.271011][ T6006] __device_attach+0x1e4/0x4b0 [ 253.275796][ T6006] bus_probe_device+0x17f/0x1c0 [ 253.280652][ T6006] device_add+0x1148/0x1aa0 [ 253.285180][ T6006] usb_new_device+0xd07/0x1a60 [ 253.289965][ T6006] hub_event+0x2f34/0x4fe0 [ 253.294406][ T6006] process_one_work+0x9cf/0x1b70 [ 253.299348][ T6006] worker_thread+0x6c8/0xf10 [ 253.303943][ T6006] kthread+0x3c5/0x780 [ 253.308013][ T6006] ret_from_fork+0x5d7/0x6f0 [ 253.312609][ T6006] ret_from_fork_asm+0x1a/0x30 [ 253.317384][ T6006] [ 253.319693][ T6006] Freed by task 6006: [ 253.323659][ T6006] kasan_save_stack+0x33/0x60 [ 253.328357][ T6006] kasan_save_track+0x14/0x30 [ 253.333132][ T6006] kasan_save_free_info+0x3b/0x60 [ 253.338169][ T6006] __kasan_slab_free+0x60/0x70 [ 253.342954][ T6006] kfree+0x2b4/0x4d0 [ 253.346860][ T6006] device_release+0xa4/0x240 [ 253.351452][ T6006] kobject_put+0x1e7/0x5a0 [ 253.355885][ T6006] device_unregister+0x2f/0xc0 [ 253.360668][ T6006] hdm_disconnect+0xfa/0x250 [ 253.365268][ T6006] usb_unbind_interface+0x1dd/0x9e0 [ 253.370466][ T6006] device_remove+0x125/0x170 [ 253.375068][ T6006] device_release_driver_internal+0x44b/0x620 [ 253.381159][ T6006] bus_remove_device+0x22f/0x420 [ 253.386107][ T6006] device_del+0x396/0x9f0 [ 253.390450][ T6006] usb_disable_device+0x355/0x7d0 [ 253.395493][ T6006] usb_disconnect+0x2e1/0x9c0 [ 253.400187][ T6006] hub_event+0x1c81/0x4fe0 [ 253.404622][ T6006] process_one_work+0x9cf/0x1b70 [ 253.409564][ T6006] worker_thread+0x6c8/0xf10 [ 253.414162][ T6006] kthread+0x3c5/0x780 [ 253.418236][ T6006] ret_from_fork+0x5d7/0x6f0 [ 253.422829][ T6006] ret_from_fork_asm+0x1a/0x30 [ 253.427615][ T6006] [ 253.429940][ T6006] The buggy address belongs to the object at ffff888052430000 [ 253.429940][ T6006] which belongs to the cache kmalloc-2k of size 2048 [ 253.444011][ T6006] The buggy address is located 56 bytes inside of [ 253.444011][ T6006] freed 2048-byte region [ffff888052430000, ffff888052430800) [ 253.457818][ T6006] [ 253.460136][ T6006] The buggy address belongs to the physical page: [ 253.466555][ T6006] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x52430 [ 253.475314][ T6006] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 253.483812][ T6006] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 253.491357][ T6006] page_type: f5(slab) [ 253.495339][ T6006] raw: 00fff00000000040 ffff88801b842000 dead000000000100 dead000000000122 [ 253.503925][ T6006] raw: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000 [ 253.512511][ T6006] head: 00fff00000000040 ffff88801b842000 dead000000000100 dead000000000122 [ 253.521187][ T6006] head: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000 [ 253.529874][ T6006] head: 00fff00000000003 ffffea0001490c01 00000000ffffffff 00000000ffffffff [ 253.538564][ T6006] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 253.547408][ T6006] page dumped because: kasan: bad access detected [ 253.553819][ T6006] page_owner tracks the page as allocated [ 253.559522][ T6006] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5958, tgid 5958 (kworker/1:7), ts 93854168886, free_ts 33007286435 [ 253.580822][ T6006] post_alloc_hook+0x1c0/0x230 [ 253.585615][ T6006] get_page_from_freelist+0x132b/0x38e0 [ 253.591186][ T6006] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 253.597111][ T6006] alloc_pages_mpol+0x1fb/0x550 [ 253.601963][ T6006] new_slab+0x247/0x330 [ 253.606223][ T6006] ___slab_alloc+0xcf2/0x1740 [ 253.610953][ T6006] __slab_alloc.constprop.0+0x56/0xb0 [ 253.617473][ T6006] __kmalloc_node_track_caller_noprof+0x2ee/0x510 [ 253.624099][ T6006] kmalloc_reserve+0xef/0x2c0 [ 253.628803][ T6006] __alloc_skb+0x166/0x380 [ 253.633230][ T6006] mld_newpack.isra.0+0x18e/0xa20 [ 253.638294][ T6006] add_grhead+0x299/0x340 [ 253.642639][ T6006] add_grec+0x11b5/0x1720 [ 253.646991][ T6006] mld_send_initial_cr+0x151/0x320 [ 253.652128][ T6006] mld_dad_work+0x32/0x1f0 [ 253.656592][ T6006] process_one_work+0x9cf/0x1b70 [ 253.661536][ T6006] page last free pid 1 tgid 1 stack trace: [ 253.667354][ T6006] __free_frozen_pages+0x7d5/0x10f0 [ 253.672566][ T6006] free_contig_range+0x183/0x4b0 [ 253.677526][ T6006] destroy_args+0x7f6/0xa60 [ 253.682063][ T6006] debug_vm_pgtable+0x1a32/0x3640 [ 253.687108][ T6006] do_one_initcall+0x123/0x6e0 [ 253.691885][ T6006] kernel_init_freeable+0x5c2/0x910 [ 253.697109][ T6006] kernel_init+0x1c/0x2b0 [ 253.701442][ T6006] ret_from_fork+0x5d7/0x6f0 [ 253.706036][ T6006] ret_from_fork_asm+0x1a/0x30 [ 253.710814][ T6006] [ 253.713126][ T6006] Memory state around the buggy address: [ 253.718745][ T6006] ffff88805242ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 253.726807][ T6006] ffff88805242ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 253.734875][ T6006] >ffff888052430000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 253.742932][ T6006] ^ [ 253.748817][ T6006] ffff888052430080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 253.756876][ T6006] ffff888052430100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 253.764928][ T6006] ================================================================== [ 253.792180][ T6006] Kernel panic - not syncing: kasan.fault=panic_on_write set ... [ 253.800057][ T6006] CPU: 0 UID: 0 PID: 6006 Comm: kworker/0:7 Tainted: G B 6.17.0-rc1-syzkaller-00199-gdfd4b508c8c6 #0 PREEMPT(full) [ 253.813724][ T6006] Tainted: [B]=BAD_PAGE [ 253.817873][ T6006] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 253.827938][ T6006] Workqueue: usb_hub_wq hub_event [ 253.833182][ T6006] Call Trace: [ 253.836455][ T6006] [ 253.839381][ T6006] dump_stack_lvl+0x3d/0x1f0 [ 253.844006][ T6006] vpanic+0x6e8/0x7a0 [ 253.848022][ T6006] ? __pfx_vpanic+0x10/0x10 [ 253.852563][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 253.858211][ T6006] ? rcu_is_watching+0x12/0xc0 [ 253.862996][ T6006] ? kobject_put+0x84/0x5a0 [ 253.867527][ T6006] panic+0xca/0xd0 [ 253.871276][ T6006] ? __pfx_panic+0x10/0x10 [ 253.875718][ T6006] ? kobject_put+0x84/0x5a0 [ 253.880245][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 253.885894][ T6006] ? preempt_schedule_thunk+0x16/0x30 [ 253.891297][ T6006] end_report+0x159/0x170 [ 253.895685][ T6006] kasan_report+0xee/0x110 [ 253.900107][ T6006] ? kobject_put+0x84/0x5a0 [ 253.904639][ T6006] kasan_check_range+0x100/0x1b0 [ 253.909592][ T6006] kobject_put+0x84/0x5a0 [ 253.913945][ T6006] put_device+0x1f/0x30 [ 253.918105][ T6006] hdm_disconnect+0x1e2/0x250 [ 253.922804][ T6006] usb_unbind_interface+0x1dd/0x9e0 [ 253.928017][ T6006] ? kernfs_remove_by_name_ns+0xbe/0x110 [ 253.933693][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 253.939371][ T6006] ? __pfx_usb_unbind_interface+0x10/0x10 [ 253.945119][ T6006] device_remove+0x125/0x170 [ 253.949740][ T6006] device_release_driver_internal+0x44b/0x620 [ 253.956009][ T6006] ? __entry_text_end+0x1020b5/0x1020b9 [ 253.961574][ T6006] bus_remove_device+0x22f/0x420 [ 253.966530][ T6006] device_del+0x396/0x9f0 [ 253.970884][ T6006] ? __pfx_device_del+0x10/0x10 [ 253.975755][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 253.981410][ T6006] ? kobject_put+0x210/0x5a0 [ 253.986022][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 253.991676][ T6006] usb_disable_device+0x355/0x7d0 [ 253.996730][ T6006] usb_disconnect+0x2e1/0x9c0 [ 254.001434][ T6006] hub_event+0x1c81/0x4fe0 [ 254.005889][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 254.011534][ T6006] ? lock_release+0x201/0x2f0 [ 254.016234][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 254.021883][ T6006] ? do_raw_spin_unlock+0x172/0x230 [ 254.027094][ T6006] ? __pfx_hub_event+0x10/0x10 [ 254.031882][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 254.037542][ T6006] ? __ioread64_hi_lo+0x70/0xb0 [ 254.042418][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 254.048067][ T6006] ? __pfx_debug_object_deactivate+0x10/0x10 [ 254.054062][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 254.059709][ T6006] ? trace_sched_exit_tp+0xd1/0x120 [ 254.064928][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 254.070571][ T6006] ? rcu_is_watching+0x12/0xc0 [ 254.075437][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 254.081256][ T6006] ? lock_acquire+0x2cd/0x350 [ 254.085984][ T6006] ? rcu_is_watching+0x12/0xc0 [ 254.090769][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 254.096415][ T6006] ? rcu_is_watching+0x12/0xc0 [ 254.101197][ T6006] process_one_work+0x9cf/0x1b70 [ 254.106154][ T6006] ? __pfx_nsim_dev_hwstats_traffic_work+0x10/0x10 [ 254.112676][ T6006] ? __pfx_process_one_work+0x10/0x10 [ 254.118063][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 254.123716][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 254.129364][ T6006] ? assign_work+0x1a0/0x250 [ 254.133963][ T6006] worker_thread+0x6c8/0xf10 [ 254.138574][ T6006] ? __pfx_worker_thread+0x10/0x10 [ 254.143698][ T6006] kthread+0x3c5/0x780 [ 254.147790][ T6006] ? __pfx_kthread+0x10/0x10 [ 254.152386][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 254.158207][ T6006] ? rcu_is_watching+0x12/0xc0 [ 254.162985][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5 [ 254.168635][ T6006] ? rcu_is_watching+0x12/0xc0 [ 254.173413][ T6006] ? __pfx_kthread+0x10/0x10 [ 254.178010][ T6006] ret_from_fork+0x5d7/0x6f0 [ 254.182608][ T6006] ? __pfx_kthread+0x10/0x10 [ 254.187206][ T6006] ret_from_fork_asm+0x1a/0x30 [ 254.191996][ T6006] [ 254.195229][ T6006] Kernel Offset: disabled [ 254.199547][ T6006] Rebooting in 86400 seconds..